HackTheBox “Mirai” Walkthrough

Mirai, an easy-level Linux OS machine on HackTheBox, runs on RaspberryPi device and has Pi-Hole application installed. The default username and password for the device are still active via SSH. The user has sudo privileges for all which gave us a root shell.

Let’s get started! 🚀

Recon & Enumeration

Let’s use nmap to full scan for open ports and services:

Visit the target at port 80.

It shows us a blank page, so, the subsequent action involves executing a Dirsearch scan to identify concealed files or directories:

The directory /admin is one of the findings, let’s have a look at it.

And we have the Pi-hole admin dashboard, Let’s click on the Login button on the left sidebar.

The default username for the Pi-hole application is “pi” with the password “raspberry”, but it doesn’t seem to work here.

Exploitation:

Since we know from the nmap scan that SSH is running, Let’s connect to the target.

Privilege Escalation:

Let’s list the privileges we have here with the username pi.

It seems that we have sudo for all with no password.

And we have a root shell.

Cheers.