Post Exploitation

Checking for commands we can run as root

found shadow.backup file with sammy hash

Identifying Hash

Identified SHA-256 hash

Privilege Escalation

First we create a bash file

On the Sammy Computer we can use wget as root and out put the contents of a file to somewhere else on the system.

writing the contents of the bash file to the /root/troll command we can run in sunny user

Running the /root/troll command after being overwritten

PreviousExploitationNextLessons Learned

Last updated

Was this helpful?