> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-11/password-reuse/trick-0610.md).

# Credential Reuse (SSH Login)

***

Credentials found in a configuration file (e.g., `wp-config.php` extracted from an archive). The `wp-config.php` file is a core WordPress configuration file that contains sensitive information, including database connection settings. Specifically, the database username is typically defined by the `DB_USER` constant and the database password by the `DB_PASSWORD` constant.

Attempt to reuse these credentials for SSH login on the target IP. The standard command for connecting via SSH is:

```bash
ssh <username>@<target_ip>
```

Enter the found password when prompted. If the target system is configured to allow password authentication for SSH, the extracted credentials might grant access.

An alternative method for automating password entry, although usage in scripts is generally discouraged for security reasons, is using tools like `sshpass`. This allows providing the password directly on the command line:

```bash
sshpass -p 'found_password' ssh <username>@<target_ip>
```

If successful, this confirms credential reuse and provides shell access to the target system.
