Password and file permission
Stored Passwords
history
orcat .bash_history
will show previous command and will sometines leak passwordfind . -type f -exec grep -i -I "PASSWORD" {} /dev/null \;
Sometimes a simple
ls
orls -la
will give interesting files
Weak File permission
Do we have access to file that we shouldn't?
ls -la /etc/passwd
This used to store password
If we can modify the file we can remove the x, we could change the num of the group of our user to become part of root group
ls -la /etc/shadow
We can copy the content of
/etc/passwd
in a file in our attacking machineWe can now look for the hash on hashcat.net our hashes start with
$6$
so we can ctrl+F this and this will give us the mode number to use.
SSH keys
find / -name authorized_keys 2> /dev/null
find / -name id_rsa 2> /dev/null
If we find an id_rsa key, we can copy it in our machine and use it to log in
Before using it we have to change the right
chmod 600 id_rsa
And then we can just
ssh -i id_rsa root@10.10.240.48
Last updated