Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- bash-3.1$ python linprivchecker.py
- =================================================================================================
- LINUX PRIVILEGE ESCALATION CHECKER
- =================================================================================================
- [*] GETTING BASIC SYSTEM INFO...
- [+] Kernel
- Linux version 2.6.18-274.3.1.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-51)) #1 SMP Tue Sep 6 20:14:03 EDT 2011
- [+] Hostname
- pain
- [+] Operating System
- CentOS release 5 (Final)
- Kernel \r on an \m
- [*] GETTING NETWORKING INFO...
- [+] Interfaces
- eth0 Link encap:Ethernet HWaddr 00:50:56:B8:4D:BE
- inet addr:10.11.1.35 Bcast:10.11.255.255 Mask:255.255.0.0
- inet6 addr: fe80::250:56ff:feb8:4dbe/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:1001699 errors:77 dropped:0 overruns:0 frame:0
- TX packets:423415 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:101784699 (97.0 MiB) TX bytes:111650732 (106.4 MiB)
- Interrupt:59 Base address:0x2024
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:16436 Metric:1
- RX packets:40 errors:0 dropped:0 overruns:0 frame:0
- TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:3592 (3.5 KiB) TX bytes:3592 (3.5 KiB)
- sit0 Link encap:IPv6-in-IPv4
- NOARP MTU:1480 Metric:1
- RX packets:0 errors:0 dropped:0 overruns:0 frame:0
- TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
- [+] Netstat
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 0.0.0.0:843 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
- tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 9327/sh
- tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
- tcp 0 0 10.11.1.35:45213 10.11.0.128:443 ESTABLISHED 11798/bash
- tcp 0 0 10.11.1.35:47051 10.11.0.194:445 CLOSE_WAIT 9328/bash
- tcp 0 0 :::22 :::* LISTEN -
- tcp 0 0 :::443 :::* LISTEN 9327/sh
- tcp 38 0 ::ffff:10.11.1.35:443 ::ffff:10.11.0.128:37594 CLOSE_WAIT 11797/sh
- udp 0 0 0.0.0.0:837 0.0.0.0:* -
- udp 0 0 0.0.0.0:840 0.0.0.0:* -
- udp 0 0 0.0.0.0:111 0.0.0.0:* -
- udp 0 0 0.0.0.0:631 0.0.0.0:* -
- [+] Route
- Kernel IP routing table
- Destination Gateway Genmask Flags Metric Ref Use Iface
- 10.11.0.0 * 255.255.0.0 U 0 0 0 eth0
- 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
- default master.thinc.lo 0.0.0.0 UG 0 0 0 eth0
- [*] GETTING FILESYSTEM INFO...
- [+] Mount results
- /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
- proc on /proc type proc (rw)
- sysfs on /sys type sysfs (rw)
- devpts on /dev/pts type devpts (rw,gid=5,mode=620)
- /dev/sda1 on /boot type ext3 (rw)
- tmpfs on /dev/shm type tmpfs (rw)
- none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
- sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
- [+] fstab entries
- /dev/VolGroup00/LogVol00 / ext3 defaults 1 1
- LABEL=/boot /boot ext3 defaults 1 2
- devpts /dev/pts devpts gid=5,mode=620 0 0
- tmpfs /dev/shm tmpfs defaults 0 0
- proc /proc proc defaults 0 0
- sysfs /sys sysfs defaults 0 0
- /dev/VolGroup00/LogVol01 swap swap defaults 0 0
- [+] Scheduled cron jobs
- -rw-r--r-- 1 root root 0 Apr 13 2007 /etc/cron.deny
- -rw-r--r-- 1 root root 255 Jan 6 2007 /etc/crontab
- /etc/cron.daily:
- total 100
- drwxr-xr-x 2 root root 4096 Apr 13 2007 .
- drwxr-xr-x 85 root root 4096 Dec 4 12:11 ..
- -rwxr-xr-x 1 root root 133 Jan 8 2007 00webalizer
- -rwxr-xr-x 1 root root 379 Mar 28 2007 0anacron
- lrwxrwxrwx 1 root root 39 Apr 13 2007 0logwatch -> /usr/share/logwatch/scripts/logwatch.pl
- -rwxr-xr-x 1 root root 118 Mar 14 2007 cups
- -rwxr-xr-x 1 root root 128 Jan 6 2007 inn-cron-expire
- -rwxr-xr-x 1 root root 180 Jan 6 2007 logrotate
- -rwxr-xr-x 1 root root 418 Jan 6 2007 makewhatis.cron
- -rwxr-xr-x 1 root root 137 Mar 14 2007 mlocate.cron
- -rwxr-xr-x 1 root root 2181 Nov 22 2006 prelink
- -rwxr-xr-x 1 root root 114 Mar 14 2007 rpm
- -rwxr-xr-x 1 root root 290 Mar 14 2007 tmpwatch
- /etc/cron.hourly:
- total 32
- drwxr-xr-x 2 root root 4096 Apr 13 2007 .
- drwxr-xr-x 85 root root 4096 Dec 4 12:11 ..
- -rwxr-xr-x 1 root root 118 Jan 6 2007 inn-cron-nntpsend
- -rwxr-xr-x 1 root root 118 Jan 6 2007 inn-cron-rnews
- /etc/cron.monthly:
- total 24
- drwxr-xr-x 2 root root 4096 Apr 13 2007 .
- drwxr-xr-x 85 root root 4096 Dec 4 12:11 ..
- -rwxr-xr-x 1 root root 381 Mar 28 2007 0anacron
- /etc/cron.weekly:
- total 32
- drwxr-xr-x 2 root root 4096 Apr 13 2007 .
- drwxr-xr-x 85 root root 4096 Dec 4 12:11 ..
- -rwxr-xr-x 1 root root 380 Mar 28 2007 0anacron
- -rwxr-xr-x 1 root root 414 Jan 6 2007 makewhatis.cron
- [+] Writable cron dirs
- lrwxrwxrwx 1 root root 39 Apr 13 2007 0logwatch -> /usr/share/logwatch/scripts/logwatch.pl
- [*] ENUMERATING USER AND ENVIRONMENTAL INFO...
