2722 lines
165 KiB
Plaintext
2722 lines
165 KiB
Plaintext
▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄
|
|
▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄
|
|
▄▄▄▄ ▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄
|
|
▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄▄ ▄
|
|
▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄ ▄▄▄▄
|
|
▄▄ ▄▄▄ ▄▄▄▄▄ ▄▄▄
|
|
▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄
|
|
▄ ▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄
|
|
▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄
|
|
▄▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄
|
|
▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄ ▄ ▄▄
|
|
▄▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄
|
|
▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
▀▀▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▀▀▀▀▀▀
|
|
▀▀▀▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▀▀
|
|
▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀
|
|
|
|
/---------------------------------------------------------------------------------\
|
|
| Do you like PEASS? |
|
|
|---------------------------------------------------------------------------------|
|
|
| Get the latest version : https://github.com/sponsors/carlospolop |
|
|
| Follow on Twitter : @hacktricks_live |
|
|
| Respect on HTB : SirBroccoli |
|
|
|---------------------------------------------------------------------------------|
|
|
| Thank you! |
|
|
\---------------------------------------------------------------------------------/
|
|
linpeas-ng by carlospolop
|
|
|
|
ADVISORY: This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission.
|
|
|
|
Linux Privesc Checklist: https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist
|
|
LEGEND:
|
|
RED/YELLOW: 95% a PE vector
|
|
RED: You should take a look to it
|
|
LightCyan: Users with console
|
|
Blue: Users without console & mounted devs
|
|
Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs)
|
|
LightMagenta: Your username
|
|
|
|
YOU ARE ALREADY ROOT!!! (it could take longer to complete execution)
|
|
|
|
Starting linpeas. Caching Writable Folders...
|
|
|
|
╔═══════════════════╗
|
|
═══════════════════════════════╣ Basic information ╠═══════════════════════════════
|
|
╚═══════════════════╝
|
|
OS: Linux version 5.15.0-67-generic (buildd@lcy02-amd64-116) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023
|
|
User & Groups: uid=0(root) gid=0(root) groups=0(root)
|
|
Hostname: ls-2024-9
|
|
Writable folder: /dev/shm
|
|
[+] /usr/bin/ping is available for network discovery (linpeas can discover hosts, learn more with -h)
|
|
[+] /usr/bin/bash is available for network discovery, port scanning and port forwarding (linpeas can discover hosts, scan ports, and forward ports. Learn more with -h)
|
|
[+] /usr/bin/nc is available for network discovery & port scanning (linpeas can discover hosts and scan ports, learn more with -h)
|
|
|
|
[+] nmap is available for network discovery & port scanning, you should use it yourself
|
|
|
|
|
|
Caching directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DONE
|
|
|
|
╔════════════════════╗
|
|
══════════════════════════════╣ System Information ╠══════════════════════════════
|
|
╚════════════════════╝
|
|
╔══════════╣ Operative system
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#kernel-exploits
|
|
Linux version 5.15.0-67-generic (buildd@lcy02-amd64-116) (gcc (Ubuntu 11.3.0-1ubuntu1~22.04) 11.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023
|
|
Distributor ID: Ubuntu
|
|
Description: Ubuntu 22.04.2 LTS
|
|
Release: 22.04
|
|
Codename: jammy
|
|
|
|
╔══════════╣ Sudo version
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-version
|
|
Sudo version 1.9.9
|
|
|
|
|
|
╔══════════╣ PATH
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-path-abuses
|
|
|
|
╔══════════╣ Date & uptime
|
|
Fri Feb 2 08:13:10 UTC 2024
|
|
08:13:10 up 14 min, 2 users, load average: 0.33, 0.09, 0.04
|
|
|
|
╔══════════╣ Any sd*/disk* disk in /dev? (limit 20)
|
|
disk
|
|
|
|
╔══════════╣ Unmounted file-system?
|
|
╚ Check if you can mount umounted devices
|
|
LABEL=cloudimg-rootfs / ext4 discard,errors=remount-ro 0 1
|
|
LABEL=UEFI /boot/efi vfat umask=0077 0 1
|
|
|
|
╔══════════╣ Environment
|
|
╚ Any private information inside environment variables?
|
|
LESSOPEN=| /usr/bin/lesspipe %s
|
|
HISTFILESIZE=0
|
|
MAIL=/var/mail/root
|
|
USER=root
|
|
SSH_CLIENT=31.220.83.175 59290 22
|
|
SHLVL=0
|
|
HOME=/root
|
|
SSH_TTY=/dev/pts/0
|
|
LOGNAME=root
|
|
_=/usr/bin/sh
|
|
TERM=tmux-256color
|
|
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
|
|
HISTSIZE=0
|
|
SHELL=/bin/bash
|
|
LESSCLOSE=/usr/bin/lesspipe %s %s
|
|
PWD=/root
|
|
SSH_CONNECTION=31.220.83.175 59290 64.227.120.192 22
|
|
XDG_DATA_DIRS=/usr/local/share:/usr/share:/var/lib/snapd/desktop
|
|
HISTFILE=/dev/null
|
|
|
|
╔══════════╣ Searching Signature verification failed in dmesg
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#dmesg-signature-verification-failed
|
|
dmesg Not Found
|
|
|
|
╔══════════╣ Executing Linux Exploit Suggester
|
|
╚ https://github.com/mzet-/linux-exploit-suggester
|
|
[+] [CVE-2022-32250] nft_object UAF (NFT_MSG_NEWSET)
|
|
|
|
Details: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
|
|
https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
|
|
Exposure: probable
|
|
Tags: [ ubuntu=(22.04) ]{kernel:5.15.0-27-generic}
|
|
Download URL: https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c
|
|
Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
|
|
|
|
[+] [CVE-2022-2586] nft_object UAF
|
|
|
|
Details: https://www.openwall.com/lists/oss-security/2022/08/29/5
|
|
Exposure: less probable
|
|
Tags: ubuntu=(20.04){kernel:5.12.13}
|
|
Download URL: https://www.openwall.com/lists/oss-security/2022/08/29/5/1
|
|
Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
|
|
|
|
[+] [CVE-2022-0847] DirtyPipe
|
|
|
|
Details: https://dirtypipe.cm4all.com/
|
|
Exposure: less probable
|
|
Tags: ubuntu=(20.04|21.04),debian=11
|
|
Download URL: https://haxx.in/files/dirtypipez.c
|
|
|
|
[+] [CVE-2021-4034] PwnKit
|
|
|
|
Details: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
|
|
Exposure: less probable
|
|
Tags: ubuntu=10|11|12|13|14|15|16|17|18|19|20|21,debian=7|8|9|10|11,fedora,manjaro
|
|
Download URL: https://codeload.github.com/berdav/CVE-2021-4034/zip/main
|
|
|
|
[+] [CVE-2021-3156] sudo Baron Samedit
|
|
|
|
Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
|
|
Exposure: less probable
|
|
Tags: mint=19,ubuntu=18|20, debian=10
|
|
Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main
|
|
|
|
[+] [CVE-2021-3156] sudo Baron Samedit 2
|
|
|
|
Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
|
|
Exposure: less probable
|
|
Tags: centos=6|7|8,ubuntu=14|16|17|18|19|20, debian=9|10
|
|
Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main
|
|
|
|
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
|
|
|
|
Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
|
|
Exposure: less probable
|
|
Tags: ubuntu=20.04{kernel:5.8.0-*}
|
|
Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
|
|
ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
|
|
Comments: ip_tables kernel module must be loaded
|
|
|
|
[+] [CVE-2017-5618] setuid screen v4.5.0 LPE
|
|
|
|
Details: https://seclists.org/oss-sec/2017/q1/184
|
|
Exposure: less probable
|
|
Download URL: https://www.exploit-db.com/download/https://www.exploit-db.com/exploits/41154
|
|
|
|
|
|
╔══════════╣ Executing Linux Exploit Suggester 2
|
|
╚ https://github.com/jondonas/linux-exploit-suggester-2
|
|
|
|
╔══════════╣ Protections
|
|
═╣ AppArmor enabled? .............. apparmor module is loaded.
|
|
33 profiles are loaded.
|
|
33 profiles are in enforce mode.
|
|
/snap/snapd/18357/usr/lib/snapd/snap-confine
|
|
/snap/snapd/18357/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
|
|
/snap/snapd/20671/usr/lib/snapd/snap-confine
|
|
/snap/snapd/20671/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
|
|
/usr/bin/man
|
|
/usr/lib/NetworkManager/nm-dhcp-client.action
|
|
/usr/lib/NetworkManager/nm-dhcp-helper
|
|
/usr/lib/connman/scripts/dhclient-script
|
|
/usr/lib/snapd/snap-confine
|
|
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
|
|
/usr/sbin/mysqld
|
|
/usr/sbin/unbound
|
|
/{,usr/}sbin/dhclient
|
|
lsb_release
|
|
man_filter
|
|
man_groff
|
|
nvidia_modprobe
|
|
nvidia_modprobe//kmod
|
|
snap-update-ns.lxd
|
|
snap.lxd.activate
|
|
snap.lxd.benchmark
|
|
snap.lxd.buginfo
|
|
snap.lxd.check-kernel
|
|
snap.lxd.daemon
|
|
snap.lxd.hook.configure
|
|
snap.lxd.hook.install
|
|
snap.lxd.hook.remove
|
|
snap.lxd.lxc
|
|
snap.lxd.lxc-to-lxd
|
|
snap.lxd.lxd
|
|
snap.lxd.migrate
|
|
snap.lxd.user-daemon
|
|
tcpdump
|
|
0 profiles are in complain mode.
|
|
0 profiles are in kill mode.
|
|
0 profiles are in unconfined mode.
|
|
2 processes have profiles defined.
|
|
2 processes are in enforce mode.
|
|
/usr/sbin/mysqld (608)
|
|
/usr/sbin/unbound (575)
|
|
0 processes are in complain mode.
|
|
0 processes are unconfined but have a profile defined.
|
|
0 processes are in mixed mode.
|
|
0 processes are in kill mode.
|
|
═╣ AppArmor profile? .............. unconfined
|
|
═╣ is linuxONE? ................... s390x Not Found
|
|
═╣ grsecurity present? ............ grsecurity Not Found
|
|
═╣ PaX bins present? .............. PaX Not Found
|
|
═╣ Execshield enabled? ............ Execshield Not Found
|
|
═╣ SELinux enabled? ............... sestatus Not Found
|
|
═╣ Seccomp enabled? ............... disabled
|
|
═╣ User namespace? ................ enabled
|
|
═╣ Cgroup2 enabled? ............... enabled
|
|
═╣ Is ASLR enabled? ............... Yes
|
|
═╣ Printer? ....................... No
|
|
═╣ Is this a virtual machine? ..... Yes (kvm)
|
|
|
|
╔═══════════╗
|
|
═══════════════════════════════════╣ Container ╠═══════════════════════════════════
|
|
╚═══════════╝
|
|
╔══════════╣ Container related tools present (if any):
|
|
/snap/bin/lxc
|
|
/usr/bin/podman
|
|
╔══════════╣ Am I Containered?
|
|
╔══════════╣ Container details
|
|
═╣ Is this a container? ........... No
|
|
═╣ Any running containers? ........ Yes podman(1)
|
|
Running Podman Containers
|
|
4d05d4a1a404 docker.io/nejec/2048:latest apache2-foregroun... 14 minutes ago Up 14 minutes ago 0.0.0.0:8018->22/tcp 2048
|
|
|
|
|
|
|
|
╔═══════╗
|
|
═════════════════════════════════════╣ Cloud ╠═════════════════════════════════════
|
|
╚═══════╝
|
|
═╣ Google Cloud Platform? ............... No
|
|
═╣ AWS ECS? ............................. No
|
|
═╣ AWS EC2? ............................. No
|
|
═╣ AWS EC2 Beanstalk? ................... No
|
|
═╣ AWS Lambda? .......................... No
|
|
═╣ AWS Codebuild? ....................... No
|
|
═╣ DO Droplet? .......................... Yes
|
|
═╣ Aliyun ECS? .......................... No
|
|
═╣ IBM Cloud VM? ........................ No
|
|
═╣ Azure VM? ............................ No
|
|
═╣ Azure APP? ........................... No
|
|
|
|
╔══════════╣ DO Droplet Enumeration
|
|
Id: 398869447
|
|
Region: fra1
|
|
Public keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFeyPsS/zvRqho8r1ZosjOve5dP080XcvryKm6tb5k68kavPwpX4TDRTL9kPI2iF7xVPYWCqYJT+Bmn6S7+OcwfVVfIx59+rMPXMvsG9oLZfU6s1P0ogPH+0Nxnn/4N6hT+yJMzNbDKWsqPA7uXjmOUHLaIGvTfjhT+tA5ofWgMvOIRIdjSewVVFqsRvQZHc4ZppP6IBx43G7dBOHEKPI7y01O6WsEltErdPlTZQWDf43gO5GxwPFawgrRekT3YY8qo8U1kJMho46ajby3qoWO3RITb76fc4qiTK418AUoQFAndcbRYuhBNlWUYOwYEZm2fCtG44WvG0ckuUKL1CdB jernej.porenta@3fs.si
|
|
User data:
|
|
Dns: 67.207.67.2,67.207.67.3
|
|
Interfaces: sh: 2496: jq: not found
|
|
Floating_ip: sh: 2497: jq: not found
|
|
Reserved_ip: sh: 2498: jq: not found
|
|
Tags: sh: 2499: jq: not found
|
|
Features: sh: 2500: jq: not found
|
|
|
|
|
|
╔════════════════════════════════════════════════╗
|
|
════════════════╣ Processes, Crons, Timers, Services and Sockets ╠════════════════
|
|
╚════════════════════════════════════════════════╝
|
|
╔══════════╣ Cleaned processes
|
|
╚ Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes
|
|
root 1 0.2 0.8 100872 8036 ? Ss 07:59 0:02 /sbin/init
|
|
root 324 0.0 0.9 31768 9236 ? S<s 07:59 0:00 /lib/systemd/systemd-journald
|
|
root 366 0.0 2.7 289316 27100 ? SLsl 07:59 0:00 /sbin/multipathd -d -s
|
|
root 369 0.0 0.5 22780 5616 ? Ss 07:59 0:00 /lib/systemd/systemd-udevd
|
|
root 5246 0.0 0.3 22780 3484 ? S 08:13 0:00 _ /lib/systemd/systemd-udevd
|
|
root 5255 0.0 0.3 22780 3484 ? S 08:13 0:00 _ /lib/systemd/systemd-udevd
|
|
systemd+ 436 0.0 0.6 16252 5996 ? Ss 07:59 0:00 /lib/systemd/systemd-networkd
|
|
└─(Caps) 0x0000000000003c00=cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw
|
|
systemd+ 442 0.0 0.4 89360 4608 ? Ssl 07:59 0:00 /lib/systemd/systemd-timesyncd
|
|
└─(Caps) 0x0000000002000000=cap_sys_time
|
|
root 459 0.0 0.0 1088 44 ? S 07:59 0:00 nftablesd
|
|
message+ 521 0.0 0.4 8560 4296 ? Ss 07:59 0:00 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
|
└─(Caps) 0x0000000020000000=cap_audit_write
|
|
root 528 0.0 1.5 33108 15392 ? Ss 07:59 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
|
|
root 529 0.0 1.8 220240 18604 ? Ss 07:59 0:00 php-fpm: master process (/etc/php/8.1/fpm/php-fpm.conf)
|
|
www-data 591 0.0 1.0 220680 10616 ? S 07:59 0:00 _ php-fpm: pool www
|
|
www-data 592 0.0 0.9 220680 9552 ? S 07:59 0:00 _ php-fpm: pool www
|
|
syslog 532 0.0 0.5 222404 5044 ? Ssl 07:59 0:00 /usr/sbin/rsyslogd -n -iNONE
|
|
root 534 0.4 2.0 1245220 20044 ? Ssl 07:59 0:03 /usr/lib/snapd/snapd
|
|
root 535 0.0 0.4 14908 4464 ? Ss 07:59 0:00 /lib/systemd/systemd-logind
|
|
unbound 575 0.0 1.4 30168 14728 ? Ss 07:59 0:00 /usr/sbin/unbound -d -p
|
|
mysql 608 1.1 37.4 1322632 372228 ? Ssl 07:59 0:09 /usr/sbin/mysqld --skip-grant-tables
|
|
root 638 0.0 0.2 55936 2420 ? Ss 07:59 0:00 nginx: master process /usr/sbin/nginx -g daemon[0m on; master_process on;
|
|
www-data 639 0.0 0.8 56988 8900 ? S 07:59 0:00 _ nginx: worker process
|
|
root 815 0.0 0.1 1230260 1180 ? Ssl 07:59 0:00 /opt/digitalocean/bin/droplet-agent
|
|
root 820 0.0 0.2 7288 2532 ? Ss 07:59 0:00 /usr/sbin/cron -f -P
|
|
daemon[0m 834 0.0 0.1 3864 1204 ? Ss 07:59 0:00 /usr/sbin/atd -f
|
|
root 835 0.0 0.4 9496 4336 ? Ss 07:59 0:00 /usr/sbin/fwknopd
|
|
root 843 0.0 0.0 6220 904 ttyS0 Ss+ 07:59 0:00 /sbin/agetty -o -p -- u --keep-baud 115200,57600,38400,9600 ttyS0 vt220
|
|
root 845 0.0 0.0 6176 844 tty1 Ss+ 07:59 0:00 /sbin/agetty -o -p -- u --noclear tty1 linux
|
|
root 1705 0.0 0.9 16128 8972 ? Ss 08:07 0:00 _ sshd: root@pts/0
|
|
root 1707 0.0 0.4 5684 4684 pts/0 Ss 08:07 0:00 | _ -bash
|
|
root 1792 0.6 1.0 95620 10692 pts/0 S+ 08:12 0:00 | _ curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh
|
|
root 1793 0.2 0.3 4384 3324 pts/0 S+ 08:12 0:00 | _ sh
|
|
root 5410 0.0 0.1 4384 1604 pts/0 S+ 08:13 0:00 | _ sh
|
|
root 5414 0.0 0.3 7208 2992 pts/0 R+ 08:13 0:00 | | _ ps fauxwww
|
|
root 5413 0.0 0.1 4384 1604 pts/0 S+ 08:13 0:00 | _ sh
|
|
root 2137 0.1 0.8 16000 8776 ? Ss 08:13 0:00 _ sshd: root@pts/2
|
|
root 2139 0.0 0.4 5684 4676 pts/2 Ss+ 08:13 0:00 _ -bash
|
|
root 978 0.0 0.2 9688 2228 ? Ss 07:59 0:00 /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
|
|
root 1147 0.0 0.1 82724 1204 ? Ssl 07:59 0:00 /usr/bin/conmon --api-version 1 -c 4d05d4a1a4042edcef3194f270ace0d96e8c6b06592a073ce788d7c66b0fd9f6 -u 4d05d4a1a4042edcef3194f270ace0d96e8c6b06592a073ce788d7c66b0fd9f6 -r /usr/bin/crun -b /var/lib/containers/storage/overlay-containers/4d05d4a1a4042edcef3194f270ace0d96e8c6b06592a073ce788d7c66b0fd9f6/userdata -p /run/containers/storage/overlay-containers/4d05d4a1a4042edcef3194f270ace0d96e8c6b06592a073ce788d7c66b0fd9f6/userdata/pidfile -n 2048 --exit-dir /run/libpod/exits --full-attach -s -l journald --log-level warning --runtime-arg --log-format=json --runtime-arg --log --runtime-arg=/run/containers/storage/overlay-containers/4d05d4a1a4042edcef3194f270ace0d96e8c6b06592a073ce788d7c66b0fd9f6/userdata/oci-log --conmon-pidfile /run/containers/storage/overlay-containers/4d05d4a1a4042edcef3194f270ace0d96e8c6b06592a073ce788d7c66b0fd9f6/userdata/conmon.pid --exit-command /usr/bin/podman --exit-command-arg --root --exit-command-arg /var/lib/containers/storage --exit-command-arg --runroot --exit-command-arg /run/containers/storage --exit-command-arg --log-level --exit-command-arg warning --exit-command-arg --cgroup-manager --exit-command-arg systemd --exit-command-arg --tmpdir --exit-command-arg /run/libpod --exit-command-arg --runtime --exit-command-arg crun --exit-command-arg --events-backend --exit-command-arg journald --exit-command-arg container --exit-command-arg cleanup --exit-command-arg --rm --exit-command-arg 4d05d4a1a4042edcef3194f270ace0d96e8c6b06592a073ce788d7c66b0fd9f6
|
|
root 1151 0.0 1.3 82904 12992 ? Ss 07:59 0:00 _ apache2 -DFOREGROUND
|
|
www-data 1202 0.0 0.5 83212 5440 ? S 07:59 0:00 _ apache2 -DFOREGROUND
|
|
www-data 1203 0.0 0.5 83212 5484 ? S 07:59 0:00 _ apache2 -DFOREGROUND
|
|
www-data 1204 0.0 0.5 83212 5484 ? S 07:59 0:00 _ apache2 -DFOREGROUND
|
|
www-data 1205 0.0 0.5 83212 5484 ? S 07:59 0:00 _ apache2 -DFOREGROUND
|
|
www-data 1206 0.0 0.5 83212 5488 ? S 07:59 0:00 _ apache2 -DFOREGROUND
|
|
root 1651 0.0 0.3 41224 3196 ? Ss 07:59 0:00 /usr/lib/postfix/sbin/master -w
|
|
postfix 1654 0.0 0.4 41564 4108 ? S 07:59 0:00 _ pickup -l -t unix -u -c
|
|
postfix 1655 0.0 0.4 41608 4148 ? S 07:59 0:00 _ qmgr -l -t unix -u
|
|
postfix 1664 0.0 0.8 47332 8216 ? S 08:01 0:00 _ tlsmgr -l -t unix -u -c
|
|
postfix 1724 0.0 0.4 41560 4040 ? S 08:08 0:00 _ anvil -l -t unix -u -c
|
|
root 1672 0.0 0.1 4172 1964 ? Ss 08:01 0:00 SCREEN -d -m /usr/bin/socat TCP6-LISTEN:2227,reuseaddr,fork EXEC:/usr/bin/bash,stderr
|
|
root 1673 0.0 0.1 10292 1548 pts/1 Ss+ 08:01 0:00 _ /usr/bin/socat TCP6-LISTEN:2227,reuseaddr,fork EXEC:/usr/bin/bash,stderr
|
|
root 5013 0.6 0.1 2624 1604 ? Ss 08:13 0:00 /bin/sh /snap/lxd/24322/commands/daemon.start
|
|
root 5180 28.8 5.8 1414164 57936 ? Sl 08:13 0:04 _ lxd --logfile /var/snap/lxd/common/lxd/logs/lxd.log --group lxd
|
|
root 5167 0.1 0.1 153028 1960 ? Sl 08:13 0:00 lxcfs /var/snap/lxd/common/var/lib/lxcfs -p /var/snap/lxd/common/lxcfs.pid
|
|
|
|
╔══════════╣ Binary processes permissions (non 'root root' and not belonging to current user)
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes
|
|
|
|
╔══════════╣ Processes whose PPID belongs to a different user (not root)
|
|
╚ You will know if a user can somehow spawn processes as a different user
|
|
Proc 436 with ppid 1 is run by user systemd-network but the ppid user is root
|
|
Proc 442 with ppid 1 is run by user systemd-timesync but the ppid user is root
|
|
Proc 521 with ppid 1 is run by user messagebus but the ppid user is root
|
|
Proc 532 with ppid 1 is run by user syslog but the ppid user is root
|
|
Proc 575 with ppid 1 is run by user unbound but the ppid user is root
|
|
Proc 591 with ppid 529 is run by user www-data but the ppid user is root
|
|
Proc 592 with ppid 529 is run by user www-data but the ppid user is root
|
|
Proc 608 with ppid 1 is run by user mysql but the ppid user is root
|
|
Proc 639 with ppid 638 is run by user www-data but the ppid user is root
|
|
Proc 834 with ppid 1 is run by user daemon but the ppid user is root
|
|
Proc 1202 with ppid 1151 is run by user www-data but the ppid user is root
|
|
Proc 1203 with ppid 1151 is run by user www-data but the ppid user is root
|
|
Proc 1204 with ppid 1151 is run by user www-data but the ppid user is root
|
|
Proc 1205 with ppid 1151 is run by user www-data but the ppid user is root
|
|
Proc 1206 with ppid 1151 is run by user www-data but the ppid user is root
|
|
Proc 1654 with ppid 1651 is run by user postfix but the ppid user is root
|
|
Proc 1655 with ppid 1651 is run by user postfix but the ppid user is root
|
|
Proc 1664 with ppid 1651 is run by user postfix but the ppid user is root
|
|
Proc 1724 with ppid 1651 is run by user postfix but the ppid user is root
|
|
|
|
╔══════════╣ Processes with credentials in memory (root req)
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#credentials-from-process-memory
|
|
gdm-password Not Found
|
|
gnome-keyring-daemon Not Found
|
|
lightdm Not Found
|
|
vsftpd Not Found
|
|
apache2 process found (dump creds from memory as root)
|
|
sshd: process found (dump creds from memory as root)
|
|
|
|
╔══════════╣ Cron jobs
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#scheduled-cron-jobs
|
|
/usr/bin/crontab
|
|
incrontab Not Found
|
|
-rw-r--r-- 1 root root 1136 Mar 23 2022 /etc/crontab
|
|
|
|
/etc/cron.d:
|
|
total 24
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:47 .
|
|
drwxr-xr-x 111 root root 4096 Feb 2 08:07 ..
|
|
-rw-r--r-- 1 root root 102 Mar 23 2022 .placeholder
|
|
-rw-r--r-- 1 root root 303 Jun 1 2022 e2scrub_all
|
|
-rw-r--r-- 1 root root 712 Jan 28 2022 php
|
|
-rw-r--r-- 1 root root 396 Feb 2 2021 sysstat
|
|
|
|
/etc/cron.daily:
|
|
total 72
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:38 .
|
|
drwxr-xr-x 111 root root 4096 Feb 2 08:07 ..
|
|
-rw-r--r-- 1 root root 102 Mar 23 2022 .placeholder
|
|
-rwxr-xr-x 1 root root 34194 Dec 30 2021 aide
|
|
-rwxr-xr-x 1 root root 376 Nov 11 2019 apport
|
|
-rwxr-xr-x 1 root root 1478 Apr 8 2022 apt-compat
|
|
-rwxr-xr-x 1 root root 123 Dec 5 2021 dpkg
|
|
-rwxr-xr-x 1 root root 377 Jan 24 2022 logrotate
|
|
-rwxr-xr-x 1 root root 1330 Mar 17 2022 man-db
|
|
-rwxr-xr-x 1 root root 518 Feb 2 2021 sysstat
|
|
|
|
/etc/cron.hourly:
|
|
total 16
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:24 .
|
|
drwxr-xr-x 111 root root 4096 Feb 2 08:07 ..
