Help with Mirai

@punish3r said:

@5am said:
answer 2 questions:

  1. pi-hole installed on … platform
  2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
  3. see opened ports

add 1 + 2 + 3

tip: getting pi-hole admin password for web interface - wrong path

Done all that…

Got 4 open ports… SSH, DNS,HTTP, UPNP…
I even managed to get to the admin page of pi-hole interface once but then it blocked my access…

dont use pi-hole web inferface (web interface is wrong path), use other other interface as port for manage

u can manage with using upnp ? maybe dns ? maybe other ?

@DBrojangles said:
If you can figure out the OS/device, you’ll know how to move forward

From the UPNP port, it says that its a mobile phone device…

But from the pi-hole admin panel device is a raspberry pi

@5am said:

@punish3r said:

@5am said:
answer 2 questions:

  1. pi-hole installed on … platform
  2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
  3. see opened ports

add 1 + 2 + 3

tip: getting pi-hole admin password for web interface - wrong path

Done all that…

Got 4 open ports… SSH, DNS,HTTP, UPNP…
I even managed to get to the admin page of pi-hole interface once but then it blocked my access…

dont use pi-hole web inferface (web interface is wrong path), use other other interface as port for manage

u can manage with using upnp ? maybe dns ? maybe other ?

Any help with that…??

answer the question: how can you connect to the pi device for configuration ?

using SSH…

@punish3r said:
using SSH…

So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH…

Right…??

Nobody said that. What was that mirai list made up of? What is the logic behind how Mirai spreads? Can you apply that same logic here?

@punish3r said:
So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH…

Right…??
you are close. try :slight_smile:

@3mrgnc3 said:
Nobody said that. What was that mirai list made up of? What is the logic behind how Mirai spreads? Can you apply that same logic here?

That list was made of 60 default usernames and passwords used by devices.
Mirai scanned the IOT devices find open ports adn try to bruteforce them using the pre caluclated table of usernames and passwords.

@5am said:

@punish3r said:
So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH…

Right…??
you are close. try :slight_smile:

I have tried to bruteforce but its not working…

You don’t need to brute force. Just google it

How did Mirai spread? What was in that list it used?

@3mrgnc3 said:
You don’t need to brute force. Just google it

@3mrgnc3 said:
You don’t need to brute force. Just google it

Google what…?

@3mrgnc3 said:
How did Mirai spread? What was in that list it used?

Usernames and passwords…

@punish3r said:

@3mrgnc3 said:
How did Mirai spread? What was in that list it used?

Usernames and passwords…

Default usernames and password of devices

what you use to logon… the way Mirai would… if it was in its list…

Buddy, you must be way overthinking this or just tired. :wink:

Correct me if i am wrong…!!

The mirai had a computed list of devices with their default usernames and passwords, whenever it scanned a new device it will try to login using the default credentials.

dont use list, use dafault for platform hardware

@5am said:
dont use list, use dafault for platform hardware

Thanks man…

But didnt the mirai list also has the default credentials for devices…??