- What service can you brute force with the text file found?
- What is the users password?
* access HTTP <ip>
— check source page (nothing found)
— Multiple user names found.
— create a list with all names found and save it.
— file named “locks.txt” downloaded from FTP, use as a password file.
* Bruteforce SSH using Hydra.
* User Logon name and password found.
* login “lin” using ssh.
* ls -la = listing directories.
* cat = to read file.
* privilege escalation.
* sudo -l = the -l (list) option will list the allowed (and forbidden) commands for the invoking user.
* Checking GTFOBins for sudo commands.
* Run the found command from GTFO.
* cd (change) directory and cat (read) “root.txt” file.