Mark Clowes (38M 🇬🇧)
Index - hackthebox.com CTF Mirai
2023-09-27I've had this forgotten in my drafts folder for a long time. This is my solution for the CTF box "Mirai" over at hackthebox.com. It was not a difficult CTF and there are other published solutions available online.
root@kali:~# nmap -v 10.10.10.48
Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-23 14:31 GMT
Initiating Ping Scan at 14:31
Scanning 10.10.10.48 [4 ports]
Completed Ping Scan at 14:31, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:31
Completed Parallel DNS resolution of 1 host. at 14:31, 0.04s elapsed
Initiating SYN Stealth Scan at 14:31
Scanning 10.10.10.48 [1000 ports]
Discovered open port 53/tcp on 10.10.10.48
Discovered open port 80/tcp on 10.10.10.48
Discovered open port 22/tcp on 10.10.10.48
Increasing send delay for 10.10.10.48 from 0 to 5 due to 183 out of 609 dropped probes since last increase.
Completed SYN Stealth Scan at 14:32, 9.24s elapsed (1000 total ports)
Nmap scan report for 10.10.10.48
Host is up (0.041s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 9.48 seconds
Raw packets sent: 1652 (72.664KB) | Rcvd: 1014 (42.312KB)
root@kali:~# curl 10.10.10.48 -v
* Rebuilt URL to: 10.10.10.48/
* Trying 10.10.10.48...
* TCP_NODELAY set
* Connected to 10.10.10.48 (10.10.10.48) port 80 (#0)
> GET / HTTP/1.1
> Host: 10.10.10.48
> User-Agent: curl/7.57.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< X-Pi-hole: A black hole for Internet advertisements.
< Content-type: text/html; charset=UTF-8
< Content-Length: 0
< Date: Sat, 23 Dec 2017 14:36:57 GMT
< Server: lighttpd/1.4.35
/home/pi/Desktop. However the root flag is more convoluted:
root@raspberrypi:~# cat /root/root.txt
I lost my original root.txt! I think I may have a backup on my USB stick...
root@raspberrypi:~# cat /media/usbstick/damnit.txt
Damnit! Sorry man I accidentally deleted your files off the USB stick.
Do you know if there is any way to get them back? root@raspberrypi:~# df -h /dev/sdb
Filesystem Size Used Avail Use% Mounted on
/dev/sdb 8.7M 93K 7.9M 2% /media/usbstick
hexdump /dev/sdb -C | less00800800 2a 00 00 00 2c 00 00 00 2e 00 00 00 85 1a f5 04 |*...,...........|
00800810 02 00 00 00 00 00 00 00 00 00 00 00 f5 04 84 82 |................|
00800820 2b 00 00 00 2d 00 00 00 ce 00 00 00 d6 07 00 05 |+...-...........|
00800830 00 00 01 00 00 00 00 00 00 00 00 00 00 05 d4 03 |................|
00800840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
0080a800 33 64 33 65 34 38 33 31 34 33 66 66 31 32 65 63 |3d3e483143ff12ec|
0080a810 35 30 35 64 30 32 36 66 61 31 33 65 30 32 30 62 |505d026fa13e020b|
0080a820 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
0080a830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
0080ac00 44 61 6d 6e 69 74 21 20 53 6f 72 72 79 20 6d 61 |Damnit! Sorry ma|
0080ac10 6e 20 49 20 61 63 63 69 64 65 6e 74 61 6c 6c 79 |n I accidentally|
0080ac20 20 64 65 6c 65 74 65 64 20 79 6f 75 72 20 66 69 | deleted your fi|
0080ac30 6c 65 73 20 6f 66 66 20 74 68 65 20 55 53 42 20 |les off the USB |
0080ac40 73 74 69 63 6b 2e 0a 44 6f 20 79 6f 75 20 6b 6e |stick..Do you kn|
0080ac50 6f 77 20 69 66 20 74 68 65 72 65 20 69 73 20 61 |ow if there is a|
0080ac60 6e 79 20 77 61 79 20 74 6f 20 67 65 74 20 74 68 |ny way to get th|
0080ac70 65 6d 20 62 61 63 6b 3f 0a 0a 2d 4a 61 6d 65 73 |em back?..-James|
0080ac80 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
0080ac90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*