API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 6th, 2018
793
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 41.48 KB | None | 0 0
raw download clone embed print report
  1. bash-3.1$ python linprivchecker.py
  2. =================================================================================================
  3. LINUX PRIVILEGE ESCALATION CHECKER
  4. =================================================================================================
  5.  
  6. [*] GETTING BASIC SYSTEM INFO...
  7.  
  8. [+] Kernel
  9. Linux version 2.6.18-274.3.1.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-51)) #1 SMP Tue Sep 6 20:14:03 EDT 2011
  10.  
  11. [+] Hostname
  12. pain
  13.  
  14. [+] Operating System
  15. CentOS release 5 (Final)
  16. Kernel \r on an \m
  17.  
  18. [*] GETTING NETWORKING INFO...
  19.  
  20. [+] Interfaces
  21. eth0 Link encap:Ethernet HWaddr 00:50:56:B8:4D:BE
  22. inet addr:10.11.1.35 Bcast:10.11.255.255 Mask:255.255.0.0
  23. inet6 addr: fe80::250:56ff:feb8:4dbe/64 Scope:Link
  24. UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
  25. RX packets:1001699 errors:77 dropped:0 overruns:0 frame:0
  26. TX packets:423415 errors:0 dropped:0 overruns:0 carrier:0
  27. collisions:0 txqueuelen:1000
  28. RX bytes:101784699 (97.0 MiB) TX bytes:111650732 (106.4 MiB)
  29. Interrupt:59 Base address:0x2024
  30. lo Link encap:Local Loopback
  31. inet addr:127.0.0.1 Mask:255.0.0.0
  32. inet6 addr: ::1/128 Scope:Host
  33. UP LOOPBACK RUNNING MTU:16436 Metric:1
  34. RX packets:40 errors:0 dropped:0 overruns:0 frame:0
  35. TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
  36. collisions:0 txqueuelen:0
  37. RX bytes:3592 (3.5 KiB) TX bytes:3592 (3.5 KiB)
  38. sit0 Link encap:IPv6-in-IPv4
  39. NOARP MTU:1480 Metric:1
  40. RX packets:0 errors:0 dropped:0 overruns:0 frame:0
  41. TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  42. collisions:0 txqueuelen:0
  43. RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
  44.  
  45. [+] Netstat
  46. Active Internet connections (servers and established)
  47. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
  48. tcp 0 0 0.0.0.0:843 0.0.0.0:* LISTEN -
  49. tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
  50. tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 9327/sh
  51. tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
  52. tcp 0 0 10.11.1.35:45213 10.11.0.128:443 ESTABLISHED 11798/bash
  53. tcp 0 0 10.11.1.35:47051 10.11.0.194:445 CLOSE_WAIT 9328/bash
  54. tcp 0 0 :::22 :::* LISTEN -
  55. tcp 0 0 :::443 :::* LISTEN 9327/sh
  56. tcp 38 0 ::ffff:10.11.1.35:443 ::ffff:10.11.0.128:37594 CLOSE_WAIT 11797/sh
  57. udp 0 0 0.0.0.0:837 0.0.0.0:* -
  58. udp 0 0 0.0.0.0:840 0.0.0.0:* -
  59. udp 0 0 0.0.0.0:111 0.0.0.0:* -
  60. udp 0 0 0.0.0.0:631 0.0.0.0:* -
  61.  
  62. [+] Route
  63. Kernel IP routing table
  64. Destination Gateway Genmask Flags Metric Ref Use Iface
  65. 10.11.0.0 * 255.255.0.0 U 0 0 0 eth0
  66. 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
  67. default master.thinc.lo 0.0.0.0 UG 0 0 0 eth0
  68.  
  69. [*] GETTING FILESYSTEM INFO...
  70.  
  71. [+] Mount results
  72. /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
  73. proc on /proc type proc (rw)
  74. sysfs on /sys type sysfs (rw)
  75. devpts on /dev/pts type devpts (rw,gid=5,mode=620)
  76. /dev/sda1 on /boot type ext3 (rw)
  77. tmpfs on /dev/shm type tmpfs (rw)
  78. none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
  79. sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
  80.  
  81. [+] fstab entries
  82. /dev/VolGroup00/LogVol00 / ext3 defaults 1 1
  83. LABEL=/boot /boot ext3 defaults 1 2
  84. devpts /dev/pts devpts gid=5,mode=620 0 0
  85. tmpfs /dev/shm tmpfs defaults 0 0
  86. proc /proc proc defaults 0 0
  87. sysfs /sys sysfs defaults 0 0
  88. /dev/VolGroup00/LogVol01 swap swap defaults 0 0
  89.  
  90. [+] Scheduled cron jobs
  91. -rw-r--r-- 1 root root 0 Apr 13 2007 /etc/cron.deny
  92. -rw-r--r-- 1 root root 255 Jan 6 2007 /etc/crontab
  93. /etc/cron.daily:
  94. total 100
  95. drwxr-xr-x 2 root root 4096 Apr 13 2007 .
  96. drwxr-xr-x 85 root root 4096 Dec 4 12:11 ..
  97. -rwxr-xr-x 1 root root 133 Jan 8 2007 00webalizer
  98. -rwxr-xr-x 1 root root 379 Mar 28 2007 0anacron
  99. lrwxrwxrwx 1 root root 39 Apr 13 2007 0logwatch -> /usr/share/logwatch/scripts/logwatch.pl
  100. -rwxr-xr-x 1 root root 118 Mar 14 2007 cups
  101. -rwxr-xr-x 1 root root 128 Jan 6 2007 inn-cron-expire
  102. -rwxr-xr-x 1 root root 180 Jan 6 2007 logrotate
  103. -rwxr-xr-x 1 root root 418 Jan 6 2007 makewhatis.cron
  104. -rwxr-xr-x 1 root root 137 Mar 14 2007 mlocate.cron
  105. -rwxr-xr-x 1 root root 2181 Nov 22 2006 prelink
  106. -rwxr-xr-x 1 root root 114 Mar 14 2007 rpm
  107. -rwxr-xr-x 1 root root 290 Mar 14 2007 tmpwatch
  108. /etc/cron.hourly:
  109. total 32
  110. drwxr-xr-x 2 root root 4096 Apr 13 2007 .
  111. drwxr-xr-x 85 root root 4096 Dec 4 12:11 ..
  112. -rwxr-xr-x 1 root root 118 Jan 6 2007 inn-cron-nntpsend
  113. -rwxr-xr-x 1 root root 118 Jan 6 2007 inn-cron-rnews
  114. /etc/cron.monthly:
  115. total 24
  116. drwxr-xr-x 2 root root 4096 Apr 13 2007 .
  117. drwxr-xr-x 85 root root 4096 Dec 4 12:11 ..
  118. -rwxr-xr-x 1 root root 381 Mar 28 2007 0anacron
  119. /etc/cron.weekly:
  120. total 32
  121. drwxr-xr-x 2 root root 4096 Apr 13 2007 .
  122. drwxr-xr-x 85 root root 4096 Dec 4 12:11 ..
  123. -rwxr-xr-x 1 root root 380 Mar 28 2007 0anacron
  124. -rwxr-xr-x 1 root root 414 Jan 6 2007 makewhatis.cron
  125.  
  126. [+] Writable cron dirs
  127. lrwxrwxrwx 1 root root 39 Apr 13 2007 0logwatch -> /usr/share/logwatch/scripts/logwatch.pl
  128.  
