InfoSec LAB

Password Reuse

Validating the CLEARTEXT credential of the root user in the Docker container

james@trickster:/$ su root
Password: #YouC4ntCatchMe#
root@trickster:/# whoami
root
root@trickster:/# hostname
trickster
root@trickster:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:94:4d:87 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    altname ens160
    inet 10.129.147.233/16 brd 10.129.255.255 scope global dynamic eth0
       valid_lft 2678sec preferred_lft 2678sec
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:89:cb:1d:7d brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
95: veth0845b91@if94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether b6:9e:8b:ce:79:50 brd ff:ff:ff:ff:ff:ff link-netnsid 0

Validated. Password reuse confirmed System Level Compromise

InfoSec LAB

Explorer

Trickster_Privilege_Escalation

Password Reuse

Interactive Graph View

Backlinks