|
|
-rw-r--r-- 1 root root 102 Mar 23 2022 .placeholder
|
|
-rwxr-xr-x 1 root root 110 Feb 1 14:24 droplet-agent
|
|
|
|
/etc/cron.monthly:
|
|
total 12
|
|
drwxr-xr-x 2 root root 4096 Mar 17 2023 .
|
|
drwxr-xr-x 111 root root 4096 Feb 2 08:07 ..
|
|
-rw-r--r-- 1 root root 102 Mar 23 2022 .placeholder
|
|
|
|
/etc/cron.weekly:
|
|
total 16
|
|
drwxr-xr-x 2 root root 4096 Mar 17 2023 .
|
|
drwxr-xr-x 111 root root 4096 Feb 2 08:07 ..
|
|
-rw-r--r-- 1 root root 102 Mar 23 2022 .placeholder
|
|
-rwxr-xr-x 1 root root 1020 Mar 17 2022 man-db
|
|
|
|
/var/spool/cron/crontabs:
|
|
total 8
|
|
drwx-wx--T 2 root crontab 4096 Mar 23 2022 .
|
|
drwxr-xr-x 5 root root 4096 Feb 1 14:36 ..
|
|
|
|
SHELL=/bin/sh
|
|
|
|
17 * * * * root cd / && run-parts --report /etc/cron.hourly
|
|
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
|
|
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
|
|
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
|
|
alias
|
|
backup
|
|
bin
|
|
daemon
|
|
ftp
|
|
games
|
|
gnats
|
|
guest
|
|
irc
|
|
lp
|
|
mail
|
|
man
|
|
nobody
|
|
operator
|
|
proxy
|
|
qmaild
|
|
qmaill
|
|
qmailp
|
|
qmailq
|
|
qmailr
|
|
qmails
|
|
sync
|
|
sys
|
|
www-data
|
|
|
|
╔══════════╣ Systemd PATH
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#systemd-path-relative-paths
|
|
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
|
|
|
|
╔══════════╣ Analyzing .service files
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#services
|
|
|
|
╔══════════╣ System timers
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers
|
|
NEXT LEFT LAST PASSED UNIT ACTIVATES
|
|
Fri 2024-02-02 08:14:06 UTC 30s left n/a n/a systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
|
|
Fri 2024-02-02 08:16:24 UTC 2min 47s left n/a n/a ua-timer.timer ua-timer.service
|
|
Fri 2024-02-02 08:39:00 UTC 25min left Fri 2024-02-02 08:09:00 UTC 4min 35s ago phpsessionclean.timer phpsessionclean.service
|
|
Fri 2024-02-02 14:01:49 UTC 5h 48min left Fri 2024-02-02 02:22:06 UTC 5h 51min ago motd-news.timer motd-news.service
|
|
Fri 2024-02-02 18:39:33 UTC 10h left Thu 2024-02-01 21:33:59 UTC 10h ago apt-daily.timer apt-daily.service
|
|
Sat 2024-02-03 00:00:00 UTC 15h left n/a n/a dpkg-db-backup.timer dpkg-db-backup.service
|
|
Sat 2024-02-03 00:00:00 UTC 15h left Fri 2024-02-02 00:00:05 UTC 8h ago logrotate.timer logrotate.service
|
|
Sat 2024-02-03 00:02:48 UTC 15h left Fri 2024-02-02 00:01:25 UTC 8h ago podman-auto-update.timer podman-auto-update.service
|
|
Sat 2024-02-03 06:09:49 UTC 21h left Fri 2024-02-02 06:07:18 UTC 2h 6min ago apt-daily-upgrade.timer apt-daily-upgrade.service
|
|
Sat 2024-02-03 06:16:16 UTC 22h left Fri 2024-02-02 02:56:06 UTC 5h 17min ago man-db.timer man-db.service
|
|
Sat 2024-02-03 08:04:15 UTC 23h left Fri 2024-02-02 08:04:15 UTC 9min ago update-notifier-download.timer update-notifier-download.service
|
|
Sun 2024-02-04 03:10:44 UTC 1 day 18h left Thu 2024-02-01 14:23:10 UTC 17h ago e2scrub_all.timer e2scrub_all.service
|
|
Mon 2024-02-05 00:07:27 UTC 2 days left Thu 2024-02-01 14:23:10 UTC 17h ago fstrim.timer fstrim.service
|
|
Fri 2024-02-09 05:06:06 UTC 6 days left Thu 2024-02-01 14:23:10 UTC 17h ago update-notifier-motd.timer update-notifier-motd.service
|
|
Sat 2024-02-10 00:00:00 UTC 1 week 0 days left Thu 2024-02-01 14:47:09 UTC 17h ago unbound-cleanup.timer unbound-cleanup.service
|
|
n/a n/a n/a n/a apport-autoreport.timer apport-autoreport.service
|
|
n/a n/a n/a n/a snapd.snap-repair.timer snapd.snap-repair.service
|
|
|
|
╔══════════╣ Analyzing .timer files
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers
|
|
|
|
╔══════════╣ D-Bus config files
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus
|
|
Possible weak user policy found on /etc/dbus-1/system.d/dnsmasq.conf ( <policy user="dnsmasq">)
|
|
|
|
╔══════════╣ D-Bus Service Objects list
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus
|
|
NAME PID PROCESS USER CONNECTION UNIT SESSION DESCRIPTION
|
|
:1.0 442 systemd-timesyn systemd-timesync :1.0 systemd-timesyncd.service - -
|
|
:1.1 436 systemd-network systemd-network :1.1 systemd-networkd.service - -
|
|
:1.10 534 snapd root :1.10 snapd.service - -
|
|
:1.2 1 systemd root :1.2 init.scope - -
|
|
:1.25 7551 busctl root :1.25 ssh.service - -
|
|
:1.3 535 systemd-logind root :1.3 systemd-logind.service - -
|
|
:1.5 528 networkd-dispat root :1.5 networkd-dispatcher.service - -
|
|
com.ubuntu.SoftwareProperties - - - (activatable) - - -
|
|
io.netplan.Netplan - - - (activatable) - - -
|
|
org.freedesktop.DBus 1 systemd root - init.scope - -
|
|
org.freedesktop.PackageKit - - - (activatable) - - -
|
|
org.freedesktop.PolicyKit1 - - - (activatable) - - -
|
|
org.freedesktop.bolt - - - (activatable) - - -
|
|
org.freedesktop.hostname1 - - - (activatable) - - -
|
|
org.freedesktop.locale1 - - - (activatable) - - -
|
|
org.freedesktop.login1 535 systemd-logind root :1.3 systemd-logind.service - -
|
|
org.freedesktop.network1 436 systemd-network systemd-network :1.1 systemd-networkd.service - -
|
|
org.freedesktop.resolve1 - - - (activatable) - - -
|
|
org.freedesktop.systemd1 1 systemd root :1.2 init.scope - -
|
|
org.freedesktop.timedate1 - - - (activatable) - - -
|
|
org.freedesktop.timesync1 442 systemd-timesyn systemd-timesync :1.0 systemd-timesyncd.service - -
|
|
|
|
|
|
╔═════════════════════╗
|
|
══════════════════════════════╣ Network Information ╠══════════════════════════════
|
|
╚═════════════════════╝
|
|
╔══════════╣ Hostname, hosts and DNS
|
|
ls-2024-9
|
|
127.0.1.1 ls-2024-9 ls-2024-9
|
|
127.0.0.1 localhost
|
|
|
|
::1 localhost ip6-localhost ip6-loopback
|
|
ff02::1 ip6-allnodes
|
|
ff02::2 ip6-allrouters
|
|
|
|
|
|
nameserver 127.0.0.1
|
|
options edns0 trust-ad
|
|
search .
|
|
|
|
╔══════════╣ Interfaces
|
|
# symbolic names for networks, see networks(5) for more information
|
|
link-local 169.254.0.0
|
|
cni-podman0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
|
|
inet 10.88.0.1 netmask 255.255.0.0 broadcast 10.88.255.255
|
|
inet6 fe80::f486:a1ff:fe85:a4fc prefixlen 64 scopeid 0x20<link>
|
|
ether f6:86:a1:85:a4:fc txqueuelen 1000 (Ethernet)
|
|
RX packets 14 bytes 852 (852.0 B)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 9 bytes 854 (854.0 B)
|
|
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
|
|
|
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
|
|
inet 64.227.120.192 netmask 255.255.240.0 broadcast 64.227.127.255
|
|
inet6 2a03:b0c0:3:d0::e03:e001 prefixlen 64 scopeid 0x0<global>
|
|
inet6 fe80::a490:c2ff:fef4:a02f prefixlen 64 scopeid 0x20<link>
|
|
ether a6:90:c2:f4:a0:2f txqueuelen 1000 (Ethernet)
|
|
RX packets 3483 bytes 1408677 (1.4 MB)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 3546 bytes 604090 (604.0 KB)
|
|
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
|
|
|
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
|
|
inet 10.114.0.10 netmask 255.255.240.0 broadcast 10.114.15.255
|
|
inet6 fe80::f08a:52ff:fe90:dd6 prefixlen 64 scopeid 0x20<link>
|
|
ether f2:8a:52:90:0d:d6 txqueuelen 1000 (Ethernet)
|
|
RX packets 0 bytes 0 (0.0 B)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 13 bytes 1006 (1.0 KB)
|
|
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
|
|
|
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
|
|
inet 127.0.0.1 netmask 255.0.0.0
|
|
inet6 ::1 prefixlen 128 scopeid 0x10<host>
|
|
loop txqueuelen 1000 (Local Loopback)
|
|
RX packets 264 bytes 24100 (24.1 KB)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 264 bytes 24100 (24.1 KB)
|
|
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
|
|
|
veth7496452b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
|
|
inet6 fe80::106b:bfff:fe58:b5b5 prefixlen 64 scopeid 0x20<link>
|
|
ether fe:55:38:78:87:87 txqueuelen 0 (Ethernet)
|
|
RX packets 14 bytes 1048 (1.0 KB)
|
|
RX errors 0 dropped 0 overruns 0 frame 0
|
|
TX packets 26 bytes 2184 (2.1 KB)
|
|
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
|
|
|
|
|
╔══════════╣ Active Ports
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-ports
|
|
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 638/nginx: master p
|
|
tcp 0 0 0.0.0.0:8018 0.0.0.0:* LISTEN 1147/conmon
|
|
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 638/nginx: master p
|
|
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 575/unbound
|
|
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 860/sshd: /usr/sbin
|
|
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1651/master
|
|
tcp6 0 0 :::443 :::* LISTEN 638/nginx: master p
|
|
tcp6 0 0 :::8953 :::* LISTEN 575/unbound
|
|
tcp6 0 0 :::2227 :::* LISTEN 1673/socat
|
|
tcp6 0 0 :::53 :::* LISTEN 575/unbound
|
|
tcp6 0 0 :::22 :::* LISTEN 860/sshd: /usr/sbin
|
|
tcp6 0 0 :::25 :::* LISTEN 1651/master
|
|
|
|
╔══════════╣ Can I sniff with tcpdump?
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sniffing
|
|
You can sniff with tcpdump!
|
|
|
|
|
|
|
|
╔═══════════════════╗
|
|
═══════════════════════════════╣ Users Information ╠═══════════════════════════════
|
|
╚═══════════════════╝
|
|
╔══════════╣ My user
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#users
|
|
uid=0(root) gid=0(root) groups=0(root)
|
|
|
|
╔══════════╣ Do I have PGP keys?
|
|
/usr/bin/gpg
|
|
netpgpkeys Not Found
|
|
netpgp Not Found
|
|
|
|
╔══════════╣ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid
|
|
Matching Defaults entries for root on ls-2024-9:
|
|
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, use_pty
|
|
|
|
User root may run the following commands on ls-2024-9:
|
|
(ALL : ALL) ALL
|
|
(ALL) NOPASSWD: ALL
|
|
/etc/sudoers:Defaults env_reset
|
|
/etc/sudoers:Defaults mail_badpass
|
|
/etc/sudoers:Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
|
|
/etc/sudoers:Defaults use_pty
|
|
/etc/sudoers:%unbound ALL=(ALL) NOPASSWD:ALL
|
|
/etc/sudoers:root ALL=(ALL:ALL) ALL
|
|
/etc/sudoers:%admin ALL=(ALL) ALL
|
|
/etc/sudoers:%sudo ALL=(ALL:ALL) ALL
|
|
/etc/sudoers:@includedir /etc/sudoers.d
|
|
Sudoers file: /etc/sudoers.d/90-cloud-init-users is readable
|
|
root ALL=(ALL) NOPASSWD:ALL
|
|
Sudoers file: /etc/sudoers.d/README is readable
|
|
|
|
╔══════════╣ Checking sudo tokens
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens
|
|
ptrace protection is enabled (1)
|
|
|
|
╔══════════╣ Checking doas.conf
|
|
permit nopass :users
|
|
permit nopass :root
|
|
|
|
╔══════════╣ Checking Pkexec policy
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation/interesting-groups-linux-pe#pe-method-2
|
|
|
|
[Configuration]
|
|
AdminIdentities=unix-user:0
|
|
[Configuration]
|
|
AdminIdentities=unix-group:sudo;unix-group:admin
|
|
|
|
╔══════════╣ Superusers
|
|
root:x:0:0:root:/root:/bin/bash
|
|
|
|
╔══════════╣ Users with console
|
|
alex:x:1001:1001:Alex Johnson:/home/alex:/bin/bash
|
|
blake:x:1006:1006:Blake Miller:/home/blake:/bin/bash
|
|
cameron:x:1007:1007:Cameron Wilson:/home/cameron:/bin/bash
|
|
casey:x:1005:1005:Casey Davis:/home/casey:/bin/bash
|
|
drew:x:1010:1013:Drew Anderson:/home/drew:/bin/bash
|
|
jordan:x:1002:1002:Jordan Smith:/home/jordan:/bin/bash
|
|
kendall:x:1009:1012:Kendall Taylor:/home/kendall:/bin/bash
|
|
morgan:x:1004:1004:Morgan Brown:/home/morgan:/bin/bash
|
|
peyton:x:1008:1011:Peyton Moore:/home/peyton:/bin/bash
|
|
root:x:0:0:root:/root:/bin/bash
|
|
taylor:x:1003:1003:Taylor Williams:/home/taylor:/bin/bash
|
|
|
|
╔══════════╣ All users & groups
|
|
uid=0(root) gid=0(root) groups=0(root)
|
|
uid=1(daemon[0m) gid=1(daemon[0m) groups=1(daemon[0m)
|
|
uid=10(uucp) gid=10(uucp) groups=10(uucp)
|
|
uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
|
|
uid=1001(alex) gid=1001(alex) groups=1001(alex),1008(users)
|
|
uid=1002(jordan) gid=1002(jordan) groups=1002(jordan),1008(users),1009(logs),1010(lvm)
|
|
uid=1003(taylor) gid=1003(taylor) groups=1003(taylor),1008(users),123(postfix),1009(logs)
|
|
uid=1004(morgan) gid=1004(morgan) groups=1004(morgan),1008(users)
|
|
uid=1005(casey) gid=1005(casey) groups=1005(casey),1008(users),1010(lvm)
|
|
uid=1006(blake) gid=1006(blake) groups=1006(blake),1008(users)
|
|
uid=1007(cameron) gid=1007(cameron) groups=1007(cameron),1008(users),1009(logs)
|
|
uid=1008(peyton) gid=1011(peyton) groups=1011(peyton),1008(users),1009(logs)
|
|
uid=1009(kendall) gid=1012(kendall) groups=1012(kendall),27(sudo),1008(users),1009(logs)
|
|
uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
|
|
uid=1010(drew) gid=1013(drew) groups=1013(drew),27(sudo),1008(users),1009(logs)
|
|
uid=102(messagebus) gid=105(messagebus) groups=105(messagebus)
|
|
uid=103(systemd-timesync) gid=106(systemd-timesync) groups=106(systemd-timesync)
|
|
uid=104(syslog) gid=111(syslog) groups=111(syslog),4(adm)
|
|
uid=105(_apt) gid=65534(nogroup) groups=65534(nogroup)
|
|
uid=106(tss) gid=112(tss) groups=112(tss)
|
|
uid=107(uuidd) gid=113(uuidd) groups=113(uuidd)
|
|
uid=108(tcpdump) gid=114(tcpdump) groups=114(tcpdump)
|
|
uid=109(sshd) gid=65534(nogroup) groups=65534(nogroup)
|
|
uid=110(pollinate) gid=1(daemon[0m) groups=1(daemon[0m)
|
|
uid=111(landscape) gid=116(landscape) groups=116(landscape)
|
|
uid=112(fwupd-refresh) gid=117(fwupd-refresh) groups=117(fwupd-refresh)
|
|
uid=113(mysql) gid=121(mysql) groups=121(mysql)
|
|
uid=114(dnsmasq) gid=65534(nogroup) groups=65534(nogroup)
|
|
uid=115(postfix) gid=123(postfix) groups=123(postfix)
|
|
uid=116(unbound) gid=125(unbound) groups=125(unbound)
|
|
uid=13(proxy) gid=13(proxy) groups=13(proxy)
|
|
uid=2(bin) gid=2(bin) groups=2(bin)
|
|
uid=3(sys) gid=3(sys) groups=3(sys)
|
|
uid=33(www-data) gid=33(www-data) groups=33(www-data)
|
|
uid=34(backup) gid=34(backup) groups=34(backup)
|
|
uid=38(list) gid=38(list) groups=38(list)
|
|
uid=39(irc) gid=39(irc) groups=39(irc)
|
|
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
|
|
uid=41(gnats) gid=41(gnats) groups=41(gnats)
|
|
uid=5(games) gid=60(games) groups=60(games)
|
|
uid=6(man) gid=12(man) groups=12(man)
|
|
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
|
|
uid=7(lp) gid=7(lp) groups=7(lp)
|
|
uid=8(mail) gid=8(mail) groups=8(mail)
|
|
uid=9(news) gid=9(news) groups=9(news)
|
|
uid=999(lxd) gid=1008(users) groups=1008(users)
|
|
|
|
╔══════════╣ Login now
|
|
08:13:38 up 14 min, 2 users, load average: 0.90, 0.25, 0.10
|
|
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
|
|
root pts/0 31.220.83.175 08:07 52.00s 0.44s 0.00s w
|
|
root pts/2 31.220.83.175 08:13 0.00s 0.02s 0.02s -bash
|
|
|
|
╔══════════╣ Last logons
|
|
root pts/0 Fri Feb 2 08:06:03 2024 - Fri Feb 2 08:07:41 2024 (00:01) 31.220.83.175
|
|
root pts/0 Fri Feb 2 08:01:16 2024 - Fri Feb 2 08:05:54 2024 (00:04) 31.220.83.175
|
|
reboot system boot Fri Feb 2 07:59:10 2024 still running 0.0.0.0
|
|
root pts/0 Thu Feb 1 14:51:05 2024 - Thu Feb 1 14:51:05 2024 (00:00) 89.212.81.147
|
|
root pts/0 Thu Feb 1 14:51:05 2024 - Thu Feb 1 14:51:05 2024 (00:00) 89.212.81.147
|
|
reboot system boot Thu Feb 1 14:50:47 2024 - Fri Feb 2 07:59:03 2024 (17:08) 0.0.0.0
|
|
root pts/0 Thu Feb 1 14:50:39 2024 - Thu Feb 1 14:50:39 2024 (00:00) 89.212.81.147
|
|
root pts/0 Thu Feb 1 14:50:38 2024 - Thu Feb 1 14:50:38 2024 (00:00) 89.212.81.147
|
|
|
|
wtmp begins Thu Feb 1 14:50:38 2024
|
|
|
|
╔══════════╣ Last time logon each user
|
|
Username Port From Latest
|
|
root pts/2 31.220.83.175 Fri Feb 2 08:13:08 +0000 2024
|
|
|
|
╔══════════╣ Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)
|
|
|
|
╔══════════╣ Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!
|
|
|
|
|
|
|
|
╔══════════════════════╗
|
|
═════════════════════════════╣ Software Information ╠═════════════════════════════
|
|
╚══════════════════════╝
|
|
╔══════════╣ Useful software
|
|
/usr/bin/base64
|
|
/usr/bin/curl
|
|
/usr/bin/doas
|
|
/usr/bin/gcc
|
|
/snap/bin/lxc
|
|
/usr/bin/nc
|
|
/usr/bin/ncat
|
|
/usr/bin/netcat
|
|
/usr/bin/nmap
|
|
/usr/bin/perl
|
|
/usr/bin/php
|
|
/usr/bin/ping
|
|
/usr/bin/podman
|
|
/usr/bin/python3
|
|
/usr/bin/socat
|
|
/usr/bin/sudo
|
|
/usr/bin/wget
|
|
|
|
╔══════════╣ Installed Compilers
|
|
ii gcc 4:11.2.0-1ubuntu1 amd64 GNU C compiler
|
|
ii gcc-11 11.4.0-1ubuntu1~22.04 amd64 GNU C compiler
|
|
ii rpcsvc-proto 1.4.2-0ubuntu6 amd64 RPC protocol compiler and definitions
|
|
/usr/bin/gcc
|
|
|
|
╔══════════╣ MySQL version
|
|
mysql Ver 8.0.36-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu))
|
|
|
|
|
|
═╣ MySQL connection using default root/root ........... Yes
|
|
User Host authentication_string
|
|
debian-sys-maint localhost $A$005$4t*VS*XV-k)qW;G;H:ZfGWAW.OAve60mL71D1hJkYqnK97xPNYZ5ozVAsMLj5
|
|
mysql.infoschema localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
mysql.session localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
mysql.sys localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
root localhost
|
|
═╣ MySQL connection using root/toor ................... Yes
|
|
User Host authentication_string
|
|
debian-sys-maint localhost $A$005$4t*VS*XV-k)qW;G;H:ZfGWAW.OAve60mL71D1hJkYqnK97xPNYZ5ozVAsMLj5
|
|
mysql.infoschema localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
mysql.session localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
mysql.sys localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
root localhost
|
|
═╣ MySQL connection using root/NOPASS ................. Yes
|
|
User Host authentication_string
|
|
debian-sys-maint localhost $A$005$4t*VS*XV-k)qW;G;H:ZfGWAW.OAve60mL71D1hJkYqnK97xPNYZ5ozVAsMLj5
|
|
mysql.infoschema localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
mysql.session localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
mysql.sys localhost $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED
|
|
root localhost
|
|
|
|
╔══════════╣ Searching mysql credentials and exec
|
|
We can read the mysql debian.cnf. You can use this username/password to log in MySQL
