Help with Mirai

any hints on where to start with mirai,, i have done all the scanning and all the reading about mirai and pi-hole.
i think i understand how mirai works and what is pi-hole, but i'm unable to get a clearer picture in mind on how to proceed with all the information i have.

punish3r

Tagged:
«1

Comments

  • answer 2 questions:
    1. pi-hole installed on ... platform
    2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
    3. see opened ports

    add 1 + 2 + 3

    tip: getting pi-hole admin password for web interface - wrong path

  • If you can figure out the OS/device, you'll know how to move forward

  • @5am said:
    answer 2 questions:
    1. pi-hole installed on ... platform
    2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
    3. see opened ports

    add 1 + 2 + 3

    tip: getting pi-hole admin password for web interface - wrong path

    Done all that..

    Got 4 open ports.. SSH, DNS,HTTP, UPNP..
    I even managed to get to the admin page of pi-hole interface once but then it blocked my access..

    punish3r

  • @punish3r said:

    @5am said:
    answer 2 questions:
    1. pi-hole installed on ... platform
    2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
    3. see opened ports

    add 1 + 2 + 3

    tip: getting pi-hole admin password for web interface - wrong path

    Done all that..

    Got 4 open ports.. SSH, DNS,HTTP, UPNP..
    I even managed to get to the admin page of pi-hole interface once but then it blocked my access..

    dont use pi-hole web inferface (web interface is wrong path), use other other interface as port for manage

    u can manage with using upnp ? maybe dns ? maybe other ?

  • @DBrojangles said:
    If you can figure out the OS/device, you'll know how to move forward

    From the UPNP port, it says that its a mobile phone device..

    But from the pi-hole admin panel device is a raspberry pi

    punish3r

  • @5am said:

    @punish3r said:

    @5am said:
    answer 2 questions:
    1. pi-hole installed on ... platform
    2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
    3. see opened ports

    add 1 + 2 + 3

    tip: getting pi-hole admin password for web interface - wrong path

    Done all that..

    Got 4 open ports.. SSH, DNS,HTTP, UPNP..
    I even managed to get to the admin page of pi-hole interface once but then it blocked my access..

    dont use pi-hole web inferface (web interface is wrong path), use other other interface as port for manage

    u can manage with using upnp ? maybe dns ? maybe other ?

    Any help with that..??

    punish3r

  • answer the question: how can you connect to the pi device for configuration ?

  • using SSH..

    punish3r

  • So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH..

    Right..??

    punish3r

  • Nobody said that. What was that mirai list made up of? What is the logic behind how Mirai spreads? Can you apply that same logic here?
  • @punish3r said:
    So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH..

    Right..??

    you are close. try :)

  • @3mrgnc3 said:
    Nobody said that. What was that mirai list made up of? What is the logic behind how Mirai spreads? Can you apply that same logic here?

    That list was made of 60 default usernames and passwords used by devices.
    Mirai scanned the IOT devices find open ports adn try to bruteforce them using the pre caluclated table of usernames and passwords.

    punish3r

  • @5am said:

    @punish3r said:
    So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH..

    Right..??

    you are close. try :)

    I have tried to bruteforce but its not working...

    punish3r

  • You don't need to brute force. Just google it
  • How did Mirai spread? What was in that list it used?
  • @3mrgnc3 said:
    You don't need to brute force. Just google it

    @3mrgnc3 said:
    You don't need to brute force. Just google it

    Google what..?

    punish3r

  • @3mrgnc3 said:
    How did Mirai spread? What was in that list it used?

    Usernames and passwords..

    punish3r

  • @punish3r said:

    @3mrgnc3 said:
    How did Mirai spread? What was in that list it used?

    Usernames and passwords..

    Default usernames and password of devices

    punish3r

  • what you use to logon.... the way Mirai would.... if it was in its list....

    Buddy, you must be way overthinking this or just tired. ;)
  • Correct me if i am wrong...!!

    The mirai had a computed list of devices with their default usernames and passwords, whenever it scanned a new device it will try to login using the default credentials.

    punish3r

  • dont use list, use dafault for platform hardware

  • @5am said:
    dont use list, use dafault for platform hardware

    Thanks man..

    But didnt the mirai list also has the default credentials for devices..??

    punish3r

  • to be honest, you dont even need the mirai list of credentials. simple googling for defaults after you recongnize the device works.

  • @swatcat91 said:
    to be honest, you dont even need the mirai list of credentials. simple googling for defaults after you recongnize the device works.

    Done that..

    Now working on recovering the deleted files.

    Any hint on that.. tried googling but it gives all the third party tools for that

    punish3r

  • @swatcat91 said:
    to be honest, you dont even need the mirai list of credentials. simple googling for defaults after you recongnize the device works.

    and you killed it for everyone :(

    ph3on1x

  • some people are just too lazy to TryHarder and want the answer on a plate.
  • @3mrgnc3 said:
    some people are just too lazy to TryHarder and want the answer on a plate.

    agreed,, but sometimes you need help to get a clearer picture

    punish3r

  • edited January 2018

    @ph3on1x said:

    @swatcat91 said:
    to be honest, you dont even need the mirai list of credentials. simple googling for defaults after you recongnize the device works.

    and you killed it for everyone :(

    sorry abt that. I tried editing/deleting my post but the forums doesn't allow it. will make sure to be more discreet now onwards :(

Sign In to comment.