clean-ftp.py
After making a lateral movement to the developer user, I was able to access the directory at /opt/scripts/developer
developer@sneakymailer:/opt/scripts/developer$ ll
total 12K
4.0K drwxr-x--- 2 root developer 4.0K May 26 2020 .
4.0K -rwxr-x--- 1 root developer 405 May 26 2020 clean-ftp.py
4.0K drwxr-xr-x 5 root root 4.0K May 26 2020 ..The directory contains a Python script; clean-ftp.py
developer@sneakymailer:/opt/scripts/developer$ cat clean-ftp.py
cat clean-ftp.py
import os
import shutil
def main():
for root, directories, files in os.walk("/var/www/dev.sneakycorp.htb"):
for directory in directories:
try:
shutil.rmtree(os.path.join(root, directory))
except permissionerror:
pass
for file in files:
try:
os.remove(os.path.join(root, file))
except permissionerror:
print(os.path.join(root, file))
if __name__ == "__main__":
main()I had a hard time keeping the session open as the www-data user after the foothold due to this Python script
It’s responsible for removing uploaded files