InfoSec LAB

Bash_History

sunny@sunday:~$ cat .bash_history 
su -
su -
cat /etc/resolv.conf 
su -
ps auxwww|grep overwrite
su -
sudo -l
sudo /root/troll
ls /backup
ls -l /backup
cat /backup/shadow.backup
sudo /root/troll
sudo /root/troll
su -
sudo -l
sudo /root/troll
ps auxwww
ps auxwww
ps auxwww
top
top
top
ps auxwww|grep overwrite
su -
su -
cat /etc/resolv.conf 
ps auxwww|grep over
sudo -l
sudo /root/troll
sudo /root/troll
sudo /root/troll
sudo /root/troll

The bash history log is available at /home/sunny/.bash_history

While both troll and backup are already enumerated, there is something else

overwrite

ps auxwww|grep overwrite This checks for a process that has the string, "overwrite" in it

sunny@sunday:/$ ps auxwww|grep overwrite
root        81  0.0  0.212544 3380 ?        S 12:56:15  0:01 /usr/bin/bash /lib/svc/method/overwrite
sunny@sunday:/$ cat /lib/svc/method/overwrite
cat: cannot open /lib/svc/method/overwrite: Permission denied
sunny@sunday:/$ ll /lib/svc/method/overwrite
   2 -rwx------   1 root     root         126 Apr 13  2022 /lib/svc/method/overwrite

The sunny user is unable to access the /lib/svc/method/overwrite file

InfoSec LAB

Explorer

Sunday_Bash_History

Bash_History

overwrite

Interactive Graph View

Table of Contents

Backlinks