  129.  
  130. [*] ENUMERATING USER AND ENVIRONMENTAL INFO...
  131.  
  132. [+] Logged in User Activity
  133. 09:35:05 up 1 day, 22:29, 0 users, load average: 1.04, 1.03, 1.00
  134. USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
  135.  
  136. [+] Sudoers (privileged)
  137.  
  138. [+] All users
  139. root:x:0:0:root:/root:/bin/bash
  140. bin:x:1:1:bin:/bin:/sbin/nologin
  141. daemon:x:2:2:daemon:/sbin:/sbin/nologin
  142. adm:x:3:4:adm:/var/adm:/sbin/nologin
  143. lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
  144. sync:x:5:0:sync:/sbin:/bin/sync
  145. shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
  146. halt:x:7:0:halt:/sbin:/sbin/halt
  147. mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
  148. news:x:9:13:news:/etc/news:
  149. uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
  150. operator:x:11:0:operator:/root:/sbin/nologin
  151. games:x:12:100:games:/usr/games:/sbin/nologin
  152. gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
  153. ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
  154. nobody:x:99:99:Nobody:/:/sbin/nologin
  155. rpm:x:37:37::/var/lib/rpm:/sbin/nologin
  156. dbus:x:81:81:System message bus:/:/sbin/nologin
  157. apache:x:48:48:Apache:/var/www:/sbin/nologin
  158. avahi:x:70:70:Avahi daemon:/:/sbin/nologin
  159. mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
  160. smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
  161. distcache:x:94:94:Distcache:/:/sbin/nologin
  162. nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
  163. vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
  164. haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
  165. rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
  166. rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
  167. nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
  168. named:x:25:25:Named:/var/named:/sbin/nologin
  169. sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
  170. dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
  171. webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
  172. squid:x:23:23::/var/spool/squid:/sbin/nologin
  173. pcap:x:77:77::/var/arpwatch:/sbin/nologin
  174.  
  175. [+] Current User ID
  176. uid=48(apache) gid=48(apache) groups=48(apache)
  177.  
  178. [+] Super Users Found:
  179. root
  180.  
  181. [+] Environment
  182. CONSOLE=/dev/console
  183. SELINUX_INIT=YES
  184. TERM=linux
  185. INIT_VERSION=sysvinit-2.86
  186. PATH=/sbin:/usr/sbin:/bin:/usr/bin
  187. _=/bin/env
  188. runlevel=3
  189. RUNLEVEL=3
  190. PWD=/tmp
  191. LANG=C
  192. previous=N
  193. PREVLEVEL=N
  194. SHLVL=7
  195. HOME=/
  196.  
  197. [+] Current User
  198. apache
  199.  
  200. [+] Root and current user history (depends on privs)
  201. -rw------- 1 root root 355 Dec 5 21:29 //.bash_history
  202.  
  203. [*] ENUMERATING FILE AND DIRECTORY PERMISSIONS/CONTENTS...
  204.  
  205. [+] World Writeable Directories for User/Group 'Root'
  206. drwxrwxrwt 2 root root 40 Jan 16 2017 /dev/shm
  207. drwxrwxrwt 2 root root 4096 Mar 14 2007 /var/spool/vbox
  208. drwxrwxrwt 2 root root 4096 Jan 6 2007 /var/spool/samba
  209. drwxrwxrwt 2 root root 4096 Sep 30 2011 /var/tmp
  210. drwxrwxrwt 2 root root 4096 Dec 6 09:35 /tmp
  211.  
  212. [+] World Writeable Directories for Users other than Root
  213.  
  214. [+] World Writable Files
  215.  
  216. [+] Checking if root's home folder is accessible
  217.  
  218. [+] SUID/SGID Files and Directories
  219. -rwsr-xr-x 1 root root 57588 Mar 14 2007 /bin/mount
  220. -rwsr-xr-x 1 root root 24060 Mar 21 2007 /bin/su
  221. -rwsr-xr-x 1 root root 35864 Mar 14 2007 /bin/ping
  222. -rwsr-xr-x 1 root root 31244 Mar 14 2007 /bin/ping6
  223. -rwsr-xr-x 1 root root 38552 Mar 14 2007 /bin/umount
  224. -rws--x--x 1 root root 17900 Mar 14 2007 /usr/bin/chfn
  225. -rwx--s--x 1 root slocate 23856 Mar 14 2007 /usr/bin/locate
  226. -rwxr-sr-x 1 root nobody 79388 Mar 21 2007 /usr/bin/ssh-agent
  227. ---s--x--x 2 root root 159096 Jan 6 2007 /usr/bin/sudo
  228. -rwsr-xr-x 1 root root 18544 Mar 14 2007 /usr/bin/rcp
  229. -r-xr-sr-x 1 root tty 10420 Jan 6 2007 /usr/bin/wall
  230. -rwsr-xr-x 1 root root 22984 Jan 6 2007 /usr/bin/passwd
  231. -rwsr-xr-x 1 root root 47352 Mar 14 2007 /usr/bin/gpasswd
  232. -rwsr-xr-x 1 root root 24556 Mar 14 2007 /usr/bin/newgrp
  233. -rwxr-sr-x 1 root mail 16020 Mar 29 2007 /usr/bin/lockfile
  234. -rwsr-xr-x 1 root root 43976 Jan 6 2007 /usr/bin/at
  235. -rwxr-sr-x 1 root tty 10920 Mar 14 2007 /usr/bin/write
  236. -rwsr-xr-x 1 root root 46748 Mar 14 2007 /usr/bin/chage
  237. -rwsr-sr-x 1 root root 311288 Mar 14 2007 /usr/bin/crontab
  238. ---s--x--x 2 root root 159096 Jan 6 2007 /usr/bin/sudoedit
  239. -rwsr-xr-x 1 root root 8876 Mar 14 2007 /usr/bin/rsh
  240. -rws--x--x 1 root root 19064 Mar 14 2007 /usr/bin/chsh
  241. -rwsr-xr-x 1 root root 13108 Mar 14 2007 /usr/bin/rlogin
  242. -rwsr-xr-x 1 root root 144537 Mar 14 2007 /usr/kerberos/bin/ksu
  243. -rwsr-xr-x 1 root root 172200 Mar 21 2007 /usr/libexec/openssh/ssh-keysign
  244. -rwsr-x--- 1 root squid 17360 Mar 14 2007 /usr/lib/squid/ncsa_auth
  245. -rwsr-x--- 1 root squid 15452 Mar 14 2007 /usr/lib/squid/pam_auth
  246. -r-sr-xr-x 1 root root 9532 Feb 26 2015 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
  247. -r-sr-xr-x 1 root root 10224 Feb 26 2015 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
  248. -r-sr-x--- 1 root news 41852 Jan 6 2007 /usr/lib/news/bin/startinnfeed
  249. -r-sr-x--- 1 uucp news 162764 Jan 6 2007 /usr/lib/news/bin/rnews
  250. -r-sr-x--- 1 root news 46000 Jan 6 2007 /usr/lib/news/bin/inndstart
  251. -rwsr-xr-x 1 root root 6808 Mar 21 2007 /usr/sbin/usernetctl
  252. -r-s--x--- 1 root apache 11484 Mar 21 2007 /usr/sbin/suexec
  253. -rwxr-sr-x 1 root smmsp 806460 Mar 14 2007 /usr/sbin/sendmail.sendmail
  254. -rwxr-sr-x 1 root lock 16616 Jan 9 2007 /usr/sbin/lockdev
  255. -rwsr-xr-x 1 root root 6700 Mar 14 2007 /usr/sbin/userisdnctl
  256. -rws--x--x 1 root root 34824 Mar 14 2007 /usr/sbin/userhelper
  257. -rwsr-xr-x 1 root root 6240 Jan 6 2007 /usr/sbin/ccreds_validate
  258. --wsr--r-x 1 root root 0 Oct 5 2008 /media/.hal-mtab-lock
  259. -rwsr-xr-x 1 root root 55016 Mar 14 2007 /sbin/mount.nfs4
  260. -rwsr-xr-x 1 root root 12280 Mar 14 2007 /sbin/pam_timestamp_check
  261. -rwsr-xr-x 1 root root 20796 Mar 14 2007 /sbin/unix_chkpwd
  262. -rwsr-xr-x 1 root root 55016 Mar 14 2007 /sbin/umount.nfs4
  263. -rwsr-xr-x 1 root root 55012 Mar 14 2007 /sbin/mount.nfs
  264. -rwsr-xr-x 1 root root 55016 Mar 14 2007 /sbin/umount.nfs
  265. -rwxr-sr-x 1 root root 5872 Mar 21 2007 /sbin/netreport
  266.  
