Machine Synopsis

Tentacle is a Hard linux machine featuring a Squid proxy server. Bypassing Squid proxy authentication reveals a host which is making use of a vulnerable OpenSMTPD service. Initial foothold can be achieved by the exploitation of it. A SMTP client configuration file discloses a password which assists in generating a valid Kerberos ticket. This ticket then can be used to move laterally. Finally a cronjob can be exploited to escalate to another user who has privileges to add root user to Kerberos principals. This gives us a root shell.