- [+] Logged in User Activity
- 09:35:05 up 1 day, 22:29, 0 users, load average: 1.04, 1.03, 1.00
- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
- [+] Sudoers (privileged)
- [+] All users
- root:x:0:0:root:/root:/bin/bash
- bin:x:1:1:bin:/bin:/sbin/nologin
- daemon:x:2:2:daemon:/sbin:/sbin/nologin
- adm:x:3:4:adm:/var/adm:/sbin/nologin
- lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
- sync:x:5:0:sync:/sbin:/bin/sync
- shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
- halt:x:7:0:halt:/sbin:/sbin/halt
- mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
- news:x:9:13:news:/etc/news:
- uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
- operator:x:11:0:operator:/root:/sbin/nologin
- games:x:12:100:games:/usr/games:/sbin/nologin
- gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
- ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
- nobody:x:99:99:Nobody:/:/sbin/nologin
- rpm:x:37:37::/var/lib/rpm:/sbin/nologin
- dbus:x:81:81:System message bus:/:/sbin/nologin
- apache:x:48:48:Apache:/var/www:/sbin/nologin
- avahi:x:70:70:Avahi daemon:/:/sbin/nologin
- mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
- smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
- distcache:x:94:94:Distcache:/:/sbin/nologin
- nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
- vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
- haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
- rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
- rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
- nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
- named:x:25:25:Named:/var/named:/sbin/nologin
- sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
- dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
- webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
- squid:x:23:23::/var/spool/squid:/sbin/nologin
- pcap:x:77:77::/var/arpwatch:/sbin/nologin
- [+] Current User ID
- uid=48(apache) gid=48(apache) groups=48(apache)
- [+] Super Users Found:
- root
- [+] Environment
- CONSOLE=/dev/console
- SELINUX_INIT=YES
- TERM=linux
- INIT_VERSION=sysvinit-2.86
- PATH=/sbin:/usr/sbin:/bin:/usr/bin
- _=/bin/env
- runlevel=3
- RUNLEVEL=3
- PWD=/tmp
- LANG=C
- previous=N
- PREVLEVEL=N
- SHLVL=7
- HOME=/
- [+] Current User
- apache
- [+] Root and current user history (depends on privs)
- -rw------- 1 root root 355 Dec 5 21:29 //.bash_history
- [*] ENUMERATING FILE AND DIRECTORY PERMISSIONS/CONTENTS...
- [+] World Writeable Directories for User/Group 'Root'
- drwxrwxrwt 2 root root 40 Jan 16 2017 /dev/shm
- drwxrwxrwt 2 root root 4096 Mar 14 2007 /var/spool/vbox
- drwxrwxrwt 2 root root 4096 Jan 6 2007 /var/spool/samba
- drwxrwxrwt 2 root root 4096 Sep 30 2011 /var/tmp
- drwxrwxrwt 2 root root 4096 Dec 6 09:35 /tmp
- [+] World Writeable Directories for Users other than Root
- [+] World Writable Files
- [+] Checking if root's home folder is accessible
- [+] SUID/SGID Files and Directories
- -rwsr-xr-x 1 root root 57588 Mar 14 2007 /bin/mount
- -rwsr-xr-x 1 root root 24060 Mar 21 2007 /bin/su
- -rwsr-xr-x 1 root root 35864 Mar 14 2007 /bin/ping
- -rwsr-xr-x 1 root root 31244 Mar 14 2007 /bin/ping6
- -rwsr-xr-x 1 root root 38552 Mar 14 2007 /bin/umount
- -rws--x--x 1 root root 17900 Mar 14 2007 /usr/bin/chfn
- -rwx--s--x 1 root slocate 23856 Mar 14 2007 /usr/bin/locate
- -rwxr-sr-x 1 root nobody 79388 Mar 21 2007 /usr/bin/ssh-agent
- ---s--x--x 2 root root 159096 Jan 6 2007 /usr/bin/sudo
- -rwsr-xr-x 1 root root 18544 Mar 14 2007 /usr/bin/rcp
- -r-xr-sr-x 1 root tty 10420 Jan 6 2007 /usr/bin/wall
- -rwsr-xr-x 1 root root 22984 Jan 6 2007 /usr/bin/passwd
- -rwsr-xr-x 1 root root 47352 Mar 14 2007 /usr/bin/gpasswd
- -rwsr-xr-x 1 root root 24556 Mar 14 2007 /usr/bin/newgrp
- -rwxr-sr-x 1 root mail 16020 Mar 29 2007 /usr/bin/lockfile
- -rwsr-xr-x 1 root root 43976 Jan 6 2007 /usr/bin/at
- -rwxr-sr-x 1 root tty 10920 Mar 14 2007 /usr/bin/write
- -rwsr-xr-x 1 root root 46748 Mar 14 2007 /usr/bin/chage
- -rwsr-sr-x 1 root root 311288 Mar 14 2007 /usr/bin/crontab
- ---s--x--x 2 root root 159096 Jan 6 2007 /usr/bin/sudoedit
- -rwsr-xr-x 1 root root 8876 Mar 14 2007 /usr/bin/rsh
- -rws--x--x 1 root root 19064 Mar 14 2007 /usr/bin/chsh
- -rwsr-xr-x 1 root root 13108 Mar 14 2007 /usr/bin/rlogin
- -rwsr-xr-x 1 root root 144537 Mar 14 2007 /usr/kerberos/bin/ksu
- -rwsr-xr-x 1 root root 172200 Mar 21 2007 /usr/libexec/openssh/ssh-keysign
- -rwsr-x--- 1 root squid 17360 Mar 14 2007 /usr/lib/squid/ncsa_auth
- -rwsr-x--- 1 root squid 15452 Mar 14 2007 /usr/lib/squid/pam_auth
- -r-sr-xr-x 1 root root 9532 Feb 26 2015 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
- -r-sr-xr-x 1 root root 10224 Feb 26 2015 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
- -r-sr-x--- 1 root news 41852 Jan 6 2007 /usr/lib/news/bin/startinnfeed
- -r-sr-x--- 1 uucp news 162764 Jan 6 2007 /usr/lib/news/bin/rnews
- -r-sr-x--- 1 root news 46000 Jan 6 2007 /usr/lib/news/bin/inndstart
- -rwsr-xr-x 1 root root 6808 Mar 21 2007 /usr/sbin/usernetctl
- -r-s--x--- 1 root apache 11484 Mar 21 2007 /usr/sbin/suexec
- -rwxr-sr-x 1 root smmsp 806460 Mar 14 2007 /usr/sbin/sendmail.sendmail
- -rwxr-sr-x 1 root lock 16616 Jan 9 2007 /usr/sbin/lockdev
- -rwsr-xr-x 1 root root 6700 Mar 14 2007 /usr/sbin/userisdnctl
- -rws--x--x 1 root root 34824 Mar 14 2007 /usr/sbin/userhelper
- -rwsr-xr-x 1 root root 6240 Jan 6 2007 /usr/sbin/ccreds_validate
- --wsr--r-x 1 root root 0 Oct 5 2008 /media/.hal-mtab-lock
- -rwsr-xr-x 1 root root 55016 Mar 14 2007 /sbin/mount.nfs4
- -rwsr-xr-x 1 root root 12280 Mar 14 2007 /sbin/pam_timestamp_check
- -rwsr-xr-x 1 root root 20796 Mar 14 2007 /sbin/unix_chkpwd
- -rwsr-xr-x 1 root root 55016 Mar 14 2007 /sbin/umount.nfs4
- -rwsr-xr-x 1 root root 55012 Mar 14 2007 /sbin/mount.nfs
- -rwsr-xr-x 1 root root 55016 Mar 14 2007 /sbin/umount.nfs
- -rwxr-sr-x 1 root root 5872 Mar 21 2007 /sbin/netreport
- [+] Logs containing keyword 'password'
- [+] Config files containing keyword 'password'
- /etc/samba/smb.conf:# Use password server option only with security = server
- /etc/samba/smb.conf:# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
- /etc/samba/smb.conf:# password server = *
- /etc/samba/smb.conf:; password server = <NT-Server-Name>
- /etc/my.cnf:# Default to using old password format for compatibility with mysql 3.x
- /etc/my.cnf:old_passwords=1
- /etc/squid/squid.conf.default:# TAG: sslpassword_program
- /etc/squid/squid.conf.default:# login=user:password | PASS | *:password
- /etc/squid/squid.conf.default:# use 'login=user:password' if this is a personal/workgroup
- /etc/squid/squid.conf.default:# use 'login=*:password' to pass the username to the
- /etc/squid/squid.conf.default:# upstream cache, but with a fixed password. This is meant
- /etc/squid/squid.conf.default:# the login=username:password option above.
