Exploiting Poor Configuration

Exploiting this will be pretty straight forward.

Knowing we have a short window (30 seconds) to edit this sh file, we will invoke the ls -la /root/ into the file, quickly save and open up a split window and login via ssh again as sysadmin. Doing this quickly we will see the entire directory get printed out to the screen.

We now have root access

To take this one step further and get a proper shell by doing exactly what we did for user, and that is to echo our public ssh key into /root/.ssh/authorized_keys

We have successfully rooted the box.

Initial Enumeration

Web Shell Exploitation

Exploring the System as User

Exploiting Poor Configuration

Exploiting Poor Configuration

No Comments