|
|
# Automatically generated for Debian scripts. DO NOT TOUCH!
|
|
[client]
|
|
host = localhost
|
|
user = debian-sys-maint
|
|
password = fXbOVrCdjqjt9OYZ
|
|
socket = /var/run/mysqld/mysqld.sock
|
|
[mysql_upgrade]
|
|
host = localhost
|
|
user = debian-sys-maint
|
|
password = fXbOVrCdjqjt9OYZ
|
|
socket = /var/run/mysqld/mysqld.sock
|
|
From '/etc/mysql/mysql.conf.d/mysqld.cnf' Mysql user: user = mysql
|
|
Found readable /etc/mysql/my.cnf
|
|
!includedir /etc/mysql/conf.d/
|
|
!includedir /etc/mysql/mysql.conf.d/
|
|
grep: (standard input): binary file matches
|
|
From '/var/lib/mysql/#innodb_redo/#ib_redo6' Mysql user:
|
|
|
|
╔══════════╣ Analyzing MariaDB Files (limit 70)
|
|
|
|
-rw------- 1 root root 317 Feb 1 14:38 /etc/mysql/debian.cnf
|
|
user = debian-sys-maint
|
|
password = fXbOVrCdjqjt9OYZ
|
|
user = debian-sys-maint
|
|
password = fXbOVrCdjqjt9OYZ
|
|
|
|
╔══════════╣ Analyzing Mongo Files (limit 70)
|
|
Version: mongo Not Found
|
|
mongod Not Found
|
|
|
|
-rw-r--r-- 1 root root 2279 Nov 23 2020 /etc/fail2ban/filter.d/mongodb-auth.conf
|
|
[Definition]
|
|
failregex = ^\s+\[conn(?P<__connid>\d+)\] Failed to authenticate [^\n]+<SKIPLINES>\s+\[conn(?P=__connid)\] end connection <HOST>
|
|
ignoreregex =
|
|
[Init]
|
|
maxlines = 10
|
|
|
|
╔══════════╣ Analyzing Apache-Nginx Files (limit 70)
|
|
Apache version: apache2 Not Found
|
|
httpd Not Found
|
|
|
|
Nginx version:
|
|
══╣ Nginx modules
|
|
ngx_http_geoip2_module.so
|
|
ngx_http_image_filter_module.so
|
|
ngx_http_xslt_filter_module.so
|
|
ngx_mail_module.so
|
|
ngx_stream_geoip2_module.so
|
|
ngx_stream_module.so
|
|
══╣ PHP exec extensions
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:47 /etc/nginx/sites-enabled
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:47 /etc/nginx/sites-enabled
|
|
lrwxrwxrwx 1 root root 34 Feb 1 14:47 /etc/nginx/sites-enabled/default -> /etc/nginx/sites-available/default
|
|
server {
|
|
listen 443 ssl default_server;
|
|
listen [::]:443 ssl default_server;
|
|
include snippets/snakeoil.conf;
|
|
root /var/www/html;
|
|
index index.html index.htm index.php;
|
|
listen 80 default_server;
|
|
server_name _;
|
|
location /2048/ {
|
|
proxy_pass http://localhost:8018/;
|
|
proxy_set_header Host $host;
|
|
}
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
location ~ \.php$ {
|
|
include snippets/fastcgi-php.conf;
|
|
|
|
fastcgi_pass unix:/run/php/php-fpm.sock;
|
|
}
|
|
}
|
|
|
|
drwxr-xr-x 2 root root 4096 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apache2/sites-enabled
|
|
drwxr-xr-x 2 root root 4096 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apache2/sites-enabled
|
|
lrwxrwxrwx 1 root root 35 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
|
|
<VirtualHost *:22>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
|
|
drwxr-xr-x 2 root root 4096 Dec 11 2020 /var/lib/containers/storage/overlay/fda57903e9f43dc02ae8315fc92ac23d40d45f161406063cd720d3402b88e388/diff/etc/apache2/sites-enabled
|
|
drwxr-xr-x 2 root root 4096 Dec 11 2020 /var/lib/containers/storage/overlay/fda57903e9f43dc02ae8315fc92ac23d40d45f161406063cd720d3402b88e388/diff/etc/apache2/sites-enabled
|
|
lrwxrwxrwx 1 root root 35 Dec 11 2020 /var/lib/containers/storage/overlay/fda57903e9f43dc02ae8315fc92ac23d40d45f161406063cd720d3402b88e388/diff/etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
|
|
<VirtualHost *:80>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
|
|
|
|
-rw-r--r-- 1 root root 1332 Jan 2 2023 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apache2/sites-available/000-default.conf
|
|
<VirtualHost *:22>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
lrwxrwxrwx 1 root root 35 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
|
|
<VirtualHost *:22>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
-rw-r--r-- 1 root root 1332 Jan 2 2023 /var/lib/containers/storage/overlay/fbb76ef8de42c51c2608d79bd95caf64f2d204c0b9a80b23b6a2ce69b5e2bded/diff/etc/apache2/sites-available/000-default.conf
|
|
<VirtualHost *:22>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
-rw-r--r-- 1 root root 1332 Aug 8 2020 /var/lib/containers/storage/overlay/fda57903e9f43dc02ae8315fc92ac23d40d45f161406063cd720d3402b88e388/diff/etc/apache2/sites-available/000-default.conf
|
|
<VirtualHost *:80>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
lrwxrwxrwx 1 root root 35 Dec 11 2020 /var/lib/containers/storage/overlay/fda57903e9f43dc02ae8315fc92ac23d40d45f161406063cd720d3402b88e388/diff/etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
|
|
<VirtualHost *:80>
|
|
ServerAdmin webmaster@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
|
|
-rw-r--r-- 1 root root 72924 Aug 18 11:41 /etc/php/8.1/cli/php.ini
|
|
allow_url_fopen = On
|
|
allow_url_include = Off
|
|
odbc.allow_persistent = On
|
|
mysqli.allow_persistent = On
|
|
pgsql.allow_persistent = On
|
|
-rw-r--r-- 1 root root 72928 Aug 18 11:41 /etc/php/8.1/fpm/php.ini
|
|
allow_url_fopen = On
|
|
allow_url_include = Off
|
|
odbc.allow_persistent = On
|
|
mysqli.allow_persistent = On
|
|
pgsql.allow_persistent = On
|
|
|
|
-rw-r--r-- 1 root root 1447 May 30 2023 /etc/nginx/nginx.conf
|
|
user www-data;
|
|
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
events {
|
|
worker_connections 768;
|
|
}
|
|
http {
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
types_hash_max_size 2048;
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
ssl_prefer_server_ciphers on;
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
gzip on;
|
|
include /etc/nginx/conf.d/*.conf;
|
|
include /etc/nginx/sites-enabled/*;
|
|
}
|
|
|
|
-rw-r--r-- 1 root root 389 May 30 2023 /etc/default/nginx
|
|
|
|
-rwxr-xr-x 1 root root 4579 May 30 2023 /etc/init.d/nginx
|
|
|
|
-rw-r--r-- 1 root root 329 May 30 2023 /etc/logrotate.d/nginx
|
|
|
|
drwxr-xr-x 8 root root 4096 Feb 1 14:36 /etc/nginx
|
|
-rw-r--r-- 1 root root 1125 May 30 2023 /etc/nginx/fastcgi.conf
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT $document_root;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
fastcgi_param REQUEST_SCHEME $scheme;
|
|
fastcgi_param HTTPS $https if_not_empty;
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param REMOTE_USER $remote_user;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
-rw-r--r-- 1 root root 1447 May 30 2023 /etc/nginx/nginx.conf
|
|
user www-data;
|
|
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
events {
|
|
worker_connections 768;
|
|
}
|
|
http {
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
types_hash_max_size 2048;
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
ssl_prefer_server_ciphers on;
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
gzip on;
|
|
include /etc/nginx/conf.d/*.conf;
|
|
include /etc/nginx/sites-enabled/*;
|
|
}
|
|
lrwxrwxrwx 1 root root 48 Feb 1 14:37 /etc/nginx/modules-enabled/50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf
|
|
load_module modules/ngx_mail_module.so;
|
|
lrwxrwxrwx 1 root root 55 Feb 1 14:37 /etc/nginx/modules-enabled/50-mod-http-geoip2.conf -> /usr/share/nginx/modules-available/mod-http-geoip2.conf
|
|
load_module modules/ngx_http_geoip2_module.so;
|
|
lrwxrwxrwx 1 root root 60 Feb 1 14:36 /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
|
|
load_module modules/ngx_http_xslt_filter_module.so;
|
|
lrwxrwxrwx 1 root root 57 Feb 1 14:37 /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf -> /usr/share/nginx/modules-available/mod-stream-geoip2.conf
|
|
load_module modules/ngx_stream_geoip2_module.so;
|
|
lrwxrwxrwx 1 root root 50 Feb 1 14:37 /etc/nginx/modules-enabled/50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf
|
|
load_module modules/ngx_stream_module.so;
|
|
lrwxrwxrwx 1 root root 61 Feb 1 14:38 /etc/nginx/modules-enabled/50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf
|
|
load_module modules/ngx_http_image_filter_module.so;
|
|
-rw-r--r-- 1 root root 423 May 30 2023 /etc/nginx/snippets/fastcgi-php.conf
|
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
try_files $fastcgi_script_name =404;
|
|
set $path_info $fastcgi_path_info;
|
|
fastcgi_param PATH_INFO $path_info;
|
|
fastcgi_index index.php;
|
|
include fastcgi.conf;
|
|
-rw-r--r-- 1 root root 217 May 30 2023 /etc/nginx/snippets/snakeoil.conf
|
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
|
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
|
|
|
-rw-r--r-- 1 root root 374 May 30 2023 /etc/ufw/applications.d/nginx
|
|
|
|
drwxr-xr-x 3 root root 4096 Feb 1 14:36 /usr/lib/nginx
|
|
|
|
-rwxr-xr-x 1 root root 1240136 May 30 2023 /usr/sbin/nginx
|
|
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:36 /usr/share/doc/nginx
|
|
|
|
drwxr-xr-x 4 root root 4096 Feb 1 14:36 /usr/share/nginx
|
|
-rw-r--r-- 1 root root 42 May 30 2023 /usr/share/nginx/modules-available/mod-stream.conf
|
|
load_module modules/ngx_stream_module.so;
|
|
-rw-r--r-- 1 root root 53 May 30 2023 /usr/share/nginx/modules-available/mod-http-image-filter.conf
|
|
load_module modules/ngx_http_image_filter_module.so;
|
|
-rw-r--r-- 1 root root 40 May 30 2023 /usr/share/nginx/modules-available/mod-mail.conf
|
|
load_module modules/ngx_mail_module.so;
|
|
-rw-r--r-- 1 root root 52 May 30 2023 /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
|
|
load_module modules/ngx_http_xslt_filter_module.so;
|
|
-rw-r--r-- 1 root root 47 May 30 2023 /usr/share/nginx/modules-available/mod-http-geoip2.conf
|
|
load_module modules/ngx_http_geoip2_module.so;
|
|
-rw-r--r-- 1 root root 49 May 30 2023 /usr/share/nginx/modules-available/mod-stream-geoip2.conf
|
|
load_module modules/ngx_stream_geoip2_module.so;
|
|
|
|
drwxr-xr-x 7 root root 4096 Feb 1 14:36 /var/lib/nginx
|
|
|
|
drwxr-xr-x 2 root adm 4096 Feb 1 14:36 /var/log/nginx
|
|
|
|
|
|
╔══════════╣ Analyzing FastCGI Files (limit 70)
|
|
-rw-r--r-- 1 root root 1055 May 30 2023 /etc/nginx/fastcgi_params
|
|
|
|
╔══════════╣ Analyzing Htpasswd Files (limit 70)
|
|
-rw-r--r-- 1 root root 47 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd
|
|
username:$apr1$1f5oQUl4$21lLXSN7xQOPtNsj5s4Nk/
|
|
-rw-r--r-- 1 root root 47 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd
|
|
username:$apr1$uUMsOjCQ$.BzXClI/B/vZKddgIAJCR.
|
|
-rw-r--r-- 1 root root 62 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htpasswd
|
|
username:digest private area:fad48d3a7c63f61b5b3567a4105bbb04
|
|
-rw-r--r-- 1 root root 117 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd
|
|
username:digest anon:25e4077a9344ceb1a88f2a62c9fb60d8
|
|
05bbb04
|
|
anonymous:digest anon:faa4e5870970cf935bb9674776e6b26a
|
|
-rw-r--r-- 1 root root 62 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd
|
|
username:digest private area:fad48d3a7c63f61b5b3567a4105bbb04
|
|
-rw-r--r-- 1 root root 62 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd
|
|
username:wrongrelm:99cd340e1283c6d0ab34734bd47bdc30
|
|
4105bbb04
|
|
|
|
╔══════════╣ Analyzing Rsync Files (limit 70)
|
|
-rw-r--r-- 1 root root 1044 Oct 11 2022 /usr/share/doc/rsync/examples/rsyncd.conf
|
|
[ftp]
|
|
comment = public archive
|
|
path = /var/www/pub
|
|
use chroot = yes
|
|
lock file = /var/lock/rsyncd
|
|
read only = yes
|
|
list = yes
|
|
uid = nobody
|
|
gid = nogroup
|
|
strict modes = yes
|
|
ignore errors = no
|
|
ignore nonreadable = yes
|
|
transfer logging = no
|
|
timeout = 600
|
|
refuse options = checksum dry-run
|
|
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
|
|
|
|
|
|
╔══════════╣ Analyzing Ldap Files (limit 70)
|
|
The password hash is from the {SSHA} to 'structural'
|
|
drwxr-xr-x 2 root root 4096 Mar 17 2023 /etc/ldap
|
|
|
|
drwxr-xr-x 2 root root 4096 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/ldap
|
|
|
|
drwxr-xr-x 2 root root 4096 Dec 11 2020 /var/lib/containers/storage/overlay/997a5ede1171f8a59f01b0d101fe47fcf4f62aff0a8b1ca16d284f2a2d0f4e21/diff/etc/ldap
|
|
|
|
|
|
╔══════════╣ Searching ssl/ssh files
|
|
╔══════════╣ Analyzing SSH Files (limit 70)
|
|
|
|
-rw------- 1 alex alex 2622 Feb 1 14:45 /home/alex/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEAsqJvyeJxf+8W73OgF7Av/GoO2Bp5Co0YU4H8x5YSNlgVwzZxmNgL
|
|
7TXnZYwvsdUGnPRuQf3I8kO8tHEPXcNlW1nTDuBhhY6QEibXxJ1sSbCSc6e44HMKods+EH
|
|
pXQhRmfn0oOembXb2zdzhTmFZ9xma3EIiaxqleapml7H2jqHpgPTvZ/SLhy0nEbFt0b+d7
|
|
LLVyspYlVeHMvzVJUR9NICbhAfJV1ykrbeqegPZvvOxOjN1NEp7LsHPYge3dXnjnKebPMK
|
|
GZILXggoveS8N5pvpi233vOvstf4fkGX/Tzb3++FJrDG2JhV89YelbCzy9125tqagndJvO
|
|
xMoP8nrKF4QSzb7CgMRMub6S4oTl0Us5hxmtrraZfFoMETmXfOYxeC2YTQXl8siAmyVHM/
|
|
VM6616l1d6v7JgDqGlTmdFriFG+5+F3LxD0aF74xUriPNScT704Cc45uh6Q+cox6Z5iEWR
|
|
DiySksjRy7QxNfCbPzFMiiXnFw+VmQyKLrjW8VMBAAAFmLyD6Nm8g+jZAAAAB3NzaC1yc2
|
|
EAAAGBALKib8nicX/vFu9zoBewL/xqDtgaeQqNGFOB/MeWEjZYFcM2cZjYC+0152WML7HV
|
|
Bpz0bkH9yPJDvLRxD13DZVtZ0w7gYYWOkBIm18SdbEmwknOnuOBzCqHbPhB6V0IUZn59KD
|
|
npm129s3c4U5hWfcZmtxCImsapXmqZpex9o6h6YD072f0i4ctJxGxbdG/neyy1crKWJVXh
|
|
zL81SVEfTSAm4QHyVdcpK23qnoD2b7zsTozdTRKey7Bz2IHt3V545ynmzzChmSC14IKL3k
|
|
vDeab6Ytt97zr7LX+H5Bl/0829/vhSawxtiYVfPWHpWws8vddubamoJ3SbzsTKD/J6yheE
|
|
Es2+woDETLm+kuKE5dFLOYcZra62mXxaDBE5l3zmMXgtmE0F5fLIgJslRzP1TOutepdXer
|
|
+yYA6hpU5nRa4hRvufhdy8Q9Ghe+MVK4jzUnE+9OAnOOboekPnKMemeYhFkQ4skpLI0cu0
|
|
MTXwmz8xTIol5xcPlZkMii641vFTAQAAAAMBAAEAAAGADMSuxN/NfEPn5pNKY1pFAJlifw
|
|
pCK85/nKIMu9KVC3ld8adXyBsGAmosV5/R91FIuOznxj1dOnCipMTBpzjeN83CpKxfjB8i
|
|
je/+bQYexWDWA81+c3Y40YgZ3MeoRDrjdv5IyWSFpglD/xOLNh2IilpKxeddvzFzMQXTTF
|
|
IdFPlnHTleXXxuzNinx5VjfzqTUIcvsAAqojbfkazXYfFtnwy1LJRyLYAhCikPZ0+cfdG0
|
|
oHD5BbzmX+U7GbgACLUPgiMcNq8h/1MLW1j+nk7zKsOM9x7rjEdmokL+xMtB3gg/pCUd/u
|
|
zWDpCHdDKA3pES4ug9OrUlev99eYox9ouObFs2UnzZdF/SIexoZ+k02i7XGZDrX10RSKls
|
|
H4e2yh7sKawv4RlEK/efEfNfX8eoOEgagw3QzBZE3iYYhse35Y7T+NA5daI3hLihtkzelv
|
|
2wshHPEv33a5ZW6M1q6haS0p6PJGitpKGTur3udX6PXH7+ZxKjwxg1dotkvJ7BANOZAAAA
|
|
wQC1HbxsQ5m7PaW5eJolRwZLeUsx+jA6dOD7Unj5CevaHATiIAOTEmfWYEHwuJ3Fbb3WAd
|
|
Ec4ZGRLd2v8ewtYv/6rizuKWGyDcoOAxUEvx52PJIRwB4APUr9FMfpTUvmVAC5VVJGFMml
|
|
6A/4ReX3QJpo0v/AydoEq/pAWUD9WciWds26hyuv/Z1c5CiN1bgOrtVUdOPK9nUikNXUhl
|
|
UD3znGjdy7/0v+zdcSa5K1+CSvGVZHTto1lAqwjjaqY+kADGUAAADBAO1LE4Bg6pyGHngn
|
|
KDpm0MPKUoYzN3rbZbpAFEni7M5V6abc+QkdBnnnwK7MuEtHzwIf7F3nySRHzXLT0CKiJc
|
|
kcOJClN1SnB1CaWezjV8yc4u+fLybaPlj5+A0MQDew0TgXZnkXOM6ldq0MS8sjEPMDg/LC
|
|
SVorD46QXE7+AjERcXbqJUMMgIwtTk4wT9eEWyHLDPN9jLmDSVdxK1n/py+Yk6PoleSyBQ
|
|
Qvh8CALZWMlbEPiGN0FrhmFN7SfS1U/wAAAMEAwLeKn98mWT2fojvxzhRJ7BxtOPIrwqxx
|
|
Iwka9GEwYEhniIEF+sP8ui6P1LwLa+5LrDx2mTO2VdPWVMzDwsdMPOp4rEe8jWLjg8JQ/O
|
|
NKBiP7rS8oaNbr18oOJkmLXwpn7y+1KCOjhWFp5WUif1L9ClSwUoDT6FhJHFWPYc+CMzk9
|
|
hmcgUYXylxeI0TH5fuDZ0BHu9piIqF6mVfXR0rzI4ak+OF6WafkNB5uXwweKxBMJA+tZE4
|
|
edz8sRpw+OGVf/AAAAHmFuc2libGUtZ2VuZXJhdGVkIG9uIGxzLTIwMjQtOQECAwQ=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 alex alex 584 Feb 1 14:45 /home/alex/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyom/J4nF/7xbvc6AXsC/8ag7YGnkKjRhTgfzHlhI2WBXDNnGY2AvtNedljC+x1Qac9G5B/cjyQ7y0cQ9dw2VbWdMO4GGFjpASJtfEnWxJsJJzp7jgcwqh2z4QeldCFGZ+fSg56ZtdvbN3OFOYVn3GZrcQiJrGqV5qmaXsfaOoemA9O9n9IuHLScRsW3Rv53sstXKyliVV4cy/NUlRH00gJuEB8lXXKStt6p6A9m+87E6M3U0Snsuwc9iB7d1eeOcp5s8woZkgteCCi95Lw3mm+mLbfe86+y1/h+QZf9PNvf74UmsMbYmFXz1h6VsLPL3Xbm2pqCd0m87Eyg/yesoXhBLNvsKAxEy5vpLihOXRSzmHGa2utpl8WgwROZd85jF4LZhNBeXyyICbJUcz9UzrrXqXV3q/smAOoaVOZ0WuIUb7n4XcvEPRoXvjFSuI81JxPvTgJzjm6HpD5yjHpnmIRZEOLJKSyNHLtDE18Js/MUyKJecXD5WZDIouuNbxUwE= ansible-generated on ls-2024-9
|
|
-rw------- 1 blake blake 2622 Feb 1 14:45 /home/blake/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEAk5uMAf9wHjosMqXyX/BZt6EHQ6MV8PL2CoJikbJSwtEk1C1lZb2f
|
|
ZsweIqiW7w3P2gZBEKhccMGc9hHSmdVo5HsbQUioDU9ULKXPSiq/IhNYUzikw9gwuMn2Vo
|
|
3Q5vrEdGPo8sWuoX23KpFs6LMFEIaa4VzbceUvwwv+36nk1wVZxTnw5o9JmQ+sNrYgUaO+
|
|
m5EJOlfV2V17tISHazQmH+wlRSR5pBxz3BYqhooJjKUOfhsfmYXmmUhxIwZpVxqmx2gIdW
|
|
NAECe8cEAbOMVxwMFgRQsXYU+ZstVmlT14cKC9MnpgQwRgVdbj1+Ada5ZFiLWQD84I8noc
|
|
Gus6Ks5JBNcsjAERugCaM47O9Du9ARNTDN6BxnwhyvEn7j0GhygTOODuUrUVeI0G0bsn/6
|
|
dBrhTTX+a6S2k7iTpXXMXDzwOmdTLeb1lt6sE3FcF66J+4Pu56CGrV4yt86a9FWrZI9I4h
|
|
daoZfAHg0KfKgND8OOzR9+g9gUpcFui68K7xJHXdAAAFmFwPoRJcD6ESAAAAB3NzaC1yc2
|
|
EAAAGBAJObjAH/cB46LDKl8l/wWbehB0OjFfDy9gqCYpGyUsLRJNQtZWW9n2bMHiKolu8N
|
|
z9oGQRCoXHDBnPYR0pnVaOR7G0FIqA1PVCylz0oqvyITWFM4pMPYMLjJ9laN0Ob6xHRj6P
|
|
LFrqF9tyqRbOizBRCGmuFc23HlL8ML/t+p5NcFWcU58OaPSZkPrDa2IFGjvpuRCTpX1dld
|
|
e7SEh2s0Jh/sJUUkeaQcc9wWKoaKCYylDn4bH5mF5plIcSMGaVcapsdoCHVjQBAnvHBAGz
|
|
jFccDBYEULF2FPmbLVZpU9eHCgvTJ6YEMEYFXW49fgHWuWRYi1kA/OCPJ6HBrrOirOSQTX
|
|
LIwBEboAmjOOzvQ7vQETUwzegcZ8IcrxJ+49BocoEzjg7lK1FXiNBtG7J/+nQa4U01/muk
|
|
tpO4k6V1zFw88DpnUy3m9ZberBNxXBeuifuD7ueghq1eMrfOmvRVq2SPSOIXWqGXwB4NCn
