The file name was not guessed, it was a shell command injection on the website, doing a ls listed an interestingly named file "allinfo.txt". Looking at this, it had the ssh username/password...
The file name was not guessed, it was a shell command injection on the website, doing a ls listed an interestingly named file "allinfo.txt". Looking at this, it had the ssh username/password...