Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [alice@fc4 ~]$ python linuxprivchecker.py
- =================================================================================================
- LINUX PRIVILEGE ESCALATION CHECKER
- =================================================================================================
- [*] GETTING BASIC SYSTEM INFO...
- [+] Kernel
- Linux version 2.6.11-1.1369_FC4 (bhcompile@decompose.build.redhat.com) (gcc version 4.0.0 20050525 (Red Hat 4.0.0-9)) #1 Thu Jun 2 22:55:56 EDT 2005
- [+] Hostname
- fc4.thinc.local
- [+] Operating System
- Fedora Core release 4 (Stentz)
- Kernel \r on an \m
- [*] GETTING NETWORKING INFO...
- [+] Interfaces
- eth0 Link encap:Ethernet HWaddr 00:50:56:89:79:72
- inet addr:10.11.1.141 Bcast:10.11.255.255 Mask:255.255.0.0
- inet6 addr: fe80::250:56ff:fe89:7972/64 Scope:Link
- UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
- RX packets:17622 errors:77 dropped:0 overruns:0 frame:0
- TX packets:10146 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:1000
- RX bytes:2519052 (2.4 MiB) TX bytes:2918271 (2.7 MiB)
- Interrupt:10 Base address:0x2024
- lo Link encap:Local Loopback
- inet addr:127.0.0.1 Mask:255.0.0.0
- inet6 addr: ::1/128 Scope:Host
- UP LOOPBACK RUNNING MTU:16436 Metric:1
- RX packets:164 errors:0 dropped:0 overruns:0 frame:0
- TX packets:164 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:15680 (15.3 KiB) TX bytes:15680 (15.3 KiB)
- sit0 Link encap:IPv6-in-IPv4
- NOARP MTU:1480 Metric:1
- RX packets:0 errors:0 dropped:0 overruns:0 frame:0
- TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
- collisions:0 txqueuelen:0
- RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
- [+] Netstat
- Active Internet connections (servers and established)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN -
- tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
- tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
- tcp 0 0 :::22 :::* LISTEN -
- tcp 0 1500 ::ffff:10.11.1.141:22 ::ffff:10.11.0.146:35858 ESTABLISHED -
- udp 0 0 0.0.0.0:10000 0.0.0.0:* -
- udp 0 0 0.0.0.0:111 0.0.0.0:* -
- udp 0 0 0.0.0.0:631 0.0.0.0:* -
- [+] Route
- [*] GETTING FILESYSTEM INFO...
- [+] Mount results
- /dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
- /dev/proc on /proc type proc (rw)
- /dev/sys on /sys type sysfs (rw)
- /dev/devpts on /dev/pts type devpts (rw,gid=5,mode=620)
- /dev/sda1 on /boot type ext3 (rw)
- /dev/shm on /dev/shm type tmpfs (rw)
- none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
- sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
- automount(pid2543) on /net type autofs (rw,fd=4,pgrp=2543,minproto=2,maxproto=4)
- automount(pid2530) on /misc type autofs (rw,fd=4,pgrp=2530,minproto=2,maxproto=4)
- [+] fstab entries
- # This file is edited by fstab-sync - see 'man fstab-sync' for details
- /dev/VolGroup00/LogVol00 / ext3 defaults 1 1
- LABEL=/boot /boot ext3 defaults 1 2
- /dev/devpts /dev/pts devpts gid=5,mode=620 0 0
- /dev/shm /dev/shm tmpfs defaults 0 0
- /dev/proc /proc proc defaults 0 0
- /dev/sys /sys sysfs defaults 0 0
- /dev/VolGroup00/LogVol01 swap swap defaults 0 0
- /dev/fd0 /media/floppy2 auto pamconsole,exec,noauto,managed 0 0
- /dev/hda /media/cdrecorder auto pamconsole,exec,noauto,managed 0 0
- [+] Scheduled cron jobs
- -rw-r--r-- 1 root root 0 May 20 2007 /etc/cron.deny
- -rw-r--r-- 1 root root 255 Sep 20 2004 /etc/crontab
- /etc/cron.d:
- total 24
- drwxr-xr-x 2 root root 4096 Apr 14 2005 .
- drwxr-xr-x 76 root root 12288 May 9 11:48 ..
- /etc/cron.daily:
- total 124
- drwxr-xr-x 2 root root 4096 May 20 2007 .
- drwxr-xr-x 76 root root 12288 May 9 11:48 ..
- lrwxrwxrwx 1 root root 28 May 20 2007 00-logwatch -> ../log.d/scripts/logwatch.pl
- -rwxr-xr-x 1 root root 135 Mar 4 2005 00webalizer
- -rwxr-xr-x 1 root root 276 Mar 16 2005 0anacron
- -rwxr-xr-x 1 root root 1042 May 13 2005 certwatch
- -rwxr-xr-x 1 root root 118 Mar 31 2005 cups
- -rwxr-xr-x 1 root root 180 Mar 31 2005 logrotate
- -rwxr-xr-x 1 root root 418 Apr 8 2005 makewhatis.cron
- -rwxr-xr-x 1 root root 2133 Nov 23 2004 prelink
- -rwxr-xr-x 1 root root 104 May 24 2005 rpm
- -rwxr-xr-x 1 root root 246 Apr 16 2005 slocate.cron
- -rwxr-xr-x 1 root root 100 May 9 2005 tetex.cron
- -rwxr-xr-x 1 root root 286 Apr 16 2005 tmpwatch
- -rwxr-xr-x 1 root root 158 May 25 2005 yum.cron
- /etc/cron.hourly:
- total 24
- drwxr-xr-x 2 root root 4096 Sep 20 2004 .
- drwxr-xr-x 76 root root 12288 May 9 11:48 ..
- /etc/cron.monthly:
- total 32
- drwxr-xr-x 2 root root 4096 May 20 2007 .
- drwxr-xr-x 76 root root 12288 May 9 11:48 ..
- -rwxr-xr-x 1 root root 278 Mar 16 2005 0anacron
- /etc/cron.weekly:
- total 48
- drwxr-xr-x 2 root root 4096 May 20 2007 .
- drwxr-xr-x 76 root root 12288 May 9 11:48 ..
- -rwxr-xr-x 1 root root 277 Mar 16 2005 0anacron
- -rwxr-xr-x 1 root root 414 Apr 8 2005 makewhatis.cron
- -rwxr-xr-x 1 root root 90 May 25 2005 yum.cron
- [+] Writable cron dirs
- lrwxrwxrwx 1 root root 28 May 20 2007 00-logwatch -> ../log.d/scripts/logwatch.pl
- [*] ENUMERATING USER AND ENVIRONMENTAL INFO...
- [+] Logged in User Activity
- 12:31:14 up 1:47, 1 user, load average: 0.00, 0.00, 0.00
- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
- alice pts/0 10.11.0.146 10:53 0.00s 0.30s 0.01s python linuxpri
- [+] Sudoers (privileged)
- [+] All users
- root:x:0:0:root:/root:/bin/bash
- bin:x:1:1:bin:/bin:/sbin/nologin
- daemon:x:2:2:daemon:/sbin:/sbin/nologin
- adm:x:3:4:adm:/var/adm:/sbin/nologin
- lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
- sync:x:5:0:sync:/sbin:/bin/sync
- shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
- halt:x:7:0:halt:/sbin:/sbin/halt
- mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
- news:x:9:13:news:/etc/news:
- uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
- operator:x:11:0:operator:/root:/sbin/nologin
- games:x:12:100:games:/usr/games:/sbin/nologin
- gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
- ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
- nobody:x:99:99:Nobody:/:/sbin/nologin
- dbus:x:81:81:System message bus:/:/sbin/nologin
- vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
- rpm:x:37:37::/var/lib/rpm:/sbin/nologin
- haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
- pcap:x:77:77::/var/arpwatch:/sbin/nologin
- nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
- named:x:25:25:Named:/var/named:/sbin/nologin
- netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
- sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
- rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
- mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
- smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
- rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
- nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
- apache:x:48:48:Apache:/var/www:/sbin/nologin
- squid:x:23:23::/var/spool/squid:/sbin/nologin
- webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
- xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
- ntp:x:38:38::/etc/ntp:/sbin/nologin
- mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
- bob:x:500:500::/home/bob:/bin/bash
- alice:x:501:501::/home/alice:/bin/bash
- [+] Current User ID
- uid=501(alice) gid=501(alice) groups=501(alice) context=user_u:system_r:unconfined_t
- [+] Super Users Found:
- root
- [+] Environment
- HOSTNAME=fc4.thinc.local
- SHELL=/bin/bash
- TERM=xterm-256color
- HISTSIZE=1000
- SSH_CLIENT=::ffff:10.11.0.146 35858 22
- SSH_TTY=/dev/pts/0
- USER=alice
- PATH=/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/alice/bin
- MAIL=/var/spool/mail/alice
- _=/bin/env
- PWD=/home/alice
- INPUTRC=/etc/inputrc
- LANG=en_US.UTF-8
- HOME=/home/alice
- SHLVL=2
- LOGNAME=alice
- SSH_CONNECTION=::ffff:10.11.0.146 35858 ::ffff:10.11.1.141 22
- LESSOPEN=|/usr/bin/lesspipe.sh %s
- G_BROKEN_FILENAMES=1
- [+] Current User
- alice
- [+] Root and current user history (depends on privs)
- -rw------- 1 alice alice 41 May 9 11:55 /home/alice/.bash_history
- [*] ENUMERATING FILE AND DIRECTORY PERMISSIONS/CONTENTS...
- [+] World Writeable Directories for User/Group 'Root'
- drwxrwxrwt 2 root root 4096 Sep 29 2011 /var/tmp
- drwxrwxrwt 2 root root 4096 May 20 2007 /var/lib/texmf
- drwxrwxrwt 2 root root 4096 May 27 2005 /var/spool/vbox
- drwxrwxrwt 2 root root 4096 May 2 2005 /var/spool/samba
- drwxrwxrwt 2 root root 4096 May 9 12:28 /tmp
- drwxrwxrwt 2 root root 40 Jun 17 2016 /dev/shm
- [+] World Writeable Directories for Users other than Root
- [+] World Writable Files
- -rw-rw-rw- 1 root root 0 Jun 16 2016 /selinux/member
- -rw-rw-rw- 1 root root 0 Jun 16 2016 /selinux/user
- -rw-rw-rw- 1 root root 0 Jun 16 2016 /selinux/relabel
- -rw-rw-rw- 1 root root 0 Jun 16 2016 /selinux/create
- -rw-rw-rw- 1 root root 0 Jun 16 2016 /selinux/access
- -rw-rw-rw- 1 root root 0 Jun 16 2016 /selinux/context
- [+] Checking if root's home folder is accessible
- [+] SUID/SGID Files and Directories
- -rwxr-sr-x 1 root root 11373 May 25 2005 /sbin/netreport
- -r-sr-xr-x 1 root root 49547 May 2 2005 /sbin/unix_chkpwd
- -r-s--x--x 1 root root 19930 May 2 2005 /sbin/pam_timestamp_check
- -r-sr-xr-x 1 root root 297264 May 2 2005 /sbin/pwdb_chkpwd
- -r-s--x--- 1 root apache 11260 May 23 2005 /usr/sbin/suexec
- -rws--x--x 1 root root 35960 May 11 2005 /usr/sbin/userhelper
- -rwsr-xr-x 1 root root 6996 May 27 2005 /usr/sbin/userisdnctl
- -rwsr-xr-x 1 root root 15646 May 25 2005 /usr/sbin/usernetctl
- -rwxr-sr-x 1 root lock 15372 Mar 5 2005 /usr/sbin/lockdev
- -rwxr-sr-x 1 root utmp 17359 Mar 3 2005 /usr/sbin/utempter
- -rwxr-sr-x 1 root smmsp 774264 May 6 2005 /usr/sbin/sendmail.sendmail
- -rwxr-sr-x 1 root slocate 40336 Apr 16 2005 /usr/bin/slocate
- -rwsr-xr-x 1 root root 18392 Mar 5 2005 /usr/bin/rcp
- ---s--x--x 2 root root 108964 Apr 12 2005 /usr/bin/sudo
- -rwsr-xr-x 1 root root 123141 May 23 2005 /usr/bin/gpasswd
- -rwsr-xr-x 1 root root 105073 May 23 2005 /usr/bin/chage
- -rwsr-xr-x 1 root root 12344 Mar 5 2005 /usr/bin/rlogin
- -rws--x--x 1 root root 19924 May 4 2005 /usr/bin/chsh
- -rwxr-sr-x 1 root mail 14616 Mar 18 2005 /usr/bin/lockfile
- -rwxr-sr-x 1 root tty 10852 May 4 2005 /usr/bin/write
- -r-s--x--x 1 root root 18852 Mar 7 2005 /usr/bin/passwd
- -rwxr-sr-x 1 root screen 352020 May 27 2005 /usr/bin/screen
- -rwsr-xr-x 1 root root 8852 Mar 5 2005 /usr/bin/rsh
- -rwsr-xr-x 1 root root 44088 Apr 8 2005 /usr/bin/at
- -rwsr-xr-x 1 root root 19519 Mar 31 2005 /usr/bin/lppasswd
- -rwsr-xr-x 1 root root 73474 May 23 2005 /usr/bin/newgrp
- -rwsr-xr-x 1 root root 79060 Apr 14 2005 /usr/bin/crontab
- -rws--x--x 1 root root 18056 May 4 2005 /usr/bin/chfn
