SSH
┌──(kali㉿kali)-[~/…/decompressed/var/www/html]
└─$ ssh john@cybermonday.htb
The authenticity of host 'cybermonday.htb (10.10.11.228)' can't be established.
ed25519 key fingerprint is sha256:KN9ev9G8u8Q4yY10fnm1hyEg8EbMvMRHxvDvCxRf6do.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
warning: Permanently added 'cybermonday.htb' (ED25519) to the list of known hosts.
john@cybermonday.htb's password: ngFfX2L71Nu
Linux cybermonday 5.10.0-24-amd64 #1 SMP Debian 5.10.179-5 (2023-08-08) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
john@cybermonday:~$ whoami
john
john@cybermonday:~$ hostname
cybermonday
john@cybermonday:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:b9:48:7f brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname ens160
inet 10.10.11.228/23 brd 10.10.11.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 dead:beef::250:56ff:feb9:487f/64 scope global dynamic mngtmpaddr
valid_lft 86399sec preferred_lft 14399sec
inet6 fe80::250:56ff:feb9:487f/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:ef:e6:1f:09 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: br-ccc51e38e8e5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:f7:79:1b:2d brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-ccc51e38e8e5
valid_lft forever preferred_lft forever
inet6 fe80::42:f7ff:fe79:1b2d/64 scope link
valid_lft forever preferred_lft forever
6: vethaf37bca@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-ccc51e38e8e5 state UP group default
link/ether c6:e7:73:52:60:39 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::c4e7:73ff:fe52:6039/64 scope link
valid_lft forever preferred_lft forever
8: vethe84ca50@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-ccc51e38e8e5 state UP group default
link/ether 0e:ee:f5:64:d6:fa brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::cee:f5ff:fe64:d6fa/64 scope link
valid_lft forever preferred_lft forever
10: veth669f664@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-ccc51e38e8e5 state UP group default
link/ether 32:84:29:e7:a0:b7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::3084:29ff:fee7:a0b7/64 scope link
valid_lft forever preferred_lft forever
12: vethd69856e@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-ccc51e38e8e5 state UP group default
link/ether 26:5e:4e:16:54:eb brd ff:ff:ff:ff:ff:ff link-netnsid 5
inet6 fe80::245e:4eff:fe16:54eb/64 scope link
valid_lft forever preferred_lft forever
14: vethf9a4b83@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-ccc51e38e8e5 state UP group default
link/ether 0a:1c:9a:21:bd:33 brd ff:ff:ff:ff:ff:ff link-netnsid 4
inet6 fe80::81c:9aff:fe21:bd33/64 scope link
valid_lft forever preferred_lft forever
16: vethcd6d4ed@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-ccc51e38e8e5 state UP group default
link/ether 62:d0:14:9b:e0:2d brd ff:ff:ff:ff:ff:ff link-netnsid 3
inet6 fe80::60d0:14ff:fe9b:e02d/64 scope link
valid_lft forever preferred_lft foreverPassword reuse confirmed for the john user
Lateral movement made to the target system as the john user via SSH