System/Kernel
[dademola@hunit ~]$ uname -a ; cat /etc/*release
Linux hunit 5.9.4-arch1-1 #1 SMP PREEMPT Wed, 04 Nov 2020 21:41:09 +0000 x86_64 GNU/Linux
Arch Linux release
LSB_VERSION=1.4
DISTRIB_ID=Arch
DISTRIB_RELEASE=rolling
DISTRIB_DESCRIPTION="Arch Linux"
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://www.archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://bugs.archlinux.org/"
LOGO=archlinux5.9.4-arch1-1x86_64Arch Linux 1.4
Networks
[dademola@hunit ~]$ ip route ; arp -a
default via 192.168.185.254 dev ens160 proto static
192.168.185.0/24 dev ens160 proto kernel scope link src 192.168.185.125
_gateway (192.168.185.254) at 00:50:56:9e:72:00 [ether] on ens160[dademola@hunit ~]$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:43022 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:12445 0.0.0.0:* LISTEN -
tcp 0 36 192.168.185.125:43022 192.168.45.218:58174 ESTABLISHED -Users & Groups
[dademola@hunit ~]$ cat /etc/passwd ; ll /home
root:x:0:0::/root:/bin/bash
bin:x:1:1::/:/usr/bin/nologin
daemon:x:2:2::/:/usr/bin/nologin
mail:x:8:12::/var/spool/mail:/usr/bin/nologin
ftp:x:14:11::/srv/ftp:/usr/bin/nologin
http:x:33:33::/srv/http:/usr/bin/nologin
nobody:x:65534:65534:Nobody:/:/usr/bin/nologin
dbus:x:81:81:System Message Bus:/:/usr/bin/nologin
systemd-journal-remote:x:982:982:systemd Journal Remote:/:/usr/bin/nologin
systemd-network:x:981:981:systemd Network Management:/:/usr/bin/nologin
systemd-resolve:x:980:980:systemd Resolver:/:/usr/bin/nologin
systemd-timesync:x:979:979:systemd Time Synchronization:/:/usr/bin/nologin
systemd-coredump:x:978:978:systemd Core Dumper:/:/usr/bin/nologin
uuidd:x:68:68::/:/usr/bin/nologin
dhcpcd:x:977:977:dhcpcd privilege separation:/:/usr/bin/nologin
dademola:x:1001:1001::/home/dademola:/bin/bash
git:x:1005:1005::/home/git:/usr/bin/git-shell
avahi:x:976:976:Avahi mDNS/DNS-SD daemon:/:/usr/bin/nologin
total 16K
4.0K drwx------ 5 dademola dademola 4.0K Jan 15 2021 dademola
4.0K drwxr-xr-x 18 root root 4.0K Nov 10 2020 ..
4.0K drwxr-xr-x 4 git git 4.0K Nov 5 2020 git
4.0K drwxr-xr-x 4 root root 4.0K Nov 5 2020 .git
[dademola@hunit ~]$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(bin) gid=1(bin) groups=1(bin),3(sys),2(daemon)
uid=2(daemon) gid=2(daemon) groups=2(daemon),999(adm),1(bin)
uid=8(mail) gid=12(mail) groups=12(mail)
uid=14(ftp) gid=11(ftp) groups=11(ftp)
uid=33(http) gid=33(http) groups=33(http)
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
uid=81(dbus) gid=81(dbus) groups=81(dbus)
uid=982(systemd-journal-remote) gid=982(systemd-journal-remote) groups=982(systemd-journal-remote)
uid=981(systemd-network) gid=981(systemd-network) groups=981(systemd-network)
uid=980(systemd-resolve) gid=980(systemd-resolve) groups=980(systemd-resolve)
uid=979(systemd-timesync) gid=979(systemd-timesync) groups=979(systemd-timesync)
uid=978(systemd-coredump) gid=978(systemd-coredump) groups=978(systemd-coredump)
uid=68(uuidd) gid=68(uuidd) groups=68(uuidd)
uid=977(dhcpcd) gid=977(dhcpcd) groups=977(dhcpcd)
uid=1001(dademola) gid=1001(dademola) groups=1001(dademola)
uid=1005(git) gid=1005(git) groups=1005(git)
uid=976(avahi) gid=976(avahi) groups=976(avahi)uid=1001(dademola) gid=1001(dademola) groups=1001(dademola)uid=1005(git) gid=1005(git) groups=1005(git)
SUIDs
[dademola@hunit ~]$ find / -perm -04000 -ls -type f 2>/dev/null
161024 468 -rws--x--x 1 root root 477264 Oct 26 2020 /usr/lib/ssh/ssh-keysign
265306 60 -rwsr-x--- 1 root dbus 59272 Jul 2 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
147448 72 -rwsr-xr-x 1 root root 71744 Sep 7 2020 /usr/bin/chage
159611 16 -rwsr-sr-t 1 root root 14160 Oct 17 2020 /usr/bin/vmware-user-suid-wrapper
147638 68 -rwsr-xr-x 1 root root 67552 Sep 10 2020 /usr/bin/su
146911 56 -rwsr-xr-x 1 root root 55048 May 23 2020 /usr/bin/ksu
147453 80 -rwsr-xr-x 1 root root 79912 Sep 7 2020 /usr/bin/gpasswd
147615 20 -rwsr-xr-x 1 root root 18400 Sep 10 2020 /usr/bin/newgrp
147646 36 -rwsr-xr-x 1 root root 34784 Sep 10 2020 /usr/bin/umount
162595 44 -rwsr-sr-x 1 root root 43680 Sep 13 2020 /usr/bin/mount.cifs
147451 28 -rwsr-xr-x 1 root root 26768 Sep 7 2020 /usr/bin/expiry
147244 40 -rwsr-sr-x 1 root root 38664 Aug 12 2020 /usr/bin/unix_chkpwd
147612 52 -rwsr-xr-x 1 root root 51168 Sep 10 2020 /usr/bin/mount
155973 36 -rwsr-xr-x 1 root root 34648 May 16 2020 /usr/bin/fusermount
161877 52 -rwsr-xr-x 1 root root 51568 Oct 31 2019 /usr/bin/crontab
147470 44 -rwsr-xr-x 1 root root 44368 Sep 7 2020 /usr/bin/sg
147466 64 -rwsr-xr-x 1 root root 63640 Sep 7 2020 /usr/bin/passwd
147551 36 -rwsr-xr-x 1 root root 34784 Sep 10 2020 /usr/bin/chfn
161932 20 -rwsr-xr-x 1 root root 18256 Oct 14 2020 /usr/bin/suexec
147555 32 -rwsr-xr-x 1 root root 30688 Sep 10 2020 /usr/bin/chshSGIDs
[dademola@hunit ~]$ find / -perm -02000 -ls -type f 2>/dev/null
296 0 drwxr-sr-x 2 root systemd-journal 40 Aug 2 2024 /run/log/journal
787016 8 drwxr-sr-x 4 root systemd-journal 4096 Nov 5 2020 /var/log/journal
787021 8 drwxr-sr-x 2 root systemd-journal-remote 4096 Nov 5 2020 /var/log/journal/remote
787101 8 drwxr-sr-x 2 root systemd-journal 4096 Mar 30 20:12 /var/log/journal/63d4345d3a944a5c872c53e396a0b566
159611 16 -rwsr-sr-t 1 root root 14160 Oct 17 2020 /usr/bin/vmware-user-suid-wrapper
147655 36 -rwxr-sr-x 1 root tty 34784 Sep 10 2020 /usr/bin/wall
162595 44 -rwsr-sr-x 1 root root 43680 Sep 13 2020 /usr/bin/mount.cifs
147244 40 -rwsr-sr-x 1 root root 38664 Aug 12 2020 /usr/bin/unix_chkpwd
147659 24 -rwxr-sr-x 1 root tty 22496 Sep 10 2020 /usr/bin/writeCapabilities
[dademola@hunit ~]$ getcap -r / 2>/dev/null
/usr/bin/newgidmap cap_setgid=ep
/usr/bin/newuidmap cap_setuid=epProcesses
[dademola@hunit ~]$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 28292 11132 ? Ss 20:10 0:00 /sbin/init
root 225 0.0 0.5 88236 23928 ? Ss 20:10 0:00 /usr/lib/systemd/systemd-journald
root 234 0.0 0.2 34336 10560 ? Ss 20:10 0:00 /usr/lib/systemd/systemd-udevd
root 303 0.0 0.0 3644 2248 ? Ss 20:10 0:00 /usr/bin/crond -n
dbus 304 0.0 0.1 7292 4260 ? Ss 20:10 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 306 0.0 0.2 19048 8816 ? Ss 20:10 0:00 /usr/lib/systemd/systemd-logind
root 307 0.0 0.1 158520 6636 ? Ssl 20:10 0:00 /usr/bin/vmtoolsd
root 363 0.0 0.1 6568 5272 ? Ss 20:10 0:00 /usr/bin/httpd -k start -DFOREGROUND
root 364 0.0 0.1 8796 5656 ? Ss 20:10 0:00 sshd: /usr/bin/sshd -D [listener] 0 of 10-100 startups
root 369 0.0 0.0 2476 1660 tty1 Ss+ 20:10 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
http 370 0.0 0.1 1211236 4092 ? Sl 20:10 0:00 /usr/bin/httpd -k start -DFOREGROUND
http 371 0.0 0.1 1211236 4096 ? Sl 20:10 0:00 /usr/bin/httpd -k start -DFOREGROUND
http 372 0.0 0.1 1211236 4092 ? Sl 20:10 0:00 /usr/bin/httpd -k start -DFOREGROUND
dademola 454 0.8 6.8 3625408 274564 ? Ssl 20:10 0:09 /usr/bin/java -jar /home/dademola/blog.jar
root 455 0.0 0.6 84920 26384 ? Ss 20:10 0:00 /usr/bin/smbd --foreground --no-process-group -p12445 ## Type: string ## Default: ## ServiceRestart: nmb NMBDOPTIONS= ## Type: string ## Default: ## ServiceRestart: winbind WINBINDOPTIONS=
root 473 0.0 0.2 82696 9364 ? S 20:10 0:00 /usr/bin/smbd --foreground --no-process-group -p12445 ## Type: string ## Default: ## ServiceRestart: nmb NMBDOPTIONS= ## Type: string ## Default: ## ServiceRestart: winbind WINBINDOPTIONS=