|
|
yoDQ/Djs0ffoPYFKXBbouvCu8SR13QAAAAMBAAEAAAGAEkuWR+0cPXLiZYiyCPgmdp8r4l
|
|
NFde73VgghJYPfxCveD7pstfaR2lD0b0FMK+cfWxupVuI3SvaEeO9ulgigjqk/kJDr23J4
|
|
sWv/zGaN+DBDo1UC/w89wrmtob7EJMzyKqbziZu88GE/obQStqjxuMGmUsaKoIxSpi9HcP
|
|
uC1K/iF5L96+XYrnMF2mYqjVPpXSjV5vhaFi4DFjXS/xOgohZH7FEADrpEFgRdUv2q/1a5
|
|
/CFqgkHZeihDdZ7m0ZgI4b5EuJZ7eeizr9BDhV/azWoSyUfvak7WFAtcaZgmFUfknyf0zV
|
|
NTgb2Bs3CVg4ipWi7X7D19BPBj+1OlPyslUzDqqRThXvFzPB13whtGReNb14LQZnT8TXW8
|
|
EPiBd5DI1ZLt8NC8tmSX3yhh5GJVm8IDNaC/eiaFpMqxlqYTHAdh685qGcIlljSehsvWR6
|
|
qsh35j1Wtz5vZbP6pf3ocxqk7qEtNHk7diRlfAhL0dSZuRE4FcNkQvXEeDnoLQIzmhAAAA
|
|
wBju5iWyMa8YPyH3LUXH1PFa8TxuOU2NIizdKUZPeo1OJfdcA10kCpwHL8rcYEgmlwfFOA
|
|
HCDIWkTYhfCCJL7WumE/VJUKakq+PoaTZZSsALccfHJM5ZQxE+r1AQIrCqkEPRZld74lqu
|
|
+sBcI1xQs1Y85KT3KWIIlDHJFfuyOXr8ea+E0PohvLSmOWTK4Nol79jgwaiyt3XDUGcR+x
|
|
wFxRdWRNcybP5dM+Df4q28IvmJyLt17c/S3cDWPj25Uuj++QAAAMEAxdqJfue9b94dPVEP
|
|
fFwTFOG7bDj4Ms0/qhLmnQy8Z/7tAISCYjmhhM5lPNIAKY8XxCvhAOzcMyArhpSEvCCuw6
|
|
YfRNY4sGJmjfbRdOlq1QSzfb074F74rij14CDspBfp2i/z6atpKU7m0SH2kt3U7wzK3x/Y
|
|
lkTrlbVSwHkbSnLalA+3ZZI+MahE/Qip2D6Bcl0mm4GJPAGP6gv5xDqLbt/sQWE2B6mGW/
|
|
ZkWrWUrneEvu3V1OGEIvaNApqAKD45AAAAwQC+/MMqsniflrCcWsFO0g796YiRAX/E1HgC
|
|
WSktZvuWO1P9wKuB7SpgbZUL3xg+Ra1xFCjMtzg0o4/2RNpXwQgzkb72UC3qC44D7cd+R9
|
|
B7HAaeZPCD1inzBdrMUang+aWfvyTWkGqgkw0BoWKw4nLDRDJ+MacXkIr4RI6TC2W7u9EK
|
|
wjbCSxFUvuocLVu/YvD0oFky4eIWDvkxwmJYVTjrvaNsBkCNHhTg2metejvOYOvOWP3jTA
|
|
TI5l1D8iHRNMUAAAAeYW5zaWJsZS1nZW5lcmF0ZWQgb24gbHMtMjAyNC05AQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 blake blake 584 Feb 1 14:45 /home/blake/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCTm4wB/3AeOiwypfJf8Fm3oQdDoxXw8vYKgmKRslLC0STULWVlvZ9mzB4iqJbvDc/aBkEQqFxwwZz2EdKZ1WjkextBSKgNT1Qspc9KKr8iE1hTOKTD2DC4yfZWjdDm+sR0Y+jyxa6hfbcqkWzoswUQhprhXNtx5S/DC/7fqeTXBVnFOfDmj0mZD6w2tiBRo76bkQk6V9XZXXu0hIdrNCYf7CVFJHmkHHPcFiqGigmMpQ5+Gx+ZheaZSHEjBmlXGqbHaAh1Y0AQJ7xwQBs4xXHAwWBFCxdhT5my1WaVPXhwoL0yemBDBGBV1uPX4B1rlkWItZAPzgjyehwa6zoqzkkE1yyMARG6AJozjs70O70BE1MM3oHGfCHK8SfuPQaHKBM44O5StRV4jQbRuyf/p0GuFNNf5rpLaTuJOldcxcPPA6Z1Mt5vWW3qwTcVwXron7g+7noIatXjK3zpr0Vatkj0jiF1qhl8AeDQp8qA0Pw47NH36D2BSlwW6LrwrvEkdd0= ansible-generated on ls-2024-9
|
|
-rw------- 1 cameron cameron 2622 Feb 1 14:45 /home/cameron/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEA8vqPPPb5jfwPm8KB8ESTSGfeopdu63sHgH9qn21NyvwW/ki6HEXN
|
|
qOj2m/XpMp+tK2ajBTmoXl4LipwuaSPDad9JqxDFhSXKgKzLXr+UHT/zOkTj39o/h6LpMD
|
|
cqL5DcDe+WkVhE1JPjXiHQlNAk9OpqHu1YGH8S5pnsxWb5tTutcKZvim9KUz2C63f8IyY+
|
|
PHG4lRPA7AeNLUBBnnMj//Kdm3vcpXMzR3Tr1+TWv9dEItSLHZGRd7UtIwGSGBUQhBDtU7
|
|
mBe38tvXXzlEC43pgMlF/LSdlGKGVMBSmfGEyBLJmaiAvEPK64B3Uv+oynAfMwWqGa+/Ce
|
|
gcMNHjI5PjfmQnl3KZvSlM/ak42NniKhjk519aIVTusDg7de2rejmy0f11IbhWkpgna5zl
|
|
qa4SkFmbsfp64vhef6BleRr3Y2EfD3Cv36rKUp/hfXdmoGE86KM4w/Jkwwgf37QAwWlPzs
|
|
ymrG8LqHPfYR/ImjUd7GhQEWjT0oIkJc4rvevB8RAAAFmIVS0TKFUtEyAAAAB3NzaC1yc2
|
|
EAAAGBAPL6jzz2+Y38D5vCgfBEk0hn3qKXbut7B4B/ap9tTcr8Fv5IuhxFzajo9pv16TKf
|
|
rStmowU5qF5eC4qcLmkjw2nfSasQxYUlyoCsy16/lB0/8zpE49/aP4ei6TA3Ki+Q3A3vlp
|
|
FYRNST414h0JTQJPTqah7tWBh/EuaZ7MVm+bU7rXCmb4pvSlM9gut3/CMmPjxxuJUTwOwH
|
|
jS1AQZ5zI//ynZt73KVzM0d069fk1r/XRCLUix2RkXe1LSMBkhgVEIQQ7VO5gXt/Lb1185
|
|
RAuN6YDJRfy0nZRihlTAUpnxhMgSyZmogLxDyuuAd1L/qMpwHzMFqhmvvwnoHDDR4yOT43
|
|
5kJ5dymb0pTP2pONjZ4ioY5OdfWiFU7rA4O3Xtq3o5stH9dSG4VpKYJ2uc5amuEpBZm7H6
|
|
euL4Xn+gZXka92NhHw9wr9+qylKf4X13ZqBhPOijOMPyZMMIH9+0AMFpT87MpqxvC6hz32
|
|
EfyJo1HexoUBFo09KCJCXOK73rwfEQAAAAMBAAEAAAGAE6jz5ZArPZKPVcBNgLofu6xR3p
|
|
CHtEyCXSKSJz+yG3I9zwnl6ys3uorNB24ElijG23vkxWO2rJoJ74d3FuFCqsKbJJkJDl6y
|
|
LaqtkudH7fzyanzP/lkbqlcjbJgOFQaw03zXD0AX46Zqr39nb98OmnWMLB/ysJq5lgiO2K
|
|
MeIcyoGjURUd9y4VzZBsHw2Aw8XWorL/7G7aInyWlJVe+FkmxYVdAWGJoDZG0AtzmIKcIa
|
|
fIH7lqMkZM33Tr2OC15KzTSJYaeL2VTCX0nwHeNS2BUsu8nYGlR9nA7j+1dlO+OF47i2tw
|
|
2wXG8hIijUYmOTu0Tz1ezKv68fjC5FGto0qqrFij04F2Q5udqr1ZDIF89g0usD/sQtiI6/
|
|
kRUHIO17pVE6l07OA7OOgYZnvIgSwLyv15vo8SpbLKVjgmyslk1+Mp/yKHQ1wg7Q45nS3t
|
|
do1/TPvz3T4Ic82LAHAzhUx0tleJeIKMypdX+PTtwegEYxHJ6Sg+4MOK+Z8CR0I8ExAAAA
|
|
wBd7rKw95sS6H8C+NvQZOWCRkajChPJkwcDWdCymvPJO1z0LwfYt0vJ31NZh4f2mLgaxZW
|
|
U8OYvKrXMjZupKlP48yjCgl7QRBGARRbpW4cYCnJnIG/jluerGnUe8+Whi2Lkh72rTPatN
|
|
ahVDKjRoRqE9wa9xjtWQ/3iV2vgfdDyb/U70hXmzMyqDk2hhbLjqapZQM4aER6KufikYP7
|
|
xfCmonV4TD2pojm8JRB+NVxV+C3deW3PY7IHz1qHr0hx5/rwAAAMEA+ZGKZ8H2s/N7buAN
|
|
rH6xHhJciZGYVWwLVf8B5SgtX+oOU3Srg6XOdYLy1NzsyjcPwxyFsbEBhQMdXfxVG8VEFD
|
|
XfwGifZ2QilUjnY1smKfIv1D586aXzYS6AomsZshWDE45AT1ikw5NVGQszJrbKe3/YPnQ2
|
|
ind1JvAuG+kPzqyNOchzPgfNhHpf2kt9j8T11x2vy++nJIIO4bZpqalF8Mmk899htM8Ryd
|
|
pbtVDEG7HWfcf1XqBfddO3eMiBQjVpAAAAwQD5PYtw4Ge/nGokkdjtX3xt+uBhlE7sPT7Z
|
|
wwPubmbCf4vOv2kYrd9fIoWjqTGFYDfMKPxTe9JMtCoePssrYrXCNCB0009iIZ6Kz4+wun
|
|
b4btXpPJKgPyyx8ah1ry3hHiu9WMFnlfMkY5WsDvRhC1Fj0THhWo6LCo/72kF0aPqkya8E
|
|
o3ArOoCEoDORglgbU09LCJxRcvMECn2Mff29YIiz7hx5VXhcHfGjUnSKhgl+xktjoNJeur
|
|
VNoxriP+son2kAAAAeYW5zaWJsZS1nZW5lcmF0ZWQgb24gbHMtMjAyNC05AQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 cameron cameron 584 Feb 1 14:45 /home/cameron/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDy+o889vmN/A+bwoHwRJNIZ96il27reweAf2qfbU3K/Bb+SLocRc2o6Pab9ekyn60rZqMFOaheXguKnC5pI8Np30mrEMWFJcqArMtev5QdP/M6ROPf2j+HoukwNyovkNwN75aRWETUk+NeIdCU0CT06moe7VgYfxLmmezFZvm1O61wpm+Kb0pTPYLrd/wjJj48cbiVE8DsB40tQEGecyP/8p2be9ylczNHdOvX5Na/10Qi1IsdkZF3tS0jAZIYFRCEEO1TuYF7fy29dfOUQLjemAyUX8tJ2UYoZUwFKZ8YTIEsmZqIC8Q8rrgHdS/6jKcB8zBaoZr78J6Bww0eMjk+N+ZCeXcpm9KUz9qTjY2eIqGOTnX1ohVO6wODt17at6ObLR/XUhuFaSmCdrnOWprhKQWZux+nri+F5/oGV5GvdjYR8PcK/fqspSn+F9d2agYTzoozjD8mTDCB/ftADBaU/OzKasbwuoc99hH8iaNR3saFARaNPSgiQlziu968HxE= ansible-generated on ls-2024-9
|
|
-rw------- 1 casey casey 2622 Feb 1 14:45 /home/casey/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEAsWQb/KvPmXO3sm7GG/+WSBO91Ht5Tbdhu29K+UZ2Y7xbHLCbeV21
|
|
xE/MIdaORKyJ6qC56V/dF3iWs/bpDOZxvXgKBSPEiIMyqApxVzgxCOw6+QfwkvSEPQsrDv
|
|
XyAJLVFedJ8lFHm9gfUjMAD/eXW8UTem3aN3YGM0SgwnjZGrXzgv0Fv+NornM3ORK8W50o
|
|
EILIqPcdK/8+fcG5Vq498z8S6/4kqncnku+RE8p0tIfcggG0mbdJ0Ve08kbUaVzUGtoJOR
|
|
2wSsR3f7nmsmvduaiwt2PWEPphD80fIG7zR71lLNHDu30XyeqFT+joQhK2Ij6iRdxFUd+Y
|
|
gZVjGN4DWcnaiCYKaqHcg2NNuyNmWADfb9s5ZNzJSnUfmH2wI1/8dC1c2wVhEoeA4JkUiD
|
|
arb/PeaYk7wFAzg4wh16YVntSM6YZXj6uKOn4ky+R3hYSifudVqg6bLOMg4uJOP8QdjRKc
|
|
a+lKbyLHKLgoy/BJJQkw8vtU+1mG2TXMW8fj4yTnAAAFmAp7ONkKezjZAAAAB3NzaC1yc2
|
|
EAAAGBALFkG/yrz5lzt7Juxhv/lkgTvdR7eU23YbtvSvlGdmO8Wxywm3ldtcRPzCHWjkSs
|
|
ieqguelf3Rd4lrP26Qzmcb14CgUjxIiDMqgKcVc4MQjsOvkH8JL0hD0LKw718gCS1RXnSf
|
|
JRR5vYH1IzAA/3l1vFE3pt2jd2BjNEoMJ42Rq184L9Bb/jaK5zNzkSvFudKBCCyKj3HSv/
|
|
Pn3BuVauPfM/Euv+JKp3J5LvkRPKdLSH3IIBtJm3SdFXtPJG1Glc1BraCTkdsErEd3+55r
|
|
Jr3bmosLdj1hD6YQ/NHyBu80e9ZSzRw7t9F8nqhU/o6EIStiI+okXcRVHfmIGVYxjeA1nJ
|
|
2ogmCmqh3INjTbsjZlgA32/bOWTcyUp1H5h9sCNf/HQtXNsFYRKHgOCZFIg2q2/z3mmJO8
|
|
BQM4OMIdemFZ7UjOmGV4+rijp+JMvkd4WEon7nVaoOmyzjIOLiTj/EHY0SnGvpSm8ixyi4
|
|
KMvwSSUJMPL7VPtZhtk1zFvH4+Mk5wAAAAMBAAEAAAGAKiUpOxJM293w1m1YFx3VxCEgmE
|
|
OPseWwTBpoeyoBBbgiA4J4JdEcVtxImP+DRJCjocF2+hnjCukFERPIEd8MReInq0nwryhQ
|
|
mDkG7Zx1lfOeHT2ELD34zxIAtGi9iuJXywDtAivKch3abyqbyK9f4BdGBe/kiQm69mJHOX
|
|
0Bw8VX6haYT5tFazEHfUFUzAVeF/Iin3Y6kZHudG1azdvO7yRcqAH1DyUJG3FcjBGtQZkH
|
|
zEGAeYbg/GI0pN0sKS469nj6y3UMzEDR+UT59knPj9B/SXB7JIXmdYg3ChCRkLWlMtVSsh
|
|
zVQ8VCT/VATHTWr7E7xFq0JJ3FKVFnOOWcTUurTxthwwYOhZPWp/6hFTP36k4NE1k1132d
|
|
uczMdhTt8cntFFL08Zw/fEnOBZjy7rH4gK4FTZEwBzoo1sHzw8sYvTZv+OUOIOPyASN1/5
|
|
e+Tve1Hpnw9bVWDCNNBqXke8A0Dx/xl0dI8wCR5dVru8k9/jF6zmgAnn94Qj7HxDtBAAAA
|
|
wQCEQbjzWTSfJZpdpZJ691wMlHul1v/D66N3owTPzKYkqCso1OGvnX0rdm3Ea/B4VY9Eqf
|
|
Xosqr2vcQwsPH2AIafvgciPmWobQK5L3Ku6vp1QCnvQz5y5ro/nXscsCxF4gG+qqr9TtnQ
|
|
vkpwNxD2NGUnKbbbuo7Tgq0aguA84qVUDkFPr9gKSd6Cq6EtGQF5+jGy//PtbjnvLfRnyN
|
|
z/Sfc2y0gycEMWxZ6aEjDIQHLH7XiN6DYQ1eCOfL2avQSJmNwAAADBAPBoZC8utLoK9vyp
|
|
n2VxIEW8J28e0mzF+fmlyuBlpBRpRVqPHFeWueUjIMvffvnBWKare16GKJnEQwtgAEiRVU
|
|
vGE1cwc64IAltnsq53LhUg+Ex2sPDS65lLgx6Aw2KfW3ErlkdRYw1yBI1neoe9LNFbHX5L
|
|
1F0xjyTWOOtHaFLeS0BVIWkuyJ0MPHr5MNbG3Uuj2Xfs6j6O09yWtI2+2fEgsEfKVyL4YS
|
|
JM335FqA+tOVlie6txvEISn/VXCE2LpwAAAMEAvOVrlea5lMq6krdxLkEab0+q7jlhcHJW
|
|
aGxbX3Q5rrN2Adl4SW3HnB2vBj4zQLg8gDiHJl1hGghp2xVXVSow3zLQqCwimLqcXg1w0H
|
|
4iJn76rJ73sFlS6mEOXfrQ5zw311DxZPOXWct5LQU4pWG8gra5ENDwyTyv43aRh9vtP+E8
|
|
VkipfTkkERNjTeDCddvE6LfhVoHQgQ4kNZl9EmSSiq2zwiFjbIH+idvvlaQ5ZqEU/4irrD
|
|
5BiQmYPl9ll8TBAAAAHmFuc2libGUtZ2VuZXJhdGVkIG9uIGxzLTIwMjQtOQECAwQ=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 casey casey 584 Feb 1 14:45 /home/casey/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxZBv8q8+Zc7eybsYb/5ZIE73Ue3lNt2G7b0r5RnZjvFscsJt5XbXET8wh1o5ErInqoLnpX90XeJaz9ukM5nG9eAoFI8SIgzKoCnFXODEI7Dr5B/CS9IQ9CysO9fIAktUV50nyUUeb2B9SMwAP95dbxRN6bdo3dgYzRKDCeNkatfOC/QW/42iuczc5ErxbnSgQgsio9x0r/z59wblWrj3zPxLr/iSqdyeS75ETynS0h9yCAbSZt0nRV7TyRtRpXNQa2gk5HbBKxHd/ueaya925qLC3Y9YQ+mEPzR8gbvNHvWUs0cO7fRfJ6oVP6OhCErYiPqJF3EVR35iBlWMY3gNZydqIJgpqodyDY027I2ZYAN9v2zlk3MlKdR+YfbAjX/x0LVzbBWESh4DgmRSINqtv895piTvAUDODjCHXphWe1IzphlePq4o6fiTL5HeFhKJ+51WqDpss4yDi4k4/xB2NEpxr6UpvIscouCjL8EklCTDy+1T7WYbZNcxbx+PjJOc= ansible-generated on ls-2024-9
|
|
-rw------- 1 drew drew 2622 Feb 1 14:45 /home/drew/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEAvt2ZLrCQ0PBUnHR2qmNVzrI0uLW4qH5maQsLSl+uvFgW+mAaV/SX
|
|
XdWudvZTKrwyu0Uuj91Uf8Aq64ai8hcVXg3BdLZzOZThtBsfUTLg4qLIvr83W/XoMDaHIk
|
|
7brRLJLTmCR3RVOA4pv+5jt+E7owsasH0TRK4AoGjWopioPZutMEX0qsYDQYWJ2JkBzXyX
|
|
baXRK6zbV6wK+5U8pqMcwoOpoqwxE8e1fUy1WiuIqg4qGC4maqRhJusdUr9DEsW/XvSn4R
|
|
SA5PmoWQ7CPNlPyQNAu1m/xgf4PEYSEBFbkxuldBx3R+NqwP0gVzgD/aevM4oJbvoNRgn+
|
|
ZWHDS7VzUBKVTxrvMywrKjZpvEEPBujCi5btvZZkQKogmQC16aNCEepgk1eeFatmCm1tZo
|
|
YwkQNxFdjriNbh6dckWsku+Ys3U5zWlV6GS4sO7SjGEp0gGhuTJkIwxp2PS+k7kr/kufKy
|
|
3qf+W7/tPbLz6ibuipZwEl+mdqndJ1M2ilP3ffJHAAAFmE58+l9OfPpfAAAAB3NzaC1yc2
|
|
EAAAGBAL7dmS6wkNDwVJx0dqpjVc6yNLi1uKh+ZmkLC0pfrrxYFvpgGlf0l13Vrnb2Uyq8
|
|
MrtFLo/dVH/AKuuGovIXFV4NwXS2czmU4bQbH1Ey4OKiyL6/N1v16DA2hyJO260SyS05gk
|
|
d0VTgOKb/uY7fhO6MLGrB9E0SuAKBo1qKYqD2brTBF9KrGA0GFidiZAc18l22l0Sus21es
|
|
CvuVPKajHMKDqaKsMRPHtX1MtVoriKoOKhguJmqkYSbrHVK/QxLFv170p+EUgOT5qFkOwj
|
|
zZT8kDQLtZv8YH+DxGEhARW5MbpXQcd0fjasD9IFc4A/2nrzOKCW76DUYJ/mVhw0u1c1AS
|
|
lU8a7zMsKyo2abxBDwbowouW7b2WZECqIJkAtemjQhHqYJNXnhWrZgptbWaGMJEDcRXY64
|
|
jW4enXJFrJLvmLN1Oc1pVehkuLDu0oxhKdIBobkyZCMMadj0vpO5K/5Lnyst6n/lu/7T2y
|
|
8+om7oqWcBJfpnap3SdTNopT933yRwAAAAMBAAEAAAGAP0O+kZ5O8iKnORDVgJbai1/AX/
|
|
VEFv2Gvoy9mlJq3d0pCKawNLVLMvwwDxiI6qJlAnPlAiSv7IRq9ZS0ECCcoYdXt3L+cHir
|
|
84IF+Gkv549jkO5a0C2LX+fDFRkkcZLHgikMyNiDosf3CLpg7UNH/DwjBZr/twUiCgmWE2
|
|
Ecawdd+aFGfxCRZbd4wIW+9ji1DNAorBxou/+3yDpoVye70bHImbYPsmnA+55gglnpu8xk
|
|
IY2yiCiiVz8ZgiMJfYBz4t9ZGKHs/lpx8cSu1wQel9FwHMU2sU3y1z/ech/rguDLCc0n5v
|
|
UcOM4fTg3J6HaezRQF3DSaIS38DB99Eh4SaiUJGYDdHqzh5UuOxz/GlHKso2D+29NLwaHe
|
|
uzUQHdWLmpnxHTeh6mivdBvYI+JrML631EsnAEkLhHq+8W2RsbD29exEtD2rFCcvGMsqp6
|
|
x3YfvwNrlpjncFEAOQEQ7cTyxTcbeVkM9vppi7fqS3O8tgeEnrz5tZ56MWvdt5CdpJAAAA
|
|
wCpq/lyllVs8WOp2rtTJ5oDlVepuRN0yyYZiog4HPR/be86kQZ5LqioxmQDis58AqLChEW
|
|
cByAi8sYfHozqu/dFlqyss2k8OT5wyqFLaJVQ+CZtYDuV5CDRxcG5BzWxrnRKWVaIjHx0A
|
|
C8i417u3ivMQZco+ZDVkKFgU7XpJV4cpbf7CQYLWDF7Js6RKjBtfeiXuSp7iGeVoYz73cL
|
|
5UmyWikAXG4YLAyARTTbdiWAgTSqpAD+RXVwHaDRgMYouzwgAAAMEA2z/pLZeOLVb+leLO
|
|
EYdCvKIQ7bOF33m8hffFdLLl2eODqbDwHYFQ0+NGCGhQP/IJZxLCTFPHt701ZEAcML+U0o
|
|
BKGEGwoJYMGPtXdpRUTAJgikljTpZx4vhhcxbBxqbNPorxTitXKR91v1xhqyB6VtQG+GLr
|
|
osugYNIM8QmWXwb4gLKbYK2rYYlHDkVhZR0O3j2pS4KUvIoceo415Z+jrySWrk98SzLeJc
|
|
wP30nllvn9OJEs8N2atJlTu8mMAcItAAAAwQDe27eqdfDLCio/uqLktPD9V4ktJifpNh30
|
|
DK91GX/0fjF7IUabfjeyCCOVVIRB4Yru2xtvUMsCRbMqgFpJA3Zhq/JBs+ov/sZikE8/q3
|
|
Vr3lIweEH1o4AXFaREJOiu4AO8z3O2D9/OmDJHR7lfI8Z5/ShYIyxGWS3WNPTDjc3bE9Kz
|
|
PyUOaNu9uoP0l7fYNO1YEF+Zj0boZnE29Mzj2u6PdWAgnN43edsuYfg2py4dW3blnDku+k
|
|
7tpyHI/NDLcsMAAAAeYW5zaWJsZS1nZW5lcmF0ZWQgb24gbHMtMjAyNC05AQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 drew drew 584 Feb 1 14:45 /home/drew/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+3ZkusJDQ8FScdHaqY1XOsjS4tbiofmZpCwtKX668WBb6YBpX9Jdd1a529lMqvDK7RS6P3VR/wCrrhqLyFxVeDcF0tnM5lOG0Gx9RMuDiosi+vzdb9egwNociTtutEsktOYJHdFU4Dim/7mO34TujCxqwfRNErgCgaNaimKg9m60wRfSqxgNBhYnYmQHNfJdtpdErrNtXrAr7lTymoxzCg6mirDETx7V9TLVaK4iqDioYLiZqpGEm6x1Sv0MSxb9e9KfhFIDk+ahZDsI82U/JA0C7Wb/GB/g8RhIQEVuTG6V0HHdH42rA/SBXOAP9p68ziglu+g1GCf5lYcNLtXNQEpVPGu8zLCsqNmm8QQ8G6MKLlu29lmRAqiCZALXpo0IR6mCTV54Vq2YKbW1mhjCRA3EV2OuI1uHp1yRayS75izdTnNaVXoZLiw7tKMYSnSAaG5MmQjDGnY9L6TuSv+S58rLep/5bv+09svPqJu6KlnASX6Z2qd0nUzaKU/d98kc= ansible-generated on ls-2024-9
|
|
-rw------- 1 jordan jordan 2622 Feb 1 14:45 /home/jordan/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEAzhTk0G1xBT0BDYL9atu2/VN7aJ+aRwPGQNGJufm98XPezOnQdmyB
|
|
Dj7M4h082uS9Vlop/2oXABlsIs7t/nua436egQKe4TR7f2WV7oRmoKMZoST5FrRppebWVS
|
|
WDItvVwRyslREnfXPMV/xx6fILo0mba9EbQzEZBDqsQmO6q43RDNjAgpRY14j88NGUwqhp
|
|
QXcBKD1IGIvVNjCEoAmZ84WeiFHEaBa/bP/sckitamR1LDiZ8ofIevcmBwdEV9ZggvXdsb
|
|
OCiXBnszz9jTtvu6cg8BIt9XtOXP6qXaol7JAK0EwEWPqle8OFllpoNgE90IsBilvme1TY
|
|
1QVBWN3tZWf7mWQ+FRNmU8jV7S7SLM0OQjvB4d0OzYtPp1dLq/AYfSz1gVuvMwa5cu4AEa
|
|
RFCifDm83iY9/VTI61M/waXowPK2frsmKgc2Ahu7pkmQ2RhbDL+S6k8gbiqbFk6P4sXyUG
|
|
yNmSwJp2HzO0t0C382Yh3WZgD0mFHYxdElymQkehAAAFmCk661spOutbAAAAB3NzaC1yc2
|
|
EAAAGBAM4U5NBtcQU9AQ2C/Wrbtv1Te2ifmkcDxkDRibn5vfFz3szp0HZsgQ4+zOIdPNrk
|
|
vVZaKf9qFwAZbCLO7f57muN+noECnuE0e39lle6EZqCjGaEk+Ra0aaXm1lUlgyLb1cEcrJ
|
|
URJ31zzFf8cenyC6NJm2vRG0MxGQQ6rEJjuquN0QzYwIKUWNeI/PDRlMKoaUF3ASg9SBiL
|
|
1TYwhKAJmfOFnohRxGgWv2z/7HJIrWpkdSw4mfKHyHr3JgcHRFfWYIL13bGzgolwZ7M8/Y
|
|
07b7unIPASLfV7Tlz+ql2qJeyQCtBMBFj6pXvDhZZaaDYBPdCLAYpb5ntU2NUFQVjd7WVn
|
|
+5lkPhUTZlPI1e0u0izNDkI7weHdDs2LT6dXS6vwGH0s9YFbrzMGuXLuABGkRQonw5vN4m
|
|
Pf1UyOtTP8Gl6MDytn67JioHNgIbu6ZJkNkYWwy/kupPIG4qmxZOj+LF8lBsjZksCadh8z
|
|
tLdAt/NmId1mYA9JhR2MXRJcpkJHoQAAAAMBAAEAAAGAAXXC+HMfeKoMETy9/3wKncE7B8
|
|
pZQAQDPZwkI/R2359HHpR+RXent8S1PSLKNqvcp5ufK97NYfLsKMqdaCOFJirGrTxqGzUq
|
|
kXZmenmiettCGUd4XhWLPCPRwimiiJR1BkeYUMWwJM86BAN995yj1Depnz2MfsWQ5q5bzf
|
|
VkGPAVU5X9v5cU7dXXUHw9oQKiL0RsTTqyoW++5AHEYeqEpAExP9qG3/8fsHSONbHZ3ocK
|
|
IrBxUzK1rU8zZ5u8RKDTuaJR0Ap/cMi74GDlW1jNgPyneDa8whymZm2ZQpLGG7aFJl8X3L
|
|
//KsBdl1mFRyhV15DYCT40DsOR+NN1ubwKydeOFEmpURh2APK3w+xRgOMqCl1pbZIHNeMN
|
|
+QZxna0nK0wqghjm3nzEtvwGRYgXDmBokbGETFccWEN4aqc3ZI/4CzuxfM1XXlqE4zgORD
|
|
taUlEMZtCnrb8WCG+Uy0BKvWRunYAVPInyW4eSyt6KoGnJcO1qczvjO7kLtVEnqOXhAAAA
|
|
wQDZjKk/sjQR6NkKszEZsmynKVNPEdVvEbzUOkwdD2T7yXZgUaPqiZvsUjBKST/a1PZiKO
|
|
1qfaOgver35iMgr6cw7nUVve8ado5fQHzs6O/0sBTkTXYwL4aT1poIhBqB0YJbOGK+Mx4p
|
|
04Ye8QNe9FYLwoUZJ+KDDLPBEZaT8066e1+cc4kwZQXvxGqdwoiwyDUe+plMKCBsA0UXoI
|
|
euES4qRCVqWlMZTFWT6u3XGeu24f23cC3/zrLNzrqcPAxaQakAAADBAPIsQ3jaWD6aSizY
|
|
6OnJe5hEXCPrcHLeqRH8Ca73yz6vi+/0KiDMUHuGdFWxppvde5apVL8eOCxDByLB2oooVX
|
|
XcMbbB8cKvzOpWhW+7gjpmTDvH5WDi0fZ2veiwwIss6WfYIKPRi1WNPhVde3p0LNDwUrpp
|
|
3L5jyRXjtvfk1tgH7BjGhZLaQ3OW4CILd1h++MHUs208cokAPuog1eebTO33e+Qi+kCL5e
|
|
Nz+VJiDT2R/UC8P3HkXjtqzwJ+5r4+0QAAAMEA2dkZehAa3bfKWE9pnw32qBQsmHIES7uf
|
|
qtmGru8Z2h860C4ijeCnvu7o528oMf9eccgjTw/ev5hrK6Fe7A9JIot8x/eI0f6lIRiFey
|
|
ZMu2YoYCyD0CHUhZGW7cn1rn3lUQdQhV7+qPNFXqI/L7JJQRA+zEDyOIMztxcAGKvUsgWo
|
|
niRuzMFTT9DDe4cFHgfvqLpA+EwSlYBCFfeipEbOuIiuRGS+xcMupTImQJTJUPKEziE9fR
|
|
oQ/oy3BvPTRs/RAAAAHmFuc2libGUtZ2VuZXJhdGVkIG9uIGxzLTIwMjQtOQECAwQ=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 jordan jordan 584 Feb 1 14:45 /home/jordan/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOFOTQbXEFPQENgv1q27b9U3ton5pHA8ZA0Ym5+b3xc97M6dB2bIEOPsziHTza5L1WWin/ahcAGWwizu3+e5rjfp6BAp7hNHt/ZZXuhGagoxmhJPkWtGml5tZVJYMi29XBHKyVESd9c8xX/HHp8gujSZtr0RtDMRkEOqxCY7qrjdEM2MCClFjXiPzw0ZTCqGlBdwEoPUgYi9U2MISgCZnzhZ6IUcRoFr9s/+xySK1qZHUsOJnyh8h69yYHB0RX1mCC9d2xs4KJcGezPP2NO2+7pyDwEi31e05c/qpdqiXskArQTARY+qV7w4WWWmg2AT3QiwGKW+Z7VNjVBUFY3e1lZ/uZZD4VE2ZTyNXtLtIszQ5CO8Hh3Q7Ni0+nV0ur8Bh9LPWBW68zBrly7gARpEUKJ8ObzeJj39VMjrUz/BpejA8rZ+uyYqBzYCG7umSZDZGFsMv5LqTyBuKpsWTo/ixfJQbI2ZLAmnYfM7S3QLfzZiHdZmAPSYUdjF0SXKZCR6E= ansible-generated on ls-2024-9
|
|
-rw------- 1 kendall kendall 2622 Feb 1 14:45 /home/kendall/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEArEf9sx4+yTcBMsi3OrRUGQpUPge1ZuV2ueO8aab+WkmbVVUbyeMB
|
|
Pnyb0BgkfBCyC1cAqKeIwTRj0OvxQz7Ud5iptC5Pyb/PJHua8dOFtuweZn5RLM3ip5/GaQ
|
|
OzIrHVoPkilYQ7KX+yXPMnJsaIeXKoGR2QR0ajITyRimEn9VoQlA/cPs2T9uWuX30yBzoJ
|
|
BUeeCAnBEyR1Lhwvzmi7Hcb/JZy2HikCo7AwOWS/21byjeMpSSY0m1vLM4GB4AnG/eSYuP
|
|
7ZQD4WVWop66h0Vy4z0Aw1VONK/9hjc4IuUynkD42SI42RLGj+jCahCvKmzrJTyYSUPjl7
|
|
QnQ7SSpvrdYYEExjGsS/ACkJsmBvvV9D3tQFdg4WnD2yR0CY3iWO1Qn8L5n5Xv4r4jmFYs
|
|
upb1ZMYKDNjvr1QNVJsamiRYMNhhLryOZLjIiWMCExcpYtA3/7ZkgT5cFAkanpp4DtqJiv
|
|
Ot16ew72EJ0t6QKSNhSXLlzwpdBva8eKqMM+xWh7AAAFmI4rJKeOKySnAAAAB3NzaC1yc2
|
|
EAAAGBAKxH/bMePsk3ATLItzq0VBkKVD4HtWbldrnjvGmm/lpJm1VVG8njAT58m9AYJHwQ
