InfoSec LAB

Blocky_Exploitation

Created: 2 min read

SSH

The target Web server had a critical information disclosure to the public, leading to discovering a directory that contains a custom plugin, which contains a CLEARTEXT credential hard-coded into it. At a later stage, I was able to verify the validity of the credential against the target FTP server. I will now attempt to authenticate to the target system via SSH

┌──(kali㉿kali)-[~/archive/htb/labs/blocky]
└─$ ssh notch@$IP        
The authenticity of host '10.10.10.37 (10.10.10.37)' can't be established.
ed25519 key fingerprint is sha256:ZspC3hwRDEmd09Mn/ZlgKwCv8I8KDhl9Rt2Us0fZ0/8.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
warning: Permanently added '10.10.10.37' (ED25519) to the list of known hosts.
notch@10.10.10.37's password: 8YsqfCTnvxAUeduzjNSXe22
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-62-generic x86_64)
 
 * documentation:  https://help.ubuntu.com
 * management:     https://landscape.canonical.com
 * support:        https://ubuntu.com/advantage
 
7 packages can be updated.
7 updates are security updates.
 
 
last login: Fri Jul  8 07:16:08 2022 from 10.10.14.29
-bash: cannot create temp file for here-document: No space left on device
notch@blocky:~$ whoami
notch
notch@blocky:~$ hostname
Blocky
notch@blocky:~$ ifconfig
ens160    link encap:Ethernet  HWaddr 00:50:56:b9:eb:6e  
          inet addr:10.10.10.37  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: dead:beef::250:56ff:feb9:eb6e/64 Scope:Global
          inet6 addr: fe80::250:56ff:feb9:eb6e/64 Scope:Link
          up broadcast running multicast  mtu:1500  Metric:1
          rx packets:4842542 errors:0 dropped:10 overruns:0 frame:0
          tx packets:4465479 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          rx bytes:825102453 (825.1 MB)  TX bytes:2154318935 (2.1 GB)
 
lo        link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          up loopback running  mtu:65536  Metric:1
          rx packets:29930 errors:0 dropped:0 overruns:0 frame:0
          tx packets:29930 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          rx bytes:2337840 (2.3 MB)  TX bytes:2337840 (2.3 MB)

Initial Foothold established to the target system as the notch user via SSH

Interactive Graph View

Backlinks