System/Kernel
www-data@payday:/var/www/skins$ file /bin/bash ; uname -a ; cat /etc/*release
/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.8, dynamically linked (uses shared libs), stripped
Linux payday 2.6.22-14-server #1 SMP Sun Oct 14 23:34:23 GMT 2007 i686 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=7.10
DISTRIB_CODENAME=gutsy
DISTRIB_DESCRIPTION="Ubuntu 7.10"32-bit
2.6.22-14-server
Ubuntu 7.10
Networks
www-data@payday:/var/www/skins$ ip route ; arp -a
192.168.116.0/24 dev eth0 proto kernel scope link src 192.168.116.39
default via 192.168.116.254 dev eth0 metric 100
Command 'arp' is available in '/usr/sbin/arp'
The command could not be located because '/usr/sbin' is not included in the PATH environment variable.
This is most likely caused by the lack of administrative priviledges associated with your user account.
bash: arp: command not foundwww-data@payday:/var/www/skins$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp 0 0 192.168.116.39:51842 192.168.45.215:9999 ESTABLISHED5091/sh
udp 0 0 192.168.116.39:137 0.0.0.0:* -
udp 0 0 0.0.0.0:137 0.0.0.0:* -
udp 0 0 192.168.116.39:138 0.0.0.0:* -
udp 0 0 0.0.0.0:138 0.0.0.0:* - 127.0.0.1:3306
Users & Groups
www-data@payday:/var/www/skins$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
dhcp:x:100:101::/nonexistent:/bin/false
syslog:x:101:102::/home/syslog:/bin/false
klog:x:102:103::/home/klog:/bin/false
mysql:x:103:107:MySQL Server,,,:/var/lib/mysql:/bin/false
dovecot:x:104:111:Dovecot mail server,,,:/usr/lib/dovecot:/bin/false
postfix:x:105:112::/var/spool/postfix:/bin/false
sshd:x:106:65534::/var/run/sshd:/usr/sbin/nologin
patrick:x:1000:1000:patrick,,,:/home/patrick:/bin/bash
total 12K
4.0K drwxr-xr-x 2 patrick patrick 4.0K Mar 25 2020 patrick
4.0K drwxr-xr-x 3 root root 4.0K Apr 12 2016 .
4.0K drwxr-xr-x 21 root root 4.0K Apr 24 2008 ..www-data@payday:/var/www/skins$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(dhcp) gid=101(dhcp) groups=101(dhcp)
uid=101(syslog) gid=102(syslog) groups=102(syslog)
uid=102(klog) gid=103(klog) groups=103(klog)
uid=103(mysql) gid=107(mysql) groups=107(mysql)
uid=104(dovecot) gid=111(dovecot) groups=111(dovecot),8(mail)
uid=105(postfix) gid=112(postfix) groups=112(postfix)
uid=106(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=1000(patrick) gid=1000(patrick) groups=1000(patrick),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),104(scanner),115(lpadmin)uid=1000(patrick) gid=1000(patrick) groups=1000(patrick),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),104(scanner),115(lpadmin)
SUIDs
www-data@payday:/var/www/skins$ find / -perm -04000 -ls -type f 2>/dev/null
95757 4 -rwsr-xr-- 1 root dhcp 2956 Sep 7 2007 /lib/dhcp3-client/call-dhclient-script
239176 12 -rwsr-xr-x 1 root root 9292 Oct 4 2007 /sbin/umount.cifs
239175 24 -rwsr-xr-x 1 root root 22700 Oct 4 2007 /sbin/mount.cifs
111649 20 -rwsr-xr-- 1 root fuse 19668 Sep 18 2007 /bin/fusermount
111612 32 -rwsr-xr-x 1 root root 30856 Jul 6 2007 /bin/ping
111613 28 -rwsr-xr-x 1 root root 26684 Jul 6 2007 /bin/ping6
111579 4 -rwsr-xr-x 1 root root 3448 Aug 1 2007 /bin/check-foreground-console
111590 64 -rwsr-xr-x 1 root root 61248 Oct 3 2007 /bin/umount
111586 28 -rwsr-xr-x 1 root root 27140 May 18 2007 /bin/su
111589 84 -rwsr-xr-x 1 root root 80568 Oct 3 2007 /bin/mount
98644 16 -r-sr-xr-x 1 root root 14320 Jan 17 2018 /usr/lib/vmware-tools/bin64/vmware-user-suid-wrapper
100938 12 -r-sr-xr-x 1 root root 9532 Jan 17 2018 /usr/lib/vmware-tools/bin32/vmware-user-suid-wrapper
67570 172 -rwsr-xr-x 1 root root 168232 Oct 4 2007 /usr/lib/openssh/ssh-keysign
35346 12 -rwsr-xr-x 1 root root 9624 Sep 30 2007 /usr/lib/pt_chown
67937 12 -rwsr-xr-- 1 root www-data 10596 Oct 4 2007 /usr/lib/apache2/suexec
48504 8 -rwsr-xr-x 1 root root 4536 Jun 14 2007 /usr/lib/eject/dmcrypt-get-device
37686 268 -rwsr-xr-- 1 root dip 269256 Oct 4 2007 /usr/sbin/pppd
34238 24 -rwsr-xr-x 1 root root 23920 May 18 2007 /usr/bin/chsh
37631 48 -rwsr-xr-x 1 root root 46052 May 30 2007 /usr/bin/mtr
37400 12 -rwsr-xr-x 1 root root 11076 Jul 6 2007 /usr/bin/arping
37402 16 -rwsr-xr-x 1 root root 12392 Jul 6 2007 /usr/bin/traceroute6.iputils
36592 96 -rwsr-xr-x 2 root root 91776 Jun 15 2007 /usr/bin/sudo
34241 32 -rwsr-xr-x 1 root root 29104 May 18 2007 /usr/bin/passwd
38006 76 -rwsr-sr-x 1 root mail 72316 Mar 27 2007 /usr/bin/procmail
34240 40 -rwsr-xr-x 1 root root 37392 May 18 2007 /usr/bin/gpasswd
38065 12 -rwsr-xr-x 1 root root 9904 Oct 4 2007 /usr/bin/smbmnt
33803 20 -rwsr-xr-x 1 root root 20456 May 18 2007 /usr/bin/newgrp
37243 40 -rwsr-sr-x 1 daemon daemon 38464 Feb 20 2007 /usr/bin/at
36592 96 -rwsr-xr-x 2 root root 91776 Jun 15 2007 /usr/bin/sudoedit
34237 32 -rwsr-xr-x 1 root root 32208 May 18 2007 /usr/bin/chfn
38064 8 -rwsr-sr-x 1 root root 6516 Oct 4 2007 /usr/bin/smbumountSGIDs
www-data@payday:/var/www/skins$ find / -type f -perm -02000 -ls 2>/dev/null
239043 24 -rwxr-sr-x 1 root shadow 21216 Oct 1 2007 /sbin/unix_chkpwd
37871 12 -rwxr-sr-x 1 root mail 10688 Jun 7 2007 /usr/bin/dotlockfile
33251 12 -rwxr-sr-x 1 root tty 9960 Oct 3 2007 /usr/bin/wall
38006 76 -rwsr-sr-x 1 root mail 72316 Mar 27 2007 /usr/bin/procmail
34236 40 -rwxr-sr-x 1 root shadow 38128 May 18 2007 /usr/bin/chage
37272 8 -rwxr-sr-x 1 root tty 7836 May 15 2007 /usr/bin/bsd-write
37658 84 -rwxr-sr-x 1 root ssh 80688 Oct 4 2007 /usr/bin/ssh-agent
37243 40 -rwsr-sr-x 1 daemon daemon 38464 Feb 20 2007 /usr/bin/at
38007 16 -rwxr-sr-x 1 root mail 12832 Mar 27 2007 /usr/bin/lockfile
38064 8 -rwsr-sr-x 1 root root 6516 Oct 4 2007 /usr/bin/smbumount
34239 20 -rwxr-sr-x 1 root shadow 18664 May 18 2007 /usr/bin/expiry
37284 28 -rwxr-sr-x 1 root crontab 26832 Dec 20 2006 /usr/bin/crontab
37983 8 -rwxr-sr-x 1 root mail 7732 Sep 21 2007 /usr/bin/mutt_dotlockProcesses
www-data@payday:/var/www/skins$ ps -auxwww
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 2948 1852 ? Ss 07:14 0:00 /sbin/init
root 2635 0.0 0.1 2332 744 ? S<s 07:14 0:00 /sbin/udevd --daemon
root 4125 0.0 0.9 17820 4828 ? Sl 07:14 0:00 /usr/sbin/vmtoolsd
root 4170 0.0 1.4 13772 7676 ? S 07:14 0:00 /usr/lib/vmware-vgauth/VGAuthService -s
root 4392 0.0 0.0 1692 512 tty4 Ss+ 07:14 0:00 /sbin/getty 38400 tty4
root 4393 0.0 0.1 1696 516 tty5 Ss+ 07:14 0:00 /sbin/getty 38400 tty5
root 4396 0.0 0.1 1696 520 tty2 Ss+ 07:14 0:00 /sbin/getty 38400 tty2
root 4399 0.0 0.1 1692 516 tty3 Ss+ 07:14 0:00 /sbin/getty 38400 tty3
root 4402 0.0 0.1 1692 516 tty1 Ss+ 07:14 0:00 /sbin/getty 38400 tty1
root 4403 0.0 0.1 1696 520 tty6 Ss+ 07:14 0:00 /sbin/getty 38400 tty6
syslog 4442 0.0 0.1 1916 704 ? Ss 07:14 0:00 /sbin/syslogd -u syslog
root 4461 0.0 0.1 1840 540 ? S 07:14 0:00 /bin/dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg
klog 4463 0.0 0.2 2500 1404 ? Ss 07:14 0:00 /sbin/klogd -P /var/run/klogd/kmsg
root 4542 0.0 0.1 1752 528 ? S 07:14 0:00 /bin/sh /usr/bin/mysqld_safe
mysql 4582 0.0 3.4 128152 18016 ? Sl 07:14 0:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock
root 4583 0.0 0.1 1680 548 ? S 07:14 0:00 logger -p daemon.err -t mysqld_safe -i -t mysqld
root 4654 0.0 0.2 6416 1324 ? Ss 07:14 0:00 /usr/sbin/nmbd -D
root 4656 0.0 0.4 9900 2264 ? Ss 07:14 0:00 /usr/sbin/smbd -D
root 4670 0.0 0.2 7992 1336 ? Ss 07:14 0:00 /usr/sbin/winbindd
root 4690 0.0 0.2 7992 1184 ? S 07:14 0:00 /usr/sbin/winbindd
root 4694 0.0 0.1 2048 624 ? Ss 07:14 0:00 /usr/sbin/dovecot
root 4700 0.0 0.3 8808 2040 ? S 07:14 0:00 dovecot-auth
daemon 4709 0.0 0.0 1960 428 ? Ss 07:14 0:00 /usr/sbin/atd
root 4720 0.0 0.1 2336 908 ? Ss 07:14 0:00 /usr/sbin/cron
dovecot 4731 0.0 0.2 3460 1536 ? S 07:14 0:00 pop3-login
dovecot 4733 0.0 0.2 3464 1536 ? S 07:14 0:00 imap-login
root 4748 0.0 0.2 8000 1272 ? S 07:14 0:00 /usr/sbin/winbindd
root 4749 0.0 0.1 7992 884 ? S 07:14 0:00 /usr/sbin/winbindd
root 4750 0.0 0.1 9900 916 ? S 07:14 0:00 /usr/sbin/smbd -D
root 4751 0.0 1.2 21564 6224 ? Ss 07:14 0:00 /usr/sbin/apache2 -k start
root 4924 0.0 0.1 5280 992 ? Ss 07:16 0:00 /usr/sbin/sshd
www-data 4950 0.0 2.0 25660 10692 ? S 07:20 0:00 /usr/sbin/apache2 -k start
www-data 4954 0.0 1.7 24100 8976 ? S 07:20 0:00 /usr/sbin/apache2 -k start
www-data 4961 0.0 2.2 26260 11448 ? S 07:20 0:00 /usr/sbin/apache2 -k start
www-data 4983 0.0 2.0 25476 10520 ? S 07:46 0:00 /usr/sbin/apache2 -k start
www-data 4985 0.0 1.7 23876 8852 ? S 07:46 0:00 /usr/sbin/apache2 -k start
www-data 4987 0.0 1.7 23872 8840 ? S 07:46 0:00 /usr/sbin/apache2 -k start
dovecot 5043 0.0 0.2 3464 1540 ? S 08:59 0:00 pop3-login
dovecot 5044 0.0 0.2 3460 1536 ? S 08:59 0:00 pop3-login
dovecot 5045 0.0 0.2 3468 1540 ? S 08:59 0:00 imap-login
dovecot 5046 0.0 0.2 3468 1540 ? S 08:59 0:00 imap-login
www-data 5073 0.0 0.7 21564 3812 ? S 09:02 0:00 /usr/sbin/apache2 -k start
www-data 5088 0.0 1.7 24072 8944 ? S 09:10 0:00 /usr/sbin/apache2 -k start
www-data 5089 33.3 0.9 21564 4880 ? R 09:10 4:59 /usr/sbin/apache2 -k start
www-data 5090 0.0 0.6 21564 3336 ? S 09:10 0:00 /usr/sbin/apache2 -k start
www-data 5091 0.0 0.0 1756 492 ? S 09:14 0:00 sh -c bash
www-data 5092 0.0 0.2 3288 1472 ? S 09:14 0:00 bash
root 5126 0.0 0.4 8012 2316 ? Ss 09:19 0:00 sshd: patrick [priv]
patrick 5128 0.0 0.2 8012 1536 ? S 09:19 0:00 sshd: patrick@pts/0
patrick 5129 0.0 0.5 5552 2924 pts/0 Ss+ 09:19 0:00 -bash
www-data 5153 0.0 0.1 1692 516 ? R 09:22 0:00 script /dev/null -c bash
www-data 5154 0.0 0.0 1696 400 ? S 09:22 0:00 script /dev/null -c bash
www-data 5155 0.0 0.0 1752 476 pts/1 Ss 09:22 0:00 sh -c bash
www-data 5156 0.0 0.3 3384 1808 pts/1 S 09:22 0:00 bash
www-data 5202 0.0 0.1 2344 928 pts/1 R+ 09:25 0:00 ps -auxwwwroot 4461 0.0 0.1 1840 540 ? S 07:14 0:00 /bin/dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg
klog 4463 0.0 0.2 2500 1404 ? Ss 07:14 0:00 /sbin/klogd -P /var/run/klogd/kmsg
root 4542 0.0 0.1 1752 528 ? S 07:14 0:00 /bin/sh /usr/bin/mysqld_safe
mysql 4582 0.0 3.4 128152 18016 ? Sl 07:14 0:00 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock
root 4720 0.0 0.1 2336 908 ? Ss 07:14 0:00 /usr/sbin/cron
Cron & Systemd
www-data@payday:/var/www/skins$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for www-data
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
KABOOOM!!!
Whoops, command-not-found has crashed! Please file a bug report at:
https://bugs.launchpad.net/ubuntu/+source/command-not-found
Please include the following information with the report:
sequence item 0: expected string, NoneType found
Traceback (most recent call last):
File "/usr/lib/command-not-found", line 24, in <module>
CommandNotFound(options.data_dir).advise(args[0])
File "/usr/lib/python2.5/site-packages/CommandNotFound/CommandNotFound.py", line 121, in advise
if command in self.getBlacklist():
File "/usr/lib/python2.5/site-packages/CommandNotFound/CommandNotFound.py", line 86, in getBlacklist
blacklist = file(os.sep.join((os.getenv("HOME"), ".command-not-found.blacklist")))
TypeError: sequence item 0: expected string, NoneType found
Python version: 2.5.1 final 0
bash: systemctl: command not foundServices
www-data@payday:/var/www/skins$ systemctl list-units --state=running
KABOOOM!!!
Whoops, command-not-found has crashed! Please file a bug report at:
https://bugs.launchpad.net/ubuntu/+source/command-not-found
Please include the following information with the report:
sequence item 0: expected string, NoneType found
Traceback (most recent call last):
File "/usr/lib/command-not-found", line 24, in <module>
CommandNotFound(options.data_dir).advise(args[0])
File "/usr/lib/python2.5/site-packages/CommandNotFound/CommandNotFound.py", line 121, in advise
if command in self.getBlacklist():
File "/usr/lib/python2.5/site-packages/CommandNotFound/CommandNotFound.py", line 86, in getBlacklist
blacklist = file(os.sep.join((os.getenv("HOME"), ".command-not-found.blacklist")))
TypeError: sequence item 0: expected string, NoneType found
Python version: 2.5.1 final 0
bash: systemctl: command not foundSudo Version
www-data@payday:/var/www/skins$ sudo -V
Sudo version 1.6.8p12Sudo version 1.6.8p12
Glibc Version
www-data@payday:/var/www/skins$ ldd --version
ldd (GNU libc) 2.6.1
Copyright (C) 2007 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (GNU libc) 2.6.1