Hydra didn’t work, because it takes long time for SSH to prompt for a password. I would have to set up really long waiting time, which is useless in terms of brute forcing.
I couldn’t do the brute force, I search issues related with this box:
I decided to look up for some hints, due to this bug and I tried combination of 3 users I had and simple passwords. Generic like “admin”, “12345678” didn’t work.
Later I noticed that back then this box was active, ppl used to choose cryptographic algorithm. Probably due to unusual crypto algorithm it takes really long time to get reponse in initial connection to SSH.
LinEnum on user: “sammy”:
Root shell:
