listening on [any] 4445 …
connect to [10.10.15.231] from haystack [10.10.10.115] 42512
bash: no hay control de trabajos en este shell
[root@haystack /]#
Gotta say, that was kinda hard. It helps to know a little bit of elastic in order to get there.
People have given enough hints for user. It truly is a needle in the haystack, and finding the haystack should be easy.
For root, you’re gonna have to pivot from the initial shell to another user somehow. Think about what’s running on the box and if it’s vulnerable to a documented exploit. If it doesn’t work the first time, don’t get discouraged. Literally move your things around and try again.
From there, think about what’s running as root. Enumerate what you’re allowed to do as this user that you weren’t allowed to do as the last. Read closely, don’t skip over anything. Think about how it’s configured.