By: Nicholas Werner
Starting off with an nmap scan.
When we visit the web page it appears to be undergoing maintenance.
When we view page source we can see that perhaps there is a dev directory.
Now we want to run GoBuster to find the hidden directory.
When we visit /development there are 2 text files for us to view.
When we visit dev.txt we see this message.
When we visit j.txt we see this message.
We use enum4linux to get loads of information and we find that there are two users: jan and kay.
We are going to use hydra to crack jan’s ssh password as shown below. jan’s password is armando.
Now we can ssh into jan with the password that we found.
When trying to read files we get a permission denied message so we need to escalate privileges.
Going into .ssh we can find password hashes.
After this we crack the hash with john the ripper, find that the password for kay is beeswax, login via ssh, type cat pass.bak, and the final password is heresareallystrongpasswordthatfollowsthepasswordpolicy$$