1 [00;31m######################################################### [00m
2 [00;31m#[00m [00;33mLocal Linux Enumeration & Privilege Escalation Script [00m [00;31m# [00m
3 [00;31m######################################################### [00m
4 [00;33m#www.rebootuser.com [00m
5 [00;33m#version 0.95 [00m
6
7 [-] Debug Info8 [00;33m[+] Thorough tests =Disabled [00m9
10
11 [00;33mScan started at:
12 Tue May 7 01:08:48 AEST 2019
13 [00m14
15 [00;33m### SYSTEM ############################################## [00m
16 [00;31m[-] Kernel information:[00m17 Linux DC-1 3.2.0-6-486 #1 Debian 3.2.102-1 i686 GNU/Linux
18
19
20 [00;31m[-] Kernel information (continued):[00m21 Linux version 3.2.0-6-486 (debian-kernel@lists.debian.org) (gcc version 4.9.2 (Debian 4.9.2-10+deb7u1) ) #1 Debian 3.2.102-1
22
23
24 [00;31m[-] Specific release information:[00m25 PRETTY_NAME="Debian GNU/Linux 7 (wheezy)"
26 NAME="Debian GNU/Linux"
27 VERSION_ID="7"
28 VERSION="7 (wheezy)"
29 ID=debian30 ANSI_COLOR="1;31"
31 HOME_URL="http://www.debian.org/"
32 SUPPORT_URL="http://www.debian.org/support/"
33 BUG_REPORT_URL="http://bugs.debian.org/"
34
35
36 [00;31m[-] Hostname:[00m37 DC-1
38
39
40 [00;33m### USER/GROUP ########################################## [00m
41 [00;31m[-] Current user/group info:[00m42 uid=33(www-data) gid=33(www-data) groups=33(www-data)43
44
45 [00;31m[-] Users that have previously logged onto the system:[00m46 Username Port From Latest47 root tty1 Thu Feb 28 12:10:51 +1000 2019
48
49
50 [00;31m[-] Who else is logged on:[00m51 01:08:48 up 1:00, 0 users, load average: 0.00, 0.00, 0.00
52 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT53
54
55 [00;31m[-] Group memberships:[00m56 uid=0(root) gid=0(root) groups=0(root)57 uid=1(daemon) gid=1(daemon) groups=1(daemon)58 uid=2(bin) gid=2(bin) groups=2(bin)59 uid=3(sys) gid=3(sys) groups=3(sys)60 uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)61 uid=5(games) gid=60(games) groups=60(games)62 uid=6(man) gid=12(man) groups=12(man)63 uid=7(lp) gid=7(lp) groups=7(lp)64 uid=8(mail) gid=8(mail) groups=8(mail)65 uid=9(news) gid=9(news) groups=9(news)66 uid=10(uucp) gid=10(uucp) groups=10(uucp)67 uid=13(proxy) gid=13(proxy) groups=13(proxy)68 uid=33(www-data) gid=33(www-data) groups=33(www-data)69 uid=34(backup) gid=34(backup) groups=34(backup)70 uid=38(list) gid=38(list) groups=38(list)71 uid=39(irc) gid=39(irc) groups=39(irc)72 uid=41(gnats) gid=41(gnats) groups=41(gnats)73 uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)74 uid=100(libuuid) gid=101(libuuid) groups=101(libuuid)75 uid=101(Debian-exim) gid=104(Debian-exim) groups=104(Debian-exim)76 uid=102(statd) gid=65534(nogroup) groups=65534(nogroup)77 uid=103(messagebus) gid=107(messagebus) groups=107(messagebus)78 uid=104(sshd) gid=65534(nogroup) groups=65534(nogroup)79 uid=105(mysql) gid=109(mysql) groups=109(mysql)80 uid=1001(flag4) gid=1001(flag4) groups=1001(flag4)81
