HTB Mirai

Run a nmap scan to find for open ports.

Scanning all the ports.

Webserver does not show anything.

Run a gobuster scan to find for other directories.

Head to the admin page. Seens like a Pi-hole interface.

Search for default credentials.

Default credentials does not work for this interface.

Let’s try logging in via SSH.

Able to gain access via default credentionals.
Able to use sudo everywhere.

First flag is found.

Switch user to root and cat the root.txt file.

Use the df command to find for all devices on the box

Check out the usbstick folder and a clue is given.

Use the strings command to find the flag.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s