InfoSec LAB

Reconstruction_Lateral_Movement

Created: 2 min read

jack

Checking the password found in the source code of the target web application for the password reuse

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/reconstruction]
└─$ sshpass -p ee05d64d2528102d45e2db60986727ed ssh jack@$IP
Welcome to Ubuntu 18.04 LTS (GNU/Linux 4.15.0-20-generic x86_64)
 
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
 
  System information as of Fri Feb  7 01:20:04 EST 2025
 
  System load:  0.0                Processes:             164
  Usage of /:   13.3% of 18.61GB   Users logged in:       0
  Memory usage: 21%                IP address for ens160: 192.168.209.103
  Swap usage:   0%
 
 
270 packages can be updated.
174 updates are security updates.
 
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
 
 
 
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
 
 
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
 
Last login: Fri Feb  7 00:36:56 2025 from 192.168.45.215
 
jack@reconstruction:~$ whoami
jack
jack@reconstruction:~$ hostname
reconstruction
jack@reconstruction:~$ ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.209.103  netmask 255.255.255.0  broadcast 192.168.209.255
        ether 00:50:56:9e:77:35  txqueuelen 1000  (Ethernet)
        RX packets 8817  bytes 4611878 (4.6 MB)
        RX errors 0  dropped 61  overruns 0  frame 0
        TX packets 5068  bytes 1069593 (1.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 134  bytes 11292 (11.2 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 134  bytes 11292 (11.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Password reuse confirmed Lateral Movement made to the jack user via SSH

Interactive Graph View

Backlinks