Hack The Box

HackTheBox “Mirai” Walkthrough

Mirai, an easy-level Linux OS machine on HackTheBox, runs on RaspberryPi device and has Pi-Hole application installed. The default username and password for the device are still active via SSH. The user has sudo…

Mirai, an easy-level Linux OS machine on HackTheBox, runs on RaspberryPi device and has Pi-Hole application installed. The default username and password for the device are still active via SSH. The user has sudo privileges for all which gave us a root shell.

HackTheBox “Mirai” Walkthrough, figure 1

Let’s get started! 🚀

Recon & Enumeration

Let’s use nmap to full scan for open ports and services:

HackTheBox “Mirai” Walkthrough, figure 2

Visit the target at port 80.

HackTheBox “Mirai” Walkthrough, figure 3

It shows us a blank page, so, the subsequent action involves executing a Dirsearch scan to identify concealed files or directories:

HackTheBox “Mirai” Walkthrough, figure 4

The directory /admin is one of the findings, let’s have a look at it.

HackTheBox “Mirai” Walkthrough, figure 5

And we have the Pi-hole admin dashboard, Let’s click on the Login button on the left sidebar.

HackTheBox “Mirai” Walkthrough, figure 6

The default username for the Pi-hole application is “pi” with the password “raspberry”, but it doesn’t seem to work here.

Exploitation:

Since we know from the nmap scan that SSH is running, Let’s connect to the target.

HackTheBox “Mirai” Walkthrough, figure 7

Privilege Escalation:

Let’s list the privileges we have here with the username pi.

HackTheBox “Mirai” Walkthrough, figure 8

It seems that we have sudo for all with no password.

HackTheBox “Mirai” Walkthrough, figure 9

And we have a root shell.

Cheers.