HackTheBox Mirai - Raspberry Pi Pentesting

HackerSploit · Intermediate ·🔐 Cybersecurity ·4y ago

Key Takeaways

The video demonstrates penetration testing on a Raspberry Pi running Pi-hole using techniques from the HackTheBox platform, specifically the retired box 'Mirai'. The video covers intermediate-level cybersecurity concepts and tools such as HackTheBox, Raspberry Pi, and Pi-hole.

Full Transcript

[Music] hey guys hackersploit here back again with another video in this video we're going to be taking a look at a little bit of an interesting topic and that of course is essentially penetration testing on a raspberry pi right and of course i'm going to be using hack the box to facilitate this because in my opinion the box mirai is probably the best way or you know example that i can use to demonstrate this and why performing enumeration is very very important now the name of this box is you know fairly interesting because it's called mirai now if you're not familiar with um you know cyber security breaches and attacks over the last five to ten years you probably wouldn't know what mira is now in the context of cyber security mirai uh is essentially in reference to a botnet attack called mirai that targeted internet of things devices and the way it did this was of course you know finding out uh ips or enumerating ips um and there's multiple ways you can do this i've explored the process of using shodan i'll probably make a follow-up video that will actually highlight this in the future uh but what happens is uh the the creators of the botnet actually you know found or discovered all of these raspberry pi's on the internet that could be accessed remotely and then of course try to authenticate to them using the default credentials and in some cases it was successful and in some cases it wasn't right so this particular box is based on that on that attack uh to a certain extent and that's why i'm going to be covering it so you can see that i've just spawned it and we'll just copy the ip here and again i'll just paste that in there let's see whether we have anything running in the web server we get a blank page so i've already performed an nmap scan and you can see if i just cut out the contents of the scan here the ip is going to be different because i ran this before the the results of the scanner displayed here and you can take a look at my scan options there by the way i will be making a video that covers the process of utilizing rust scan because a lot of you guys have actually been requesting for that so i'll actually make a video on that but you can see you have um you have ssh running so that's running open sh 6.7 p1 and it's on debian so no ubuntu this time and of course you have port 22. that's standard you also have dns which is probably why let me just close that up is probably why we're getting this blank page here because we have to add this ip to our hosts and add the domain which i'm guessing is going to be mirai dot hack the box and we have a web server we also have a plex media server uh and universal plug-and-play um interface running on port one eight eight four right and um yeah and in addition to that you also have that running on port three two four six nine so there's a lot of ports here and again if you have an idea of what's running on the target you can pretty much you know uh tailor your approach in regards to gaining initial access and i'll show you that right now so the first thing i'm going to do is i'm going to say i'm just going to edit my hosts file here so vim and we'll edit the host file and i'll just add that here so uh let me just add the ip here which i believe i copied and it will say mirai dot hack the box right and write and quit and if we now open that up if i say http uh not https because we don't have port 443 running so mirai dot hack the box if i can type that in there we are so it's going to tell us website is blocked access to the following website has been blocked if you have an ongoing use for the website make sure i please ask the owner of the pie hole in your network all right so there's the first clue so pihole is a um essentially an open source uh piece of software that is used on a raspberry pi to block ads on your network so you plug it in on your network and it acts as sort of like a proxy and essentially blocks all ads on your network for all the devices on your network right and again if we just display the source here we just get a you know basic source in regards to the data that's being output here we also get the version of pi hole right so we we have a pretty good idea of what might be running um in regards to the operating system of this target and the device itself because that's very important so let's perform some directory brute forcing on this particular on this particular web server right so i'm just going to again head over into my terminal here and we'll just minimize that slightly and i'll zoom in here so we'll use go buster right and we'll say directory brute force and i'm just going to say the url is going to be the following right and i then say i can paste in the ip there primarily because go buster will resolve it to its uh domain but we'll actually test and see where that works out so word list will use uh we'll use set lists this time and we'll head over into discovery web content and we'll use the big word list here and i can change the threads to maybe something like 20 to speed it up so i'm just going to hit enter and let's see what we're able to enumerate from go buster so i'm just going to let this complete all right so uh i just received our first result here and that is the admin directory so let's try and see what that brings up here so admin there we are hit enter give that a few seconds it's probably taking uh time because we are running a brute force on this so i'm just going to let that continue all right so the web page has loaded and it looks like it's the pi hole administrator the administrator panel here or rather the interface the web interface for pi hold which essentially allows you to authenticate and provides you with status for your raspberry pi right because that's the typical deployment of this uh of this piece of software and at the bottom you can see you have the buy all version which is 3.1.4 and then the web interface version and the fdl version right and we're not authenticated by default so if i log in it's going to ask us for our password right and again we can try and uh locate the default credentials however we can also you know try and identify whether we have any vulnerabilities for piohol so i'm just going to use i'm just going to perform a search split search so and i've cleared up that there so search split and i'll just paste that in there let me just extend this here so you guys can see what's going on and you can see for piehole versions lower than 4.4 we have an authenticated remote code execution script it's a python script here and i believe that that requires authentication right because it says authenticated remote code execution there that's fairly standard we don't have the password so i'm just going to paste and go here and let's see whether we can identify any information pertaining to this particular exploit and how it works so you can see it's a python script here and it provides you the test the test information and how it works right so it looks like right from the get go you'll need to provide let's see whether yeah we need to provide a password um the local ip and it looks like it provides you with a shell through the use of python now we pretty much uh you know can at this point deduce that the the target system is a raspberry pi and if we take a look at the nmap results here let me just close this out here you can see that it's running ssh so why don't we try and identify some default credentials for the raspberry pi right so i'm going to say search for raspberry pi and default default credentials right and there we are we can see the default raspbian login credentials so those are the operating system user credentials so this pro this will probably work via ssh so the username is pi and the password is raspberry