Privilege Escalation
Due to the information disclosure regarding the password of the root user, I was able to crack the password hash
I will test for password reuse here
maildeliverer@delivery:/opt/mattermost/config$ su root
password:
root@delivery:/opt/mattermost/config# whoami
root
root@delivery:/opt/mattermost/config# hostname
Delivery
root@delivery:/opt/mattermost/config# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:b9:3d:c4 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.222/24 brd 10.10.10.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 dead:beef::250:56ff:feb9:3dc4/64 scope global dynamic mngtmpaddr
valid_lft 86400sec preferred_lft 14400sec
inet6 fe80::250:56ff:feb9:3dc4/64 scope link
valid_lft forever preferred_lft foreverPassword reuse confirmed System Level Compromise