|
|
sgtXAKiniME0Y9Dr8UM+1HeYqbQuT8m/zyR7mvHThbbsHmZ+USzN4qefxmkDsyKx1aD5Ip
|
|
WEOyl/slzzJybGiHlyqBkdkEdGoyE8kYphJ/VaEJQP3D7Nk/blrl99Mgc6CQVHnggJwRMk
|
|
dS4cL85oux3G/yWcth4pAqOwMDlkv9tW8o3jKUkmNJtbyzOBgeAJxv3kmLj+2UA+FlVqKe
|
|
uodFcuM9AMNVTjSv/YY3OCLlMp5A+NkiONkSxo/owmoQryps6yU8mElD45e0J0O0kqb63W
|
|
GBBMYxrEvwApCbJgb71fQ97UBXYOFpw9skdAmN4ljtUJ/C+Z+V7+K+I5hWLLqW9WTGCgzY
|
|
769UDVSbGpokWDDYYS68jmS4yIljAhMXKWLQN/+2ZIE+XBQJGp6aeA7aiYrzrdensO9hCd
|
|
LekCkjYUly5c8KXQb2vHiqjDPsVoewAAAAMBAAEAAAGAAeVuSWu/zSnUfYvwAwQRGOV1ip
|
|
PoeeV0qmnInRvAGPD5ILX7GacXUGoWskenFHvVOdgPTcvqRBYg3cp7BqkeYDfx8OXBmGWK
|
|
u3VmKIXnfDKacw5Y3mFgaUU87dL4mcfTTh5FNILBaUeFMw4KFEctzAhoXpO7ZCLG5jVrH1
|
|
bKayI+pHfi414SjtkgU4oROZB4oPI/hF8hx5Aof1rCu/GIfbS/Ai74t4RECdaFRrHGhXzY
|
|
1pmgJAn48kIkY8C9KTYc/J5GtsLqAFA7H8aqQn/wbl4VY7U0fFq9XlfyzOn/02TOHLxixw
|
|
NwGliraxVNYz82qhPZZZi6/NEmsSnxp+zdVCA9qBBBYTwmtQOIeHaYUHXFN+hc5T1ro0Ac
|
|
+aGmDwwhDF0Y2YvAIsM81L8ljCkvEixQUTC6SjNvgmlE8MwDinW+yCqagov63rtg26CUJq
|
|
+1jLo7e74nxftHbKHKfzMGJ/dlp7pBgXSqe4Npss1wz7rvYXaZehPt/oWk5QhWsilhAAAA
|
|
wDi2SyZThPmIhcQT/DSWMk+L4F60f6VoNflxrgJN9imxizmOqxDsUN3UT7OSYH9CDfPK2u
|
|
6GonjYV3YlH8iHW9zQJfnNeqvnJzFgqr18mVibU7hPECe4+KvGiH0DkHCYozUiYigco696
|
|
odtkf/BqfACRXEGZQ1LIQhkeabDkftgwGnO5ntALJuJv1G5wRfmfYxX9NkOV8f603nQudp
|
|
+mIP8yNo2ral5un/CgS8+cC5GwDvh7Ig7pyfxaSEk1nwJtrwAAAMEA4k/OGOoMSg3NRBXr
|
|
4/M+mLag4k7mPVVciSTJO7p+gXSCfYuLkgCqoezRdxtNStdTMR91TM5KssoxIrmhczjH/U
|
|
LM/9xcZBybs7TTv/gZcauHUXZOl9cJ7yAu3bF7pc5YLQdQy3NAiMLrRzW/UeoxEkaGuPch
|
|
ssvZw3wZ6oG/Owbo2b0kJnvaqm3LY7hLXLpQRSI8bS/rnQrByCHwszjn8qmb6PfEANyPA5
|
|
ZQa25q6/y7DOiDcdgTww5G0+tHsDXXAAAAwQDC4a/CDAMuLh56N5nj6Sr8+66vTZDJR0lo
|
|
CcqmspqBCn7VvCpFhpbiOcZ8azgcKryuMKFnnA3YhEjUQ8YgSbKx6UF+A5/5Trlcsaw/Zb
|
|
H1UD4WCEDyNrzw3viekolV2U8Wc1VHErldULDCTE4elJyOBPN+mNIYnTqJ2S4ZJ0s2glPJ
|
|
p6O8gR/zScjJD4sE35BnYAmCr8Ca6ZMqlByQ193Y31uOf4mgOngFurk255LDUmD1N8KchV
|
|
hsSGCxY6elBf0AAAAeYW5zaWJsZS1nZW5lcmF0ZWQgb24gbHMtMjAyNC05AQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 kendall kendall 584 Feb 1 14:45 /home/kendall/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsR/2zHj7JNwEyyLc6tFQZClQ+B7Vm5Xa547xppv5aSZtVVRvJ4wE+fJvQGCR8ELILVwCop4jBNGPQ6/FDPtR3mKm0Lk/Jv88ke5rx04W27B5mflEszeKnn8ZpA7MisdWg+SKVhDspf7Jc8ycmxoh5cqgZHZBHRqMhPJGKYSf1WhCUD9w+zZP25a5ffTIHOgkFR54ICcETJHUuHC/OaLsdxv8lnLYeKQKjsDA5ZL/bVvKN4ylJJjSbW8szgYHgCcb95Ji4/tlAPhZVainrqHRXLjPQDDVU40r/2GNzgi5TKeQPjZIjjZEsaP6MJqEK8qbOslPJhJQ+OXtCdDtJKm+t1hgQTGMaxL8AKQmyYG+9X0Pe1AV2DhacPbJHQJjeJY7VCfwvmfle/iviOYViy6lvVkxgoM2O+vVA1UmxqaJFgw2GEuvI5kuMiJYwITFyli0Df/tmSBPlwUCRqemngO2omK863Xp7DvYQnS3pApI2FJcuXPCl0G9rx4qowz7FaHs= ansible-generated on ls-2024-9
|
|
-rw------- 1 morgan morgan 2622 Feb 1 14:45 /home/morgan/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEAzdIy6JjtGIghvogkj+oTCBi9pUgqH29CHstt+K6bDTZyWWkBI06D
|
|
mxOwHNfJUpXyKToUj8ZVa+ukR79gjsdYl02ZqIj3Ir2emQkoBAhqtwg0lhsezcweGYBytC
|
|
ZYHZ97byi9k4gkXjXMPeqZhl16M43gLXzcDwS9m7EzJpRzhnP/go25tuel4XDUAuVXyoXa
|
|
Fbc3u0AOuGBK/LXzC0tPTcXKfGNO+adrrwh4Bp/C+WugCeUXpWn9r3KzVzcaWaSvUhZDaU
|
|
b0ErSbGAHtpXXsv5SY95ymq9jXVfUg/o1Gu4Ug4Zh0gI9vb1rdztwhWNgw0W+UqXIBO8vX
|
|
lDOtsyNH3Cgk6OmwqPhKOvkaeyG/zWo4RKlAztjUFhxkTL+kag0+8Mso4kZcivwEAKDg2p
|
|
QKyR80Y5wf44vkZmMLqhpcI2GsS5XW5VSTtf7pe2QBfislymfmnJdsWHxd8qHAwKFrb3Jb
|
|
/PjVPCwEA5tGtpxIAACepOGmVrZeNnMwUVyZJWVfAAAFmHaO7+x2ju/sAAAAB3NzaC1yc2
|
|
EAAAGBAM3SMuiY7RiIIb6IJI/qEwgYvaVIKh9vQh7Lbfiumw02cllpASNOg5sTsBzXyVKV
|
|
8ik6FI/GVWvrpEe/YI7HWJdNmaiI9yK9npkJKAQIarcINJYbHs3MHhmAcrQmWB2fe28ovZ
|
|
OIJF41zD3qmYZdejON4C183A8EvZuxMyaUc4Zz/4KNubbnpeFw1ALlV8qF2hW3N7tADrhg
|
|
Svy18wtLT03FynxjTvmna68IeAafwvlroAnlF6Vp/a9ys1c3Glmkr1IWQ2lG9BK0mxgB7a
|
|
V17L+UmPecpqvY11X1IP6NRruFIOGYdICPb29a3c7cIVjYMNFvlKlyATvL15QzrbMjR9wo
|
|
JOjpsKj4Sjr5Gnshv81qOESpQM7Y1BYcZEy/pGoNPvDLKOJGXIr8BACg4NqUCskfNGOcH+
|
|
OL5GZjC6oaXCNhrEuV1uVUk7X+6XtkAX4rJcpn5pyXbFh8XfKhwMCha29yW/z41TwsBAOb
|
|
RracSAAAnqThpla2XjZzMFFcmSVlXwAAAAMBAAEAAAGAFczvmCl9O5L3wrRYQxIaZUom6Z
|
|
cvjFgphb+AbM3PHeLS0TDzw5HxE1T423qTwsv1HslzHMN3kCXL0c8DODxZ4DTXqL1RMqcp
|
|
DFv8QWkZfJJBl6tUY5ynjNtJIFcgut/bStaNi08+ouf0iT5hzT9LeU3MHU/+CG01HtpHE7
|
|
gNAIR635Dex0aEEHv185SSlvX/N+ZJ4JXpY+gh0+Cl12ATt1DS9hftaTjYNBhOi6JnxtQl
|
|
MHHJQ7u/+NHKYzDdTqTIaI8hoy4W5feSdSshZyWowEelhAjVxXQgy3LbkmCfC0DdXbwwBp
|
|
3LIOigZEnfU+C6qVcfGs6e27T8tFjbk0ai5z3LPJRdMM+jneJ49vlImkh/vtuhEkALL2ZL
|
|
prNfhdIAxnZ99Mka4JJ7iqXay1MljvjvYQm7ud7RY/UP4HWOvEBTLuQYWD3tJld2OoTVfx
|
|
w/8nVrNZP4TZuXv4VC9VeTCeYgm6MiSeA1ZuK9ppAgxBgoQMnkYi5HJKWpxCT2DmzpAAAA
|
|
wQDggx6665BHQ5p4clfm5khjCX2+3fO8O6snJmxA+jQ4okjGVdpCecw8KaE2lT7Lu1Do1T
|
|
krJ4YKqQkwvngcd9Gi4gG4aXaTuktKt7hVGt9GsFu8siwSP0kjgjR31uVuly989vcp5Om8
|
|
kF9eYmDo6hjgnkI0FgURFvt2k5iKYTapEsCThHwPXo5Yi4RuKy250uiWp5eI106HiwbfdH
|
|
mlAWuenQ99CaOBUpgy5nblddNEiuxO4hx+AwYnqF5OlfZgaB8AAADBAOIURTI4povrgQ1b
|
|
eHrt2owiGpn9ZYWsvNPFFjme0uH0pexonZe+H65KV9gsMZw6wDop7YUx9crg38OUdCLlGD
|
|
jjfFBm2WYQUf2HqRCnUCC8qMFTcLr/ud0C3a2zwvbH4ZCbpv0v/naVQb749c/KlU4ox/gx
|
|
aCFd5FfCUeJ/PMcP9qAj9cFOaNjwntSkTVy/D50msfvUgtx751jN+z8ZE/kSavedJF44bE
|
|
9LLACzFofBF8y20QePo3vRM64QsxOyewAAAMEA6Q+Rx7EuXKPv1ljFG+m3rZykKnh6PTNc
|
|
CHncO13ZA01c2tjprPhWssbj0runSqIKxB/o1mvrDKmajGy6eW6HC3+r6dGieBdxAspTjW
|
|
GIuy4LjDWL58xc+1jR+hyHghbQaG/CYrTZEeeroff3MXZv1V7/qkdY9TZM9ScLUvFDm3Dq
|
|
6ict0uSketAXzv5ZB6D00xXABHmTrt+tX7sFP0ENo2XJWRtm047XhpP3Tt4XyBfuREc2E4
|
|
sKOud5zJYN8gVtAAAAHmFuc2libGUtZ2VuZXJhdGVkIG9uIGxzLTIwMjQtOQECAwQ=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 morgan morgan 584 Feb 1 14:45 /home/morgan/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDN0jLomO0YiCG+iCSP6hMIGL2lSCofb0Iey234rpsNNnJZaQEjToObE7Ac18lSlfIpOhSPxlVr66RHv2COx1iXTZmoiPcivZ6ZCSgECGq3CDSWGx7NzB4ZgHK0Jlgdn3tvKL2TiCReNcw96pmGXXozjeAtfNwPBL2bsTMmlHOGc/+Cjbm256XhcNQC5VfKhdoVtze7QA64YEr8tfMLS09Nxcp8Y075p2uvCHgGn8L5a6AJ5Relaf2vcrNXNxpZpK9SFkNpRvQStJsYAe2ldey/lJj3nKar2NdV9SD+jUa7hSDhmHSAj29vWt3O3CFY2DDRb5SpcgE7y9eUM62zI0fcKCTo6bCo+Eo6+Rp7Ib/NajhEqUDO2NQWHGRMv6RqDT7wyyjiRlyK/AQAoODalArJHzRjnB/ji+RmYwuqGlwjYaxLldblVJO1/ul7ZAF+KyXKZ+acl2xYfF3yocDAoWtvclv8+NU8LAQDm0a2nEgAAJ6k4aZWtl42czBRXJklZV8= ansible-generated on ls-2024-9
|
|
-rw------- 1 peyton peyton 2622 Feb 1 14:45 /home/peyton/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEA1ANceJtI4YOQXmq/GKvHCh4kTOZXS24nzCRNktiIzdnLbmpq1fXf
|
|
u5QoRF9s4pHAk+RzbLBn3NwUt3XnTY7U+gxgXkagTIVVwzHlWD8IhEbu9awIBTXkXxMZZg
|
|
pzjlA55Ui8FowG5Y9eNirqT5P2ddLwJtrKEIRGa7EXO2enkBblBndC+DjyvlNrD2Lqup2l
|
|
vaKiM5XrwlMOqL8WmJYSdnDlQK0Ny79e2BXY1rqK61IvqUbi+sO8iouOYS6QLmWdMOYfOz
|
|
iDEvL+XRoFNC/HU9mAEgKhhFXsOhkV79IkiYzLdZHvSVqv/QhpgqlYnHPUgq7bAbsBbl5T
|
|
pBrrR1NRTj1CaKZmfouZabO5/9xKzXiUs3OyDy2e5XbM9OfAbU0n/E2meA+m9w/B13R1/b
|
|
O/h3zMiufTa6R2AooW6YMlTYQ7p0vjgXQp1NTAoMdPY33xrpqarTEX4uG9/7GrQ+ZuKgn0
|
|
OsKHVkjyaXJmV6+vTYN2+3nMyWF+gI/f96WCJLeZAAAFmNzcdszc3HbMAAAAB3NzaC1yc2
|
|
EAAAGBANQDXHibSOGDkF5qvxirxwoeJEzmV0tuJ8wkTZLYiM3Zy25qatX137uUKERfbOKR
|
|
wJPkc2ywZ9zcFLd1502O1PoMYF5GoEyFVcMx5Vg/CIRG7vWsCAU15F8TGWYKc45QOeVIvB
|
|
aMBuWPXjYq6k+T9nXS8CbayhCERmuxFztnp5AW5QZ3Qvg48r5Taw9i6rqdpb2iojOV68JT
|
|
Dqi/FpiWEnZw5UCtDcu/XtgV2Na6iutSL6lG4vrDvIqLjmEukC5lnTDmHzs4gxLy/l0aBT
|
|
Qvx1PZgBICoYRV7DoZFe/SJImMy3WR70lar/0IaYKpWJxz1IKu2wG7AW5eU6Qa60dTUU49
|
|
QmimZn6LmWmzuf/cSs14lLNzsg8tnuV2zPTnwG1NJ/xNpngPpvcPwdd0df2zv4d8zIrn02
|
|
ukdgKKFumDJU2EO6dL44F0KdTUwKDHT2N98a6amq0xF+Lhvf+xq0PmbioJ9DrCh1ZI8mly
|
|
Zlevr02Ddvt5zMlhfoCP3/elgiS3mQAAAAMBAAEAAAGAX6yGobx9lpr+3sSwKMt33iZ8/i
|
|
DiGt2CYxqs0QwbLD3REio+vQAgLy9sPnKLmfDpJTQuLEmtDRtZ0/KGZ1cB4DcOk+yuMOno
|
|
qlXNZ9XGG59A/adc1TEdNhRR3VzxCbNFdSUuD8Sv5g8dFjemljOwwDno+re4AN0YREfdso
|
|
aTtK/IOXM/SvG0BVRylzZts7opjZqjNME+a2p8zoSxBzmN6loG8nlFpQDepYeyWzBCOXBU
|
|
psCg9EW5QxI4Nb3D/dQHWUbY80XezM0sH0H94+84/b3PfDqcFdlqSe/7X30lUfSfl05Ujm
|
|
ijcQeI/9qCkjR9lSLjkKz8mGp87vJsh9y99yYl6ZDGdqWn4sFVpE4fmZoeiDDLjO66WNdn
|
|
IEYah6UoDZLkIFTWPC5TUeAbMD8OD5ycGo5fiPNqk5rHumSDcgQoKV97phkMD8z5yHmOc2
|
|
VtExR3b14d61h9ttzBKx6GRQkaPS4epk1lKIEY8bh7B2Cf0n5YP+5MsTudDlri7TYTAAAA
|
|
wQDT95nKPur4PIkm8c6lJBOjTZ6SyetH5fGjSCEiZp5QVR7ojDEmrybCTR8T2Z+7lLVRHH
|
|
mJ1XmRFklQsDZvGq1F3qlnbU7JwjaFojM3Oh9Qgj03mwPWuzdon3BRLU/le/gwr5NuNcRh
|
|
alfET5uqWrXRj/SO7C8kViJu30RforUJMA7ZOiRI2rUdXXai82s4K4H0Gcihs2ArazgEms
|
|
TnUFyqibJHqVbCz0VxK6hHdt87eU4/Rg1eKp7X97MeHyBh0xQAAADBAPlINYOiK2AwPanj
|
|
hbF/Yyo+NcSv4TGDLAmBnpv9M39QotNsqMEW7MO0Otd6T0ReGZ1pd64Yyw0QdN9PTDKEZC
|
|
/iiD1o9IEXu6JkutGZfl0FOCeMbWum82YyMqvdgxKkAd9yz1xRT6Iraf7w2r87xlFRZGnD
|
|
lfcLRtqbtLr36SUMJtPFcvCPHDtFQPWclEyHtGtf8/giu3B9W/7TvdWb8X5qQAc7XoBdDE
|
|
3HQ3f6XDmrpzRkvP0CWr1bydOEmLrjzwAAAMEA2boI4Mmdyz/GBi9cHuMx0Il4PVoWw4V7
|
|
FuKQVdBbALjwvu++Nr+bVuguCI6b9ZdB7gOS6b9UR3TR1BMcxRDetQRrxeWkTej6lAPRxQ
|
|
JQ1RszxgfX4alYBpUXfXJHcwfHsJ6PzlzSJO/GBfR37+HQOBtncbZ5u9jiXhOMyj06Qf/W
|
|
fTNtbol2JBV5DSw4ZnTPI7vHTaHrVWCsVI8JEz+q9nYYkP5VfAghjyAxdOa5BqmrJN2LLh
|
|
lA6WMhQppWUcAXAAAAHmFuc2libGUtZ2VuZXJhdGVkIG9uIGxzLTIwMjQtOQECAwQ=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 peyton peyton 584 Feb 1 14:45 /home/peyton/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUA1x4m0jhg5Bear8Yq8cKHiRM5ldLbifMJE2S2IjN2ctuamrV9d+7lChEX2zikcCT5HNssGfc3BS3dedNjtT6DGBeRqBMhVXDMeVYPwiERu71rAgFNeRfExlmCnOOUDnlSLwWjAblj142KupPk/Z10vAm2soQhEZrsRc7Z6eQFuUGd0L4OPK+U2sPYuq6naW9oqIzlevCUw6ovxaYlhJ2cOVArQ3Lv17YFdjWuorrUi+pRuL6w7yKi45hLpAuZZ0w5h87OIMS8v5dGgU0L8dT2YASAqGEVew6GRXv0iSJjMt1ke9JWq/9CGmCqVicc9SCrtsBuwFuXlOkGutHU1FOPUJopmZ+i5lps7n/3ErNeJSzc7IPLZ7ldsz058BtTSf8TaZ4D6b3D8HXdHX9s7+HfMyK59NrpHYCihbpgyVNhDunS+OBdCnU1MCgx09jffGumpqtMRfi4b3/satD5m4qCfQ6wodWSPJpcmZXr69Ng3b7eczJYX6Aj9/3pYIkt5k= ansible-generated on ls-2024-9
|
|
-rw------- 1 taylor taylor 2622 Feb 1 14:45 /home/taylor/.ssh/id_rsa
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
NhAAAAAwEAAQAAAYEA0fkYQSqqIpTmHq3TBwJ85g9BDh92Fqww6QS44E+pJ9WPLtiWwDiZ
|
|
vD8tAQXTCcgGTwShmjUVPiTUzvTFt0497wX3C17bpIj/g1XjjChe0+HfkU/IHjm6HruoXg
|
|
z94l9vpU6esAsxwMYXVACcBWE0D1/fBVcSW7DLOmVHql8AEHekoh3mIF6QvvnBkg5Y6EjX
|
|
oG/EaDkaQyxXDNGs5K+Etjpa5qZzIUP3V4Ai7TbeYsy4IrCRt3MJ06oWJqm3Z5yZWuXO9y
|
|
W31JwQGb48GLNkiDkmMN9ri/hsJ3uAFnIPfGEycP/OrkO66FTShi9ciGWoPjtGBouSB9pY
|
|
sQJVxJqByLoS5r4CNi8BU/UDB3T4TrlHHI+TDSIFePcSnZox3Quu7/o8Vi8HOSRP/6KHwO
|
|
Q27xu2d+nM6Zmipj3O1Rd2jyOQXQUUUfMeTin0nWnzLYI+RsIZXLcSlQgydMQcFiS5rImm
|
|
sPsqfWCHKNOYI6VfoNTCRzVggKUAABq42z0Ew9M5AAAFmLLs0i6y7NIuAAAAB3NzaC1yc2
|
|
EAAAGBANH5GEEqqiKU5h6t0wcCfOYPQQ4fdhasMOkEuOBPqSfVjy7YlsA4mbw/LQEF0wnI
|
|
Bk8EoZo1FT4k1M70xbdOPe8F9wte26SI/4NV44woXtPh35FPyB45uh67qF4M/eJfb6VOnr
|
|
ALMcDGF1QAnAVhNA9f3wVXEluwyzplR6pfABB3pKId5iBekL75wZIOWOhI16BvxGg5GkMs
|
|
VwzRrOSvhLY6WuamcyFD91eAIu023mLMuCKwkbdzCdOqFiapt2ecmVrlzvclt9ScEBm+PB
|
|
izZIg5JjDfa4v4bCd7gBZyD3xhMnD/zq5DuuhU0oYvXIhlqD47RgaLkgfaWLECVcSagci6
|
|
Eua+AjYvAVP1Awd0+E65RxyPkw0iBXj3Ep2aMd0Lru/6PFYvBzkkT/+ih8DkNu8btnfpzO
|
|
mZoqY9ztUXdo8jkF0FFFHzHk4p9J1p8y2CPkbCGVy3EpUIMnTEHBYkuayJprD7Kn1ghyjT
|
|
mCOlX6DUwkc1YIClAAAauNs9BMPTOQAAAAMBAAEAAAGACz8FEmHMyLBinkG00VB2ocMvD/
|
|
4VuZjRv9FNw6SQof5kE7VsZvGWeQjbNLhRTtn5+IZ+JKpzhPy9BzQArlTlp/qQ+k4Y2Thb
|
|
Pcy+X3XpalN+ls5dS2fPyltGZSSF/qIaR+eCRASSzslCsPBIFa5YoaWCu6BSbpB1ZMnNll
|
|
hN7RPeFgQgR3COiSQLFEhqG6WMeF6JeFmX81bEd354J6wnoV5WcGR5kHkO846nOumwQejG
|
|
yK4zXSOEuGOzmbDdDr104mcUVrxkkwXJWsQ9iiGsjclqxzV2wSNu9CZsvGf2+LN4ZzU0pY
|
|
lwulZTVAZRF75n0zMWi6ob2yB87PfEfhd1XaUOsLgO6E9IA7kNlch/Kt3zrGMM4IlHAB/M
|
|
8/1YiXlQFPDcvcs4rOP07+Y+9Fkypo6MaT9AP0PDcvYp86uwvmaOJ7d0ettq3cs1s/yVGy
|
|
N6JtB3/AacNyK73Lua1HbWuh/D3a0BdkhYHJxrmndpmrv8FXqFVsvsUgRk5D8v/A0/AAAA
|
|
wD5bnpa0rnS+vUnI2I0cttWeKCAmP8GKBRsj3ReOCqX3TWkWBQnTNQU4kD/rT1DQ3j+iHw
|
|
nrd09uueFDxmLmQQMuk/mN5/9l1SoJczbYOsYAZoAhA9oGjuQ3AccYyr/+zUn3w4BANO3T
|
|
GZSKPTj5NCgBmtvjklno+ZiI/WXIz2C2yYLSPz5QK4orAXecfVNDrZiDXlYs0gh9mmM21F
|
|
UpsabrFeZT1PRi+S2UT4IJIg7oDBmq1Z3ytlNtz7sT80zr6QAAAMEA9nl6Lw3P0UvgAM5I
|
|
Bia0hpjyA09FO/wNHrC2yWGgQAnEhHsSsOPOW28oX9dPWBrIlxB387Sj6s2YopBaUGWKOu
|
|
4FmJwZe29E2W2Jml9dOk43skAU53jltnt9DENjKEYTOdDjX6U/sAVp78yS8N3H3ngqlXm8
|
|
vnIPKfCwaGBCrANaVnE85orhN0pqCtWinXV4WzFdCAkNqMsX3UjidzQiv8w4ZMFLMiMRYq
|
|
tv23Q0iyaRjHRQbsiiaCp7g8Km6x6LAAAAwQDaFnxliNd2uXwi4q6UG6ra/JQPmFhMl84H
|
|
fP1J8zK3FrINgwf0OkjTB09sINvGAf+W0Ax77x4PghemWLCyoJRu4UM6zL2jC3au7/ZFia
|
|
SCjCfiG5IpDYXoITFZ/Kmrmw+kJtFvBd+xI1Xy0ffIosYQtZyA3ljwv4x629OrmJoqk488
|
|
qPPsy1XoLf2xJzDk/w2XEOb70Y41q/ioLDx45/hBAAq6GAWu5vvWL+vIJfr52crDMcElvV
|
|
yEHCBdnE+uMcsAAAAeYW5zaWJsZS1nZW5lcmF0ZWQgb24gbHMtMjAyNC05AQIDBAU=
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
-rw-r--r-- 1 taylor taylor 584 Feb 1 14:45 /home/taylor/.ssh/id_rsa.pub
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDR+RhBKqoilOYerdMHAnzmD0EOH3YWrDDpBLjgT6kn1Y8u2JbAOJm8Py0BBdMJyAZPBKGaNRU+JNTO9MW3Tj3vBfcLXtukiP+DVeOMKF7T4d+RT8geOboeu6heDP3iX2+lTp6wCzHAxhdUAJwFYTQPX98FVxJbsMs6ZUeqXwAQd6SiHeYgXpC++cGSDljoSNegb8RoORpDLFcM0azkr4S2OlrmpnMhQ/dXgCLtNt5izLgisJG3cwnTqhYmqbdnnJla5c73JbfUnBAZvjwYs2SIOSYw32uL+Gwne4AWcg98YTJw/86uQ7roVNKGL1yIZag+O0YGi5IH2lixAlXEmoHIuhLmvgI2LwFT9QMHdPhOuUccj5MNIgV49xKdmjHdC67v+jxWLwc5JE//oofA5DbvG7Z36czpmaKmPc7VF3aPI5BdBRRR8x5OKfSdafMtgj5GwhlctxKVCDJ0xBwWJLmsiaaw+yp9YIco05gjpV+g1MJHNWCApQAAGrjbPQTD0zk= ansible-generated on ls-2024-9
|
|
|
|
|
|
|
|
-rw------- 1 root root 565 Feb 1 14:47 /root/.ssh/authorized_keys
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFeyPsS/zvRqho8r1ZosjOve5dP080XcvryKm6tb5k68kavPwpX4TDRTL9kPI2iF7xVPYWCqYJT+Bmn6S7+OcwfVVfIx59+rMPXMvsG9oLZfU6s1P0ogPH+0Nxnn/4N6hT+yJMzNbDKWsqPA7uXjmOUHLaIGvTfjhT+tA5ofWgMvOIRIdjSewVVFqsRvQZHc4ZppP6IBx43G7dBOHEKPI7y01O6WsEltErdPlTZQWDf43gO5GxwPFawgrRekT3YY8qo8U1kJMho46ajby3qoWO3RITb76fc4qiTK418AUoQFAndcbRYuhBNlWUYOwYEZm2fCtG44WvG0ckuUKL1CdB jernej.porenta@3fs.si
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/DLidFTt+BEa8YbFKE1DwyjbhdxhgZJGZYDOsbFGVh
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/DLidFTt+BEa8YbFKE1DwyjbhdxhgZJGZYDOsbFGVh
|
|
-rw------- 1 unbound unbound 565 Feb 1 14:38 /var/lib/unbound/.ssh/authorized_keys
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKOliO5L0TA84lclwmsdu+Wcm/r3LDQH9G2jICZ3ECC
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFeyPsS/zvRqho8r1ZosjOve5dP080XcvryKm6tb5k68kavPwpX4TDRTL9kPI2iF7xVPYWCqYJT+Bmn6S7+OcwfVVfIx59+rMPXMvsG9oLZfU6s1P0ogPH+0Nxnn/4N6hT+yJMzNbDKWsqPA7uXjmOUHLaIGvTfjhT+tA5ofWgMvOIRIdjSewVVFqsRvQZHc4ZppP6IBx43G7dBOHEKPI7y01O6WsEltErdPlTZQWDf43gO5GxwPFawgrRekT3YY8qo8U1kJMho46ajby3qoWO3RITb76fc4qiTK418AUoQFAndcbRYuhBNlWUYOwYEZm2fCtG44WvG0ckuUKL1CdB jernej.porenta@3fs.si
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/DLidFTt+BEa8YbFKE1DwyjbhdxhgZJGZYDOsbFGVh
|
|
|
|
-rw-r--r-- 1 root root 604 Feb 1 14:23 /etc/ssh/ssh_host_dsa_key.pub
|
|
-rw-r--r-- 1 root root 176 Feb 1 14:23 /etc/ssh/ssh_host_ecdsa_key.pub
|
|
-rw-r--r-- 1 root root 96 Feb 1 14:23 /etc/ssh/ssh_host_echd_key.pub
|
|
-rw-r--r-- 1 root root 96 Feb 1 14:23 /etc/ssh/ssh_host_ed25519_key.pub
|
|
-rw-r--r-- 1 root root 568 Feb 1 14:23 /etc/ssh/ssh_host_rsa_key.pub
|
|
-rw-r--r-- 1 alex alex 584 Feb 1 14:45 /home/alex/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 blake blake 584 Feb 1 14:45 /home/blake/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 cameron cameron 584 Feb 1 14:45 /home/cameron/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 casey casey 584 Feb 1 14:45 /home/casey/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 drew drew 584 Feb 1 14:45 /home/drew/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 jordan jordan 584 Feb 1 14:45 /home/jordan/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 kendall kendall 584 Feb 1 14:45 /home/kendall/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 morgan morgan 584 Feb 1 14:45 /home/morgan/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 peyton peyton 584 Feb 1 14:45 /home/peyton/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 taylor taylor 584 Feb 1 14:45 /home/taylor/.ssh/id_rsa.pub
|
|
-rw-r--r-- 1 root root 179 Jan 2 2023 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/ssh/ssh_host_ecdsa_key.pub
|
|
-rw-r--r-- 1 root root 99 Jan 2 2023 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/ssh/ssh_host_ed25519_key.pub
|
|
-rw-r--r-- 1 root root 399 Jan 2 2023 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/ssh/ssh_host_rsa_key.pub
|
|
-rw-r--r-- 1 root root 179 Jan 2 2023 /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/etc/ssh/ssh_host_ecdsa_key.pub
|
|
-rw-r--r-- 1 root root 99 Jan 2 2023 /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/etc/ssh/ssh_host_ed25519_key.pub
|
|
-rw-r--r-- 1 root root 399 Jan 2 2023 /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/etc/ssh/ssh_host_rsa_key.pub
|
|
|
|
PermitRootLogin yes
|
|
PasswordAuthentication no
|
|
PermitEmptyPasswords yes
|
|
UsePAM no
|
|
|
|
══╣ Possible private SSH keys were found!
