SSH
Testing the credential of the svc account for password reuse against the target SSH server
┌──(kali㉿kali)-[~/archive/htb/labs/mentor]
└─$ sshpass -p '123meunomeeivani' ssh svc@$IP
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-56-generic x86_64)
* documentation: https://help.ubuntu.com
* management: https://landscape.canonical.com
* support: https://ubuntu.com/advantage
system information as of thu dec 28 10:13:37 AM UTC 2023
system load: 0.0
usage of /: 65.2% of 8.09GB
memory usage: 14%
swap usage: 0%
processes: 251
users logged in: 0
ipv4 address for br-028c7a43f929: 172.20.0.1
ipv4 address for br-24ddaa1f3b47: 172.19.0.1
ipv4 address for br-3d63c18e314d: 172.21.0.1
ipv4 address for br-7d5c72654da7: 172.22.0.1
ipv4 address for br-a8a89c3bf6ff: 172.18.0.1
ipv4 address for docker0: 172.17.0.1
ipv4 address for eth0: 10.10.11.193
ipv6 address for eth0: dead:beef::250:56ff:feb9:d25d
0 updates can be applied immediately.
The list of available updates is more than a week old.
to check for new updates run: sudo apt update
last login: Mon Dec 12 10:22:58 2022 from 10.10.14.40
svc@mentor:~$ whoami
svc
svc@mentor:~$ hostname
mentor
svc@mentor:~$ ifconfig
br-028c7a43f929: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.20.0.1 netmask 255.255.0.0 broadcast 172.20.255.255
ether 02:42:05:24:4c:de txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-24ddaa1f3b47: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 172.19.255.255
ether 02:42:91:6d:19:94 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-3d63c18e314d: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.21.0.1 netmask 255.255.0.0 broadcast 172.21.255.255
ether 02:42:50:81:fe:3b txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-7d5c72654da7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.0.1 netmask 255.255.0.0 broadcast 172.22.255.255
inet6 fe80::42:1cff:fefa:2974 prefixlen 64 scopeid 0x20<link>
ether 02:42:1c:fa:29:74 txqueuelen 0 (Ethernet)
RX packets 6256 bytes 407576 (407.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8178 bytes 8640413 (8.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-a8a89c3bf6ff: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:39:6b:f2:5a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:11:63:61:ef txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.10.11.193 netmask 255.255.254.0 broadcast 10.10.11.255
inet6 dead:beef::250:56ff:feb9:d25d prefixlen 64 scopeid 0x0<global>
inet6 fe80::250:56ff:feb9:d25d prefixlen 64 scopeid 0x20<link>
ether 00:50:56:b9:d2:5d txqueuelen 1000 (Ethernet)
RX packets 8179 bytes 8675994 (8.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4427 bytes 385462 (385.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 2104 bytes 149564 (149.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2104 bytes 149564 (149.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1fbf3a9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e007:5dff:fe58:a035 prefixlen 64 scopeid 0x20<link>
ether e2:07:5d:58:a0:35 txqueuelen 0 (Ethernet)
RX packets 105 bytes 17673 (17.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 167 bytes 15374 (15.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth79ba3f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::c73:30ff:fe0d:6d10 prefixlen 64 scopeid 0x20<link>
ether 0e:73:30:0d:6d:10 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1484 (1.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethda9f088: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::81f:24ff:fe8c:3447 prefixlen 64 scopeid 0x20<link>
ether 0a:1f:24:8c:34:47 txqueuelen 0 (Ethernet)
RX packets 6151 bytes 477487 (477.4 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8048 bytes 8627889 (8.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Initial Foothold established to the target system and lateral movement made to the svc account via SSH