An easy box from HTB, we first get access to daloradius with weak credentials using them to expose a potential user with his hashed (weak) password, I crack the password ending up getting the plaintext password and we use the password to login to the host via SSH! Easy Win! Lastly we escalate our privileges by taking advantage of Mosh (Mobile Shell). 🚀
Enumeration
I start off with my nmap-scan:
➜ nmap -sS -sV -sC 10.10.11.48 -oN nmap-scan
Starting Nmap 7.95 ( https://nmap.org ) at 2025-05-10 01:32 EAT
Nmap scan report for 10.10.11.48
Host is up (0.14s latency).
Not shown: 998 closed tcp ports (reset)