admin
After performing some basic enumeration, I have looked through the system to find a way to make a lateral movement to the admin user
Interestingly, the admin user has the unusual UID of 4000000000
While doing so, I also found out that the target SSH server only allows root and mango users for authentication, excluding the admin user
This gives me the idea that the password reuse might still be valid for the admin user although Hydra was unable to authenticate via SSH due to the reason above
Therefore, I could just attempt to switch to the admin user from within the system
mango@mango:/dev/shm$ su admin
password:
$ whoami
admin
$ hostname
mango
$ ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.10.10.162 netmask 255.255.255.0 broadcast 10.10.10.255
inet6 fe80::250:56ff:feb9:ab29 prefixlen 64 scopeid 0x20<link>
inet6 dead:beef::250:56ff:feb9:ab29 prefixlen 64 scopeid 0x0<global>
ether 00:50:56:b9:ab:29 txqueuelen 1000 (Ethernet)
RX packets 19791355 bytes 3143529560 (3.1 GB)
RX errors 0 dropped 58 overruns 0 frame 0
TX packets 18689587 bytes 9750880738 (9.7 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 118191 bytes 10187807 (10.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 118191 bytes 10187807 (10.1 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Password reuse confirmed for the admin user
Lateral Movement made to the admin user