aboutsummaryrefslogtreecommitdiff
path: root/hackervshacker/linlog
diff options
context:
space:
mode:
Diffstat (limited to 'hackervshacker/linlog')
-rw-r--r--hackervshacker/linlog1178
1 files changed, 1178 insertions, 0 deletions
diff --git a/hackervshacker/linlog b/hackervshacker/linlog
new file mode 100644
index 0000000..23f8444
--- /dev/null
+++ b/hackervshacker/linlog
@@ -0,0 +1,1178 @@
+
+
+ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+ ▄▄▄▄▄▄▄             ▄▄▄▄▄▄▄▄
+ ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄
+ ▄▄▄▄     ▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄
+ ▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄       ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+ ▄▄▄▄▄▄▄▄▄▄▄          ▄▄▄▄▄▄               ▄▄▄▄▄▄ ▄
+ ▄▄▄▄▄▄              ▄▄▄▄▄▄▄▄                 ▄▄▄▄ 
+ ▄▄                  ▄▄▄ ▄▄▄▄▄                  ▄▄▄
+ ▄▄                ▄▄▄▄▄▄▄▄▄▄▄▄                  ▄▄
+ ▄            ▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄
+ ▄      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄                                ▄▄▄▄
+ ▄▄▄▄▄  ▄▄▄▄▄                       ▄▄▄▄▄▄     ▄▄▄▄
+ ▄▄▄▄   ▄▄▄▄▄                       ▄▄▄▄▄      ▄ ▄▄
+ ▄▄▄▄▄  ▄▄▄▄▄        ▄▄▄▄▄▄▄        ▄▄▄▄▄     ▄▄▄▄▄
+ ▄▄▄▄▄▄  ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄   ▄▄▄▄▄ 
+  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄        ▄          ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 
+ ▄▄▄▄▄▄▄▄▄▄▄▄▄                       ▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+ ▄▄▄▄▄▄▄▄▄▄▄                         ▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+ ▀▀▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▀▀▀▀▀▀
+ ▀▀▀▄▄▄▄▄      ▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▀▀
+ ▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀
+
+ /---------------------------------------------------------------------------------\
+ | Do you like PEASS? |
+ |---------------------------------------------------------------------------------|
+ | Get the latest version : https://github.com/sponsors/carlospolop |
+ | Follow on Twitter : @carlospolopm |
+ | Respect on HTB : SirBroccoli  |
+ |---------------------------------------------------------------------------------|
+ | Thank you!  |
+ \---------------------------------------------------------------------------------/
+ linpeas-ng by carlospolop
+
+ADVISORY: This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission.
+
+Linux Privesc Checklist: https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist
+ LEGEND:
+ RED/YELLOW: 95% a PE vector
+ RED: You should take a look to it
+ LightCyan: Users with console
+ Blue: Users without console & mounted devs
+ Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs)
+ LightMagenta: Your username
+
+ Starting linpeas. Caching Writable Folders...
+
+ ╔═══════════════════╗
+═══════════════════════════════╣ Basic information ╠═══════════════════════════════
+ ╚═══════════════════╝
+OS: Linux version 5.4.0-109-generic (buildd@ubuntu) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #123-Ubuntu SMP Fri Apr 8 09:10:54 UTC 2022
+User & Groups: uid=33(www-data) gid=33(www-data) groups=33(www-data)
+Hostname: b2r
+Writable folder: /dev/shm
+[+] /usr/bin/ping is available for network discovery (linpeas can discover hosts, learn more with -h)
+[+] /usr/bin/bash is available for network discovery & port scanning (linpeas can discover hosts and scan ports, learn more with -h)
+[+] /usr/bin/nc is available for network discovery & port scanning (linpeas can discover hosts and scan ports, learn more with -h)
+
+
+
+Caching directories DONE
+
+ ╔════════════════════╗
+══════════════════════════════╣ System Information ╠══════════════════════════════
+ ╚════════════════════╝
+╔══════════╣ Operative system
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#kernel-exploits
+Linux version 5.4.0-109-generic (buildd@ubuntu) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #123-Ubuntu SMP Fri Apr 8 09:10:54 UTC 2022
+Distributor ID: Ubuntu
+Description: Ubuntu 20.04.4 LTS
+Release: 20.04
+Codename: focal
+
+╔══════════╣ Sudo version
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-version
+Sudo version 1.8.31
+
+╔══════════╣ CVEs Check
+Vulnerable to CVE-2021-3560
+
+
+
+╔══════════╣ PATH
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-path-abuses
+/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+New path exported: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+
+╔══════════╣ Date & uptime
+Sat Aug 20 15:33:46 UTC 2022
+ 15:33:46 up 21 min, 0 users, load average: 0.40, 0.29, 0.73
+
+╔══════════╣ Any sd*/disk* disk in /dev? (limit 20)
+disk
+
+╔══════════╣ Unmounted file-system?
+╚ Check if you can mount umounted devices
+/dev/disk/by-id/dm-uuid-LVM-S0EQ4vI8gcwzDW214vbvDa0pSxD7eam0nrvgq4EdGPK983HC0NE8QF2Beac29VUP / ext4 defaults 0 1
+/dev/disk/by-uuid/befd1c80-fe6b-4b86-b4ca-2f372c253599 /boot ext4 defaults 0 1
+
+╔══════════╣ Environment
+╚ Any private information inside environment variables?
+HISTFILESIZE=0
+OLDPWD=/
+APACHE_RUN_DIR=/var/run/apache2
+APACHE_PID_FILE=/var/run/apache2/apache2.pid
+JOURNAL_STREAM=9:22753
+TERM=xterm
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+INVOCATION_ID=b362df8aacaa413a9837f4b1748c8dd8
+APACHE_LOCK_DIR=/var/lock/apache2
+LANG=C
+HISTSIZE=0
+APACHE_RUN_USER=www-data
+APACHE_RUN_GROUP=www-data
+APACHE_LOG_DIR=/var/log/apache2
+PWD=/dev/shm
+HISTFILE=/dev/null
+
+╔══════════╣ Searching Signature verification failed in dmesg
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#dmesg-signature-verification-failed
+dmesg Not Found
+
+╔══════════╣ Executing Linux Exploit Suggester
+╚ https://github.com/mzet-/linux-exploit-suggester
+[+] [CVE-2021-4034] PwnKit
+
+ Details: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+ Exposure: probable
+ Tags: [ ubuntu=10|11|12|13|14|15|16|17|18|19|20|21 ],debian=7|8|9|10|11,fedora,manjaro
+ Download URL: https://codeload.github.com/berdav/CVE-2021-4034/zip/main
+
+[+] [CVE-2021-3156] sudo Baron Samedit
+
+ Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
+ Exposure: probable
+ Tags: mint=19,[ ubuntu=18|20 ], debian=10
+ Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main
+
+[+] [CVE-2021-3156] sudo Baron Samedit 2
+
+ Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
+ Exposure: probable
+ Tags: centos=6|7|8,[ ubuntu=14|16|17|18|19|20 ], debian=9|10
+ Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main
+
+[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
+
+ Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
+ Exposure: probable
+ Tags: [ ubuntu=20.04 ]{kernel:5.8.0-*}
+ Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
+ ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
+ Comments: ip_tables kernel module must be loaded
+
+[+] [CVE-2017-5618] setuid screen v4.5.0 LPE
+
+ Details: https://seclists.org/oss-sec/2017/q1/184
+ Exposure: less probable
+ Download URL: https://www.exploit-db.com/download/https://www.exploit-db.com/exploits/41154
+
+
+╔══════════╣ Executing Linux Exploit Suggester 2
+╚ https://github.com/jondonas/linux-exploit-suggester-2
+
+╔══════════╣ Protections
+═╣ AppArmor enabled? .............. You do not have enough privilege to read the profile set.
+apparmor module is loaded.
