Password Attacks Lab - Medium

I get the cred of admin and jason.
But this creds don’t work for ssh. So i don’t know how to use the document files i craked. the ip given in the doc is unreachable from my home machine.
Pls someone can give me a good hint ? :slightly_smiling_face:
Thx all

When copy and pasting syntax be sure you haven’t highlighted extra spaces mistakenly. I spent hours trying to get to the d user because of a stupid syntax error :,(

1 Like

hey man could you dm a slight nudge towards root privesc. i’d appreciate your help.

Hello everyone, my question is for those who finished this lab since I got the flag already.

So I got jason and dennis, and I need to get root. It was hinted already by @pavka that there may be useful files that could be reused in the home folder of one of these users. After seeing this I got the flag. Now, wasn’t that a bit of a wild guess? I know that some “things” can be reused, but after scouring the machine I didn’t find any hint that nudged me in that direction.

Am I supposed to simply reuse everything even when it would be highly unlikely? Or did I miss any hint?

I hope the question is clear enough. Feel free to DM me.

1 Like

Read the document you found with Jason’s credentials.

Don’t they mention a service?

netstat -antp | grep listen
You will see the listening services with this as well.

I got jason and dennis but I didn’t find nothings in the home of dennis, I checked all file but nothings can be reused…maybe I’m forgetting somethings?

Technically THERE IS something that you could exfil to your attack host and try to reuse with another user to escalate your privileges.

Even if you don’t think it would be likely to work, try to reuse everything that you could reuse in that folder. If you need more of a nudge, DM.

1 Like

Check the home folder of Dennis, what directory stands out to you? think SSH and how you can possibly use this.


hi friend could yo share that with me please, thanks a lot!!!

hey frogman, i find in folder Dennis .ssh a id_rsa file. I use it like this:
ssh -i id_rsa root@IP

then it say “Enter passphrase for key ‘id_rsa’:” … what does this mean? i also generate a own key (see dennis bash history), but it doesn work too. If im on the right way, could you give me pls a hint?

hey luffy,

I am stuck at the same problem now, did u solve it already?

download the id_rsa key for Dennis, then you need to do ssh2john, turn that key into a hash then crack it with the mutated password list using hashcat. Then login into ssh using Dennis’s key under root user.


Great, thanks!

Hi guys, so I got the root user and I have some questions here because the whole priv esc process seemed a bit weird. So, once you get dennis, you have access to his private key but you cannot use sudo.


So the only thing I could do is download his private key and break it. Once you get the password, you can ssh to the machine as root and use that passphrase. So the whole idea here is that dennis set the same password for his ssh account as he did for root? Is that what they are teaching us with this machine?