System/Kernel

sh-4.2$ file /bin/bash ; uname -a ; cat /etc/*release
/bin/bash: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=85e3da5a087950e7aaeb7893c056218a8874d2e5, stripped
linux armageddon.htb 3.10.0-1160.6.1.el7.x86_64 #1 smp tue nov 17 13:59:11 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 7.9.2009 (Core)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
cpe_name="cpe:/o:centos:centos:7"
home_url="https://www.centos.org/"
bug_report_url="https://bugs.centos.org/"
 
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
 
CentOS Linux release 7.9.2009 (Core)
CentOS Linux release 7.9.2009 (Core)

3.10.0-1160.6.1.el7.x86_64 CentOS Linux release 7.9.2009 (Core) x86_64

Networks

sh-4.2$ netstat -antup4
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -                   
tcp        0    141 10.10.10.233:35984      10.10.14.2:443          ESTABLISHED 4255/sh

127.0.0.1:3306 127.0.0.1:25

Users & Groups

sh-4.2$ catcat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin
brucetherealadmin:x:1000:1000::/home/brucetherealadmin:/bin/bash
ls: cannot open directory /home: Permission denied

brucetherealadmin

sh-4.2$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(bin) gid=1(bin) groups=1(bin)
uid=2(daemon) gid=2(daemon) groups=2(daemon)
uid=3(adm) gid=4(adm) groups=4(adm)
uid=4(lp) gid=7(lp) groups=7(lp)
uid=5(sync) gid=0(root) groups=0(root)
uid=6(shutdown) gid=0(root) groups=0(root)
uid=7(halt) gid=0(root) groups=0(root)
uid=8(mail) gid=12(mail) groups=12(mail)
uid=11(operator) gid=0(root) groups=0(root)
uid=12(games) gid=100(users) groups=100(users)
uid=14(ftp) gid=50(ftp) groups=50(ftp)
uid=99(nobody) gid=99(nobody) groups=99(nobody)
uid=192(systemd-network) gid=192(systemd-network) groups=192(systemd-network)
uid=81(dbus) gid=81(dbus) groups=81(dbus)
uid=999(polkitd) gid=998(polkitd) groups=998(polkitd)
uid=74(sshd) gid=74(sshd) groups=74(sshd)
uid=89(postfix) gid=89(postfix) groups=89(postfix),12(mail)
uid=48(apache) gid=48(apache) groups=48(apache)
uid=27(mysql) gid=27(mysql) groups=27(mysql)
uid=1000(brucetherealadmin) gid=1000(brucetherealadmin) groups=1000(brucetherealadmin)

SUIDs

sh-4.2$ find / -perm -04000 -ls -type f 2>/dev/null
25222026   24 -rws--x--x   1 root     root        23968 Sep 30  2020 /usr/bin/chfn
25222029   24 -rws--x--x   1 root     root        23880 Sep 30  2020 /usr/bin/chsh
25255549   80 -rwsr-xr-x   1 root     root        78408 Aug  9  2019 /usr/bin/gpasswd
25255553   44 -rwsr-xr-x   1 root     root        41936 Aug  9  2019 /usr/bin/newgrp
25369504  144 ---s--x--x   1 root     root       147336 Jan 26  2021 /usr/bin/sudo
25313579   44 -rwsr-xr-x   1 root     root        44264 Sep 30  2020 /usr/bin/mount
25222034   76 -rwsr-xr-x   1 root     root        73888 Aug  9  2019 /usr/bin/chage
25313595   32 -rwsr-xr-x   1 root     root        32128 Sep 30  2020 /usr/bin/su
25313599   32 -rwsr-xr-x   1 root     root        31984 Sep 30  2020 /usr/bin/umount
25382778   60 -rwsr-xr-x   1 root     root        57656 Aug  9  2019 /usr/bin/crontab
25314123   24 -rwsr-xr-x   1 root     root        23576 Apr  1  2020 /usr/bin/pkexec
25533891   28 -rwsr-xr-x   1 root     root        27856 Apr  1  2020 /usr/bin/passwd
 43211   36 -rwsr-xr-x   1 root     root        36272 Apr  1  2020 /usr/sbin/unix_chkpwd
205205   12 -rwsr-xr-x   1 root     root        11296 Nov 16  2020 /usr/sbin/usernetctl
160500   16 -rwsr-xr-x   1 root     root        15432 Apr  1  2020 /usr/lib/polkit-1/polkit-agent-helper-1
160481   60 -rwsr-x---   1 root     dbus        57936 Sep 30  2020 /usr/libexec/dbus-1/dbus-daemon-launch-helper

SGIDs

sh-4.2$ find / -perm -02000 -ls -type f 2>/dev/null
25191860   16 -r-xr-sr-x   1 root     tty         15344 Jun 10  2014 /usr/bin/wall
25313605   20 -rwxr-sr-x   1 root     tty         19544 Sep 30  2020 /usr/bin/write
25369530  376 ---x--s--x   1 root     nobody     382216 Aug  9  2019 /usr/bin/ssh-agent
205200   12 -rwxr-sr-x   1 root     root        11224 Nov 16  2020 /usr/sbin/netreport
520385  216 -rwxr-sr-x   1 root     postdrop   218560 Apr  1  2020 /usr/sbin/postdrop
520394  260 -rwxr-sr-x   1 root     postdrop   264128 Apr  1  2020 /usr/sbin/postqueue
159849   12 -rwx--s--x   1 root     utmp        11192 Jun 10  2014 /usr/libexec/utempter/utempter
8579236  456 ---x--s--x   1 root     ssh_keys   465760 Aug  9  2019 /usr/libexec/openssh/ssh-keysign

Processes

sh-4.2$ ps -auxw
ps -auxw
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root       967  0.0  0.3 450272 15488 ?        Ss   16:55   0:01 /usr/sbin/httpd -DFOREGROUND
apache    4248 74.2  0.2 450648  9952 ?        S    18:49   6:49 /usr/sbin/httpd -DFOREGROUND
apache    4249  0.0  0.6 463604 24584 ?        S    18:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4250  0.0  0.6 462556 24044 ?        S    18:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4251 21.0  0.2 450648  9752 ?        R    18:49   1:55 /usr/sbin/httpd -DFOREGROUND
apache    4252  0.0  0.2 450272  7968 ?        S    18:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4253  0.0  0.2 450272  7968 ?        S    18:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4254  0.0  0.2 450272  7968 ?        S    18:49   0:00 /usr/sbin/httpd -DFOREGROUND
apache    4417  0.0  0.0  11688  1136 ?        S    18:56   0:00 sh
apache    4432  0.0  0.0  11824  1756 ?        S    18:57   0:00 /bin/sh -i
apache    4467  0.0  0.0  51732  1704 ?        R    18:58   0:00 ps -auxw

Cron & Systemd

sh-4.2$ crontab -l ; cat /etc/crontab
You (apache) are not allowed to access to (crontab) because of pam configuration.
cat: /etc/crontab: Permission denied

Sudo Version

sh-4.2$ sudo -V
Sudo version 1.8.23
Sudoers policy plugin version 1.8.23
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.23

Sudo version 1.8.23

Glibc Version

sh-4.2$ ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

ldd (GNU libc) 2.17

InfoSec LAB

Explorer

Armageddon_Initial_Foothold_UNIX

System/Kernel

Networks

Users & Groups

SUIDs

SGIDs

Processes

Cron & Systemd

Sudo Version

Glibc Version

Interactive Graph View

Table of Contents

Backlinks