PersistenceIsFutile

$ ssh user@138.68.141.81 -p 31343
user@forensicspersistence-502834-67fb8ccbdd-tg92f:/$ sudo -l
Matching Defaults entries for user on forensicspersistence-502834-67fb8ccbdd-tg92f:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User user may run the following commands on forensicspersistence-502834-67fb8ccbdd-tg92f:
    (ALL : ALL) ALL
user@forensicspersistence-502834-67fb8ccbdd-tg92f:/

user@forensicspersistence-502834-67fb8ccbdd-p7j2c:~$ md5sum .backdoor 
7063c3930affe123baecd3b340f1ad2c  .backdoor
user@forensicspersistence-502834-67fb8ccbdd-p7j2c:~$ md5sum /bin/bash
7063c3930affe123baecd3b340f1ad2c  /bin/bash
user@forensicspersistence-502834-67fb8ccbdd-p7j2c:~$ 

.backdoor = /bin/bash
privilege escalation
$sudo vim
!/bin/bash
or
:shell
$ sudo -s 
root@forensicspersistence-502834-67fb8ccbdd-p7j2c:/# whoami
root
root@forensicspersistence-502834-67fb8ccbdd-p7j2c:~# ./solveme 
Issue 1 is not remediated
Issue 2 is not remediated
Issue 3 is not remediated
Issue 4 is not remediated
Issue 5 is not remediated
Issue 6 is not remediated
Issue 7 is not remediated
Issue 8 is not remediated

rm .backdoor /usr/sbin/afdluk /usr/sbin/ppppd /usr/bin/mgxttm /usr/bin/dlxcrw 
Issue 3 is fully remediated
Issue 7 is partially remediated

gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
Issue 4 is fully remediated

/root/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHRdx5Rq5+Obq66cywz5KW9ofVm0NCZ39EPDA2CJDqx1 nobody@nothing
Issue 2 is partially remediated

/var/spool/cron/crontabs# cat user 
Issue 8 is fully remediated

Navigation