Lessons Learned

Finger is outdated and allows us to enumerate usernames without lockout mechanism.
Weak passwords can be cracked, users should have more secure passwords and the administrator should implement a passowrd policy
SSH can be brute forced
Don't let wget run as root and be careful on what you actually let users run as root.
I also learned that slick wget [server] -O [place to write to] trick with wget. Can be useful down the road.
You can chain your privelege escalation. If a command can run as root, you can overwrite it with wget -O or read contents with wget -I

Last updated 4 years ago

Was this helpful?