Help with Mirai

any hints on where to start with mirai, i have done all the scanning and all the reading about mirai and pi-hole.
i think i understand how mirai works and what is pi-hole, but i’m unable to get a clearer picture in mind on how to proceed with all the information i have.

answer 2 questions:

  1. pi-hole installed on … platform
  2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
  3. see opened ports

add 1 + 2 + 3

tip: getting pi-hole admin password for web interface - wrong path

If you can figure out the OS/device, you’ll know how to move forward

@5am said:
answer 2 questions:

  1. pi-hole installed on … platform
  2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
  3. see opened ports

add 1 + 2 + 3

tip: getting pi-hole admin password for web interface - wrong path

Done all that…

Got 4 open ports… SSH, DNS,HTTP, UPNP…
I even managed to get to the admin page of pi-hole interface once but then it blocked my access…

@punish3r said:

@5am said:
answer 2 questions:

  1. pi-hole installed on … platform
  2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
  3. see opened ports

add 1 + 2 + 3

tip: getting pi-hole admin password for web interface - wrong path

Done all that…

Got 4 open ports… SSH, DNS,HTTP, UPNP…
I even managed to get to the admin page of pi-hole interface once but then it blocked my access…

dont use pi-hole web inferface (web interface is wrong path), use other other interface as port for manage

u can manage with using upnp ? maybe dns ? maybe other ?

@DBrojangles said:
If you can figure out the OS/device, you’ll know how to move forward

From the UPNP port, it says that its a mobile phone device…

But from the pi-hole admin panel device is a raspberry pi

@5am said:

@punish3r said:

@5am said:
answer 2 questions:

  1. pi-hole installed on … platform
  2. read about mirai work (from wiki:
    Mirai then identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords)
  3. see opened ports

add 1 + 2 + 3

tip: getting pi-hole admin password for web interface - wrong path

Done all that…

Got 4 open ports… SSH, DNS,HTTP, UPNP…
I even managed to get to the admin page of pi-hole interface once but then it blocked my access…

dont use pi-hole web inferface (web interface is wrong path), use other other interface as port for manage

u can manage with using upnp ? maybe dns ? maybe other ?

Any help with that…??

answer the question: how can you connect to the pi device for configuration ?

using SSH…

@punish3r said:
using SSH…

So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH…

Right…??

Nobody said that. What was that mirai list made up of? What is the logic behind how Mirai spreads? Can you apply that same logic here?

@punish3r said:
So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH…

Right…??
you are close. try :slight_smile:

@3mrgnc3 said:
Nobody said that. What was that mirai list made up of? What is the logic behind how Mirai spreads? Can you apply that same logic here?

That list was made of 60 default usernames and passwords used by devices.
Mirai scanned the IOT devices find open ports adn try to bruteforce them using the pre caluclated table of usernames and passwords.

@5am said:

@punish3r said:
So, i have to try the basic 60 usernames and passwords used by mirai to bruteforce the SSH…

Right…??
you are close. try :slight_smile:

I have tried to bruteforce but its not working…

You don’t need to brute force. Just google it

How did Mirai spread? What was in that list it used?

@3mrgnc3 said:
You don’t need to brute force. Just google it

@3mrgnc3 said:
You don’t need to brute force. Just google it

Google what…?

@3mrgnc3 said:
How did Mirai spread? What was in that list it used?

Usernames and passwords…

@punish3r said:

@3mrgnc3 said:
How did Mirai spread? What was in that list it used?

Usernames and passwords…

Default usernames and password of devices