- /etc/squid/squid.conf.default:# If you want the anonymous login password to be more informative
- /etc/squid/squid.conf.default:# reads a line containing "username password" and replies "OK" or
- /etc/squid/squid.conf.default:# will see when prompted their username and password).
- /etc/squid/squid.conf.default:# username:password pair is valid for - in other words how often the
- /etc/squid/squid.conf.default:# revalidation with short lived passwords. Note that setting this high
- /etc/squid/squid.conf.default:# using an one-time password system (such as SecureID). If you are using
- /etc/squid/squid.conf.default:# "blankpassword" on|off
- /etc/squid/squid.conf.default:# Specifies if blank passwords should be supported. Defaults to off
- /etc/squid/squid.conf.default:# passwords as "guest" access.
- /etc/squid/squid.conf.default:# when prompted their username and password).
- /etc/squid/squid.conf.default:# password= The users password (for PROXYPASS login= cache_peer)
- /etc/squid/squid.conf.default:# # to check username/password combinations (see
- /etc/squid/squid.conf.default:#acl password proxy_auth REQUIRED
- /etc/squid/squid.conf.default:# user's default group ID (taken from the password file) and
- /etc/squid/squid.conf.default:# Specify passwords for cachemgr operations.
- /etc/squid/squid.conf.default:# Usage: cachemgr_passwd password action action ...
- /etc/squid/squid.conf.default:# valid password, others can be performed if not listed here.
- /etc/squid/squid.conf.default:# To disable an action, set the password to "disable".
- /etc/squid/squid.conf.default:# To allow performing an action without a password, set the
- /etc/squid/squid.conf.default:# password to "none".
- /etc/squid/squid.conf.default:# Use the keyword "all" to set the same password for all actions.
- /etc/squid/squid.conf.default:# "password=<password>" to the end of this service declaration.
- /etc/squid/squid.conf.default:# wccp2_service standard 0 password=foo
- /etc/pam_pkcs11/pam_pkcs11.conf: # Allow empty passwords
- /etc/pam_pkcs11/pam_pkcs11.conf: # Do not prompt the user for the passwords but take them from the
- /etc/pam_pkcs11/pam_pkcs11.conf: # Do not prompt the user for the passwords unless PAM_(OLD)AUTHTOK
- /etc/pam_pkcs11/pam_pkcs11.conf: # previously set (intended for stacking password modules only).
- /etc/dovecot.conf:# If key file is password protected, give the password here. Alternatively
- /etc/dovecot.conf:#ssl_key_password =
- /etc/dovecot.conf:# internal failure. We also try to handle password changes automatically: If
- /etc/dovecot.conf:# In case of password mismatches, log the passwords and used scheme so the
- /etc/dovecot.conf:#auth_debug_passwords = no
- /etc/dovecot.conf: # Password database is used to verify user's password (and nothing more).
- /etc/dovecot.conf: # Note that PAM can only be used to verify if user's password is correct,
- /etc/dovecot.conf: # because PAM modules can do all kinds of checks besides checking password,
- /etc/dovecot.conf: # checkpassword executable authentication
- /etc/dovecot.conf: #passdb checkpassword {
- /etc/dovecot.conf: # Path for checkpassword binary
- /etc/dovecot.conf: # password databases, nothing else. Only shadow and pam authentication
- Binary file /etc/prelink.cache matches
- /etc/httpd/conf.d/ssl.conf:# Note that no password is obtained from the user. Every entry in the user
- /etc/httpd/conf.d/ssl.conf:# file needs this password: `xxj31ZMTZzkVA'.
- /etc/news/readers.conf:## log in with a username and password (the example in this file only
- /etc/lftp.conf:## This can be e.g. TIS-FWTK or rftpd. User and password are optional.
- /etc/pki/tls/openssl.cnf:# input_password = secret
- /etc/pki/tls/openssl.cnf:# output_password = secret
- /etc/pki/tls/openssl.cnf:challengePassword = A challenge password
- /etc/ldap.conf:# Search the root DSE for the password policy (works
- /etc/ldap.conf:# Do not hash the password at all; presume
- /etc/ldap.conf:#pam_password clear
- /etc/ldap.conf:# Hash password locally; required for University of
- /etc/ldap.conf:#pam_password crypt
- /etc/ldap.conf:# Remove old password first, then update in
- /etc/ldap.conf:#pam_password clear_remove_old
- /etc/ldap.conf:#pam_password nds
- /etc/ldap.conf:#pam_password racf
- /etc/ldap.conf:# Update Active Directory password, by
- /etc/ldap.conf:# creating Unicode password and updating
- /etc/ldap.conf:#pam_password ad
- /etc/ldap.conf:# Use the OpenLDAP password change
- /etc/ldap.conf:# extended operation to update the password.
