Post 32 - Soggy Morning Toilet Paper

Exploiting SMTP

This is leveraging SMTP information to gain SSH access to the system. The previous enumeration revealed an open SSH port, a username, and the type of SMTP server and OS running.

Hyrda syntax: hydra -t 16 -l [username] -P /path/to/wordlist.txt -vV [ip address] protocol

• -t - number of parallel connections per target
• -l - target user account
• -P - path to dictionary
• -vV - very verbose, shows login+pass combination for each attempt
• ip address - target IP Address
• protocol - sets protocol (i.e. SSH)

The Task

Login through SSH and grab the flag.

Done and done.