Lessons Learned

Some valuable lessons on this box:

Developers need to be careful on what information a user can have access to, such as the decoder and encode file.
nmap can be used to check for vulnerabilities on older ubuntu systems. By doing do recon on an older system, we can save a lot of time.
SSH keys should not be encoded and put on a server for everyone to see. This can jeopardize confidentiality of systems as shown by logging in to the server via ssh.
Heart-bleed asks for more information than what is needed, giving us access to information we should not have access to.
When elevating privleges check for bash history and check for running root processes. Often, an attacker can take advantage of running root processes as we did with the TMUX socket file.
Why did a member of the hype group have read write access to file beloning to root? Why did root leave it running? Thats a big red flag.
If a patched version of OpenSSL was installed, this could have been avoided(the passphrase).
Ways to prevent tmux from being accessed.
- not running your tmux session as root
- using sudo within the tmux session if you need root privileges
- closing the tmux session once you’re done instead of having it run (and accessible) the entire time.

Last updated 4 years ago

Was this helpful?

Some valuable lessons on this box:

Developers need to be careful on what information a user can have access to, such as the decoder and encode file.
nmap can be used to check for vulnerabilities on older ubuntu systems. By doing do recon on an older system, we can save a lot of time.
SSH keys should not be encoded and put on a server for everyone to see. This can jeopardize confidentiality of systems as shown by logging in to the server via ssh.
Heart-bleed asks for more information than what is needed, giving us access to information we should not have access to.
When elevating privleges check for bash history and check for running root processes. Often, an attacker can take advantage of running root processes as we did with the TMUX socket file.
Why did a member of the hype group have read write access to file beloning to root? Why did root leave it running? Thats a big red flag.
If a patched version of OpenSSL was installed, this could have been avoided(the passphrase).
Ways to prevent tmux from being accessed.
- not running your tmux session as root
- using sudo within the tmux session if you need root privileges
- closing the tmux session once you’re done instead of having it run (and accessible) the entire time.

Last updated 4 years ago

Was this helpful?