+═╣ grsecurity present? ............ grsecurity Not Found
+═╣ PaX bins present? .............. PaX Not Found
+═╣ Execshield enabled? ............ Execshield Not Found
+═╣ SELinux enabled? ............... sestatus Not Found
+═╣ Seccomp enabled? ............... disabled
+═╣ AppArmor profile? .............. unconfined
+═╣ User namespace? ................ enabled
+═╣ Cgroup2 enabled? ............... enabled
+═╣ Is ASLR enabled? ............... Yes
+═╣ Printer? ....................... No
+═╣ Is this a virtual machine? ..... Yes (xen)
+
+ ╔═══════════╗
+═══════════════════════════════════╣ Container ╠═══════════════════════════════════
+ ╚═══════════╝
+╔══════════╣ Container related tools present
+/snap/bin/lxc
+╔══════════╣ Am I Containered?
+╔══════════╣ Container details
+═╣ Is this a container? ........... No
+═╣ Any running containers? ........ No
+
+
+ ╔═══════╗
+═════════════════════════════════════╣ Cloud ╠═════════════════════════════════════
+ ╚═══════╝
+═╣ Google Cloud Platform? ............... No
+═╣ AWS ECS? ............................. No
+═╣ AWS EC2? ............................. Yes
+═╣ AWS Lambda? .......................... No
+
+╔══════════╣ AWS EC2 Enumeration
+ami-id: ami-08e1d45cf9c4f052a
+instance-action: none
+instance-id: i-0afcd77fb3fc17f27
+instance-life-cycle: on-demand
+instance-type: t2.nano
+region: eu-west-1
+
+══╣ Account Info
+{
+ "Code" : "Success",
+ "LastUpdated" : "2022-08-20T15:11:30Z",
+ "AccountId" : "739930428441"
+}
+
+══╣ Network Info
+Mac: 02:d4:b2:e9:e2:e1/
+Owner ID: 739930428441
+Public Hostname:
+Security Groups: AllowEverything
+Private IPv4s:
+
+Subnet IPv4: 10.10.0.0/16
+PrivateIPv6s:
+
+Subnet IPv6:
+Public IPv4s:
+
+
+
+══╣ IAM Role
+
+
+══╣ User Data
+
+
+ ╔════════════════════════════════════════════════╗
+════════════════╣ Processes, Crons, Timers, Services and Sockets ╠════════════════
+ ╚════════════════════════════════════════════════╝
+╔══════════╣ Cleaned processes
+╚ Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes
+root 1 2.1 2.1 167372 10204 ? Ss 15:12 0:27 /sbin/init maybe-ubiquity
+root 343 0.3 1.9 35048 9232 ? S<s 15:13 0:04 /lib/systemd/systemd-journald
+root 376 0.7 1.1 22180 5680 ? Ss 15:13 0:09 /lib/systemd/systemd-udevd
+root 489 0.0 3.7 280196 17996 ? SLsl 15:13 0:00 /sbin/multipathd -d -s
+systemd+ 524 0.1 1.0 90188 5284 ? Ssl 15:13 0:01 /lib/systemd/systemd-timesyncd
+ └─(Caps) 0x0000000002000000=cap_sys_time
+systemd+ 578 0.0 1.4 26572 6892 ? Ss 15:14 0:00 /lib/systemd/systemd-networkd
+ └─(Caps) 0x0000000000003c00=cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw
+systemd+ 581 0.1 2.2 23860 10852 ? Ss 15:14 0:01 /lib/systemd/systemd-resolved
+root 601 0.0 1.7 239276 8252 ? Ssl 15:14 0:00 /usr/lib/accountsservice/accounts-daemon
+root 602 0.0 2.5 1158884 12256 ? Ssl 15:14 0:00 /usr/bin/amazon-ssm-agent
+root 737 0.1 3.5 1244272 17208 ? Sl 15:15 0:02 _ /usr/bin/ssm-agent-worker
+root 608 0.0 0.5 6812 2856 ? Ss 15:14 0:00 /usr/sbin/cron -f
+message+ 613 0.0 0.8 7576 4276 ? Ss 15:14 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
+ └─(Caps) 0x0000000020000000=cap_audit_write
+root 627 0.2 2.9 29656 14224 ? Ss 15:14 0:02 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
+root 629 0.0 1.6 236416 7812 ? Ssl 15:14 0:00 /usr/lib/policykit-1/polkitd --no-debug
+syslog 634 0.0 0.8 224344 4224 ? Ssl 15:14 0:00 /usr/sbin/rsyslogd -n -iNONE
+root 636 0.6 5.2 742072 25448 ? Ssl 15:14 0:07 /usr/lib/snapd/snapd
+root 640 0.1 1.0 16540 5012 ? Ss 15:14 0:01 /lib/systemd/systemd-logind
+root 642 0.1 2.4 394660 11804 ? Ssl 15:14 0:01 /usr/lib/udisks2/udisksd
+daemon[0m 645 0.0 0.4 3792 2200 ? Ss 15:14 0:00 /usr/sbin/atd -f
+root 689 0.0 0.4 5600 2020 ttyS0 Ss+ 15:14 0:00 /sbin/agetty -o -p -- u --keep-baud 115200,38400,9600 ttyS0 vt220
+root 695 0.0 0.3 5828 1908 tty1 Ss+ 15:14 0:00 /sbin/agetty -o -p -- u --noclear tty1 linux
+root 709 0.0 2.0 314452 9684 ? Ssl 15:14 0:00 /usr/sbin/ModemManager
+root 785 0.2 3.3 107904 16088 ? Ssl 15:15 0:02 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
+root 796 0.0 2.1 193436 10216 ? Ss 15:15 0:00 /usr/sbin/apache2 -k start
+www-data 818 0.0 1.4 193888 7028 ? S 15:15 0:00 _ /usr/sbin/apache2 -k start
+www-data 820 0.0 1.3 193880 6340 ? S 15:15 0:00 _ /usr/sbin/apache2 -k start
+www-data 850 0.0 1.4 193880 6924 ? S 15:15 0:00 _ /usr/sbin/apache2 -k start
+www-data 1398 0.0 1.3 193880 6416 ? S 15:25 0:00 _ /usr/sbin/apache2 -k start
+www-data 1443 0.0 1.3 193880 6416 ? S 15:26 0:00 _ /usr/sbin/apache2 -k start
+www-data 1444 0.0 1.4 193880 7020 ? S 15:26 0:00 _ /usr/sbin/apache2 -k start
+www-data 1446 0.0 1.3 193880 6476 ? S 15:27 0:00 _ /usr/sbin/apache2 -k start
+www-data 1447 0.0 1.4 193872 7132 ? S 15:27 0:00 _ /usr/sbin/apache2 -k start
+www-data 1449 0.0 1.3 193880 6416 ? S 15:27 0:00 _ /usr/sbin/apache2 -k start
+www-data 1487 0.0 1.4 193872 7128 ? S 15:27 0:00 _ /usr/sbin/apache2 -k start
+www-data 1633 0.0 1.0 58932 5120 ? Ss 15:30 0:00 php
+www-data 1634 0.0 0.1 2608 528 ? S 15:30 0:00 _ sh -c uname -a; w; id; /bin/sh -i
+www-data 1638 0.0 0.3 2608 1732 ? S 15:30 0:00 _ /bin/sh -i
+www-data 1803 0.1 0.5 3536 2564 ? S 15:33 0:00 _ /bin/sh ./linpeas.sh
+www-data 4708 0.0 0.2 3536 1016 ? S 15:33 0:00 | _ /bin/sh ./linpeas.sh
+www-data 4712 0.0 0.6 6036 2896 ? R 15:33 0:00 | | _ ps fauxwww
+www-data 4711 0.0 0.2 3536 1016 ? S 15:33 0:00 | _ /bin/sh ./linpeas.sh
+www-data 1804 0.0 0.1 2516 560 ? S 15:33 0:00 _ tee linlog
+
+╔══════════╣ Binary processes permissions (non 'root root' and not belonging to current user)
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes
+
+╔══════════╣ Files opened by processes belonging to other users
+╚ This is usually empty because of the lack of privileges to read other user processes information
+COMMAND PID TID TASKCMD USER FD TYPE DEVICE SIZE/OFF NODE NAME
+
+╔══════════╣ Processes with credentials in memory (root req)
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#credentials-from-process-memory
+gdm-password Not Found
+gnome-keyring-daemon Not Found
+lightdm Not Found
+vsftpd Not Found
+apache2 process found (dump creds from memory as root)
+sshd: process found (dump creds from memory as root)
+
+╔══════════╣ Cron jobs
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#scheduled-cron-jobs
+/usr/bin/crontab
+incrontab Not Found
+-rw-r--r-- 1 root root    1042 Feb 13  2020 /etc/crontab
+
+/etc/cron.d:
+total 28
+drwxr-xr-x   2 root root 4096 May  5 04:38 .