82
83 [00;31m[-] Contents of /etc/passwd:[00m84 root:x:0:0:root:/root:/bin/bash85 daemon:x:1:1:daemon:/usr/sbin:/bin/sh86 bin:x:2:2:bin:/bin:/bin/sh87 sys:x:3:3:sys:/dev:/bin/sh88 sync:x:4:65534:sync:/bin:/bin/sync89 games:x:5:60:games:/usr/games:/bin/sh90 man:x:6:12:man:/var/cache/man:/bin/sh91 lp:x:7:7:lp:/var/spool/lpd:/bin/sh92 mail:x:8:8:mail:/var/mail:/bin/sh93 news:x:9:9:news:/var/spool/news:/bin/sh94 uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh95 proxy:x:13:13:proxy:/bin:/bin/sh96 www-data:x:33:33:www-data:/var/www:/bin/sh97 backup:x:34:34:backup:/var/backups:/bin/sh98 list:x:38:38:Mailing List Manager:/var/list:/bin/sh99 irc:x:39:39:ircd:/var/run/ircd:/bin/sh100 gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh101 nobody:x:65534:65534:nobody:/nonexistent:/bin/sh102 libuuid:x:100:101::/var/lib/libuuid:/bin/sh103 Debian-exim:x:101:104::/var/spool/exim4:/bin/false
104 statd:x:102:65534::/var/lib/nfs:/bin/false
105 messagebus:x:103:107::/var/run/dbus:/bin/false
106 sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin107 mysql:x:105:109:MySQL Server,,,:/nonexistent:/bin/false
108 flag4:x:1001:1001:Flag4,,,:/home/flag4:/bin/bash109
110
111 [00;31m[-] Super user account(s):[00m112 root113
114
115 [00;31m[-] Are permissions on /home directories lax:[00m116 total 12K117 drwxr-xr-x 3 root root 4.0K Feb 19 23:51 .
118 drwxr-xr-x 23 root root 4.0K Feb 19 22:34 ..
119 drwxr-xr-x 2 flag4 flag4 4.0K Feb 19 23:28flag4120
121
122 [00;31m[-] Root is allowed to login via SSH:[00m123 PermitRootLogin yes124
125
126 [00;33m### ENVIRONMENTAL ####################################### [00m
127 [00;31m[-] Environment information:[00m128 APACHE_PID_FILE=/var/run/apache2.pid129 APACHE_RUN_USER=www-data130 APACHE_LOG_DIR=/var/log/apache2131 PATH=/usr/local/bin:/usr/bin:/bin132 PWD=/var/www133 APACHE_RUN_GROUP=www-data134 LANG=C135 SHLVL=1
136 APACHE_LOCK_DIR=/var/lock/apache2137 APACHE_RUN_DIR=/var/run/apache2138 _=/usr/bin/env139
140
141 [00;31m[-] Path information:[00m142 /usr/local/bin:/usr/bin:/bin143
144
145 [00;31m[-] Available shells:[00m146 #/etc/shells: valid login shells
147 /bin/sh148 /bin/dash149 /bin/bash150 /bin/rbash151
152
153 [00;31m[-] Current umask value:[00m154 0022
155 u=rwx,g=rx,o=rx156
157
158 [00;31m[-] umask value as specified in /etc/login.defs:[00m159 UMASK 022
160
161
162 [00;31m[-] Password and storage information:[00m163 PASS_MAX_DAYS 99999
164 PASS_MIN_DAYS 0
165 PASS_WARN_AGE 7
166 ENCRYPT_METHOD SHA512167
168
169 [00;33m### JOBS/TASKS ########################################## [00m
170 [00;31m[-] Cron jobs:[00m171 -rw-r--r-- 1 root root 722 Jul 4 2012 /etc/crontab172
173 /etc/cron.d:
174 total 16
175 drwxr-xr-x 2 root root 4096 Feb 19 23:01 .
176 drwxr-xr-x 85 root root 4096 May 7 00:08 ..
177 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder178 -rw-r--r-- 1 root root 510 May 10 2018php5179
180 /etc/cron.daily:
181 total 68
182 drwxr-xr-x 2 root root 4096 Feb 19 23:01 .
183 drwxr-xr-x 85 root root 4096 May 7 00:08 ..
184 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder185 -rwxr-xr-x 1 root root 633 May 30 2018apache2186 -rwxr-xr-x 1 root root 14985 Oct 24 2014apt187 -rwxr-xr-x 1 root root 314 Nov 5 2012aptitude188 -rwxr-xr-x 1 root root 355 Jun 11 2012bsdmainutils189 -rwxr-xr-x 1 root root 256 May 3 2016dpkg190 -rwxr-xr-x 1 root root 4125 Feb 11 2018 exim4-base191 -rwxr-xr-x 1 root root 89 May 17 2012logrotate192 -rwxr-xr-x 1 root root 1365 Jun 19 2012 man-db193 -rwxr-xr-x 1 root root 606 Sep 25 2010mlocate194 -rwxr-xr-x 1 root root 249 May 26 2012passwd195
196 /etc/cron.hourly:
197 total 12
198 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .
199 drwxr-xr-x 85 root root 4096 May 7 00:08 ..
200 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder201
202 /etc/cron.monthly:
203 total 12
204 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .
205 drwxr-xr-x 85 root root 4096 May 7 00:08 ..
206 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder207
208 /etc/cron.weekly:
209 total 16
210 drwxr-xr-x 2 root root 4096 Feb 19 22:25 .
211 drwxr-xr-x 85 root root 4096 May 7 00:08 ..
212 -rw-r--r-- 1 root root 102 Jul 4 2012 .placeholder213 -rwxr-xr-x 1 root root 907 Jun 19 2012 man-db214
215
216 [00;31m[-] Crontab contents:[00m217 #/etc/crontab: system-wide crontab
218 #Unlike any other crontab you don't have to run the `crontab'
219 #command to install the new version when you edit this file
220 #and files in /etc/cron.d. These files also have username fields,
221 #that none of the other crontabs do.
222
223 SHELL=/bin/sh224 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin225
226 #m h dom mon dow user command
227 17 * * * * root cd / && run-parts --report /etc/cron.hourly228 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )229 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )230 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )231 #232
233
234 [00;33m### NETWORKING ########################################## [00m
235 [00;31m[-] Network and IP info:[00m236 eth0 Link encap:Ethernet HWaddr 00:0c:29:d1:f4:98
237 inet addr:192.168.16.107 Bcast:192.168.16.255 Mask:255.255.255.0
238 inet6 addr: fe80::20c:29ff:fed1:f498/64 Scope:Link239 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
240 RX packets:8702 errors:0 dropped:0 overruns:0 frame:0
241 TX packets:3009 errors:0 dropped:0 overruns:0 carrier:0
242 collisions:0 txqueuelen:1000
243 RX bytes:1325354 (1.2 MiB) TX bytes:1103771 (1.0MiB)244
245 lo Link encap:Local Loopback246 inet addr:127.0.0.1 Mask:255.0.0.0
247 inet6 addr: ::1/128 Scope:Host248 UP LOOPBACK RUNNING MTU:16436 Metric:1
249 RX packets:50 errors:0 dropped:0 overruns:0 frame:0
250 TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
251 collisions:0 txqueuelen:0
252 RX bytes:4852 (4.7 KiB) TX bytes:4852 (4.7KiB)253
254
255 [00;31m[-] ARP history:[00m256 192.168.16.254 dev eth0 lladdr 00:22:aa:d0:dd:95REACHABLE257 192.168.16.112 dev eth0 lladdr f0:18:98:6b:ed:5b REACHABLE258
259
260 [00;31m[-] Nameserver(s):[00m261 nameserver 192.168.16.254
262 nameserver 0.0.0.0
263
264
265 [00;31m[-] Default route:[00m266 default via 192.168.16.254dev eth0267
268
269 [00;31m[-] Listening TCP:[00m270 Active Internet connections (servers and established)271 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name272 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
273 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
274 tcp 0 0 0.0.0.0:40858 0.0.0.0:* LISTEN -
275 tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
276 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
277 tcp 0 480 192.168.16.107:33469 192.168.16.112:4444 ESTABLISHED 3406/php278 tcp6 0 0 :::22 :::* LISTEN -
279 tcp6 0 0 ::1:25 :::* LISTEN -
280 tcp6 0 0 :::34190 :::* LISTEN -
281 tcp6 0 0 :::111 :::* LISTEN -
282 tcp6 0 0 :::80 :::* LISTEN -
283 tcp6 0 0 192.168.16.107:80 192.168.16.112:52090 TIME_WAIT -
284 tcp6 1 0 192.168.16.107:80 192.168.16.112:63539 CLOSE_WAIT -
285
286
287 [00;31m[-] Listening UDP:[00m288 Active Internet connections (servers and established)289 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name290 udp 0 0 0.0.0.0:59942 0.0.0.0:* -
291 udp 0 0 0.0.0.0:68 0.0.0.0:* -
292 udp 0 0 0.0.0.0:111 0.0.0.0:* -
293 udp 0 0 0.0.0.0:769 0.0.0.0:* -
294 udp 0 0 127.0.0.1:801 0.0.0.0:* -
295 udp 0 0 0.0.0.0:21881 0.0.0.0:* -
296 udp6 0 0 :::52815 :::* -
297 udp6 0 0 :::28256 :::* -
298 udp6 0 0 :::111 :::* -
299 udp6 0 0 :::769 :::* -
300
301
302 [00;33m### SERVICES ############################################# [00m
303 [00;31m[-] Running processes:[00m304 USER PID %CPU %MEM VSZ RSS TTY STAT START TIMECOMMAND305 root 1 0.0 0.0 2296 780 ? Ss 00:08 0:01 init [2]306 root 2 0.0 0.0 0 0 ? S 00:08 0:00[kthreadd]307 root 3 0.0 0.0 0 0 ? S 00:08 0:00 [ksoftirqd/0]308 root 4 0.0 0.0 0 0 ? S 00:08 0:00 [kworker/0:0]309 root 6 0.0 0.0 0 0 ? S 00:08 0:00 [watchdog/0]310 root 7 0.0 0.0 0 0 ? S< 00:08 0:00[cpuset]311 root 8 0.0 0.0 0 0 ? S< 00:08 0:00[khelper]312 root 9 0.0 0.0 0 0 ? S 00:08 0:00[kdevtmpfs]313 root 10 0.0 0.0 0 0 ? S< 00:08 0:00[netns]314 root 11 0.0 0.0 0 0 ? S 00:08 0:00[sync_supers]315 root 12 0.0 0.0 0 0 ? S 00:08 0:00 [bdi-default]316 root 13 0.0 0.0 0 0 ? S< 00:08 0:00[kintegrityd]317 root 14 0.0 0.0 0 0 ? S< 00:08 0:00[kblockd]318 root 15 0.0 0.0 0 0 ? S 00:08 0:00[khungtaskd]319 root 16 0.0 0.0 0 0 ? S 00:08 0:00[kswapd0]320 root 17 0.0 0.0 0 0 ? SN 00:08 0:00[ksmd]321 root 18 0.0 0.0 0 0 ? S 00:08 0:00[fsnotify_mark]322 root 19 0.0 0.0 0 0 ? S< 00:08 0:00[crypto]323 root 95 0.0 0.0 0 0 ? S 00:08 0:00[khubd]324 root 105 0.0 0.0 0 0 ? S< 00:08 0:00[ata_sff]325 root 115 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_0]326 root 125 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_1]327 root 134 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_2]328 root 135 0.0 0.0 0 0 ? S 00:08 0:00[scsi_eh_3]329 root 136 0.0 0.0