- -r-xr-sr-x 1 root tty 9752 Apr 27 2005 /usr/bin/wall
- -rwxr-sr-x 1 root nobody 67572 May 16 2005 /usr/bin/ssh-agent
- ---s--x--x 2 root root 108964 Apr 12 2005 /usr/bin/sudoedit
- -r-sr-xr-x 1 root root 9532 Feb 26 2015 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
- -r-sr-xr-x 1 root root 10224 Feb 26 2015 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
- -rws--x--x 1 root root 425662 May 16 2005 /usr/libexec/openssh/ssh-keysign
- drwxr-sr-x 111 root root 4096 May 20 2007 /usr/libexec/webmin
- -rwsr-xr-x 1 root root 24004 Mar 4 2005 /bin/traceroute
- -rwsr-xr-x 1 root root 31308 Apr 7 2005 /bin/ping6
- -rwsr-xr-x 1 root root 59740 May 25 2005 /bin/su
- -rwsr-xr-x 1 root root 35616 Apr 7 2005 /bin/ping
- -rwsr-xr-x 1 root root 75240 May 4 2005 /bin/umount
- -rwsr-xr-x 1 root root 14304 Apr 7 2005 /bin/traceroute6
- -rwsr-xr-x 1 root root 100324 May 4 2005 /bin/mount
- [+] Logs containing keyword 'password'
- [+] Config files containing keyword 'password'
- /etc/pear.conf:a:20:{s:13:"master_server";s:12:"pear.php.net";s:10:"http_proxy";s:0:"";s:7:"php_dir";s:15:"/usr/share/pear";s:7:"ext_dir";s:20:"/usr/lib/php/modules";s:7:"doc_dir";s:19:"/usr/share/pear/doc";s:7:"bin_dir";s:8:"/usr/bin";s:8:"data_dir";s:20:"/usr/share/pear/data";s:8:"test_dir";s:20:"/usr/share/pear/test";s:9:"cache_dir";s:15:"/tmp/pear/cache";s:7:"php_bin";s:12:"/usr/bin/php";s:8:"username";s:0:"";s:8:"password";s:0:"";s:7:"verbose";i:1;s:15:"preferred_state";s:6:"stable";s:5:"umask";i:18;s:9:"cache_ttl";i:3600;s:8:"sig_type";s:3:"gpg";s:7:"sig_bin";s:12:"/usr/bin/gpg";s:9:"sig_keyid";s:0:"";s:10:"sig_keydir";s:13:"/etc/pearkeys";}
- /etc/lftp.conf:## This can be e.g. TIS-FWTK or rftpd. User and password are optional.
- /etc/httpd/conf.d/ssl.conf:# Note that no password is obtained from the user. Every entry in the user
- /etc/httpd/conf.d/ssl.conf:# file needs this password: `xxj31ZMTZzkVA'.
- /etc/cups/cupsd.conf.save:# and Deny lines, or by requiring a username and password.
- /etc/cups/cupsd.conf.save:# and Deny lines, or by requiring a username and password.
- /etc/cups/cupsd.conf.save:# and Deny lines, or by requiring a username and password.
- /etc/cups/cupsd.conf.save:# and Deny lines, or by requiring a username and password.
- /etc/cups/cupsd.conf.save:# and Deny lines, or by requiring a username and password.
- /etc/cups/cupsd.conf.save:## Require a username and password (Basic authentication)
- /etc/cups/cupsd.conf.save:## Require a username and password (Digest/MD5 authentication)
- /etc/ltrace.conf:; pwd.h
- /etc/webmin/module.infos.cache:passwd longdesc=Change the password of any user on the system.
- /etc/webmin/module.infos.cache:change-user longdesc=Allows the current Webmin user to change his language, theme and possibly password.
- /etc/webmin/module.infos.cache:passwd passwd=Change the passwords of Unix users.
- /etc/webmin/module.infos.cache:cluster-passwd longdesc=Change passwords on multiple systems in a Webmin cluster at once.
- /etc/samba/smb.conf:# Use password server option only with security = server
- /etc/samba/smb.conf:; password server = <NT-Server-Name>
- /etc/samba/smb.conf:# Password Level allows matching of _n_ characters of the password for
- /etc/samba/smb.conf:; password level = 8
- /etc/samba/smb.conf:# You may wish to use password encryption. Please read
- /etc/samba/smb.conf:; encrypt passwords = yes
- /etc/samba/smb.conf:# The following are needed to allow password changing from Windows to
- /etc/samba/smb.conf:# update the Linux system password also.
- /etc/samba/smb.conf:# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
- /etc/samba/smb.conf:# the encrypted SMB passwords. They allow the Unix password
- /etc/samba/smb.conf:# to be kept in sync with the SMB password.
- /etc/samba/smb.conf:; unix password sync = Yes
- /etc/samba/smb.conf:; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
- /etc/ldap.conf:# Search the root DSE for the password policy (works
- /etc/ldap.conf:# If you are using XAD, you can set pam_password
- /etc/ldap.conf:# Do not hash the password at all; presume
- /etc/ldap.conf:#pam_password clear
- /etc/ldap.conf:# Hash password locally; required for University of
- /etc/ldap.conf:#pam_password crypt
- /etc/ldap.conf:# Remove old password first, then update in
- /etc/ldap.conf:#pam_password nds
- /etc/ldap.conf:#pam_password racf
- /etc/ldap.conf:# Update Active Directory password, by
- /etc/ldap.conf:# creating Unicode password and updating
- /etc/ldap.conf:#pam_password ad
- /etc/ldap.conf:# Use the OpenLDAP password change
- /etc/ldap.conf:# extended operation to update the password.
- /etc/ldap.conf:#pam_password exop
- /etc/ldap.conf:# Redirect users to a URL or somesuch on password
- /etc/ldap.conf:#pam_password_prohibit_message Please visit http://internal to change your password.
- /etc/ldap.conf:#pam_password ad
- /etc/ldap.conf:#nss_map_attribute shadowLastChange pwdLastSet
- /etc/ldap.conf:#pam_password ad
- /etc/ldap.conf:#nss_map_attribute shadowLastChange pwdLastSet
- /etc/ldap.conf:#pam_password ad
- /etc/ldap.conf:# configure --enable-authpassword is no longer supported
- /etc/ldap.conf:#nss_map_attribute userPassword passwordChar
- /etc/ldap.conf:#pam_password clear
- /etc/ldap.conf:# at present and does not support password policy control
- /etc/ldap.conf:pam_password md5
- /etc/log.d/conf/services/pam_pwdb.conf:# $Id: pam_pwdb.conf,v 1.10 2005/02/24 17:05:20 kirk Exp $
- /etc/log.d/conf/services/pam_pwdb.conf:Title = "PAM_pwdb"
- /etc/log.d/conf/services/pam_pwdb.conf:# Only give lines pertaining to the PAM_pwdb service...