so let's try that out and i'm just going to say right over here ssh pi and we get the ip here i believe i have it copied but i'll copy it again there we are and we hit enter looks like that is working and then we type in the password which again let me just make sure i'm getting it correct here is raspberry we hit enter and we get uh initial access right so that's really the power of um of performing enumeration and having another understanding of what the target is running and how the target is being used in regards to its deployment use case so in this case we can you know pretty much tell that the raspberry pi has been set up on a network to block ads right and from that we can deduce that the operating system that's typically used on a raspberry pi is raspbian and we got the default credentials so that we can log in via ssh and in in we go right so the first thing we are going to need to do is of course enumerate our current privileges you can see right now we're locked in as the user pi right and nothing else provides us you know with any additional information there you can see we're logged in as pi and if i list out the contents of my current working directory or the home directory for the pi user you can see if i let's head over to our desktop we get the user flag so there we are cat user dot txt and we get it there right if we list out the current users on the system we can see that we have the pi um the pi user we also have the pi hall user which is interesting which we can't actually log into that's a service account and we have a root account so uh again no other user accounts that we can detect here just the use of pi as well as the plex media server which is interesting and of course we've not touched upon that but if you have gone through this box that can be uh construed as a rabbit hole if you will because you most likely target the plex server the plex media server all right cool so um if i enumerate the kernel version here you can see linux raspberry pi kernel versions six eight 3.16.0468 p a e right and uh cat at c release this should be running debian in this case it is running debian and debian8 at that all right cool so again if we try and access the roots directory you can see permission denied right but let's try and identify our current privileges and whether we can actually do things that we aren't supposed to do so we can do this using an automated script like line-enum or lin-piece to identify whether we can run certain binaries as as the administrator or as the root user whether we have any new password flag set for any particular scripts or binary similar to the other boxes that we've taken a look at but for example if i run sudo and you know i just say sudo l you can see that this will display out the the current permissions for this user right so the user pi can actually run all commands without providing a password so they can this user can run all system commands including the commands limited to administrators and can run them without providing a password or providing the root password so again if we what we can do is we can actually say sudo password and change the password for the root user and i'll just specify a new password for the root user and let me just make sure i'm typing that correctly there we are password are updated successfully so if i say switch user if i want to switch my user into the root user i provide the password that i just created or set up and we have root access there we are we're currently the root user so let's head over into the root uh directory and if we list the contents in here we have the root flag let's cut that out oh looks like we have an interesting message here so it says i lost my original root.txt i think i may have a backup on my usb stick alright so that's all that also ties into the use case off a raspberry pi in that we saw that the target was also running a plex media server and you can of course have your videos movies and multimedia data stored in another location on your network but you what you can do is also attach a usb stick or a usb hard drive an external hard drive to your raspberry pi and then you set up likes to share the videos uh or serve the videos on the hard drive through plex right right so we can list out the current um devices or the attached storage devices on the target by using um lsblk and saying grep sds or storage devices in this case you can see you have sda right which is your main disk it's only 10 gigs and then you have sda1 these are the two partitions and you have sdb which again is the name is usb stick so if we head over to cd uh if i say cd media usb stick and i'll list out the contents there you can see we have dammit.txt so let me cut that out it's going to tell you damn it sorry man i accidentally deleted your files off the usb stick do you know if there is any way to get them back and that's by james our kind of james well if we take a close look at the directories within the usb stick we have a lost and found directory which is uh sort of an acronym or rather another word or rather two words for the recycle um for the recycle bin so if we head over into lost and found uh that doesn't display anything right so what if we try and list out the strings within this particular directory so we can say uh strings and dev sdb because that's the storage device b we hit enter and it looks like we get the flag here right and of course that's different from the user flag that we cut it out earlier let me just compare that yes it is different and we get both the flags right and yep that's pretty much it so this was a very interesting box one that i really enjoyed when i did it uh initially because it wasn't structured in the traditional sense and you know it wasn't it has a few ctf like um you know configurations like for example uh the flags here uh but the initial access uh you know vector was uh really really uh accurate in the sense that you know raspberry pi's that people buy and set up out there for whatever reason in most cases will have default credentials and you know gaining access in this case we were able to elevate our privileges because our user could run any command which is not really accurate but we we could have found another way of actually elevating our privileges irregardless of whether the user we logged in at uh had any special privileges in regards to the commands or binaries that they could execute however in this case it was fairly straightforward as i said the initial the initial section that involved enumeration for this box uh you know could send you down various rabbit holes like for example the plex media server which has a few vulnerabilities but i wasn't successful in gaining access that way i did or i was able to use the remote code authentication python script once i gained access to the target system and checked out the configuration file for the default for the credentials to log into the pi hole web interface and then i used that with the authenticated cookie and i was able to get remote code you know authenticated rce on the target system but of course that's after the fact um that being said that's going to be it for this video let me know what you guys think if you have any other content ideas or suggestions leave them in the comment section if you want to reach me personally you can you can contact me via twitter or via our discord server the link is in the description section we have fantastic discussions regarding you know various topics pertaining to penetration testing red teaming blue teaming malware analysis reverse engineering etc etc and yeah feel free to join in and we always welcome to have you there and i'm always available to answer your questions that being said that's going to be it for this video and i'll be seeing you in the next video a huge thank you to all of our patreons uh your support is greatly appreciated and this is a formal thank you so thank you shamir douglas ryan carr sandor michael busby sits up doozy defean bari dustin umpres and michael hubbard your support is greatly appreciated and you keep us making even more high quality content for you guys so thank you [Music] you