|
|
/etc/ssh/ssh_host_rsa_key
|
|
/etc/ssh/ssh_host_ecdsa_key
|
|
/etc/ssh/ssh_host_ed25519_key
|
|
/etc/ssh/ssh_host_dsa_key
|
|
/home/peyton/.ssh/id_rsa
|
|
/home/morgan/.ssh/id_rsa
|
|
/home/blake/.ssh/id_rsa
|
|
/home/drew/.ssh/id_rsa
|
|
/home/casey/.ssh/id_rsa
|
|
/home/jordan/.ssh/id_rsa
|
|
/home/alex/.ssh/id_rsa
|
|
/home/kendall/.ssh/id_rsa
|
|
/home/cameron/.ssh/id_rsa
|
|
/home/taylor/.ssh/id_rsa
|
|
|
|
══╣ Some certificates were found (out limited):
|
|
/etc/pollinate/entropy.ubuntu.com.pem
|
|
/etc/ssl/certs/ACCVRAIZ1.pem
|
|
/etc/ssl/certs/AC_RAIZ_FNMT-RCM.pem
|
|
/etc/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
|
|
/etc/ssl/certs/ANF_Secure_Server_Root_CA.pem
|
|
/etc/ssl/certs/Actalis_Authentication_Root_CA.pem
|
|
/etc/ssl/certs/AffirmTrust_Commercial.pem
|
|
/etc/ssl/certs/AffirmTrust_Networking.pem
|
|
/etc/ssl/certs/AffirmTrust_Premium.pem
|
|
/etc/ssl/certs/AffirmTrust_Premium_ECC.pem
|
|
/etc/ssl/certs/Amazon_Root_CA_1.pem
|
|
/etc/ssl/certs/Amazon_Root_CA_2.pem
|
|
/etc/ssl/certs/Amazon_Root_CA_3.pem
|
|
/etc/ssl/certs/Amazon_Root_CA_4.pem
|
|
/etc/ssl/certs/Atos_TrustedRoot_2011.pem
|
|
/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
|
|
/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem
|
|
/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
|
|
/etc/ssl/certs/Buypass_Class_2_Root_CA.pem
|
|
/etc/ssl/certs/Buypass_Class_3_Root_CA.pem
|
|
1793PSTORAGE_CERTSBIN
|
|
|
|
══╣ Writable ssh and gpg agents
|
|
/etc/X11/Xsession.d/90gpg-agent
|
|
/etc/logcheck/ignore.d.server/gpg-agent
|
|
/etc/systemd/user/sockets.target.wants/gpg-agent.socket
|
|
/etc/systemd/user/sockets.target.wants/gpg-agent-ssh.socket
|
|
/etc/systemd/user/sockets.target.wants/gpg-agent-extra.socket
|
|
/etc/systemd/user/sockets.target.wants/gpg-agent-browser.socket
|
|
══╣ Some home ssh config file was found
|
|
/usr/share/openssh/sshd_config
|
|
Include /etc/ssh/sshd_config.d/*.conf
|
|
KbdInteractiveAuthentication no
|
|
UsePAM yes
|
|
X11Forwarding yes
|
|
PrintMotd no
|
|
AcceptEnv LANG LC_*
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
|
|
══╣ /etc/hosts.allow file found, trying to read the rules:
|
|
/etc/hosts.allow
|
|
|
|
|
|
Searching inside /etc/ssh/ssh_config for interesting info
|
|
Include /etc/ssh/ssh_config.d/*.conf
|
|
Host *
|
|
SendEnv LANG LC_*
|
|
HashKnownHosts yes
|
|
GSSAPIAuthentication yes
|
|
|
|
╔══════════╣ Analyzing PAM Auth Files (limit 70)
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:47 /etc/pam.d
|
|
-rw-r--r-- 1 root root 2133 Nov 23 2022 /etc/pam.d/sshd
|
|
account required pam_nologin.so
|
|
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
|
session required pam_loginuid.so
|
|
session optional pam_keyinit.so force revoke
|
|
session optional pam_motd.so motd=/run/motd.dynamic
|
|
session optional pam_motd.so noupdate
|
|
session optional pam_mail.so standard noenv # [1]
|
|
session required pam_limits.so
|
|
session required pam_env.so # [1]
|
|
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
|
|
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
|
|
|
|
|
╔══════════╣ Analyzing FreeIPA Files (limit 70)
|
|
drwxr-xr-x 2 root root 4096 Mar 17 2023 /usr/src/linux-headers-5.15.0-67/drivers/net/ipa
|
|
|
|
|
|
|
|
|
|
|
|
╔══════════╣ Searching tmux sessions
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-shell-sessions
|
|
tmux 3.2a
|
|
|
|
|
|
/tmp/tmux-0
|
|
╔══════════╣ Analyzing Cloud Init Files (limit 70)
|
|
-rw-r--r-- 1 root root 3786 Dec 8 2022 /snap/core20/1828/etc/cloud/cloud.cfg
|
|
lock_passwd: True
|
|
-rw-r--r-- 1 root root 3756 Sep 6 17:11 /snap/core20/2105/etc/cloud/cloud.cfg
|
|
lock_passwd: True
|
|
|
|
╔══════════╣ Analyzing Keyring Files (limit 70)
|
|
drwxr-xr-x 2 root root 4096 Apr 8 2022 /etc/apt/keyrings
|
|
drwxr-xr-x 2 root root 200 Feb 7 2023 /snap/core20/1828/usr/share/keyrings
|
|
drwxr-xr-x 2 root root 200 Nov 23 08:13 /snap/core20/2105/usr/share/keyrings
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:24 /usr/share/keyrings
|
|
drwxr-xr-x 2 root root 4096 Dec 9 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings
|
|
drwxr-xr-x 2 root root 4096 Dec 9 2020 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings
|
|
|
|
|
|
|
|
|
|
╔══════════╣ Searching uncommon passwd files (splunk)
|
|
passwd file: /etc/pam.d/passwd
|
|
passwd file: /etc/passwd
|
|
passwd file: /snap/core20/1828/etc/pam.d/passwd
|
|
passwd file: /snap/core20/1828/etc/passwd
|
|
passwd file: /snap/core20/1828/usr/share/bash-completion/completions/passwd
|
|
passwd file: /snap/core20/1828/usr/share/lintian/overrides/passwd
|
|
passwd file: /snap/core20/1828/var/lib/extrausers/passwd
|
|
passwd file: /snap/core20/2105/etc/pam.d/passwd
|
|
passwd file: /snap/core20/2105/etc/passwd
|
|
passwd file: /snap/core20/2105/usr/share/bash-completion/completions/passwd
|
|
passwd file: /snap/core20/2105/usr/share/lintian/overrides/passwd
|
|
passwd file: /snap/core20/2105/var/lib/extrausers/passwd
|
|
passwd file: /usr/share/bash-completion/completions/passwd
|
|
passwd file: /usr/share/lintian/overrides/passwd
|
|
passwd file: /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/pam.d/passwd
|
|
passwd file: /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/passwd
|
|
passwd file: /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/pam.d/passwd
|
|
passwd file: /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/passwd
|
|
passwd file: /var/lib/containers/storage/overlay/98074541ea3b10ad46266d8675687b485fc4ad15e7ed53414b295568892fee8e/diff/etc/passwd
|
|
passwd file: /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/etc/passwd
|
|
|
|
╔══════════╣ Analyzing PGP-GPG Files (limit 70)
|
|
/usr/bin/gpg
|
|
netpgpkeys Not Found
|
|
netpgp Not Found
|
|
|
|
-rw-r--r-- 1 root root 2794 Mar 26 2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
|
|
-rw-r--r-- 1 root root 1733 Mar 26 2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
|
|
-rw-r--r-- 1 root root 7399 Sep 17 2018 /snap/core20/1828/usr/share/keyrings/ubuntu-archive-keyring.gpg
|
|
-rw-r--r-- 1 root root 6713 Oct 27 2016 /snap/core20/1828/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
|
|
-rw-r--r-- 1 root root 4097 Feb 6 2018 /snap/core20/1828/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
|
|
-rw-r--r-- 1 root root 0 Jan 17 2018 /snap/core20/1828/usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg
|
|
-rw-r--r-- 1 root root 1227 May 27 2010 /snap/core20/1828/usr/share/keyrings/ubuntu-master-keyring.gpg
|
|
-rw-r--r-- 1 root root 7399 Sep 17 2018 /snap/core20/2105/usr/share/keyrings/ubuntu-archive-keyring.gpg
|
|
-rw-r--r-- 1 root root 6713 Oct 27 2016 /snap/core20/2105/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
|
|
-rw-r--r-- 1 root root 4097 Feb 6 2018 /snap/core20/2105/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
|
|
-rw-r--r-- 1 root root 0 Jan 17 2018 /snap/core20/2105/usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg
|
|
-rw-r--r-- 1 root root 1227 May 27 2010 /snap/core20/2105/usr/share/keyrings/ubuntu-master-keyring.gpg
|
|
-rw-r--r-- 1 root root 2899 Jul 4 2022 /usr/share/gnupg/distsigkey.gpg
|
|
-rw-r--r-- 1 root root 2287 Sep 27 2022 /usr/share/keyrings/droplet-agent-keyring.gpg
|
|
-rw-r--r-- 1 root root 2247 Feb 28 2023 /usr/share/keyrings/ubuntu-advantage-cc-eal.gpg
|
|
-rw-r--r-- 1 root root 2274 Feb 28 2023 /usr/share/keyrings/ubuntu-advantage-cis.gpg
|
|
-rw-r--r-- 1 root root 2236 Feb 28 2023 /usr/share/keyrings/ubuntu-advantage-esm-apps.gpg
|
|
-rw-r--r-- 1 root root 2264 Feb 28 2023 /usr/share/keyrings/ubuntu-advantage-esm-infra-trusty.gpg
|
|
-rw-r--r-- 1 root root 2275 Feb 28 2023 /usr/share/keyrings/ubuntu-advantage-fips.gpg
|
|
-rw-r--r-- 1 root root 2250 Feb 28 2023 /usr/share/keyrings/ubuntu-advantage-realtime-kernel.gpg
|
|
-rw-r--r-- 1 root root 2235 Feb 28 2023 /usr/share/keyrings/ubuntu-advantage-ros.gpg
|
|
-rw-r--r-- 1 root root 7399 Sep 17 2018 /usr/share/keyrings/ubuntu-archive-keyring.gpg
|
|
-rw-r--r-- 1 root root 6713 Oct 27 2016 /usr/share/keyrings/ubuntu-archive-removed-keys.gpg
|
|
-rw-r--r-- 1 root root 3023 Mar 26 2021 /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
|
|
-rw-r--r-- 1 root root 0 Jan 17 2018 /usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg
|
|
-rw-r--r-- 1 root root 1227 May 27 2010 /usr/share/keyrings/ubuntu-master-keyring.gpg
|
|
-rw-r--r-- 1 root root 8132 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
|
|
-rw-r--r-- 1 root root 8141 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2332 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
|
|
-rw-r--r-- 1 root root 5106 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
|
|
-rw-r--r-- 1 root root 5115 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2763 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
|
|
-rw-r--r-- 1 root root 7443 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
|
|
-rw-r--r-- 1 root root 7452 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2263 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
|
|
-rw-r--r-- 1 root root 8132 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-buster-automatic.gpg
|
|
-rw-r--r-- 1 root root 8141 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-buster-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2332 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-buster-stable.gpg
|
|
-rw-r--r-- 1 root root 5106 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-jessie-automatic.gpg
|
|
-rw-r--r-- 1 root root 5115 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-jessie-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2763 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-jessie-stable.gpg
|
|
-rw-r--r-- 1 root root 48747 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-keyring.gpg
|
|
-rw-r--r-- 1 root root 23889 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-removed-keys.gpg
|
|
-rw-r--r-- 1 root root 7443 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-stretch-automatic.gpg
|
|
-rw-r--r-- 1 root root 7452 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-stretch-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2263 Apr 23 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/share/keyrings/debian-archive-stretch-stable.gpg
|
|
-rw-r--r-- 1 root root 8132 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
|
|
-rw-r--r-- 1 root root 8141 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2332 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
|
|
-rw-r--r-- 1 root root 5106 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
|
|
-rw-r--r-- 1 root root 5115 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2763 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
|
|
-rw-r--r-- 1 root root 7443 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
|
|
-rw-r--r-- 1 root root 7452 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2263 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
|
|
-rw-r--r-- 1 root root 8132 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-buster-automatic.gpg
|
|
-rw-r--r-- 1 root root 8141 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-buster-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2332 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-buster-stable.gpg
|
|
-rw-r--r-- 1 root root 5106 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-jessie-automatic.gpg
|
|
-rw-r--r-- 1 root root 5115 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-jessie-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2763 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-jessie-stable.gpg
|
|
-rw-r--r-- 1 root root 48747 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-keyring.gpg
|
|
-rw-r--r-- 1 root root 23889 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-removed-keys.gpg
|
|
-rw-r--r-- 1 root root 7443 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-stretch-automatic.gpg
|
|
-rw-r--r-- 1 root root 7452 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-stretch-security-automatic.gpg
|
|
-rw-r--r-- 1 root root 2263 Apr 23 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/share/keyrings/debian-archive-stretch-stable.gpg
|
|
-rw-r--r-- 1 root root 2236 Feb 1 14:23 /var/lib/ubuntu-advantage/apt-esm/etc/apt/trusted.gpg.d/ubuntu-advantage-esm-apps.gpg
|
|
|
|
|
|
|
|
╔══════════╣ Analyzing Postfix Files (limit 70)
|
|
-rwxr-xr-x 1 root root 3089 Mar 30 2023 /etc/init.d/postfix
|
|
|
|
-rw-r--r-- 1 root root 30 Jan 29 08:02 /etc/insserv.conf.d/postfix
|
|
|
|
-rwxr-xr-x 1 root root 800 Jan 29 08:02 /etc/network/if-down.d/postfix
|
|
|
|
-rwxr-xr-x 1 root root 1183 Jan 29 08:02 /etc/network/if-up.d/postfix
|
|
|
|
drwxr-xr-x 5 root root 4096 Feb 1 14:37 /etc/postfix
|
|
-rw-r--r-- 1 root root 6524 Feb 1 14:36 /etc/postfix/master.cf
|
|
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
|
|
# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
|
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
|
|
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
|
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
|
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
|
|
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
|
|
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
|
|
|
|
-rwxr-xr-x 1 root root 800 Jan 29 08:02 /etc/ppp/ip-down.d/postfix
|
|
|
|
-rwxr-xr-x 1 root root 1183 Jan 29 08:02 /etc/ppp/ip-up.d/postfix
|
|
|
|
-rwxr-xr-x 1 root root 441 Jan 29 08:02 /etc/resolvconf/update-libc.d/postfix
|
|
|
|
-rw-r--r-- 1 root root 361 Jan 29 08:02 /etc/ufw/applications.d/postfix
|
|
|
|
-rw-r--r-- 1 root root 813 Feb 2 2020 /snap/core20/1828/usr/share/bash-completion/completions/postfix
|
|
|
|
-rw-r--r-- 1 root root 813 Feb 2 2020 /snap/core20/2105/usr/share/bash-completion/completions/postfix
|
|
|
|
-rwxr-xr-x 1 root root 800 Jan 29 08:02 /usr/lib/networkd-dispatcher/off.d/postfix
|
|
|
|
-rwxr-xr-x 1 root root 1183 Jan 29 08:02 /usr/lib/networkd-dispatcher/routable.d/postfix
|
|
|
|
drwxr-xr-x 3 root root 4096 Feb 1 14:36 /usr/lib/postfix
|
|
|
|
-rw-r--r-- 1 root root 13300 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/logs/postfix
|
|
|
|
-rwxr-xr-x 1 root root 18816 Jan 29 08:02 /usr/sbin/postfix
|
|
|
|
-rw-r--r-- 1 root root 761 Nov 15 2021 /usr/share/bash-completion/completions/postfix
|
|
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:36 /usr/share/doc/postfix
|
|
|
|
-rw-r--r-- 1 root root 319 Jan 29 08:02 /usr/share/lintian/overrides/postfix
|
|
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:36 /usr/share/postfix
|
|
|
|
drwxr-xr-x 2 postfix postfix 4096 Feb 1 14:37 /var/lib/postfix
|
|
|
|
drwxr-xr-x 20 root root 4096 Feb 1 14:37 /var/spool/postfix
|
|
|
|
|
|
╔══════════╣ Analyzing FTP Files (limit 70)
|
|
-rw-r--r-- 1 root root 637 Nov 23 2020 /etc/fail2ban/filter.d/vsftpd.conf
|
|
|
|
|
|
|
|
-rw-r--r-- 1 root root 69 Aug 18 11:41 /etc/php/8.1/mods-available/ftp.ini
|
|
-rw-r--r-- 1 root root 69 Aug 18 11:41 /usr/share/php8.1-common/common/ftp.ini
|
|
|
|
|
|
|
|
|
|
|
|
|
|
╔══════════╣ Analyzing DNS Files (limit 70)
|
|
-rw-r--r-- 1 root root 826 Nov 15 2021 /usr/share/bash-completion/completions/bind
|
|
-rw-r--r-- 1 root root 826 Nov 15 2021 /usr/share/bash-completion/completions/bind
|
|
|
|
|
|
|
|
|
|
╔══════════╣ Analyzing Cacti Files (limit 70)
|
|
drwxr-xr-x 2 root root 4096 Feb 1 14:36 /usr/share/doc/fail2ban/examples/cacti
|
|
|
|
|
|
|
|
|
|
|
|
╔══════════╣ Analyzing Interesting logs Files (limit 70)
|
|
lrwxrwxrwx 1 www-data www-data 11 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/var/log/apache2/access.log -> /dev/stdout
|
|
lrwxrwxrwx 1 www-data www-data 11 Dec 11 2020 /var/lib/containers/storage/overlay/fda57903e9f43dc02ae8315fc92ac23d40d45f161406063cd720d3402b88e388/diff/var/log/apache2/access.log -> /dev/stdout
|
|
-rw-r----- 1 www-data adm 12844 Feb 2 08:13 /var/log/nginx/access.log
|
|
|
|
lrwxrwxrwx 1 www-data www-data 11 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/var/log/apache2/error.log -> /dev/stderr
|
|
lrwxrwxrwx 1 www-data www-data 11 Dec 11 2020 /var/lib/containers/storage/overlay/fda57903e9f43dc02ae8315fc92ac23d40d45f161406063cd720d3402b88e388/diff/var/log/apache2/error.log -> /dev/stderr
|
|
-rw-r----- 1 mysql adm 6716 Feb 2 07:59 /var/log/mysql/error.log
|
|
-rw-r----- 1 www-data adm 78 Feb 1 14:38 /var/log/nginx/error.log
|
|
|
|
╔══════════╣ Analyzing Windows Files (limit 70)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
lrwxrwxrwx 1 root root 20 Feb 1 14:38 /etc/alternatives/my.cnf -> /etc/mysql/mysql.cnf
|
|
lrwxrwxrwx 1 root root 24 Feb 1 14:36 /etc/mysql/my.cnf -> /etc/alternatives/my.cnf
|
|
-rw-r--r-- 1 root root 81 Feb 1 14:38 /var/lib/dpkg/alternatives/my.cnf
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
╔══════════╣ Analyzing Other Interesting Files (limit 70)
|
|
-rw-r--r-- 1 root root 3771 Feb 1 14:47 /etc/skel/.bashrc
|
|
-rw-r--r-- 1 alex alex 3771 Jan 6 2022 /home/alex/.bashrc
|
|
-rw-r--r-- 1 blake blake 3771 Jan 6 2022 /home/blake/.bashrc
|
|
-rw-r--r-- 1 cameron cameron 3771 Jan 6 2022 /home/cameron/.bashrc
|
|
-rw-r--r-- 1 casey casey 3771 Jan 6 2022 /home/casey/.bashrc
|
|
-rw-r--r-- 1 drew drew 3771 Jan 6 2022 /home/drew/.bashrc
|
|
-rw-r--r-- 1 jordan jordan 3771 Jan 6 2022 /home/jordan/.bashrc
|
|
-rw-r--r-- 1 kendall kendall 3771 Jan 6 2022 /home/kendall/.bashrc
|
|
-rw-r--r-- 1 morgan morgan 3771 Jan 6 2022 /home/morgan/.bashrc
|
|
-rw-r--r-- 1 peyton peyton 3771 Jan 6 2022 /home/peyton/.bashrc
|
|
-rw-r--r-- 1 taylor taylor 3771 Jan 6 2022 /home/taylor/.bashrc
|
|
-rw-r--r-- 1 root root 3106 Feb 1 14:47 /root/.bashrc
|
|
-rw-r--r-- 1 root root 3771 Feb 25 2020 /snap/core20/1828/etc/skel/.bashrc
|
|
-rw-r--r-- 1 root root 3106 Dec 5 2019 /snap/core20/1828/root/.bashrc
|
|
-rw-r--r-- 1 root root 3771 Feb 25 2020 /snap/core20/2105/etc/skel/.bashrc
|
|
-rw-r--r-- 1 root root 3106 Dec 5 2019 /snap/core20/2105/root/.bashrc
|
|
-rw-r--r-- 1 root root 3526 Apr 18 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/skel/.bashrc
|
|
-rw-r--r-- 1 root root 570 Jan 31 2010 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/root/.bashrc
|
|
-rw-r--r-- 1 root root 3526 Apr 18 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/skel/.bashrc
|
|
-rw-r--r-- 1 root root 570 Jan 31 2010 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/root/.bashrc
|
|
|
|
|
|
|
|
|
|
|
|
-rw-r--r-- 1 root root 807 Jan 6 2022 /etc/skel/.profile
|
|
-rw-r--r-- 1 alex alex 807 Jan 6 2022 /home/alex/.profile
|
|
-rw-r--r-- 1 blake blake 807 Jan 6 2022 /home/blake/.profile
|
|
-rw-r--r-- 1 cameron cameron 807 Jan 6 2022 /home/cameron/.profile
|
|
-rw-r--r-- 1 casey casey 807 Jan 6 2022 /home/casey/.profile
|
|
-rw-r--r-- 1 drew drew 807 Jan 6 2022 /home/drew/.profile
|
|
-rw-r--r-- 1 jordan jordan 807 Jan 6 2022 /home/jordan/.profile
|
|
-rw-r--r-- 1 kendall kendall 807 Jan 6 2022 /home/kendall/.profile
|
|
-rw-r--r-- 1 morgan morgan 807 Jan 6 2022 /home/morgan/.profile
|
|
-rw-r--r-- 1 peyton peyton 807 Jan 6 2022 /home/peyton/.profile
|
|
-rw-r--r-- 1 taylor taylor 807 Jan 6 2022 /home/taylor/.profile
|
|
-rw-r--r-- 1 root root 161 Jul 9 2019 /root/.profile
|
|
-rw-r--r-- 1 root root 807 Feb 25 2020 /snap/core20/1828/etc/skel/.profile
|
|
-rw-r--r-- 1 root root 161 Dec 5 2019 /snap/core20/1828/root/.profile
|
|
-rw-r--r-- 1 root root 807 Feb 25 2020 /snap/core20/2105/etc/skel/.profile
|
|
