In this article we will learn about Test Lab V8: Mail and SSH System.
Information [Mail and SSH System]
MAIL ATTACK: As of now we have access to the email account for the Westfall account, we logged into his account and went through his mailbox where we found that two other emails are active for sas-bank.
We have a list of usernames and passwords that we found from the terminal system after a Metasploit exploit.
No, if we look carefully in the usernames, there is a name that matches one of the emails we found in Westfall’s inbox, ie [email protected] and we tried to log in with that account using his terminal password and we successfully logged in.
We just opened the mailbox and found our postal token. We found another interesting mail that looks like a tip for rooting another system, which we will look at later.
SSH attack: In our 2nd part of the article, after rooting the Terminal system, we found the ppk file from Westall’s desktop and generated an SSH private key, which we will now use to login to the ssh system. Using the command: ssh -i [email protected]
As can be seen above we got the permission denied error. After setting permission of 400, we again tried to log in, and we successfully logged in
Now we start browsing all directories for our token, and we found it under /home/davis directory
By using cat command, we read the token_ssh.txt file.
Now we will look for some interesting files which will help us to gain access to another system. In /home/davis directory there are two interesting files are there debugs folder and ssh.key file.
By using scp command, we will download both files in our local system for further analysis. First, we will download the ssh key file. Command usage scp -i <loginkeypath> [email protected]:../davis/ssh.key <pathforsaving>
Now we will download the debug folder. Command usage scp -i <loginkeypath> [email protected]:../davis/debugs <pathforsaving>