InfoSec LAB

Writer_Lateral_Movement_kyle

Created: 2 min read

kyle

Testing the extracted and cracked password for the system user, kyle

┌──(kali㉿kali)-[~/archive/htb/labs/writer]
└─$ ssh kyle@writer.htb                                                                                                         
The authenticity of host 'writer.htb (10.10.11.101)' can't be established.
ed25519 key fingerprint is sha256:EcmD06Im3Ox+/6cWwJX2eaLFPlgm/TO0Jw20KJK1XSw.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
warning: Permanently added 'writer.htb' (ED25519) to the list of known hosts.
kyle@writer.htb's password: 
Welcome to Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-80-generic x86_64)
 
 * documentation:  https://help.ubuntu.com
 * management:     https://landscape.canonical.com
 * support:        https://ubuntu.com/advantage
 
  system information as of wed 19 apr 18:52:39 UTC 2023
 
  system load:           0.06
  usage of /:            66.1% of 6.82GB
  memory usage:          37%
  swap usage:            0%
  processes:             262
  users logged in:       0
  ipv4 address for eth0: 10.10.11.101
  ipv6 address for eth0: dead:beef::250:56ff:feb9:8e54
 
 
0 updates can be applied immediately.
 
 
The list of available updates is more than a week old.
to check for new updates run: sudo apt update
 
last login: Wed Jul 28 09:03:32 2021 from 10.10.14.19
kyle@writer:~$ whoami
kyle
kyle@writer:~$ hostname
writer
kyle@writer:~$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.11.101  netmask 255.255.254.0  broadcast 10.10.11.255
        inet6 dead:beef::250:56ff:feb9:8e54  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::250:56ff:feb9:8e54  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:b9:8e:54  txqueuelen 1000  (Ethernet)
        RX packets 1235183  bytes 212508160 (212.5 MB)
        RX errors 0  dropped 203  overruns 0  frame 0
        TX packets 1670589  bytes 796829453 (796.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 5100753  bytes 10737824392 (10.7 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5100753  bytes 10737824392 (10.7 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Lateral Movement made to the kyle user via SSH Password reuse is confirmed

Interactive Graph View

Backlinks