-rw-r--r-- 1 root root 161 Dec 5 2019 /snap/core20/2105/root/.profile
|
|
-rw-r--r-- 1 root root 807 Apr 18 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/skel/.profile
|
|
-rw-r--r-- 1 root root 148 Aug 17 2015 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/root/.profile
|
|
-rw-r--r-- 1 root root 807 Apr 18 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/skel/.profile
|
|
-rw-r--r-- 1 root root 148 Aug 17 2015 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/root/.profile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
100 833k 100 833k 0 0 15159 0 0:00:56 0:00:56 --:--:-- 15190
|
|
╔════════════════════════════════════╗
|
|
══════════════════════╣ Files with Interesting Permissions ╠══════════════════════
|
|
╚════════════════════════════════════╝
|
|
╔══════════╣ SUID - Check easy privesc, exploits and write perms
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid
|
|
-rwsr-xr-x 1 root root 19K Feb 26 2022 /usr/libexec/polkit-agent-helper-1
|
|
-rwsr-xr-x 1 root root 331K Nov 23 2022 /usr/lib/openssh/ssh-keysign
|
|
-rwsr-xr-x 1 root root 136K Dec 1 2022 /usr/lib/snapd/snap-confine ---> Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304)
|
|
-rwsr-xr-- 1 root messagebus 35K Oct 25 2022 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
|
|
-rwsr-sr-x 1 daemon daemon 55K Apr 14 2022 /usr/bin/at ---> RTru64_UNIX_4.0g(CVE-2002-1614)
|
|
-rwsr-sr-x 1 root root 115K Jul 11 2018 /usr/bin/pexec
|
|
-rwsr-xr-x 1 root root 28K Nov 24 2022 /usr/bin/newuidmap
|
|
-rwsr-xr-x 1 root root 35K Feb 21 2022 /usr/bin/umount ---> BSD/Linux(08-1996)
|
|
-rwsr-xr-x 1 root root 35K Mar 23 2022 /usr/bin/fusermount3
|
|
-rwsr-xr-x 1 root root 39K Oct 18 2021 /usr/bin/doas
|
|
-rwsr-xr-x 1 root root 40K Nov 24 2022 /usr/bin/newgrp ---> HP-UX_10.20
|
|
-rwsr-xr-x 1 root root 55K Feb 21 2022 /usr/bin/su
|
|
-rwsr-xr-x 1 root root 31K Feb 26 2022 /usr/bin/pkexec ---> Linux4.10_to_5.1.17(CVE-2019-13272)/rhel_6(CVE-2011-1485)
|
|
-rwsr-xr-x 1 root root 59K Nov 24 2022 /usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
|
|
-rwsr-xr-x 1 root root 71K Nov 24 2022 /usr/bin/gpasswd
|
|
-rwsr-xr-x 1 root root 44K Nov 24 2022 /usr/bin/chsh
|
|
-rwsr-xr-x 1 root root 28K Nov 24 2022 /usr/bin/newgidmap
|
|
-rwsr-xr-x 1 root root 47K Feb 21 2022 /usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
|
|
-rwsr-xr-x 1 root root 227K Mar 1 2023 /usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable
|
|
-rwsr-xr-x 1 root root 72K Nov 24 2022 /usr/bin/chfn ---> SuSE_9.3/10
|
|
-rwsr-xr-x 1 root root 427K Jan 31 2020 /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/usr/lib/openssh/ssh-keysign
|
|
-rwsr-xr-- 1 root systemd-timesync 50K Oct 10 2022 /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/usr/lib/dbus-1.0/dbus-daemon-launch-helper
|
|
-rwsr-xr-x 1 root root 154K Nov 7 2022 /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable
|
|
-rwsr-xr-x 1 root root 427K Jan 31 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/lib/openssh/ssh-keysign
|
|
-rwsr-xr-- 1 root systemd-timesync 50K Oct 10 2022 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/lib/dbus-1.0/dbus-daemon-launch-helper
|
|
-rwsr-xr-x 1 root root 44K Jul 27 2018 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/newgrp ---> HP-UX_10.20
|
|
-rwsr-xr-x 1 root root 63K Jul 27 2018 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
|
|
-rwsr-xr-x 1 root root 83K Jul 27 2018 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/gpasswd
|
|
-rwsr-xr-x 1 root root 44K Jul 27 2018 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/chsh
|
|
-rwsr-xr-x 1 root root 53K Jul 27 2018 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/chfn ---> SuSE_9.3/10
|
|
-rwsr-xr-x 1 root root 154K Nov 7 2022 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable
|
|
-rwsr-xr-x 1 root root 35K Jan 10 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/bin/umount ---> BSD/Linux(08-1996)
|
|
-rwsr-xr-x 1 root root 63K Jan 10 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/bin/su
|
|
-rwsr-xr-x 1 root root 51K Jan 10 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
|
|
-rwsr-xr-x 1 root root 44K Jul 27 2018 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/bin/newgrp ---> HP-UX_10.20
|
|
-rwsr-xr-x 1 root root 63K Jul 27 2018 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
|
|
-rwsr-xr-x 1 root root 83K Jul 27 2018 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/bin/gpasswd
|
|
-rwsr-xr-x 1 root root 44K Jul 27 2018 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/bin/chsh
|
|
-rwsr-xr-x 1 root root 53K Jul 27 2018 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/bin/chfn ---> SuSE_9.3/10
|
|
-rwsr-xr-x 1 root root 35K Jan 10 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/bin/umount ---> BSD/Linux(08-1996)
|
|
-rwsr-xr-x 1 root root 63K Jan 10 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/bin/su
|
|
-rwsr-xr-x 1 root root 51K Jan 10 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
|
|
-rwsr-xr-x 1 root root 84K Nov 29 2022 /snap/core20/2105/usr/bin/chfn ---> SuSE_9.3/10
|
|
-rwsr-xr-x 1 root root 52K Nov 29 2022 /snap/core20/2105/usr/bin/chsh
|
|
-rwsr-xr-x 1 root root 87K Nov 29 2022 /snap/core20/2105/usr/bin/gpasswd
|
|
-rwsr-xr-x 1 root root 55K May 30 2023 /snap/core20/2105/usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
|
|
-rwsr-xr-x 1 root root 44K Nov 29 2022 /snap/core20/2105/usr/bin/newgrp ---> HP-UX_10.20
|
|
-rwsr-xr-x 1 root root 67K Nov 29 2022 /snap/core20/2105/usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
|
|
-rwsr-xr-x 1 root root 67K May 30 2023 /snap/core20/2105/usr/bin/su
|
|
-rwsr-xr-x 1 root root 163K Apr 4 2023 /snap/core20/2105/usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable
|
|
-rwsr-xr-x 1 root root 39K May 30 2023 /snap/core20/2105/usr/bin/umount ---> BSD/Linux(08-1996)
|
|
-rwsr-xr-- 1 root systemd-resolve 51K Oct 25 2022 /snap/core20/2105/usr/lib/dbus-1.0/dbus-daemon-launch-helper
|
|
-rwsr-xr-x 1 root root 463K Aug 4 22:02 /snap/core20/2105/usr/lib/openssh/ssh-keysign
|
|
-rwsr-xr-x 1 root root 84K Nov 29 2022 /snap/core20/1828/usr/bin/chfn ---> SuSE_9.3/10
|
|
-rwsr-xr-x 1 root root 52K Nov 29 2022 /snap/core20/1828/usr/bin/chsh
|
|
-rwsr-xr-x 1 root root 87K Nov 29 2022 /snap/core20/1828/usr/bin/gpasswd
|
|
-rwsr-xr-x 1 root root 55K Feb 7 2022 /snap/core20/1828/usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
|
|
-rwsr-xr-x 1 root root 44K Nov 29 2022 /snap/core20/1828/usr/bin/newgrp ---> HP-UX_10.20
|
|
-rwsr-xr-x 1 root root 67K Nov 29 2022 /snap/core20/1828/usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
|
|
-rwsr-xr-x 1 root root 67K Feb 7 2022 /snap/core20/1828/usr/bin/su
|
|
-rwsr-xr-x 1 root root 163K Jan 16 2023 /snap/core20/1828/usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable
|
|
-rwsr-xr-x 1 root root 39K Feb 7 2022 /snap/core20/1828/usr/bin/umount ---> BSD/Linux(08-1996)
|
|
-rwsr-xr-- 1 root systemd-resolve 51K Oct 25 2022 /snap/core20/1828/usr/lib/dbus-1.0/dbus-daemon-launch-helper
|
|
-rwsr-xr-x 1 root root 463K Mar 30 2022 /snap/core20/1828/usr/lib/openssh/ssh-keysign
|
|
-rwsr-xr-x 1 root root 129K Nov 29 14:54 /snap/snapd/20671/usr/lib/snapd/snap-confine ---> Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304)
|
|
-rwsr-xr-x 1 root root 121K Jan 25 2023 /snap/snapd/18357/usr/lib/snapd/snap-confine ---> Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304)
|
|
|
|
╔══════════╣ SGID
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid
|
|
-rwxr-sr-x 1 root shadow 23K Feb 2 2023 /usr/sbin/pam_extrausers_chkpwd
|
|
-r-xr-sr-x 1 root postdrop 23K Jan 29 08:02 /usr/sbin/postqueue
|
|
-r-xr-sr-x 1 root postdrop 23K Jan 29 08:02 /usr/sbin/postdrop
|
|
-rwxr-sr-x 1 root shadow 27K Feb 2 2023 /usr/sbin/unix_chkpwd
|
|
-rwxr-sr-x 1 root utmp 15K Mar 24 2022 /usr/lib/x86_64-linux-gnu/utempter/utempter
|
|
-rwsr-sr-x 1 daemon daemon 55K Apr 14 2022 /usr/bin/at ---> RTru64_UNIX_4.0g(CVE-2002-1614)
|
|
-rwxr-sr-x 1 root shadow 71K Nov 24 2022 /usr/bin/chage
|
|
-rwxr-sr-x 1 root tty 23K Feb 21 2022 /usr/bin/wall
|
|
-rwsr-sr-x 1 root root 115K Jul 11 2018 /usr/bin/pexec
|
|
-rwxr-sr-x 1 root mail 23K Mar 24 2022 /usr/bin/dotlockfile
|
|
-rwxr-sr-x 1 root _ssh 287K Nov 23 2022 /usr/bin/ssh-agent
|
|
-rwxr-sr-x 1 root crontab 39K Mar 23 2022 /usr/bin/crontab
|
|
-rwxr-sr-x 1 root shadow 23K Nov 24 2022 /usr/bin/expiry
|
|
-rwxr-sr-x 1 root tty 23K Feb 21 2022 /usr/bin/write.ul (Unknown SGID binary)
|
|
-rwxr-sr-x 1 root messagebus 315K Jan 31 2020 /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/usr/bin/ssh-agent
|
|
-rwxr-sr-x 1 root shadow 39K Feb 14 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/sbin/unix_chkpwd
|
|
-rwxr-sr-x 1 root shadow 71K Jul 27 2018 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/chage
|
|
-rwxr-sr-x 1 root tty 35K Jan 10 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/wall
|
|
-rwxr-sr-x 1 root shadow 31K Jul 27 2018 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/expiry
|
|
-rwxr-sr-x 1 root messagebus 315K Jan 31 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/bin/ssh-agent
|
|
-rwxr-sr-x 1 root shadow 39K Feb 14 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/sbin/unix_chkpwd
|
|
-rwxr-sr-x 1 root shadow 71K Jul 27 2018 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/bin/chage
|
|
-rwxr-sr-x 1 root tty 35K Jan 10 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/bin/wall
|
|
-rwxr-sr-x 1 root shadow 31K Jul 27 2018 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/usr/bin/expiry
|
|
-rwxr-sr-x 1 root shadow 83K Nov 29 2022 /snap/core20/2105/usr/bin/chage
|
|
-rwxr-sr-x 1 root shadow 31K Nov 29 2022 /snap/core20/2105/usr/bin/expiry
|
|
-rwxr-sr-x 1 root messagebus 343K Aug 4 22:02 /snap/core20/2105/usr/bin/ssh-agent
|
|
-rwxr-sr-x 1 root tty 35K May 30 2023 /snap/core20/2105/usr/bin/wall
|
|
-rwxr-sr-x 1 root shadow 43K Feb 2 2023 /snap/core20/2105/usr/sbin/pam_extrausers_chkpwd
|
|
-rwxr-sr-x 1 root shadow 43K Feb 2 2023 /snap/core20/2105/usr/sbin/unix_chkpwd
|
|
-rwxr-sr-x 1 root shadow 83K Nov 29 2022 /snap/core20/1828/usr/bin/chage
|
|
-rwxr-sr-x 1 root shadow 31K Nov 29 2022 /snap/core20/1828/usr/bin/expiry
|
|
-rwxr-sr-x 1 root messagebus 343K Mar 30 2022 /snap/core20/1828/usr/bin/ssh-agent
|
|
-rwxr-sr-x 1 root tty 35K Feb 7 2022 /snap/core20/1828/usr/bin/wall
|
|
-rwxr-sr-x 1 root shadow 43K Feb 2 2023 /snap/core20/1828/usr/sbin/pam_extrausers_chkpwd
|
|
-rwxr-sr-x 1 root shadow 43K Feb 2 2023 /snap/core20/1828/usr/sbin/unix_chkpwd
|
|
|
|
╔══════════╣ Capabilities
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities
|
|
══╣ Current shell capabilities
|
|
CapInh: 0x0000000000000000=
|
|
CapPrm: 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
|
|
CapEff: 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
|
|
CapBnd: 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
|
|
CapAmb: 0x0000000000000000=
|
|
|
|
══╣ Parent process capabilities
|
|
CapInh: 0x0000000000000000=
|
|
CapPrm: 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
|
|
CapEff: 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
|
|
CapBnd: 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
|
|
CapAmb: 0x0000000000000000=
|
|
|
|
|
|
Files with capabilities (limited to 50):
|
|
/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper cap_net_bind_service,cap_net_admin=ep
|
|
/usr/bin/mtr-packet cap_net_raw=ep
|
|
/usr/bin/ping cap_net_raw=ep
|
|
/var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/bin/ping cap_net_raw=ep
|
|
/var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/bin/ping cap_net_raw=ep
|
|
/snap/core20/2105/usr/bin/ping cap_net_raw=ep
|
|
/snap/core20/1828/usr/bin/ping cap_net_raw=ep
|
|
|
|
╔══════════╣ Users with capabilities
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities
|
|
|
|
╔══════════╣ AppArmor binary profiles
|
|
-rw-r--r-- 1 root root 3500 Jan 31 2023 sbin.dhclient
|
|
-rw-r--r-- 1 root root 3448 Mar 17 2022 usr.bin.man
|
|
-rw-r--r-- 1 root root 1518 Feb 10 2023 usr.bin.tcpdump
|
|
-rw-r--r-- 1 root root 28486 Dec 1 2022 usr.lib.snapd.snap-confine.real
|
|
-rw-r--r-- 1 root root 2006 Jan 17 20:13 usr.sbin.mysqld
|
|
-rw-r--r-- 1 root root 1592 Nov 16 2021 usr.sbin.rsyslogd
|
|
-rw-r--r-- 1 root root 1205 Nov 15 2022 usr.sbin.unbound
|
|
|
|
╔══════════╣ Files with ACLs (limited to 50)
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#acls
|
|
files with acls in searched folders Not Found
|
|
|
|
╔══════════╣ Files (scripts) in /etc/profile.d/
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#profiles-files
|
|
|
|
╔══════════╣ Permissions in init, init.d, systemd, and rc.d
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#init-init-d-systemd-and-rc-d
|
|
|
|
═╣ Hashes inside passwd file? ........... No
|
|
═╣ Writable passwd file? ................ /etc/passwd is writable
|
|
═╣ Credentials in fstab/mtab? ........... No
|
|
═╣ Can I read shadow files? ............. root:jhzE1DqmxFI4U:19755:0:99999:7:::
|
|
daemon:*:19433:0:99999:7:::
|
|
bin:*:19433:0:99999:7:::
|
|
sys:*:19433:0:99999:7:::
|
|
sync:*:19433:0:99999:7:::
|
|
games:*:19433:0:99999:7:::
|
|
man:*:19433:0:99999:7:::
|
|
lp:*:19433:0:99999:7:::
|
|
mail:*:19433:0:99999:7:::
|
|
news:*:19433:0:99999:7:::
|
|
uucp:*:19433:0:99999:7:::
|
|
proxy:*:19433:0:99999:7:::
|
|
www-data:*:19433:0:99999:7:::
|
|
backup:*:19433:0:99999:7:::
|
|
list:*:19433:0:99999:7:::
|
|
irc:*:19433:0:99999:7:::
|
|
gnats:*:19433:0:99999:7:::
|
|
nobody:*:19433:0:99999:7:::
|
|
systemd-network:*:19433:0:99999:7:::
|
|
systemd-resolve:*:19433:0:99999:7:::
|
|
messagebus:*:19433:0:99999:7:::
|
|
systemd-timesync:*:19433:0:99999:7:::
|
|
syslog:*:19433:0:99999:7:::
|
|
_apt:*:19433:0:99999:7:::
|
|
tss:*:19433:0:99999:7:::
|
|
uuidd:*:19433:0:99999:7:::
|
|
tcpdump:*:19433:0:99999:7:::
|
|
sshd:*:19433:0:99999:7:::
|
|
pollinate:*:19433:0:99999:7:::
|
|
landscape:*:19433:0:99999:7:::
|
|
fwupd-refresh:*:19433:0:99999:7:::
|
|
lxd:!:19754::::::
|
|
mysql:!:19754:0:99999:7:::
|
|
dnsmasq:*:19754:0:99999:7:::
|
|
postfix:*:19754:0:99999:7:::
|
|
unbound:*:19754:0:99999:7:::
|
|
alex:$1$FNgvGvqE$xBwDNv31lMukto/Zt0c4q0:19754:0:99999:7:::
|
|
jordan:$1$HjWUQwqV$wfAJYkukIvhuLV0qcIUt9.:19754:0:99999:7:::
|
|
taylor:$1$Xw13Npg9$dd67JA1xWDtCuEIKAY1.91:19754:0:99999:7:::
|
|
morgan:$1$CP.SkF68$ADKewzV6R7hYMYGds2KA21:19754:0:99999:7:::
|
|
casey:$1$dqoPX9VP$nr6Mlxo4Te95amThpqt7T/:19754:0:99999:7:::
|
|
blake:$1$A56eVMJ8$1Iu3UVNxH4U4t/v8pV0vV/:19754:0:99999:7:::
|
|
cameron:$1$3qFB4qSu$gwkFA6nVAqcm5RhZ7kBLS0:19754:0:99999:7:::
|
|
peyton:$1$bPhx55UQ$OGSuRzQ/XwUweNgPgWMje.:19754:0:99999:7:::
|
|
kendall:$1$i.0TYn3t$dBbfMIwOQ3GK7V1Hcu.1e.:19754:0:99999:7:::
|
|
drew:$1$Pvgz9b3s$yTMlz2PmD6MwXFLkDHBK5.:19754:0:99999:7:::
|
|
root:$6$oZsCie.9DSySo3xN$J54WwMKZYqThLSQ1duV1wDhGBBDSvuW239E7mIhSNbsoY35903ug4Jb2gqVipMkajpexUrCRuAPIBhqlxqqiZ1:19754:0:99999:7:::
|
|
daemon:*:19433:0:99999:7:::
|
|
bin:*:19433:0:99999:7:::
|
|
sys:*:19433:0:99999:7:::
|
|
sync:*:19433:0:99999:7:::
|
|
games:*:19433:0:99999:7:::
|
|
man:*:19433:0:99999:7:::
|
|
lp:*:19433:0:99999:7:::
|
|
mail:*:19433:0:99999:7:::
|
|
news:*:19433:0:99999:7:::
|
|
uucp:*:19433:0:99999:7:::
|
|
proxy:*:19433:0:99999:7:::
|
|
www-data:*:19433:0:99999:7:::
|
|
backup:*:19433:0:99999:7:::
|
|
list:*:19433:0:99999:7:::
|
|
irc:*:19433:0:99999:7:::
|
|
gnats:*:19433:0:99999:7:::
|
|
nobody:*:19433:0:99999:7:::
|
|
systemd-network:*:19433:0:99999:7:::
|
|
systemd-resolve:*:19433:0:99999:7:::
|
|
messagebus:*:19433:0:99999:7:::
|
|
systemd-timesync:*:19433:0:99999:7:::
|
|
syslog:*:19433:0:99999:7:::
|
|
_apt:*:19433:0:99999:7:::
|
|
tss:*:19433:0:99999:7:::
|
|
uuidd:*:19433:0:99999:7:::
|
|
tcpdump:*:19433:0:99999:7:::
|
|
sshd:*:19433:0:99999:7:::
|
|
pollinate:*:19433:0:99999:7:::
|
|
landscape:*:19433:0:99999:7:::
|
|
fwupd-refresh:*:19433:0:99999:7:::
|
|
lxd:!:19754::::::
|
|
mysql:!:19754:0:99999:7:::
|
|
dnsmasq:*:19754:0:99999:7:::
|
|
postfix:*:19754:0:99999:7:::
|
|
unbound:*:19754:0:99999:7:::
|
|
alex:$1$FNgvGvqE$xBwDNv31lMukto/Zt0c4q0:19754:0:99999:7:::
|
|
jordan:$1$HjWUQwqV$wfAJYkukIvhuLV0qcIUt9.:19754:0:99999:7:::
|
|
taylor:$1$Xw13Npg9$dd67JA1xWDtCuEIKAY1.91:19754:0:99999:7:::
|
|
morgan:$1$CP.SkF68$ADKewzV6R7hYMYGds2KA21:19754:0:99999:7:::
|
|
casey:$1$dqoPX9VP$nr6Mlxo4Te95amThpqt7T/:19754:0:99999:7:::
|
|
blake:$1$A56eVMJ8$1Iu3UVNxH4U4t/v8pV0vV/:19754:0:99999:7:::
|
|
cameron:$1$3qFB4qSu$gwkFA6nVAqcm5RhZ7kBLS0:19754:0:99999:7:::
|
|
peyton:$1$bPhx55UQ$OGSuRzQ/XwUweNgPgWMje.:19754:0:99999:7:::
|
|
kendall:$1$i.0TYn3t$dBbfMIwOQ3GK7V1Hcu.1e.:19754:0:99999:7:::
|
|
root:*::
|
|
daemon:*::
|
|
bin:*::
|
|
sys:*::
|
|
adm:*::syslog
|
|
tty:*::
|
|
disk:*::
|
|
lp:*::
|
|
mail:*::
|
|
news:*::
|
|
uucp:*::
|
|
man:*::
|
|
proxy:*::
|
|
kmem:*::
|
|
dialout:*::
|
|
fax:*::
|
|
voice:*::
|
|
cdrom:*::
|
|
floppy:*::
|
|
tape:*::
|
|
sudo:*::kendall,drew
|
|
audio:*::
|
|
dip:*::
|
|
www-data:*::
|
|
backup:*::
|
|
operator:*::
|
|
list:*::
|
|
irc:*::
|
|
src:*::
|
|
gnats:*::
|
|
shadow:*::
|
|
utmp:*::
|
|
video:*::
|
|
sasl:*::
|
|
plugdev:*::
|
|
staff:*::
|
|
games:*::
|
|
users:*::alex,jordan,taylor,morgan,casey,blake,cameron,peyton,kendall,drew
|
|
nogroup:*::
|
|
systemd-journal:!::
|
|
systemd-network:!::
|
|
systemd-resolve:!::
|
|
crontab:!::
|
|
messagebus:!::
|
|
systemd-timesync:!::
|
|
input:!::
|
|
sgx:!::
|
|
kvm:!::
|
|
render:!::
|
|
syslog:!::
|
|
tss:!::
|
|
uuidd:!::
|
|
tcpdump:!::
|
|
_ssh:!::
|
|
landscape:!::
|
|
fwupd-refresh:!::
|
|
admin:!::
|
|
netdev:!::
|
|
lxd:!::
|
|
mysql:!::
|
|
ssl-cert:!::
|
|
postfix:!::taylor
|
|
postdrop:!::
|
|
unbound:!::
|
|
logs:!::jordan,taylor,cameron,peyton,kendall,drew
|
|
lvm:!::jordan,casey
|
|
alex:!::
|
|
jordan:!::
|
|
taylor:!::
|
|
morgan:!::
|
|
casey:!::
|
|
blake:!::
|
|
cameron:!::
|
|
peyton:!::
|
|
kendall:!::
|
|
drew:!::
|
|
root:*::
|
|
daemon:*::
|
|
bin:*::
|
|
sys:*::
|
|
adm:*::syslog
|
|
tty:*::
|
|
disk:*::
|
|
lp:*::
|
|
mail:*::
|
|
news:*::
|
|
uucp:*::
|
|
man:*::
|
|
proxy:*::
|
|
kmem:*::
|
|
dialout:*::
|
|
fax:*::
|
|
voice:*::
|
|
cdrom:*::
|
|
floppy:*::
|
|
tape:*::
|
|
sudo:*::kendall
|
|
audio:*::
|
|
dip:*::
|
|
www-data:*::
|
|
backup:*::
|
|
operator:*::
|
|
list:*::
|
|
irc:*::
|
|
src:*::
|
|
gnats:*::
|
|
shadow:*::
|
|
utmp:*::
|
|
video:*::
|
|
sasl:*::
|
|
plugdev:*::
|
|
staff:*::
|
|
games:*::
|
|
users:*::alex,jordan,taylor,morgan,casey,blake,cameron,peyton,kendall
|
|
nogroup:*::
|
|
systemd-journal:!::
|
|
systemd-network:!::
|
|
systemd-resolve:!::
|
|
crontab:!::
|
|
messagebus:!::
|
|
systemd-timesync:!::
|
|
input:!::
|
|
sgx:!::
|
|
kvm:!::
|
|
render:!::
|
|
syslog:!::
|
|
tss:!::
|
|
uuidd:!::
|
|
tcpdump:!::
|
|
_ssh:!::
|
|
landscape:!::
|
|
fwupd-refresh:!::
|
|
admin:!::
|
|
netdev:!::
|
|
lxd:!::
|
|
mysql:!::
|
|
ssl-cert:!::
|
|
postfix:!::taylor
|
|
postdrop:!::
|
|
unbound:!::
|
|
logs:!::jordan,taylor,cameron,peyton,kendall
|
|
lvm:!::jordan,casey
|
|
alex:!::
|
|
jordan:!::
|
|
taylor:!::
|
|
morgan:!::
|
|
casey:!::
|
|
blake:!::
|
|
cameron:!::
|
|
peyton:!::
|
|
kendall:!::
|
|
═╣ Can I read shadow plists? ............ No
|
|
═╣ Can I write shadow plists? ........... No
|
|
═╣ Can I read opasswd file? ............. ═╣ Can I write in network-scripts? ...... No
|
|
═╣ Can I read root folder? .............. total 40
|
|
drwx------ 6 root root 4096 Feb 2 08:13 .
