secret.zip
charix@poison:~ % ls -la
total 48
drwxr-x--- 2 charix charix 512 Mar 19 2018 .
drwxr-xr-x 3 root wheel 512 Mar 19 2018 ..
-rw-r----- 1 charix charix 1041 Mar 19 2018 .cshrc
-rw-rw---- 1 charix charix 0 Mar 19 2018 .history
-rw-r----- 1 charix charix 254 Mar 19 2018 .login
-rw-r----- 1 charix charix 163 Mar 19 2018 .login_conf
-rw-r----- 1 charix charix 379 Mar 19 2018 .mail_aliases
-rw-r----- 1 charix charix 336 Mar 19 2018 .mailrc
-rw-r----- 1 charix charix 802 Mar 19 2018 .profile
-rw-r----- 1 charix charix 281 Mar 19 2018 .rhosts
-rw-r----- 1 charix charix 849 Mar 19 2018 .shrc
-rw-r----- 1 root charix 166 Mar 19 2018 secret.zip
-rw-r----- 1 root charix 33 Mar 19 2018 user.txtAfter gaining a foothold, I came across an interesting archive file at the home directory; /home/charix/secret.zip
┌──(kali㉿kali)-[~/archive/htb/labs/poison]
└─$ unzip secret.zip
archive: secret.zip
[secret.zip] secret password: Charix!2#4%6&8(0
extracting: secret I transferred the file to Kali for further enumeration
I was able to extract the secret file from the archive with the password of the charix user
Password reused
┌──(kali㉿kali)-[~/archive/htb/labs/poison]
└─$ file secret
secret: Non-ISO extended-ASCII text, with no line terminators
┌──(kali㉿kali)-[~/archive/htb/labs/poison]
└─$ cat secret
��[|Ֆz! well it’s something