- /etc/ldap.conf:#pam_password exop
- /etc/ldap.conf:# Redirect users to a URL or somesuch on password
- /etc/ldap.conf:#pam_password_prohibit_message Please visit http://internal to change your password.
- /etc/ldap.conf:#pam_password ad
- /etc/ldap.conf:#nss_map_attribute shadowLastChange pwdLastSet
- /etc/ldap.conf:#pam_password ad
- /etc/ldap.conf:#nss_map_attribute shadowLastChange pwdLastSet
- /etc/ldap.conf:#pam_password ad
- /etc/ldap.conf:# configure --enable-authpassword is no longer supported
- /etc/ldap.conf:#nss_map_attribute userPassword passwordChar
- /etc/ldap.conf:#pam_password clear
- /etc/ldap.conf:# at present and does not support password policy control
- /etc/oddjobd.conf: <helper exec="/usr/bin/pwd" arguments="0" prepend_user_name="no"/>
- [+] Shadow File (Privileged)
- [*] ENUMERATING PROCESSES AND APPLICATIONS...
- [+] Installed Packages
- Deployment_Guide-en-US-5.0.0-19.el5.centos
- GConf2-2.14.0-9.el5
- MAKEDEV-3.23-1.2
- NetworkManager-0.6.4-6.el5
- ORBit2-2.14.3-4.el5
- SysVinit-2.86-14
- acl-2.2.39-1.1
- acpid-1.0.4-5
- alchemist-1.0.36-2.el5
- alsa-lib-1.0.12-3.el5
- amtu-1.0.4-4
- anacron-2.3-45.el5.centos
- apmd-3.2.2-5
- apr-1.2.7-11
- apr-util-1.2.7-6
- aspell-0.60.3-7.1
- aspell-en-6.0-2.1
- at-3.1.8-82.fc6
- atk-1.12.2-1.fc6
- attr-2.4.32-1.1
- audiofile-0.2.6-5
- audit-1.3.1-1.el5
- audit-libs-1.3.1-1.el5
- audit-libs-python-1.3.1-1.el5
- authconfig-5.3.12-2.el5
- autofs-5.0.1-0.rc2.42
- avahi-0.6.16-1.el5
- avahi-glib-0.6.16-1.el5
- basesystem-8.0-5.1.1.el5.centos
- bash-3.1-16.1
- bc-1.06-21
- beecrypt-4.1.2-10.1.1
- bind-9.3.3-7.el5
- bind-chroot-9.3.3-7.el5
- bind-libs-9.3.3-7.el5
- bind-utils-9.3.3-7.el5
- binutils-2.17.50.0.6-2.el5
- bluez-gnome-0.5-5.fc6
- bluez-libs-3.7-1
- bluez-utils-3.7-2.el5.centos
- bzip2-1.0.3-3
- bzip2-libs-1.0.3-3
- cadaver-0.22.3-4.el5
- cairo-1.2.4-1.fc6
- ccid-1.0.1-6.el5
- centos-release-5-0.0.el5.centos.2
- centos-release-notes-5.0.0-2
- checkpolicy-1.33.1-2.el5
- chkconfig-1.3.30.1-1
- conman-0.1.9.2-4.el5
- coolkey-1.0.1-16.el5
- coreutils-5.97-12.1.el5
- cpio-2.6-20
- cpuspeed-1.2.1-1.45.el5
- cracklib-2.8.9-3.1
- cracklib-dicts-2.8.9-3.1
- crash-4.0-3.14.el5.centos
- crontabs-1.10-8
- cryptsetup-luks-1.0.3-2.2.el5
- cups-1.2.4-11.5.el5
- cups-libs-1.2.4-11.5.el5
- curl-7.15.5-2.el5
- cyrus-sasl-2.1.22-4
- cyrus-sasl-lib-2.1.22-4
- cyrus-sasl-plain-2.1.22-4
- db4-4.3.29-9.fc6
- dbus-1.0.0-6.el5
- dbus-glib-0.70-5
- dbus-python-0.70-7.el5
- desktop-file-utils-0.10-7
- device-mapper-1.02.13-1.el5
- dhcdbd-2.2-1.el5
- dhclient-3.0.5-3.el5
- dhcpv6_client-0.10-33.el5
- diffutils-2.8.1-15.2.2
- distcache-1.4.5-14.1
- dmidecode-2.7-1.28.2.el5
- dmraid-1.0.0.rc13-2.el5
- dos2unix-3.1-27.1
- dosfstools-2.11-6.2.el5
- dovecot-1.0-1.2.rc15.el5
- dump-0.4b41-2.fc6
- e2fsprogs-1.39-8.el5
- e2fsprogs-libs-1.39-8.el5
- ed-0.2-38.2.2
- eject-2.1.5-4.2.el5
- elfutils-libelf-0.125-3.el5
- elinks-0.11.1-5.1.el5
- esound-0.2.36-3
- ethtool-5-1.el5
- expat-1.95.8-8.2.1
- fbset-2.1-22
- fetchmail-6.3.6-1.el5
- file-4.17-8
- filesystem-2.4.0-1.el5.centos
- findutils-4.2.27-4.1
- finger-0.17-32.2.1.1
- firstboot-tui-1.4.27.2-1.el5.centos.1
- fontconfig-2.4.1-6.el5
- freetype-2.2.1-16.el5
- ftp-0.17-33.fc6
- gamin-0.1.7-8.el5
- gawk-3.1.5-14.el5
- gd-2.0.33-9.3.fc6
- gdbm-1.8.0-26.2.1
- gettext-0.14.6-4.el5
- glib2-2.12.3-2.fc6
- glibc-2.5-12
- glibc-common-2.5-12
- gmp-4.1.4-10.el5
- gnome-keyring-0.6.0-1.fc6
- gnome-mime-data-2.4.2-3.1
- gnome-mount-0.5-3.el5
- gnome-python2-2.16.0-1.fc6
- gnome-python2-bonobo-2.16.0-1.fc6