|
|
drwxr-xr-x 19 root root 4096 Feb 1 14:23 ..
|
|
-rw------- 1 root root 20 Feb 2 08:07 .bash_history
|
|
-rw-r--r-- 1 root root 3106 Feb 1 14:47 .bashrc
|
|
drwx------ 2 root root 4096 Feb 1 14:30 .cache
|
|
-rw-r--r-- 1 root root 0 Feb 1 14:23 .cloud-locale-test.skip
|
|
drwx------ 3 root root 4096 Feb 2 08:13 .gnupg
|
|
-rw-r--r-- 1 root root 161 Jul 9 2019 .profile
|
|
drwx------ 2 root root 4096 Feb 1 14:23 .ssh
|
|
-rw-r--r-- 1 root root 185 Feb 2 07:29 .wget-hsts
|
|
drwx------ 3 root root 4096 Feb 1 14:23 snap
|
|
|
|
╔══════════╣ Searching root files in home dirs (limit 30)
|
|
/home/
|
|
/root/
|
|
/root/.bashrc
|
|
/root/.gnupg
|
|
/root/.gnupg/S.gpg-agent.extra
|
|
/root/.gnupg/S.gpg-agent.browser
|
|
/root/.gnupg/trustdb.gpg
|
|
/root/.gnupg/private-keys-v1.d
|
|
/root/.gnupg/S.gpg-agent.ssh
|
|
/root/.gnupg/pubring.kbx
|
|
/root/.gnupg/S.gpg-agent
|
|
/root/.cache
|
|
/root/.cache/motd.legal-displayed
|
|
/root/.profile
|
|
/root/.cloud-locale-test.skip
|
|
/root/.bash_history
|
|
/root/.wget-hsts
|
|
/root/.ssh
|
|
/root/.ssh/authorized_keys
|
|
/root/snap
|
|
/root/snap/lxd
|
|
/root/snap/lxd/current
|
|
/root/snap/lxd/24322
|
|
/root/snap/lxd/common
|
|
/root/snap/lxd/common/config
|
|
/root/snap/lxd/common/config/config.yml
|
|
/var/www
|
|
/var/www/html
|
|
/var/www/html/index.php
|
|
|
|
|
|
|
|
╔═════════════════════════╗
|
|
════════════════════════════╣ Other Interesting Files ╠════════════════════════════
|
|
╚═════════════════════════╝
|
|
╔══════════╣ .sh files in path
|
|
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#script-binaries-in-path
|
|
/usr/bin/rescan-scsi-bus.sh
|
|
/usr/bin/gettext.sh
|
|
|
|
╔══════════╣ Executable files potentially added by user (limit 70)
|
|
2024-02-02+07:59:29.7086415650 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/run/.containerenv
|
|
2024-02-02+07:59:29.7086415650 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/hosts
|
|
2024-02-02+07:59:29.7086415650 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/diff/run/.containerenv
|
|
2024-02-02+07:59:29.7086415650 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/diff/etc/hosts
|
|
2024-02-02+07:59:29.1370937790 /var/lib/cni/networks/podman/lock
|
|
2024-02-01+14:24:26.1928035550 /etc/cron.hourly/droplet-agent
|
|
2023-03-17+02:10:55.0168469260 /etc/grub.d/01_track_initrdless_boot_fallback
|
|
2023-03-17+02:09:58.2745601850 /etc/console-setup/cached_setup_terminal.sh
|
|
2023-03-17+02:09:58.2745601850 /etc/console-setup/cached_setup_font.sh
|
|
2023-03-17+02:09:58.2705600250 /etc/console-setup/cached_setup_keyboard.sh
|
|
|
|
╔══════════╣ Unexpected in /opt (usually empty)
|
|
total 12
|
|
drwxr-xr-x 3 root root 4096 Feb 1 14:47 .
|
|
drwxr-xr-x 19 root root 4096 Feb 1 14:23 ..
|
|
drwxr-xr-x 4 root root 4096 Feb 1 14:24 digitalocean
|
|
|
|
╔══════════╣ Unexpected in root
|
|
|
|
╔══════════╣ Modified interesting files in the last 5mins (limit 100)
|
|
/var/log/journal/f02cd6b7880255a87f31b27865bba99d/system.journal
|
|
/var/log/auth.log
|
|
/var/log/wtmp
|
|
/var/log/lastlog
|
|
/var/log/syslog
|
|
/var/log/nginx/access.log
|
|
/var/log/mail.log
|
|
/var/log/kern.log
|
|
/var/snap/lxd/common/lxc/local.conf
|
|
/var/snap/lxd/common/lxd/logs/lxd.log
|
|
/var/snap/lxd/common/lxd/server.key
|
|
/var/snap/lxd/common/lxd/cache/instance_types.yaml
|
|
/var/snap/lxd/common/lxd/server.crt
|
|
/var/snap/lxd/common/lxd/database/global/open-2
|
|
/var/snap/lxd/common/lxd/database/global/0000000000000001-0000000000000001
|
|
/var/snap/lxd/common/lxd/database/global/open-1
|
|
/var/snap/lxd/common/lxd/database/global/metadata1
|
|
/var/snap/lxd/common/lxd/database/global/open-3
|
|
/var/snap/lxd/common/lxd/database/local.db
|
|
/var/snap/lxd/common/state
|
|
/var/snap/lxd/common/lxd.pid
|
|
/var/snap/lxd/common/ns/shmounts
|
|
/var/snap/lxd/common/lxcfs.pid
|
|
/etc/nginx/sites-available/.default.swp
|
|
/root/.gnupg/trustdb.gpg
|
|
/root/.gnupg/pubring.kbx
|
|
/root/snap/lxd/common/config/config.yml
|
|
|
|
|
|
╔══════════╣ Files inside /root (limit 20)
|
|
total 40
|
|
drwx------ 6 root root 4096 Feb 2 08:13 .
|
|
drwxr-xr-x 19 root root 4096 Feb 1 14:23 ..
|
|
-rw------- 1 root root 20 Feb 2 08:07 .bash_history
|
|
-rw-r--r-- 1 root root 3106 Feb 1 14:47 .bashrc
|
|
drwx------ 2 root root 4096 Feb 1 14:30 .cache
|
|
-rw-r--r-- 1 root root 0 Feb 1 14:23 .cloud-locale-test.skip
|
|
drwx------ 3 root root 4096 Feb 2 08:13 .gnupg
|
|
-rw-r--r-- 1 root root 161 Jul 9 2019 .profile
|
|
drwx------ 2 root root 4096 Feb 1 14:23 .ssh
|
|
-rw-r--r-- 1 root root 185 Feb 2 07:29 .wget-hsts
|
|
drwx------ 3 root root 4096 Feb 1 14:23 snap
|
|
|
|
╔══════════╣ Files inside others home (limit 20)
|
|
/home/peyton/.bashrc
|
|
/home/peyton/.profile
|
|
/home/peyton/.cloud-locale-test.skip
|
|
/home/peyton/.ssh/id_rsa.pub
|
|
/home/peyton/.ssh/id_rsa
|
|
/home/peyton/.bash_logout
|
|
/home/morgan/.bashrc
|
|
/home/morgan/.profile
|
|
/home/morgan/.cloud-locale-test.skip
|
|
/home/morgan/.ssh/id_rsa.pub
|
|
/home/morgan/.ssh/id_rsa
|
|
/home/morgan/.bash_logout
|
|
/home/blake/.bashrc
|
|
/home/blake/.profile
|
|
/home/blake/.cloud-locale-test.skip
|
|
/home/blake/.ssh/id_rsa.pub
|
|
/home/blake/.ssh/id_rsa
|
|
/home/blake/.bash_logout
|
|
/home/drew/.bashrc
|
|
/home/drew/.profile
|
|
|
|
╔══════════╣ Searching installed mail applications
|
|
postfix
|
|
postfix-add-filter
|
|
postfix-add-policy
|
|
postfix-collate
|
|
sendmail
|
|
|
|
╔══════════╣ Mails (limit 50)
|
|
489 12 -rw------- 1 root mail 11425 Feb 2 06:25 /var/mail/root
|
|
489 12 -rw------- 1 root mail 11425 Feb 2 06:25 /var/spool/mail/root
|
|
|
|
╔══════════╣ Backup files (limited 100)
|
|
-rwxr-xr-x 1 root root 2196 May 25 2022 /usr/libexec/dpkg/dpkg-db-backup
|
|
-rw-r--r-- 1 root root 44008 Sep 19 2022 /usr/lib/x86_64-linux-gnu/open-vm-tools/plugins/vmsvc/libvmbackup.so
|
|
-rw-r--r-- 1 root root 39456 Jan 17 20:13 /usr/lib/mysql/plugin/component_mysqlbackup.so
|
|
-rw-r--r-- 1 root root 147 Dec 5 2021 /usr/lib/systemd/system/dpkg-db-backup.service
|
|
-rw-r--r-- 1 root root 138 Dec 5 2021 /usr/lib/systemd/system/dpkg-db-backup.timer
|
|
-rw-r--r-- 1 root root 1423 Mar 17 2023 /usr/lib/python3/dist-packages/sos/report/plugins/__pycache__/ovirt_engine_backup.cpython-310.pyc
|
|
-rw-r--r-- 1 root root 1802 Aug 15 2022 /usr/lib/python3/dist-packages/sos/report/plugins/ovirt_engine_backup.py
|
|
-rw-r--r-- 1 root root 4531 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest.py.bak
|
|
-rw-r--r-- 1 root root 5391 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/action_d/test_badips.py.bak
|
|
-rwxr-xr-x 1 root root 1086 Oct 31 2021 /usr/src/linux-headers-5.15.0-67/tools/testing/selftests/net/tcp_fastopen_backup_key.sh
|
|
-rwxr-xr-x 1 root root 226 Feb 17 2020 /usr/share/byobu/desktop/byobu.desktop.old
|
|
-rw-r--r-- 1 root root 7867 Jul 16 1996 /usr/share/doc/telnet/README.old.gz
|
|
-rw-r--r-- 1 root root 416107 Dec 21 2020 /usr/share/doc/manpages/Changes.old.gz
|
|
-rw-r--r-- 1 root root 11849 Feb 1 14:38 /usr/share/info/dir.old
|
|
-rw-r--r-- 1 root root 869 Dec 30 2021 /usr/share/aide/config/aide/aide.conf.d/31_aide_borgbackup
|
|
-rw-r--r-- 1 root root 2747 Feb 16 2022 /usr/share/man/man8/vgcfgbackup.8.gz
|
|
-rw-r--r-- 1 root root 7251 Jan 12 2023 /usr/share/nmap/scripts/http-config-backup.nse
|
|
-rw-r--r-- 1 root root 5484 Jan 12 2023 /usr/share/nmap/scripts/http-backup-finder.nse
|
|
-rw-r--r-- 1 root root 869 Dec 30 2021 /var/lib/ucf/cache/:etc:aide:aide.conf.d:31_aide_borgbackup
|
|
-rw-r--r-- 1 root root 61 Mar 17 2023 /var/lib/systemd/deb-systemd-helper-enabled/dpkg-db-backup.timer.dsh-also
|
|
-rw-r--r-- 1 root root 0 Mar 17 2023 /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/dpkg-db-backup.timer
|
|
-rw-r--r-- 1 root root 4096 Feb 2 08:14 /sys/devices/virtual/net/veth7496452b/brport/backup_port
|
|
-rw-r--r-- 1 root root 869 Dec 30 2021 /etc/aide/aide.conf.d/31_aide_borgbackup
|
|
|
|
╔══════════╣ Searching tables inside readable .db/.sql/.sqlite files (limit 100)
|
|
Found /etc/aliases.db: Berkeley DB (Hash, version 9, native byte-order)
|
|
Found /var/lib/PackageKit/transactions.db: SQLite 3.x database, last written using SQLite version 3037002, file counter 5, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 5
|
|
Found /var/lib/command-not-found/commands.db: SQLite 3.x database, last written using SQLite version 3037002, file counter 5, database pages 868, cookie 0x4, schema 4, UTF-8, version-valid-for 5
|
|
Found /var/lib/containers/storage/libpod/bolt_state.db: data
|
|
Found /var/lib/postfix/smtp_scache.db: Berkeley DB (Btree, version 9, native byte-order)
|
|
|
|
-> Extracting tables from /var/lib/PackageKit/transactions.db (limit 20)
|
|
-> Extracting tables from /var/lib/command-not-found/commands.db (limit 20)
|
|
|
|
╔══════════╣ Web files?(output limit)
|
|
/var/www/:
|
|
total 12K
|
|
drwxr-xr-x 3 root root 4.0K Feb 1 14:36 .
|
|
drwxr-xr-x 14 root root 4.0K Feb 1 14:36 ..
|
|
drwxr-xr-x 2 root root 4.0K Feb 1 14:47 html
|
|
|
|
/var/www/html:
|
|
total 12K
|
|
drwxr-xr-x 2 root root 4.0K Feb 1 14:47 .
|
|
drwxr-xr-x 3 root root 4.0K Feb 1 14:36 ..
|
|
|
|
╔══════════╣ All relevant hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)
|
|
-rw-r--r-- 1 peyton peyton 0 Feb 1 14:23 /home/peyton/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 peyton peyton 220 Jan 6 2022 /home/peyton/.bash_logout
|
|
-rw-r--r-- 1 morgan morgan 0 Feb 1 14:23 /home/morgan/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 morgan morgan 220 Jan 6 2022 /home/morgan/.bash_logout
|
|
-rw-r--r-- 1 blake blake 0 Feb 1 14:23 /home/blake/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 blake blake 220 Jan 6 2022 /home/blake/.bash_logout
|
|
-rw-r--r-- 1 drew drew 0 Feb 1 14:23 /home/drew/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 drew drew 220 Jan 6 2022 /home/drew/.bash_logout
|
|
-rw-r--r-- 1 casey casey 0 Feb 1 14:23 /home/casey/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 casey casey 220 Jan 6 2022 /home/casey/.bash_logout
|
|
-rw-r--r-- 1 jordan jordan 0 Feb 1 14:23 /home/jordan/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 jordan jordan 220 Jan 6 2022 /home/jordan/.bash_logout
|
|
-rw-r--r-- 1 alex alex 0 Feb 1 14:23 /home/alex/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 alex alex 220 Jan 6 2022 /home/alex/.bash_logout
|
|
-rw-r--r-- 1 kendall kendall 0 Feb 1 14:23 /home/kendall/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 kendall kendall 220 Jan 6 2022 /home/kendall/.bash_logout
|
|
-rw-r--r-- 1 cameron cameron 0 Feb 1 14:23 /home/cameron/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 cameron cameron 220 Jan 6 2022 /home/cameron/.bash_logout
|
|
-rw-r--r-- 1 taylor taylor 0 Feb 1 14:23 /home/taylor/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 taylor taylor 220 Jan 6 2022 /home/taylor/.bash_logout
|
|
-rw-r--r-- 1 root root 179 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess
|
|
-rw-r--r-- 1 root root 14 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/noentry/.htaccess
|
|
-rw-r--r-- 1 root root 231 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess
|
|
-rw-r--r-- 1 root root 136 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess
|
|
-rw-r--r-- 1 root root 129 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htaccess
|
|
-rw-r--r-- 1 root root 195 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htaccess
|
|
-rw-r--r-- 1 root root 159 Nov 23 2020 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htaccess
|
|
-rw------- 1 daemon daemon 6 Feb 1 14:47 /var/spool/cron/atjobs/.SEQ
|
|
-rw-r--r-- 1 landscape landscape 0 Mar 17 2023 /var/lib/landscape/.cleanup.user
|
|
-rw------- 1 root root 0 Dec 9 2020 /var/lib/containers/storage/overlay/e7ab906bfb619eccc81cceecd835d918bc921df078726f74ab68d92e54a3b185/diff/etc/.pwd.lock
|
|
-rw-r--r-- 1 root root 6961 Dec 11 2020 /var/lib/containers/storage/overlay/0adf123149ba4b47e640de18ebf729fda2607712240eb53dfb39d8d057d4ce38/diff/usr/local/lib/php/.filemap
|
|
-rw-r--r-- 1 root root 0 Dec 11 2020 /var/lib/containers/storage/overlay/0adf123149ba4b47e640de18ebf729fda2607712240eb53dfb39d8d057d4ce38/diff/usr/local/lib/php/.lock
|
|
-rw-r--r-- 1 root root 6961 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/local/lib/php/.filemap
|
|
-rw-r--r-- 1 root root 0 Dec 11 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/usr/local/lib/php/.lock
|
|
-rw------- 1 root root 0 Dec 9 2020 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/.pwd.lock
|
|
-rw-r--r-- 1 root root 220 Apr 18 2019 /var/lib/containers/storage/overlay/6ae9c44b96e50fffc43a71d0dfed62163eaa5e7b41b1cfb55d2704d562a2ec45/merged/etc/skel/.bash_logout
|
|
-rw------- 1 root root 0 Dec 9 2020 /var/lib/containers/storage/overlay/98074541ea3b10ad46266d8675687b485fc4ad15e7ed53414b295568892fee8e/diff/etc/.pwd.lock
|
|
-rw------- 1 root root 0 Dec 9 2020 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/.pwd.lock
|
|
-rw-r--r-- 1 root root 220 Apr 18 2019 /var/lib/containers/storage/overlay/87c8a1d8f54f3aa4e05569e8919397b65056aa71cdf48b7f061432c98475eee9/diff/etc/skel/.bash_logout
|
|
-rw-r--r-- 1 root root 1913 Mar 17 2023 /var/cache/apparmor/e10c1cf9.0/.features
|
|
-rw-r--r-- 1 root root 1976 Feb 1 14:22 /var/cache/apparmor/c47eabf7.0/.features
|
|
-rw------- 1 root root 0 Mar 17 2023 /etc/.pwd.lock
|
|
-rw-r--r-- 1 root root 0 Feb 1 14:23 /etc/skel/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 root root 220 Jan 6 2022 /etc/skel/.bash_logout
|
|
-rw-r--r-- 1 root root 0 Feb 1 14:23 /root/.cloud-locale-test.skip
|
|
-rw-r--r-- 1 root root 185 Feb 2 07:29 /root/.wget-hsts
|
|
-rw------- 1 root root 0 Nov 23 04:34 /snap/core20/2105/etc/.pwd.lock
|
|
-rw-r--r-- 1 root root 220 Feb 25 2020 /snap/core20/2105/etc/skel/.bash_logout
|
|
-rw------- 1 root root 0 Feb 7 2023 /snap/core20/1828/etc/.pwd.lock
|
|
-rw-r--r-- 1 root root 220 Feb 25 2020 /snap/core20/1828/etc/skel/.bash_logout
|
|
-rw------- 1 root root 0 Feb 2 07:59 /run/snapd/lock/.lock
|
|
|
|
╔══════════╣ Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)
|
|
-rw-r--r-- 1 root root 0 Feb 2 00:00 /var/backups/dpkg.arch.0
|
|
-rw-r--r-- 1 root root 61440 Feb 2 00:00 /var/backups/alternatives.tar.0
|
|
|
|
╔══════════╣ Searching passwords in history files
|
|
/root/.bash_history:passwd root
|
|
|
|
╔══════════╣ Searching *password* or *credential* files in home (limit 70)
|
|
/etc/pam.d/common-password
|
|
/etc/ssl/private/ssl-cert-snakeoil.key
|
|
/etc/unbound/unbound_control.key
|
|
/etc/unbound/unbound_server.key
|
|
/usr/bin/systemd-ask-password
|
|
/usr/bin/systemd-tty-ask-password-agent
|
|
/usr/lib/git-core/git-credential
|
|
/usr/lib/git-core/git-credential-cache
|
|
/usr/lib/git-core/git-credential-cache--daemon
|
|
/usr/lib/git-core/git-credential-store
|
|
#)There are more creds/passwds files in the previous parent folder
|
|
|
|
/usr/lib/grub/i386-pc/password.mod
|
|
/usr/lib/grub/i386-pc/password_pbkdf2.mod
|
|
/usr/lib/grub/x86_64-efi/legacy_password_test.mod
|
|
/usr/lib/grub/x86_64-efi/password.mod
|
|
/usr/lib/grub/x86_64-efi/password_pbkdf2.mod
|
|
/usr/lib/mysql/plugin/component_validate_password.so
|
|
/usr/lib/mysql/plugin/validate_password.so
|
|
/usr/lib/python3/dist-packages/keyring/__pycache__/credentials.cpython-310.pyc
|
|
/usr/lib/python3/dist-packages/keyring/credentials.py
|
|
/usr/lib/python3/dist-packages/launchpadlib/__pycache__/credentials.cpython-310.pyc
|
|
/usr/lib/python3/dist-packages/launchpadlib/credentials.py
|
|
/usr/lib/python3/dist-packages/launchpadlib/tests/__pycache__/test_credential_store.cpython-310.pyc
|
|
/usr/lib/python3/dist-packages/launchpadlib/tests/test_credential_store.py
|
|
/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/__pycache__/client_credentials.cpython-310.pyc
|
|
/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/__pycache__/resource_owner_password_credentials.cpython-310.pyc
|
|
/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py
|
|
/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py
|
|
/usr/lib/python3/dist-packages/twisted/cred/__pycache__/credentials.cpython-310.pyc
|
|
/usr/lib/python3/dist-packages/twisted/cred/credentials.py
|
|
|
|
╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs
|
|
|
|
╔══════════╣ Searching passwords inside logs (limit 70)
|
|
Feb 1 14:50:50 ls-2024-9 kernel: [ 4.206620] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
|
|
Feb 1 14:50:50 ls-2024-9 systemd[1]: Condition check resulted in Forward Password Requests to Plymouth Directory Watch being skipped.
|
|
Feb 1 14:50:50 ls-2024-9 systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
|
|
Feb 2 07:59:14 ls-2024-9 kernel: [ 4.504123] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
|
|
Feb 2 07:59:14 ls-2024-9 systemd[1]: Condition check resulted in Forward Password Requests to Plymouth Directory Watch being skipped.
|
|
Feb 2 07:59:14 ls-2024-9 systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
|
|
Feb 2 08:01:16 ls-2024-9 sshd[1660]: Accepted password for root from 31.220.83.175 port 52432 ssh2
|
|
Feb 2 08:06:03 ls-2024-9 sshd[1693]: Accepted password for root from 31.220.83.175 port 48220 ssh2
|
|
Feb 2 08:07:39 ls-2024-9 passwd[1704]: pam_unix(passwd:chauthtok): password changed for root
|
|
Feb 2 08:07:50 ls-2024-9 sshd[1705]: Accepted password for root from 31.220.83.175 port 59290 ssh2
|
|
Feb 2 08:13:08 ls-2024-9 sshd[2137]: Accepted password for root from 31.220.83.175 port 49316 ssh2
|
|
[ 4.206620] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
|
|
[ 4.504123] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
|
|
|
|
|
|
|
|
╔════════════════╗
|
|
════════════════════════════════╣ API Keys Regex ╠════════════════════════════════
|
|
╚════════════════╝
|
|
Regexes to search for API keys aren't activated, use param '-r'
|
|
|
|
|