InfoSec LAB

Mirai_SSH

Created: 2 min read

SSH

Nmap initially detected a SSH server running on the target port 22 There was nothing to be done as I did not have a valid credential

I have discovered that the web server is running the Pi-Hole web GUI , which is designed to block ads on the network level.

the target system is debian, which is unlikely matching and strange, given the fact that pi-hole is almost always installed on to raspberry pi os.

raspberry pi os also comes with a default credential; pi:raspberry. It did not work on the login page, but I have not tried it on SSH

So I will try that.

┌──(kali㉿kali)-[~/archive/htb/labs/mirai]
└─$ sshpass -p 'raspberry' ssh pi@$IP
 
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
last login: Tue Jan 31 13:34:03 2023 from 10.10.14.11
 
SSH is enabled and the default password for the 'pi' user has not been changed.
This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.
 
 
SSH is enabled and the default password for the 'pi' user has not been changed.
This is a security risk - please login as the 'pi' user and type 'passwd' to set a new password.
 
pi@raspberrypi:~ $ whoami
pi
pi@raspberrypi:~ $ hostname
raspberrypi
pi@raspberrypi:~ $ ifconfig
eth0      link encap:Ethernet  HWaddr 00:50:56:b9:24:f9  
          inet addr:10.10.10.48  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::2b9d:e6d8:6a08:2947/64 Scope:Link
          inet6 addr: fe80::250:56ff:feb9:24f9/64 Scope:Link
          inet6 addr: dead:beef::dfd3:b9c8:5094:83ac/64 Scope:Global
          up broadcast running multicast  mtu:1500  Metric:1
          rx packets:2332913 errors:519 dropped:2042 overruns:0 frame:0
          tx packets:2327644 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          rx bytes:388281980 (370.2 MiB)  TX bytes:733629013 (699.6 MiB)
          interrupt:19 Base address:0x2000 
 
lo        link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          up loopback running  mtu:65536  Metric:1
          rx packets:41265 errors:0 dropped:0 overruns:0 frame:0
          tx packets:41265 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          rx bytes:11564412 (11.0 MiB)  TX bytes:11564412 (11.0 MiB)

Wow. What a surprise.

Initial Foothold established to the target system as pi via SSH

Interactive Graph View

Backlinks