Solar-PuTTY
Checking the filesystem manually after performing a basic system enumeration
shirohige@instant:~$ ll /opt
total 12
drwxr-xr-x 3 root root 4096 Oct 4 15:22 ./
drwxr-xr-x 23 root root 4096 Oct 4 15:26 ../
drwxr-xr-x 3 shirohige shirohige 4096 Oct 4 15:22 backups/
shirohige@instant:~$ ll /opt/backups/
total 12
drwxr-xr-x 3 shirohige shirohige 4096 Oct 4 15:22 ./
drwxr-xr-x 3 root root 4096 Oct 4 15:22 ../
drwxr-xr-x 2 shirohige shirohige 4096 Oct 4 15:22 Solar-PuTTY/
shirohige@instant:~$ ll /opt/backups/Solar-PuTTY/
total 12
drwxr-xr-x 2 shirohige shirohige 4096 Oct 4 15:22 ./
drwxr-xr-x 3 shirohige shirohige 4096 Oct 4 15:22 ../
-rw-r--r-- 1 shirohige shirohige 1100 Sep 30 11:38 sessions-backup.datThe /opt/backup directory was initially discovered by PEAS, and it contains the Solar-PuTTY session file
Solar-PuTTY is a free terminal emulator, serial console and network file transfer application developed and maintained by SolarWinds. It is designed to support a wide range of network protocols, including SCP, SSH, Telnet, and SFTP. It was built as an enhancement of the original SSH client called PuTTY™. The key differences between this newest version and the original is that Solar-PuTTY also features a new browser-like GUI, support for multiple sessions tabs, and password management.
shirohige@instant:/opt/backups/Solar-PuTTY$ cat sessions-backup.dat
ZJlEkpkqLgj2PlzCyLk4gtCfsGO2CMirJoxxdpclYTlEshKzJwjMCwhDGZzNRr0fNJMlLWfpbdO7l2fEbSl/OzVAmNq0YO94RBxg9p4pwb4upKiVBhRY22HIZFzy6bMUw363zx6lxM4i9kvOB0bNd/4PXn3j3wVMVzpNxuKuSJOvv0fzY/ZjendafYt1Tz1VHbH4aHc8LQvRfW6Rn+5uTQEXyp4jE+ad4DuQk2fbm9oCSIbRO3/OKHKXvpO5Gy7db1njW44Ij44xDgcIlmNNm0m4NIo1Mb/2ZBHw/MsFFoq/TGetjzBZQQ/rM7YQI81SNu9z9VVMe1k7q6rDvpz1Ia7JSe6fRsBugW9D8GomWJNnTst7WUvqwzm29dmj7JQwp+OUpoi/j/HONIn4NenBqPn8kYViYBecNk19Leyg6pUh5RwQw8Bq+6/OHfG8xzbv0NnRxtiaK10KYh++n/Y3kC3t+Im/EWF7sQe/syt6U9q2Igq0qXJBF45Ox6XDu0KmfuAXzKBspkEMHP5MyddIz2eQQxzBznsgmXT1fQQHyB7RDnGUgpfvtCZS8oyVvrrqOyzOYl8f/Ct8iGbv/WO/SOfFqSvPQGBZnqC8Id/enZ1DRp02UdefqBejLW9JvV8gTFj94MZpcCb9H+eqj1FirFyp8w03VHFbcGdP+u915CxGAowDglI0UR3aSgJ1XIz9eT1WdS6EGCovk3na0KCz8ziYMBEl+yvDyIbDvBqmga1F+c2LwnAnVHkFeXVua70A4wtk7R3jn8+7h+3Evjc1vbgmnRjIp2sVxnHfUpLSEq4oGp3QK+AgrWXzfky7CaEEEUqpRB6knL8rZCx+Bvw5uw9u81PAkaI9SlY+60mMflf2r6cGbZsfoHCeDLdBSrRdyGVvAP4oY0LAAvLIlFZEqcuiYUZAEgXgUpTi7UvMVKkHRrjfIKLw0NUQsVY4LVRaa3rOAqUDSiOYn9F+Fau2mpfa3c2BZlBqTfL9YbMQhaaWz6VfzcSEbNTiBsWTTQuWRQpcPmNnoFN2VsqZD7d4ukhtakDHGvnvgr2TpcwiaQjHSwcMUFUawf0Oo2+yV3lwsBIUWvhQw2g=The sessions-backup.dat file is indeed a saved session file
This can be decrypted. Moving on to Privilege Escalation phase