Mirai

Hey guys,
I made dns association work. I couldnt whitlist domain name , when i tried , it says "Wrong password for domain name not permitted " as response. I couldnt get pass to login admin panel. maybe i am not supposed to work on it. Could someone push me to right direction?

you are overthinking this.

I tried bf on admin panel to get pass but it doesnt work.

What does the admin panel tell you about what you are attacking?

i just wanted to test if i can get password via brute force which can give me access to the box via ssh:) but i didnt get success. I am working on it.

you need to do some basic enumeration first - whats os, what is it running on this host, what settings are default to this platform.

Thank you very much for comments and advice. I did it . as phasmatis said, my mistake was overthinking about this machine. I was supposed to do basic enumeration.

I spent yesterday chipping away at Mirai and finally got it in the end, I had so much fun doing it and learnt loads along the way. I’d be happy to help others if needed. :+1:

congratulate you andrewh.

@yolchuyev Thanks man

hey been enumerating Mirai and haven’t been able use any of my findings. Found os, services etc. Also done research on the actual malware but haven’t been able to make any connections. Any suggestions?

@ma71as said:
hey been enumerating Mirai and haven’t been able use any of my findings. Found os, services etc. Also done research on the actual malware but haven’t been able to make any connections. Any suggestions?

Default :wink:

This was way easy to get in then… I had to scratch my head before the penny dropped for root. Sneaky but good.

@ma71as said:
hey been enumerating Mirai and haven’t been able use any of my findings. Found os, services etc. Also done research on the actual malware but haven’t been able to make any connections. Any suggestions?

Try the front door. It just might be open.

@Allegiance said:

@ma71as said:
hey been enumerating Mirai and haven’t been able use any of my findings. Found os, services etc. Also done research on the actual malware but haven’t been able to make any connections. Any suggestions?

Try the front door. It just might be open.

Got it a while ago, realised I was missing a really obvious thing about the box.