  267. [+] Logs containing keyword 'password'
  268.  
  269. [+] Config files containing keyword 'password'
  270. /etc/samba/smb.conf:# Use password server option only with security = server
  271. /etc/samba/smb.conf:# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
  272. /etc/samba/smb.conf:# password server = *
  273. /etc/samba/smb.conf:; password server = <NT-Server-Name>
  274. /etc/my.cnf:# Default to using old password format for compatibility with mysql 3.x
  275. /etc/my.cnf:old_passwords=1
  276. /etc/squid/squid.conf.default:# TAG: sslpassword_program
  277. /etc/squid/squid.conf.default:# login=user:password | PASS | *:password
  278. /etc/squid/squid.conf.default:# use 'login=user:password' if this is a personal/workgroup
  279. /etc/squid/squid.conf.default:# use 'login=*:password' to pass the username to the
  280. /etc/squid/squid.conf.default:# upstream cache, but with a fixed password. This is meant
  281. /etc/squid/squid.conf.default:# the login=username:password option above.
  282. /etc/squid/squid.conf.default:# If you want the anonymous login password to be more informative
  283. /etc/squid/squid.conf.default:# reads a line containing "username password" and replies "OK" or
  284. /etc/squid/squid.conf.default:# will see when prompted their username and password).
  285. /etc/squid/squid.conf.default:# username:password pair is valid for - in other words how often the
  286. /etc/squid/squid.conf.default:# revalidation with short lived passwords. Note that setting this high
  287. /etc/squid/squid.conf.default:# using an one-time password system (such as SecureID). If you are using
  288. /etc/squid/squid.conf.default:# "blankpassword" on|off
  289. /etc/squid/squid.conf.default:# Specifies if blank passwords should be supported. Defaults to off
  290. /etc/squid/squid.conf.default:# passwords as "guest" access.
  291. /etc/squid/squid.conf.default:# when prompted their username and password).
  292. /etc/squid/squid.conf.default:# password= The users password (for PROXYPASS login= cache_peer)
  293. /etc/squid/squid.conf.default:# # to check username/password combinations (see
  294. /etc/squid/squid.conf.default:#acl password proxy_auth REQUIRED
  295. /etc/squid/squid.conf.default:# user's default group ID (taken from the password file) and
  296. /etc/squid/squid.conf.default:# Specify passwords for cachemgr operations.
  297. /etc/squid/squid.conf.default:# Usage: cachemgr_passwd password action action ...
  298. /etc/squid/squid.conf.default:# valid password, others can be performed if not listed here.
  299. /etc/squid/squid.conf.default:# To disable an action, set the password to "disable".
  300. /etc/squid/squid.conf.default:# To allow performing an action without a password, set the
  301. /etc/squid/squid.conf.default:# password to "none".
  302. /etc/squid/squid.conf.default:# Use the keyword "all" to set the same password for all actions.
  303. /etc/squid/squid.conf.default:# "password=<password>" to the end of this service declaration.
  304. /etc/squid/squid.conf.default:# wccp2_service standard 0 password=foo
  305. /etc/pam_pkcs11/pam_pkcs11.conf: # Allow empty passwords
  306. /etc/pam_pkcs11/pam_pkcs11.conf: # Do not prompt the user for the passwords but take them from the
  307. /etc/pam_pkcs11/pam_pkcs11.conf: # Do not prompt the user for the passwords unless PAM_(OLD)AUTHTOK
  308. /etc/pam_pkcs11/pam_pkcs11.conf: # previously set (intended for stacking password modules only).
  309. /etc/dovecot.conf:# If key file is password protected, give the password here. Alternatively
  310. /etc/dovecot.conf:#ssl_key_password =
  311. /etc/dovecot.conf:# internal failure. We also try to handle password changes automatically: If
  312. /etc/dovecot.conf:# In case of password mismatches, log the passwords and used scheme so the
  313. /etc/dovecot.conf:#auth_debug_passwords = no
  314. /etc/dovecot.conf: # Password database is used to verify user's password (and nothing more).
  315. /etc/dovecot.conf: # Note that PAM can only be used to verify if user's password is correct,
  316. /etc/dovecot.conf: # because PAM modules can do all kinds of checks besides checking password,
  317. /etc/dovecot.conf: # checkpassword executable authentication
  318. /etc/dovecot.conf: #passdb checkpassword {
  319. /etc/dovecot.conf: # Path for checkpassword binary
  320. /etc/dovecot.conf: # password databases, nothing else. Only shadow and pam authentication
  321. Binary file /etc/prelink.cache matches
  322. /etc/httpd/conf.d/ssl.conf:# Note that no password is obtained from the user. Every entry in the user
  323. /etc/httpd/conf.d/ssl.conf:# file needs this password: `xxj31ZMTZzkVA'.
  324. /etc/news/readers.conf:## log in with a username and password (the example in this file only
  325. /etc/lftp.conf:## This can be e.g. TIS-FWTK or rftpd. User and password are optional.
  326. /etc/pki/tls/openssl.cnf:# input_password = secret
  327. /etc/pki/tls/openssl.cnf:# output_password = secret
  328. /etc/pki/tls/openssl.cnf:challengePassword = A challenge password
  329. /etc/ldap.conf:# Search the root DSE for the password policy (works
  330. /etc/ldap.conf:# Do not hash the password at all; presume
  331. /etc/ldap.conf:#pam_password clear
  332. /etc/ldap.conf:# Hash password locally; required for University of
  333. /etc/ldap.conf:#pam_password crypt
  334. /etc/ldap.conf:# Remove old password first, then update in
  335. /etc/ldap.conf:#pam_password clear_remove_old
  336. /etc/ldap.conf:#pam_password nds
  337. /etc/ldap.conf:#pam_password racf
  338. /etc/ldap.conf:# Update Active Directory password, by
  339. /etc/ldap.conf:# creating Unicode password and updating
  340. /etc/ldap.conf:#pam_password ad
  341. /etc/ldap.conf:# Use the OpenLDAP password change
  342. /etc/ldap.conf:# extended operation to update the password.
