Mirai Box By Arrexel - hackthebox.eu

If someone need a tip or clue regarding Mirai box. let me know, https://www.hackthebox.eu/home/machines/profile/64

This machine was simple easy and interesting. i will make a wirteup when the box will be retired.

Hii I am suck in root.txt how to get root.txt

[email protected]:~# cat root.txt
I lost my original root.txt! I think I may have a backup on my USB stick…
[email protected]:~#

root.txt file was referering to something elsewhere we have to look for root.txt

So, this is what i did! found usb using

$ lsblk

[email protected]:~# lsblk                                                                                                                                
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT                                                                                                               
sda      8:0    0   10G  0 disk                                                                                                                          
|-sda1   8:1    0  1.3G  0 part /lib/live/mount/persistence/sda1                                                                                         
`-sda2   8:2    0  8.7G  0 part /lib/live/mount/persistence/sda2                                                                                         
sdb      8:16   0   10M  0 disk /media/usbstick                                                                                                          
sr0     11:0    1 1024M  0 rom                                                                                                                           
loop0    7:0    0  1.2G  1 loop /lib/live/mount/rootfs/filesystem.squashfs                                                                               

[email protected]:~#                                                                                                                                                                                                                                                                                                                                                                                                                                                 
/media/usbstick was our path.                                                                                                                            

After i went to that directory this is what i found another challange.

[email protected]:/media/usbstick# ls
damnit.txt lost+found
[email protected]:/media/usbstick# cat damnit.txt

[email protected]:/media/usbstick# cat damnit.txt
Damnit! Sorry man I accidentally deleted your files off the USB stick.
Do you know if there is any way to get them back?

-James
[email protected]:/media/usbstick#

Now I have to recover something

**[email protected]:/media/usbstick# df -h**
Filesystem      Size  Used Avail Use% Mounted on
aufs            8.5G  2.8G  5.3G  35% /
tmpfs           101M   13M   88M  13% /run
/dev/sda1       1.3G  1.3G     0 100% /lib/live/mount/persistence/sda1
/dev/loop0      1.3G  1.3G     0 100% /lib/live/mount/rootfs/filesystem.squashfs
tmpfs           251M     0  251M   0% /lib/live/mount/overlay
/dev/sda2       8.5G  2.8G  5.3G  35% /lib/live/mount/persistence/sda2
devtmpfs         10M     0   10M   0% /dev
tmpfs           251M  8.0K  251M   1% /dev/shm
tmpfs           5.0M  4.0K  5.0M   1% /run/lock
tmpfs           251M     0  251M   0% /sys/fs/cgroup
tmpfs           251M   56K  250M   1% /tmp
/dev/sdb        8.7M   93K  7.9M   2% /media/usbstick
tmpfs            51M     0   51M   0% /run/user/999
tmpfs            51M     0   51M   0% /run/user/1000

I found the path of /media/usbstick which is /dev/sdb

After testing with a tool named extundelete i found this root.txt were deleted.

[email protected]:~# extundelete /dev/sdb --restore-file /media/
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 2 groups loaded.
Loading journal descriptors ... 23 descriptors loaded.
Failed to restore file /media/
Could not find correct inode number past inode 2.
Try altering the filename to one of the entries listed below.
File name                                       | Inode number | Deleted status
.                                                 2
..                                                2
lost+found                                        11
root.txt                                          12             Deleted
damnit.txt                                        13
extundelete: Operation not permitted while restoring file.
extundelete: Operation not permitted when trying to examine filesystem

[email protected]:~/output# extundelete /dev/sdb --restore-inode 12
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 2 groups loaded.
Loading journal descriptors ... 23 descriptors loaded.
[email protected]:~/output# ls
RECOVERED_FILES  audit.txt
[email protected]:~/output# cd RECOVERED_FILES/
[email protected]:~/output/RECOVERED_FILES# ls
file.12
[email protected]:~/output/RECOVERED_FILES# cat file.12

--

Exetundelete command not found error and I try to install that program but not possible

You need to install that tool.

hello Plz help me in ctf, i am new in this but can you suggest from where i learn the basic step to exploit vulnerable machins

Are you working on Mirai Machine? Or you wanna understand CTFs in general?