Codify — Credentials

User	Password/Hash	Type	Source	Access Granted	Tested
svc	N/A	Shell via RCE	vm2 sandbox escape (CVE-2023-30547)	Reverse shell as svc	Yes
joshua	$2a$12$SOn8Pf6z8fO/nVsNbAAequ/P6vLRJJl7gCUEiYBU2iLHn4G/p/Zw2	bcrypt hash	/var/www/contact/tickets.db	—	Cracked
joshua	spongebob1	Cracked (bcrypt)	john + rockyou.txt	SSH as joshua	Yes
root	kljh12k3jhaskjh12kjh3	Cleartext	Bash glob brute-force on /opt/scripts/mysql-backup.sh	root via su	Yes

Notes

• vm2 sandbox escape gave RCE as svc — no password needed
• joshua's hash found in SQLite users table in the contact app's database
• bcrypt cost factor 12 (slower to crack than typical cost 10)
• Root password leaked from /root/.creds via unquoted bash glob comparison in sudo script
• spongebob1 works for SSH as joshua
• kljh12k3jhaskjh12kjh3 works for su root