12 Apotheosis

While we were fiddling around with our Lambda backdoor, someone at Gretsch Politico was kind enough to trigger the reverse shell nested in the ecr-login.sh script. Not once, but multiple times. Most sessions seemed to time out after about 30 minutes, so we need to be swift and efficient in assessing this new environment and finding novel ways of pivoting inside. We open one of the meterpreter sessions and spawn a shell on the remote machine:

meterpreter > shell
Channel 1 created.

# id
1 uid=0(root) gid=0(root) groups=0(root)

# hostname
2 e56951c17be0

We can see that we’re running as root 1 inside a randomly named machine

Get How to Hack Like a Ghost now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.