InfoSec LAB

PermX_Lateral_Movement

Created: 2 min read

Password Reuse

A DB credential has been discovered. While it allows enumerating the database, the credential must be checked for password reuse.

┌──(kali㉿kali)-[~/archive/htb/labs/permx]
└─$ ssh mtz@$IP
The authenticity of host '10.10.11.23 (10.10.11.23)' can't be established.
ED25519 key fingerprint is SHA256:u9/wL+62dkDBqxAG3NyMhz/2FTBJlmVC1Y1bwaNLqGA.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
 
Warning: Permanently added '10.10.11.23' (ED25519) to the list of known hosts.
mtz@10.10.11.23's password: 03F6lY3uXAP2bkW8
Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 5.15.0-113-generic x86_64)
 
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro
 
 System information as of Mon Jul  8 03:34:19 PM UTC 2024
 
  System load:           0.02
  Usage of /:            76.7% of 7.19GB
  Memory usage:          34%
  Swap usage:            1%
  Processes:             483
  Users logged in:       1
  IPv4 address for eth0: 10.10.11.23
  IPv6 address for eth0: dead:beef::250:56ff:fe94:9461
 
  => There is 1 zombie process.
 
 
Expanded Security Maintenance for Applications is not enabled.
 
0 updates can be applied immediately.
 
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
 
 
The list of available updates is more than a week old.
To check for new updates run: sudo apt update
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
 
 
Last login: Mon Jul  8 15:21:17 2024 from 10.10.14.34
mtz@permx:~$ whoami
mtz
mtz@permx:~$ hostname
permx
mtz@permx:~$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.11.23  netmask 255.255.254.0  broadcast 10.10.11.255
        inet6 fe80::250:56ff:fe94:9461  prefixlen 64  scopeid 0x20<link>
        inet6 dead:beef::250:56ff:fe94:9461  prefixlen 64  scopeid 0x0<global>
        ether 00:50:56:94:94:61  txqueuelen 1000  (Ethernet)
        RX packets 13563088  bytes 2261683936 (2.2 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12547303  bytes 6441686855 (6.4 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 17932  bytes 1864631 (1.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 17932  bytes 1864631 (1.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Password reuse confirmed for the mtz account Lateral Movement made to the mtz account via SSH

Interactive Graph View

Backlinks