Post Exploitation

Enumerating

nothing really to work with, lets check .bash_history
enumerating we find .backup
Credentials? Lets find out
file running /tmp/listusers

The file appear to be running /tmp/listusers, however, it is non existent. The SUID bit is set for this file. What does that mean? It means that it will execute with the level of privlege that matches the user who own this file. Since the file is owned by root, the file will execute with root privileges.

Lets create the /tmp/listusers file and have it run a bash shell!

echo "bash" > /tmp/listusers
PreviousExploitationNextLessons Learned

Last updated

Was this helpful?