From a28bbfd309eba3222d9938d9b3ce185fd1e8241e Mon Sep 17 00:00:00 2001 From: Raghuram Subramani Date: Sun, 4 Sep 2022 13:59:22 +0530 Subject: forgot to add hackervshacker --- hackervshacker/linlog-lachlan | 1230 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1230 insertions(+) create mode 100644 hackervshacker/linlog-lachlan (limited to 'hackervshacker/linlog-lachlan') diff --git a/hackervshacker/linlog-lachlan b/hackervshacker/linlog-lachlan new file mode 100644 index 0000000..d719181 --- /dev/null +++ b/hackervshacker/linlog-lachlan @@ -0,0 +1,1230 @@ + + + ▄▄▄▄▄▄▄▄▄▄▄▄▄▄ + ▄▄▄▄▄▄▄             ▄▄▄▄▄▄▄▄ + ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄ + ▄▄▄▄     ▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄ + ▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ + ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄       ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ + ▄▄▄▄▄▄▄▄▄▄▄          ▄▄▄▄▄▄               ▄▄▄▄▄▄ ▄ + ▄▄▄▄▄▄              ▄▄▄▄▄▄▄▄                 ▄▄▄▄  + ▄▄                  ▄▄▄ ▄▄▄▄▄                  ▄▄▄ + ▄▄                ▄▄▄▄▄▄▄▄▄▄▄▄                  ▄▄ + ▄            ▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄ + ▄      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ + ▄▄▄▄▄▄▄▄▄▄▄▄▄▄                                ▄▄▄▄ + ▄▄▄▄▄  ▄▄▄▄▄                       ▄▄▄▄▄▄     ▄▄▄▄ + ▄▄▄▄   ▄▄▄▄▄                       ▄▄▄▄▄      ▄ ▄▄ + ▄▄▄▄▄  ▄▄▄▄▄        ▄▄▄▄▄▄▄        ▄▄▄▄▄     ▄▄▄▄▄ + ▄▄▄▄▄▄  ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄   ▄▄▄▄▄  +  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄        ▄          ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  + ▄▄▄▄▄▄▄▄▄▄▄▄▄                       ▄▄▄▄▄▄▄▄▄▄▄▄▄▄ + ▄▄▄▄▄▄▄▄▄▄▄                         ▄▄▄▄▄▄▄▄▄▄▄▄▄▄ + ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ + ▀▀▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▀▀▀▀▀▀ + ▀▀▀▄▄▄▄▄      ▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▀▀ + ▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀ + + /---------------------------------------------------------------------------------\ + | Do you like PEASS? | + |---------------------------------------------------------------------------------| + | Get the latest version : https://github.com/sponsors/carlospolop | + | Follow on Twitter : @carlospolopm | + | Respect on HTB : SirBroccoli  | + |---------------------------------------------------------------------------------| + | Thank you!  | + \---------------------------------------------------------------------------------/ + linpeas-ng by carlospolop + +ADVISORY: This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission. + +Linux Privesc Checklist: https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist + LEGEND: + RED/YELLOW: 95% a PE vector + RED: You should take a look to it + LightCyan: Users with console + Blue: Users without console & mounted devs + Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) + LightMagenta: Your username + + Starting linpeas. Caching Writable Folders... + + ╔═══════════════════╗ +═══════════════════════════════╣ Basic information ╠═══════════════════════════════ + ╚═══════════════════╝ +OS: Linux version 5.4.0-109-generic (buildd@ubuntu) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #123-Ubuntu SMP Fri Apr 8 09:10:54 UTC 2022 +User & Groups: uid=1001(lachlan) gid=1001(lachlan) groups=1001(lachlan) +Hostname: b2r +Writable folder: /dev/shm +[+] /usr/bin/ping is available for network discovery (linpeas can discover hosts, learn more with -h) +[+] /usr/bin/bash is available for network discovery & port scanning (linpeas can discover hosts and scan ports, learn more with -h) +[+] /usr/bin/nc is available for network discovery & port scanning (linpeas can discover hosts and scan ports, learn more with -h) + + + +Caching directories DONE + + ╔════════════════════╗ +══════════════════════════════╣ System Information ╠══════════════════════════════ + ╚════════════════════╝ +╔══════════╣ Operative system +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#kernel-exploits +Linux version 5.4.0-109-generic (buildd@ubuntu) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #123-Ubuntu SMP Fri Apr 8 09:10:54 UTC 2022 +Distributor ID: Ubuntu +Description: Ubuntu 20.04.4 LTS +Release: 20.04 +Codename: focal + +╔══════════╣ Sudo version +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-version +Sudo version 1.8.31 + +╔══════════╣ CVEs Check +Vulnerable to CVE-2021-3560 + + + +╔══════════╣ PATH +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-path-abuses +/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin +New path exported: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin + +╔══════════╣ Date & uptime +Sat 20 Aug 2022 03:45:30 PM UTC + 15:45:30 up 32 min, 0 users, load average: 0.37, 0.21, 0.41 + +╔══════════╣ Any sd*/disk* disk in /dev? (limit 20) +disk + +╔══════════╣ Unmounted file-system? +╚ Check if you can mount umounted devices +/dev/disk/by-id/dm-uuid-LVM-S0EQ4vI8gcwzDW214vbvDa0pSxD7eam0nrvgq4EdGPK983HC0NE8QF2Beac29VUP / ext4 defaults 0 1 +/dev/disk/by-uuid/befd1c80-fe6b-4b86-b4ca-2f372c253599 /boot ext4 defaults 0 1 + +╔══════════╣ Environment +╚ Any private information inside environment variables? +HISTFILESIZE=0 +MAIL=/var/mail/lachlan +USER=lachlan +XDG_SESSION_TYPE=unspecified +SHLVL=0 +HOME=/home/lachlan +OLDPWD=/home/lachlan +PS1=\w > +APACHE_RUN_DIR=/var/run/apache2 +APACHE_PID_FILE=/var/run/apache2/apache2.pid +LOGNAME=lachlan +JOURNAL_STREAM=9:22753 +_=./linpeas.sh +XDG_SESSION_CLASS=background +TERM=xterm +XDG_SESSION_ID=c2 +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin +INVOCATION_ID=b362df8aacaa413a9837f4b1748c8dd8 +XDG_RUNTIME_DIR=/run/user/1001 +APACHE_LOCK_DIR=/var/lock/apache2 +LANG=en_US.UTF-8 +HISTSIZE=0 +SHELL=/bin/sh +APACHE_RUN_GROUP=www-data +APACHE_RUN_USER=www-data +APACHE_LOG_DIR=/var/log/apache2 +PWD=/dev/shm +HISTFILE=/dev/null + +╔══════════╣ Searching Signature verification failed in dmesg +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#dmesg-signature-verification-failed +dmesg Not Found + +╔══════════╣ Executing Linux Exploit Suggester +╚ https://github.com/mzet-/linux-exploit-suggester +[+] [CVE-2021-4034] PwnKit + + Details: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt + Exposure: probable + Tags: [ ubuntu=10|11|12|13|14|15|16|17|18|19|20|21 ],debian=7|8|9|10|11,fedora,manjaro + Download URL: https://codeload.github.com/berdav/CVE-2021-4034/zip/main + +[+] [CVE-2021-3156] sudo Baron Samedit + + Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt + Exposure: probable + Tags: mint=19,[ ubuntu=18|20 ], debian=10 + Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main + +[+] [CVE-2021-3156] sudo Baron Samedit 2 + + Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt + Exposure: probable + Tags: centos=6|7|8,[ ubuntu=14|16|17|18|19|20 ], debian=9|10 + Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main + +[+] [CVE-2021-22555] Netfilter heap out-of-bounds write + + Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html + Exposure: probable + Tags: [ ubuntu=20.04 ]{kernel:5.8.0-*} + Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c + ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c + Comments: ip_tables kernel module must be loaded + +[+] [CVE-2017-5618] setuid screen v4.5.0 LPE + + Details: https://seclists.org/oss-sec/2017/q1/184 + Exposure: less probable + Download URL: https://www.exploit-db.com/download/https://www.exploit-db.com/exploits/41154 + + +╔══════════╣ Executing Linux Exploit Suggester 2 +╚ https://github.com/jondonas/linux-exploit-suggester-2 + +╔══════════╣ Protections +═╣ AppArmor enabled? .............. You do not have enough privilege to read the profile set. +apparmor module is loaded. +═╣ grsecurity present? ............ grsecurity Not Found +═╣ PaX bins present? .............. PaX Not Found +═╣ Execshield enabled? ............ Execshield Not Found +═╣ SELinux enabled? ............... sestatus Not Found +═╣ Seccomp enabled? ............... disabled +═╣ AppArmor profile? .............. unconfined +═╣ User namespace? ................ enabled +═╣ Cgroup2 enabled? ............... enabled +═╣ Is ASLR enabled? ............... Yes +═╣ Printer? ....................... No +═╣ Is this a virtual machine? ..... Yes (xen) + + ╔═══════════╗ +═══════════════════════════════════╣ Container ╠═══════════════════════════════════ + ╚═══════════╝ +╔══════════╣ Container related tools present +/snap/bin/lxc +╔══════════╣ Am I Containered? +╔══════════╣ Container details +═╣ Is this a container? ........... No +═╣ Any running containers? ........ No + + + ╔═══════╗ +═════════════════════════════════════╣ Cloud ╠═════════════════════════════════════ + ╚═══════╝ +═╣ Google Cloud Platform? ............... No +═╣ AWS ECS? ............................. No +═╣ AWS EC2? ............................. Yes +═╣ AWS Lambda? .......................... No + +╔══════════╣ AWS EC2 Enumeration +ami-id: ami-08e1d45cf9c4f052a +instance-action: none +instance-id: i-0afcd77fb3fc17f27 +instance-life-cycle: on-demand +instance-type: t2.nano +region: eu-west-1 + +══╣ Account Info +{ + "Code" : "Success", + "LastUpdated" : "2022-08-20T15:11:30Z", + "AccountId" : "739930428441" +} + +══╣ Network Info +Mac: 02:d4:b2:e9:e2:e1/ +Owner ID: 739930428441 +Public Hostname: +Security Groups: AllowEverything +Private IPv4s: + +Subnet IPv4: 10.10.0.0/16 +PrivateIPv6s: + +Subnet IPv6: +Public IPv4s: + + + +══╣ IAM Role + + +══╣ User Data + + + ╔════════════════════════════════════════════════╗ +════════════════╣ Processes, Crons, Timers, Services and Sockets ╠════════════════ + ╚════════════════════════════════════════════════╝ +╔══════════╣ Cleaned processes +╚ Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes +root 1 1.4 1.8 169420 8864 ? Ss 15:12 0:27 /sbin/init maybe-ubiquity +root 343 0.2 2.3 51440 11120 ? S /dev/pts/$f && pkill -9 -t pts/$f; done +root 21386 0.0 0.1 5476 572 ? S 15:45 0:00 | _ /bin/sleep 51 +root 21370 0.0 0.7 8352 3372 ? S 15:45 0:00 _ /usr/sbin/CRON -f +root 21379 0.0 0.1 2608 572 ? Ss 15:45 0:00 _ /bin/sh -c /bin/sleep 41 && for f in `/bin/ls /dev/pts`; do /usr/bin/echo nope > /dev/pts/$f && pkill -9 -t pts/$f; done +root 21385 0.0 0.1 5476 584 ? S 15:45 0:00 _ /bin/sleep 41 +message+ 613 0.0 0.9 7580 4568 ? Ss 15:14 0:01 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only + └─(Caps) 0x0000000020000000=cap_audit_write +root 627 0.1 2.6 29656 12832 ? Ss 15:14 0:02 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers +root 629 0.0 1.0 236416 5192 ? Ssl 15:14 0:00 /usr/lib/policykit-1/polkitd --no-debug +syslog 634 0.0 0.8 224344 3880 ? Ssl 15:14 0:00 /usr/sbin/rsyslogd -n -iNONE +root 636 0.4 4.1 742072 19852 ? Ssl 15:14 0:07 /usr/lib/snapd/snapd +root 640 0.0 1.2 16788 5844 ? Ss 15:14 0:01 /lib/systemd/systemd-logind +root 642 0.0 1.4 394660 7060 ? Ssl 15:14 0:01 /usr/lib/udisks2/udisksd +daemon[0m 645 0.0 0.4 3792 2200 ? Ss 15:14 0:00 /usr/sbin/atd -f +root 689 0.0 0.4 5600 2020 ttyS0 Ss+ 15:14 0:00 /sbin/agetty -o -p -- u --keep-baud 115200,38400,9600 ttyS0 vt220 +root 695 0.0 0.3 5828 1908 tty1 Ss+ 15:14 0:00 /sbin/agetty -o -p -- u --noclear tty1 linux +root 709 0.0 1.2 314452 5972 ? Ssl 15:14 0:00 /usr/sbin/ModemManager +root 785 0.1 2.8 107904 13704 ? Ssl 15:15 0:02 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal +root 796 0.0 1.9 193436 9460 ? Ss 15:15 0:00 /usr/sbin/apache2 -k start +www-data 818 0.0 1.4 193888 6800 ? S 15:15 0:00 _ /usr/sbin/apache2 -k start +www-data 820 0.0 2.1 193880 10192 ? S 15:15 0:00 _ /usr/sbin/apache2 -k start +www-data 850 0.0 1.3 193880 6696 ? S 15:15 0:00 _ /usr/sbin/apache2 -k start +www-data 1398 0.0 1.2 193880 6212 ? S 15:25 0:00 _ /usr/sbin/apache2 -k start +www-data 1443 0.0 1.9 193880 9532 ? S 15:26 0:00 _ /usr/sbin/apache2 -k start +www-data 1444 0.0 1.4 193880 6816 ? S 15:26 0:00 _ /usr/sbin/apache2 -k start +www-data 1446 0.0 1.3 193880 6272 ? S 15:27 0:00 _ /usr/sbin/apache2 -k start +www-data 1447 0.0 1.4 193872 6904 ? S 15:27 0:00 _ /usr/sbin/apache2 -k start +www-data 1449 0.0 2.0 193872 9832 ? S 15:27 0:00 _ /usr/sbin/apache2 -k start +www-data 1487 0.0 1.4 193872 6900 ? S 15:27 0:00 _ /usr/sbin/apache2 -k start +www-data 1633 0.0 0.8 58932 4128 ? Ss 15:30 0:00 php +www-data 1634 0.0 0.1 2608 504 ? S 15:30 0:00 _ sh -c uname -a; w; id; /bin/sh -i +www-data 1638 0.0 0.3 2608 1708 ? S 15:30 0:00 _ /bin/sh -i +www-data 20703 0.1 3.1 98220 15156 ? S 15:34 0:00 _ python3 -m http.server +www-data 21277 0.0 1.1 58932 5464 ? Ss 15:43 0:00 php +www-data 21278 0.0 0.1 2608 508 ? S 15:43 0:00 _ sh -c uname -a; w; id; /bin/sh -i +www-data 21282 0.0 0.1 2608 568 ? S 15:43 0:00 _ /bin/sh -i +root 21294 0.0 0.7 5772 3620 ? S 15:43 0:00 _ su lachlan +lachlan 21315 0.0 0.3 2608 1600 ? S 15:43 0:00 _ sh +lachlan 21346 0.0 0.6 6892 2972 ? S 15:44 0:00 _ bash +lachlan 21395 0.2 0.5 3536 2560 ? S 15:45 0:00 _ /bin/sh ./linpeas.sh +lachlan 24318 0.0 0.2 3536 1020 ? S 15:45 0:00 | _ /bin/sh ./linpeas.sh +lachlan 24322 0.0 0.7 9040 3412 ? R 15:45 0:00 | | _ ps fauxwww +lachlan 24321 0.0 0.2 3536 1020 ? S 15:45 0:00 | _ /bin/sh ./linpeas.sh +lachlan 21396 0.0 0.0 5484 480 ? S 15:45 0:00 _ tee linlog-lachlan +lachlan 21308 0.0 1.6 18376 8064 ? Ss 15:43 0:00 /lib/systemd/systemd --user +lachlan 21309 0.0 0.7 168988 3452 ? S 15:43 0:00 _ (sd-pam) +lachlan 24206 0.0 0.8 7104 3960 ? Ss 15:45 0:00 _ /usr/bin/dbus-daemon[0m --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only + +╔══════════╣ Binary processes permissions (non 'root root' and not belonging to current user) +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes + +╔══════════╣ Files opened by processes belonging to other users +╚ This is usually empty because of the lack of privileges to read other user processes information +COMMAND PID TID TASKCMD USER FD TYPE DEVICE SIZE/OFF NODE NAME + +╔══════════╣ Processes with credentials in memory (root req) +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#credentials-from-process-memory +gdm-password Not Found +gnome-keyring-daemon Not Found +lightdm Not Found +vsftpd Not Found +apache2 process found (dump creds from memory as root) +sshd: process found (dump creds from memory as root) + +╔══════════╣ Cron jobs +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#scheduled-cron-jobs +/usr/bin/crontab +incrontab Not Found +-rw-r--r-- 1 root root    1042 Feb 13  2020 /etc/crontab + +/etc/cron.d: +total 28 +drwxr-xr-x   2 root root 4096 May  5 04:38 . +drwxr-xr-x 102 root root 4096 May  5 04:55 .. +-rw-r--r--   1 root root  201 Feb 14  2020 e2scrub_all +-rw-r--r--   1 root root  814 May  5 04:38 persistence +-rw-r--r--   1 root root  712 Mar 27  2020 php +-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder +-rw-r--r--   1 root root  191 Feb 23 08:54 popularity-contest + +/etc/cron.daily: +total 52 +drwxr-xr-x   2 root root 4096 May  5 04:38 . +drwxr-xr-x 102 root root 4096 May  5 04:55 .. +-rwxr-xr-x   1 root root  539 Sep 30  2020 apache2 +-rwxr-xr-x   1 root root  376 Dec  4  2019 apport +-rwxr-xr-x   1 root root 1478 Apr  9  2020 apt-compat +-rwxr-xr-x   1 root root  355 Dec 29  2017 bsdmainutils +-rwxr-xr-x   1 root root 1187 Sep  5  2019 dpkg +-rwxr-xr-x   1 root root  377 Jan 21  2019 logrotate +-rwxr-xr-x   1 root root 1123 Feb 25  2020 man-db +-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder +-rwxr-xr-x   1 root root 4574 Jul 18  2019 popularity-contest +-rwxr-xr-x   1 root root  214 May 14  2021 update-notifier-common + +/etc/cron.hourly: +total 12 +drwxr-xr-x   2 root root 4096 Feb 23 08:51 . +drwxr-xr-x 102 root root 4096 May  5 04:55 .. +-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder + +/etc/cron.monthly: +total 12 +drwxr-xr-x   2 root root 4096 Feb 23 08:51 . +drwxr-xr-x 102 root root 4096 May  5 04:55 .. +-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder + +/etc/cron.weekly: +total 20 +drwxr-xr-x   2 root root 4096 Feb 23 08:55 . +drwxr-xr-x 102 root root 4096 May  5 04:55 .. +-rwxr-xr-x   1 root root  813 Feb 25  2020 man-db +-rw-r--r--   1 root root  102 Feb 13  2020 .placeholder +-rwxr-xr-x   1 root root  403 Aug  5  2021 update-notifier-common + +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +17 * * * * root cd / && run-parts --report /etc/cron.hourly +25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) +47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) +52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) + +╔══════════╣ Systemd PATH +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#systemd-path-relative-paths +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin + +╔══════════╣ Analyzing .service files +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#services +/etc/systemd/system/multi-user.target.wants/atd.service is executing some relative path +/etc/systemd/system/multi-user.target.wants/grub-common.service is executing some relative path +/etc/systemd/system/sleep.target.wants/grub-common.service is executing some relative path +You can't write on systemd PATH + +╔══════════╣ System timers +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers +NEXT LEFT LAST PASSED UNIT ACTIVATES +Sat 2022-08-20 16:02:54 UTC 17min left Thu 2022-05-05 03:46:11 UTC 3 months 16 days ago apt-daily-upgrade.timer apt-daily-upgrade.service +Sat 2022-08-20 16:09:00 UTC 23min left Sat 2022-08-20 15:39:05 UTC 6min ago phpsessionclean.timer phpsessionclean.service +Sat 2022-08-20 16:12:37 UTC 26min left n/a n/a ua-timer.timer ua-timer.service +Sat 2022-08-20 19:16:45 UTC 3h 31min left Thu 2022-05-05 03:46:11 UTC 3 months 16 days ago motd-news.timer motd-news.service +Sat 2022-08-20 21:38:49 UTC 5h 53min left Thu 2022-05-05 03:46:11 UTC 3 months 16 days ago apt-daily.timer apt-daily.service +Sun 2022-08-21 00:00:00 UTC 8h left Sat 2022-08-20 15:14:39 UTC 31min ago logrotate.timer logrotate.service +Sun 2022-08-21 00:00:00 UTC 8h left Sat 2022-08-20 15:14:39 UTC 31min ago man-db.timer man-db.service +Sun 2022-08-21 00:43:42 UTC 8h left Thu 2022-05-05 03:46:11 UTC 3 months 16 days ago fwupd-refresh.timer fwupd-refresh.service +Sun 2022-08-21 03:10:33 UTC 11h left Sat 2022-08-20 15:14:39 UTC 31min ago e2scrub_all.timer e2scrub_all.service +Sun 2022-08-21 15:27:53 UTC 23h left Sat 2022-08-20 15:27:53 UTC 17min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service +Mon 2022-08-22 00:00:00 UTC 1 day 8h left Sat 2022-08-20 15:14:39 UTC 31min ago fstrim.timer fstrim.service +n/a n/a n/a n/a snapd.snap-repair.timer snapd.snap-repair.service +n/a n/a n/a n/a ua-license-check.timer ua-license-check.service + +╔══════════╣ Analyzing .timer files +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers + +╔══════════╣ Analyzing .socket files +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sockets +/etc/systemd/system/cloud-init.target.wants/cloud-init-hotplugd.socket is calling this writable listener: /run/cloud-init/hook-hotplug-cmd +/etc/systemd/system/sockets.target.wants/uuidd.socket is calling this writable listener: /run/uuidd/request +/snap/core20/1328/etc/systemd/system/cloud-init.target.wants/cloud-init-hotplugd.socket is calling this writable listener: /run/cloud-init/hook-hotplug-cmd +/snap/core20/1328/usr/lib/systemd/system/cloud-init-hotplugd.socket is calling this writable listener: /run/cloud-init/hook-hotplug-cmd +/snap/core20/1328/usr/lib/systemd/system/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket +/snap/core20/1328/usr/lib/systemd/system/sockets.target.wants/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket +/snap/core20/1328/usr/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log +/snap/core20/1328/usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout +/snap/core20/1328/usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket +/snap/core20/1328/usr/lib/systemd/system/syslog.socket is calling this writable listener: /run/systemd/journal/syslog +/snap/core20/1328/usr/lib/systemd/system/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log +/snap/core20/1328/usr/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout +/snap/core20/1328/usr/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket +/usr/lib/systemd/system/cloud-init-hotplugd.socket is calling this writable listener: /run/cloud-init/hook-hotplug-cmd +/usr/lib/systemd/system/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket +/usr/lib/systemd/system/sockets.target.wants/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket + +╔══════════╣ Unix Sockets Listening +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sockets +/org/kernel/linux/storage/multipathd +/run/dbus/system_bus_socket + └─(Read Write) +/run/lvm/lvmpolld.socket +/run/snapd-snap.socket + └─(Read Write) +/run/snapd.socket + └─(Read Write) +/run/systemd/fsck.progress +/run/systemd/journal/dev-log + └─(Read Write) +/run/systemd/journal/io.systemd.journal +/run/systemd/journal/socket + └─(Read Write) +/run/systemd/journal/stdout + └─(Read Write) +/run/systemd/journal/syslog + └─(Read Write) +/run/systemd/notify + └─(Read Write) +/run/systemd/private + └─(Read Write) +/run/systemd/userdb/io.systemd.DynamicUser + └─(Read Write) +/run/udev/control +/run/user/1001/bus + └─(Read Write) +/run/user/1001/gnupg/S.dirmngr + └─(Read Write) +/run/user/1001/gnupg/S.gpg-agent + └─(Read Write) +/run/user/1001/gnupg/S.gpg-agent.browser + └─(Read Write) +/run/user/1001/gnupg/S.gpg-agent.extra + └─(Read Write) +/run/user/1001/gnupg/S.gpg-agent.ssh + └─(Read Write) +/run/user/1001/pk-debconf-socket + └─(Read Write) +/run/user/1001/snapd-session-agent.socket + └─(Read Write) +/run/user/1001/systemd/notify + └─(Read Write) +/run/user/1001/systemd/private + └─(Read Write) +/run/uuidd/request + └─(Read Write) +/var/lib/amazon/ssm/ipc/health +/var/lib/amazon/ssm/ipc/termination +/var/snap/lxd/common/lxd/unix.socket + +╔══════════╣ D-Bus config files +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus +Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.thermald.conf ( ) + +╔══════════╣ D-Bus Service Objects list +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus +NAME PID PROCESS USER CONNECTION UNIT SESSION DESCRIPTION +:1.0 524 systemd-timesyn systemd-timesync :1.0 systemd-timesyncd.service - - +:1.1 581 systemd-resolve systemd-resolve :1.1 systemd-resolved.service - - +:1.10 636 snapd root :1.10 snapd.service - - +:1.11 627 networkd-dispat root :1.11 networkd-dispatcher.service - - +:1.13 785 unattended-upgr root :1.13 unattended-upgrades.service - - +:1.2 578 systemd-network systemd-network :1.2 systemd-networkd.service - - +:1.29 21308 systemd lachlan :1.29 user@1001.service - - +:1.3 1 systemd root :1.3 init.scope - - +:1.36 27726 busctl lachlan :1.36 session-c2.scope c2 - +:1.4 601 accounts-daemon[0m root :1.4 accounts-daemon.service - - +:1.5 629 polkitd root :1.5 polkit.service - - +:1.6 642 udisksd root :1.6 udisks2.service - - +:1.7 709 ModemManager root :1.7 ModemManager.service - - +:1.8 640 systemd-logind root :1.8 systemd-logind.service - - +com.ubuntu.LanguageSelector - - - (activatable) - - - +com.ubuntu.SoftwareProperties - - - (activatable) - - - +io.netplan.Netplan - - - (activatable) - - - +org.freedesktop.Accounts 601 accounts-daemon[0m root :1.4 accounts-daemon.service - - +org.freedesktop.DBus 1 systemd root - init.scope - - +org.freedesktop.ModemManager1 709 ModemManager root :1.7 ModemManager.service - - +org.freedesktop.PackageKit - - - (activatable) - - - +org.freedesktop.PolicyKit1 629 polkitd root :1.5 polkit.service - - +org.freedesktop.UDisks2 642 udisksd root :1.6 udisks2.service - - +org.freedesktop.UPower - - - (activatable) - - - +org.freedesktop.bolt - - - (activatable) - - - +org.freedesktop.fwupd - - - (activatable) - - - +org.freedesktop.hostname1 - - - (activatable) - - - +org.freedesktop.locale1 - - - (activatable) - - - +org.freedesktop.login1 640 systemd-logind root :1.8 systemd-logind.service - - +org.freedesktop.network1 578 systemd-network systemd-network :1.2 systemd-networkd.service - - +org.freedesktop.resolve1 581 systemd-resolve systemd-resolve :1.1 systemd-resolved.service - - +org.freedesktop.systemd1 1 systemd root :1.3 init.scope - - +org.freedesktop.thermald - - - (activatable) - - - +org.freedesktop.timedate1 - - - (activatable) - - - +org.freedesktop.timesync1 524 systemd-timesyn systemd-timesync :1.0 systemd-timesyncd.service - - + + + ╔═════════════════════╗ +══════════════════════════════╣ Network Information ╠══════════════════════════════ + ╚═════════════════════╝ +╔══════════╣ Hostname, hosts and DNS +b2r +127.0.0.1 localhost +127.0.1.1 b2r + +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters + +nameserver 127.0.0.53 +options edns0 trust-ad +search eu-west-1.compute.internal + +╔══════════╣ Interfaces +# symbolic names for networks, see networks(5) for more information +link-local 169.254.0.0 +1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever +2: eth0: mtu 9001 qdisc fq_codel state UP group default qlen 1000 + link/ether 02:d4:b2:e9:e2:e1 brd ff:ff:ff:ff:ff:ff + inet 10.10.177.92/16 brd 10.10.255.255 scope global dynamic eth0 + valid_lft 1711sec preferred_lft 1711sec + inet6 fe80::d4:b2ff:fee9:e2e1/64 scope link + valid_lft forever preferred_lft forever + +╔══════════╣ Active Ports +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-ports +tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* +tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* +tcp LISTEN 0 5 0.0.0.0:8000 0.0.0.0:* +tcp LISTEN 0 511 *:80 *:* +tcp LISTEN 0 128 [::]:22 [::]:* + +╔══════════╣ Can I sniff with tcpdump? +No + + + + ╔═══════════════════╗ +═══════════════════════════════╣ Users Information ╠═══════════════════════════════ + ╚═══════════════════╝ +╔══════════╣ My user +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#users +uid=1001(lachlan) gid=1001(lachlan) groups=1001(lachlan) + +╔══════════╣ Do I have PGP keys? +/usr/bin/gpg +netpgpkeys Not Found +netpgp Not Found + +╔══════════╣ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid + +╔══════════╣ Checking sudo tokens +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens +ptrace protection is enabled (1) +gdb wasn't found in PATH, this might still be vulnerable but linpeas won't be able to check it + +╔══════════╣ Checking Pkexec policy +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation/interesting-groups-linux-pe#pe-method-2 + +[Configuration] +AdminIdentities=unix-user:0 +[Configuration] +AdminIdentities=unix-group:sudo;unix-group:admin + +╔══════════╣ Superusers +root:x:0:0:root:/root:/bin/bash + +╔══════════╣ Users with console +lachlan:x:1001:1001::/home/lachlan:/bin/sh +root:x:0:0:root:/root:/bin/bash + +╔══════════╣ All users & groups +uid=0(root) gid=0(root) groups=0(root) +uid=1001(lachlan) gid=1001(lachlan) groups=1001(lachlan) +uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network) +uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve) +uid=102(systemd-timesync) gid=104(systemd-timesync) groups=104(systemd-timesync) +uid=103(messagebus) gid=106(messagebus) groups=106(messagebus) +uid=104(syslog) gid=110(syslog) groups=110(syslog),4(adm),5(tty) +uid=105(_apt) gid=65534(nogroup) groups=65534(nogroup) +uid=106(tss) gid=111(tss) groups=111(tss) +uid=107(uuidd) gid=112(uuidd) groups=112(uuidd) +uid=108(tcpdump) gid=113(tcpdump) groups=113(tcpdump) +uid=109(landscape) gid=115(landscape) groups=115(landscape) +uid=10(uucp) gid=10(uucp) groups=10(uucp) +uid=110(pollinate) gid=1(daemon[0m) groups=1(daemon[0m) +uid=111(usbmux) gid=46(plugdev) groups=46(plugdev) +uid=112(sshd) gid=65534(nogroup) groups=65534(nogroup) +uid=13(proxy) gid=13(proxy) groups=13(proxy) +uid=1(daemon[0m) gid=1(daemon[0m) groups=1(daemon[0m) +uid=2(bin) gid=2(bin) groups=2(bin) +uid=33(www-data) gid=33(www-data) groups=33(www-data) +uid=34(backup) gid=34(backup) groups=34(backup) +uid=38(list) gid=38(list) groups=38(list) +uid=39(irc) gid=39(irc) groups=39(irc) +uid=3(sys) gid=3(sys) groups=3(sys) +uid=41(gnats) gid=41(gnats) groups=41(gnats) +uid=4(sync) gid=65534(nogroup) groups=65534(nogroup) +uid=5(games) gid=60(games) groups=60(games) +uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) +uid=6(man) gid=12(man) groups=12(man) +uid=7(lp) gid=7(lp) groups=7(lp) +uid=8(mail) gid=8(mail) groups=8(mail) +uid=998(lxd) gid=100(users) groups=100(users) +uid=999(systemd-coredump) gid=999(systemd-coredump) groups=999(systemd-coredump) +uid=9(news) gid=9(news) groups=9(news) + +╔══════════╣ Login now + 15:45:48 up 33 min, 0 users, load average: 0.67, 0.29, 0.43 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT + +╔══════════╣ Last logons +reboot system boot Sat Aug 20 15:12:59 2022 still running 0.0.0.0 +reboot system boot Thu May 5 04:55:21 2022 - Thu May 5 04:57:39 2022 (00:02) 0.0.0.0 +lachlan pts/0 Thu May 5 04:39:19 2022 - Thu May 5 04:39:27 2022 (00:00) 192.168.56.1 +setup tty1 Thu May 5 04:37:12 2022 - crash (00:18) 0.0.0.0 +reboot system boot Thu May 5 04:36:47 2022 - Thu May 5 04:57:39 2022 (00:20) 0.0.0.0 +setup tty1 Thu May 5 03:48:01 2022 - down (00:02) 0.0.0.0 +reboot system boot Thu May 5 03:46:00 2022 - Thu May 5 03:50:09 2022 (00:04) 0.0.0.0 + +wtmp begins Thu May 5 03:46:00 2022 + +╔══════════╣ Last time logon each user +Username Port From Latest +lachlan pts/0 192.168.56.1 Thu May 5 04:39:19 +0000 2022 + +╔══════════╣ Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...) + +╔══════════╣ Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!! + + + + ╔══════════════════════╗ +═════════════════════════════╣ Software Information ╠═════════════════════════════ + ╚══════════════════════╝ +╔══════════╣ Searching mysql credentials and exec + +╔══════════╣ Analyzing Apache-Nginx Files (limit 70) +Apache version: Server version: Apache/2.4.41 (Ubuntu) +Server built: 2022-03-16T16:52:53 +httpd Not Found + +Nginx version: nginx Not Found + +══╣ PHP exec extensions +drwxr-xr-x 2 root root 4096 May 5 04:38 /etc/apache2/sites-enabled +drwxr-xr-x 2 root root 4096 May 5 04:38 /etc/apache2/sites-enabled +lrwxrwxrwx 1 root root 35 May 5 04:38 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf + + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + + + + +╔══════════╣ Analyzing Rsync Files (limit 70) + + +╔══════════╣ Analyzing Ldap Files (limit 70) +The password hash is from the {SSHA} to 'structural' +drwxr-xr-x 2 root root 4096 Feb 23 08:54 /etc/ldap + + +╔══════════╣ Searching ssl/ssh files +ChallengeResponseAuthentication no +UsePAM yes +══╣ Some certificates were found (out limited): +/etc/pki/fwupd/LVFS-CA.pem +/etc/pki/fwupd-metadata/LVFS-CA.pem +/etc/pollinate/entropy.ubuntu.com.pem +/snap/core20/1328/etc/ssl/certs/ACCVRAIZ1.pem +/snap/core20/1328/etc/ssl/certs/AC_RAIZ_FNMT-RCM.pem +/snap/core20/1328/etc/ssl/certs/Actalis_Authentication_Root_CA.pem +/snap/core20/1328/etc/ssl/certs/AffirmTrust_Commercial.pem +/snap/core20/1328/etc/ssl/certs/AffirmTrust_Networking.pem +/snap/core20/1328/etc/ssl/certs/AffirmTrust_Premium_ECC.pem +/snap/core20/1328/etc/ssl/certs/AffirmTrust_Premium.pem +/snap/core20/1328/etc/ssl/certs/Amazon_Root_CA_1.pem +/snap/core20/1328/etc/ssl/certs/Amazon_Root_CA_2.pem +/snap/core20/1328/etc/ssl/certs/Amazon_Root_CA_3.pem +/snap/core20/1328/etc/ssl/certs/Amazon_Root_CA_4.pem +/snap/core20/1328/etc/ssl/certs/Atos_TrustedRoot_2011.pem +/snap/core20/1328/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem +/snap/core20/1328/etc/ssl/certs/Baltimore_CyberTrust_Root.pem +/snap/core20/1328/etc/ssl/certs/Buypass_Class_2_Root_CA.pem +/snap/core20/1328/etc/ssl/certs/Buypass_Class_3_Root_CA.pem +/snap/core20/1328/etc/ssl/certs/ca-certificates.crt +21395PSTORAGE_CERTSBIN + +══╣ Writable ssh and gpg agents +/etc/systemd/user/sockets.target.wants/gpg-agent-browser.socket +/etc/systemd/user/sockets.target.wants/gpg-agent-ssh.socket +/etc/systemd/user/sockets.target.wants/gpg-agent.socket +/etc/systemd/user/sockets.target.wants/gpg-agent-extra.socket +══╣ Some home ssh config file was found +/usr/share/openssh/sshd_config +Include /etc/ssh/sshd_config.d/*.conf +ChallengeResponseAuthentication no +UsePAM yes +X11Forwarding yes +PrintMotd no +AcceptEnv LANG LC_* +Subsystem sftp /usr/lib/openssh/sftp-server + +══╣ /etc/hosts.allow file found, trying to read the rules: +/etc/hosts.allow + + +Searching inside /etc/ssh/ssh_config for interesting info +Include /etc/ssh/ssh_config.d/*.conf +Host * + SendEnv LANG LC_* + HashKnownHosts yes + GSSAPIAuthentication yes + +╔══════════╣ Analyzing PAM Auth Files (limit 70) +drwxr-xr-x 2 root root 4096 May 5 04:38 /etc/pam.d +-rw-r--r-- 1 root root 2133 Dec 2 2021 /etc/pam.d/sshd + + + + +╔══════════╣ Searching tmux sessions +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-shell-sessions +tmux 3.0a + + +/tmp/tmux-1001 +/tmp/tmux-33 +╔══════════╣ Analyzing Cloud Init Files (limit 70) + +╔══════════╣ Analyzing Keyring Files (limit 70) +drwxr-xr-x 2 root root 200 Jan 14 2022 /snap/core20/1328/usr/share/keyrings +drwxr-xr-x 2 root root 4096 May 5 03:48 /usr/share/keyrings + + + + +╔══════════╣ Searching uncommon passwd files (splunk) +passwd file: /etc/pam.d/passwd +passwd file: /etc/passwd +passwd file: /snap/core20/1328/etc/pam.d/passwd +passwd file: /snap/core20/1328/etc/passwd +passwd file: /snap/core20/1328/usr/share/bash-completion/completions/passwd +passwd file: /snap/core20/1328/usr/share/lintian/overrides/passwd +passwd file: /snap/core20/1328/var/lib/extrausers/passwd +passwd file: /usr/share/bash-completion/completions/passwd +passwd file: /usr/share/lintian/overrides/passwd + +╔══════════╣ Analyzing PGP-GPG Files (limit 70) +/usr/bin/gpg +netpgpkeys Not Found +netpgp Not Found + + + + +╔══════════╣ Analyzing Postfix Files (limit 70) + +╔══════════╣ Analyzing FTP Files (limit 70) + + + + + + + + +╔══════════╣ Analyzing Bind Files (limit 70) + +╔══════════╣ Analyzing Other Interesting Files (limit 70) + + + + + + + + + + + + ╔═══════════════════╗ +═══════════════════════════════╣ Interesting Files ╠═══════════════════════════════ + ╚═══════════════════╝ +╔══════════╣ SUID - Check easy privesc, exploits and write perms +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid +strings Not Found +-rwsr-xr-x 1 root root 140K Feb 23 18:25 /usr/lib/snapd/snap-confine ---> Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304) +-rwsr-xr-x 1 root root 23K Feb 21 12:58 /usr/lib/policykit-1/polkit-agent-helper-1 +-rwsr-xr-- 1 root messagebus 51K Jun 11 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper +-rwsr-xr-x 1 root root 463K Dec 2 2021 /usr/lib/openssh/ssh-keysign +-rwsr-xr-x 1 root root 15K Jul 8 2019 /usr/lib/eject/dmcrypt-get-device +-rwsr-xr-x 1 root root 39K Mar 7 2020 /usr/bin/fusermount +-rwsr-xr-x 1 root root 67K Feb 7 2022 /usr/bin/su +-rwsr-xr-x 1 root root 44K Jul 14 2021 /usr/bin/newgrp ---> HP-UX_10.20 +-rwsr-xr-x 1 root root 52K Jul 14 2021 /usr/bin/chsh +-rwsr-xr-x 1 root root 39K Feb 7 2022 /usr/bin/umount ---> BSD/Linux(08-1996) +-rwsr-xr-x 1 root root 67K Jul 14 2021 /usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997) +-rwsr-xr-x 1 root root 31K Feb 21 12:58 /usr/bin/pkexec ---> Linux4.10_to_5.1.17(CVE-2019-13272)/rhel_6(CVE-2011-1485) +-rwsr-xr-x 1 root root 163K Jan 19 2021 /usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable +-rwsr-xr-x 1 root root 55K Feb 7 2022 /usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8 +-rwsr-xr-x 1 root root 87K Jul 14 2021 /usr/bin/gpasswd +-rwsr-xr-x 1 root root 84K Jul 14 2021 /usr/bin/chfn ---> SuSE_9.3/10 +-rwsr-sr-x 1 daemon daemon 55K Nov 12 2018 /usr/bin/at ---> RTru64_UNIX_4.0g(CVE-2002-1614) +-rwsr-xr-x 1 root root 121K Feb 15 2022 /snap/snapd/14978/usr/lib/snapd/snap-confine ---> Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304) +-rwsr-xr-x 1 root root 84K Jul 14 2021 /snap/core20/1328/usr/bin/chfn ---> SuSE_9.3/10 +-rwsr-xr-x 1 root root 52K Jul 14 2021 /snap/core20/1328/usr/bin/chsh +-rwsr-xr-x 1 root root 87K Jul 14 2021 /snap/core20/1328/usr/bin/gpasswd +-rwsr-xr-x 1 root root 55K Jul 21 2020 /snap/core20/1328/usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8 +-rwsr-xr-x 1 root root 44K Jul 14 2021 /snap/core20/1328/usr/bin/newgrp ---> HP-UX_10.20 +-rwsr-xr-x 1 root root 67K Jul 14 2021 /snap/core20/1328/usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997) +-rwsr-xr-x 1 root root 67K Jul 21 2020 /snap/core20/1328/usr/bin/su +-rwsr-xr-x 1 root root 163K Jan 19 2021 /snap/core20/1328/usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable +-rwsr-xr-x 1 root root 39K Jul 21 2020 /snap/core20/1328/usr/bin/umount ---> BSD/Linux(08-1996) +-rwsr-xr-- 1 root systemd-resolve 51K Jun 11 2020 /snap/core20/1328/usr/lib/dbus-1.0/dbus-daemon-launch-helper +-rwsr-xr-x 1 root root 463K Dec 2 2021 /snap/core20/1328/usr/lib/openssh/ssh-keysign + +╔══════════╣ SGID +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid +-rwxr-sr-x 1 root utmp 15K Sep 30 2019 /usr/lib/x86_64-linux-gnu/utempter/utempter +-rwxr-sr-x 1 root shadow 83K Jul 14 2021 /usr/bin/chage +-rwxr-sr-x 1 root crontab 43K Feb 13 2020 /usr/bin/crontab +-rwxr-sr-x 1 root tty 15K Mar 30 2020 /usr/bin/bsd-write +-rwxr-sr-x 1 root shadow 31K Jul 14 2021 /usr/bin/expiry +-rwxr-sr-x 1 root ssh 343K Dec 2 2021 /usr/bin/ssh-agent +-rwxr-sr-x 1 root tty 35K Feb 7 2022 /usr/bin/wall +-rwsr-sr-x 1 daemon daemon 55K Nov 12 2018 /usr/bin/at ---> RTru64_UNIX_4.0g(CVE-2002-1614) +-rwxr-sr-x 1 root shadow 43K Sep 17 2021 /usr/sbin/pam_extrausers_chkpwd +-rwxr-sr-x 1 root shadow 43K Sep 17 2021 /usr/sbin/unix_chkpwd +-rwxr-sr-x 1 root shadow 83K Jul 14 2021 /snap/core20/1328/usr/bin/chage +-rwxr-sr-x 1 root shadow 31K Jul 14 2021 /snap/core20/1328/usr/bin/expiry +-rwxr-sr-x 1 root crontab 343K Dec 2 2021 /snap/core20/1328/usr/bin/ssh-agent +-rwxr-sr-x 1 root tty 35K Jul 21 2020 /snap/core20/1328/usr/bin/wall +-rwxr-sr-x 1 root shadow 43K Sep 17 2021 /snap/core20/1328/usr/sbin/pam_extrausers_chkpwd +-rwxr-sr-x 1 root shadow 43K Sep 17 2021 /snap/core20/1328/usr/sbin/unix_chkpwd + +╔══════════╣ Checking misconfigurations of ld.so +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#ld-so +/etc/ld.so.conf +include /etc/ld.so.conf.d/*.conf + +/etc/ld.so.conf.d + /etc/ld.so.conf.d/libc.conf +/usr/local/lib + /etc/ld.so.conf.d/x86_64-linux-gnu.conf +/usr/local/lib/x86_64-linux-gnu +/lib/x86_64-linux-gnu +/usr/lib/x86_64-linux-gnu + +╔══════════╣ Capabilities +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities +Current env capabilities: +Current: = +Current proc capabilities: +CapInh: 0000000000000000 +CapPrm: 0000000000000000 +CapEff: 0000000000000000 +CapBnd: 0000003fffffffff +CapAmb: 0000000000000000 + +Parent Shell capabilities: +0x0000000000000000= + +Files with capabilities (limited to 50): +/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper = cap_net_bind_service,cap_net_admin+ep +/usr/bin/ping = cap_net_raw+ep +/usr/bin/mtr-packet = cap_net_raw+ep +/usr/bin/traceroute6.iputils = cap_net_raw+ep +/snap/core20/1328/usr/bin/ping = cap_net_raw+ep + +╔══════════╣ Users with capabilities +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities + +╔══════════╣ AppArmor binary profiles +-rw-r--r-- 1 root root 3222 Mar 11 2020 sbin.dhclient +-rw-r--r-- 1 root root 3202 Feb 25 2020 usr.bin.man +-rw-r--r-- 1 root root 28249 Feb 18 2022 usr.lib.snapd.snap-confine.real +-rw-r--r-- 1 root root 1575 Feb 11 2020 usr.sbin.rsyslogd +-rw-r--r-- 1 root root 1385 Dec 7 2019 usr.sbin.tcpdump + +╔══════════╣ Files with ACLs (limited to 50) +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#acls +files with acls in searched folders Not Found + +╔══════════╣ .sh files in path +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#script-binaries-in-path +/usr/bin/gettext.sh +/usr/bin/rescan-scsi-bus.sh + +╔══════════╣ Executable files added by user (limit 70) +2022-05-05+03:46:05.2439999400 /etc/console-setup/cached_setup_font.sh +2022-05-05+03:46:05.2439999400 /etc/console-setup/cached_setup_keyboard.sh +2022-05-05+03:46:05.2439999400 /etc/console-setup/cached_setup_terminal.sh +╔══════════╣ Unexpected in root + +╔══════════╣ Files (scripts) in /etc/profile.d/ +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#profiles-files +total 44 +drwxr-xr-x 2 root root 4096 May 5 03:48 . +drwxr-xr-x 102 root root 4096 May 5 04:55 .. +-rw-r--r-- 1 root root 96 Dec 5 2019 01-locale-fix.sh +-rw-r--r-- 1 root root 835 Feb 18 2022 apps-bin-path.sh +-rw-r--r-- 1 root root 729 Feb 2 2020 bash_completion.sh +-rw-r--r-- 1 root root 1003 Aug 13 2019 cedilla-portuguese.sh +-rw-r--r-- 1 root root 1107 Nov 3 2019 gawk.csh +-rw-r--r-- 1 root root 757 Nov 3 2019 gawk.sh +-rw-r--r-- 1 root root 1557 Feb 17 2020 Z97-byobu.sh +-rwxr-xr-x 1 root root 873 Nov 3 2021 Z99-cloudinit-warnings.sh +-rwxr-xr-x 1 root root 3417 Nov 3 2021 Z99-cloud-locale-test.sh + +╔══════════╣ Permissions in init, init.d, systemd, and rc.d +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#init-init-d-systemd-and-rc-d + +═╣ Hashes inside passwd file? ........... No +═╣ Writable passwd file? ................ No +═╣ Credentials in fstab/mtab? ........... No +═╣ Can I read shadow files? ............. No +═╣ Can I read shadow plists? ............ No +═╣ Can I write shadow plists? ........... No +═╣ Can I read opasswd file? ............. No +═╣ Can I write in network-scripts? ...... No +═╣ Can I read root folder? .............. No + +╔══════════╣ Searching root files in home dirs (limit 30) +/home/ +/root/ + +╔══════════╣ Searching folders owned by me containing others files on it (limit 100) +/sys/fs/cgroup/systemd/user.slice/user-1001.slice/user@1001.service +/sys/fs/cgroup/unified/user.slice/user-1001.slice/user@1001.service + +╔══════════╣ Readable files belonging to root and readable by me but not world readable + +╔══════════╣ Modified interesting files in the last 5mins (limit 100) +/home/lachlan/.gnupg/pubring.kbx +/home/lachlan/.gnupg/trustdb.gpg +/home/lachlan/snap/lxd/common/config/config.yml +/var/log/syslog +/var/log/auth.log +/var/log/journal/113cfd14aea5442b9c02d5a5f48b55bb/system.journal +/var/log/journal/113cfd14aea5442b9c02d5a5f48b55bb/user-1001.journal + +╔══════════╣ Writable log files (logrotten) (limit 50) +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#logrotate-exploitation +logrotate 3.14.0 + + Default mail command: /usr/bin/mail + Default compress command: /bin/gzip + Default uncompress command: /bin/gunzip + Default compress extension: .gz + Default state file path: /var/lib/logrotate/status + ACL support: yes + SELinux support: yes + +╔══════════╣ Files inside /home/lachlan (limit 20) +total 44 +drwxr-xr-x 6 lachlan lachlan 4096 Aug 20 15:45 . +drwxr-xr-x 3 root root 4096 May 5 04:38 .. +-rw-r--r-- 1 lachlan lachlan 168 May 5 04:38 .bash_history +-rw-r--r-- 1 lachlan lachlan 220 Feb 25 2020 .bash_logout +-rw-r--r-- 1 lachlan lachlan 3771 Feb 25 2020 .bashrc +drwxr-xr-x 2 lachlan lachlan 4096 May 5 04:38 bin +drwx------ 2 lachlan lachlan 4096 May 5 04:39 .cache +drwx------ 3 lachlan lachlan 4096 Aug 20 15:45 .gnupg +-rw-r--r-- 1 lachlan lachlan 807 Feb 25 2020 .profile +drwx------ 3 lachlan lachlan 4096 Aug 20 15:45 snap +-rw-r--r-- 1 lachlan lachlan 38 May 5 04:38 user.txt + +╔══════════╣ Files inside others home (limit 20) + +╔══════════╣ Searching installed mail applications + +╔══════════╣ Mails (limit 50) + +╔══════════╣ Backup files (limited 100) +-rw-r--r-- 1 lachlan lachlan 56 May 5 04:38 /home/lachlan/bin/backup.sh +-rw-r--r-- 1 root root 9833 Apr 8 08:44 /usr/lib/modules/5.4.0-109-generic/kernel/drivers/power/supply/wm831x_backup.ko +-rw-r--r-- 1 root root 9073 Apr 8 08:44 /usr/lib/modules/5.4.0-109-generic/kernel/drivers/net/team/team_mode_activebackup.ko +-rw-r--r-- 1 root root 1413 May 5 03:48 /usr/lib/python3/dist-packages/sos/report/plugins/__pycache__/ovirt_engine_backup.cpython-38.pyc +-rw-r--r-- 1 root root 1802 Feb 15 2022 /usr/lib/python3/dist-packages/sos/report/plugins/ovirt_engine_backup.py +-rw-r--r-- 1 root root 44048 Oct 12 2021 /usr/lib/x86_64-linux-gnu/open-vm-tools/plugins/vmsvc/libvmbackup.so +-rwxr-xr-x 1 root root 1086 Nov 25 2019 /usr/src/linux-headers-5.4.0-109/tools/testing/selftests/net/tcp_fastopen_backup_key.sh +-rw-r--r-- 1 root root 237986 Apr 8 08:44 /usr/src/linux-headers-5.4.0-109-generic/.config.old +-rw-r--r-- 1 root root 0 Apr 8 08:44 /usr/src/linux-headers-5.4.0-109-generic/include/config/net/team/mode/activebackup.h +-rw-r--r-- 1 root root 0 Apr 8 08:44 /usr/src/linux-headers-5.4.0-109-generic/include/config/wm831x/backup.h +-rw-r--r-- 1 root root 2756 Feb 13 2020 /usr/share/man/man8/vgcfgbackup.8.gz +-rw-r--r-- 1 root root 11886 May 5 03:43 /usr/share/info/dir.old +-rw-r--r-- 1 root root 7867 Jul 16 1996 /usr/share/doc/telnet/README.old.gz +-rw-r--r-- 1 root root 392817 Feb 9 2020 /usr/share/doc/manpages/Changes.old.gz +-rwxr-xr-x 1 root root 226 Feb 17 2020 /usr/share/byobu/desktop/byobu.desktop.old +-rw-r--r-- 1 root root 2743 Feb 23 08:56 /etc/apt/sources.list.curtin.old + +╔══════════╣ Searching tables inside readable .db/.sql/.sqlite files (limit 100) +Found /var/lib/command-not-found/commands.db: SQLite 3.x database, last written using SQLite version 3031001 +Found /var/lib/PackageKit/transactions.db: SQLite 3.x database, last written using SQLite version 3031001 + + -> Extracting tables from /var/lib/command-not-found/commands.db (limit 20) + -> Extracting tables from /var/lib/PackageKit/transactions.db (limit 20) + +╔══════════╣ Web files?(output limit) +/var/www/: +total 12K +drwxr-xr-x 3 root root 4.0K May 5 04:38 . +drwxr-xr-x 14 root root 4.0K May 5 04:38 .. +drwxr-xr-x 6 www-data www-data 4.0K May 5 04:38 html + +/var/www/html: +total 32K +drwxr-xr-x 6 www-data www-data 4.0K May 5 04:38 . +drwxr-xr-x 3 root root 4.0K May 5 04:38 .. + +╔══════════╣ All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70) +-rw-r--r-- 1 lachlan lachlan 220 Feb 25 2020 /home/lachlan/.bash_logout +-rw------- 1 root root 0 Jan 14 2022 /snap/core20/1328/etc/.pwd.lock +-rw-r--r-- 1 root root 220 Feb 25 2020 /snap/core20/1328/etc/skel/.bash_logout +-rw-r--r-- 1 landscape landscape 0 Feb 23 08:55 /var/lib/landscape/.cleanup.user +-rw-r--r-- 1 root root 220 Feb 25 2020 /etc/skel/.bash_logout +-rw------- 1 root root 0 Feb 23 08:50 /etc/.pwd.lock +-rw------- 1 root root 0 Aug 20 15:15 /run/snapd/lock/.lock +-rw-r--r-- 1 root root 20 Aug 20 15:14 /run/cloud-init/.instance-id +-rw-r--r-- 1 root root 2 Aug 20 15:13 /run/cloud-init/.ds-identify.result + +╔══════════╣ Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70) + +╔══════════╣ Interesting writable files owned by me or writable by everyone (not in Home) (max 500) +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files +/dev/mqueue +/dev/shm +/dev/shm/linlog +/dev/shm/linlog-lachlan +/dev/shm/linpeas.sh +/home/lachlan +/run/lock +/run/screen +/run/user/1001 +/run/user/1001/dbus-1 +/run/user/1001/dbus-1/services +/run/user/1001/gnupg +/run/user/1001/inaccessible +/run/user/1001/systemd +/run/user/1001/systemd/transient +/run/user/1001/systemd/units +/snap/core20/1328/run/lock +/snap/core20/1328/tmp +/snap/core20/1328/var/tmp +/tmp +/tmp/tmux-1001 +/var/crash +/var/lib/php/sessions +/var/tmp + +╔══════════╣ Interesting GROUP writable files (not in Home) (max 500) +╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files + Group lachlan: +/dev/shm/linlog-lachlan + +╔══════════╣ Searching passwords in history files +echo -e "dHY5pzmNYoETv7SUaY\nthisistheway123\nthisistheway123" | passwd + +╔══════════╣ Searching *password* or *credential* files in home (limit 70) +/etc/pam.d/common-password +/usr/bin/systemd-ask-password +/usr/bin/systemd-tty-ask-password-agent +/usr/lib/git-core/git-credential +/usr/lib/git-core/git-credential-cache +/usr/lib/git-core/git-credential-cache--daemon +/usr/lib/git-core/git-credential-store + #)There are more creds/passwds files in the previous parent folder + +/usr/lib/grub/i386-pc/password.mod +/usr/lib/grub/i386-pc/password_pbkdf2.mod +/usr/lib/python3/dist-packages/cloudinit/config/cc_set_passwords.py +/usr/lib/python3/dist-packages/cloudinit/config/__pycache__/cc_set_passwords.cpython-38.pyc +/usr/lib/python3/dist-packages/keyring/credentials.py +/usr/lib/python3/dist-packages/keyring/__pycache__/credentials.cpython-38.pyc +/usr/lib/python3/dist-packages/launchpadlib/credentials.py +/usr/lib/python3/dist-packages/launchpadlib/__pycache__/credentials.cpython-38.pyc +/usr/lib/python3/dist-packages/launchpadlib/tests/__pycache__/test_credential_store.cpython-38.pyc +/usr/lib/python3/dist-packages/launchpadlib/tests/test_credential_store.py +/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py +/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/__pycache__/client_credentials.cpython-38.pyc +/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/__pycache__/resource_owner_password_credentials.cpython-38.pyc +/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py +/usr/lib/python3/dist-packages/twisted/cred/credentials.py +/usr/lib/python3/dist-packages/twisted/cred/__pycache__/credentials.cpython-38.pyc +/usr/lib/systemd/systemd-reply-password +/usr/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path +/usr/lib/systemd/system/sysinit.target.wants/systemd-ask-password-console.path +/usr/lib/systemd/system/systemd-ask-password-console.path +/usr/lib/systemd/system/systemd-ask-password-console.service +/usr/lib/systemd/system/systemd-ask-password-plymouth.path +/usr/lib/systemd/system/systemd-ask-password-plymouth.service + #)There are more creds/passwds files in the previous parent folder + +/usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c +/usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret.c +/usr/share/doc/git/contrib/credential/netrc/git-credential-netrc +/usr/share/doc/git/contrib/credential/netrc/t-git-credential-netrc.sh +/usr/share/doc/git/contrib/credential/osxkeychain/git-credential-osxkeychain.c +/usr/share/doc/git/contrib/credential/wincred/git-credential-wincred.c +/usr/share/man/man1/git-credential.1.gz +/usr/share/man/man1/git-credential-cache.1.gz +/usr/share/man/man1/git-credential-cache--daemon.1.gz +/usr/share/man/man1/git-credential-store.1.gz + #)There are more creds/passwds files in the previous parent folder + +/usr/share/man/man7/gitcredentials.7.gz +/usr/share/man/man8/systemd-ask-password-console.path.8.gz +/usr/share/man/man8/systemd-ask-password-console.service.8.gz + +╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs + +╔══════════╣ Searching passwords inside logs (limit 70) +2022-02-23 08:50:00 configure base-passwd:amd64 3.5.47 3.5.47 +2022-02-23 08:50:00 install base-passwd:amd64 3.5.47 +2022-02-23 08:50:00 status half-configured base-passwd:amd64 3.5.47 +2022-02-23 08:50:00 status half-installed base-passwd:amd64 3.5.47 +2022-02-23 08:50:00 status installed base-passwd:amd64 3.5.47 +2022-02-23 08:50:00 status unpacked base-passwd:amd64 3.5.47 +2022-02-23 08:50:05 status half-configured base-passwd:amd64 3.5.47 +2022-02-23 08:50:05 status half-installed base-passwd:amd64 3.5.47 +2022-02-23 08:50:05 status unpacked base-passwd:amd64 3.5.47 +2022-02-23 08:50:05 upgrade base-passwd:amd64 3.5.47 3.5.47 +2022-02-23 08:50:14 install passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:50:14 status half-installed passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:50:14 status unpacked passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:50:17 configure base-passwd:amd64 3.5.47 +2022-02-23 08:50:17 status half-configured base-passwd:amd64 3.5.47 +2022-02-23 08:50:17 status installed base-passwd:amd64 3.5.47 +2022-02-23 08:50:17 status unpacked base-passwd:amd64 3.5.47 +2022-02-23 08:50:20 configure passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:50:20 status half-configured passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:50:20 status installed passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:50:20 status unpacked passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:52:18 status half-configured passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:52:18 status half-installed passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:52:18 status unpacked passwd:amd64 1:4.8.1-1ubuntu5 +2022-02-23 08:52:18 upgrade passwd:amd64 1:4.8.1-1ubuntu5 1:4.8.1-1ubuntu5.20.04.1 +2022-02-23 08:52:19 configure passwd:amd64 1:4.8.1-1ubuntu5.20.04.1 +2022-02-23 08:52:19 status half-configured passwd:amd64 1:4.8.1-1ubuntu5.20.04.1 +2022-02-23 08:52:19 status installed passwd:amd64 1:4.8.1-1ubuntu5.20.04.1 +2022-02-23 08:52:19 status unpacked passwd:amd64 1:4.8.1-1ubuntu5.20.04.1 +2022-05-05 03:46:20,473 - cc_set_passwords.py[DEBUG]: Leaving SSH config 'PasswordAuthentication' unchanged. ssh_pwauth=None +2022-05-05 03:46:20,473 - handlers.py[DEBUG]: finish: modules-config/config-set-passwords: SUCCESS: config-set-passwords ran successfully +2022-05-05 03:46:20,473 - util.py[DEBUG]: Writing to /var/lib/cloud/instances/iid-datasource-none/sem/config_set_passwords - wb: [644] 25 bytes +2022-05-05 04:37:06,411 - handlers.py[DEBUG]: finish: modules-config/config-set-passwords: SUCCESS: config-set-passwords previously ran +2022-05-05 04:37:06,411 - helpers.py[DEBUG]: config-set-passwords already ran (freq=once-per-instance) +2022-05-05 04:55:41,029 - handlers.py[DEBUG]: finish: modules-config/config-set-passwords: SUCCESS: config-set-passwords previously ran +2022-05-05 04:55:41,029 - helpers.py[DEBUG]: config-set-passwords already ran (freq=once-per-instance) +2022-08-20 15:16:00,365 - handlers.py[DEBUG]: finish: modules-config/config-set-passwords: SUCCESS: config-set-passwords previously ran +2022-08-20 15:16:00,365 - helpers.py[DEBUG]: config-set-passwords already ran (freq=once-per-instance) +[ 38.055933] systemd[1]: Started Forward Password Requests to Wall Directory Watch. +[ 9.076613] systemd[1]: Started Forward Password Requests to Wall Directory Watch. + base-passwd depends on libc6 (>= 2.8); however: + base-passwd depends on libdebconfclient0 (>= 0.145); however: +Binary file /var/log/journal/113cfd14aea5442b9c02d5a5f48b55bb/user-1001.journal matches +dpkg: base-passwd: dependency problems, but configuring anyway as you requested: +Preparing to unpack .../base-passwd_3.5.47_amd64.deb ... +Preparing to unpack .../passwd_1%3a4.8.1-1ubuntu5_amd64.deb ... +Selecting previously unselected package base-passwd. +Selecting previously unselected package passwd. +Setting up base-passwd (3.5.47) ... +Setting up passwd (1:4.8.1-1ubuntu5) ... +Shadow passwords are now on. +Unpacking base-passwd (3.5.47) ... +Unpacking base-passwd (3.5.47) over (3.5.47) ... +Unpacking passwd (1:4.8.1-1ubuntu5) ... + + + + ╔════════════════╗ +════════════════════════════════╣ API Keys Regex ╠════════════════════════════════ + ╚════════════════╝ +Regexes to search for API keys aren't activated, use param '-r' + + -- cgit v1.2.3