- gnome-python2-canvas-2.16.0-1.fc6
- gnome-python2-gnomevfs-2.16.0-1.fc6
- gnome-vfs2-2.16.2-4.el5
- gnu-efi-3.0c-1.1
- gnupg-1.4.5-12
- gnutls-1.4.1-2
- gpg-pubkey-e8562897-459f07a4
- gpm-1.20.1-74.1
- grep-2.5.1-54.2.el5
- groff-1.18.1.1-11.1
- grub-0.97-13
- gtk2-2.10.4-16.el5
- gzip-1.3.5-9.el5.centos
- hal-0.5.8.1-19.el5
- hdparm-6.6-2
- hesiod-3.1.0-8
- hicolor-icon-theme-0.9-2.1
- htmlview-4.0.0-1.el5
- httpd-2.2.3-6.el5.centos.1
- httpd-manual-2.2.3-6.el5.centos.1
- hwdata-0.194-1
- ibmasm-3.0-9
- ifd-egate-0.05-15
- inews-2.4.3-6.fc6
- info-4.8-14.el5
- initscripts-8.45.14.EL-1.el5.centos.1
- inn-2.4.3-6.fc6
- iproute-2.6.18-4.el5
- ipsec-tools-0.6.5-6
- iptables-1.3.5-1.2.1
- iptables-ipv6-1.3.5-1.2.1
- iptstate-1.4-1.1.2.2
- iputils-20020927-43.el5
- irda-utils-0.9.17-2.fc6
- irqbalance-1.13-9.el5
- isdn4k-utils-3.2-50.1
- jwhois-3.2.3-8.el5
- kbd-1.12-19.el5
- kernel-2.6.18-238.9.1.el5
- kernel-2.6.18-274.3.1.el5
- kernel-headers-2.6.18-8.el5
- kpartx-0.4.7-8.el5
- krb5-libs-1.5-17
- krb5-workstation-1.5-17
- ksh-20060214-1.4
- kudzu-1.2.57.1.13-1.el5.centos
- less-394-5.el5
- lftp-3.5.1-2.fc6
- libICE-1.0.1-2.1
- libIDL-0.8.7-1.fc6
- libSM-1.0.1-3.1
- libX11-1.0.3-8.el5
- libXau-1.0.1-3.1
- libXcursor-1.1.7-1.1
- libXdmcp-1.0.1-2.1
- libXext-1.0.1-2.1
- libXfixes-4.0.1-2.1
- libXft-2.1.10-1.1
- libXi-1.0.1-3.1
- libXinerama-1.0.1-2.1
- libXpm-3.5.5-3
- libXrandr-1.1.1-3.1
- libXrender-0.9.1-3.1
- libXres-1.0.1-3.1
- libXt-1.0.2-3.1.fc6
- libXxf86vm-1.0.1-3.1
- libacl-2.2.39-1.1
- libaio-0.3.106-3.2
- libart_lgpl-2.3.17-4
- libattr-2.4.32-1.1
- libbonobo-2.16.0-1.fc6
- libbonoboui-2.16.0-1.fc6
- libcap-1.10-26
- libdaemon-0.10-5.el5
- libdrm-2.0.2-1.1
- libevent-1.1a-3.2.1
- libgcc-4.1.1-52.el5
- libgcrypt-1.2.3-1
- libglade2-2.6.0-2
- libgnome-2.16.0-6.el5
- libgnomecanvas-2.14.0-4.1
- libgnomeui-2.16.0-5.el5
- libgpg-error-1.4-2
- libgssapi-0.10-2
- libhugetlbfs-1.0.1-1.el5
- libhugetlbfs-lib-1.0.1-1.el5
- libidn-0.6.5-1.1
- libjpeg-6b-37
- libnl-1.0-0.10.pre5.4
- libnotify-0.4.2-6.el5
- libpcap-0.9.4-8.1
- libpng-1.2.10-7
- libselinux-1.33.4-2.el5
- libselinux-python-1.33.4-2.el5
- libsemanage-1.9.1-3.el5
- libsepol-1.15.2-1.el5
- libstdc++-4.1.1-52.el5
- libsysfs-2.0.0-6
- libtermcap-2.0.8-46.1
- libtiff-3.8.2-7.el5
- libusb-0.1.12-5.1
- libuser-0.54.7-2.el5.1
- libutempter-1.1.4-3.fc6
- libvolume_id-095-14.5.el5
- libwnck-2.16.0-4.fc6
- libwvstreams-4.2.2-2.1
- libxml2-2.6.26-2.1.2
- libxml2-python-2.6.26-2.1.2
- libxslt-1.1.17-2
- libxslt-python-1.1.17-2
- lockdev-1.0.1-10
- logrotate-3.7.4-7
- logwatch-7.3-5
- lrzsz-0.12.20-22.1
- lsof-4.78-3
- lvm2-2.02.16-3.el5
- m2crypto-0.16-6.el5.1
- m4-1.4.5-3.el5.1
- mailcap-2.1.23-1.fc6
- mailx-8.1.1-44.2.2
- make-3.81-1.1
- man-1.6d-1.1
- man-pages-2.39-9.el5
- mcstrans-0.1.10-1.el5
- mdadm-2.5.4-3.el5
- mesa-libGL-6.5.1-7.2.el5
- mgetty-1.1.33-9.fc6
- microcode_ctl-1.15-1.40.el5
- mingetty-1.07-5.2.2
- minicom-2.1-3
- mkbootdisk-1.5.3-2.1
- mkinitrd-5.1.19.6-1
- mktemp-1.5-23.2.2
- mlocate-0.15-1.el5
- mod_perl-2.0.2-6.1
- mod_python-3.2.8-3.1
- mod_ssl-2.2.3-6.el5.centos.1
- module-init-tools-3.3-0.pre3.1.16.el5
- mtools-3.9.10-2.fc6
- mtr-0.71-3.1
- mutt-1.4.2.2-3.el5
- mysql-5.0.22-2.1
- nano-1.3.12-1.1
- nash-5.1.19.6-1
- nc-1.84-10.fc6
- ncurses-5.5-24.20060715
- neon-0.25.5-5.1
- net-tools-1.60-73
- newt-0.52.2-9
- nfs-utils-1.0.9-16.el5
- nfs-utils-lib-1.0.8-7.2
- notification-daemon-0.3.5-8.el5
- nscd-2.5-12
- nspr-4.6.5-1.el5
- nss-3.11.5-1.el5
- nss-tools-3.11.5-1.el5
- nss_db-2.2-35.1
- nss_ldap-253-3
- ntsysv-1.3.30.1-1
- numactl-0.9.8-2.el5
