Mirai Initial Foothold

Hey Everyone,

I feel like I’m missing something obvious and it’s driving me nuts. I’ve done a full TCP port scan of Mirai and found 7 open TCP ports. Some of these, that commonly are logged into I have attempted to brute force their username / passwords per the way Mirai spreads using the lists Rapid7 includes with metasploit without any luck. I’ve researched various exploits, finding some which were for older versions of the services. The web pages I’ve found either are 401 Unauthorized or weren’t brute forcible. I’m a bit lost and was wondering if anyone could point me in the right direction so that I can research and find the correct path forward.

Hi R4z3r,

Try looking into the name “Mirai”

Will do. Thank you

Got it. I overfixated on the name. The name is a hint but not something to fixate on

I burst out laughing when the penny just dropped how to gain initial access here, 10 seconds later I was root.

I am really stuck, I took a look on Mirai name and didn’t found anything useful, any hint? another words?

@zyaya said:
I am really stuck, I took a look on Mirai name and didn’t found anything useful, any hint? another words?

Enumerate each and everything about your target, LIke system, OS, open ports. do web enumeration. take a look on every port…and try some simple stuff first … :wink:

This thing is killing me lol. I researched the name and got to the login. Not sure what more enumeration I can do. Any hints would be greatly appreciated. Thanks

@neoson said:
This thing is killing me lol. I researched the name and got to the login. Not sure what more enumeration I can do. Any hints would be greatly appreciated. Thanks

Do you understand what Mirai was? And how it worked?

@likwidsec said:

@neoson said:
This thing is killing me lol. I researched the name and got to the login. Not sure what more enumeration I can do. Any hints would be greatly appreciated. Thanks

Do you understand what Mirai was? And how it worked?

I do. It’s hard to say where i’m stuck at without giving a bunch away but the default isn’t working for me.

So this is weird. I tried the default a number of times and it kept failing then it finally worked. I was in and looked around and then the pages stopped loading. So I exited and I’m back and it won’t let me in again lol. It doesn’t want me to win lol.

  1. What is this system?
  2. what is one of the first things you do when setting it up?

… p.s. When I do it it makes me hungry for dessert