root 474 0.0 0.1 82688 4824 ? S 20:10 0:00 /usr/bin/smbd --foreground --no-process-group -p12445 ## Type: string ## Default: ## ServiceRestart: nmb NMBDOPTIONS= ## Type: string ## Default: ## ServiceRestart: winbind WINBINDOPTIONS=
root 475 0.0 0.2 84920 9980 ? S 20:10 0:00 /usr/bin/smbd --foreground --no-process-group -p12445 ## Type: string ## Default: ## ServiceRestart: nmb NMBDOPTIONS= ## Type: string ## Default: ## ServiceRestart: winbind WINBINDOPTIONS=
systemd+ 537 0.0 0.2 19392 9228 ? Ss 20:12 0:00 /usr/lib/systemd/systemd-networkd
root 548 0.0 0.2 11044 8140 ? Ss 20:13 0:00 sshd: dademola [priv]
dademola 554 0.0 0.2 20296 9972 ? Ss 20:13 0:00 /usr/lib/systemd/systemd --user
dademola 555 0.0 0.0 31928 2800 ? S 20:13 0:00 (sd-pam)
dademola 561 0.0 0.1 11044 4336 ? S 20:13 0:00 sshd: dademola@pts/0
dademola 562 0.0 0.0 4428 3620 pts/0 Ss 20:13 0:00 -bash
dademola 709 0.0 0.0 6800 3124 pts/0 R+ 20:30 0:00 ps -auxwwwroot 303 0.0 0.0 3644 2248 ? Ss 20:10 0:00 /usr/bin/crond -nroot 363 0.0 0.1 6568 5272 ? Ss 20:10 0:00 /usr/bin/httpd -k start -DFOREGROUNDdademola 454 0.8 6.8 3625408 274564 ? Ssl 20:10 0:09 /usr/bin/java -jar /home/dademola/blog.jarroot 455 0.0 0.6 84920 26384 ? Ss 20:10 0:00 /usr/bin/smbd --foreground --no-process-group -p12445 ## Type: string ## Default: ## ServiceRestart: nmb NMBDOPTIONS= ## Type: string ## Default: ## ServiceRestart: winbind WINBINDOPTIONS=
Cron & Systemd
[dademola@hunit ~]$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for dademola
cat: /etc/crontab: No such file or directory
NEXT LEFT LAST PASSED UNIT ACTIVATES >
Mon 2025-03-31 00:00:00 UTC 3h 28min left Sun 2025-03-30 20:12:40 UTC 18min ago shadow.timer shadow.service >
Mon 2025-03-31 20:25:48 UTC 23h left Sun 2025-03-30 20:25:48 UTC 5min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.ser>
2 timers listed.
Pass --all to see loaded but inactive timers, too./Practice/Hunit/4-Post_Enumeration/attachments/{E4AA353D-2ED9-43E7-9595-A62B2E4F5AFA}.png)
[dademola@hunit ~]$ cat /etc/crontab.bak
*/3 * * * * /root/git-server/backups.sh
*/2 * * * * /root/pull.shSneaky
Services
[dademola@hunit ~]$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
init.scope loaded active running System and Service Manager
session-3.scope loaded active running Session 3 of user dademola
cronie.service loaded active running Periodic Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
getty@tty1.service loaded active running Getty on tty1
gradleblog.service loaded active running Gradle Blog
httpd.service loaded active running Apache Web Server
smb.service loaded active running Samba SMB Daemon
sshd.service loaded active running OpenSSH Daemon
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running User Login Management
systemd-networkd.service loaded active running Network Service
systemd-udevd.service loaded active running Rule-based Manager for Device Events and Files
user@1001.service loaded active running User Manager for UID 1001
vmtoolsd.service loaded active running Open Virtual Machine Tools (VMware Tools)
dbus.socket loaded active running D-Bus System Message Bus Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-networkd.socket loaded active running Network Service Netlink Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
23 loaded units listed.gradleblog.servicehttpd.servicesmb.service
Sudo Version
[dademola@hunit ~]$ sudo --version
-bash: sudo: command not found
[dademola@hunit ~]$ /sbin/sudo
-bash: /sbin/sudo: No such file or directory
[dademola@hunit ~]$ /bin/sudo
-bash: /bin/sudo: No such file or directoryGlibc Version
[dademola@hunit ~]$ ldd --version
ldd (GNU libc) 2.32
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (GNU libc) 2.32