edward
Checking the edward user for password reuse.
Validation will be made against the target SSH server.
┌──(kali㉿kali)-[~/archive/thm/zeno]
└─$ ssh edward@$IP
The authenticity of host '10.10.20.195 (10.10.20.195)' can't be established.
ED25519 key fingerprint is SHA256:rRttffFIyZasFZ3kH1UCuXbqoQKD5nKQWgtEudn7nys.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.20.195' (ED25519) to the list of known hosts.
edward@10.10.20.195's password: FrobjoodAdkoonceanJa
Last failed login: Tue Aug 13 15:34:10 CEST 2024 on pts/2
There were 4 failed login attempts since the last successful login.
Last login: Tue Sep 21 22:37:30 2021
[edward@zeno ~]$ whoami
edward
[edward@zeno ~]$ hostname
zeno
[edward@zeno ~]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 02:63:1d:74:7a:33 brd ff:ff:ff:ff:ff:ff
inet 10.10.20.195/16 brd 10.10.255.255 scope global dynamic eth0
valid_lft 3244sec preferred_lft 3244sec
inet6 fe80::63:1dff:fe74:7a33/64 scope link
valid_lft forever preferred_lft foreverPassword reuse confirmed
Lateral movement made to the edward user via SSH