- oddjob-0.27-7
- oddjob-libs-0.27-7
- openldap-2.3.27-5
- openssh-4.3p2-16.el5
- openssh-clients-4.3p2-16.el5
- openssh-server-4.3p2-16.el5
- openssl-0.9.8b-8.3.el5
- pam-0.99.6.2-3.14.el5
- pam_ccreds-3-5
- pam_krb5-2.2.11-1
- pam_passwdqc-1.0.2-1.2.2
- pam_pkcs11-0.5.3-23
- pam_smb-1.1.7-7.2.1
- pango-1.14.9-3.el5.centos
- paps-0.6.6-17.el5
- parted-1.8.1-4.el5
- passwd-0.73-1
- patch-2.5.4-29.2.2
- pax-3.4-1.2.2
- pciutils-2.2.3-4
- pcmciautils-014-5
- pcre-6.6-1.1
- pcsc-lite-1.3.1-7
- pcsc-lite-libs-1.3.1-7
- perl-5.8.8-10
- perl-Archive-Tar-1.30-1.fc6
- perl-BSD-Resource-1.28-1.fc6.1
- perl-Compress-Zlib-1.42-1.fc6
- perl-DBI-1.52-1.fc6
- perl-Digest-HMAC-1.01-15
- perl-Digest-SHA1-2.11-1.2.1
- perl-HTML-Parser-3.55-1.fc6
- perl-HTML-Tagset-3.10-2.1.1
- perl-IO-Socket-INET6-2.51-2.fc6
- perl-IO-Socket-SSL-1.01-1.fc6
- perl-IO-Zlib-1.04-4.2.1
- perl-Net-DNS-0.59-1.fc6
- perl-Net-IP-1.25-2.fc6
- perl-Net-SSLeay-1.30-4.fc6
- perl-Socket6-0.19-3.fc6
- perl-String-CRC32-1.4-2.fc6
- perl-URI-1.35-3
- php-5.1.6-5.el5
- php-cli-5.1.6-5.el5
- php-common-5.1.6-5.el5
- php-ldap-5.1.6-5.el5
- pinfo-0.6.9-1.fc6
- pkgconfig-0.21-1.fc6
- pkinit-nss-0.3.5-1.el5
- pm-utils-0.19-3.el5.centos.1
- policycoreutils-1.33.12-3.el5
- popt-1.10.2-37.el5
- portmap-4.0-65.2.2.1
- postgresql-libs-8.1.4-1.1
- ppp-2.4.4-1.el5
- prelink-0.3.9-2
- procmail-3.22-17.1.el5.centos
- procps-3.2.7-8.1.el5
- psacct-6.3.2-41.1
- psmisc-22.2-5
- pycairo-1.2.0-1.1
- pygobject2-2.12.1-5.el5
- pygtk2-2.10.1-8.el5
- pygtk2-libglade-2.10.1-8.el5
- pyorbit-2.14.1-1.1
- python-2.4.3-19.el5
- python-elementtree-1.2.6-5
- python-numeric-23.7-2.2.2
- python-sqlite-1.1.7-1.2.1
- python-urlgrabber-3.1.0-2
- quota-3.13-1.2.3.2.el5
- rdate-1.4-6
- rdist-6.1.5-44
- readahead-1.3-7.el5
- readline-5.1-1.1
- redhat-logos-4.9.8-6.el5.centos
- redhat-lsb-3.1-12.2.EL.el5.centos
- redhat-menus-6.7.8-1.el5
- rhpl-0.194.1-1
- rmt-0.4b41-2.fc6
- rng-utils-2.0-1.14.1.fc6
- rootfiles-8.1-1.1.1
- rp-pppoe-3.5-32.1
- rpm-4.4.2-37.el5
- rpm-libs-4.4.2-37.el5
- rpm-python-4.4.2-37.el5
- rsh-0.17-37.el5
- rsync-2.6.8-3.1
- rusers-0.17-47
- rwho-0.17-26
- samba-3.0.23c-2
- samba-client-3.0.23c-2
- samba-common-3.0.23c-2
- sed-4.1.5-5.fc6
- selinux-policy-2.4.6-30.el5
- selinux-policy-targeted-2.4.6-30.el5
- sendmail-8.13.8-2.el5
- sendmail-cf-8.13.8-2.el5
- setarch-2.0-1.1
- setools-3.0-3.el5
- setserial-2.17-19.2.2
- setup-2.5.58-1.el5
- setuptool-1.19.2-1.el5.centos
- shadow-utils-4.0.17-12.el5
- shared-mime-info-0.19-3.el5
- slang-2.0.6-4.el5
- slrn-0.9.8.1pl1-1.2.2
- smartmontools-5.36-3.1.el5
- sos-1.3-1.el5
- spamassassin-3.1.7-4.el5
- specspo-13-1.el5.centos
- sqlite-3.3.6-2
- squid-2.6.STABLE6-3.el5
- startup-notification-0.8-4.1
- stunnel-4.15-2
- sudo-1.6.8p12-10
- symlinks-1.2-24.2.2
- sysfsutils-2.0.0-6
- sysklogd-1.4.1-39.2
- syslinux-3.11-4
- sysreport-1.4.3-10.el5
- system-config-httpd-1.3.3.1-1.el5
- system-config-network-tui-1.3.99-1.el5
- system-config-nfs-1.3.23-1.el5
- system-config-samba-1.2.39-1.el5
- system-config-securitylevel-1.6.29.1-1.el5
- system-config-securitylevel-tui-1.6.29.1-1.el5
- system-config-services-0.9.4-1.el5
- talk-0.17-29.2.2
- tar-1.15.1-23.el5
- tcl-8.4.13-3.fc6
- tcp_wrappers-7.6-40.2.1
- tcpdump-3.9.4-8.1
- tcsh-6.14-12.el5
- telnet-0.17-38.el5
- termcap-5.5-1.20060701.1
- time-1.7-27.2.2
- tmpwatch-2.9.7-1.1.el5.1
- traceroute-2.0.1-2.el5
- tree-1.5.0-4
- tux-3.2.18-9.fc6
- tzdata-2006m-2.fc6
- udev-095-14.5.el5
- unix2dos-2.2-26.2.2
- unzip-5.52-2.2.1
- usbutils-0.71-2.1
- usermode-1.88-3.el5