Original Description

In this video, we will be taking a look at how to perform a penetration test on a Raspberry Pi running Pi-hole. The techniques demonstrated in this video were performed on the retired box "Mirai" on the HackTheBox platform. ----------------------------------------------------------------------------------- BLOG ►► https://bit.ly/3qjvSjK FORUM ►► https://bit.ly/39r2kcY ACADEMY ►► https://bit.ly/39CuORr ----------------------------------------------------------------------------------- TWITTER ►► https://bit.ly/3sNKXfq DISCORD ►► https://bit.ly/3hkIDsK INSTAGRAM ►► https://bit.ly/3sP1Syh LINKEDIN ►► https://bit.ly/360qwlN PATREON ►► https://bit.ly/365iDLK MERCHANDISE ►► https://bit.ly/3c2jDEn ----------------------------------------------------------------------------------- CYBERTALK PODCAST ►► https://open.spotify.com/show/6j0RhRiofxkt39AskIpwP7 ----------------------------------------------------------------------------------- We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms. ----------------------------------------------------------------------------------- Thanks for watching! Благодарю за просмотр! Kiitos katsomisesta Danke fürs Zuschauen! 感谢您观看 Merci d'avoir regardé Obrigado por assistir دیکھنے کے لیے شکریہ देखने के लिए धन्यवाद Grazie per la visione Gracias por ver شكرا للمشاهدة ----------------------------------------------------------------------------------- #HTB#Pentesting
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from HackerSploit · HackerSploit · 0 of 60

