Mirai — HTB machine Writeup

# Mirai — HTB machine Writeup ###### tags: `pentest log` ## External ### Pre-Scan ```shell= └─$ sudo nmap -Pn -p- --min-rate 10000 -sT 10.10.10.48 Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-24 01:29 CST Completed Connect Scan at 01:31, 104.15s elapsed (65535 total ports) Nmap scan report for 10.10.10.48 Host is up (0.20s latency). Not shown: 35527 filtered tcp ports (no-response), 30004 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 1561/tcp open facilityview └─$ sudo nmap -Pn -sV -A 10.10.10.48 Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-24 01:28 CST Nmap scan report for 10.10.10.48 Host is up (0.48s latency). Not shown: 997 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0) | ssh-hostkey: | 1024 aa:ef:5c:e0:8e:86:97:82:47:ff:4a:e5:40:18:90:c5 (DSA) | 2048 e8:c1:9d:c5:43:ab:fe:61:23:3b:d7:e4:af:9b:74:18 (RSA) | 256 b6:a0:78:38:d0:c8:10:94:8b:44:b2:ea:a0:17:42:2b (ECDSA) |_ 256 4d:68:40:f7:20:c4:e5:52:80:7a:44:38:b8:a2:a7:52 (ED25519) 53/tcp open domain dnsmasq 2.76 | dns-nsid: |_ bind.version: dnsmasq-2.76 80/tcp open http lighttpd 1.4.35 |_http-title: Site doesn't have a title (text/html; charset=UTF-8). |_http-server-header: lighttpd/1.4.35 No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=7.92%E=4%D=12/24%OT=22%CT=1%CU=35665%PV=Y%DS=2%DC=T%G=Y%TM=61C4B1 OS:E5%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=109%TI=Z%CI=I%II=I%TS=8)OP OS:S(O1=M54BST11NW6%O2=M54BST11NW6%O3=M54BNNT11NW6%O4=M54BST11NW6%O5=M54BST OS:11NW6%O6=M54BST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)EC OS:N(R=Y%DF=Y%T=40%W=7210%O=M54BNNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F= OS:AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5( OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z% OS:F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N OS:%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%C OS:D=S) ``` ### Service Enumeration #### dns #### http 1561 ### Vulnerablility Analysis ### Exploit ## Internal