Post Exploitation

Running Linenum.sh

Checking bash history

cat ~/.bash_history

Checking root running processes

ps -ef | grep root

we can see that root is running Tmux

Looking at the TMUX socket file.

owned by root, group owner is hype (us) and it is read write

We are a member of the hype group, and we have read write access to the file that tmux is using as a socket. (root left it open)

Hopping on to the tmux session

tmux -S /.devs/dev_sess

sucessful hop on

Dirty cow exploit