Post Exploitation

Checking for commands we can run as root

found shadow.backup file with sammy hash

Identifying Hash

Identified SHA-256 hash

sudo john --wordlist=/usr/share/wordlist/rockyou.txt sammyhash.txt
cooldude!

Privilege Escalation

First we create a bash file

On the Sammy Computer we can use wget as root and out put the contents of a file to somewhere else on the system.

writing the contents of the bash file to the /root/troll command we can run in sunny user

Running the /root/troll command after being overwritten