System/Kernel
www-data@popcorn:/var/www/torrent$ file /bin/bash ; uname -a ; cat /etc/*release
/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
linux popcorn 2.6.31-14-generic-pae #48-ubuntu smp fri oct 16 15:22:42 UTC 2009 i686 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=9.10
DISTRIB_CODENAME=karmic
DISTRIB_DESCRIPTION="Ubuntu 9.10"2.6.31-14-generic-pae
Ubuntu 9.10
i686
Networks
www-data@popcorn:/var/www/torrent$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 10.10.10.6:42358 10.10.14.5:9999 ESTABLISHED 1958/nc 127.0.0.1:3306
Users & Groups
www-data@popcorn:/var/www/torrent$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
landscape:x:102:105::/var/lib/landscape:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
george:x:1000:1000:George Papagiannopoulos,,,:/home/george:/bin/bash
mysql:x:104:113:MySQL Server,,,:/var/lib/mysql:/bin/false
total 12K
4.0k drwxr-xr-x 21 root root 4.0k feb 2 10:57 ..
4.0K drwxr-xr-x 3 george george 4.0K Oct 26 2020 george
4.0K drwxr-xr-x 3 root root 4.0K Mar 17 2017 .george
SUIDs
www-data@popcorn:/var/www/torrent$ find / -perm -04000 -ls -type f 2>/dev/null
4456 32 -rwsr-xr-x 1 root root 30492 May 12 2009 /bin/ping6
4455 36 -rwsr-xr-x 1 root root 34696 May 12 2009 /bin/ping
3001 48 -rwsr-xr-x 1 root root 47096 Oct 23 2009 /bin/umount
3000 72 -rwsr-xr-x 1 root root 72188 Oct 23 2009 /bin/mount
33618 24 -rwsr-xr-x 1 root root 22064 Mar 5 2009 /bin/fusermount
2453 32 -rwsr-xr-x 1 root root 31124 Jul 31 2009 /bin/su
44612 12 -rwsr-xr-x 1 root root 9548 Jan 11 2011 /usr/lib/pt_chown
51162 12 -r-sr-xr-x 1 root root 9532 Oct 26 2020 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
52796 16 -r-sr-xr-x 1 root root 14320 Oct 26 2020 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
4138 8 -rwsr-xr-x 1 root root 5544 Apr 29 2009 /usr/lib/eject/dmcrypt-get-device
37884 176 -rwsr-xr-x 1 root root 179120 Oct 22 2009 /usr/lib/openssh/ssh-keysign
2611 40 -rwsr-xr-x 1 root root 40332 Jul 31 2009 /usr/bin/chfn
2447 32 -rwsr-xr-x 1 root root 30936 Jul 31 2009 /usr/bin/newgrp
37795 52 -rwsr-xr-x 1 root root 52036 Nov 5 2008 /usr/bin/mtr
2612 32 -rwsr-xr-x 1 root root 31756 Jul 31 2009 /usr/bin/chsh
9031 124 -rwsr-xr-x 2 root root 123448 Jun 22 2009 /usr/bin/sudo
37239 16 -rwsr-xr-x 1 root root 13948 May 12 2009 /usr/bin/traceroute6.iputils
2615 44 -rwsr-xr-x 1 root root 41292 Jul 31 2009 /usr/bin/passwd
37227 16 -rwsr-xr-x 1 root root 13816 May 12 2009 /usr/bin/arping
2614 60 -rwsr-xr-x 1 root root 57964 Jul 31 2009 /usr/bin/gpasswd
9031 124 -rwsr-xr-x 2 root root 123448 Jun 22 2009 /usr/bin/sudoedit
36328 48 -rwsr-sr-x 1 daemon daemon 46964 Sep 15 2009 /usr/bin/at
38046 272 -rwsr-xr-- 1 root dip 277352 Feb 20 2009 /usr/sbin/pppd
38329 16 -rwsr-sr-x 1 libuuid libuuid 13848 Oct 23 2009 /usr/sbin/uuidd/usr/bin/mtr
SGIDs
www-data@popcorn:/var/www/torrent$ find / -perm -02000 -ls -type f 2>/dev/null
57402 4 drwxrwsr-x 3 root src 4096 Oct 1 2020 /srv/cvs
57403 4 drwxrwsr-x 3 root src 4096 Oct 1 2020 /srv/cvs/CVSROOT
57404 4 drwxrwsr-x 2 root src 4096 Oct 1 2020 /srv/cvs/CVSROOT/Emptydir
4565 32 -rwxr-sr-x 1 root shadow 30400 Sep 4 2009 /sbin/unix_chkpwd
57056 4 drwxrwsr-x 2 libuuid libuuid 4096 Mar 17 2017 /var/lib/libuuid
122177 4 drwxr-s--- 2 mysql adm 4096 Mar 17 2017 /var/log/mysql
122161 4 drwxrwsr-x 2 root staff 4096 Oct 20 2009 /var/local
8174 4 drwxrwsr-x 2 root mail 4096 Mar 17 2017 /var/mail
37975 4 drwxr-s--- 2 root dip 4096 Mar 17 2017 /etc/chatscripts
37962 4 drwxr-s--- 2 root dip 4096 Mar 17 2017 /etc/ppp/peers
37788 36 -rwxr-sr-x 1 root mlocate 34408 Apr 29 2009 /usr/bin/mlocate
37876 80 -rwxr-sr-x 1 root ssh 79912 Oct 22 2009 /usr/bin/ssh-agent
3863 32 -rwxr-sr-x 1 root crontab 31712 Sep 15 2009 /usr/bin/crontab
2610 60 -rwxr-sr-x 1 root shadow 57580 Jul 31 2009 /usr/bin/chage