- usermode-gtk-1.88-3.el5
- util-linux-2.13-0.44.el5
- vconfig-1.9-2.1
- vim-common-7.0.109-3
- vim-enhanced-7.0.109-3
- vim-minimal-7.0.109-3
- vixie-cron-4.1-66.1.el5
- vsftpd-2.0.5-10.el5
- webalizer-2.01_10-30.1
- wget-1.10.2-7.el5
- which-2.16-7
- wireless-tools-28-2.el5
- words-3.0-9
- wpa_supplicant-0.4.8-10.1.fc6
- wvdial-1.54.0-5.2.2.1
- xinetd-2.3.14-10.el5
- xorg-x11-filesystem-7.1-2.fc6
- yp-tools-2.9-0.1
- ypbind-1.19-7.el5
- yum-3.0.5-1.el5.centos.2
- yum-updatesd-3.0.5-1.el5.centos.2
- zip-2.31-1.2.2
- zlib-1.2.3-3
- [+] Current processes
- USER PID START TIME COMMAND
- root 1 Dec04 0:00 init
- root 2 Dec04 0:00 [migration/0]
- root 3 Dec04 0:00 [ksoftirqd/0]
- root 4 Dec04 0:00 [events/0]
- root 5 Dec04 0:00 [khelper]
- root 6 Dec04 0:00 [kthread]
- root 9 Dec04 0:00 [kblockd/0]
- root 10 Dec04 0:00 [kacpid]
- root 168 Dec04 0:00 [cqueue/0]
- root 171 Dec04 0:00 [khubd]
- root 173 Dec04 0:00 [kseriod]
- root 239 Dec04 0:00 [khungtaskd]
- root 240 Dec04 0:00 [pdflush]
- root 241 Dec04 0:00 [pdflush]
- root 242 Dec04 0:00 [kswapd0]
- root 243 Dec04 0:00 [aio/0]
- root 461 Dec04 0:00 [kpsmoused]
- root 487 Dec04 0:00 [mpt_poll_0]
- root 488 Dec04 0:00 [mpt/0]
- root 489 Dec04 0:00 [scsi_eh_0]
- root 492 Dec04 0:00 [kstriped]
- root 501 Dec04 0:00 [ksnapd]
- root 504 Dec04 0:02 [kjournald]
- root 531 Dec04 0:00 [kauditd]
- root 565 Dec04 0:00 /sbin/udevd
- root 1270 Dec04 0:00 [ata/0]
- root 1271 Dec04 0:00 [ata_aux]
- root 1701 Dec04 0:00 [kjournald]
- root 2099 Dec04 0:00 [vmmemctl]
- root 2277 Dec04 0:24 /usr/sbin/vmtoolsd
- root 2731 Dec04 0:00 syslogd
- root 2734 Dec04 0:00 klogd
- rpc 2756 Dec04 0:00 portmap
- root 2781 Dec04 0:00 rpc.statd
- root 2805 Dec04 0:00 [rpciod/0]
- root 2812 Dec04 0:00 rpc.idmapd
- root 2869 Dec04 0:00 automount
- root 2892 Dec04 0:00 cupsd
- root 2910 Dec04 0:00 /usr/sbin/sshd
- root 2926 Dec04 0:00 xinetd
- root 2941 Dec04 0:00 gpm
- root 2957 Dec04 0:00 /usr/sbin/httpd
- root 2972 Dec04 0:00 crond
- root 2993 Dec04 0:00 /sbin/mingetty
- root 2994 Dec04 0:00 /sbin/mingetty
- root 2995 Dec04 0:00 /sbin/mingetty
- root 2996 Dec04 0:00 /sbin/mingetty
- root 2997 Dec04 0:00 /sbin/mingetty
- root 2998 Dec04 0:00 /sbin/mingetty
- apache 3496 Dec04 1:08 /usr/sbin/httpd
- apache 3497 Dec04 1:07 /usr/sbin/httpd
- apache 3498 Dec04 1:08 /usr/sbin/httpd
- apache 3499 Dec04 1:08 /usr/sbin/httpd
- apache 3500 Dec04 1:06 /usr/sbin/httpd
- apache 3501 Dec04 1:08 /usr/sbin/httpd
- apache 3502 Dec04 1:08 /usr/sbin/httpd
- apache 3503 Dec04 1:07 /usr/sbin/httpd
- apache 7785 Dec05 0:33 /usr/sbin/httpd
- apache 7786 Dec05 0:33 /usr/sbin/httpd
- apache 7787 Dec05 0:33 /usr/sbin/httpd
- apache 7788 Dec05 0:33 /usr/sbin/httpd
- apache 7789 Dec05 0:33 /usr/sbin/httpd
- apache 7790 Dec05 0:33 /usr/sbin/httpd
- apache 7791 Dec05 0:33 /usr/sbin/httpd
- apache 9327 Dec05 0:00 sh
- apache 9328 Dec05 0:00 bash
- apache 9333 Dec05 669:47 python
- apache 9334 Dec05 0:00 /bin/bash
- apache 9395 Dec05 0:00 vi
- apache 11797 09:26 0:00 sh
- apache 11798 09:26 0:00 bash
- apache 11811 09:28 0:00 python
- apache 11812 09:28 0:00 /bin/bash
- apache 12877 09:35 0:00 python
- apache 13021 09:35 0:00 /bin/sh
- apache 13022 09:35 0:00 ps
- [+] Apache Version and Modules
- Server version: Apache/2.2.3
- Server built: Mar 21 2007 19:10:36
- Compiled in modules:
- core.c
- prefork.c
- http_core.c
- mod_so.c
- [+] Apache Config File
- [+] Sudo Version (Check out http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)
- Sudo version 1.6.8p12
- [*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...
- root 171 Dec04 0:00 [khubd]
- root 2941 Dec04 0:00 gpm
- Possible Related Packages:
- gpm-1.20.1-74.1
- root 2892 Dec04 0:00 cupsd
- root 2995 Dec04 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5.2.2
- root 489 Dec04 0:00 [scsi_eh_0]
- root 2 Dec04 0:00 [migration/0]
- root 2910 Dec04 0:00 /usr/sbin/sshd
- root 2996 Dec04 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5.2.2
- root 1271 Dec04 0:00 [ata_aux]
- root 241 Dec04 0:00 [pdflush]
- root 2869 Dec04 0:00 automount
- root 492 Dec04 0:00 [kstriped]
- root 2993 Dec04 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5.2.2
- root 2731 Dec04 0:00 syslogd
- root 2957 Dec04 0:00 /usr/sbin/httpd
- Possible Related Packages:
- httpd-2.2.3-6.el5.centos.1
- httpd-manual-2.2.3-6.el5.centos.1
- system-config-httpd-1.3.3.1-1.el5
- root 461 Dec04 0:00 [kpsmoused]
- root 1 Dec04 0:00 init
- Possible Related Packages:
- SysVinit-2.86-14
- initscripts-8.45.14.EL-1.el5.centos.1
- mkinitrd-5.1.19.6-1
- module-init-tools-3.3-0.pre3.1.16.el5
- pkinit-nss-0.3.5-1.el5
- root 240 Dec04 0:00 [pdflush]
- root 2277 Dec04 0:24 /usr/sbin/vmtoolsd
- root 2997 Dec04 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5.2.2
- root 168 Dec04 0:00 [cqueue/0]
- root 2781 Dec04 0:00 rpc.statd
- root 10 Dec04 0:00 [kacpid]
- root 488 Dec04 0:00 [mpt/0]
- root 2994 Dec04 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5.2.2
- root 2734 Dec04 0:00 klogd
- Possible Related Packages:
- sysklogd-1.4.1-39.2
- root 4 Dec04 0:00 [events/0]
- root 5 Dec04 0:00 [khelper]
- root 173 Dec04 0:00 [kseriod]
- root 6 Dec04 0:00 [kthread]
- root 2099 Dec04 0:00 [vmmemctl]
- root 242 Dec04 0:00 [kswapd0]
- root 2926 Dec04 0:00 xinetd
- Possible Related Packages:
- xinetd-2.3.14-10.el5
- root 2998 Dec04 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5.2.2
- root 504 Dec04 0:02 [kjournald]
- root 565 Dec04 0:00 /sbin/udevd
- root 9 Dec04 0:00 [kblockd/0]
- root 2805 Dec04 0:00 [rpciod/0]
- root 3 Dec04 0:00 [ksoftirqd/0]
- root 2812 Dec04 0:00 rpc.idmapd
- root 487 Dec04 0:00 [mpt_poll_0]
- root 2972 Dec04 0:00 crond
- root 501 Dec04 0:00 [ksnapd]
- root 1270 Dec04 0:00 [ata/0]
- root 239 Dec04 0:00 [khungtaskd]
- root 531 Dec04 0:00 [kauditd]
- root 243 Dec04 0:00 [aio/0]
- root 1701 Dec04 0:00 [kjournald]
- [*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...
- [+] Installed Tools
- /bin/awk
- /usr/bin/perl
- /usr/bin/python
- /bin/vi
- /usr/bin/vim
- /usr/bin/find
- /usr/bin/nc
- /usr/bin/wget
- /usr/bin/ftp
- [+] Related Shell Escape Sequences...
- vi--> :!bash
- vi--> :set shell=/bin/bash:shell
- vi--> :!bash
- vi--> :set shell=/bin/bash:shell
- awk--> awk 'BEGIN {system("/bin/bash")}'
- find--> find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
- perl--> perl -e 'exec "/bin/bash";'
- [*] FINDING RELEVENT PRIVILEGE ESCALATION EXPLOITS...
- Note: Exploits relying on a compile/scripting language not detected on this system are marked with a '**' but should still be tested!
- The following exploits are ranked higher in probability of success because this script detected a related running process, OS, or mounted file system
- - 2.6 UDEV < 141 Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8572 || Language=c
- - 2.6 UDEV Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8478 || Language=c
- The following exploits are applicable to this kernel version and should be investigated as well
- - < 2.6.19 udp_sendmsg Local Root Exploit || http://www.exploit-db.com/exploits/9575 || Language=c
- - Kernel ia32syscall Emulation Privilege Escalation || http://www.exploit-db.com/exploits/15023 || Language=c
- - < 2.6.29 exit_notify() Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8369 || Language=c
- - 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 Pipe.c Privelege Escalation || http://www.exploit-db.com/exploits/9844 || Language=python
- - < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit || http://www.exploit-db.com/exploits/14814 || Language=c
- - 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit || http://www.exploit-db.com/exploits/9542 || Language=c
- - Linux Kernel < 2.6.22 ftruncate()/open() Local Exploit || http://www.exploit-db.com/exploits/6851 || Language=c
- - 2.x sock_sendpage() Local Root Exploit 2 || http://www.exploit-db.com/exploits/9436 || Language=c
- - open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/25307 || Language=c
- - 2.6.18-20 2009 Local Root Exploit || http://www.exploit-db.com/exploits/10613 || Language=c
- - 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver) || http://www.exploit-db.com/exploits/9479 || Language=c
- - 2.6 UDEV < 141 Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8572 || Language=c
- - 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit || http://www.exploit-db.com/exploits/5092 || Language=c
- - Linux Kernel <=2.6.28.3 set_selection() UTF-8 Off By One Local Exploit || http://www.exploit-db.com/exploits/9083 || Language=c
- - 2.4/2.6 sock_sendpage() Local Root Exploit [2] || http://www.exploit-db.com/exploits/9598 || Language=c
- - < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64) || http://www.exploit-db.com/exploits/9574 || Language=c
- - open-time Capability file_ns_capable() Privilege Escalation || http://www.exploit-db.com/exploits/25450 || Language=c
- - CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || http://www.exploit-db.com/exploits/15944 || Language=c
- - Linux RDS Protocol Local Privilege Escalation || http://www.exploit-db.com/exploits/15285 || Language=c
- - 2.6.x ptrace_attach Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8673 || Language=c
- - 2.x sock_sendpage() Local Ring0 Root Exploit || http://www.exploit-db.com/exploits/9435 || Language=c
- - Test Kernel Local Root Exploit 0day || http://www.exploit-db.com/exploits/9191 || Language=c
- - 2.4/2.6 bluez Local Root Privilege Escalation Exploit (update) || http://www.exploit-db.com/exploits/926 || Language=c
- - CAP_SYS_ADMIN to root Exploit || http://www.exploit-db.com/exploits/15916 || Language=c
- - 2.4/2.6 sock_sendpage() Local Root Exploit (ppc) || http://www.exploit-db.com/exploits/9545 || Language=c
- - 2.6 UDEV Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8478 || Language=c
- - MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
- - < 2.6.36.2 Econet Privilege Escalation Exploit || http://www.exploit-db.com/exploits/17787 || Language=c
- - Sendpage Local Privilege Escalation || http://www.exploit-db.com/exploits/19933 || Language=ruby**
- - < 2.6.37-rc2 ACPI custom_method Privilege Escalation || http://www.exploit-db.com/exploits/15774 || Language=c
- - 'pipe.c' Local Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/10018 || Language=sh
- - 2.4/2.6 sock_sendpage() Local Root Exploit [3] || http://www.exploit-db.com/exploits/9641 || Language=c
- - <= 2.6.37 Local Privilege Escalation || http://www.exploit-db.com/exploits/15704 || Language=c
- - 2.4.x / 2.6.x uselib() Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/895 || Language=c
- Finished
- =================================================================================================
- bash-3.1$
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement