Initial Enumeration
Quick syn scan:
Wider and deeper scan:
A quick note on the scans: I generally do basic nmap scans and then use unicornscan for wider port scans because it’s so much quicker, especially with UDP. However HackTheBox VPN appears to interfere with that. So I’ve been ammending my nmap scans with the T4 timing and –max-retries which seems to be a reasonable alternative. The -p- means ports 0-65535. Without the other settings I’ve founds all ports scans to take a ridiculously long time. Unfortunately it still doesn’t make all-ports UDP scans quick enough so I tend set one running and leave it whilst working and if it hits anything, I’ll report on it later.
Initial Scans Summary
An Ubuntu box running: FTP, SSH, SAMBA and something called distccd.
Taking them in turn:
22/FTP
Anonymous access allowed but no permissions to create folders or upload files.
It’s running vsftpd 2.3.4 which has a well-known backdoor that got into the supply chain. This was annoying as I’ve been waiting to see this vulnerability for ages so was a bit excited to see this version show up. However trying the Metasploit module…turns out it doesn’t work. It completes the attempt but won’t create a session. Shame. I won’t bother screenshots of this not working.
139 & 445 / SMB
It’s running SAMBA 3.0.20
enum4linux -A gives a lot of info, amongst which is the following share info:
The share “tmp” is mappable and listable so we should be able to log onto that with a null session:
Not only that but we can also upload a file. The directories are not listable. But they might well point to a user called “makis”.
Exploit and root shell
So some progress but nothing likely to result in a shell. Let’s see if the Samba version is vulnerable:
Looks like there is a Metasploit exploit available so let’s fire that up and see if we can use that:
This gets a root shell so we can collect the root token and it turns out there was a user called “makis” as suspected:
Additional Method
Having rooted this I checked out HTB’s official write-up where it states that the SAMBA exploit is the only route in. This isn’t correct.
Remember nmap also found:
3631/distccd
diskccd, according to my search “is a tool for speeding up compilation of source code by using distributed computing over a computer network. ”
Turns out there is an MSF exploit for that as well:
This one isn’t a straight root shell but gets us in on the daemon user. This user can cat the user.txt and even enter root’s home directory but cannot cat the root.txt. So it needs escalating.
Seeing as we’re going to be doing more than just listing files with this shell, it’s worth upgrading to a tty shell:
After a quick search I find the test.txt file I uploaded using the null SAMBA session in the /tmp directory:
That makes for a very nice way of moving files to and from this box as I can mount it using Kali’s graphical File app and copy and paste my whole PrivEsc tools folder in at once:
Running linuxprivchecker.py:
=================================================================================================
LINUX PRIVILEGE ESCALATION CHECKER
=================================================================================================
[*] GETTING BASIC SYSTEM INFO...
[+] Kernel
Linux version 2.6.24-16-server (buildd@palmer) (gcc version 4.2.3 (Ubuntu 4.2.3-2ubuntu7)) #1 SMP Thu Apr 10 13:58:00 UTC 2008
[+] Hostname
lame
[+] Operating System
_ _ _ _ _ _ ____
_ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/
|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
|_|
Warning: Never expose this VM to an untrusted network!
Contact: msfdev[at]metasploit.com
Login with msfadmin/msfadmin to get started
[*] GETTING NETWORKING INFO...
[+] Interfaces
eth0 Link encap:Ethernet HWaddr 00:50:56:a4:55:32
inet addr:10.10.10.3 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: dead:beef::250:56ff:fea4:5532/64 Scope:Global
inet6 addr: fe80::250:56ff:fea4:5532/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:635226 errors:0 dropped:0 overruns:0 frame:0
TX packets:39131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:121485252 (115.8 MB) TX bytes:5874487 (5.6 MB)
Interrupt:19 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4839 errors:0 dropped:0 overruns:0 frame:0
TX packets:4839 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2379609 (2.2 MB) TX bytes:2379609 (2.2 MB)
[+] Netstat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:512 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:513 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:514 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6697 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:1099 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6667 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8787 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:54195 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:8180 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:1524 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN -
tcp 0 0 10.10.10.3:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:46645 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:40953 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:57115 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 0 10.10.10.3:445 10.10.14.19:39956 ESTABLISHED -
tcp 0 0 10.10.10.3:56809 10.10.14.19:4444 ESTABLISHED 9900/telnet
tcp 0 0 10.10.10.3:39843 10.10.14.19:4444 ESTABLISHED -
tcp 0 0 10.10.10.3:39844 10.10.14.19:4444 ESTABLISHED -
tcp 0 1113 10.10.10.3:56810 10.10.14.19:4444 ESTABLISHED 9903/telnet
tcp6 0 0 :::2121 :::* LISTEN -
tcp6 0 0 :::3632 :::* LISTEN -
tcp6 0 0 :::53 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::5432 :::* LISTEN -
tcp6 0 0 ::1:953 :::* LISTEN -
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:53124 0.0.0.0:* -
udp 0 0 10.10.10.3:137 0.0.0.0:* -
udp 0 0 0.0.0.0:137 0.0.0.0:* -
udp 0 0 10.10.10.3:138 0.0.0.0:* -
udp 0 0 0.0.0.0:138 0.0.0.0:* -
udp 0 0 127.0.0.1:38291 127.0.0.1:38291 ESTABLISHED -
udp 0 0 127.0.0.1:161 0.0.0.0:* -
udp 0 0 10.10.10.3:53 0.0.0.0:* -
udp 0 0 127.0.0.1:53 0.0.0.0:* -
udp 0 0 0.0.0.0:69 0.0.0.0:* -
udp 0 0 0.0.0.0:43590 0.0.0.0:* -
udp 0 0 127.0.0.1:34249 0.0.0.0:* -
udp 0 0 0.0.0.0:52684 0.0.0.0:* -
udp 0 0 0.0.0.0:50141 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* -
udp 0 0 0.0.0.0:1013 0.0.0.0:* -
udp6 0 0 :::42407 :::* -
udp6 0 0 :::53 :::* -
[+] Route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.10.0 * 255.255.255.0 U 0 0 0 eth0
default 10.10.10.2 0.0.0.0 UG 100 0 0 eth0
[*] GETTING FILESYSTEM INFO...
[+] Mount results
/dev/mapper/metasploitable-root on / type ext3 (rw,relatime,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
/sys on /sys type sysfs (rw,noexec,nosuid,nodev)
varrun on /var/run type tmpfs (rw,noexec,nosuid,nodev,mode=0755)
varlock on /var/lock type tmpfs (rw,noexec,nosuid,nodev,mode=1777)
udev on /dev type tmpfs (rw,mode=0755)
devshm on /dev/shm type tmpfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw,relatime)
securityfs on /sys/kernel/security type securityfs (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
[+] fstab entries
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# /dev/mapper/metasploitabale-root
UUID=59bd36ce-2d78-44fe-843f-a4ca5fcafad1 / ext3 relatime,errors=remount-ro 0 1
/dev/sda1 /boot ext3 relatime 0 2
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto,exec,utf8 0 0
[+] Scheduled cron jobs
-rw-r--r-- 1 root root 724 Apr 8 2008 /etc/crontab
/etc/cron.d:
total 20
drwxr-xr-x 2 root root 4096 May 14 2012 .
drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
-rw-r--r-- 1 root root 102 Apr 8 2008 .placeholder
-rw-r--r-- 1 root root 492 Jan 6 2010 php5
-rw-r--r-- 1 root root 1323 Mar 31 2008 postgresql-common
/etc/cron.daily:
total 60
drwxr-xr-x 2 root root 4096 Apr 28 2010 .
drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
-rw-r--r-- 1 root root 102 Apr 8 2008 .placeholder
-rwxr-xr-x 1 root root 633 Feb 1 2008 apache2
-rwxr-xr-x 1 root root 7441 Apr 22 2008 apt
-rwxr-xr-x 1 root root 314 Apr 4 2008 aptitude
-rwxr-xr-x 1 root root 502 Dec 12 2007 bsdmainutils
-rwxr-xr-x 1 root root 89 Jun 19 2006 logrotate
-rwxr-xr-x 1 root root 954 Mar 12 2008 man-db
-rwxr-xr-x 1 root root 183 Mar 8 2008 mlocate
-rwxr-xr-x 1 root root 383 Apr 28 2010 samba
-rwxr-xr-x 1 root root 3295 Apr 8 2008 standard
-rwxr-xr-x 1 root root 1309 Nov 23 2007 sysklogd
-rwxr-xr-x 1 root root 477 Dec 7 2008 tomcat55
/etc/cron.hourly:
total 12
drwxr-xr-x 2 root root 4096 Mar 16 2010 .
drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
-rw-r--r-- 1 root root 102 Apr 8 2008 .placeholder
/etc/cron.monthly:
total 20
drwxr-xr-x 2 root root 4096 Apr 28 2010 .
drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
-rw-r--r-- 1 root root 102 Apr 8 2008 .placeholder
-rwxr-xr-x 1 root root 664 Feb 20 2008 proftpd
-rwxr-xr-x 1 root root 129 Apr 8 2008 standard
/etc/cron.weekly:
total 24
drwxr-xr-x 2 root root 4096 Mar 16 2010 .
drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
-rw-r--r-- 1 root root 102 Apr 8 2008 .placeholder
-rwxr-xr-x 1 root root 528 Mar 12 2008 man-db
-rwxr-xr-x 1 root root 2522 Jan 28 2008 popularity-contest
-rwxr-xr-x 1 root root 1220 Nov 23 2007 sysklogd
[+] Writable cron dirs
[*] ENUMERATING USER AND ENVIRONMENTAL INFO...
[+] Logged in User Activity
08:34:19 up 9:34, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 :0.0 23:00 9:34 0.00s 0.00s -bash
[+] Sudoers (privileged)
[+] All users
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
dhcp:x:101:102::/nonexistent:/bin/false
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
bind:x:105:113::/var/cache/bind:/bin/false
postfix:x:106:115::/var/spool/postfix:/bin/false
ftp:x:107:65534::/home/ftp:/bin/false
postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false
tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false
distccd:x:111:65534::/:/bin/false
service:x:1002:1002:,,,:/home/service:/bin/bash
telnetd:x:112:120::/nonexistent:/bin/false
proftpd:x:113:65534::/var/run/proftpd:/bin/false
statd:x:114:65534::/var/lib/nfs:/bin/false
snmp:x:115:65534::/var/lib/snmp:/bin/false
makis:x:1003:1003::/home/makis:/bin/sh
[+] Current User ID
uid=1(daemon) gid=1(daemon) groups=1(daemon)
[+] Super Users Found:
root
[+] Environment
_DISTCC_SAFEGUARD=1
TERM=linux
QUIET=no
PATH=/sbin:/bin:/usr/sbin:/usr/bin
_=/usr/bin/env
runlevel=2
RUNLEVEL=2
UPSTART_EVENT=runlevel
PWD=/tmp/PrivescTools
VERBOSE=no
previous=N
PREVLEVEL=N
SHLVL=7
UPSTART_JOB=rc2
UPSTART_JOB_ID=5
[+] Current User
daemon
[+] Root and current user history (depends on privs)
lrwxrwxrwx 1 root root 9 May 14 2012 /root/.bash_history -> /dev/null
[*] ENUMERATING FILE AND DIRECTORY PERMISSIONS/CONTENTS...
[+] World Writeable Directories for User/Group 'Root'
drwxrwxrwt 2 root root 40 Sep 10 22:59 /dev/shm
drwxrwxrwt 3 root root 60 Sep 10 23:00 /var/lock
drwx-wx-wt 2 root root 4096 Mar 14 2017 /var/lib/php5
drwxrwxrwt 2 root root 4096 May 20 2012 /var/tmp
drwxrwxrwt 7 root root 4096 Sep 11 08:31 /tmp
drwxrwxrwt 2 root root 4096 Sep 10 22:59 /tmp/.ICE-unix
drwxrwxrwt 2 root root 4096 Sep 10 23:00 /tmp/.X11-unix
[+] World Writeable Directories for Users other than Root
[+] World Writable Files
[+] Checking if root's home folder is accessible
/root:
total 80K
drwxr-xr-x 13 root root 4.0K Sep 10 23:00 .
drwxr-xr-x 21 root root 4.0K May 20 2012 ..
-rw------- 1 root root 373 Sep 10 23:00 .Xauthority
lrwxrwxrwx 1 root root 9 May 14 2012 .bash_history -> /dev/null
-rw-r--r-- 1 root root 2.2K Oct 20 2007 .bashrc
drwx------ 3 root root 4.0K May 20 2012 .config
drwx------ 2 root root 4.0K May 20 2012 .filezilla
drwxr-xr-x 5 root root 4.0K Sep 10 23:00 .fluxbox
drwx------ 2 root root 4.0K May 20 2012 .gconf
drwx------ 2 root root 4.0K May 20 2012 .gconfd
drwxr-xr-x 2 root root 4.0K May 20 2012 .gstreamer-0.10
drwx------ 4 root root 4.0K May 20 2012 .mozilla
-rw-r--r-- 1 root root 141 Oct 20 2007 .profile
drwx------ 5 root root 4.0K May 20 2012 .purple
-rwx------ 1 root root 4 May 20 2012 .rhosts
drwxr-xr-x 2 root root 4.0K May 20 2012 .ssh
drwx------ 2 root root 4.0K Sep 10 23:00 .vnc
drwxr-xr-x 2 root root 4.0K May 20 2012 Desktop
-rwx------ 1 root root 401 May 20 2012 reset_logs.sh
-rw------- 1 root root 33 Mar 14 2017 root.txt
-rw-r--r-- 1 root root 118 Sep 10 23:00 vnc.log
/root/.fluxbox:
total 52K
drwxr-xr-x 5 root root 4.0K Sep 10 23:00 .
drwxr-xr-x 13 root root 4.0K Sep 10 23:00 ..
-rw-r--r-- 1 root root 70 May 20 2012 apps
drwxr-xr-x 2 root root 4.0K May 20 2012 backgrounds
-rw-r--r-- 1 root root 314 May 20 2012 init
-rw-r--r-- 1 root root 2.8K May 20 2012 keys
-rw-r--r-- 1 root root 142 Sep 10 23:00 lastwallpaper
-rw-r--r-- 1 root root 66 May 20 2012 menu
-rw-r--r-- 1 root root 89 May 20 2012 overlay
drwxr-xr-x 2 root root 4.0K May 20 2012 pixmaps
-rw-r--r-- 1 root root 504 May 20 2012 startup
drwxr-xr-x 2 root root 4.0K May 20 2012 styles
-rw-r--r-- 1 root root 168 May 20 2012 windowmenu
/root/.fluxbox/backgrounds:
total 8.0K
drwxr-xr-x 2 root root 4.0K May 20 2012 .
drwxr-xr-x 5 root root 4.0K Sep 10 23:00 ..
/root/.fluxbox/pixmaps:
total 8.0K
drwxr-xr-x 2 root root 4.0K May 20 2012 .
drwxr-xr-x 5 root root 4.0K Sep 10 23:00 ..
/root/.fluxbox/styles:
total 8.0K
drwxr-xr-x 2 root root 4.0K May 20 2012 .
drwxr-xr-x 5 root root 4.0K Sep 10 23:00 ..
/root/.gstreamer-0.10:
total 16K
drwxr-xr-x 2 root root 4.0K May 20 2012 .
drwxr-xr-x 13 root root 4.0K Sep 10 23:00 ..
-rw------- 1 root root 7.4K May 20 2012 registry.i486.xml
/root/.ssh:
total 16K
drwxr-xr-x 2 root root 4.0K May 20 2012 .
drwxr-xr-x 13 root root 4.0K Sep 10 23:00 ..
-rw-r--r-- 1 root root 405 May 17 2010 authorized_keys
-rw-r--r-- 1 root root 442 May 20 2012 known_hosts
/root/Desktop:
total 8.0K
drwxr-xr-x 2 root root 4.0K May 20 2012 .
drwxr-xr-x 13 root root 4.0K Sep 10 23:00 ..
[+] SUID/SGID Files and Directories
-rwsr-xr-x 1 root root 63584 Apr 14 2008 /bin/umount
-rwsr-xr-- 1 root fuse 20056 Feb 26 2008 /bin/fusermount
-rwsr-xr-x 1 root root 25540 Apr 2 2008 /bin/su
-rwsr-xr-x 1 root root 81368 Apr 14 2008 /bin/mount
-rwsr-xr-x 1 root root 30856 Dec 10 2007 /bin/ping
-rwsr-xr-x 1 root root 26684 Dec 10 2007 /bin/ping6
-rwsr-xr-x 1 root root 65520 Dec 2 2008 /sbin/mount.nfs
-rwxr-sr-x 1 root shadow 19584 Apr 9 2008 /sbin/unix_chkpwd
-rwsr-xr-- 1 root dhcp 2960 Apr 2 2008 /lib/dhcp3-client/call-dhclient-script
drwxrwsr-x 2 root src 4096 Apr 15 2008 /usr/src
-rwsr-xr-x 2 root root 107776 Feb 25 2008 /usr/bin/sudoedit
-rwxr-sr-x 1 root utmp 3192 Apr 22 2008 /usr/bin/Eterm
-rwsr-sr-x 1 root root 7460 Jun 25 2008 /usr/bin/X
-rwxr-sr-x 1 root tty 8192 Dec 12 2007 /usr/bin/bsd-write
-rwsr-xr-x 1 root root 8524 Nov 22 2007 /usr/bin/netkit-rsh
-rwxr-sr-x 1 root ssh 76580 Apr 6 2008 /usr/bin/ssh-agent
-rwsr-xr-x 1 root root 37360 Apr 2 2008 /usr/bin/gpasswd
-rwxr-sr-x 1 root mlocate 30508 Mar 8 2008 /usr/bin/mlocate
-rwxr-sr-x 1 root crontab 26928 Apr 8 2008 /usr/bin/crontab
-rwsr-xr-x 1 root root 12296 Dec 10 2007 /usr/bin/traceroute6.iputils
-rwsr-xr-x 2 root root 107776 Feb 25 2008 /usr/bin/sudo
-rwsr-xr-x 1 root root 12020 Nov 22 2007 /usr/bin/netkit-rlogin
-rwxr-sr-x 1 root shadow 37904 Apr 2 2008 /usr/bin/chage
-rwxr-sr-x 1 root utmp 308228 Oct 23 2007 /usr/bin/screen
-rwxr-sr-x 1 root shadow 16424 Apr 2 2008 /usr/bin/expiry
-rwsr-xr-x 1 root root 11048 Dec 10 2007 /usr/bin/arping
-rwsr-sr-x 1 daemon daemon 38464 Feb 20 2007 /usr/bin/at
-rwxr-sr-x 1 root utmp 306996 Jan 2 2009 /usr/bin/xterm
-rwsr-xr-x 1 root root 19144 Apr 2 2008 /usr/bin/newgrp
-rwxr-sr-x 1 root tty 9960 Apr 14 2008 /usr/bin/wall
-rwsr-xr-x 1 root root 28624 Apr 2 2008 /usr/bin/chfn
-rwsr-xr-x 1 root root 780676 Apr 8 2008 /usr/bin/nmap
-rwsr-xr-x 1 root root 23952 Apr 2 2008 /usr/bin/chsh
-rwsr-xr-x 1 root root 15952 Nov 22 2007 /usr/bin/netkit-rcp
-rwsr-xr-x 1 root root 29104 Apr 2 2008 /usr/bin/passwd
-rwsr-xr-x 1 root root 46084 Mar 31 2008 /usr/bin/mtr
-rwsr-sr-x 1 libuuid libuuid 12336 Mar 27 2008 /usr/sbin/uuidd
-r-xr-sr-x 1 root postdrop 10312 Apr 18 2008 /usr/sbin/postqueue
-r-xr-sr-x 1 root postdrop 10036 Apr 18 2008 /usr/sbin/postdrop
-rwsr-xr-- 1 root dip 269256 Oct 4 2007 /usr/sbin/pppd
drwxrwsr-x 2 root staff 4096 Mar 23 2010 /usr/local/share/fonts
drwxrwsr-x 7 root staff 4096 Mar 23 2010 /usr/local/share/sgml
drwxrwsr-x 2 root staff 4096 Mar 23 2010 /usr/local/share/sgml/stylesheet
drwxrwsr-x 2 root staff 4096 Mar 23 2010 /usr/local/share/sgml/declaration
drwxrwsr-x 2 root staff 4096 Mar 23 2010 /usr/local/share/sgml/dtd
drwxrwsr-x 2 root staff 4096 Mar 23 2010 /usr/local/share/sgml/entities
drwxrwsr-x 2 root staff 4096 Mar 23 2010 /usr/local/share/sgml/misc
drwxrwsr-x 2 root staff 4096 Apr 17 2010 /usr/local/lib/site_ruby/1.8/i486-linux
drwxrwsr-x 3 root staff 4096 Apr 28 2010 /usr/local/lib/python2.5
drwxrwsr-x 2 root staff 4096 Apr 28 2010 /usr/local/lib/python2.5/site-packages
-rwsr-xr-- 1 root telnetd 6040 Dec 17 2006 /usr/lib/telnetlogin
-rwsr-xr-- 1 root www-data 10276 Mar 9 2010 /usr/lib/apache2/suexec
-rwsr-xr-x 1 root root 4524 Nov 5 2007 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 165748 Apr 6 2008 /usr/lib/openssh/ssh-keysign
-rwsr-xr-x 1 root root 9624 Aug 17 2009 /usr/lib/pt_chown
drwxr-s--- 2 root dip 4096 Mar 16 2010 /etc/chatscripts
drwxr-s--- 2 root dip 4096 Mar 16 2010 /etc/ppp/peers
drwxr-sr-x 2 root bind 4096 Mar 17 2010 /etc/bind
drwxrwsr-x 2 postgres postgres 100 Sep 10 22:59 /var/run/postgresql
drwxrwsr-x 2 root mail 4096 Sep 11 06:54 /var/mail
drwxr-s--- 2 mysql adm 4096 Mar 17 2010 /var/log/mysql
drwxr-sr-x 2 news news 4096 Mar 16 2010 /var/log/news
drwxrwsr-x 2 root staff 4096 Apr 15 2008 /var/local
drwxr-sr-x 44 man root 4096 Sep 11 06:54 /var/cache/man
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ru.KOI8-R
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/zh_CN
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/fi
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ko
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/id
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/cat5
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pt_BR
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/local
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/hu
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/de
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ru.UTF-8
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pt
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/tr
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/fr.UTF-8
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ru
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/cs
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pl.UTF-8
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pl
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ja
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/es
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/sv
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/cat3
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/cat7
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/cat6
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/cat1
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/zh_TW
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/it.ISO8859-1
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/it
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/X11R6
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/vi
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/fr
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/cat8
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/opt
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/fsstnd
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/cat4
drwxr-sr-x 2 man root 4096 Mar 17 2010 /var/cache/man/cat2
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/gl
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pl.ISO8859-2
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/fr.ISO8859-1
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/nl
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/it.UTF-8
drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/oldlocal
drwxrwsr-x 2 libuuid libuuid 4096 Mar 16 2010 /var/lib/libuuid
drwx--s--- 2 postfix postdrop 4096 Sep 10 22:59 /var/spool/postfix/public
[+] Logs containing keyword 'password'
/var/log/daemon.log:May 5 16:31:42 lame /etc/mysql/debian-start[5297]: WARNING: mysql.user contains 1 root accounts without password!
/var/log/daemon.log:Sep 10 22:59:39 lame /etc/mysql/debian-start[4817]: WARNING: mysql.user contains 1 root accounts without password!
[+] Config files containing keyword 'password'
/etc/mysql/my.cnf:# It has been reported that passwords should be enclosed with ticks/quotes
/etc/mysql/conf.d/old_passwords.cnf:old_passwords = false
/etc/debconf.conf:# World-readable, and accepts everything but passwords.
/etc/debconf.conf:Reject-Type: password
/etc/debconf.conf:# Not world readable (the default), and accepts only passwords.
/etc/debconf.conf:Name: passwords
/etc/debconf.conf:Accept-Type: password
/etc/debconf.conf:Filename: /var/cache/debconf/passwords.dat
/etc/debconf.conf:# databases, one to hold passwords and one for everything else.
/etc/debconf.conf:Stack: config, passwords
/etc/debconf.conf:# A remote LDAP database. It is also read-only. The password is really
/etc/samba/smb.conf:# You may wish to use password encryption. See the section on
/etc/samba/smb.conf:# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
/etc/samba/smb.conf: encrypt passwords = true
/etc/samba/smb.conf:# If you are using encrypted passwords, Samba will need to know what
/etc/samba/smb.conf:# password database type you are using.
/etc/samba/smb.conf:# password with the SMB password when the encrypted SMB password in the
/etc/samba/smb.conf:; unix password sync = no
/etc/samba/smb.conf:# For Unix password sync to work on a Debian GNU/Linux system, the following
/etc/samba/smb.conf: passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
/etc/samba/smb.conf:# This boolean controls whether PAM will be used for password changes
/etc/samba/smb.conf:; pam password change = no
/etc/ltrace.conf:; pwd.h
/etc/proftpd/proftpd.conf:# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
/etc/proftpd/proftpd.conf:# This is required to use both PAM-based authentication and local passwords
/etc/proftpd/sql.conf:# Use both a crypted or plaintext password
/etc/proftpd/sql.conf:# Use a backend-crypted or a crypted password
/etc/proftpd/sql.conf:#SQLConnectInfo proftpd@sql.example.com proftpd_user proftpd_password
/etc/proftpd/ldap.conf:#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
/etc/proftpd/ldap.conf:#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
/etc/hdparm.conf:# --security-set-pass Set security password
/etc/hdparm.conf:# security_pass = password
/etc/hdparm.conf:# --user-master Select password to use
/etc/devscripts.conf:# options may be used to specify the username and password to use.
/etc/devscripts.conf:# If only a username is provided then the password will be prompted for
/etc/ssl/openssl.cnf:# input_password = secret
/etc/ssl/openssl.cnf:# output_password = secret
/etc/ssl/openssl.cnf:challengePassword = A challenge password
/etc/postgresql/8.3/main/postgresql.conf:#password_encryption = on
/etc/cowpoke.conf:# using a simple password (or worse, a normal user password), then you can
[+] Shadow File (Privileged)
[*] ENUMERATING PROCESSES AND APPLICATIONS...
[+] Installed Packages
Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err:
Name Version
adduser 3.105ubuntu1 and remove users and groups
ant 1.7.0-3 based build tool like make
antlr 2.7.6-10 tool for constructing recognizers,
apache2 2.2.8-1 generation, scalable, extendable web se
apache2-mpm-prefork 2.2.8-1ubuntu0.15 model for Apache HTTPD
apache2-utils 2.2.8-1ubuntu0.15 programs for webservers
apache2.2-common 2.2.8-1ubuntu0.15 generation, scalable, extendable web se
apparmor 2.1+1075-0ubuntu9 parser utility for AppArmor
apparmor-utils 2.1+1075-0ubuntu9 for controlling AppArmor
apt 0.7.9ubuntu17 front-end for dpkg
apt-utils 0.7.9ubuntu17 utility programs
aptitude 0.4.9-2ubuntu5 package manager
at 3.1.10ubuntu4 job execution and batch processing
autoconf 2.61-4 configure script builder
autoconf2.59 2.59-1 configure script builder (obsolete
base-files 4.0.1ubuntu5 base system miscellaneous files
base-passwd 3.5.16 base system master password and group
bash 3.2-0ubuntu16 GNU Bourne Again SHell
bash-completion 20060301-3ubuntu3 completion for the bash shell
belocs-locales-bin 2.4-2.2ubuntu7 for compiling locale data files
bind9 1:9.4.2-10 Domain Name Server
bind9-host 1:9.4.2-10 of 'host' bundled with BIND 9.X
binutils 2.18.1~cvs20080103-0ubuntu1 GNU assembler, linker and binary utiliti
bsdmainutils 6.1.10ubuntu2 of more utilities from FreeBSD
bsdutils 1:2.13.1-5ubuntu1 utilities from 4.4BSD-Lite
busybox-initramfs 1:1.1.3-5ubuntu12 shell setup for initramfs
bzip2 1.0.4-2ubuntu4 block-sorting file compressor -
comerr-dev 2.1-1.40.8-2ubuntu2 error description library - headers a
command-not-found 0.2.17ubuntu1 installation of packages in interact
command-not-found-data 0.2.17ubuntu1 of data files for command-not-found.
console-setup 1.21ubuntu8 up the font and the keyboard on the cons
console-terminus 4.20-6 fonts for fast reading on the Li
console-tools 1:0.2.3dbs-65ubuntu7 console and font utilities
coreutils 6.10-3ubuntu2 GNU core utilities
cpio 2.9-6ubuntu1 cpio -- a program to manage archives of
cpp 4:4.2.3-1ubuntu6 GNU C preprocessor (cpp)
cpp-4.2 4.2.4-1ubuntu4 GNU C preprocessor
cron 3.0pl1-100ubuntu2 of regular background processing
curl 7.18.0-1ubuntu2.3 a file from an HTTP, HTTPS or FTP server
dash 0.5.4-8ubuntu1 shell
debconf 1.5.20 configuration management system
debconf-i18n 1.5.20 internationalization support for debcon
debhelper 7.0.13ubuntu1~hardy1 programs for debian/rules
debianutils 2.28.2-0ubuntu1 utilities specific to Debian
defoma 0.11.10-0.2 Font Manager -- automatic font config
devscripts 2.10.39ubuntu2~hardy1 to make the life of a Debian Package
dhcp3-client 3.0.6.dfsg-1ubuntu9 client
dhcp3-common 3.0.6.dfsg-1ubuntu9 files used by all the dhcp3* packages
diff 2.8.1-12ubuntu1 comparison utilities
diffstat 1.45-2 graph of changes introduced by a di
distcc 2.18.3-4.1ubuntu1 distributed compiler client and serve
dmidecode 2.9-1ubuntu1 Desktop Management Interface data
dmsetup 2:1.02.20-2ubuntu2 Linux Kernel Device Mapper userspace lib
dnsutils 1:9.4.2-10 provided with BIND
dosfstools 2.11-2.3ubuntu1 to create and check MS-DOS FAT fil
dpkg 1.14.16.6ubuntu3 maintenance system for Debian
dpkg-dev 1.14.16.6ubuntu4.1 building tools for Debian
e2fslibs 1.40.8-2ubuntu2 filesystem libraries
e2fsprogs 1.40.8-2ubuntu2 file system utilities and libraries
ecj 3.3.0+0728-5 version of the Eclipse Java compi
ecj-gcj 3.3.0+0728-5 version of the Eclipse Java compi
ed 0.7-1ubuntu1 classic unix line editor
eject 2.1.5-6 CDs and operates CD-Changers under Li
esound-common 0.2.38-0ubuntu9 Sound Daemon - Common files
eterm 0.9.4.0debian1-2ubuntu3 Terminal Emulator
ethtool 6-0 or change ethernet card settings
fakeroot 1.9ubuntu1.1 a fake root environment
fastjar 2:0.95-1ubuntu2 creation utility
fdutils 5.5-20060227-1.1 floppy utilities
figlet 2.2.2-1ubuntu1 Ian & Glenn's Letters
file 4.21-3 file type using "magic" numbers
filezilla 3.0.11.1-0ubuntu1~hardy1 of the famous Win32 graphical FTP clien
filezilla-common 3.0.11.1-0ubuntu1~hardy1 independent files for filezilla
findutils 4.2.32-1ubuntu2 for finding files--find, xargs
firefox 3.6.17+build3+nobinonly-0ubuntu0.8.04.1 and easy web browser from Mozilla
firefox-3.0 3.6.17+build3+nobinonly-0ubuntu0.8.04.1 upgrade package for firefox-3.0 -> fir
firefox-branding 3.6.17+build3+nobinonly-0ubuntu0.8.04.1 that ships the firefox branding
fluxbox 1.1.1-1~hardy1 configurable and low resource X11 Win
fontconfig 2.5.0-2ubuntu3 font configuration library - support
fontconfig-config 2.5.0-2ubuntu3 font configuration library - configu
friendly-recovery 0.1 recovery more user-friendly
ftp 0.17-16build1 FTP client
ftpd 0.17-27 server
fuse-utils 2.7.2-1ubuntu2 in USErspace (utilities)
g++ 4:4.2.3-1ubuntu6 GNU C++ compiler
g++-4.2 4.2.4-1ubuntu4 GNU C++ compiler
gappletviewer-4.2 4.2.4-1ubuntu3 application to execute Java (tm)
gcc 4:4.2.3-1ubuntu6 GNU C compiler
gcc-4.2 4.2.4-1ubuntu4 GNU C compiler
gcc-4.2-base 4.2.4-1ubuntu4 GNU Compiler Collection (base package)
gcj-4.2 4.2.4-1ubuntu3 GNU compiler for Java(TM)
gcj-4.2-base 4.2.4-1ubuntu3 GNU Compiler Collection (gcj base packag
gconf2 2.22.0-0ubuntu3 configuration database system (support
gconf2-common 2.22.0-0ubuntu3 configuration database system (common
gdb 6.8-1ubuntu3 GNU Debugger
gettext 0.17-2ubuntu1 Internationalization utilities
gettext-base 0.17-2ubuntu1 Internationalization utilities for the b
gij 4:4.2.3-1ubuntu6 GNU Java bytecode interpreter
gij-4.2 4.2.4-1ubuntu3 GNU Java bytecode interpreter
gjdoc 0.7.8-6 generation framework for java
gnupg 1.4.6-2ubuntu5 privacy guard - a free PGP replacement
gpgv 1.4.6-2ubuntu5 privacy guard - signature verification t
grep 2.5.3~dfsg-3 grep, egrep and fgrep
groff-base 1.18.1.1-16 troff text-formatting system (base syste
grub 0.97-29ubuntu21.2 Unified Bootloader
gzip 1.3.12-3.2 GNU compression utility
hdparm 8.6-1ubuntu1 hard disk parameters for high performan
hostname 2.94 to set/show the host name or domain
html2text 1.3.2a-3build2 advanced HTML to text converter
ifupdown 0.6.8ubuntu8 level tools to configure network interf
info 4.11.dfsg.1-4 GNU Info documentation browser
initramfs-tools 0.85eubuntu36 for generating an initramfs
initscripts 2.86.ds1-14.1ubuntu45 for initializing and shutting down t
inputattach 1.23-0ubuntu2 to attach serial devices to the inpu
installation-report 2.31ubuntu1 installation report
intltool-debian 0.35.0+20060710.1 i18n of RFC822 compliant config files
iproute 20071016-2ubuntu1 tools to control the networking
iptables 1.3.8.0debian1-1ubuntu2 tools for packet filtering an
iputils-arping 3:20071127-1 to send ICMP echo requests to an ARP ad
iputils-ping 3:20071127-1 to test the reachability of network ho
iputils-tracepath 3:20071127-1 to trace the network path to a remote
java-common 0.28ubuntu3 of all Java packages
java-gcj-compat 1.0.77-2ubuntu2 runtime environment using GIJ
java-gcj-compat-dev 1.0.77-2ubuntu2 runtime environment with GCJ
java-gcj-compat-headless 1.0.77-2ubuntu2 runtime environment using GIJ (headless
jsvc 1.0.2~svn20061127-6 to launch Java applications as daemo
klibc-utils 1.5.7-4ubuntu3 statically-linked utilities built with
klogd 1.5-1ubuntu1 Logging Daemon
laptop-detect 0.13.2ubuntu1 to detect a laptop
less 418-1 program similar to more
libacl1 2.2.45-1 control list shared library
libapache2-mod-php5 5.2.4-2ubuntu5.24 HTML-embedded scripting languag
libapr1 1.2.11-1 Apache Portable Runtime Library
libaprutil1 1.2.12+dfsg-3 Apache Portable Runtime Utility Library
libasound2 1.0.15-3ubuntu4 library
libaspell15 0.60.5-1ubuntu2 Aspell spell-checker runtime library
libast2 0.7-2 Library of Assorted Spiffy Things
libatk1.0-0 1.22.0-0ubuntu1 ATK accessibility toolkit
libatm1 2.4.1-17.1build1 library for ATM (Asynchronous Transfe
libattr1 1:2.4.39-1 attribute shared library
libaudiofile0 0.2.6-7ubuntu1.8.04.1 version of SGI's audiofile libra
libavahi-client3 0.6.22-2ubuntu4.3 client library
libavahi-common-data 0.6.22-2ubuntu4.3 common data files
libavahi-common3 0.6.22-2ubuntu4.3 common library
libavahi-glib1 0.6.22-2ubuntu4.3 glib integration library
libbcel-java 5.2-3ubuntu1 create, and manipulate (binary) Jav
libbind9-30 1:9.4.2-10 Shared Library used by BIND
libblkid1 1.40.8-2ubuntu2 device id library
libbz2-1.0 1.0.4-2ubuntu4 block-sorting file compressor l
libc6 2.7-10ubuntu5 C Library: Shared libraries
libc6-dev 2.7-10ubuntu5 C Library: Development Libraries and Hea
libc6-i686 2.7-10ubuntu5 C Library: Shared libraries [i686 optimi
libcairo2 1.6.0-0ubuntu2 Cairo 2D vector graphics library
libcap1 1:1.10-14build1 for getting/setting POSIX.1e capabil
libchromexvmc1 1:0.2.901-0ubuntu4 Libraries used by the Openchrome VIA dr
libchromexvmcpro1 1:0.2.901-0ubuntu4 Pro Libraries used by the Openchrome VI
libck-connector0 0.2.3-3ubuntu5 libraries
libcomerr2 1.40.8-2ubuntu2 error description library
libcommons-beanutils-java 1.8.0~beta-1 for manipulating JavaBeans
libcommons-collections-java 2.1.1-8 set of abstract data type interfaces and i
libcommons-collections3-java 3.1a-3.1 set of abstract data type interfaces and i
libcommons-daemon-java 1.0.2~svn20061127-6 to launch Java applications as daemo
libcommons-dbcp-java 1.2.2-1 Connection Pooling Services
libcommons-digester-java 1.8-1 based XML Java object mapping tool
libcommons-el-java 1.0-4 of the JSP2.0 Expression Lang
libcommons-fileupload-java 1.2-2 upload capability to your servlets and
libcommons-io-java 1.3.2-2 useful IO related classes
libcommons-launcher-java 1.1-3 platform java application launcher
libcommons-logging-java 1.1-1ubuntu1 wrapper interface for several loggin
libcommons-modeler-java 2.0.1-4 library to use Java Management E
libcommons-pool-java 1.3-1 implementation for Java objects
libcommons-validator-java 1:1.3.1-1 and speed development and maintenance o
libconsole 1:0.2.3dbs-65ubuntu7 libraries for Linux console and font
libcupsys2 1.3.7-1ubuntu3.9 UNIX Printing System(tm) - libs
libcurl3 7.18.0-1ubuntu2.3 file transfer library (OpenSS
libcurl3-gnutls 7.18.0-1ubuntu2 file transfer library (GnuTLS
libcurl4-openssl-dev 7.18.0-1ubuntu2.3 files and documentation for libc
libcwidget3 0.5.8-1ubuntu1 terminal interface library for C+
libdatrie0 0.1.2-2 trie library
libdb4.6 4.6.21-6ubuntu1 v4.6 Database Libraries [runtime]
libdbd-mysql-perl 4.005-1 Perl5 database interface to the MySQL data
libdbi-perl 1.601-1 database interface by Tim Bunce
libdbus-1-3 1.1.20-1ubuntu1 interprocess messaging system
libdbus-glib-1-2 0.74-2ubuntu0.1 interprocess messaging system (GLib-b
libdevmapper1.02.1 2:1.02.20-2ubuntu2 Linux Kernel Device Mapper userspace lib
libdns32 1:9.4.2-10 Shared Library used by BIND
libdrm2 2.3.0-4ubuntu1 interface to kernel DRM services -
libecj-java 3.3.0+0728-5 Java compiler (library)
libecj-java-gcj 3.3.0+0728-5 Java compiler (native library)
libedit2 2.9.cvs.20050518-4 editline and history libraries
libelfg0 0.8.6-4 ELF object file access library
libesd-alsa0 0.2.38-0ubuntu9 Sound Daemon (ALSA) - Shared lib
libevent1 1.3e-1 asynchronous event notification library
libexpat1 2.0.1-0ubuntu1 parsing C library - runtime library
libfontconfig1 2.5.0-2ubuntu3 font configuration library - runtime
libfontenc1 1:1.0.4-2 font encoding library
libfreetype6 2.3.5-1ubuntu4.8.04.2 2 font engine, shared library files
libfribidi0 0.10.9-1 Implementation of the Unicode BiDi algo
libfs6 2:1.0.0-4ubuntu2 Font Services library
libfuse2 2.7.2-1ubuntu2 in USErspace library
libgadu3 1:1.7~rc2-2ubuntu0.8.04.1 protocol library - runtime files
libgc1c2 1:6.8-1.1 garbage collector for C and C++
libgcc1 1:4.2.4-1ubuntu4 support library
libgcj-bc 4.2.3-1ubuntu6 time only library for use with gcj
libgcj-common 1:4.2.3-1ubuntu6 runtime library (common files)
libgcj8-1 4.2.4-1ubuntu3 runtime library for use with gcj
libgcj8-1-awt 4.2.4-1ubuntu3 peer runtime libraries for use with gcj
libgcj8-dev 4.2.4-1ubuntu3 development headers for use with gcj
libgcj8-jar 4.2.4-1ubuntu3 runtime library for use with gcj (jar f
libgconf2-4 2.22.0-0ubuntu3 configuration database system (shared
libgcrypt11 1.2.4-2ubuntu7 Crypto library - runtime library
libgd2-xpm 2.0.35.dfsg-3ubuntu2.1 Graphics Library version 2
libgdbm3 1.8.3-3 dbm database routines (runtime version)
libgif4 4.1.6-4 for GIF images (library)
libgl1-mesa-glx 7.0.3~rc2-1ubuntu3 free implementation of the OpenGL API -- G
libglib2.0-0 2.16.6-0ubuntu1.2 GLib library of C routines
libglu1-mesa 7.0.3~rc2-1ubuntu3 OpenGL utility library (GLU)
libgnutls13 2.0.4-1ubuntu2 GNU TLS library - runtime library
libgomp1 4.2.4-1ubuntu4 OpenMP (GOMP) support library
libgpg-error0 1.4-2ubuntu7 for common error values and messages
libgpmg1 1.19.6-25ubuntu1 Purpose Mouse - shared library
libgssglue1 0.1-1 gssapi library
libgstreamer-plugins-base0.10-0 0.10.18-3 libraries from the "base" set
libgstreamer0.10-0 0.10.18-4ubuntu2 GStreamer libraries and elements
libgtk2.0-0 2.12.9-3ubuntu5 GTK+ graphical user interface library
libgtk2.0-common 2.12.9-3ubuntu5 files for the GTK+ graphical user int
libgtkspell0 2.0.10-4 spell-checking addon for GTK's TextView wi
libhal1 0.5.11~rc2-1ubuntu8.3 Abstraction Layer - shared library
libhesiod0 3.0.2-18.1 for hesiod, a service name resolut
libhtml-parser-perl 3.56-1 collection of modules that parse HTML text
libhtml-tagset-perl 3.10-2 tables pertaining to HTML
libhtml-tree-perl 3.23-1 and create HTML syntax trees
libice6 2:1.0.4-1 Inter-Client Exchange library
libid3tag0 0.15.1b-10 tag reading library from the MAD project
libidl0 0.8.10-0.1 for parsing CORBA IDL files
libidn11 1.1-1 libidn library, implementation of IETF I
libidn11-dev 1.1-1 files GNU libidn, implementation
libimlib2 1.4.0-1ubuntu1.2 image loading and rendering library
libisc32 1:9.4.2-10 Shared Library used by BIND
libisccc30 1:9.4.2-10 Channel Library used by BIND
libisccfg30 1:9.4.2-10 File Handling Library used by BIND
libiw29 29-1ubuntu2 tools - library
libjaxp1.3-java 1.3.04-2 XML parser and transformer APIs (DOM, S
libjpeg62 6b-14 Independent JPEG Group's JPEG runtime li
libkadm55 1.6.dfsg.3~beta1-2ubuntu1.8 Kerberos administration runtime librarie
libkeyutils1 1.2-4 Key Management Utilities (library)
libklibc 1.5.7-4ubuntu3 libc subset for use with initramfs
libkrb5-dev 1.6.dfsg.3~beta1-2ubuntu1.8 and development libraries for MIT Ke
libkrb53 1.6.dfsg.3~beta1-2ubuntu1.8 Kerberos runtime libraries
liblaunchpad-integration1 0.1.19 for launchpad integration
libldap-2.4-2 2.4.9-0ubuntu0.8.04.3 libraries
libldap2-dev 2.4.9-0ubuntu0.8.04.3 development libraries
liblocale-gettext-perl 1.05-2ubuntu1 libc functions for internationalizatio
liblog4j1.2-java 1.2.15-2 library for java
liblwres30 1:9.4.2-10 Resolver Library used by BIND
liblzo2-2 2.02-3 compression library
libmagic1 4.21-3 type determination library using "magic
libmeanwhile1 1.0.2-3 implementation of the Lotus Sametime Co
libmx4j-java 3.0.1-3 open source implementation of the JMX(TM)
libmysqlclient15off 5.0.51a-3ubuntu5 database client library
libncurses5 5.6+20071124-1ubuntu2 libraries for terminal handling
libncursesw5 5.6+20071124-1ubuntu2 libraries for terminal handling (wide
libnet-daemon-perl 0.38-1.1 module for building portable Perl daemo
libnewt0.52 0.52.2-11.2ubuntu1 Erik's Windowing Toolkit - text mode win
libnfsidmap2 0.20-0build1 nfs idmapping library
libnspr4-0d 4.8.6-0ubuntu0.8.04.1 Portable Runtime Library
libnss3-1d 3.12.9+ckbi-1.82-0ubuntu0.8.04.1 Security Service libraries
libntfs-3g23 1:1.2216-1ubuntu1 filesystem in userspace (FUSE) libra
libopencdk10 0.6.6-1ubuntu1 Crypto Development Kit (OpenCDK) (runti
liborbit2 1:2.14.12-0.1 for ORBit2 - a CORBA ORB
liboro-java 2.0.8a-3 expression library for Java
libpam-modules 0.99.7.1-5ubuntu6 Authentication Modules for PAM
libpam-runtime 0.99.7.1-5ubuntu6 support for the PAM library
libpam0g 0.99.7.1-5ubuntu6.1 Authentication Modules library
libpam0g-dev 0.99.7.1-5ubuntu6.1 files for PAM
libpango1.0-0 1.20.5-0ubuntu1.1 and rendering of internationalized te
libpango1.0-common 1.20.5-0ubuntu1.1 and configuration files for the Pang
libparted1.7-1 1.7.1-5.1ubuntu9 GNU Parted disk partitioning shared libr
libpcap0.8 0.9.8-2 interface for user-level packet captu
libpcre3 7.4-1ubuntu2 5 Compatible Regular Expression Library
libperl5.8 5.8.8-12ubuntu0.5 Perl library
libpixman-1-0 0.10.0-0ubuntu1 library for X and cairo
libplrpc-perl 0.2017-1.1 extensions for writing PlRPC servers an
libpng12-0 1.2.15~beta5-3ubuntu0.2 library - runtime
libpopt-dev 1.10-3build1 for parsing cmdline parameters - develop
libpopt0 1.10-3build1 for parsing cmdline parameters
libpq5 8.3.1-1 C client library
libpurple0 1:2.5.2-0ubuntu1.2~hardy1 instant messaging library
libreadline5 5.2-3build1 readline and history libraries, run-time
libregexp-java 1.4-4 expression library for Java
librpc-xml-perl 0.59-2 module implementation of XML-RPC
librpcsecgss3 0.17-1ubuntu2 secure rpc communication using the rp
libruby1.8 1.8.6.111-2ubuntu1.3 necessary to run Ruby 1.8
libsasl2-2 2.1.22.dfsg1-18ubuntu2 SASL - authentication abstraction libr
libsasl2-modules 2.1.22.dfsg1-18ubuntu2 SASL - pluggable authentication module
libselinux1 2.0.55-0ubuntu4 policy enforcement, run-time librari
libsensors3 1:2.10.5-3ubuntu1 to read temperature/voltage/fan sens
libsepol1 2.0.20-0ubuntu3 binary policy, run-time library
libservlet2.3-java 4.0-10 2.3 and JSP 1.2 Java classes and doc
libservlet2.4-java 5.0.30-6ubuntu1 2.4 and JSP 2.0 Java library.
libsigc++-2.0-0c2a 2.0.17-2ubuntu3 Signal Framework for C++ - runtime
libsilc-1.1-2 1.1.5-1ubuntu1 library (silc-toolkit)
libslang2 2.1.3-2 S-Lang programming library - runtime ver
libsm6 2:1.0.3-1 Session Management library
libsnmp-base 5.4.1~dfsg-4ubuntu4.3 (Simple Network Management Protocol) MI
libsnmp15 5.4.1~dfsg-4ubuntu4.3 (Simple Network Management Protocol) li
libsqlite3-0 3.4.2-2 3 shared library
libss2 1.40.8-2ubuntu2 interface parsing library
libssl-dev 0.9.8g-4ubuntu3.18 development libraries, header files and
libssl0.9.8 0.9.8g-4ubuntu3.18 shared libraries
libstartup-notification0 0.9-1 for program launch feedback (shared
libstdc++6 4.2.4-1ubuntu4 GNU Standard C++ Library v3
libstdc++6-4.2-dev 4.2.4-1ubuntu4 GNU Standard C++ Library v3 (development
libstruts1.2-java 1.2.9-3 Framework for MVC web applications
libsysfs2 2.1.0-4 library to sysfs
libt1-5 5.1.1-5 1 font rasterizer library - runtime
libtasn1-3 1.1-1 ASN.1 structures (runtime)
libterm-readkey-perl 2.30-3ubuntu1 perl module for simple terminal control
libtext-charwidth-perl 0.04-4build1 display widths of characters on the term
libtext-iconv-perl 1.4-3 between character sets in Perl
libtext-wrapi18n-perl 0.06-5 substitute of Text::Wrap
libthai-data 0.1.9-1ubuntu0.2 files for Thai language support library
libthai0 0.1.9-1ubuntu0.2 language support library
libtiff4 3.8.2-7ubuntu3.4 Image File Format (TIFF) library
libtimedate-perl 1.1600-9 and date functions for Perl
libtomcat5.5-java 5.5.25-5ubuntu1.2 Servlet engine -- core libraries
liburi-perl 1.35.dfsg.1-1 and accesses URI strings
libusb-0.1-4 2:0.1.12-8 USB programming library
libuuid1 1.40.8-2ubuntu2 unique id library
libvolume-id0 117-8 identification library
libwrap0 7.6.dbs-14 Venema's TCP wrappers library
libwww-perl 5.808-1 client/server library for Perl (aka LWP)
libwxbase2.8-0 2.8.7.1-0ubuntu3 library (runtime) - non-GUI support c
libwxgtk2.8-0 2.8.7.1-0ubuntu3 Cross-platform C++ GUI toolkit (GT
libx11-6 2:1.1.3-1ubuntu2 client-side library
libx11-data 2:1.1.3-1ubuntu2 client-side library
libxau6 1:1.0.3-2 authorisation library
libxaw7 2:1.0.4-1 Athena Widget library
libxcb-xlib0 1.1-1ubuntu1 C Binding, Xlib/XCB interface library
libxcb1 1.1-1ubuntu1 C Binding
libxcomposite1 1:0.4.0-1 Composite extension library
libxcursor1 1:1.1.9-1 cursor management library
libxdamage1 1:1.1.1-3 damaged region extension library
libxdmcp6 1:1.0.2-2 Display Manager Control Protocol library
libxerces2-java 2.9.0-1 XML parser for Java with DOM leve
libxext6 2:1.0.3-2build1 miscellaneous extension library
libxfixes3 1:4.0.3-2 miscellaneous 'fixes' extension library
libxfont1 1:1.3.1-2 font rasterisation library
libxft2 2.1.12-2ubuntu5 font drawing library for X
libxi6 2:1.1.3-1 Input extension library
libxinerama1 2:1.0.2-1build1 Xinerama extension library
libxkbfile1 1:1.0.4-1 keyboard file manipulation library
libxml-parser-perl 2.34-4.3 module for parsing XML files
libxml2 2.6.31.dfsg-2ubuntu1 XML library
libxmu6 2:1.0.4-1 miscellaneous utility library
libxmuu1 2:1.0.4-1 miscellaneous micro-utility library
libxpm4 1:3.5.7-1 pixmap library
libxrandr2 2:1.2.2-1 RandR extension library
libxrender1 1:0.9.4-1 Rendering Extension client library
libxss1 1:1.1.2-1 Screen Saver extension library
libxt6 1:1.0.5-3 toolkit intrinsics library
libxtrap6 2:1.0.0-4build1 event trapping extension library
libxtst6 2:1.0.3-1 Testing -- Resource extension library
libxv1 2:1.0.3-1ubuntu1 Video extension library
libxxf86dga1 2:1.0.2-1 Direct Graphics Access extension library
libxxf86misc1 1:1.0.1-2 XFree86 miscellaneous extension library
libxxf86vm1 1:1.0.1-2 XFree86 video mode extension library
libzephyr3 2.1.20070719.SNAPSHOT-1 original "Instant Message" system librar
linux-image-2.6.24-16-server 2.6.24-16.30 kernel image for version 2.6.24 on x86
linux-image-server 2.6.24.16.18 kernel image on Server Equipment.
linux-libc-dev 2.6.24-27.68 Kernel Headers for development
linux-server 2.6.24.16.18 Linux kernel on Server Equipment.
linux-ubuntu-modules-2.6.24-16-server 2.6.24-16.23 supplied Linux modules for version 2.
locales 2.7.9-4 files for locale support
login 1:4.0.18.2-1ubuntu2 login tools
logrotate 3.7.1-3 rotation utility
lsb-base 3.2-4ubuntu1 Standard Base 3.2 init script function
lsb-release 3.2-4ubuntu1 Standard Base version reporting utilit
lshw 02.12.01-2ubuntu1 about hardware configuration
lsof 4.78.dfsg.1-3 open files
ltrace 0.5-3ubuntu1 runtime library calls in dynamically
lvm2 2.02.26-1ubuntu9 Linux Logical Volume Manager
lzma 4.43-12ubuntu1 method of 7z format in 7-Zip pro
m4 1.4.10-1 macro processing language
make 3.81-3build1 GNU version of the "make" utility.
makedev 2.3.1-84ubuntu1 device files in /dev
man-db 2.5.1-3 manual pager
manpages 2.77-1 pages about using a GNU/Linux system
mawk 1.3.3-11ubuntu2 pattern scanning and text processing langu
mdetect 0.5.2.1ubuntu4 device autodetection tool
memtest86+ 1.70-3ubuntu1 real-mode memory tester
menu 2.1.38ubuntu2 programs menu for all menu-aware a
mii-diag 2.11-2 little tool to manipulate network cards
mime-support 3.39-1ubuntu1 files 'mime.types' & 'mailcap', and sup
mktemp 1.5-5ubuntu2 unique filenames for temporary files
mlocate 0.18-2ubuntu1 find files on the filesystem based o
module-init-tools 3.3-pre11-4ubuntu5 for managing Linux kernel modules
mount 2.13.1-5ubuntu1 for mounting and manipulating filesyst
mtr-tiny 0.72-2ubuntu1 screen ncurses traceroute tool
mysql-client-5.0 5.0.51a-3ubuntu5 database client binaries
mysql-common 5.0.51a-3ubuntu5 database common files
mysql-server 5.0.51a-3ubuntu5 database server (meta package dependin
mysql-server-5.0 5.0.51a-3ubuntu5 database server binaries
nano 2.0.7-1ubuntu1 Pico clone with some new features
ncurses-base 5.6+20071124-1ubuntu2 of common terminal types
ncurses-bin 5.6+20071124-1ubuntu2 programs and man pages
net-tools 1.60-19ubuntu1 NET-3 networking toolkit
netbase 4.30ubuntu1 TCP/IP networking system
netcat 1.10-36 swiss army knife -- transitional pack
netcat-traditional 1.10-36 swiss army knife
nfs-common 1:1.1.2-2ubuntu2.2 support files common to client and serve
nfs-kernel-server 1:1.1.2-2ubuntu2.2 for NFS kernel server
nmap 4.53-3 Network Mapper
ntfs-3g 1:1.2216-1ubuntu1 NTFS driver for FUSE
ntpdate 1:4.2.4p4+dfsg-3ubuntu2 for setting system time from NTP serv
openbsd-inetd 0.20050402-6 OpenBSD Internet Superserver
openssh-client 1:4.7p1-8ubuntu1 shell client, an rlogin/rsh/rcp repla
openssh-server 1:4.7p1-8ubuntu1 shell server, an rshd replacement
openssl 0.9.8g-4ubuntu3 Socket Layer (SSL) binary and related
p7zip-full 4.57~dfsg.1-1 and 7za file archivers with high compress
parted 1.7.1-5.1ubuntu9 GNU Parted disk partition resizing progr
passwd 1:4.0.18.2-1ubuntu2 and administer password and group dat
patch 2.5.9-4 a diff file to an original
pciutils 1:2.2.4-1.1ubuntu3 PCI Utilities
pcmciautils 014-4ubuntu1 utilities for Linux 2.6
perl 5.8.8-12ubuntu0.5 Wall's Practical Extraction and Report
perl-base 5.8.8-12ubuntu0.5 Pathologically Eclectic Rubbish Lister
perl-modules 5.8.8-12ubuntu0.5 Perl modules
php5-cgi 5.2.4-2ubuntu5.10 HTML-embedded scripting languag
php5-cli 5.2.4-2ubuntu5.10 interpreter for the php5 script
php5-common 5.2.4-2ubuntu5.10 files for packages built from the php
php5-gd 5.2.4-2ubuntu5.10 module for php5
php5-mysql 5.2.4-2ubuntu5.10 module for php5
pidgin 1:2.5.2-0ubuntu1.2~hardy1 multi-protocol instant messaging c
pidgin-data 1:2.5.2-0ubuntu1.2~hardy1 instant messaging client - da
pkg-config 0.22-1 compile and link flags for libraries
po-debconf 1.0.10 translated Debconf templates files wi
popularity-contest 1.43ubuntu1 for your favourite packages automatical
portmap 6.0-4 RPC portmapper
postfix 2.5.1-2ubuntu1 mail transport agent
postgresql-8.3 8.3.1-1 SQL database, version 8.3
postgresql-client-8.3 8.3.1-1 programs for PostgreSQL 8.3
postgresql-client-common 87 for multiple PostgreSQL client versi
postgresql-common 87 database-cluster manager
ppp 2.4.4rel-9ubuntu2 Protocol (PPP) daemon
pppconfig 2.3.17ubuntu1 text menu based utility for configuring pp
pppoeconf 1.17ubuntu1 PPPoE/ADSL connections
procps 1:3.2.7-5ubuntu2 file system utilities
proftpd 1.3.1-6ubuntu1 virtual-hosting FTP daemon - bina
psmisc 22.6-1 that use the proc filesystem
python 2.5.2-0ubuntu1 interactive high-level object-oriented la
python-apt 0.7.4ubuntu7 interface to libapt-pkg
python-central 0.6.5ubuntu1 and build utility for Python packag
python-gdbm 2.5.2-0ubuntu2 dbm database support for Python
python-gnupginterface 0.3.2-9ubuntu1 interface to GnuPG (GPG)
python-minimal 2.5.2-0ubuntu1 minimal subset of the Python language (def
python-support 0.7.5ubuntu1 rebuilding support for python modu
python2.5 2.5.2-2ubuntu6.1 interactive high-level object-oriented la
python2.5-dev 2.5.2-2ubuntu6.1 files and a static library for Python
python2.5-minimal 2.5.2-2ubuntu6.1 minimal subset of the Python language (ver
quilt 0.46-4 to work with series of patches
rcs 5.7-21 GNU Revision Control System
readline-common 5.2-3build1 readline and history libraries, common f
reiserfsprogs 1:3.6.19-6 tools for ReiserFS filesystems
rhino 1.6.R7-2ubuntu1 engine written in Java
rsh-client 0.17-14ubuntu1 clients
rsh-server 0.17-14ubuntu1 servers
rsync 2.6.9-6ubuntu2 remote file copy program (like rcp)
ruby 4.1 interpreter of object-oriented scripting
ruby1.8 1.8.6.111-2ubuntu1.3 of object-oriented scripting lan
samba 3.0.20-0.1ubuntu1 LanManager-like file and printer server fo
samba-common 3.0.20-0.1ubuntu1 common files used by both the server a
screen 4.0.3-7ubuntu1 multiplexor with VT100/ANSI termina
sed 4.1.5-5 GNU sed stream editor
sgml-base 1.26 infrastructure and SGML catalog file su
snmp 5.4.1~dfsg-4ubuntu4.3 (Simple Network Management Protocol) ap
snmpd 5.4.1~dfsg-4ubuntu4.3 (Simple Network Management Protocol) ag
socat 1.6.0.0-1 relay for bidirectional data tr
ssl-cert 1.0.14-0ubuntu2 debconf wrapper for openssl
startup-tasks 0.3.9-2 of essential tasks to run on sta
strace 4.5.15-1.1ubuntu1 system call tracer
sudo 1.6.9p10-1ubuntu3 limited super user privileges to spe
sysklogd 1.5-1ubuntu1 Logging Daemon
system-services 0.3.9-2 of essential system services
sysv-rc 2.86.ds1-14.1ubuntu45 runlevel change mechanism
sysvutils 2.86.ds1-14.1ubuntu45 utilities
tar 1.19-3 version of the tar archiving utility
tasksel 2.70ubuntu5 for selecting tasks for installation on
tasksel-data 2.70ubuntu5 tasks used for installation of Debi
tcpd 7.6.dbs-14 Venema's TCP wrapper utilities
tcpdump 3.9.8-2 powerful tool for network monitoring and d
telnet 0.17-35ubuntu1 telnet client
telnetd 0.17-35ubuntu1 telnet server
tftpd 0.17-15ubuntu1 file transfer protocol server
tightvncserver 1.2.9-22 network computing server software
time 1.7-21build1 GNU time program for measuring cpu resou
tomcat5.5 5.5.25-5ubuntu1.2 and JSP engine
tomcat5.5-admin 5.5.25-5ubuntu1.2 Servlet engine -- admin & manager web i
tomcat5.5-webapps 5.5.25-5ubuntu1.2 Servlet engine -- documentation and exa
ttf-dejavu 2.23-1 to pull in ttf-dejavu-core and t
ttf-dejavu-core 2.23-1 font family derivate with additional ch
ttf-dejavu-extra 2.23-1 font family derivate with additional ch
tzdata 2008b-1ubuntu1 zone and daylight-saving time data
ubuntu-keyring 2008.03.04 keys of the Ubuntu archive
ubuntu-minimal 1.102 core of Ubuntu
ubuntu-standard 1.102 Ubuntu standard system
ucf 3.005 Configuration File: preserve user cha
udev 117-8 device node and kernel event mana
ufw 0.16.2 for managing a netfilter firewall
unzip 5.52-10ubuntu2 for .zip files
update-inetd 4.27-0.6 updater
update-manager-core 1:0.87.24 release upgrades
upstart 0.3.9-2 init daemon
upstart-compat-sysv 0.3.9-2 for System-V-like init
upstart-logd 0.3.9-2 logging daemon
usbutils 0.73-5ubuntu2 USB utilities
util-linux 2.13.1-5ubuntu1 system utilities
util-linux-locales 2.13.1-5ubuntu1 files for util-linux
uuid-runtime 1.40.8-2ubuntu2 unique id library
vim-common 1:7.1-138+1ubuntu3 IMproved - Common files
vim-tiny 1:7.1-138+1ubuntu3 IMproved - enhanced vi editor - compact v
w3m 0.5.1-5.1ubuntu1 browsable pager with excellent tables/fr
wget 1.10.2-3ubuntu1 files from the web
whiptail 0.52.2-11.2ubuntu1 user-friendly dialog boxes from she
wireless-tools 29-1ubuntu2 for manipulating Linux Wireless Extens
wpasupplicant 0.6.0+0.5.8-0ubuntu2 support for WPA and WPA2 (IEEE 802.11
x11-apps 7.3+1 applications
x11-common 1:7.3+10ubuntu10.2 Window System (X.Org) infrastructure
x11-session-utils 7.3+1 session utilities
x11-utils 7.3+1 utilities
x11-xfs-utils 7.3+1 font server utilities
x11-xkb-utils 7.3+1 XKB utilities
x11-xserver-utils 7.3+2ubuntu0.1 server utilities
xauth 1:1.0.2-2 authentication utility
xbase-clients 1:7.3+10ubuntu10.2 X clients - metapackage
xbitmaps 1.0.1-2ubuntu1 X bitmaps
xfonts-100dpi 1:1.0.0-4 dpi fonts for X
xfonts-75dpi 1:1.0.0-4 dpi fonts for X
xfonts-base 1:1.0.0-5 fonts for X
xfonts-encodings 1:1.0.2-3 for X.Org fonts
xfonts-scalable 1:1.0.0-6ubuntu0.8.04.1 fonts for X
xfonts-utils 1:1.0.1-2ubuntu1 Window System font utility programs
xinetd 1:2.3.14-5 for inetd with many enhancements
xinit 1.0.7-2 server initialisation tool
xkb-data 1.1~cvs.20080104.1-1ubuntu6 Keyboard Extension (XKB) configuration dat
xorg 1:7.3+10ubuntu10.2 X Window System
xserver-xorg 1:7.3+10ubuntu10.2 X.Org X server
xserver-xorg-core 2:1.4.1~git20080131-1ubuntu9.3 X server - core server
xserver-xorg-input-all 1:7.3+10ubuntu10.2 X.Org X server -- input driver metapacka
xserver-xorg-input-evdev 1:1.2.0-1ubuntu2 X server -- evdev input driver
xserver-xorg-input-kbd 1:1.2.2-3ubuntu1 X server -- keyboard input driver
xserver-xorg-input-mouse 1:1.2.3-2 X server -- mouse input driver
xserver-xorg-input-synaptics 0.14.7~git20070706-1ubuntu4 TouchPad driver for X.Org server
xserver-xorg-input-vmmouse 1:12.4.3-1ubuntu1 X server -- VMMouse input driver to us
xserver-xorg-input-wacom 1:0.7.9.8-0ubuntu3 X server -- Wacom input driver
xserver-xorg-video-all 1:7.3+10ubuntu10.2 X.Org X server -- output driver metapack
xserver-xorg-video-apm 1:1.1.1-10 X server -- APM display driver
xserver-xorg-video-ark 1:0.6.0-9 X server -- ark display driver
xserver-xorg-video-ati 1:6.8.0-1ubuntu1 X server -- ATI display driver
xserver-xorg-video-chips 1:1.1.1-9 X server -- Chips display driver
xserver-xorg-video-cirrus 1:1.1.0-8ubuntu1 X server -- Cirrus display driver
xserver-xorg-video-cyrix 1:1.1.0-8 X server -- Cyrix display driver
xserver-xorg-video-dummy 1:0.2.0-7 X server -- dummy display driver
xserver-xorg-video-fbdev 1:0.3.1-4 X server -- fbdev display driver
xserver-xorg-video-geode 2.9.0-1ubuntu2.5 server -- Geode GX2/LX display driver
xserver-xorg-video-glint 1:1.1.1-8 X server -- Glint display driver
xserver-xorg-video-i128 1:1.2.1-4 X server -- i128 display driver
xserver-xorg-video-i740 1:1.1.0-7 X server -- i740 display driver
xserver-xorg-video-i810 2:1.7.4-0ubuntu7 X server -- Intel i8xx, i9xx display d
xserver-xorg-video-imstt 1:1.1.0-7 X server -- IMSTT display driver
xserver-xorg-video-intel 2:2.2.1-1ubuntu13.8 X server -- Intel i8xx, i9xx display d
xserver-xorg-video-mga 1:1.4.8.dfsg.1-1 X server -- MGA display driver
xserver-xorg-video-neomagic 1:1.1.1-8 X server -- Neomagic display driver
xserver-xorg-video-newport 1:0.2.1-4ubuntu1 X server -- Newport display driver
xserver-xorg-video-nsc 1:2.8.3-2ubuntu0.1 X server -- NSC Geode GX1 display driv
xserver-xorg-video-nv 1:2.1.8-1ubuntu1 X server -- NV display driver
xserver-xorg-video-openchrome 1:0.2.901-0ubuntu4 X server -- VIA display driver
xserver-xorg-video-psb 0.2.1-1ubuntu3 graphics driver for Poulsbo
xserver-xorg-video-rendition 1:4.1.3.dfsg.1-4 X server -- Rendition display driver
xserver-xorg-video-s3 1:0.5.0-4 X server -- legacy S3 display driver
xserver-xorg-video-s3virge 1:1.9.1-7 X server -- S3 ViRGE display driver
xserver-xorg-video-savage 1:2.1.3-5 X server -- Savage display driver
xserver-xorg-video-siliconmotion 1:1.5.1-3 X server -- SiliconMotion display driv
xserver-xorg-video-sis 1:0.9.3-6 X server -- SiS display driver
xserver-xorg-video-sisusb 1:0.8.1-9 X server -- SiS USB display driver
xserver-xorg-video-tdfx 1:1.3.0-6 X server -- tdfx display driver
xserver-xorg-video-tga 1:1.1.0-9ubuntu1 X server -- TGA display driver
xserver-xorg-video-trident 1:1.2.4-1 X server -- Trident display driver
xserver-xorg-video-tseng 1:1.1.1-4 X server -- Tseng display driver
xserver-xorg-video-v4l 1:0.1.1-6ubuntu1 X server -- Video 4 Linux display driv
xserver-xorg-video-vesa 1:1.3.0-4ubuntu4 X server -- VESA display driver
xserver-xorg-video-vga 1:4.1.0-8 X server -- VGA display driver
xserver-xorg-video-via 1:0.2.2-5 X server -- VIA display driver
xserver-xorg-video-vmware 1:10.15.2-1ubuntu2 X server -- VMware display driver
xserver-xorg-video-voodoo 1:1.1.1-5 X server -- Voodoo display driver
xterm 229-1ubuntu1.1 terminal emulator
zlib1g 1:1.2.3.3.dfsg-7ubuntu1 library - runtime
zlib1g-dev 1:1.2.3.3.dfsg-7ubuntu1 library - development
[+] Current processes
USER PID START TIME COMMAND
root 1 Sep10 0:01 /sbin/init
root 2 Sep10 0:00 [kthreadd]
root 3 Sep10 0:00 [migration/0]
root 4 Sep10 0:00 [ksoftirqd/0]
root 5 Sep10 0:00 [watchdog/0]
root 6 Sep10 0:00 [events/0]
root 7 Sep10 0:00 [khelper]
root 41 Sep10 0:00 [kblockd/0]
root 64 Sep10 0:00 [kseriod]
root 182 Sep10 0:00 [pdflush]
root 183 Sep10 0:00 [pdflush]
root 184 Sep10 0:00 [kswapd0]
root 225 Sep10 0:00 [aio/0]
root 1245 Sep10 0:00 [ksnapd]
root 1436 Sep10 0:00 [ata/0]
root 1439 Sep10 0:00 [ata_aux]
root 1446 Sep10 0:00 [scsi_eh_0]
root 1452 Sep10 0:00 [scsi_eh_1]
root 1463 Sep10 0:00 [ksuspend_usbd]
root 1468 Sep10 0:00 [khubd]
root 2331 Sep10 0:00 [scsi_eh_2]
root 2508 Sep10 0:01 [kjournald]
root 2683 Sep10 0:00 /sbin/udevd
root 3046 Sep10 0:00 [kpsmoused]
root 3992 Sep10 0:00 [kjournald]
daemon 4211 Sep10 0:00 /sbin/portmap
statd 4229 Sep10 0:00 /sbin/rpc.statd
root 4235 Sep10 0:00 [rpciod/0]
root 4250 Sep10 0:00 /usr/sbin/rpc.idmapd
root 4477 Sep10 0:00 /sbin/getty
root 4478 Sep10 0:00 /sbin/getty
root 4484 Sep10 0:00 /sbin/getty
root 4487 Sep10 0:00 /sbin/getty
root 4490 Sep10 0:00 /sbin/getty
syslog 4528 Sep10 0:00 /sbin/syslogd
root 4579 Sep10 0:00 /bin/dd
klog 4581 Sep10 0:00 /sbin/klogd
bind 4606 Sep10 0:00 /usr/sbin/named
root 4630 Sep10 0:00 /usr/sbin/sshd
root 4711 Sep10 0:00 /bin/sh
mysql 4753 Sep10 0:04 /usr/sbin/mysqld
root 4755 Sep10 0:00 logger
postgres 4834 Sep10 0:00 /usr/lib/postgresql/8.3/bin/postgres
postgres 4837 Sep10 0:02 postgres:
postgres 4838 Sep10 0:02 postgres:
postgres 4839 Sep10 0:00 postgres:
postgres 4840 Sep10 0:00 postgres:
daemon 4861 Sep10 0:00 distccd
daemon 4862 Sep10 0:00 distccd
root 4916 Sep10 0:00 [lockd]
root 4917 Sep10 0:00 [nfsd4]
root 4918 Sep10 0:00 [nfsd]
root 4919 Sep10 0:00 [nfsd]
root 4920 Sep10 0:00 [nfsd]
root 4921 Sep10 0:00 [nfsd]
root 4922 Sep10 0:00 [nfsd]
root 4923 Sep10 0:00 [nfsd]
root 4924 Sep10 0:00 [nfsd]
root 4925 Sep10 0:00 [nfsd]
root 4929 Sep10 0:00 /usr/sbin/rpc.mountd
root 4997 Sep10 0:00 /usr/lib/postfix/master
postfix 5000 Sep10 0:00 qmgr
root 5005 Sep10 0:00 /usr/sbin/nmbd
root 5007 Sep10 0:00 /usr/sbin/smbd
root 5011 Sep10 0:00 /usr/sbin/smbd
snmp 5013 Sep10 0:04 /usr/sbin/snmpd
root 5028 Sep10 0:00 /usr/sbin/xinetd
daemon 5073 Sep10 0:00 distccd
daemon 5074 Sep10 0:00 distccd
proftpd 5076 Sep10 0:00 proftpd:
daemon 5092 Sep10 0:00 /usr/sbin/atd
root 5105 Sep10 0:00 /usr/sbin/cron
root 5135 Sep10 0:00 /usr/bin/jsvc
root 5136 Sep10 0:00 /usr/bin/jsvc
tomcat55 5138 Sep10 1:24 /usr/bin/jsvc
root 5158 Sep10 0:00 /usr/sbin/apache2
root 5179 Sep10 0:00 /usr/bin/rmiregistry
root 5183 Sep10 0:31 ruby
root 5188 Sep10 0:01 /usr/bin/unrealircd
root 5197 Sep10 0:00 /sbin/getty
root 5202 Sep10 0:06 Xtightvnc
root 5206 Sep10 0:00 /bin/sh
root 5209 Sep10 0:00 xterm
root 5212 Sep10 0:08 fluxbox
root 5223 Sep10 0:00 -bash
www-data 8663 06:54 0:00 /usr/sbin/apache2
www-data 8665 06:54 0:00 /usr/sbin/apache2
www-data 8668 06:54 0:00 /usr/sbin/apache2
www-data 8671 06:54 0:00 /usr/sbin/apache2
www-data 8672 06:54 0:00 /usr/sbin/apache2
postfix 9368 07:18 0:00 pickup
nobody 9622 07:45 0:01 /usr/sbin/smbd
root 9847 08:14 0:00 sleep
root 9848 08:14 0:00 telnet
root 9849 08:14 0:00 sh
root 9850 08:14 0:00 sh
root 9851 08:14 0:00 telnet
daemon 9899 08:23 0:00 sleep
daemon 9900 08:23 0:00 telnet
daemon 9901 08:23 0:00 sh
daemon 9902 08:23 0:00 sh
daemon 9903 08:23 0:00 telnet
daemon 9930 08:26 0:00 python
daemon 9931 08:26 0:00 /bin/bash
daemon 9961 08:34 0:00 python
daemon 10162 08:34 0:00 /bin/sh
daemon 10163 08:34 0:00 ps
[+] Apache Version and Modules
Server version: Apache/2.2.8 (Ubuntu)
Server built: Mar 9 2010 20:45:36
[+] Apache Config File
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See https://httpd.apache.org/docs/2.2/ for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log"
# with ServerRoot set to "" will be interpreted by the
# server as "//var/log/apache2/foo.log".
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
# at <URL:https://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#</IfModule>
#</IfModule>
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog /var/log/apache2/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
# Include all the user configurations:
Include /etc/apache2/httpd.conf
# Include ports listing
Include /etc/apache2/ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Full
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 https://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 30 lines.
# Alias /error/ "/usr/share/apache2/error/"
#
# <Directory "/usr/share/apache2/error">
# AllowOverride None
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en cs de es fr it nl sv pt-br ro
# ForceLanguagePriority Prefer Fallback
# </Directory>
#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
Include /etc/apache2/conf.d/
# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/
[+] Sudo Version (Check out https://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)
Sudo version 1.6.9p10
[*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...
root 5212 Sep10 0:08 fluxbox
Possible Related Packages:
fluxbox 1.1.1-1~hardy1 configurable and low resource X11 Win
root 4579 Sep10 0:00 /bin/dd
root 1468 Sep10 0:00 [khubd]
root 5179 Sep10 0:00 /usr/bin/rmiregistry
root 4922 Sep10 0:00 [nfsd]
root 3046 Sep10 0:00 [kpsmoused]
root 4919 Sep10 0:00 [nfsd]
root 4929 Sep10 0:00 /usr/sbin/rpc.mountd
root 183 Sep10 0:00 [pdflush]
root 5223 Sep10 0:00 -bash
root 5007 Sep10 0:00 /usr/sbin/smbd
root 5011 Sep10 0:00 /usr/sbin/smbd
root 4918 Sep10 0:00 [nfsd]
root 41 Sep10 0:00 [kblockd/0]
root 4997 Sep10 0:00 /usr/lib/postfix/master
Possible Related Packages:
base-passwd 3.5.16 base system master password and group
root 1446 Sep10 0:00 [scsi_eh_0]
root 5206 Sep10 0:00 /bin/sh
root 9849 08:14 0:00 sh
root 4916 Sep10 0:00 [lockd]
root 2508 Sep10 0:01 [kjournald]
root 5158 Sep10 0:00 /usr/sbin/apache2
Possible Related Packages:
apache2 2.2.8-1 generation, scalable, extendable web se
apache2-mpm-prefork 2.2.8-1ubuntu0.15 model for Apache HTTPD
apache2-utils 2.2.8-1ubuntu0.15 programs for webservers
apache2.2-common 2.2.8-1ubuntu0.15 generation, scalable, extendable web se
libapache2-mod-php5 5.2.4-2ubuntu5.24 HTML-embedded scripting languag
root 4711 Sep10 0:00 /bin/sh
root 6 Sep10 0:00 [events/0]
root 4490 Sep10 0:00 /sbin/getty
root 1436 Sep10 0:00 [ata/0]
root 9848 08:14 0:00 telnet
Possible Related Packages:
telnet 0.17-35ubuntu1 telnet client
telnetd 0.17-35ubuntu1 telnet server
root 3 Sep10 0:00 [migration/0]
root 2331 Sep10 0:00 [scsi_eh_2]
root 4 Sep10 0:00 [ksoftirqd/0]
root 4630 Sep10 0:00 /usr/sbin/sshd
root 5135 Sep10 0:00 /usr/bin/jsvc
Possible Related Packages:
jsvc 1.0.2~svn20061127-6 to launch Java applications as daemo
root 4235 Sep10 0:00 [rpciod/0]
root 64 Sep10 0:00 [kseriod]
root 7 Sep10 0:00 [khelper]
root 4478 Sep10 0:00 /sbin/getty
root 5005 Sep10 0:00 /usr/sbin/nmbd
root 5202 Sep10 0:06 Xtightvnc
root 5188 Sep10 0:01 /usr/bin/unrealircd
root 9851 08:14 0:00 telnet
Possible Related Packages:
telnet 0.17-35ubuntu1 telnet client
telnetd 0.17-35ubuntu1 telnet server
root 5 Sep10 0:00 [watchdog/0]
root 4755 Sep10 0:00 logger
root 4917 Sep10 0:00 [nfsd4]
root 4477 Sep10 0:00 /sbin/getty
root 1463 Sep10 0:00 [ksuspend_usbd]
root 5105 Sep10 0:00 /usr/sbin/cron
Possible Related Packages:
cron 3.0pl1-100ubuntu2 of regular background processing
root 9847 08:14 0:00 sleep
root 5136 Sep10 0:00 /usr/bin/jsvc
Possible Related Packages:
jsvc 1.0.2~svn20061127-6 to launch Java applications as daemo
root 3992 Sep10 0:00 [kjournald]
root 4924 Sep10 0:00 [nfsd]
root 4250 Sep10 0:00 /usr/sbin/rpc.idmapd
root 4484 Sep10 0:00 /sbin/getty
root 4487 Sep10 0:00 /sbin/getty
root 2683 Sep10 0:00 /sbin/udevd
root 2 Sep10 0:00 [kthreadd]
root 4920 Sep10 0:00 [nfsd]
root 5209 Sep10 0:00 xterm
Possible Related Packages:
xterm 229-1ubuntu1.1 terminal emulator
root 4923 Sep10 0:00 [nfsd]
root 1439 Sep10 0:00 [ata_aux]
root 5028 Sep10 0:00 /usr/sbin/xinetd
Possible Related Packages:
xinetd 1:2.3.14-5 for inetd with many enhancements
root 1452 Sep10 0:00 [scsi_eh_1]
root 225 Sep10 0:00 [aio/0]
root 4925 Sep10 0:00 [nfsd]
root 5197 Sep10 0:00 /sbin/getty
root 182 Sep10 0:00 [pdflush]
root 5183 Sep10 0:31 ruby
Possible Related Packages:
libruby1.8 1.8.6.111-2ubuntu1.3 necessary to run Ruby 1.8
ruby 4.1 interpreter of object-oriented scripting
ruby1.8 1.8.6.111-2ubuntu1.3 of object-oriented scripting lan
root 184 Sep10 0:00 [kswapd0]
root 4921 Sep10 0:00 [nfsd]
root 1245 Sep10 0:00 [ksnapd]
root 9850 08:14 0:00 sh
root 1 Sep10 0:01 /sbin/init
Possible Related Packages:
busybox-initramfs 1:1.1.3-5ubuntu12 shell setup for initramfs
initramfs-tools 0.85eubuntu36 for generating an initramfs
initscripts 2.86.ds1-14.1ubuntu45 for initializing and shutting down t
libklibc 1.5.7-4ubuntu3 libc subset for use with initramfs
lsb-base 3.2-4ubuntu1 Standard Base 3.2 init script function
module-init-tools 3.3-pre11-4ubuntu5 for managing Linux kernel modules
upstart 0.3.9-2 init daemon
upstart-compat-sysv 0.3.9-2 for System-V-like init
xinit 1.0.7-2 server initialisation tool
[*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...
[+] Installed Tools
/usr/bin/awk
/usr/bin/perl
/usr/bin/python
/usr/bin/ruby
/usr/bin/gcc
/usr/bin/cc
/usr/bin/vi
/usr/bin/vim
/usr/bin/nmap
/usr/bin/find
/bin/netcat
/bin/nc
/usr/bin/wget
/usr/bin/ftp
[+] Related Shell Escape Sequences...
nmap--> --interactive
vi--> :!bash
vi--> :set shell=/bin/bash:shell
vi--> :!bash
vi--> :set shell=/bin/bash:shell
awk--> awk 'BEGIN {system("/bin/bash")}'
find--> find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
perl--> perl -e 'exec "/bin/bash";'
[*] FINDING RELEVENT PRIVILEGE ESCALATION EXPLOITS...
Note: Exploits relying on a compile/scripting language not detected on this system are marked with a '**' but should still be tested!
The following exploits are ranked higher in probability of success because this script detected a related running process, OS, or mounted file system
- 2.6 UDEV < 141 Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8572 || Language=c
- 2.6 UDEV Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8478 || Language=c
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/1518 || Language=c
The following exploits are applicable to this kernel version and should be investigated as well
- Kernel ia32syscall Emulation Privilege Escalation || https://www.exploit-db.com/exploits/15023 || Language=c
- < 2.6.29 exit_notify() Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8369 || Language=c
- 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 Pipe.c Privelege Escalation || https://www.exploit-db.com/exploits/9844 || Language=python
- < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit || https://www.exploit-db.com/exploits/14814 || Language=c
- 2.x sock_sendpage() Local Root Exploit 2 || https://www.exploit-db.com/exploits/9436 || Language=c
- open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || https://www.exploit-db.com/exploits/25307 || Language=c
- 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver) || https://www.exploit-db.com/exploits/9479 || Language=c
- 2.6 UDEV < 141 Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8572 || Language=c
- 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit || https://www.exploit-db.com/exploits/5092 || Language=c
- Linux Kernel <=2.6.28.3 set_selection() UTF-8 Off By One Local Exploit || https://www.exploit-db.com/exploits/9083 || Language=c
- 2.4/2.6 sock_sendpage() Local Root Exploit [2] || https://www.exploit-db.com/exploits/9598 || Language=c
- open-time Capability file_ns_capable() Privilege Escalation || https://www.exploit-db.com/exploits/25450 || Language=c
- CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || https://www.exploit-db.com/exploits/15944 || Language=c
- Linux RDS Protocol Local Privilege Escalation || https://www.exploit-db.com/exploits/15285 || Language=c
- 2.6.x ptrace_attach Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8673 || Language=c
- 2.x sock_sendpage() Local Ring0 Root Exploit || https://www.exploit-db.com/exploits/9435 || Language=c
- Test Kernel Local Root Exploit 0day || https://www.exploit-db.com/exploits/9191 || Language=c
- 2.4/2.6 bluez Local Root Privilege Escalation Exploit (update) || https://www.exploit-db.com/exploits/926 || Language=c
- CAP_SYS_ADMIN to root Exploit || https://www.exploit-db.com/exploits/15916 || Language=c
- 2.4/2.6 sock_sendpage() Local Root Exploit (ppc) || https://www.exploit-db.com/exploits/9545 || Language=c
- 2.6 UDEV Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8478 || Language=c
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/1518 || Language=c
- < 2.6.36.2 Econet Privilege Escalation Exploit || https://www.exploit-db.com/exploits/17787 || Language=c
- Sendpage Local Privilege Escalation || https://www.exploit-db.com/exploits/19933 || Language=ruby
- < 2.6.37-rc2 ACPI custom_method Privilege Escalation || https://www.exploit-db.com/exploits/15774 || Language=c
- 'pipe.c' Local Privilege Escalation Vulnerability || https://www.exploit-db.com/exploits/10018 || Language=sh
- 2.4/2.6 sock_sendpage() Local Root Exploit [3] || https://www.exploit-db.com/exploits/9641 || Language=c
- <= 2.6.37 Local Privilege Escalation || https://www.exploit-db.com/exploits/15704 || Language=c
- 2.4.x / 2.6.x uselib() Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/895 || Language=c
Finished
=================================================================================================
daemon@lame:/tmp/PrivescTools$
Given that the box appears to be based on Metasploitable there’s lots in there. One possible vector is the classic SUID attack on nmap.
Older versions of nmap (2.02 to 5.21) have an –interactive options which allows you to issue shell commands using the “!” character: e.g. !ls. And if nmap has the suid bit set then it’s running as root even when run by a non-privileged user:
The sequence above shows: first check the version: yes it’s old enough. Then get into the interactive mode with the –interactive switch. Then, instead of issuing individual commands, let’s try spawning a shell with !sh and then testing it. https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/ covers this with some other privesc tricks. This is an attack I’ve only ever read about as an example of the risk of SUID so nice to actually use it for once.
There are other privesc routes on here given it’s Metasploitable. The udev exploit is being flagged up by the privchecker app. I tried it and it worked fine but not sure it’s really worth detailing here.
Leave a Reply