← Previous Next →
1 How To Install Kali Linux 2.0 On Virtual Box
How To Install Kali Linux 2.0 On Virtual Box
HackerSploit
2 100 Subscriber Q&A! - How I Learned Ethical Hacking
100 Subscriber Q&A! - How I Learned Ethical Hacking
HackerSploit
3 BlackArch Linux Review - Better Than Kali Linux?
BlackArch Linux Review - Better Than Kali Linux?
HackerSploit
4 How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
How to Access the Deep Web Safely | Deep Web Starter Guide 1.0
HackerSploit
5 Wireshark Tutorial for Beginners - Installation
Wireshark Tutorial for Beginners - Installation
HackerSploit
6 Wireshark Tutorial for Beginners - Overview of the environment
Wireshark Tutorial for Beginners - Overview of the environment
HackerSploit
7 Wireshark Tutorial for Beginners - Capture options
Wireshark Tutorial for Beginners - Capture options
HackerSploit
8 Wireshark Tutorial for Beginners - Filters
Wireshark Tutorial for Beginners - Filters
HackerSploit
9 Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
Complete Ethical Hacking Course - Become a Hacker Today - #1 Hacking Terminology
HackerSploit
10 Complete Ethical Hacking Course #2 - Installing Kali Linux
Complete Ethical Hacking Course #2 - Installing Kali Linux
HackerSploit
11 Parrot OS 3.5 Review | The Best Kali Linux Alternative
Parrot OS 3.5 Review | The Best Kali Linux Alternative
HackerSploit
12 Nmap Tutorial For Beginners - 1 - What is Nmap?
Nmap Tutorial For Beginners - 1 - What is Nmap?
HackerSploit
13 Katoolin | How To Install Pentesting Tools On Any Linux Distro
Katoolin | How To Install Pentesting Tools On Any Linux Distro
HackerSploit
14 Nmap Tutorial For Beginners - 2 - Advanced Scanning
Nmap Tutorial For Beginners - 2 - Advanced Scanning
HackerSploit
15 Nmap Tutorial For Beginners - 3 - Aggressive Scanning
Nmap Tutorial For Beginners - 3 - Aggressive Scanning
HackerSploit
16 Zenmap Tutorial For Beginners
Zenmap Tutorial For Beginners
HackerSploit
17 How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
How To Setup Proxychains In Kali Linux - #1 - Stay Anonymous
HackerSploit
18 How To Setup Proxychains In Kali Linux - #2 - Change Your IP
How To Setup Proxychains In Kali Linux - #2 - Change Your IP
HackerSploit
19 How To Change Mac Address In Kali Linux | Macchanger
How To Change Mac Address In Kali Linux | Macchanger
HackerSploit
20 How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
How To Setup And Use anonsurf On Kali Linux | Stay Anonymous
HackerSploit
21 Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
Ubuntu 17.04 "Zesty Zapus" Review - Bye Unity
HackerSploit
22 VPN And DNS For Beginners | Kali Linux
VPN And DNS For Beginners | Kali Linux
HackerSploit
23 Tails OS Installation And Review - Access The Deep Web/Dark Net
Tails OS Installation And Review - Access The Deep Web/Dark Net
HackerSploit
24 Steganography Tutorial - Hide Messages In Images
Steganography Tutorial - Hide Messages In Images
HackerSploit
25 The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
The Lazy Script - Kali Linux 2017.1 - Automate Penetration Testing!
HackerSploit
26 Best Linux Distributions For Penetration Testing
Best Linux Distributions For Penetration Testing
HackerSploit
27 Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
Netcat Tutorial - The Swiss Army Knife Of Networking - Reverse Shell
HackerSploit
28 Gaining Access - Web Server Hacking - Metasploitable - #1
Gaining Access - Web Server Hacking - Metasploitable - #1
HackerSploit
29 Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
Web Server Hacking - FTP Backdoor Command Execution With Metasploit - #2
HackerSploit
30 How To Install Kali Linux On VMware  - Complete Guide 2018
How To Install Kali Linux On VMware - Complete Guide 2018
HackerSploit
31 Q&A #1 - Best Cyber-security Certifications?
Q&A #1 - Best Cyber-security Certifications?
HackerSploit
32 Terminator - Kali Linux - Multiple Terminals
Terminator - Kali Linux - Multiple Terminals
HackerSploit
33 Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
Shodan Search Engine Tutorial - Access Routers,Servers,Webcams + Install CLI