+drwxr-xr-x 102 root root 4096 May  5 04:55 ..
+-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder
+-rw-r--r--   1 root root  201 Feb 14  2020 e2scrub_all
+-rw-r--r--   1 root root  814 May  5 04:38 persistence
+-rw-r--r--   1 root root  712 Mar 27  2020 php
+-rw-r--r--   1 root root  191 Feb 23 08:54 popularity-contest
+
+/etc/cron.daily:
+total 52
+drwxr-xr-x   2 root root 4096 May  5 04:38 .
+drwxr-xr-x 102 root root 4096 May  5 04:55 ..
+-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder
+-rwxr-xr-x   1 root root  539 Sep 30  2020 apache2
+-rwxr-xr-x   1 root root  376 Dec  4  2019 apport
+-rwxr-xr-x   1 root root 1478 Apr  9  2020 apt-compat
+-rwxr-xr-x   1 root root  355 Dec 29  2017 bsdmainutils
+-rwxr-xr-x   1 root root 1187 Sep  5  2019 dpkg
+-rwxr-xr-x   1 root root  377 Jan 21  2019 logrotate
+-rwxr-xr-x   1 root root 1123 Feb 25  2020 man-db
+-rwxr-xr-x   1 root root 4574 Jul 18  2019 popularity-contest
+-rwxr-xr-x   1 root root  214 May 14  2021 update-notifier-common
+
+/etc/cron.hourly:
+total 12
+drwxr-xr-x   2 root root 4096 Feb 23 08:51 .
+drwxr-xr-x 102 root root 4096 May  5 04:55 ..
+-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder
+
+/etc/cron.monthly:
+total 12
+drwxr-xr-x   2 root root 4096 Feb 23 08:51 .
+drwxr-xr-x 102 root root 4096 May  5 04:55 ..
+-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder
+
+/etc/cron.weekly:
+total 20
+drwxr-xr-x   2 root root 4096 Feb 23 08:55 .
+drwxr-xr-x 102 root root 4096 May  5 04:55 ..
+-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder
+-rwxr-xr-x   1 root root  813 Feb 25  2020 man-db
+-rwxr-xr-x   1 root root  403 Aug  5  2021 update-notifier-common
+
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+17 * * * * root cd / && run-parts --report /etc/cron.hourly
+25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
+47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
+52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
+
+╔══════════╣ Systemd PATH
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#systemd-path-relative-paths
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+
+╔══════════╣ Analyzing .service files
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#services
+/etc/systemd/system/multi-user.target.wants/atd.service is executing some relative path
+/etc/systemd/system/multi-user.target.wants/grub-common.service is executing some relative path
+/etc/systemd/system/sleep.target.wants/grub-common.service is executing some relative path
+You can't write on systemd PATH
+
+╔══════════╣ System timers
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers
+NEXT LEFT LAST PASSED UNIT ACTIVATES
+Sat 2022-08-20 15:39:00 UTC 5min left Sat 2022-08-20 15:14:39 UTC 19min ago phpsessionclean.timer phpsessionclean.service
+Sat 2022-08-20 16:02:54 UTC 29min left Thu 2022-05-05 03:46:11 UTC 3 months 16 days ago apt-daily-upgrade.timer apt-daily-upgrade.service
+Sat 2022-08-20 16:12:37 UTC 38min left n/a n/a ua-timer.timer ua-timer.service
+Sat 2022-08-20 19:16:45 UTC 3h 42min left Thu 2022-05-05 03:46:11 UTC 3 months 16 days ago motd-news.timer motd-news.service
+Sat 2022-08-20 21:38:49 UTC 6h left Thu 2022-05-05 03:46:11 UTC 3 months 16 days ago apt-daily.timer apt-daily.service
+Sun 2022-08-21 00:00:00 UTC 8h left Sat 2022-08-20 15:14:39 UTC 19min ago logrotate.timer logrotate.service
+Sun 2022-08-21 00:00:00 UTC 8h left Sat 2022-08-20 15:14:39 UTC 19min ago man-db.timer man-db.service
+Sun 2022-08-21 00:43:42 UTC 9h left Thu 2022-05-05 03:46:11 UTC 3 months 16 days ago fwupd-refresh.timer fwupd-refresh.service
+Sun 2022-08-21 03:10:33 UTC 11h left Sat 2022-08-20 15:14:39 UTC 19min ago e2scrub_all.timer e2scrub_all.service
+Sun 2022-08-21 15:27:53 UTC 23h left Sat 2022-08-20 15:27:53 UTC 6min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
+Mon 2022-08-22 00:00:00 UTC 1 day 8h left Sat 2022-08-20 15:14:39 UTC 19min ago fstrim.timer fstrim.service
+n/a n/a n/a n/a snapd.snap-repair.timer snapd.snap-repair.service
+n/a n/a n/a n/a ua-license-check.timer ua-license-check.service
+
+╔══════════╣ Analyzing .timer files
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers
+
+╔══════════╣ Analyzing .socket files
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sockets
+/etc/systemd/system/cloud-init.target.wants/cloud-init-hotplugd.socket is calling this writable listener: /run/cloud-init/hook-hotplug-cmd
+/etc/systemd/system/sockets.target.wants/uuidd.socket is calling this writable listener: /run/uuidd/request
+/snap/core20/1328/etc/systemd/system/cloud-init.target.wants/cloud-init-hotplugd.socket is calling this writable listener: /run/cloud-init/hook-hotplug-cmd
+/snap/core20/1328/usr/lib/systemd/system/cloud-init-hotplugd.socket is calling this writable listener: /run/cloud-init/hook-hotplug-cmd
+/snap/core20/1328/usr/lib/systemd/system/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket
+/snap/core20/1328/usr/lib/systemd/system/sockets.target.wants/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket
+/snap/core20/1328/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log
+/snap/core20/1328/usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout
+/snap/core20/1328/usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket
+/snap/core20/1328/usr/lib/systemd/system/syslog.socket is calling this writable listener: /run/systemd/journal/syslog
+/snap/core20/1328/usr/lib/systemd/system/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log
+/snap/core20/1328/usr/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout
+/snap/core20/1328/usr/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket
+/usr/lib/systemd/system/cloud-init-hotplugd.socket is calling this writable listener: /run/cloud-init/hook-hotplug-cmd
+/usr/lib/systemd/system/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket
+/usr/lib/systemd/system/sockets.target.wants/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket
+/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log
+/usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout
+/usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket
+
+╔══════════╣ Unix Sockets Listening
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sockets
+/org/kernel/linux/storage/multipathd
+/run/dbus/system_bus_socket
+ └─(Read Write)
+/run/lvm/lvmpolld.socket
+/run/snapd-snap.socket
+ └─(Read Write)
+/run/snapd.socket
+ └─(Read Write)
+/run/systemd/fsck.progress
+/run/systemd/journal/dev-log
+ └─(Read Write)
+/run/systemd/journal/io.systemd.journal
+/run/systemd/journal/socket
+ └─(Read Write)
+/run/systemd/journal/stdout
+ └─(Read Write)
+/run/systemd/journal/syslog
+ └─(Read Write)
+/run/systemd/notify
+ └─(Read Write)
+/run/systemd/private
+ └─(Read Write)
+/run/systemd/userdb/io.systemd.DynamicUser
+ └─(Read Write)
+/run/udev/control
+/run/uuidd/request
+ └─(Read Write)
+/var/lib/amazon/ssm/ipc/health
+/var/lib/amazon/ssm/ipc/termination
+/var/snap/lxd/common/lxd/unix.socket
+
+╔══════════╣ D-Bus config files
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus
+Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.thermald.conf ( <policy group="power">)
+
+╔══════════╣ D-Bus Service Objects list
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus
+NAME PID PROCESS USER CONNECTION UNIT SESSION DESCRIPTION
+:1.0 524 systemd-timesyn systemd-timesync :1.0 systemd-timesyncd.service - -
+:1.1 581 systemd-resolve systemd-resolve :1.1 systemd-resolved.service - -
+:1.10 636 snapd root :1.10 snapd.service - -
+:1.11 627 networkd-dispat root :1.11 networkd-dispatcher.service - -
+:1.13 785 unattended-upgr root :1.13 unattended-upgrades.service - -
+:1.2 578 systemd-network systemd-network :1.2 systemd-networkd.service - -
+:1.22 7785 busctl www-data :1.22 apache2.service - -
+:1.3 1 systemd root :1.3 init.scope - -
+:1.4 601 accounts-daemon[0m root :1.4 accounts-daemon.service - -
+:1.5 629 polkitd root :1.5 polkit.service - -
+:1.6 642 udisksd root :1.6 udisks2.service - -
+:1.7 709 ModemManager root :1.7 ModemManager.service - -
+:1.8 640 systemd-logind root :1.8 systemd-logind.service - -
+com.ubuntu.LanguageSelector - - - (activatable) - - -
+com.ubuntu.SoftwareProperties - - - (activatable) - - -
+io.netplan.Netplan - - - (activatable) - - -
+org.freedesktop.Accounts 601 accounts-daemon[0m root :1.4 accounts-daemon.service - -
+org.freedesktop.DBus 1 systemd root - init.scope - -
+org.freedesktop.ModemManager1 709 ModemManager root :1.7 ModemManager.service - -
+org.freedesktop.PackageKit - - - (activatable) - - -
+org.freedesktop.PolicyKit1 629 polkitd root :1.5 polkit.service - -
+org.freedesktop.UDisks2 642 udisksd root :1.6 udisks2.service - -
+org.freedesktop.UPower - - - (activatable) - - -
+org.freedesktop.bolt - - - (activatable) - - -
+org.freedesktop.fwupd - - - (activatable) - - -
+org.freedesktop.hostname1 - - - (activatable) - - -
+org.freedesktop.locale1 - - - (activatable) - - -
+org.freedesktop.login1 640 systemd-logind root :1.8 systemd-logind.service - -
+org.freedesktop.network1 578 systemd-network systemd-network :1.2 systemd-networkd.service - -
+org.freedesktop.resolve1 581 systemd-resolve systemd-resolve :1.1 systemd-resolved.service - -
+org.freedesktop.systemd1 1 systemd root :1.3 init.scope - -
+org.freedesktop.thermald - - - (activatable) - - -
+org.freedesktop.timedate1 - - - (activatable) - - -
+org.freedesktop.timesync1 524 systemd-timesyn systemd-timesync :1.0 systemd-timesyncd.service - -
+
+
+ ╔═════════════════════╗
+══════════════════════════════╣ Network Information ╠══════════════════════════════
+ ╚═════════════════════╝
+╔══════════╣ Hostname, hosts and DNS
+b2r
+127.0.0.1 localhost
+127.0.1.1 b2r
+
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+
+nameserver 127.0.0.53
+options edns0 trust-ad
+search eu-west-1.compute.internal
+
+╔══════════╣ Interfaces
+# symbolic names for networks, see networks(5) for more information
+link-local 169.254.0.0
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+ link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+ inet 127.0.0.1/8 scope host lo
+ valid_lft forever preferred_lft forever
+ inet6 ::1/128 scope host
+ valid_lft forever preferred_lft forever
+2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP group default qlen 1000
+ link/ether 02:d4:b2:e9:e2:e1 brd ff:ff:ff:ff:ff:ff
+ inet 10.10.177.92/16 brd 10.10.255.255 scope global dynamic eth0
+ valid_lft 2420sec preferred_lft 2420sec
+ inet6 fe80::d4:b2ff:fee9:e2e1/64 scope link
+ valid_lft forever preferred_lft forever
+
+╔══════════╣ Active Ports
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-ports
+tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
+tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
+tcp LISTEN 0 511 *:80 *:*
+tcp LISTEN 0 128 [::]:22 [::]:*
+
+╔══════════╣ Can I sniff with tcpdump?
+No
+
+
+
+ ╔═══════════════════╗
+═══════════════════════════════╣ Users Information ╠═══════════════════════════════
+ ╚═══════════════════╝
+╔══════════╣ My user
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#users
+uid=33(www-data) gid=33(www-data) groups=33(www-data)
+
+╔══════════╣ Do I have PGP keys?
+/usr/bin/gpg
+netpgpkeys Not Found
+netpgp Not Found
+
+╔══════════╣ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid
+
+╔══════════╣ Checking sudo tokens
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens
+ptrace protection is enabled (1)
+gdb wasn't found in PATH, this might still be vulnerable but linpeas won't be able to check it
+
+╔══════════╣ Checking Pkexec policy
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation/interesting-groups-linux-pe#pe-method-2
+
+[Configuration]
+AdminIdentities=unix-user:0
+[Configuration]
+AdminIdentities=unix-group:sudo;unix-group:admin
+
+╔══════════╣ Superusers
+root:x:0:0:root:/root:/bin/bash
+
+╔══════════╣ Users with console
+lachlan:x:1001:1001::/home/lachlan:/bin/sh
+root:x:0:0:root:/root:/bin/bash
+
+╔══════════╣ All users & groups
+uid=0(root) gid=0(root) groups=0(root)
+uid=1(daemon[0m) gid=1(daemon[0m) groups=1(daemon[0m)
+uid=10(uucp) gid=10(uucp) groups=10(uucp)
+uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
+uid=1001(lachlan) gid=1001(lachlan) groups=1001(lachlan)
+uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
+uid=102(systemd-timesync) gid=104(systemd-timesync) groups=104(systemd-timesync)
+uid=103(messagebus) gid=106(messagebus) groups=106(messagebus)
+uid=104(syslog) gid=110(syslog) groups=110(syslog),4(adm),5(tty)
+uid=105(_apt) gid=65534(nogroup) groups=65534(nogroup)
+uid=106(tss) gid=111(tss) groups=111(tss)
+uid=107(uuidd) gid=112(uuidd) groups=112(uuidd)
+uid=108(tcpdump) gid=113(tcpdump) groups=113(tcpdump)
+uid=109(landscape) gid=115(landscape) groups=115(landscape)
+uid=110(pollinate) gid=1(daemon[0m) groups=1(daemon[0m)
+uid=111(usbmux) gid=46(plugdev) groups=46(plugdev)
+uid=112(sshd) gid=65534(nogroup) groups=65534(nogroup)
+uid=13(proxy) gid=13(proxy) groups=13(proxy)
+uid=2(bin) gid=2(bin) groups=2(bin)
+uid=3(sys) gid=3(sys) groups=3(sys)
+uid=33(www-data) gid=33(www-data) groups=33(www-data)
+uid=34(backup) gid=34(backup) groups=34(backup)
+uid=38(list) gid=38(list) groups=38(list)
+uid=39(irc) gid=39(irc) groups=39(irc)
+uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
+uid=41(gnats) gid=41(gnats) groups=41(gnats)
+uid=5(games) gid=60(games) groups=60(games)
+uid=6(man) gid=12(man) groups=12(man)
+uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
+uid=7(lp) gid=7(lp) groups=7(lp)
+uid=8(mail) gid=8(mail) groups=8(mail)
+uid=9(news) gid=9(news) groups=9(news)
+uid=998(lxd) gid=100(users) groups=100(users)
+uid=999(systemd-coredump) gid=999(systemd-coredump) groups=999(systemd-coredump)
+
+╔══════════╣ Login now
+ 15:34:00 up 21 min, 0 users, load average: 0.46, 0.30, 0.73
+USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
+
+╔══════════╣ Last logons
+reboot system boot Sat Aug 20 15:12:59 2022 still running 0.0.0.0
+reboot system boot Thu May 5 04:55:21 2022 - Thu May 5 04:57:39 2022 (00:02) 0.0.0.0
+lachlan pts/0 Thu May 5 04:39:19 2022 - Thu May 5 04:39:27 2022 (00:00) 192.168.56.1
+setup tty1 Thu May 5 04:37:12 2022 - crash (00:18) 0.0.0.0
+reboot system boot Thu May 5 04:36:47 2022 - Thu May 5 04:57:39 2022 (00:20) 0.0.0.0
+setup tty1 Thu May 5 03:48:01 2022 - down (00:02) 0.0.0.0
+reboot system boot Thu May 5 03:46:00 2022 - Thu May 5 03:50:09 2022 (00:04) 0.0.0.0
+
+wtmp begins Thu May 5 03:46:00 2022
+
+╔══════════╣ Last time logon each user
+Username Port From Latest
+lachlan pts/0 192.168.56.1 Thu May 5 04:39:19 +0000 2022
+
+╔══════════╣ Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)
+
+╔══════════╣ Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!
+
+
+
+ ╔══════════════════════╗
+═════════════════════════════╣ Software Information ╠═════════════════════════════
+ ╚══════════════════════╝
+╔══════════╣ Searching mysql credentials and exec
+
+╔══════════╣ Analyzing Apache-Nginx Files (limit 70)
+Apache version: Server version: Apache/2.4.41 (Ubuntu)
+Server built: 2022-03-16T16:52:53
+httpd Not Found
+
+Nginx version: nginx Not Found
+
+══╣ PHP exec extensions
+drwxr-xr-x 2 root root 4096 May 5 04:38 /etc/apache2/sites-enabled
+drwxr-xr-x 2 root root 4096 May 5 04:38 /etc/apache2/sites-enabled
+lrwxrwxrwx 1 root root 35 May 5 04:38 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
+<VirtualHost *:80>
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+
+
+
+
+╔══════════╣ Analyzing Rsync Files (limit 70)
+
+
+╔══════════╣ Analyzing Ldap Files (limit 70)
+The password hash is from the {SSHA} to 'structural'
+drwxr-xr-x 2 root root 4096 Feb 23 08:54 /etc/ldap
+
+
+╔══════════╣ Searching ssl/ssh files
+ChallengeResponseAuthentication no
+UsePAM yes
+══╣ Some certificates were found (out limited):
+/etc/pki/fwupd-metadata/LVFS-CA.pem
+/etc/pki/fwupd/LVFS-CA.pem
+/etc/pollinate/entropy.ubuntu.com.pem
+/snap/core20/1328/etc/ssl/certs/ACCVRAIZ1.pem
+/snap/core20/1328/etc/ssl/certs/AC_RAIZ_FNMT-RCM.pem
+/snap/core20/1328/etc/ssl/certs/Actalis_Authentication_Root_CA.pem
+/snap/core20/1328/etc/ssl/certs/AffirmTrust_Commercial.pem
+/snap/core20/1328/etc/ssl/certs/AffirmTrust_Networking.pem
+/snap/core20/1328/etc/ssl/certs/AffirmTrust_Premium.pem
+/snap/core20/1328/etc/ssl/certs/AffirmTrust_Premium_ECC.pem
+/snap/core20/1328/etc/ssl/certs/Amazon_Root_CA_1.pem
+/snap/core20/1328/etc/ssl/certs/Amazon_Root_CA_2.pem
+/snap/core20/1328/etc/ssl/certs/Amazon_Root_CA_3.pem
+/snap/core20/1328/etc/ssl/certs/Amazon_Root_CA_4.pem
+/snap/core20/1328/etc/ssl/certs/Atos_TrustedRoot_2011.pem
+/snap/core20/1328/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
+/snap/core20/1328/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
+/snap/core20/1328/etc/ssl/certs/Buypass_Class_2_Root_CA.pem
+/snap/core20/1328/etc/ssl/certs/Buypass_Class_3_Root_CA.pem
+/snap/core20/1328/etc/ssl/certs/CA_Disig_Root_R2.pem
+1803PSTORAGE_CERTSBIN
+
+══╣ Writable ssh and gpg agents
+/etc/systemd/user/sockets.target.wants/gpg-agent-browser.socket
+/etc/systemd/user/sockets.target.wants/gpg-agent-ssh.socket
+/etc/systemd/user/sockets.target.wants/gpg-agent.socket
+/etc/systemd/user/sockets.target.wants/gpg-agent-extra.socket
+══╣ Some home ssh config file was found
+/usr/share/openssh/sshd_config
+Include /etc/ssh/sshd_config.d/*.conf
+ChallengeResponseAuthentication no
+UsePAM yes
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+══╣ /etc/hosts.allow file found, trying to read the rules:
+/etc/hosts.allow
+
+
+Searching inside /etc/ssh/ssh_config for interesting info
+Include /etc/ssh/ssh_config.d/*.conf
+Host *
+ SendEnv LANG LC_*
+ HashKnownHosts yes
+ GSSAPIAuthentication yes
+
+╔══════════╣ Analyzing PAM Auth Files (limit 70)
+drwxr-xr-x 2 root root 4096 May 5 04:38 /etc/pam.d
+-rw-r--r-- 1 root root 2133 Dec 2 2021 /etc/pam.d/sshd
+
+
+
+
+╔══════════╣ Searching tmux sessions
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-shell-sessions
+tmux 3.0a
+
+
+/tmp/tmux-33
+╔══════════╣ Analyzing Cloud Init Files (limit 70)
+
+╔══════════╣ Analyzing Keyring Files (limit 70)
+drwxr-xr-x 2 root root 200 Jan 14 2022 /snap/core20/1328/usr/share/keyrings
+drwxr-xr-x 2 root root 4096 May 5 03:48 /usr/share/keyrings
+
+
+
+
+╔══════════╣ Searching uncommon passwd files (splunk)
+passwd file: /etc/pam.d/passwd
+passwd file: /etc/passwd
+passwd file: /snap/core20/1328/etc/pam.d/passwd
+passwd file: /snap/core20/1328/etc/passwd
+passwd file: /snap/core20/1328/usr/share/bash-completion/completions/passwd
+passwd file: /snap/core20/1328/usr/share/lintian/overrides/passwd
+passwd file: /snap/core20/1328/var/lib/extrausers/passwd
+passwd file: /usr/share/bash-completion/completions/passwd
+passwd file: /usr/share/lintian/overrides/passwd
+
+╔══════════╣ Analyzing PGP-GPG Files (limit 70)
+/usr/bin/gpg
+gpg Not Found
+netpgpkeys Not Found
+netpgp Not Found
+
+
+
+
+╔══════════╣ Analyzing Postfix Files (limit 70)
+
+╔══════════╣ Analyzing FTP Files (limit 70)
+
+
+
+
+
+
+
+
+╔══════════╣ Analyzing Bind Files (limit 70)
+
+╔══════════╣ Analyzing Other Interesting Files (limit 70)
+
+
+
+
+
+
+
+
+
+
+
+ ╔═══════════════════╗
+═══════════════════════════════╣ Interesting Files ╠═══════════════════════════════
+ ╚═══════════════════╝
+╔══════════╣ SUID - Check easy privesc, exploits and write perms
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid
+strings Not Found
+-rwsr-xr-x 1 root root 140K Feb 23 18:25 /usr/lib/snapd/snap-confine ---> Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304)
+-rwsr-xr-x 1 root root 23K Feb 21 12:58 /usr/lib/policykit-1/polkit-agent-helper-1
+-rwsr-xr-- 1 root messagebus 51K Jun 11 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
+-rwsr-xr-x 1 root root 463K Dec 2 2021 /usr/lib/openssh/ssh-keysign
+-rwsr-xr-x 1 root root 15K Jul 8 2019 /usr/lib/eject/dmcrypt-get-device
+-rwsr-xr-x 1 root root 39K Mar 7 2020 /usr/bin/fusermount
+-rwsr-xr-x 1 root root 67K Feb 7 2022 /usr/bin/su
+-rwsr-xr-x 1 root root 44K Jul 14 2021 /usr/bin/newgrp ---> HP-UX_10.20
+-rwsr-xr-x 1 root root 52K Jul 14 2021 /usr/bin/chsh
+-rwsr-xr-x 1 root root 39K Feb 7 2022 /usr/bin/umount ---> BSD/Linux(08-1996)
+-rwsr-xr-x 1 root root 67K Jul 14 2021 /usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
+-rwsr-xr-x 1 root root 31K Feb 21 12:58 /usr/bin/pkexec ---> Linux4.10_to_5.1.17(CVE-2019-13272)/rhel_6(CVE-2011-1485)
+-rwsr-xr-x 1 root root 163K Jan 19 2021 /usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable
+-rwsr-xr-x 1 root root 55K Feb 7 2022 /usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
+-rwsr-xr-x 1 root root 87K Jul 14 2021 /usr/bin/gpasswd
+-rwsr-xr-x 1 root root 84K Jul 14 2021 /usr/bin/chfn ---> SuSE_9.3/10
+-rwsr-sr-x 1 daemon daemon 55K Nov 12 2018 /usr/bin/at ---> RTru64_UNIX_4.0g(CVE-2002-1614)
+-rwsr-xr-x 1 root root 121K Feb 15 2022 /snap/snapd/14978/usr/lib/snapd/snap-confine ---> Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304)
+-rwsr-xr-x 1 root root 84K Jul 14 2021 /snap/core20/1328/usr/bin/chfn ---> SuSE_9.3/10
+-rwsr-xr-x 1 root root 52K Jul 14 2021 /snap/core20/1328/usr/bin/chsh
+-rwsr-xr-x 1 root root 87K Jul 14 2021 /snap/core20/1328/usr/bin/gpasswd
+-rwsr-xr-x 1 root root 55K Jul 21 2020 /snap/core20/1328/usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
+-rwsr-xr-x 1 root root 44K Jul 14 2021 /snap/core20/1328/usr/bin/newgrp ---> HP-UX_10.20
+-rwsr-xr-x 1 root root 67K Jul 14 2021 /snap/core20/1328/usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
+-rwsr-xr-x 1 root root 67K Jul 21 2020 /snap/core20/1328/usr/bin/su
+-rwsr-xr-x 1 root root 163K Jan 19 2021 /snap/core20/1328/usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable
+-rwsr-xr-x 1 root root 39K Jul 21 2020 /snap/core20/1328/usr/bin/umount ---> BSD/Linux(08-1996)
+-rwsr-xr-- 1 root systemd-resolve 51K Jun 11 2020 /snap/core20/1328/usr/lib/dbus-1.0/dbus-daemon-launch-helper
+-rwsr-xr-x 1 root root 463K Dec 2 2021 /snap/core20/1328/usr/lib/openssh/ssh-keysign
+
+╔══════════╣ SGID
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid
+-rwxr-sr-x 1 root utmp 15K Sep 30 2019 /usr/lib/x86_64-linux-gnu/utempter/utempter
+-rwxr-sr-x 1 root shadow 83K Jul 14 2021 /usr/bin/chage
+-rwxr-sr-x 1 root crontab 43K Feb 13 2020 /usr/bin/crontab
+-rwxr-sr-x 1 root tty 15K Mar 30 2020 /usr/bin/bsd-write
+-rwxr-sr-x 1 root shadow 31K Jul 14 2021 /usr/bin/expiry
+-rwxr-sr-x 1 root ssh 343K Dec 2 2021 /usr/bin/ssh-agent
+-rwxr-sr-x 1 root tty 35K Feb 7 2022 /usr/bin/wall
+-rwsr-sr-x 1 daemon daemon 55K Nov 12 2018 /usr/bin/at ---> RTru64_UNIX_4.0g(CVE-2002-1614)
+-rwxr-sr-x 1 root shadow 43K Sep 17 2021 /usr/sbin/pam_extrausers_chkpwd
+-rwxr-sr-x 1 root shadow 43K Sep 17 2021 /usr/sbin/unix_chkpwd
+-rwxr-sr-x 1 root shadow 83K Jul 14 2021 /snap/core20/1328/usr/bin/chage
+-rwxr-sr-x 1 root shadow 31K Jul 14 2021 /snap/core20/1328/usr/bin/expiry
+-rwxr-sr-x 1 root crontab 343K Dec 2 2021 /snap/core20/1328/usr/bin/ssh-agent
+-rwxr-sr-x 1 root tty 35K Jul 21 2020 /snap/core20/1328/usr/bin/wall
+-rwxr-sr-x 1 root shadow 43K Sep 17 2021 /snap/core20/1328/usr/sbin/pam_extrausers_chkpwd
+-rwxr-sr-x 1 root shadow 43K Sep 17 2021 /snap/core20/1328/usr/sbin/unix_chkpwd
+
+╔══════════╣ Checking misconfigurations of ld.so
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#ld-so
+/etc/ld.so.conf
+include /etc/ld.so.conf.d/*.conf
+
+/etc/ld.so.conf.d
+ /etc/ld.so.conf.d/libc.conf
+/usr/local/lib
+ /etc/ld.so.conf.d/x86_64-linux-gnu.conf
+/usr/local/lib/x86_64-linux-gnu
+/lib/x86_64-linux-gnu
+/usr/lib/x86_64-linux-gnu
+
+╔══════════╣ Capabilities
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities
+Current env capabilities:
+Current: =
+Current proc capabilities:
+CapInh: 0000000000000000
+CapPrm: 0000000000000000
+CapEff: 0000000000000000
+CapBnd: 0000003fffffffff
+CapAmb: 0000000000000000
+
+Parent Shell capabilities:
+0x0000000000000000=
+
+Files with capabilities (limited to 50):
+/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper = cap_net_bind_service,cap_net_admin+ep
+/usr/bin/ping = cap_net_raw+ep
+/usr/bin/mtr-packet = cap_net_raw+ep
+/usr/bin/traceroute6.iputils = cap_net_raw+ep
+/snap/core20/1328/usr/bin/ping = cap_net_raw+ep
+
+╔══════════╣ Users with capabilities
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities
+
+╔══════════╣ AppArmor binary profiles
+-rw-r--r-- 1 root root 3222 Mar 11 2020 sbin.dhclient
+-rw-r--r-- 1 root root 3202 Feb 25 2020 usr.bin.man
+-rw-r--r-- 1 root root 28249 Feb 18 2022 usr.lib.snapd.snap-confine.real
+-rw-r--r-- 1 root root 1575 Feb 11 2020 usr.sbin.rsyslogd
+-rw-r--r-- 1 root root 1385 Dec 7 2019 usr.sbin.tcpdump
+
+╔══════════╣ Files with ACLs (limited to 50)
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#acls
+files with acls in searched folders Not Found
+
+╔══════════╣ .sh files in path
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#script-binaries-in-path
+/usr/bin/gettext.sh
+/usr/bin/rescan-scsi-bus.sh
+
+╔══════════╣ Executable files added by user (limit 70)
+2022-05-05+03:46:05.2439999400 /etc/console-setup/cached_setup_font.sh
+2022-05-05+03:46:05.2439999400 /etc/console-setup/cached_setup_keyboard.sh
+2022-05-05+03:46:05.2439999400 /etc/console-setup/cached_setup_terminal.sh
+╔══════════╣ Unexpected in root
+
+╔══════════╣ Files (scripts) in /etc/profile.d/
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#profiles-files
+total 44
+drwxr-xr-x 2 root root 4096 May 5 03:48 .
+drwxr-xr-x 102 root root 4096 May 5 04:55 ..
+-rw-r--r-- 1 root root 96 Dec 5 2019 01-locale-fix.sh
+-rw-r--r-- 1 root root 1557 Feb 17 2020 Z97-byobu.sh
+-rwxr-xr-x 1 root root 3417 Nov 3 2021 Z99-cloud-locale-test.sh
+-rwxr-xr-x 1 root root 873 Nov 3 2021 Z99-cloudinit-warnings.sh
+-rw-r--r-- 1 root root 835 Feb 18 2022 apps-bin-path.sh
+-rw-r--r-- 1 root root 729 Feb 2 2020 bash_completion.sh
+-rw-r--r-- 1 root root 1003 Aug 13 2019 cedilla-portuguese.sh
+-rw-r--r-- 1 root root 1107 Nov 3 2019 gawk.csh
+-rw-r--r-- 1 root root 757 Nov 3 2019 gawk.sh
+
+╔══════════╣ Permissions in init, init.d, systemd, and rc.d
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#init-init-d-systemd-and-rc-d
+
+═╣ Hashes inside passwd file? ........... No
+═╣ Writable passwd file? ................ No
+═╣ Credentials in fstab/mtab? ........... No
+═╣ Can I read shadow files? ............. No
+═╣ Can I read shadow plists? ............ No
+═╣ Can I write shadow plists? ........... No
+═╣ Can I read opasswd file? ............. No
+═╣ Can I write in network-scripts? ...... No
+═╣ Can I read root folder? .............. No
+
+╔══════════╣ Searching root files in home dirs (limit 30)
+/home/
+/root/
+
+╔══════════╣ Searching folders owned by me containing others files on it (limit 100)
+
+╔══════════╣ Readable files belonging to root and readable by me but not world readable
+
+╔══════════╣ Modified interesting files in the last 5mins (limit 100)
+/var/log/kern.log
+/var/log/syslog
+/var/log/auth.log
+/var/log/journal/113cfd14aea5442b9c02d5a5f48b55bb/system.journal
+
+╔══════════╣ Writable log files (logrotten) (limit 50)
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#logrotate-exploitation
+logrotate 3.14.0
+
+ Default mail command: /usr/bin/mail
+ Default compress command: /bin/gzip
+ Default uncompress command: /bin/gunzip
+ Default compress extension: .gz
+ Default state file path: /var/lib/logrotate/status
+ ACL support: yes
+ SELinux support: yes
+
+╔══════════╣ Files inside /home/www-data (limit 20)
+
+╔══════════╣ Files inside others home (limit 20)
+/home/lachlan/.profile
+/home/lachlan/.bash_logout
+/home/lachlan/bin/backup.sh
+/home/lachlan/.bashrc
+/home/lachlan/.bash_history
+/home/lachlan/user.txt
+
+╔══════════╣ Searching installed mail applications
+
+╔══════════╣ Mails (limit 50)
+
+╔══════════╣ Backup files (limited 100)
+-rw-r--r-- 1 lachlan lachlan 56 May 5 04:38 /home/lachlan/bin/backup.sh
+-rw-r--r-- 1 root root 9833 Apr 8 08:44 /usr/lib/modules/5.4.0-109-generic/kernel/drivers/power/supply/wm831x_backup.ko
+-rw-r--r-- 1 root root 9073 Apr 8 08:44 /usr/lib/modules/5.4.0-109-generic/kernel/drivers/net/team/team_mode_activebackup.ko
+-rw-r--r-- 1 root root 1413 May 5 03:48 /usr/lib/python3/dist-packages/sos/report/plugins/__pycache__/ovirt_engine_backup.cpython-38.pyc
+-rw-r--r-- 1 root root 1802 Feb 15 2022 /usr/lib/python3/dist-packages/sos/report/plugins/ovirt_engine_backup.py
+-rw-r--r-- 1 root root 44048 Oct 12 2021 /usr/lib/x86_64-linux-gnu/open-vm-tools/plugins/vmsvc/libvmbackup.so
+-rwxr-xr-x 1 root root 1086 Nov 25 2019 /usr/src/linux-headers-5.4.0-109/tools/testing/selftests/net/tcp_fastopen_backup_key.sh
+-rw-r--r-- 1 root root 237986 Apr 8 08:44 /usr/src/linux-headers-5.4.0-109-generic/.config.old
+-rw-r--r-- 1 root root 0 Apr 8 08:44 /usr/src/linux-headers-5.4.0-109-generic/include/config/net/team/mode/activebackup.h
+-rw-r--r-- 1 root root 0 Apr 8 08:44 /usr/src/linux-headers-5.4.0-109-generic/include/config/wm831x/backup.h
+-rw-r--r-- 1 root root 2756 Feb 13 2020 /usr/share/man/man8/vgcfgbackup.8.gz
+-rw-r--r-- 1 root root 11886 May 5 03:43 /usr/share/info/dir.old
+-rw-r--r-- 1 root root 7867 Jul 16 1996 /usr/share/doc/telnet/README.old.gz
+-rw-r--r-- 1 root root 392817 Feb 9 2020 /usr/share/doc/manpages/Changes.old.gz
+-rwxr-xr-x 1 root root 226 Feb 17 2020 /usr/share/byobu/desktop/byobu.desktop.old
+-rw-r--r-- 1 root root 2743 Feb 23 08:56 /etc/apt/sources.list.curtin.old
+
+╔══════════╣ Searching tables inside readable .db/.sql/.sqlite files (limit 100)
+Found /var/lib/PackageKit/transactions.db: SQLite 3.x database, last written using SQLite version 3031001
+Found /var/lib/command-not-found/commands.db: SQLite 3.x database, last written using SQLite version 3031001
+
+ -> Extracting tables from /var/lib/PackageKit/transactions.db (limit 20)
+ -> Extracting tables from /var/lib/command-not-found/commands.db (limit 20)
+
+╔══════════╣ Web files?(output limit)
+/var/www/:
+total 12K
+drwxr-xr-x 3 root root 4.0K May 5 04:38 .
+drwxr-xr-x 14 root root 4.0K May 5 04:38 ..
+drwxr-xr-x 6 www-data www-data 4.0K May 5 04:38 html
+
+/var/www/html:
+total 32K
+drwxr-xr-x 6 www-data www-data 4.0K May 5 04:38 .
+drwxr-xr-x 3 root root 4.0K May 5 04:38 ..
+
+╔══════════╣ All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)
+-rw-r--r-- 1 lachlan lachlan 220 Feb 25 2020 /home/lachlan/.bash_logout
+-rw------- 1 root root 0 Jan 14 2022 /snap/core20/1328/etc/.pwd.lock
+-rw-r--r-- 1 root root 220 Feb 25 2020 /snap/core20/1328/etc/skel/.bash_logout
+-rw-r--r-- 1 landscape landscape 0 Feb 23 08:55 /var/lib/landscape/.cleanup.user
+-rw-r--r-- 1 root root 220 Feb 25 2020 /etc/skel/.bash_logout
+-rw------- 1 root root 0 Feb 23 08:50 /etc/.pwd.lock
+-rw------- 1 root root 0 Aug 20 15:15 /run/snapd/lock/.lock
+-rw-r--r-- 1 root root 20 Aug 20 15:14 /run/cloud-init/.instance-id
+-rw-r--r-- 1 root root 2 Aug 20 15:13 /run/cloud-init/.ds-identify.result
+
+╔══════════╣ Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)
+
+╔══════════╣ Interesting writable files owned by me or writable by everyone (not in Home) (max 500)
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files
+/dev/mqueue
+/dev/shm
+/dev/shm/linlog
+/dev/shm/linpeas.sh
+/run/lock
+/run/lock/apache2
+/run/screen
+/snap/core20/1328/run/lock
+/snap/core20/1328/tmp
+/snap/core20/1328/var/tmp
+/tmp
+/tmp/tmux-33
+/var/cache/apache2/mod_cache_disk
+/var/crash
+/var/lib/php/sessions
+/var/tmp
+/var/www/html
+/var/www/html/css
+/var/www/html/css/custom.css
+/var/www/html/cvs
+/var/www/html/cvs/index.html
+/var/www/html/cvs/shell.pdf.php
+/var/www/html/dist
+/var/www/html/dist/css
+/var/www/html/dist/css/normalize.css
+/var/www/html/dist/css/skeleton.css
+/var/www/html/dist/images
+/var/www/html/images
+/var/www/html/index.html
+/var/www/html/upload.php
+
+╔══════════╣ Interesting GROUP writable files (not in Home) (max 500)
+╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files
+ Group www-data:
+/dev/shm/linlog
+/dev/shm/linpeas.sh
+
+╔══════════╣ Searching passwords in history files
+echo -e "dHY5pzmNYoETv7SUaY\nthisistheway123\nthisistheway123" | passwd
+
+╔══════════╣ Searching *password* or *credential* files in home (limit 70)
+/etc/pam.d/common-password
+/usr/bin/systemd-ask-password
+/usr/bin/systemd-tty-ask-password-agent
+/usr/lib/git-core/git-credential
+/usr/lib/git-core/git-credential-cache
+/usr/lib/git-core/git-credential-cache--daemon
+/usr/lib/git-core/git-credential-store
+ #)There are more creds/passwds files in the previous parent folder
+
+/usr/lib/grub/i386-pc/password.mod
+/usr/lib/grub/i386-pc/password_pbkdf2.mod
+/usr/lib/python3/dist-packages/cloudinit/config/__pycache__/cc_set_passwords.cpython-38.pyc
+/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py
+/usr/lib/python3/dist-packages/keyring/__pycache__/credentials.cpython-38.pyc
+/usr/lib/python3/dist-packages/keyring/credentials.py
+/usr/lib/python3/dist-packages/launchpadlib/__pycache__/credentials.cpython-38.pyc
+/usr/lib/python3/dist-packages/launchpadlib/credentials.py
+/usr/lib/python3/dist-packages/launchpadlib/tests/__pycache__/test_credential_store.cpython-38.pyc
+/usr/lib/python3/dist-packages/launchpadlib/tests/test_credential_store.py
+/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/__pycache__/client_credentials.cpython-38.pyc
+/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/__pycache__/resource_owner_password_credentials.cpython-38.pyc
+/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py
+/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py
+/usr/lib/python3/dist-packages/twisted/cred/__pycache__/credentials.cpython-38.pyc
+/usr/lib/python3/dist-packages/twisted/cred/credentials.py
+/usr/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path
+/usr/lib/systemd/system/sysinit.target.wants/systemd-ask-password-console.path
+/usr/lib/systemd/system/systemd-ask-password-console.path
+/usr/lib/systemd/system/systemd-ask-password-console.service
+/usr/lib/systemd/system/systemd-ask-password-plymouth.path
+/usr/lib/systemd/system/systemd-ask-password-plymouth.service
+ #)There are more creds/passwds files in the previous parent folder
+
+/usr/share/doc/git/contrib/credential
+/usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c
+/usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret.c
+/usr/share/doc/git/contrib/credential/netrc/git-credential-netrc
+/usr/share/doc/git/contrib/credential/netrc/t-git-credential-netrc.sh
+/usr/share/doc/git/contrib/credential/osxkeychain/git-credential-osxkeychain.c
+/usr/share/doc/git/contrib/credential/wincred/git-credential-wincred.c
+/usr/share/man/man1/git-credential-cache--daemon.1.gz
+/usr/share/man/man1/git-credential-cache.1.gz
+/usr/share/man/man1/git-credential-store.1.gz
+/usr/share/man/man1/git-credential.1.gz
+ #)There are more creds/passwds files in the previous parent folder
+
+/usr/share/man/man7/gitcredentials.7.gz
+/usr/share/man/man8/systemd-ask-password-console.path.8.gz
+/usr/share/man/man8/systemd-ask-password-console.service.8.gz
+
+╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs
+
+╔══════════╣ Searching passwords inside logs (limit 70)
+ base-passwd depends on libc6 (>= 2.8); however:
+ base-passwd depends on libdebconfclient0 (>= 0.145); however:
+2022-02-23 08:50:00 configure base-passwd:amd64 3.5.47 3.5.47
+2022-02-23 08:50:00 install base-passwd:amd64 <none> 3.5.47
+2022-02-23 08:50:00 status half-configured base-passwd:amd64 3.5.47
+2022-02-23 08:50:00 status half-installed base-passwd:amd64 3.5.47
+2022-02-23 08:50:00 status installed base-passwd:amd64 3.5.47
+2022-02-23 08:50:00 status unpacked base-passwd:amd64 3.5.47
+2022-02-23 08:50:05 status half-configured base-passwd:amd64 3.5.47
+2022-02-23 08:50:05 status half-installed base-passwd:amd64 3.5.47
+2022-02-23 08:50:05 status unpacked base-passwd:amd64 3.5.47
+2022-02-23 08:50:05 upgrade base-passwd:amd64 3.5.47 3.5.47
+2022-02-23 08:50:14 install passwd:amd64 <none> 1:4.8.1-1ubuntu5
+2022-02-23 08:50:14 status half-installed passwd:amd64 1:4.8.1-1ubuntu5
+2022-02-23 08:50:14 status unpacked passwd:amd64 1:4.8.1-1ubuntu5
+2022-02-23 08:50:17 configure base-passwd:amd64 3.5.47 <none>
+2022-02-23 08:50:17 status half-configured base-passwd:amd64 3.5.47
+2022-02-23 08:50:17 status installed base-passwd:amd64 3.5.47
+2022-02-23 08:50:17 status unpacked base-passwd:amd64 3.5.47
+2022-02-23 08:50:20 configure passwd:amd64 1:4.8.1-1ubuntu5 <none>
+2022-02-23 08:50:20 status half-configured passwd:amd64 1:4.8.1-1ubuntu5
+2022-02-23 08:50:20 status installed passwd:amd64 1:4.8.1-1ubuntu5
+2022-02-23 08:50:20 status unpacked passwd:amd64 1:4.8.1-1ubuntu5
+2022-02-23 08:52:18 status half-configured passwd:amd64 1:4.8.1-1ubuntu5
+2022-02-23 08:52:18 status half-installed passwd:amd64 1:4.8.1-1ubuntu5
+2022-02-23 08:52:18 status unpacked passwd:amd64 1:4.8.1-1ubuntu5
+2022-02-23 08:52:18 upgrade passwd:amd64 1:4.8.1-1ubuntu5 1:4.8.1-1ubuntu5.20.04.1
+2022-02-23 08:52:19 configure passwd:amd64 1:4.8.1-1ubuntu5.20.04.1 <none>
+2022-02-23 08:52:19 status half-configured passwd:amd64 1:4.8.1-1ubuntu5.20.04.1
+2022-02-23 08:52:19 status installed passwd:amd64 1:4.8.1-1ubuntu5.20.04.1
+2022-02-23 08:52:19 status unpacked passwd:amd64 1:4.8.1-1ubuntu5.20.04.1
+2022-05-05 03:46:20,473 - cc_set_passwords.py[DEBUG]: Leaving SSH config 'PasswordAuthentication' unchanged. ssh_pwauth=None
+2022-05-05 03:46:20,473 - handlers.py[DEBUG]: finish: modules-config/config-set-passwords: SUCCESS: config-set-passwords ran successfully
+2022-05-05 03:46:20,473 - util.py[DEBUG]: Writing to /var/lib/cloud/instances/iid-datasource-none/sem/config_set_passwords - wb: [644] 25 bytes
+2022-05-05 04:37:06,411 - handlers.py[DEBUG]: finish: modules-config/config-set-passwords: SUCCESS: config-set-passwords previously ran
+2022-05-05 04:37:06,411 - helpers.py[DEBUG]: config-set-passwords already ran (freq=once-per-instance)
+2022-05-05 04:55:41,029 - handlers.py[DEBUG]: finish: modules-config/config-set-passwords: SUCCESS: config-set-passwords previously ran
+2022-05-05 04:55:41,029 - helpers.py[DEBUG]: config-set-passwords already ran (freq=once-per-instance)
+2022-08-20 15:16:00,365 - handlers.py[DEBUG]: finish: modules-config/config-set-passwords: SUCCESS: config-set-passwords previously ran
+2022-08-20 15:16:00,365 - helpers.py[DEBUG]: config-set-passwords already ran (freq=once-per-instance)
+Preparing to unpack .../base-passwd_3.5.47_amd64.deb ...
+Preparing to unpack .../passwd_1%3a4.8.1-1ubuntu5_amd64.deb ...
+Selecting previously unselected package base-passwd.
+Selecting previously unselected package passwd.
+Setting up base-passwd (3.5.47) ...
+Setting up passwd (1:4.8.1-1ubuntu5) ...
+Shadow passwords are now on.
+Unpacking base-passwd (3.5.47) ...
+Unpacking base-passwd (3.5.47) over (3.5.47) ...
+Unpacking passwd (1:4.8.1-1ubuntu5) ...
+[ 9.076613] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
+[ 38.055933] systemd[1]: Started Forward Password Requests to Wall Directory Watch.
+dpkg: base-passwd: dependency problems, but configuring anyway as you requested:
+
+
+
+ ╔════════════════╗
+════════════════════════════════╣ API Keys Regex ╠════════════════════════════════
+ ╚════════════════╝
+Regexes to search for API keys aren't activated, use param '-r'
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-22 07:57:14 +0000