7125 12 -rwxr-sr-x 3 root mail 9896 Jul 6 2009 /usr/bin/mail-lock
7125 12 -rwxr-sr-x 3 root mail 9896 Jul 6 2009 /usr/bin/mail-unlock
1135 16 -rwxr-sr-x 1 root tty 13864 Oct 23 2009 /usr/bin/wall
7125 12 -rwxr-sr-x 3 root mail 9896 Jul 6 2009 /usr/bin/mail-touchlock
36588 12 -rwxr-sr-x 1 root tty 9704 May 9 2009 /usr/bin/bsd-write
6816 16 -rwxr-sr-x 1 root mail 14280 Nov 18 2008 /usr/bin/dotlockfile
38855 356 -rwxr-sr-x 1 root utmp 361080 Jul 6 2009 /usr/bin/screen
2613 20 -rwxr-sr-x 1 root shadow 18128 Jul 31 2009 /usr/bin/expiry
32580 4 drwxrwsr-x 4 root src 4096 Oct 26 2020 /usr/src
16331 4 drwxrwsr-x 4 root staff 4096 Mar 17 2017 /usr/local/lib/python2.6
16332 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/lib/python2.6/dist-packages
11162 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/lib/python2.6/site-packages
9953 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/ca-certificates
11325 4 drwxrwsr-x 6 root staff 4096 Mar 17 2017 /usr/local/share/xml
11326 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/xml/schema
11328 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/xml/entities
11327 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/xml/misc
11329 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/xml/declaration
49105 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/fonts
11294 4 drwxrwsr-x 7 root staff 4096 Mar 17 2017 /usr/local/share/sgml
11295 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/sgml/stylesheet
11297 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/sgml/entities
11298 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/sgml/dtd
11296 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/sgml/misc
11299 4 drwxrwsr-x 2 root staff 4096 Mar 17 2017 /usr/local/share/sgml/declarationProcesses
www-data@popcorn:/var/www/torrent$ psps -auxwww
ps -auxwww
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 2528 1420 ? Ss 10:56 0:01 /sbin/init
root 534 0.0 0.0 2264 840 ? S 10:56 0:00 upstart-udev-bridge --daemon
root 539 0.0 0.1 3032 1404 ? S<s 10:56 0:00 udevd --daemon
root 774 0.0 0.1 3028 1320 ? S< 10:56 0:00 udevd --daemon
root 775 0.0 0.1 3028 1336 ? S< 10:56 0:00 udevd --daemon
root 983 0.0 0.0 1852 540 ? Ss 10:56 0:00 dd bs=1 if=/proc/kmsg of=/var/run/rsyslog/kmsg
root 1102 0.0 0.0 1704 548 tty4 Ss+ 10:56 0:00 /sbin/getty -8 38400 tty4
root 1105 0.0 0.0 1704 544 tty5 Ss+ 10:56 0:00 /sbin/getty -8 38400 tty5
root 1108 0.0 0.0 1704 540 tty2 Ss+ 10:56 0:00 /sbin/getty -8 38400 tty2
root 1109 0.0 0.0 1704 544 tty3 Ss+ 10:56 0:00 /sbin/getty -8 38400 tty3
root 1111 0.0 0.0 1704 548 tty6 Ss+ 10:56 0:00 /sbin/getty -8 38400 tty6
root 1112 0.0 0.0 2092 872 ? Ss 10:56 0:00 cron
root 1177 0.0 0.1 5436 1072 ? Ss 10:56 0:00 /usr/sbin/sshd
root 1238 0.0 0.0 1752 536 ? S 10:56 0:00 /bin/sh /usr/bin/mysqld_safe
root 1426 0.0 0.0 1668 544 ? S 10:56 0:00 logger -t mysqld -p daemon.error
root 1655 0.0 0.6 33200 6860 ? Ss 10:57 0:00 /usr/sbin/apache2 -k start
root 1664 0.0 0.3 17008 3812 ? Sl 10:57 0:06 /usr/sbin/vmtoolsd
root 1694 0.0 0.0 1704 544 tty1 Ss+ 10:57 0:00 /sbin/getty -8 38400 tty1
root 1705 0.0 0.7 13752 7680 ? S 10:57 0:00 /usr/lib/vmware-vgauth/VGAuthService -s
www-data 1994 0.0 0.0 2364 928 pts/0 R+ 13:06 0:00 ps -auxwwwudevd --daemon
cron
/bin/sh /usr/bin/mysqld_safe
Cron & Systemd
www-data@popcorn:/var/www/torrent$ crcrontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for www-data
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
systemctl: command not foundSudo Version
www-data@popcorn:/var/www/torrent$ sudo -V
Sudo version 1.7.0Sudo version 1.7.0
Glibc Version
www-data@popcorn:/var/www/torrent$ ldd --version
ldd (EGLIBC) 2.10.1
Copyright (C) 2009 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (EGLIBC) 2.10.1