InfoSec LAB

Tomghost_Lateral_Movement

Created: 1 min read

merlin

Validating the decrypted credential of the merlin user against the SSH server

┌──(kali㉿kali)-[~/archive/thm/tomghost]
└─$ sshpass -p asuyusdoiuqoilkda312j31k2j123j1g23g12k3g12kj3gk12jg3k12j3kj123j ssh merlin@$IP
Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-174-generic x86_64)
 
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
 
Last login: Tue Mar 10 22:56:49 2020 from 192.168.85.1
merlin@ubuntu:~$ whoami
merlin
merlin@ubuntu:~$ hostname
ubuntu
merlin@ubuntu:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 02:e6:f7:17:b3:d5 brd ff:ff:ff:ff:ff:ff
    inet 10.10.198.73/16 brd 10.10.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::e6:f7ff:fe17:b3d5/64 scope link 
       valid_lft forever preferred_lft forever

Validated Lateral Movement made to the merlin user via SSH

Interactive Graph View

Backlinks