Attacking Common Services - Easy - Finding User Account to Brute Force

1c3H9mst3r · September 18, 2022, 6:14pm

I thought this target would be easy. I enumerated services and saw that the host had S*** enabled. I downloaded the user name list from the course’s Resources page and ran a tool to verify which of the users existed. None matched. I expanded the search by using a few user lists included with the pwnbox under /usr/share/SecLists, but still got no hits.

I could try brute forcing username / password combos against the other services hosted on this box, but I think I would be missing something obvious.

Any tips on finding the initial username to get a foothold on this box?

Babaloo11 · September 19, 2022, 4:40am

The user name appeared in my nmap scan. I used -sCVT.

1c3H9mst3r · September 19, 2022, 12:25pm

Dang. I tried that along with scanning all ports and running more invasive NSE scripts (vulnerability) but don’t see any output with the username. It must be staring back at me laughing. Could you please DM me with another tip? Thanks!

Rapunzel3000 · September 25, 2022, 12:57pm

I was successful with the S*** user enumeration script.

1c3H9mst3r · September 28, 2022, 2:48pm

Using the user list found in the course’s Resources section?