- /etc/log.d/conf/services/pam_pwdb.conf:*OnlyService = pam_pwdb
- /etc/log.d/conf/logwatch.conf:#Service = pam_pwdb # PAM_pwdb messages - usually quite a bit
- /etc/log.d/logwatch.conf:#Service = pam_pwdb # PAM_pwdb messages - usually quite a bit
- /etc/squid/squid.conf.default:# login=user:password | PASS | *:password
- /etc/squid/squid.conf.default:# use 'login=user:password' if this is a personal/workgroup
- /etc/squid/squid.conf.default:# password to the peer. USE WITH CAUTION
- /etc/squid/squid.conf.default:# use 'login=*:password' to pass the username to the
- /etc/squid/squid.conf.default:# upstream cache, but with a fixed password. This is meant
- /etc/squid/squid.conf.default:# the login=username:password option above.
- /etc/squid/squid.conf.default:# If you want the anonymous login password to be more informative
- /etc/squid/squid.conf.default:# reads a line containing "username password" and replies "OK" or
- /etc/squid/squid.conf.default:# backlog of usercode/password verifications, slowing it down. When
- /etc/squid/squid.conf.default:# password verifications are done via a (slow) network you are likely to
- /etc/squid/squid.conf.default:# will see when prompted their username and password).
- /etc/squid/squid.conf.default:# username:password pair is valid for - in other words how often the
- /etc/squid/squid.conf.default:# revalidation with short lived passwords. Note that setting this high
- /etc/squid/squid.conf.default:# using an one-time password system (such as SecureID). If you are using
- /etc/squid/squid.conf.default:# when prompted their username and password).
- /etc/squid/squid.conf.default:# # to check username/password combinations (see
- /etc/squid/squid.conf.default:#acl password proxy_auth REQUIRED
- /etc/squid/squid.conf.default:# user's default group ID (taken from the password file) and
- /etc/squid/squid.conf.default:# Specify passwords for cachemgr operations.
- /etc/squid/squid.conf.default:# Usage: cachemgr_passwd password action action ...
- /etc/squid/squid.conf.default:# valid password, others can be performed if not listed here.
- /etc/squid/squid.conf.default:# To disable an action, set the password to "disable".
- /etc/squid/squid.conf.default:# To allow performing an action without a password, set the
- /etc/squid/squid.conf.default:# password to "none".
- /etc/squid/squid.conf.default:# Use the keyword "all" to set the same password for all actions.
- /etc/pki/tls/openssl.cnf:# input_password = secret
- /etc/pki/tls/openssl.cnf:# output_password = secret
- /etc/pki/tls/openssl.cnf:challengePassword = A challenge password
- /etc/pwdb.conf:# This is the configuration file for the pwdb library
- /etc/my.cnf:# Default to using old password format for compatibility with mysql 3.x
- /etc/my.cnf:old_passwords=1
- Binary file /etc/prelink.cache matches
- [+] Shadow File (Privileged)
- [*] ENUMERATING PROCESSES AND APPLICATIONS...
- [+] Installed Packages
- 4Suite-1.0-8.b1
- acl-2.2.23-8
- acpid-1.0.4-1
- alchemist-1.0.36-1
- alsa-lib-1.0.9rc4-2
- alsa-utils-1.0.9rc2-2
- anacron-2.3-34
- apmd-3.2.2-3
- apr-0.9.6-3
- apr-util-0.9.6-2
- aspell-0.50.5-6
- aspell-en-0.51-12
- at-3.1.8-77_FC4
- atk-1.9.1-1
- attr-2.4.16-5
- audiofile-0.2.6-2
- audit-0.8.2-1
- audit-libs-0.8.2-1
- authconfig-4.6.12-1
- authconfig-gtk-4.6.12-1
- autoconf-2.59-5
- autofs-4.1.4-5
- automake14-1.4p6-12
- automake15-1.5-13
- automake16-1.6.3-5
- automake17-1.7.9-6
- automake-1.9.5-1
- basesystem-8.0-5
- bash-3.0-31
- bc-1.06-18
- beecrypt-4.1.2-8
- bind-9.3.1-4
- bind-libs-9.3.1-4
- bind-utils-9.3.1-4
- binutils-2.15.94.0.2.2-2
- bison-2.0-6
- bluez-hcidump-1.18-1
- bluez-libs-2.15-1
- bluez-pin-0.24-2
- bluez-utils-2.15-7
- boost-1.32.0-6
- boost-devel-1.32.0-6
- byacc-1.9-29
- bzip2-1.0.2-16
- bzip2-devel-1.0.2-16
- bzip2-libs-1.0.2-16
- caching-nameserver-7.3-3
- cadaver-0.22.2-2
- checkpolicy-1.23.1-1
- chkconfig-1.3.20-1
- chkfontpath-1.10.0-4
- ckermit-8.0.211-1
- comps-4-0.20050606
- comps-extras-10.3-1
- coreutils-5.2.1-48
- cpio-2.6-7
- cpp-4.0.0-8
- cpuspeed-1.2.1-1.21
- cracklib-2.8.2-1
- cracklib-dicts-2.8.2-1
- crash-3.10-13
- crontabs-1.10-7
- crypto-utils-2.2-5
- cscope-15.5-12
- ctags-5.5.4-3
- cups-1.1.23-15
- cups-libs-1.1.23-15
- curl-7.13.1-3
- curl-devel-7.13.1-3
- cvs-1.11.19-8
- cyrus-sasl-2.1.20-5
- cyrus-sasl-devel-2.1.20-5
- cyrus-sasl-md5-2.1.20-5
- cyrus-sasl-plain-2.1.20-5
- db4-4.3.27-3
- db4-devel-4.3.27-3
- db4-utils-4.3.27-3
- dbus-0.33-3
- dbus-devel-0.33-3
- dbus-glib-0.33-3
- dbus-python-0.33-3
- desktop-file-utils-0.10-1
- device-mapper-1.01.02-1.0
- dhclient-3.0.2-12
- dhcpv6_client-0.10-13
- dialog-1.0.20050306-1
- diffstat-1.38-2
- diffutils-2.8.1-15
- diskdumputils-1.0.1-6
- distcache-1.4.5-7
- dmraid-1.0.0.rc8-FC4_5
- dos2unix-3.1-24
- dosfstools-2.10-3
- doxygen-1.4.2-1
- dump-0.4b40-2
- e2fsprogs-1.37-4
- e2fsprogs-devel-1.37-4
- ed-0.2-38
- eject-2.0.13-15
- elfutils-0.108-1
- elfutils-libelf-0.108-1
- elinks-0.10.3-3
- esound-0.2.35-5
- ethtool-3-1
- expat-1.95.8-6
- expat-devel-1.95.8-6
- fbset-2.1-20
- fedora-logos-1.1.31-1
- fedora-release-4-2
- fetchmail-6.2.5-7
- file-4.13-4
- filesystem-2.3.4-1
- findutils-4.2.20-1
- finger-0.17-28
- flex-2.5.4a-34
- fontconfig-2.2.3-13
- foomatic-3.0.2-19
- freeglut-2.2.0-16
- freetype-2.1.9-2
- ftp-0.17-26
- gail-1.8.3-2
- gamin-0.1.0-1.1
- gawk-3.1.4-5
- gcc-4.0.0-8
- gcc-c++-4.0.0-8
- gcc-gfortran-4.0.0-8
- GConf2-2.10.0-4
- gd-2.0.33-2
- gdb-6.3.0.0-1.21
- gdbm-1.8.0-25
- gdbm-devel-1.8.0-25
- gettext-0.14.3-1
- ghostscript-7.07-40
- ghostscript-fonts-5.50-13
- glib-1.2.10-16
- glib2-2.6.4-1
- glib2-devel-2.6.4-1
- glibc-2.3.5-10
- glibc-common-2.3.5-10
- glibc-devel-2.3.5-10
- glibc-headers-2.3.5-10
- glibc-kernheaders-2.4-9.1.94
- gmp-4.1.4-6
- gmp-devel-4.1.4-6
- gnome-keyring-0.4.2-1
- gnome-mime-data-2.4.2-1
- gnome-python2-2.10.0-1
- gnome-python2-bonobo-2.10.0-1
- gnome-python2-canvas-2.10.0-1
- gnome-python2-extras-2.10.0-2.1
- gnome-python2-gnomevfs-2.10.0-1
- gnome-python2-gtkhtml2-2.10.0-2.1
- gnome-vfs2-2.10.0-5
- gnupg-1.4.1-3
- gpm-1.20.1-71
- gpm-devel-1.20.1-71
- grep-2.5.1-48
- groff-1.18.1.1-5
- grub-0.95-13
- gtk2-2.6.7-4
- gtkhtml2-2.6.3-1
- gzip-1.3.5-6
- hal-0.5.2-2
- hardlink-1.0-1.13
- hdparm-5.9-1
- hesiod-3.0.2-31
- hesiod-devel-3.0.2-31
- hotplug-2004_09_23-7
- howl-0.9.8-3
- howl-libs-0.9.8-3
- htmlview-3.0.0-11
- httpd-2.0.54-10
- httpd-manual-2.0.54-10
- hwdata-0.158-1
- indent-2.2.9-8
- info-4.8-4
- initscripts-8.11.1-1
- iproute-2.6.11-1
- ipsec-tools-0.5-4
- iptables-1.3.0-2
- iptstate-1.4-1.1
- iputils-20020927-22
- irda-utils-0.9.16-7
- isdn4k-utils-3.2-28
- jpackage-utils-1.6.3-1jpp_1rh
- jwhois-3.2.2-14
- kbd-1.12-10
- kernel-2.6.11-1.1369_FC4
- kernel-devel-2.6.11-1.1369_FC4
- krb5-devel-1.4-3
- krb5-libs-1.4-3
- krb5-workstation-1.4-3
- krbafs-1.2.2-7
- krbafs-devel-1.2.2-7
- ksh-20050202-1
- kudzu-1.1.116.2-2
- kudzu-devel-1.1.116.2-2
- less-382-7
- lftp-3.1.3-1
- lha-1.14i-19
- libacl-2.2.23-8
- libacl-devel-2.2.23-8
- libart_lgpl-2.3.17-2
- libattr-2.4.16-5
- libattr-devel-2.4.16-5
- libbonobo-2.8.1-1
- libbonoboui-2.8.1-4
- libcap-1.10-22
- libcap-devel-1.10-22
- libdbi-0.7.2-2
- libdbi-dbd-mysql-0.7.1-3
- libdbi-drivers-0.7.1-3
- libgcc-4.0.0-8
- libgcrypt-1.2.1-1
- libgfortran-4.0.0-8
- libglade2-2.5.1-2
- libgnome-2.10.0-3
- libgnomecanvas-2.10.0-1
- libgnomeui-2.10.0-1
- libgpg-error-1.0-2
- libIDL-0.8.5-2
- libidn-0.5.15-1
- libidn-devel-0.5.15-1
- libjpeg-6b-34
- libmng-1.0.9-1
- libogg-1.1.2-2
- libogg-devel-1.1.2-2
- libpcap-0.8.3-12
- libpng-1.2.8-2
- libselinux-1.23.10-2
- libselinux-devel-1.23.10-2
- libsepol-1.5.9-2
- libstdc++-4.0.0-8
- libstdc++-devel-4.0.0-8
- libtermcap-2.0.8-41
- libtermcap-devel-2.0.8-41
- libtiff-3.7.1-6
- libtool-1.5.16.multilib2-1
- libtool-ltdl-1.5.16.multilib2-1
- libusb-0.1.10a-1
- libusb-devel-0.1.10a-1
- libuser-0.53.7-1
- libuser-devel-0.53.7-1
- libvorbis-1.1.0-2
- libvorbis-devel-1.1.0-2
- libwnck-2.10.0-3
- libwvstreams-3.75.0-5
- libxml2-2.6.19-1
- libxml2-devel-2.6.19-1
- libxml2-python-2.6.19-1
- libxslt-1.1.14-2
- lockdev-1.0.1-7
- lockdev-devel-1.0.1-7
- logrotate-3.7.1-10
- logwatch-6.0.1-2
- lrzsz-0.12.20-21
- lsof-4.74-7
- ltrace-0.3.36-3
- lvm2-2.01.08-2.1
- m4-1.4.3-1
- mailcap-2.1.19-1
- mailx-8.1.1-44
- make-3.80-7
- MAKEDEV-3.19-1
- man-1.5p-4
- man-pages-1.67-7
- mdadm-1.11.0-4.fc4
- mgetty-1.1.33-1
- mingetty-1.07-5
- minicom-2.00.0-21
- mkbootdisk-1.5.2-5
- mkinitrd-4.2.15-1
- mktemp-1.5-23
- mod_perl-2.0.0-0.rc5.3
- mod_python-3.1.4-2
- mod_ssl-2.0.54-10
- module-init-tools-3.1-3
- mpage-2.5.4-5
- mtools-3.9.9-13
- mtr-0.69-3
- mutt-1.4.2.1-2
- mx-2.0.6-2
- MyODBC-2.50.39-24
- mysql-4.1.11-2
- mysqlclient10-3.23.58-6
- mysql-devel-4.1.11-2
- MySQL-python-1.2.0-1
- mysql-server-4.1.11-2
- nano-1.3.5-0.20050302
- nc-1.78-2
- ncurses-5.4-17
- ncurses-devel-5.4-17
- neon-0.24.7-6
- neon-devel-0.24.7-6
- netdump-0.7.7-6
- net-tools-1.60-52
- NetworkManager-0.4-15.cvs20050404
- newt-0.51.6-7
- newt-devel-0.51.6-7
- newt-perl-1.08-8
- nfs-utils-1.0.7-8
- nmap-3.81-3
- nscd-2.3.5-10
- nss_db-2.2-31
- nss_ldap-234-4
- ntp-4.2.0.a.20040617-8
- ntsysv-1.3.20-1
- numactl-0.6.4-1.18
- open-1.4-24
- openldap-2.2.23-5
- openldap-clients-2.2.23-5
- openldap-devel-2.2.23-5
- openssh-4.0p1-3
- openssh-clients-4.0p1-3
- openssh-server-4.0p1-3
- openssl-0.9.7f-7
- openssl-devel-0.9.7f-7
- oprofile-0.8.2-4
- ORBit2-2.12.1-3
- pam-0.79-8
- pam_ccreds-1-6
- pam-devel-0.79-8
- pam_krb5-2.1.7-3
- pam_passwdqc-0.7.6-1
- pam_smb-1.1.7-6
- pango-1.8.1-2
- parted-1.6.22-2
- passwd-0.69-2
- patch-2.5.4-24
- patchutils-0.2.30-4
- pax-3.0-11
- pciutils-2.1.99.test8-10
- pciutils-devel-2.1.99.test8-10
- pcmcia-cs-3.2.8-4.12
- pcre-5.0-4
- perl-5.8.6-15
- perl-BSD-Resource-1.24-3
- perl-Compress-Zlib-1.34-2
- perl-Convert-ASN1-0.19-1
- perl-Crypt-SSLeay-0.51-6
- perl-DateManip-5.42a-4
- perl-DBD-MySQL-2.9007-1
- perl-DBI-1.48-4
- perl-Filter-1.30-7
- perl-HTML-Parser-3.45-1
- perl-HTML-Tagset-3.04-1
- perl-LDAP-0.33-1
- perl-libwww-perl-5.803-2
- perl-libxml-enno-1.02-31
- perl-libxml-perl-0.08-1
- perl-Parse-Yapp-1.05-33
- perl-URI-1.35-2
- perl-XML-Dumper-0.71-4
- perl-XML-Encoding-1.01-27
- perl-XML-Grove-0.46alpha-27
- perl-XML-LibXML-1.58-2
- perl-XML-LibXML-Common-0.13-8
- perl-XML-NamespaceSupport-1.08-7
- perl-XML-Parser-2.34-6
- perl-XML-SAX-0.12-7
- perl-XML-Twig-3.17-1
- php-5.0.4-10
- php-ldap-5.0.4-10
- php-pear-5.0.4-10
- pinfo-0.6.8-11
- pkgconfig-0.15.0-6
- pm-utils-0.01-1
- pnm2ppa-1.04-13
- policycoreutils-1.23.10-2
- popt-1.10.1-21
- portmap-4.0-65
- ppp-2.4.2-7
- prelink-0.3.4-3
- procmail-3.22-16
- procps-3.2.5-6
- psacct-6.3.2-37
- psmisc-21.5-4
- pstack-1.2-4
- pygtk2-2.6.0-2
- pygtk2-libglade-2.6.0-2
- pyOpenSSL-0.6-1.p24.4
- pyorbit-2.0.1-4
- python-2.4.1-2
- python-devel-2.4.1-2
- python-elementtree-1.2.6-4
- python-ldap-2.0.6-4
- python-sqlite-1.1.6-1
- python-urlgrabber-2.9.6-1
- pyxf86config-0.3.19-4
- PyXML-0.8.4-3
- qt-3.3.4-14
- quota-3.12-6
- rcs-5.7-28
- rdate-1.4-4
- rdist-6.1.5-40
- readline-5.0-3
- readline-devel-5.0-3
- redhat-lsb-1.3-10
- redhat-menus-3.8-1
- redhat-rpm-config-8.0.34-1
- rhnlib-1.8-6.p24.1
- rhpl-0.167-1
- rmt-0.4b40-2
- rootfiles-8.1-1
- rpm-4.4.1-21
- rpm-build-4.4.1-21
- rpm-devel-4.4.1-21
- rpm-libs-4.4.1-21
- rpm-python-4.4.1-21
- rp-pppoe-3.5-27
- rsh-0.17-29
- rsync-2.6.4-3
- samba-3.0.14a-2
- samba-client-3.0.14a-2
- samba-common-3.0.14a-2
- schedutils-1.4.0-4
- screen-4.0.2-9
- sed-4.1.4-1
- selinux-policy-targeted-1.23.16-6
- sendmail-8.13.4-2
- setarch-1.7-3
- setools-2.1.0-5
- setserial-2.17-19
- setup-2.5.44-1
- setuptool-1.17.1-1
- shadow-utils-4.0.7-9
- shared-mime-info-0.16-3
- slang-1.4.9-17
- slang-devel-1.4.9-17
- slocate-2.7-22
- slrn-0.9.8.1-4
- sox-12.17.7-3
- specspo-9.0.92-1.3
- sqlite-3.1.2-3
- sqlite-devel-3.1.2-3
- squid-2.5.STABLE9-7
- startup-notification-0.8-2
- statserial-1.1-38
- strace-4.5.11-1
- stunnel-4.08-2
- sudo-1.6.8p8-1
- swig-1.3.24-2
- symlinks-1.2-24
- sysklogd-1.4.1-30
- syslinux-3.08-2
- sysreport-1.4.1-2
- system-config-date-1.7.18-1
- system-config-httpd-1.3.2-2
- system-config-keyboard-1.2.6-2
- system-config-language-1.1.9-2
- system-config-lvm-0.9.32-1.0
- system-config-mouse-1.2.11-1
- system-config-network-1.3.26-1
- system-config-network-tui-1.3.26-1
- system-config-nfs-1.3.10-1
- system-config-packages-1.2.25-1
- system-config-printer-0.6.131-1
- system-config-printer-gui-0.6.131-1
- system-config-rootpassword-1.1.7-2
- system-config-samba-1.2.31-1
- system-config-securitylevel-1.5.8-1
- system-config-securitylevel-tui-1.5.8-1
- system-config-services-0.8.25-1
- system-config-soundcard-1.2.11-5
- system-config-users-1.2.38-1
- SysVinit-2.85-39
- talk-0.17-29
- tar-1.15.1-5
- tcl-8.4.9-3
- tcpdump-3.8.2-12
- tcp_wrappers-7.6-39
- tcsh-6.14-1
- telnet-0.17-35
- termcap-5.4-4
- tetex-3.0-4
- tetex-fonts-3.0-4
- texinfo-4.8-4
- time-1.7-27
- tmpwatch-2.9.3-1
- traceroute-1.4a12-26
- ttmkfdir-3.0.9-16
- tux-3.2.18-4
- tzdata-2005i-2
- udev-058-1
- unix2dos-2.2-26
- unixODBC-2.2.11-1
- unzip-5.51-10
- up2date-4.4.23-4
- urw-fonts-2.3-1
- usermode-1.80-1
- usermode-gtk-1.80-1
- utempter-0.5.5-6
- util-linux-2.12p-9.3
- valgrind-2.4.0-2
- valgrind-callgrind-0.9.11-1
- vconfig-1.8-7
- vim-minimal-6.3.071-3
- vixie-cron-4.1-33
- webalizer-2.01_10-28
- webmin-1.280-1
- wget-1.9.1-22
- which-2.16-6
- wireless-tools-28-0.pre4.3
- words-3.0-7
- wvdial-1.54.0-5
- xdelta-1.1.3-16
- xorg-x11-font-utils-6.8.2-31
- xorg-x11-libs-6.8.2-31
- xorg-x11-Mesa-libGL-6.8.2-31
- xorg-x11-Mesa-libGLU-6.8.2-31
- xorg-x11-xauth-6.8.2-31
- xorg-x11-xfs-6.8.2-31
- ypbind-1.17.2-5
- yp-tools-2.8-8
- yum-2.3.2-7
- zip-2.3-30
- zlib-1.2.2.2-3
- zlib-devel-1.2.2.2-3
- zsh-4.2.1-2
- [+] Current processes
- USER PID START TIME COMMAND
- root 1 10:43 0:01 init
- root 2 10:43 0:00 [ksoftirqd/0]
- root 3 10:43 0:00 [watchdog/0]
- root 4 10:43 0:00 [events/0]
- root 5 10:43 0:00 [khelper]
- root 6 10:43 0:00 [kthread]
- root 8 10:43 0:00 [kacpid]
- root 165 10:43 0:00 [kblockd/0]
- root 168 10:43 0:00 [khubd]
- root 219 10:43 0:00 [pdflush]
- root 220 10:43 0:00 [pdflush]
- root 222 10:43 0:00 [aio/0]
- root 221 10:43 0:00 [kswapd0]
- root 373 10:43 0:00 [kseriod]
- root 533 10:43 0:00 [scsi_eh_0]
- root 549 10:43 0:00 [kmirrord/0]
- root 559 10:43 0:00 [kjournald]
- root 1272 10:43 0:00 udevd
- root 1306 10:43 0:00 [shpchpd_event]
- root 1434 10:43 0:00 [kjournald]
- root 1649 10:43 0:00 [vmmemctl]
- root 2026 10:43 0:00 /usr/sbin/vmtoolsd
- root 2283 10:43 0:00 syslogd
- root 2285 10:43 0:00 klogd
- rpc 2301 10:43 0:00 portmap
- root 2330 10:43 0:00 auditd
- root 2334 10:43 0:00 [kauditd]
- root 2357 10:43 0:00 rpc.idmapd
- root 2530 10:43 0:00 /usr/sbin/automount
- root 2543 10:43 0:00 /usr/sbin/automount
- root 2551 10:43 0:00 nifd
- root 2562 10:43 0:00 /usr/sbin/acpid
- root 2569 10:43 0:00 /usr/bin/perl
- root 2653 10:43 0:00 /usr/sbin/sshd
- root 2669 10:43 0:00 sendmail:
- smmsp 2675 10:43 0:00 sendmail:
- root 2683 10:43 0:00 gpm
- root 2690 10:43 0:00 crond
- xfs 2736 10:43 0:00 xfs
- root 2749 10:43 0:00 /usr/sbin/atd
- dbus 2756 10:43 0:00 dbus-daemon
- root 2767 10:43 0:00 hald
- root 2773 10:43 0:00 hald-addon-acpi
- root 2789 10:43 0:00 hald-addon-storage
- root 2795 10:43 0:00 /sbin/mingetty
- root 2796 10:43 0:00 /sbin/mingetty
- root 2797 10:43 0:00 /sbin/mingetty
- root 2798 10:43 0:00 /sbin/mingetty
- root 2799 10:43 0:00 /sbin/mingetty
- root 2800 10:43 0:00 /sbin/mingetty
- root 3419 10:52 0:00 sshd:
- alice 3422 10:53 0:00 sshd:
- alice 3423 10:53 0:00 -bash
- root 4662 11:48 0:00 cupsd
- alice 31312 12:31 0:00 python
- alice 31460 12:31 0:00 /bin/sh
- alice 31461 12:31 0:00 ps
- alice 31462 12:31 0:00 /bin/sh
- [+] Apache Version and Modules
- [+] Apache Config File
- [+] Sudo Version (Check out http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)
- Sudo version 1.6.8p8
- [*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...
- root 2530 10:43 0:00 /usr/sbin/automount
- root 2551 10:43 0:00 nifd
- root 2690 10:43 0:00 crond
- root 533 10:43 0:00 [scsi_eh_0]
- root 373 10:43 0:00 [kseriod]
- root 1 10:43 0:01 init
- Possible Related Packages:
- initscripts-8.11.1-1
- mkinitrd-4.2.15-1
- module-init-tools-3.1-3
- SysVinit-2.85-39
- root 2683 10:43 0:00 gpm
- Possible Related Packages:
- gpm-1.20.1-71
- gpm-devel-1.20.1-71
- root 1434 10:43 0:00 [kjournald]
- root 2357 10:43 0:00 rpc.idmapd
- root 2749 10:43 0:00 /usr/sbin/atd
- root 2334 10:43 0:00 [kauditd]
- root 2799 10:43 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5
- root 3 10:43 0:00 [watchdog/0]
- root 2653 10:43 0:00 /usr/sbin/sshd
- root 2798 10:43 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5
- root 2569 10:43 0:00 /usr/bin/perl
- Possible Related Packages:
- mod_perl-2.0.0-0.rc5.3
- newt-perl-1.08-8
- perl-5.8.6-15
- perl-BSD-Resource-1.24-3
- perl-Compress-Zlib-1.34-2
- perl-Convert-ASN1-0.19-1
- perl-Crypt-SSLeay-0.51-6
- perl-DateManip-5.42a-4
- perl-DBD-MySQL-2.9007-1
- perl-DBI-1.48-4
- perl-Filter-1.30-7
- perl-HTML-Parser-3.45-1
- perl-HTML-Tagset-3.04-1
- perl-LDAP-0.33-1
- perl-libwww-perl-5.803-2
- perl-libxml-enno-1.02-31
- perl-libxml-perl-0.08-1
- perl-Parse-Yapp-1.05-33
- perl-URI-1.35-2
- perl-XML-Dumper-0.71-4
- perl-XML-Encoding-1.01-27
- perl-XML-Grove-0.46alpha-27
- perl-XML-LibXML-1.58-2
- perl-XML-LibXML-Common-0.13-8
- perl-XML-NamespaceSupport-1.08-7
- perl-XML-Parser-2.34-6
- perl-XML-SAX-0.12-7
- perl-XML-Twig-3.17-1
- root 2789 10:43 0:00 hald-addon-storage
- root 1649 10:43 0:00 [vmmemctl]
- root 2796 10:43 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5
- root 2283 10:43 0:00 syslogd
- root 4662 11:48 0:00 cupsd
- root 2285 10:43 0:00 klogd
- Possible Related Packages:
- sysklogd-1.4.1-30
- root 4 10:43 0:00 [events/0]
- root 2767 10:43 0:00 hald
- root 549 10:43 0:00 [kmirrord/0]
- root 2795 10:43 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5
- root 6 10:43 0:00 [kthread]
- root 2330 10:43 0:00 auditd
- root 1272 10:43 0:00 udevd
- root 5 10:43 0:00 [khelper]
- root 2669 10:43 0:00 sendmail:
- root 2562 10:43 0:00 /usr/sbin/acpid
- Possible Related Packages:
- acpid-1.0.4-1
- root 221 10:43 0:00 [kswapd0]
- root 3419 10:52 0:00 sshd:
- root 168 10:43 0:00 [khubd]
- root 1306 10:43 0:00 [shpchpd_event]
- root 8 10:43 0:00 [kacpid]
- root 2773 10:43 0:00 hald-addon-acpi
- root 2 10:43 0:00 [ksoftirqd/0]
- root 559 10:43 0:00 [kjournald]
- root 222 10:43 0:00 [aio/0]
- root 219 10:43 0:00 [pdflush]
- root 2026 10:43 0:00 /usr/sbin/vmtoolsd
- root 2543 10:43 0:00 /usr/sbin/automount
- root 2797 10:43 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5
- root 2800 10:43 0:00 /sbin/mingetty
- Possible Related Packages:
- mingetty-1.07-5
- root 165 10:43 0:00 [kblockd/0]
- root 220 10:43 0:00 [pdflush]
- [*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...
- [+] Installed Tools
- /bin/awk
- /usr/bin/perl
- /usr/bin/python
- /usr/bin/gcc
- /usr/bin/cc
- /bin/vi
- /usr/bin/nmap
- /usr/bin/find
- /usr/bin/nc
- /usr/bin/wget
- /usr/kerberos/bin/ftp
- [+] Related Shell Escape Sequences...
- nmap--> --interactive
- vi--> :!bash
- vi--> :set shell=/bin/bash:shell
- awk--> awk 'BEGIN {system("/bin/bash")}'
- find--> find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
- perl--> perl -e 'exec "/bin/bash";'
- [*] FINDING RELEVENT PRIVILEGE ESCALATION EXPLOITS...
- Note: Exploits relying on a compile/scripting language not detected on this system are marked with a '**' but should still be tested!
- The following exploits are ranked higher in probability of success because this script detected a related running process, OS, or mounted file system
- - 2.6 UDEV < 141 Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8572 || Language=c
- - 2.6 UDEV Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8478 || Language=c
- The following exploits are applicable to this kernel version and should be investigated as well
- - < 2.6.19 udp_sendmsg Local Root Exploit || http://www.exploit-db.com/exploits/9575 || Language=c
- - Kernel ia32syscall Emulation Privilege Escalation || http://www.exploit-db.com/exploits/15023 || Language=c
- - < 2.6.29 exit_notify() Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8369 || Language=c
- - 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 Pipe.c Privelege Escalation || http://www.exploit-db.com/exploits/9844 || Language=python
- - < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit || http://www.exploit-db.com/exploits/14814 || Language=c
- - 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit || http://www.exploit-db.com/exploits/9542 || Language=c
- - Linux Kernel < 2.6.22 ftruncate()/open() Local Exploit || http://www.exploit-db.com/exploits/6851 || Language=c
- - 2.x sock_sendpage() Local Root Exploit 2 || http://www.exploit-db.com/exploits/9436 || Language=c
- - open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/25307 || Language=c
- - < 2.6.11.5 BLUETOOTH Stack Local Root Exploit || http://www.exploit-db.com/exploits/4756 || Language=c
- - 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver) || http://www.exploit-db.com/exploits/9479 || Language=c
- - <= 2.6.17.4 (proc) Local Root Exploit || http://www.exploit-db.com/exploits/2013 || Language=c
- - 2.6 UDEV < 141 Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8572 || Language=c
- - Linux Kernel <=2.6.28.3 set_selection() UTF-8 Off By One Local Exploit || http://www.exploit-db.com/exploits/9083 || Language=c
- - 2.4/2.6 sock_sendpage() Local Root Exploit [2] || http://www.exploit-db.com/exploits/9598 || Language=c
- - < 2.6.19 udp_sendmsg Local Root Exploit (x86/x64) || http://www.exploit-db.com/exploits/9574 || Language=c
- - <= 2.6.11 (CPL 0) Local Root Exploit (k-rad3.c) || http://www.exploit-db.com/exploits/1397 || Language=c
- - open-time Capability file_ns_capable() Privilege Escalation || http://www.exploit-db.com/exploits/25450 || Language=c
- - CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || http://www.exploit-db.com/exploits/15944 || Language=c
- - Linux RDS Protocol Local Privilege Escalation || http://www.exploit-db.com/exploits/15285 || Language=c
- - 2.6.x ptrace_attach Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8673 || Language=c
- - 2.x sock_sendpage() Local Ring0 Root Exploit || http://www.exploit-db.com/exploits/9435 || Language=c
- - 2.4/2.6 bluez Local Root Privilege Escalation Exploit (update) || http://www.exploit-db.com/exploits/926 || Language=c
- - CAP_SYS_ADMIN to root Exploit || http://www.exploit-db.com/exploits/15916 || Language=c
- - 2.4/2.6 sock_sendpage() Local Root Exploit (ppc) || http://www.exploit-db.com/exploits/9545 || Language=c
- - 2.6 UDEV Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/8478 || Language=c
- - MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
- - < 2.6.36.2 Econet Privilege Escalation Exploit || http://www.exploit-db.com/exploits/17787 || Language=c
- - Sendpage Local Privilege Escalation || http://www.exploit-db.com/exploits/19933 || Language=ruby**
- - < 2.6.37-rc2 ACPI custom_method Privilege Escalation || http://www.exploit-db.com/exploits/15774 || Language=c
- - 'pipe.c' Local Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/10018 || Language=sh
- - 2.4/2.6 sock_sendpage() Local Root Exploit [3] || http://www.exploit-db.com/exploits/9641 || Language=c
- - <= 2.6.37 Local Privilege Escalation || http://www.exploit-db.com/exploits/15704 || Language=c
- - 2.4.x / 2.6.x uselib() Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/895 || Language=c
- Finished
- =================================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement