Initial Enumeration made as the hype user
Continuing The Post Enumeration with PEAS
Kernel
hype@valentine:~$ file /bin/bash ; uname -a ; cat /etc/*release
/bin/bash: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x6dafe33f9353cbb054b1b1f7b079545992575757, stripped
linux valentine 3.2.0-23-generic #36-ubuntu smp tue apr 10 20:39:51 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"Networks
hype@Valentine:~$ netstat -antup4
(No info could be read for "-p": geteuid()=1000 but you should be root.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 488 10.10.10.79:22 10.10.14.5:45130 ESTABLISHED -
tcp 0 0 10.10.10.79:22 10.10.14.5:56384 ESTABLISHED -
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:49938 0.0.0.0:* - Users
hype@valentine:~$ cat /etc/passwd ; ls -la /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
messagebus:x:102:105::/var/run/dbus:/bin/false
colord:x:103:108:colord colour management daemon,,,:/var/lib/colord:/bin/false
lightdm:x:104:111:Light Display Manager:/var/lib/lightdm:/bin/false
whoopsie:x:105:114::/nonexistent:/bin/false
avahi-autoipd:x:106:117:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
avahi:x:107:118:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
usbmux:x:108:46:usbmux daemon,,,:/home/usbmux:/bin/false
kernoops:x:109:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
pulse:x:110:119:PulseAudio daemon,,,:/var/run/pulse:/bin/false
rtkit:x:111:122:RealtimeKit,,,:/proc:/bin/false
speech-dispatcher:x:112:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
hplip:x:113:7:HPLIP system user,,,:/var/run/hplip:/bin/false
saned:x:114:123::/home/saned:/bin/false
hype:x:1000:1000:Hemorrhage,,,:/home/hype:/bin/bash
sshd:x:115:65534::/var/run/sshd:/usr/sbin/nologin
total 12
drwxr-xr-x 3 root root 4096 Dec 11 2017 .
drwxr-xr-x 26 root root 4096 aug 24 04:16 ..
drwxr-xr-x 21 hype hype 4096 aug 25 01:51 hypeSUIDs
hype@Valentine:~$ find / -perm -04000 -ls -type f 2>/dev/null
17723 36 -rwsr-xr-x 1 root root 36832 Apr 8 2012 /bin/su
15989 32 -rwsr-xr-x 1 root root 31304 Mar 2 2012 /bin/fusermount
17732 68 -rwsr-xr-x 1 root root 69096 Mar 29 2012 /bin/umount
16974 36 -rwsr-xr-x 1 root root 35712 Nov 8 2011 /bin/ping
16975 40 -rwsr-xr-x 1 root root 40256 Nov 8 2011 /bin/ping6
16034 96 -rwsr-xr-x 1 root root 94792 Mar 29 2012 /bin/mount
75004 288 -rwsr-xr-- 1 root messagebus 292944 Feb 22 2012 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
74559 12 -rwsr-xr-x 1 root root 10592 Apr 19 2012 /usr/lib/pt_chown
76845 16 -r-sr-xr-x 1 root root 14320 Dec 11 2017 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
77496 12 -r-sr-xr-x 1 root root 9532 Dec 11 2017 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
78625 16 -rwsr-xr-x 1 root root 14696 Jan 6 2012 /usr/lib/policykit-1/polkit-agent-helper-1
75016 12 -rwsr-xr-x 1 root root 10408 Dec 13 2011 /usr/lib/eject/dmcrypt-get-device
73985 236 -rwsr-xr-x 1 root root 240984 Aug 11 2016 /usr/lib/openssh/ssh-keysign
72182 24 -rwsr-xr-x 1 root root 23184 Jan 6 2012 /usr/bin/pkexec
72399 72 -rwsr-xr-x 1 root root 71248 Jan 31 2012 /usr/bin/sudoedit
71360 12 -rwsr-sr-x 1 root root 10184 Mar 22 2012 /usr/bin/X
