Which of the following should the tester attempt to do next to take advantage of this information?

In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:

sshpass -p donotchange ssh admin@192.168.6.14

Which of the following should the tester attempt to do next to take advantage of this information? (Select two).
A . Use Nmap to identify all the SSH systems active on the network.
B . Take a screen capture of the source code repository for documentation purposes.
C . Investigate to find whether other files containing embedded passwords are in the code repository.
D . Confirm whether the server 192.168.6.14 is up by sending ICMP probes.
E . Run a password-spraying attack with Hydra against all the SSH servers.
F . Use an external exploit through Metasploit to compromise host 192.168.6.14.

View Answer

Answer: B, C

Explanation:

When a penetration tester discovers hard-coded credentials in a file within an unprotected source code repository, the next steps should focus on documentation and further investigation to identify additional security issues.

Taking a Screen Capture (Option B):

Documentation: It is essential to document the finding for the final report. A screen capture provides concrete evidence of the discovered hard-coded credentials.

Audit Trail: This ensures that there is a record of the vulnerability and can be used to communicate the issue to stakeholders, such as the development team or the client. Investigating for Other Embedded Passwords (Option C):

Thorough Search: Finding one hard-coded password suggests there might be others. A thorough investigation can reveal additional credentials, which could further compromise the security of the system.

Automation Tools: Tools like truffleHog, git-secrets, and grep can be used to scan the repository for

other instances of hard-coded secrets.

Pentest

Reference: Initial Discovery: Discovering hard-coded credentials often occurs during source code review or automated scanning of repositories.

Documentation: Keeping detailed records of all findings is a critical part of the penetration testing process. This ensures that all discovered vulnerabilities are reported accurately and comprehensively.

Further Investigation: After finding a hard-coded credential, it is best practice to look for other security issues within the same repository. This might include other credentials, API keys, or sensitive information.

Steps to Perform:

Take a Screen Capture:

Use a screenshot tool to capture the evidence of the hard-coded credentials. Ensure the capture includes the context, such as the file path and relevant code lines.

Investigate Further:

Use tools and manual inspection to search for other embedded passwords.

Commands such as grep can be helpful:

grep -r ‘password’ /path/to/repository

Tools like truffleHog can search for high entropy strings indicative of secrets:

trufflehog –regex –entropy=True /path/to/repository

By documenting the finding and investigating further, the penetration tester ensures a comprehensive assessment of the repository, identifying and mitigating potential security risks effectively.