  343. /etc/ldap.conf:#pam_password exop
  344. /etc/ldap.conf:# Redirect users to a URL or somesuch on password
  345. /etc/ldap.conf:#pam_password_prohibit_message Please visit http://internal to change your password.
  346. /etc/ldap.conf:#pam_password ad
  347. /etc/ldap.conf:#nss_map_attribute shadowLastChange pwdLastSet
  348. /etc/ldap.conf:#pam_password ad
  349. /etc/ldap.conf:#nss_map_attribute shadowLastChange pwdLastSet
  350. /etc/ldap.conf:#pam_password ad
  351. /etc/ldap.conf:# configure --enable-authpassword is no longer supported
  352. /etc/ldap.conf:#nss_map_attribute userPassword passwordChar
  353. /etc/ldap.conf:#pam_password clear
  354. /etc/ldap.conf:# at present and does not support password policy control
  355. /etc/oddjobd.conf: <helper exec="/usr/bin/pwd" arguments="0" prepend_user_name="no"/>
  356.  
  357. [+] Shadow File (Privileged)
  358.  
  359. [*] ENUMERATING PROCESSES AND APPLICATIONS...
  360.  
  361. [+] Installed Packages
  362. Deployment_Guide-en-US-5.0.0-19.el5.centos
  363. GConf2-2.14.0-9.el5
  364. MAKEDEV-3.23-1.2
  365. NetworkManager-0.6.4-6.el5
  366. ORBit2-2.14.3-4.el5
  367. SysVinit-2.86-14
  368. acl-2.2.39-1.1
  369. acpid-1.0.4-5
  370. alchemist-1.0.36-2.el5
  371. alsa-lib-1.0.12-3.el5
  372. amtu-1.0.4-4
  373. anacron-2.3-45.el5.centos
  374. apmd-3.2.2-5
  375. apr-1.2.7-11
  376. apr-util-1.2.7-6
  377. aspell-0.60.3-7.1
  378. aspell-en-6.0-2.1
  379. at-3.1.8-82.fc6
  380. atk-1.12.2-1.fc6
  381. attr-2.4.32-1.1
  382. audiofile-0.2.6-5
  383. audit-1.3.1-1.el5
  384. audit-libs-1.3.1-1.el5
  385. audit-libs-python-1.3.1-1.el5
  386. authconfig-5.3.12-2.el5
  387. autofs-5.0.1-0.rc2.42
  388. avahi-0.6.16-1.el5
  389. avahi-glib-0.6.16-1.el5
  390. basesystem-8.0-5.1.1.el5.centos
  391. bash-3.1-16.1
  392. bc-1.06-21
  393. beecrypt-4.1.2-10.1.1
  394. bind-9.3.3-7.el5
  395. bind-chroot-9.3.3-7.el5
  396. bind-libs-9.3.3-7.el5
  397. bind-utils-9.3.3-7.el5
  398. binutils-2.17.50.0.6-2.el5
  399. bluez-gnome-0.5-5.fc6
  400. bluez-libs-3.7-1
  401. bluez-utils-3.7-2.el5.centos
  402. bzip2-1.0.3-3
  403. bzip2-libs-1.0.3-3
  404. cadaver-0.22.3-4.el5
  405. cairo-1.2.4-1.fc6
  406. ccid-1.0.1-6.el5
  407. centos-release-5-0.0.el5.centos.2
  408. centos-release-notes-5.0.0-2
  409. checkpolicy-1.33.1-2.el5
  410. chkconfig-1.3.30.1-1
  411. conman-0.1.9.2-4.el5
  412. coolkey-1.0.1-16.el5
  413. coreutils-5.97-12.1.el5
  414. cpio-2.6-20
  415. cpuspeed-1.2.1-1.45.el5
  416. cracklib-2.8.9-3.1
  417. cracklib-dicts-2.8.9-3.1
  418. crash-4.0-3.14.el5.centos
  419. crontabs-1.10-8
  420. cryptsetup-luks-1.0.3-2.2.el5
  421. cups-1.2.4-11.5.el5
  422. cups-libs-1.2.4-11.5.el5
  423. curl-7.15.5-2.el5
  424. cyrus-sasl-2.1.22-4
  425. cyrus-sasl-lib-2.1.22-4
  426. cyrus-sasl-plain-2.1.22-4
  427. db4-4.3.29-9.fc6
  428. dbus-1.0.0-6.el5
  429. dbus-glib-0.70-5
  430. dbus-python-0.70-7.el5
  431. desktop-file-utils-0.10-7
  432. device-mapper-1.02.13-1.el5
  433. dhcdbd-2.2-1.el5
  434. dhclient-3.0.5-3.el5
  435. dhcpv6_client-0.10-33.el5
  436. diffutils-2.8.1-15.2.2
  437. distcache-1.4.5-14.1
  438. dmidecode-2.7-1.28.2.el5
  439. dmraid-1.0.0.rc13-2.el5
  440. dos2unix-3.1-27.1
  441. dosfstools-2.11-6.2.el5
  442. dovecot-1.0-1.2.rc15.el5
  443. dump-0.4b41-2.fc6
  444. e2fsprogs-1.39-8.el5
  445. e2fsprogs-libs-1.39-8.el5
  446. ed-0.2-38.2.2
  447. eject-2.1.5-4.2.el5
  448. elfutils-libelf-0.125-3.el5
  449. elinks-0.11.1-5.1.el5
  450. esound-0.2.36-3
  451. ethtool-5-1.el5
  452. expat-1.95.8-8.2.1
  453. fbset-2.1-22
  454. fetchmail-6.3.6-1.el5
  455. file-4.17-8
  456. filesystem-2.4.0-1.el5.centos
  457. findutils-4.2.27-4.1
  458. finger-0.17-32.2.1.1
  459. firstboot-tui-1.4.27.2-1.el5.centos.1
  460. fontconfig-2.4.1-6.el5
  461. freetype-2.2.1-16.el5
  462. ftp-0.17-33.fc6
  463. gamin-0.1.7-8.el5
  464. gawk-3.1.5-14.el5
  465. gd-2.0.33-9.3.fc6
  466. gdbm-1.8.0-26.2.1
  467. gettext-0.14.6-4.el5
  468. glib2-2.12.3-2.fc6
  469. glibc-2.5-12
  470. glibc-common-2.5-12
  471. gmp-4.1.4-10.el5
  472. gnome-keyring-0.6.0-1.fc6
  473. gnome-mime-data-2.4.2-3.1
  474. gnome-mount-0.5-3.el5
  475. gnome-python2-2.16.0-1.fc6
  476. gnome-python2-bonobo-2.16.0-1.fc6
  477. gnome-python2-canvas-2.16.0-1.fc6
  478. gnome-python2-gnomevfs-2.16.0-1.fc6
  479. gnome-vfs2-2.16.2-4.el5
  480. gnu-efi-3.0c-1.1
  481. gnupg-1.4.5-12
  482. gnutls-1.4.1-2
  483. gpg-pubkey-e8562897-459f07a4
  484. gpm-1.20.1-74.1
  485. grep-2.5.1-54.2.el5
  486. groff-1.18.1.1-11.1
  487. grub-0.97-13
  488. gtk2-2.10.4-16.el5
  489. gzip-1.3.5-9.el5.centos
  490. hal-0.5.8.1-19.el5
  491. hdparm-6.6-2
  492. hesiod-3.1.0-8
  493. hicolor-icon-theme-0.9-2.1
  494. htmlview-4.0.0-1.el5
  495. httpd-2.2.3-6.el5.centos.1
  496. httpd-manual-2.2.3-6.el5.centos.1
  497. hwdata-0.194-1
  498. ibmasm-3.0-9
  499. ifd-egate-0.05-15
  500. inews-2.4.3-6.fc6
  501. info-4.8-14.el5
  502. initscripts-8.45.14.EL-1.el5.centos.1
  503. inn-2.4.3-6.fc6
  504. iproute-2.6.18-4.el5
  505. ipsec-tools-0.6.5-6
  506. iptables-1.3.5-1.2.1
  507. iptables-ipv6-1.3.5-1.2.1
  508. iptstate-1.4-1.1.2.2
  509. iputils-20020927-43.el5
  510. irda-utils-0.9.17-2.fc6
  511. irqbalance-1.13-9.el5
  512. isdn4k-utils-3.2-50.1
  513. jwhois-3.2.3-8.el5
  514. kbd-1.12-19.el5
  515. kernel-2.6.18-238.9.1.el5
  516. kernel-2.6.18-274.3.1.el5
  517. kernel-headers-2.6.18-8.el5
  518. kpartx-0.4.7-8.el5
  519. krb5-libs-1.5-17
  520. krb5-workstation-1.5-17
  521. ksh-20060214-1.4
  522. kudzu-1.2.57.1.13-1.el5.centos
  523. less-394-5.el5
  524. lftp-3.5.1-2.fc6
  525. libICE-1.0.1-2.1
  526. libIDL-0.8.7-1.fc6
  527. libSM-1.0.1-3.1
  528. libX11-1.0.3-8.el5
  529. libXau-1.0.1-3.1
  530. libXcursor-1.1.7-1.1
  531. libXdmcp-1.0.1-2.1
  532. libXext-1.0.1-2.1
  533. libXfixes-4.0.1-2.1
  534. libXft-2.1.10-1.1
  535. libXi-1.0.1-3.1
  536. libXinerama-1.0.1-2.1
  537. libXpm-3.5.5-3
  538. libXrandr-1.1.1-3.1
  539. libXrender-0.9.1-3.1
  540. libXres-1.0.1-3.1
  541. libXt-1.0.2-3.1.fc6
  542. libXxf86vm-1.0.1-3.1
  543. libacl-2.2.39-1.1
  544. libaio-0.3.106-3.2
  545. libart_lgpl-2.3.17-4
  546. libattr-2.4.32-1.1
  547. libbonobo-2.16.0-1.fc6
  548. libbonoboui-2.16.0-1.fc6
  549. libcap-1.10-26
  550. libdaemon-0.10-5.el5
  551. libdrm-2.0.2-1.1
  552. libevent-1.1a-3.2.1
  553. libgcc-4.1.1-52.el5
  554. libgcrypt-1.2.3-1
  555. libglade2-2.6.0-2
  556. libgnome-2.16.0-6.el5
  557. libgnomecanvas-2.14.0-4.1
  558. libgnomeui-2.16.0-5.el5
  559. libgpg-error-1.4-2
  560. libgssapi-0.10-2
  561. libhugetlbfs-1.0.1-1.el5
  562. libhugetlbfs-lib-1.0.1-1.el5
  563. libidn-0.6.5-1.1
  564. libjpeg-6b-37
  565. libnl-1.0-0.10.pre5.4
  566. libnotify-0.4.2-6.el5
  567. libpcap-0.9.4-8.1
  568. libpng-1.2.10-7
  569. libselinux-1.33.4-2.el5
  570. libselinux-python-1.33.4-2.el5
  571. libsemanage-1.9.1-3.el5
  572. libsepol-1.15.2-1.el5
  573. libstdc++-4.1.1-52.el5
  574. libsysfs-2.0.0-6
  575. libtermcap-2.0.8-46.1
  576. libtiff-3.8.2-7.el5
  577. libusb-0.1.12-5.1
  578. libuser-0.54.7-2.el5.1
  579. libutempter-1.1.4-3.fc6
  580. libvolume_id-095-14.5.el5
  581. libwnck-2.16.0-4.fc6
  582. libwvstreams-4.2.2-2.1
  583. libxml2-2.6.26-2.1.2
  584. libxml2-python-2.6.26-2.1.2
  585. libxslt-1.1.17-2
  586. libxslt-python-1.1.17-2
  587. lockdev-1.0.1-10
  588. logrotate-3.7.4-7
  589. logwatch-7.3-5
  590. lrzsz-0.12.20-22.1
  591. lsof-4.78-3
  592. lvm2-2.02.16-3.el5
  593. m2crypto-0.16-6.el5.1
  594. m4-1.4.5-3.el5.1
  595. mailcap-2.1.23-1.fc6
  596. mailx-8.1.1-44.2.2
  597. make-3.81-1.1
  598. man-1.6d-1.1
  599. man-pages-2.39-9.el5
  600. mcstrans-0.1.10-1.el5
  601. mdadm-2.5.4-3.el5
  602. mesa-libGL-6.5.1-7.2.el5
  603. mgetty-1.1.33-9.fc6
  604. microcode_ctl-1.15-1.40.el5
  605. mingetty-1.07-5.2.2
  606. minicom-2.1-3
  607. mkbootdisk-1.5.3-2.1
  608. mkinitrd-5.1.19.6-1
  609. mktemp-1.5-23.2.2
  610. mlocate-0.15-1.el5
  611. mod_perl-2.0.2-6.1
  612. mod_python-3.2.8-3.1
  613. mod_ssl-2.2.3-6.el5.centos.1
  614. module-init-tools-3.3-0.pre3.1.16.el5
  615. mtools-3.9.10-2.fc6
  616. mtr-0.71-3.1
  617. mutt-1.4.2.2-3.el5
  618. mysql-5.0.22-2.1
  619. nano-1.3.12-1.1
  620. nash-5.1.19.6-1
  621. nc-1.84-10.fc6
  622. ncurses-5.5-24.20060715
  623. neon-0.25.5-5.1
  624. net-tools-1.60-73
  625. newt-0.52.2-9
  626. nfs-utils-1.0.9-16.el5
  627. nfs-utils-lib-1.0.8-7.2
  628. notification-daemon-0.3.5-8.el5
  629. nscd-2.5-12
  630. nspr-4.6.5-1.el5
  631. nss-3.11.5-1.el5
  632. nss-tools-3.11.5-1.el5
  633. nss_db-2.2-35.1
  634. nss_ldap-253-3
  635. ntsysv-1.3.30.1-1
  636. numactl-0.9.8-2.el5
  637. oddjob-0.27-7
  638. oddjob-libs-0.27-7
  639. openldap-2.3.27-5
  640. openssh-4.3p2-16.el5
  641. openssh-clients-4.3p2-16.el5
  642. openssh-server-4.3p2-16.el5
  643. openssl-0.9.8b-8.3.el5
  644. pam-0.99.6.2-3.14.el5
  645. pam_ccreds-3-5
  646. pam_krb5-2.2.11-1
  647. pam_passwdqc-1.0.2-1.2.2
  648. pam_pkcs11-0.5.3-23
  649. pam_smb-1.1.7-7.2.1
  650. pango-1.14.9-3.el5.centos
  651. paps-0.6.6-17.el5
  652. parted-1.8.1-4.el5
  653. passwd-0.73-1
  654. patch-2.5.4-29.2.2
  655. pax-3.4-1.2.2
  656. pciutils-2.2.3-4
  657. pcmciautils-014-5
  658. pcre-6.6-1.1
  659. pcsc-lite-1.3.1-7
  660. pcsc-lite-libs-1.3.1-7
  661. perl-5.8.8-10
  662. perl-Archive-Tar-1.30-1.fc6
  663. perl-BSD-Resource-1.28-1.fc6.1
  664. perl-Compress-Zlib-1.42-1.fc6
  665. perl-DBI-1.52-1.fc6
  666. perl-Digest-HMAC-1.01-15
  667. perl-Digest-SHA1-2.11-1.2.1
  668. perl-HTML-Parser-3.55-1.fc6
  669. perl-HTML-Tagset-3.10-2.1.1
  670. perl-IO-Socket-INET6-2.51-2.fc6
  671. perl-IO-Socket-SSL-1.01-1.fc6
  672. perl-IO-Zlib-1.04-4.2.1
  673. perl-Net-DNS-0.59-1.fc6
  674. perl-Net-IP-1.25-2.fc6
  675. perl-Net-SSLeay-1.30-4.fc6
  676. perl-Socket6-0.19-3.fc6
  677. perl-String-CRC32-1.4-2.fc6
  678. perl-URI-1.35-3
  679. php-5.1.6-5.el5
  680. php-cli-5.1.6-5.el5
  681. php-common-5.1.6-5.el5
  682. php-ldap-5.1.6-5.el5
  683. pinfo-0.6.9-1.fc6
  684. pkgconfig-0.21-1.fc6
  685. pkinit-nss-0.3.5-1.el5
  686. pm-utils-0.19-3.el5.centos.1
  687. policycoreutils-1.33.12-3.el5
  688. popt-1.10.2-37.el5
  689. portmap-4.0-65.2.2.1
  690. postgresql-libs-8.1.4-1.1
  691. ppp-2.4.4-1.el5
  692. prelink-0.3.9-2
  693. procmail-3.22-17.1.el5.centos
  694. procps-3.2.7-8.1.el5
  695. psacct-6.3.2-41.1
  696. psmisc-22.2-5
  697. pycairo-1.2.0-1.1
  698. pygobject2-2.12.1-5.el5
  699. pygtk2-2.10.1-8.el5
  700. pygtk2-libglade-2.10.1-8.el5
  701. pyorbit-2.14.1-1.1
  702. python-2.4.3-19.el5
  703. python-elementtree-1.2.6-5
  704. python-numeric-23.7-2.2.2
  705. python-sqlite-1.1.7-1.2.1
  706. python-urlgrabber-3.1.0-2
  707. quota-3.13-1.2.3.2.el5
  708. rdate-1.4-6
  709. rdist-6.1.5-44
  710. readahead-1.3-7.el5
  711. readline-5.1-1.1
  712. redhat-logos-4.9.8-6.el5.centos
  713. redhat-lsb-3.1-12.2.EL.el5.centos
  714. redhat-menus-6.7.8-1.el5
  715. rhpl-0.194.1-1
  716. rmt-0.4b41-2.fc6
  717. rng-utils-2.0-1.14.1.fc6
  718. rootfiles-8.1-1.1.1
  719. rp-pppoe-3.5-32.1
  720. rpm-4.4.2-37.el5
  721. rpm-libs-4.4.2-37.el5
  722. rpm-python-4.4.2-37.el5
  723. rsh-0.17-37.el5
  724. rsync-2.6.8-3.1
  725. rusers-0.17-47
  726. rwho-0.17-26
  727. samba-3.0.23c-2
  728. samba-client-3.0.23c-2
  729. samba-common-3.0.23c-2
  730. sed-4.1.5-5.fc6
  731. selinux-policy-2.4.6-30.el5
  732. selinux-policy-targeted-2.4.6-30.el5
  733. sendmail-8.13.8-2.el5
  734. sendmail-cf-8.13.8-2.el5
  735. setarch-2.0-1.1
  736. setools-3.0-3.el5
  737. setserial-2.17-19.2.2
  738. setup-2.5.58-1.el5
  739. setuptool-1.19.2-1.el5.centos
  740. shadow-utils-4.0.17-12.el5
  741. shared-mime-info-0.19-3.el5
  742. slang-2.0.6-4.el5
  743. slrn-0.9.8.1pl1-1.2.2
  744. smartmontools-5.36-3.1.el5
  745. sos-1.3-1.el5
  746. spamassassin-3.1.7-4.el5
  747. specspo-13-1.el5.centos
  748. sqlite-3.3.6-2
  749. squid-2.6.STABLE6-3.el5
  750. startup-notification-0.8-4.1
  751. stunnel-4.15-2
  752. sudo-1.6.8p12-10
  753. symlinks-1.2-24.2.2
  754. sysfsutils-2.0.0-6
  755. sysklogd-1.4.1-39.2
  756. syslinux-3.11-4
  757. sysreport-1.4.3-10.el5
  758. system-config-httpd-1.3.3.1-1.el5
  759. system-config-network-tui-1.3.99-1.el5
  760. system-config-nfs-1.3.23-1.el5
  761. system-config-samba-1.2.39-1.el5
  762. system-config-securitylevel-1.6.29.1-1.el5
  763. system-config-securitylevel-tui-1.6.29.1-1.el5
  764. system-config-services-0.9.4-1.el5
  765. talk-0.17-29.2.2
  766. tar-1.15.1-23.el5
  767. tcl-8.4.13-3.fc6
  768. tcp_wrappers-7.6-40.2.1
  769. tcpdump-3.9.4-8.1
  770. tcsh-6.14-12.el5
  771. telnet-0.17-38.el5
  772. termcap-5.5-1.20060701.1
  773. time-1.7-27.2.2
  774. tmpwatch-2.9.7-1.1.el5.1
  775. traceroute-2.0.1-2.el5
  776. tree-1.5.0-4
  777. tux-3.2.18-9.fc6
  778. tzdata-2006m-2.fc6
  779. udev-095-14.5.el5
  780. unix2dos-2.2-26.2.2
  781. unzip-5.52-2.2.1
  782. usbutils-0.71-2.1
  783. usermode-1.88-3.el5
  784. usermode-gtk-1.88-3.el5
  785. util-linux-2.13-0.44.el5
  786. vconfig-1.9-2.1
  787. vim-common-7.0.109-3
  788. vim-enhanced-7.0.109-3
  789. vim-minimal-7.0.109-3
  790. vixie-cron-4.1-66.1.el5
  791. vsftpd-2.0.5-10.el5
  792. webalizer-2.01_10-30.1
  793. wget-1.10.2-7.el5
  794. which-2.16-7
  795. wireless-tools-28-2.el5
  796. words-3.0-9
  797. wpa_supplicant-0.4.8-10.1.fc6
  798. wvdial-1.54.0-5.2.2.1
  799. xinetd-2.3.14-10.el5
  800. xorg-x11-filesystem-7.1-2.fc6
  801. yp-tools-2.9-0.1
  802. ypbind-1.19-7.el5
  803. yum-3.0.5-1.el5.centos.2
  804. yum-updatesd-3.0.5-1.el5.centos.2
  805. zip-2.31-1.2.2
  806. zlib-1.2.3-3
  807.  
  808. [+] Current processes
  809. USER PID START TIME COMMAND
  810. root 1 Dec04 0:00 init
  811. root 2 Dec04 0:00 [migration/0]
  812. root 3 Dec04 0:00 [ksoftirqd/0]
  813. root 4 Dec04 0:00 [events/0]
  814. root 5 Dec04 0:00 [khelper]
  815. root 6 Dec04 0:00 [kthread]
  816. root 9 Dec04 0:00 [kblockd/0]
  817. root 10 Dec04 0:00 [kacpid]
  818. root 168 Dec04 0:00 [cqueue/0]
  819. root 171 Dec04 0:00 [khubd]
  820. root 173 Dec04 0:00 [kseriod]
  821. root 239 Dec04 0:00 [khungtaskd]
  822. root 240 Dec04 0:00 [pdflush]
  823. root 241 Dec04 0:00 [pdflush]
  824. root 242 Dec04 0:00 [kswapd0]
  825. root 243 Dec04 0:00 [aio/0]
  826. root 461 Dec04 0:00 [kpsmoused]
  827. root 487 Dec04 0:00 [mpt_poll_0]
  828. root 488 Dec04 0:00 [mpt/0]
  829. root 489 Dec04 0:00 [scsi_eh_0]
  830. root 492 Dec04 0:00 [kstriped]
  831. root 501 Dec04 0:00 [ksnapd]
  832. root 504 Dec04 0:02 [kjournald]
  833. root 531 Dec04 0:00 [kauditd]
  834. root 565 Dec04 0:00 /sbin/udevd
  835. root 1270 Dec04 0:00 [ata/0]
  836. root 1271 Dec04 0:00 [ata_aux]
  837. root 1701 Dec04 0:00 [kjournald]
  838. root 2099 Dec04 0:00 [vmmemctl]
  839. root 2277 Dec04 0:24 /usr/sbin/vmtoolsd
  840. root 2731 Dec04 0:00 syslogd
  841. root 2734 Dec04 0:00 klogd
  842. rpc 2756 Dec04 0:00 portmap
  843. root 2781 Dec04 0:00 rpc.statd
  844. root 2805 Dec04 0:00 [rpciod/0]
  845. root 2812 Dec04 0:00 rpc.idmapd
  846. root 2869 Dec04 0:00 automount
  847. root 2892 Dec04 0:00 cupsd
  848. root 2910 Dec04 0:00 /usr/sbin/sshd
  849. root 2926 Dec04 0:00 xinetd
  850. root 2941 Dec04 0:00 gpm
  851. root 2957 Dec04 0:00 /usr/sbin/httpd
  852. root 2972 Dec04 0:00 crond
  853. root 2993 Dec04 0:00 /sbin/mingetty
  854. root 2994 Dec04 0:00 /sbin/mingetty
  855. root 2995 Dec04 0:00 /sbin/mingetty
  856. root 2996 Dec04 0:00 /sbin/mingetty
  857. root 2997 Dec04 0:00 /sbin/mingetty
  858. root 2998 Dec04 0:00 /sbin/mingetty
  859. apache 3496 Dec04 1:08 /usr/sbin/httpd
  860. apache 3497 Dec04 1:07 /usr/sbin/httpd
  861. apache 3498 Dec04 1:08 /usr/sbin/httpd
  862. apache 3499 Dec04 1:08 /usr/sbin/httpd
  863. apache 3500 Dec04 1:06 /usr/sbin/httpd
  864. apache 3501 Dec04 1:08 /usr/sbin/httpd
  865. apache 3502 Dec04 1:08 /usr/sbin/httpd
  866. apache 3503 Dec04 1:07 /usr/sbin/httpd
  867. apache 7785 Dec05 0:33 /usr/sbin/httpd
  868. apache 7786 Dec05 0:33 /usr/sbin/httpd
  869. apache 7787 Dec05 0:33 /usr/sbin/httpd
  870. apache 7788 Dec05 0:33 /usr/sbin/httpd
  871. apache 7789 Dec05 0:33 /usr/sbin/httpd
  872. apache 7790 Dec05 0:33 /usr/sbin/httpd
  873. apache 7791 Dec05 0:33 /usr/sbin/httpd
  874. apache 9327 Dec05 0:00 sh
  875. apache 9328 Dec05 0:00 bash
  876. apache 9333 Dec05 669:47 python
  877. apache 9334 Dec05 0:00 /bin/bash
  878. apache 9395 Dec05 0:00 vi
  879. apache 11797 09:26 0:00 sh
  880. apache 11798 09:26 0:00 bash
  881. apache 11811 09:28 0:00 python
  882. apache 11812 09:28 0:00 /bin/bash
  883. apache 12877 09:35 0:00 python
  884. apache 13021 09:35 0:00 /bin/sh
  885. apache 13022 09:35 0:00 ps
  886.  
  887. [+] Apache Version and Modules
  888. Server version: Apache/2.2.3
  889. Server built: Mar 21 2007 19:10:36
  890. Compiled in modules:
  891. core.c
  892. prefork.c
  893. http_core.c
  894. mod_so.c
  895.  
  896. [+] Apache Config File
  897.  
  898. [+] Sudo Version (Check out http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)
  899. Sudo version 1.6.8p12
  900.  
  901. [*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...
  902.  
  903. root 171 Dec04 0:00 [khubd]
  904. root 2941 Dec04 0:00 gpm
  905. Possible Related Packages:
  906. gpm-1.20.1-74.1
  907. root 2892 Dec04 0:00 cupsd
  908. root 2995 Dec04 0:00 /sbin/mingetty
  909. Possible Related Packages:
  910. mingetty-1.07-5.2.2
  911. root 489 Dec04 0:00 [scsi_eh_0]
  912. root 2 Dec04 0:00 [migration/0]
  913. root 2910 Dec04 0:00 /usr/sbin/sshd
  914. root 2996 Dec04 0:00 /sbin/mingetty
  915. Possible Related Packages:
  916. mingetty-1.07-5.2.2
  917. root 1271 Dec04 0:00 [ata_aux]
  918. root 241 Dec04 0:00 [pdflush]
  919. root 2869 Dec04 0:00 automount
  920. root 492 Dec04 0:00 [kstriped]
  921. root 2993 Dec04 0:00 /sbin/mingetty
  922. Possible Related Packages:
  923. mingetty-1.07-5.2.2
  924. root 2731 Dec04 0:00 syslogd
  925. root 2957 Dec04 0:00 /usr/sbin/httpd
  926. Possible Related Packages:
  927. httpd-2.2.3-6.el5.centos.1
  928. httpd-manual-2.2.3-6.el5.centos.1
  929. system-config-httpd-1.3.3.1-1.el5
  930. root 461 Dec04 0:00 [kpsmoused]
  931. root 1 Dec04 0:00 init
  932. Possible Related Packages:
  933. SysVinit-2.86-14
  934. initscripts-8.45.14.EL-1.el5.centos.1
  935. mkinitrd-5.1.19.6-1
  936. module-init-tools-3.3-0.pre3.1.16.el5
  937. pkinit-nss-0.3.5-1.el5
  938. root 240 Dec04 0:00 [pdflush]
  939. root 2277 Dec04 0:24 /usr/sbin/vmtoolsd
  940. root 2997 Dec04 0:00 /sbin/mingetty
  941. Possible Related Packages:
  942. mingetty-1.07-5.2.2
  943. root 168 Dec04 0:00 [cqueue/0]
  944. root 2781 Dec04 0:00 rpc.statd
  945. root 10 Dec04 0:00 [kacpid]
  946. root 488 Dec04 0:00 [mpt/0]
  947. root 2994 Dec04 0:00 /sbin/mingetty
  948. Possible Related Packages:
  949. mingetty-1.07-5.2.2
  950. root 2734 Dec04 0:00 klogd
  951. Possible Related Packages:
  952. sysklogd-1.4.1-39.2
  953. root 4 Dec04 0:00 [events/0]
  954. root 5 Dec04 0:00 [khelper]
  955. root 173 Dec04 0:00 [kseriod]
  956. root 6 Dec04 0:00 [kthread]
  957. root 2099 Dec04 0:00 [vmmemctl]
  958. root 242 Dec04 0:00 [kswapd0]
  959. root 2926 Dec04 0:00 xinetd
  960. Possible Related Packages:
  961. xinetd-2.3.14-10.el5
  962. root 2998 Dec04 0:00 /sbin/mingetty
  963. Possible Related Packages:
  964. mingetty-1.07-5.2.2
  965. root 504 Dec04 0:02 [kjournald]
  966. root 565 Dec04 0:00 /sbin/udevd
  967. root 9 Dec04 0:00 [kblockd/0]
  968. root 2805 Dec04 0:00 [rpciod/0]
  969. root 3 Dec04 0:00 [ksoftirqd/0]
  970. root 2812 Dec04 0:00 rpc.idmapd
  971. root 487 Dec04 0:00 [mpt_poll_0]
  972. root 2972 Dec04 0:00 crond
  973. root 501 Dec04 0:00 [ksnapd]
  974. root 1270 Dec04 0:00 [ata/0]
  975. root 239 Dec04 0:00 [khungtaskd]
  976. root 531 Dec04 0:00 [kauditd]
  977. root 243 Dec04 0:00 [aio/0]
  978. root 1701 Dec04 0:00 [kjournald]
  979.  
  980. [*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...
  981.  
  982. [+] Installed Tools
  983. /bin/awk
  984. /usr/bin/perl
  985. /usr/bin/python
  986. /bin/vi
  987. /usr/bin/vim
  988. /usr/bin/find
  989. /usr/bin/nc
  990. /usr/bin/wget
  991. /usr/bin/ftp
  992.  
  993. [+] Related Shell Escape Sequences...
  994.  
  995. vi--> :!bash
  996. vi--> :set shell=/bin/bash:shell
  997. vi--> :!bash
  998. vi--> :set shell=/bin/bash:shell
  999. awk--> awk 'BEGIN {system("/bin/bash")}'
  1000. find--> find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
  1001. perl--> perl -e 'exec "/bin/bash";'
  1002.  
  1003. [*] FINDING RELEVENT PRIVILEGE ESCALATION EXPLOITS...
  1004.  
  1005. Note: Exploits relying on a compile/scripting language not detected on this system are marked with a '**' but should still be tested!
  1006.  
  1007. The following exploits are ranked higher in probability of success because this script detected a related running process, OS, or mounted file system
  1008. - 2.6 UDEV < 141 Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8572 || Language=c
  1009. - 2.6 UDEV Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8478 || Language=c
  1010.  
  1011. The following exploits are applicable to this kernel version and should be investigated as well
  1012. - < 2.6.19 udp_sendmsg Local Root Exploit || http://www.exploit-db.com/exploits/9575 || Language=c
  1013. - Kernel ia32syscall Emulation Privilege Escalation || http://www.exploit-db.com/exploits/15023 || Language=c
  1014. - < 2.6.29 exit_notify() Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8369 || Language=c
  1015. - 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 Pipe.c Privelege Escalation || http://www.exploit-db.com/exploits/9844 || Language=python
  1016. - < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit || http://www.exploit-db.com/exploits/14814 || Language=c
  1017. - 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit || http://www.exploit-db.com/exploits/9542 || Language=c
  1018. - Linux Kernel < 2.6.22 ftruncate()/open() Local Exploit || http://www.exploit-db.com/exploits/6851 || Language=c
  1019. - 2.x sock_sendpage() Local Root Exploit 2 || http://www.exploit-db.com/exploits/9436 || Language=c
  1020. - open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/25307 || Language=c
  1021. - 2.6.18-20 2009 Local Root Exploit || http://www.exploit-db.com/exploits/10613 || Language=c
  1022. - 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver) || http://www.exploit-db.com/exploits/9479 || Language=c
  1023. - 2.6 UDEV < 141 Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8572 || Language=c
  1024. - 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit || http://www.exploit-db.com/exploits/5092 || Language=c
  1025. - Linux Kernel <=2.6.28.3 set_selection() UTF-8 Off By One Local Exploit || http://www.exploit-db.com/exploits/9083 || Language=c
  1026. - 2.4/2.6 sock_sendpage() Local Root Exploit [2] || http://www.exploit-db.com/exploits/9598 || Language=c
  1027. - < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64) || http://www.exploit-db.com/exploits/9574 || Language=c
  1028. - open-time Capability file_ns_capable() Privilege Escalation || http://www.exploit-db.com/exploits/25450 || Language=c
  1029. - CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || http://www.exploit-db.com/exploits/15944 || Language=c
  1030. - Linux RDS Protocol Local Privilege Escalation || http://www.exploit-db.com/exploits/15285 || Language=c
  1031. - 2.6.x ptrace_attach Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8673 || Language=c
  1032. - 2.x sock_sendpage() Local Ring0 Root Exploit || http://www.exploit-db.com/exploits/9435 || Language=c
  1033. - Test Kernel Local Root Exploit 0day || http://www.exploit-db.com/exploits/9191 || Language=c
  1034. - 2.4/2.6 bluez Local Root Privilege Escalation Exploit (update) || http://www.exploit-db.com/exploits/926 || Language=c
  1035. - CAP_SYS_ADMIN to root Exploit || http://www.exploit-db.com/exploits/15916 || Language=c
  1036. - 2.4/2.6 sock_sendpage() Local Root Exploit (ppc) || http://www.exploit-db.com/exploits/9545 || Language=c
  1037. - 2.6 UDEV Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8478 || Language=c
  1038. - MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
  1039. - < 2.6.36.2 Econet Privilege Escalation Exploit || http://www.exploit-db.com/exploits/17787 || Language=c
  1040. - Sendpage Local Privilege Escalation || http://www.exploit-db.com/exploits/19933 || Language=ruby**
  1041. - < 2.6.37-rc2 ACPI custom_method Privilege Escalation || http://www.exploit-db.com/exploits/15774 || Language=c
  1042. - 'pipe.c' Local Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/10018 || Language=sh
  1043. - 2.4/2.6 sock_sendpage() Local Root Exploit [3] || http://www.exploit-db.com/exploits/9641 || Language=c
  1044. - <= 2.6.37 Local Privilege Escalation || http://www.exploit-db.com/exploits/15704 || Language=c
  1045. - 2.4.x / 2.6.x uselib() Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/895 || Language=c
  1046.  
  1047. Finished
  1048. =================================================================================================
  1049. bash-3.1$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!