Summary

Upon inspecting the James Administration tool on port 4555, I logged in with the user root and the password root. After this I was able to change the password of all the users to whichever password I wanted, this allowed me to log in and read the emails through the POP service. Reading through the emails I was able to get the password for the user mindy and logged in through SSH. After escaping rbash, I located a python script runnign as root. From there I replaced the python script with my own reverse shell python script.

Last updated