HackerSploit
34 Q&A #2 - Mr Robot?
Q&A #2 - Mr Robot?
HackerSploit
35 Metasploit Community Web GUI  - Installation And Overview
Metasploit Community Web GUI - Installation And Overview
HackerSploit
36 Linux Expl0rer - Forensics Toolbox - Installation & Configuration
Linux Expl0rer - Forensics Toolbox - Installation & Configuration
HackerSploit
37 QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
QuasarRAT - The Best Windows RAT? - Remote Administration Tool for Windows
HackerSploit
38 Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
Metasploit For Beginners - #1 - The Basics - Modules, Exploits & Payloads
HackerSploit
39 Metasploit For Beginners - #2 - Understanding Metasploit Modules
Metasploit For Beginners - #2 - Understanding Metasploit Modules
HackerSploit
40 Kali Linux Quick Tips - #1 - Adding a non-root user
Kali Linux Quick Tips - #1 - Adding a non-root user
HackerSploit
41 Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
Metasploit For Beginners - #3 - Information Gathering - Auxiliary Scanners
HackerSploit
42 Spectre Meltdown Vulnerability  - How To Check Your System
Spectre Meltdown Vulnerability - How To Check Your System
HackerSploit
43 Metasploit For Beginners - #4 - Basic Exploitation
Metasploit For Beginners - #4 - Basic Exploitation
HackerSploit
44 ARP Spoofing With arpspoof - MITM
ARP Spoofing With arpspoof - MITM
HackerSploit
45 WordPress Vulnerability Scanning With WPScan
WordPress Vulnerability Scanning With WPScan
HackerSploit
46 Generating A PHP Backdoor with weevely
Generating A PHP Backdoor with weevely
HackerSploit
47 Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
Nikto Web Vulnerability Scanner - Web Penetration Testing - #1
HackerSploit
48 How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
How To Install Kali Linux On Windows 10 - Windows Subsystem For Linux
HackerSploit
49 Stacer - System Optimizer And Monitoring Tool For Linux
Stacer - System Optimizer And Monitoring Tool For Linux
HackerSploit
50 Kali Linux 2018.1 - Kernel Updates & Patches
Kali Linux 2018.1 - Kernel Updates & Patches
HackerSploit
51 MITM With Ettercap - ARP Poisoning
MITM With Ettercap - ARP Poisoning
HackerSploit
52 Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords
HackerSploit
53 How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter
HackerSploit
54 Channel Updates - How To Post Questions & Video Suggestions
Channel Updates - How To Post Questions & Video Suggestions
HackerSploit
55 Web App Penetration Testing - #1 - Setting Up Burp Suite
Web App Penetration Testing - #1 - Setting Up Burp Suite
HackerSploit
56 Web App Penetration Testing - #2 - Spidering & DVWA
Web App Penetration Testing - #2 - Spidering & DVWA
HackerSploit
57 Cl0neMast3r - GitHub Repository Cloning Tool
Cl0neMast3r - GitHub Repository Cloning Tool
HackerSploit
58 Kali Linux On Windows 10 Official - WSL - Installation & Configuration
Kali Linux On Windows 10 Official - WSL - Installation & Configuration
HackerSploit
59 DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
DoS/DDoS Protection - How To Enable ICMP, UDP & TCP Flood Filtering
HackerSploit
60 Web App Penetration Testing - #3 - Brute Force With Burp Suite
Web App Penetration Testing - #3 - Brute Force With Burp Suite
HackerSploit

This video teaches viewers how to perform penetration testing on a Raspberry Pi running Pi-hole using the HackTheBox platform. Viewers will learn how to identify vulnerabilities and exploit them to gain access to the system. The video is intended for intermediate-level cybersecurity enthusiasts.

Key Takeaways
  1. Set up a Raspberry Pi with Pi-hole
  2. Use HackTheBox to perform penetration testing
  3. Identify vulnerabilities in the system
  4. Exploit vulnerabilities to gain access
  5. Conduct post-exploitation activities
💡 The video highlights the importance of securing IoT devices such as Raspberry Pi systems, and demonstrates how to use HackTheBox for pentesting training.

Related Reads

Up next
Why AI Coding Agents Are a Hidden Security Risk Nobody Talks About
IMH | AI & Tech
Watch →