72089 32 -rwsr-xr-x 1 root root 32352 Apr 8 2012 /usr/bin/newgrp
71976 16 -rwsr-xr-x 1 root lpadmin 14688 Apr 9 2012 /usr/bin/lppasswd
72069 64 -rwsr-xr-x 1 root root 62400 Jul 28 2011 /usr/bin/mtr
71490 40 -rwsr-xr-x 1 root root 37096 Apr 8 2012 /usr/bin/chsh
71407 20 -rwsr-xr-x 1 root root 18808 Nov 8 2011 /usr/bin/arping
72138 44 -rwsr-xr-x 1 root root 42824 Apr 8 2012 /usr/bin/passwd
72398 72 -rwsr-xr-x 1 root root 71248 Jan 31 2012 /usr/bin/sudo
71413 48 -rwsr-sr-x 1 daemon daemon 47928 Oct 25 2011 /usr/bin/at
71487 44 -rwsr-xr-x 1 root root 41832 Apr 8 2012 /usr/bin/chfn
72443 20 -rwsr-xr-x 1 root root 18912 Nov 8 2011 /usr/bin/traceroute6.iputils
71749 64 -rwsr-xr-x 1 root root 63848 Apr 8 2012 /usr/bin/gpasswd
82037 20 -rwsr-sr-x 1 libuuid libuuid 18856 Mar 29 2012 /usr/sbin/uuidd
81962 320 -rwsr-xr-- 1 root dip 325744 Feb 4 2011 /usr/sbin/pppdSGIDs
hype@valentine:~$ find / -perm -02000 -ls -type f 2>/dev/null
28650 4 drwxrwsr-x 2 root mail 4096 Apr 25 2012 /var/mail
29123 4 drwxrwsr-x 2 libuuid libuuid 4096 Apr 25 2012 /var/lib/libuuid
28644 4 drwxrwsrwt 2 root whoopsie 4096 Feb 8 2018 /var/crash
28647 4 drwxrwsr-x 2 root staff 4096 Apr 19 2012 /var/local
28661 4 drwxrwsr-t 2 root sudo 4096 Dec 11 2017 /var/cache/jockey
81035 12 -rwxr-sr-x 1 root utmp 10096 Apr 30 2011 /usr/lib/utempter/utempter
77672 16 -rwxr-sr-x 1 root utmp 14864 Apr 16 2012 /usr/lib/libvte-2.90-9/gnome-pty-helper
75054 16 -rwxr-sr-x 1 root mail 14664 Mar 30 2012 /usr/lib/evolution/camel-lock-helper-1.2
71360 12 -rwsr-sr-x 1 root root 10184 Mar 22 2012 /usr/bin/X
72005 16 -rwxr-sr-x 1 root mail 14544 Oct 18 2011 /usr/bin/mail-lock
71559 16 -rwxr-sr-x 1 root mail 14800 Oct 17 2011 /usr/bin/dotlockfile
72056 40 -rwxr-sr-x 1 root mlocate 39472 Aug 17 2011 /usr/bin/mlocate
72006 16 -rwxr-sr-x 1 root mail 14544 Oct 18 2011 /usr/bin/mail-touchlock
72456 128 -rwxr-sr-x 1 root ssh 129104 Aug 11 2016 /usr/bin/ssh-agent
71413 48 -rwsr-sr-x 1 daemon daemon 47928 Oct 25 2011 /usr/bin/at
71519 36 -rwxr-sr-x 1 root crontab 35896 Apr 2 2012 /usr/bin/crontab
71456 16 -rwxr-sr-x 1 root tty 14648 Mar 31 2012 /usr/bin/bsd-write
71620 24 -rwxr-sr-x 1 root shadow 23168 Apr 8 2012 /usr/bin/expiry
72007 16 -rwxr-sr-x 1 root mail 14544 Oct 18 2011 /usr/bin/mail-unlock
72517 20 -rwxr-sr-x 1 root tty 18976 Mar 29 2012 /usr/bin/wall
71480 52 -rwxr-sr-x 1 root shadow 50760 Apr 8 2012 /usr/bin/chage
82037 20 -rwsr-sr-x 1 libuuid libuuid 18856 Mar 29 2012 /usr/sbin/uuidd
81819 4 drwxrwsr-x 4 root staff 4096 aug 24 04:16 /usr/local/lib/python2.7
81821 4 drwxrwsr-x 2 root staff 4096 aug 24 04:16 /usr/local/lib/python2.7/site-packages
81820 4 drwxrwsr-x 2 root staff 4096 aug 24 04:16 /usr/local/lib/python2.7/dist-packages
3155 4 drwxrwsr-x 7 root staff 4096 aug 24 04:16 /usr/local/share/sgml
3160 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/sgml/misc
3157 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/sgml/declaration
3159 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/sgml/entities
3161 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/sgml/stylesheet
3158 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/sgml/dtd
81823 4 drwxrwsr-x 2 root staff 4096 aug 24 04:16 /usr/local/share/fonts
81822 4 drwxrwsr-x 2 root staff 4096 aug 24 04:16 /usr/local/share/ca-certificates
3156 4 drwxrwsr-x 6 root staff 4096 aug 24 04:16 /usr/local/share/xml
3164 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/xml/misc
3162 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/xml/declaration
3165 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/xml/schema
3163 4 drwxrwsr-x 2 root staff 4096 Apr 25 2012 /usr/local/share/xml/entities
25056 4 drwxrwsr-t 2 root lpadmin 4096 Apr 9 2012 /usr/share/ppd/custom
72644 132 -rwxr-sr-x 1 root games 132624 Apr 17 2012 /usr/games/gnomine
72645 148 -rwxr-sr-x 1 root games 149016 Apr 17 2012 /usr/games/mahjongg
71338 36 -rwxr-sr-x 1 root shadow 35432 Feb 8 2012 /sbin/unix_chkpwd
131105 4 drwxr-s--- 2 root dip 4096 Apr 25 2012 /etc/chatscripts
132865 4 drwxr-s--- 2 root dip 4096 Apr 25 2012 /etc/ppp/peersProcesses
hype@Valentine:~$ ps -aux | grep -i 'root' --color=auto
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
root 1 0.0 0.2 24428 2408 ? Ss Oct07 0:00 /sbin/init
root 304 0.0 0.0 17224 636 ? S Oct07 0:00 upstart-udev-bridge --daemon
root 309 0.0 0.1 21928 1720 ? Ss Oct07 0:00 /sbin/udevd --daemon
root 482 0.0 0.1 21840 1212 ? S Oct07 0:00 /sbin/udevd --daemon
root 483 0.0 0.1 21844 1176 ? S Oct07 0:00 /sbin/udevd --daemon
root 611 0.0 0.0 15180 388 ? S Oct07 0:00 upstart-socket-bridge --daemon
root 739 0.0 0.3 79036 3192 ? Ss Oct07 0:00 /usr/sbin/modem-manager
root 740 0.0 0.1 21180 1724 ? Ss Oct07 0:00 /usr/sbin/bluetoothd
root 758 0.0 0.6 174444 6616 ? Ssl Oct07 0:01 NetworkManager
avahi 771 0.0 0.0 32172 468 ? S Oct07 0:00 avahi-daemon: chroot helper
root 773 0.0 0.3 104088 3692 ? Ss Oct07 0:00 /usr/sbin/cupsd -F
root 780 0.0 0.3 203500 3888 ? Sl Oct07 0:01 /usr/lib/policykit-1/polkitd --no-debug
root 898 0.0 0.2 49952 2860 ? Ss Oct07 0:00 /usr/sbin/sshd -D
root 987 0.0 0.0 19976 972 tty4 Ss+ Oct07 0:00 /sbin/getty -8 38400 tty4
root 994 0.0 0.0 19976 976 tty5 Ss+ Oct07 0:00 /sbin/getty -8 38400 tty5
root 1000 0.0 0.1 26416 1672 ? Ss Oct07 0:28 /usr/bin/tmux -S /.devs/dev_sess
root 1006 0.0 0.4 20652 4576 pts/12 Ss+ Oct07 0:00 -bash
root 1011 0.0 0.0 19976 972 tty2 Ss+ Oct07 0:00 /sbin/getty -8 38400 tty2
root 1016 0.0 0.0 19976 972 tty3 Ss+ Oct07 0:00 /sbin/getty -8 38400 tty3
root 1018 0.0 0.0 19976 972 tty6 Ss+ Oct07 0:00 /sbin/getty -8 38400 tty6
root 1041 0.0 0.0 4452 812 ? Ss Oct07 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
root 1042 0.0 0.1 19104 1040 ? Ss Oct07 0:00 cron
root 1084 0.0 0.4 164580 4764 ? Sl Oct07 0:58 /usr/bin/vmtoolsd
root 1178 0.0 1.0 113124 10976 ? Ss Oct07 0:02 /usr/sbin/apache2 -k start
root 1409 0.0 0.0 19976 976 tty1 Ss+ Oct07 0:00 /sbin/getty -8 38400 tty1
root 1586 0.0 1.0 66916 10300 ? S Oct07 0:00 /usr/lib/vmware-vgauth/VGAuthService -s
root 1622 0.0 0.5 510124 5508 ? Sl Oct07 0:25 //usr/lib/vmware-caf/pme/bin/ManagementAgentHost
root 7241 0.0 0.3 584296 3896 ? Sl 11:04 0:00 /usr/sbin/console-kit-daemon --no-daemonCron
hype@valentine:~$ crontab -l ; cat /etc/crontab
no crontab for hype
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )