▄▄▄▄▄▄▄▄▄▄▄▄▄▄
                    ▄▄▄▄▄▄▄             ▄▄▄▄▄▄▄▄
             ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄
         ▄▄▄▄     ▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄
         ▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
         ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄       ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
         ▄▄▄▄▄▄▄▄▄▄▄          ▄▄▄▄▄▄               ▄▄▄▄▄▄ ▄
         ▄▄▄▄▄▄              ▄▄▄▄▄▄▄▄                 ▄▄▄▄ 
         ▄▄                  ▄▄▄ ▄▄▄▄▄                  ▄▄▄
         ▄▄                ▄▄▄▄▄▄▄▄▄▄▄▄                  ▄▄
         ▄            ▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄
         ▄      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
         ▄▄▄▄▄▄▄▄▄▄▄▄▄▄                                ▄▄▄▄
         ▄▄▄▄▄  ▄▄▄▄▄                       ▄▄▄▄▄▄     ▄▄▄▄
         ▄▄▄▄   ▄▄▄▄▄                       ▄▄▄▄▄      ▄ ▄▄
         ▄▄▄▄▄  ▄▄▄▄▄        ▄▄▄▄▄▄▄        ▄▄▄▄▄     ▄▄▄▄▄
         ▄▄▄▄▄▄  ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄   ▄▄▄▄▄ 
          ▄▄▄▄▄▄▄▄▄▄▄▄▄▄        ▄          ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 
         ▄▄▄▄▄▄▄▄▄▄▄▄▄                       ▄▄▄▄▄▄▄▄▄▄▄▄▄▄
         ▄▄▄▄▄▄▄▄▄▄▄                         ▄▄▄▄▄▄▄▄▄▄▄▄▄▄
         ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
          ▀▀▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▀▀▀▀▀▀
               ▀▀▀▄▄▄▄▄      ▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▀▀
                     ▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀

    /---------------------------------------------------------------------------\
    |                             Do you like PEASS?                            |
    |---------------------------------------------------------------------------| 
    |         Become a Patreon    :     https://www.patreon.com/peass           |
    |         Follow on Twitter   :     @carlospolopm                           |
    |         Respect on HTB      :     SirBroccoli & makikvues                 |
    |---------------------------------------------------------------------------|
    |                                 Thank you!                                |
    \---------------------------------------------------------------------------/
          linpeas-ng by carlospolop

ADVISORY: This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission.

Linux Privesc Checklist: https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist
 LEGEND:
  RED/YELLOW: 95% a PE vector
  RED: You should take a look to it
  LightCyan: Users with console
  Blue: Users without console & mounted devs
  Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) 
  LightMagenta: Your username

 Starting linpeas. Caching Writable Folders...

                                         ╔═══════════════════╗
═════════════════════════════════════════╣ Basic information ╠═════════════════════════════════════════
                                         ╚═══════════════════╝
OS: Linux version 4.15.0-45-generic (buildd@lcy01-amd64-027) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)) #48~16.04.1-Ubuntu SMP Tue Jan 29 18:03:48 UTC 2019
User & Groups: uid=33(www-data) gid=33(www-data) groups=33(www-data)
Hostname: ubuntu
Writable folder: /dev/shm
[+] /bin/ping is available for network discovery (linpeas can discover hosts, learn more with -h)
[+] /bin/nc is available for network discover & port scanning (linpeas can discover hosts and scan ports, learn more with -h)


Caching directories DONE

                                        ╔════════════════════╗
════════════════════════════════════════╣ System Information ╠════════════════════════════════════════
                                        ╚════════════════════╝
╔══════════╣ Operative system
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits
Linux version 4.15.0-45-generic (buildd@lcy01-amd64-027) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)) #48~16.04.1-Ubuntu SMP Tue Jan 29 18:03:48 UTC 2019
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.6 LTS
Release:	16.04
Codename:	xenial

╔══════════╣ Sudo version
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version
Sudo version 1.8.16

Vulnerable to CVE-2021-4034

╔══════════╣ USBCreator
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation
Vulnerable!!

╔══════════╣ PATH
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
New path exported: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

╔══════════╣ Date & uptime
Fri Feb 11 18:30:14 PST 2022
 18:30:14 up  1:19,  0 users,  load average: 1.53, 1.64, 2.11

╔══════════╣ Any sd*/disk* disk in /dev? (limit 20)
disk

╔══════════╣ Unmounted file-system?
╚ Check if you can mount umounted devices

╔══════════╣ Environment
╚ Any private information inside environment variables?
HISTFILESIZE=0
SHLVL=1
OLDPWD=/var/www/html/assets
APACHE_RUN_DIR=/var/run/apache2
APACHE_PID_FILE=/var/run/apache2/apache2.pid
_=./linpeas.sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
APACHE_LOCK_DIR=/var/lock/apache2
LANG=C
HISTSIZE=0
APACHE_RUN_USER=www-data
APACHE_RUN_GROUP=www-data
APACHE_LOG_DIR=/var/log/apache2
PWD=/var/www/html/assets/images
HISTFILE=/dev/null

╔══════════╣ Searching Signature verification failed in dmesg
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed
dmesg Not Found

╔══════════╣ Executing Linux Exploit Suggester
╚ https://github.com/mzet-/linux-exploit-suggester

╔══════════╣ Executing Linux Exploit Suggester 2
╚ https://github.com/jondonas/linux-exploit-suggester-2

╔══════════╣ Protections
═╣ AppArmor enabled? .............. You do not have enough privilege to read the profile set.
apparmor module is loaded.
═╣ grsecurity present? ............ grsecurity Not Found
═╣ PaX bins present? .............. PaX Not Found
═╣ Execshield enabled? ............ Execshield Not Found
═╣ SELinux enabled? ............... sestatus Not Found
═╣ Is ASLR enabled? ............... Yes
═╣ Printer? ....................... No
═╣ Is this a virtual machine? ..... Yes (xen)

                                             ╔═══════════╗
═════════════════════════════════════════════╣ Container ╠═════════════════════════════════════════════
                                             ╚═══════════╝
╔══════════╣ Container related tools present
╔══════════╣ Container details
═╣ Is this a container? ........... No
═╣ Any running containers? ........ No


                          ╔════════════════════════════════════════════════╗
══════════════════════════╣ Processes, Crons, Timers, Services and Sockets ╠══════════════════════════
                          ╚════════════════════════════════════════════════╝
╔══════════╣ Cleaned processes
╚ Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes
root         1  0.4  0.3 119716  1660 ?        Ss   17:10   0:20 /sbin/init auto noprompt
root       217  0.0  0.0  27796   308 ?        Ss   17:10   0:01 /lib/systemd/systemd-journald
root       250  0.0  0.0  45308   244 ?        Ss   17:10   0:01 /lib/systemd/systemd-udevd
systemd+   287  0.0  0.1 102384   612 ?        Ssl  17:10   0:00 /lib/systemd/systemd-timesyncd
  └─(Caps) 0x0000000002000000=cap_sys_time
root       599  0.0  0.0  36076   448 ?        Ss   17:11   0:00 /usr/sbin/cron -f
root       600  0.0  0.1  28620   936 ?        Ss   17:11   0:00 /lib/systemd/systemd-logind
root       603  0.0  0.2 298348  1032 ?        Ssl  17:11   0:00 /usr/lib/accountsservice/accounts-daemon[0m
root       609  0.0  0.0   4396     0 ?        Ss   17:11   0:00 /usr/sbin/acpid
message+   612  0.0  0.2  43616  1316 ?        Ss   17:11   0:02 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
  └─(Caps) 0x0000000020000000=cap_audit_write
root       656  0.0  0.0 462516   128 ?        Ssl  17:11   0:01 /usr/sbin/NetworkManager --no-daemon[0m
avahi      687  0.0  0.0  44784    20 ?        S    17:11   0:00  _ avahi-daemon: chroot helper
syslog     667  0.0  0.0 256392   172 ?        Ssl  17:11   0:00 /usr/sbin/rsyslogd -n
root       675  0.0  0.5 279808  2728 ?        Ssl  17:11   0:00 /usr/lib/snapd/snapd
root       678  0.0  0.0  16124     4 ?        Ss   17:11   0:00 /sbin/dhclient -1 -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
root       750  0.0  0.2 294240  1308 ?        Ssl  17:11   0:00 /usr/lib/policykit-1/polkitd --no-debug
root       758  0.0  0.0  22820   208 ttyS0    Ss+  17:11   0:00 /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
root       768  0.0  0.0  23004     8 tty1     Ss+  17:11   0:00 /sbin/agetty --noclear tty1 linux
root       805  0.0  0.2 292164  1144 ?        Ssl  17:11   0:00 /usr/sbin/lightdm
root       861  0.0  0.3 337068  1756 tty7     Ssl+ 17:11   0:02  _ /usr/lib/xorg/Xorg -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
root      1009  0.0  0.2 226180  1092 ?        Sl   17:11   0:00  _ lightdm --session-child 16 19
lightdm   1020  0.0  0.0   4504     0 ?        Ss   17:11   0:00      _ /bin/sh /usr/lib/lightdm/lightdm-greeter-session /usr/sbin/unity-greeter
lightdm   1026  0.1  1.0 1026636 5128 ?        Sl   17:11   0:06          _ /usr/sbin/unity-greeter
mysql      884  0.0  0.5 1108124 2564 ?        Ssl  17:11   0:04 /usr/sbin/mysqld
root       891  0.0  0.0   4504     0 ?        Ss   17:11   0:00 /bin/sh /usr/lib/apt/apt.systemd.daily update
root       918  0.0  0.0   4504   328 ?        S    17:11   0:00  _ /bin/sh /usr/lib/apt/apt.systemd.daily lock_is_held update
root      1475 74.3  6.1 171904 29952 ?        S    17:20  52:04      _ /usr/bin/python3 /usr/bin/unattended-upgrade --download-only
_apt     20510  0.0  0.6  52416  3040 ?        S    18:24   0:00          _ /usr/lib/apt/methods/http
_apt     20511  0.0  0.6  52352  3308 ?        S    18:24   0:00          _ /usr/lib/apt/methods/http
whoopsie   893  0.0  0.2 284756  1136 ?        Ssl  17:11   0:00 /usr/bin/whoopsie -f
root       952  0.0  0.3 334980  1936 ?        Ss   17:11   0:00 /usr/sbin/apache2 -k start
www-data  1318  0.0  1.0 336240  5256 ?        S    17:16   0:00  _ /usr/sbin/apache2 -k start
www-data  1319  0.0  1.9 336228  9808 ?        S    17:16   0:01  _ /usr/sbin/apache2 -k start
www-data 23428  0.0  0.1   4504   772 ?        S    18:25   0:00  |   _ sh -c uname -a; w; id; /bin/sh -i
www-data 23432  0.0  0.1   4504   832 ?        S    18:25   0:00  |       _ /bin/sh -i
www-data 23503  0.0  1.8  36220  8936 ?        S    18:26   0:00  |           _ python3 -c import pty; pty.spawn('/bin/bash')
www-data 23504  0.0  0.6  18212  3236 pts/8    Rs+  18:26   0:00  |               _ /bin/bash
www-data 23516  0.3  0.5   5420  2544 pts/8    S    18:28   0:00  |                   _ /bin/sh ./linpeas.sh
www-data 26540  0.0  0.2   5420  1008 pts/8    S    18:30   0:00  |                       _ /bin/sh ./linpeas.sh
www-data 26544  0.0  0.5  34560  2932 pts/8    R    18:30   0:00  |                       |   _ ps fauxwww
www-data 26543  0.0  0.2   5420  1008 pts/8    S    18:30   0:00  |                       _ /bin/sh ./linpeas.sh
www-data  1320  0.0  1.7 338620  8424 ?        S    17:16   0:03  _ /usr/sbin/apache2 -k start
www-data  1321  0.0  2.5 336464 12588 ?        S    17:16   0:00  _ /usr/sbin/apache2 -k start
www-data  1322  0.0  1.0 336528  5104 ?        S    17:16   0:00  _ /usr/sbin/apache2 -k start
www-data  1491  0.0  1.7 336488  8536 ?        S    17:21   0:00  _ /usr/sbin/apache2 -k start
www-data  1500  0.0  2.4 336440 12216 ?        S    17:22   0:00  _ /usr/sbin/apache2 -k start
www-data  1501  0.0  2.6 338372 12984 ?        S    17:22   0:01  _ /usr/sbin/apache2 -k start
lightdm   1012  0.0  0.0  45272     4 ?        Ss   17:11   0:00 /lib/systemd/systemd --user
lightdm   1013  0.0  0.0  63332   176 ?        S    17:11   0:00  _ (sd-pam)
lightdm   1025  0.0  0.1  42996   756 ?        Ss   17:11   0:00 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
lightdm   1048  0.0  0.2 353660  1260 ?        Sl   17:11   0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher --launch-immediately
lightdm   1060  0.0  0.0  42764   192 ?        S    17:11   0:00  _ /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3
lightdm   1052  0.0  0.2 281484  1044 ?        Sl   17:11   0:00 /usr/lib/gvfs/gvfsd
lightdm   1057  0.0  0.1 354428   880 ?        Sl   17:11   0:00 /usr/lib/gvfs/gvfsd-fuse /run/user/108/gvfs -f -o big_writes
lightdm   1069  0.0  0.0 206972   380 ?        Sl   17:11   0:00 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
lightdm   1076  0.0  0.2 178532  1092 ?        Sl   17:11   0:00 /usr/lib/dconf/dconf-service
lightdm   1086  0.0  0.1  53024   508 ?        S    17:11   0:00 upstart --user --startup-event indicator-services-start
lightdm   1092  0.0  0.2 377144  1100 ?        Ssl  17:11   0:00  _ /usr/lib/x86_64-linux-gnu/indicator-messages/indicator-messages-service
lightdm   1093  0.0  0.1 356108   968 ?        Ssl  17:11   0:00  _ /usr/lib/x86_64-linux-gnu/indicator-bluetooth/indicator-bluetooth-service
lightdm   1094  0.0  0.1 366564   812 ?        Ssl  17:11   0:00  _ /usr/lib/x86_64-linux-gnu/indicator-power/indicator-power-service
lightdm   1095  0.0  0.4 553588  2236 ?        Ssl  17:11   0:00  _ /usr/lib/x86_64-linux-gnu/indicator-datetime/indicator-datetime-service
lightdm   1096  0.0  0.4 572240  2040 ?        Ssl  17:11   0:01  _ /usr/lib/x86_64-linux-gnu/indicator-keyboard/indicator-keyboard-service --use-gtk
lightdm   1097  0.0  0.2 682668  1212 ?        Ssl  17:11   0:00  _ /usr/lib/x86_64-linux-gnu/indicator-sound/indicator-sound-service
lightdm   1108  0.0  0.2 643248  1160 ?        Ssl  17:11   0:00  _ /usr/lib/x86_64-linux-gnu/indicator-session/indicator-session-service
lightdm   1116  0.0  0.3 403148  1640 ?        Ssl  17:11   0:00  _ /usr/lib/x86_64-linux-gnu/indicator-application/indicator-application-service
lightdm   1137  0.0  0.1 342648   552 ?        S<l  17:11   0:00  _ /usr/bin/pulseaudio --start --log-target=syslog
lightdm   1088  0.0  0.5 668672  2824 ?        Sl   17:11   0:01 nm-applet
lightdm   1090  0.0  0.6 628148  3200 ?        Sl   17:11   0:02 /usr/lib/unity-settings-daemon/unity-settings-daemon
rtkit     1140  0.0  0.0 183544   452 ?        SNsl 17:11   0:00 /usr/lib/rtkit/rtkit-daemon
  └─(Caps) 0x0000000000800004=cap_dac_read_search,cap_sys_nice
root      1168  0.0  0.2 345864  1032 ?        Ssl  17:12   0:00 /usr/lib/upower/upowerd
colord    1176  0.0  0.2 320532  1176 ?        Ssl  17:12   0:01 /usr/lib/colord/colord
root      1350  0.0  0.0 100344   304 ?        Ss   17:16   0:00 /usr/sbin/cupsd -l
root      1351  0.0  0.1 274812   976 ?        Ssl  17:16   0:00 /usr/sbin/cups-browsed

╔══════════╣ Binary processes permissions (non 'root root' and not belonging to current user)
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes

╔══════════╣ Files opened by processes belonging to other users
╚ This is usually empty because of the lack of privileges to read other user processes information
COMMAND     PID  TID             USER   FD      TYPE DEVICE SIZE/OFF   NODE NAME

╔══════════╣ Processes with credentials in memory (root req)
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory
gdm-password Not Found
gnome-keyring-daemon Not Found
lightdm process found (dump creds from memory as root)
vsftpd Not Found
apache2 process found (dump creds from memory as root)
sshd Not Found

╔══════════╣ Cron jobs
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs
/usr/bin/crontab
incrontab Not Found
-rw-r--r-- 1 root root     722 Apr  5  2016 /etc/crontab

/etc/cron.d:
total 32
drwxr-xr-x   2 root root  4096 Jul 26  2019 .
drwxr-xr-x 134 root root 12288 Jul 26  2019 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder
-rw-r--r--   1 root root   244 Dec 28  2014 anacron
-rw-r--r--   1 root root   670 Jun 22  2017 php
-rw-r--r--   1 root root   190 Jul 26  2019 popularity-contest

/etc/cron.daily:
total 76
drwxr-xr-x   2 root root  4096 Jul 26  2019 .
drwxr-xr-x 134 root root 12288 Jul 26  2019 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder
-rwxr-xr-x   1 root root   311 Dec 28  2014 0anacron
-rwxr-xr-x   1 root root   539 Jun 11  2018 apache2
-rwxr-xr-x   1 root root   376 Mar 31  2016 apport
-rwxr-xr-x   1 root root  1474 Oct  9  2018 apt-compat
-rwxr-xr-x   1 root root   355 May 22  2012 bsdmainutils
-rwxr-xr-x   1 root root   384 Oct  5  2014 cracklib-runtime
-rwxr-xr-x   1 root root  1597 Nov 26  2015 dpkg
-rwxr-xr-x   1 root root   372 May  5  2015 logrotate
-rwxr-xr-x   1 root root  1293 Nov  6  2015 man-db
-rwxr-xr-x   1 root root   435 Nov 17  2014 mlocate
-rwxr-xr-x   1 root root   249 Nov 12  2015 passwd
-rwxr-xr-x   1 root root  3449 Feb 26  2016 popularity-contest
-rwxr-xr-x   1 root root   214 Dec  7  2018 update-notifier-common
-rwxr-xr-x   1 root root  1046 May 19  2016 upstart

/etc/cron.hourly:
total 20
drwxr-xr-x   2 root root  4096 Feb 26  2019 .
drwxr-xr-x 134 root root 12288 Jul 26  2019 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder

/etc/cron.monthly:
total 24
drwxr-xr-x   2 root root  4096 Feb 26  2019 .
drwxr-xr-x 134 root root 12288 Jul 26  2019 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder
-rwxr-xr-x   1 root root   313 Dec 28  2014 0anacron

/etc/cron.weekly:
total 36
drwxr-xr-x   2 root root  4096 Feb 26  2019 .
drwxr-xr-x 134 root root 12288 Jul 26  2019 ..
-rw-r--r--   1 root root   102 Apr  5  2016 .placeholder
-rwxr-xr-x   1 root root   312 Dec 28  2014 0anacron
-rwxr-xr-x   1 root root    86 Apr 13  2016 fstrim
-rwxr-xr-x   1 root root   771 Nov  6  2015 man-db
-rwxr-xr-x   1 root root   211 Dec  7  2018 update-notifier-common

/var/spool/anacron:
total 20
drwxr-xr-x 2 root root 4096 Jul 26  2019 .
drwxr-xr-x 7 root root 4096 Feb 26  2019 ..
-rw------- 1 root root    9 Feb 11 17:16 cron.daily
-rw------- 1 root root    9 Feb 11 17:26 cron.monthly
-rw------- 1 root root    9 Feb 11 17:21 cron.weekly

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin



SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
HOME=/root
LOGNAME=root

1	5	cron.daily	run-parts --report /etc/cron.daily
7	10	cron.weekly	run-parts --report /etc/cron.weekly
@monthly	15	cron.monthly	run-parts --report /etc/cron.monthly

╔══════════╣ Systemd PATH
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

╔══════════╣ Analyzing .service files
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#services
/etc/systemd/system/multi-user.target.wants/networking.service is executing some relative path
/etc/systemd/system/network-online.target.wants/networking.service is executing some relative path
You can't write on systemd PATH

╔══════════╣ System timers
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers
NEXT                         LEFT                 LAST                         PASSED       UNIT                         ACTIVATES
Fri 2019-07-26 19:10:42 PDT  2 years 6 months ago Fri 2022-02-11 17:11:13 PST  1h 19min ago apt-daily.timer              apt-daily.service
Sat 2019-07-27 06:37:13 PDT  2 years 6 months ago Fri 2022-02-11 17:11:13 PST  1h 19min ago apt-daily-upgrade.timer      apt-daily-upgrade.service
Sat 2022-02-12 17:25:18 PST  22h left             Fri 2022-02-11 17:25:18 PST  1h 4min ago  systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
n/a                          n/a                  n/a                          n/a          snapd.snap-repair.timer      snapd.snap-repair.service
n/a                          n/a                  n/a                          n/a          ureadahead-stop.timer        ureadahead-stop.service

╔══════════╣ Analyzing .timer files
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers

╔══════════╣ Analyzing .socket files
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets
/etc/systemd/system/sockets.target.wants/avahi-daemon.socket is calling this writable listener: /var/run/avahi-daemon/socket
/etc/systemd/system/sockets.target.wants/uuidd.socket is calling this writable listener: /run/uuidd/request
/lib/systemd/system/avahi-daemon.socket is calling this writable listener: /var/run/avahi-daemon/socket
/lib/systemd/system/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket
/lib/systemd/system/sockets.target.wants/dbus.socket is calling this writable listener: /var/run/dbus/system_bus_socket
/lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log
/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout
/lib/systemd/system/sockets.target.wants/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket
/lib/systemd/system/syslog.socket is calling this writable listener: /run/systemd/journal/syslog
/lib/systemd/system/systemd-bus-proxyd.socket is calling this writable listener: /var/run/dbus/system_bus_socket
/lib/systemd/system/systemd-journald-dev-log.socket is calling this writable listener: /run/systemd/journal/dev-log
/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/stdout
/lib/systemd/system/systemd-journald.socket is calling this writable listener: /run/systemd/journal/socket
/lib/systemd/system/uuidd.socket is calling this writable listener: /run/uuidd/request

╔══════════╣ Unix Sockets Listening
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets
/com/ubuntu/upstart-session/108/1086
/run/acpid.socket
  └─(Read Write)
/run/avahi-daemon/socket
  └─(Read Write)
/run/cups/cups.sock
  └─(Read Write)
/run/dbus/system_bus_socket
  └─(Read Write)
/run/mysqld/mysqld.sock
  └─(Read Write)
/run/snapd-snap.socket
  └─(Read Write)
/run/snapd.socket
  └─(Read Write)
/run/systemd/fsck.progress
/run/systemd/journal/dev-log
  └─(Read Write)
/run/systemd/journal/socket
  └─(Read Write)
/run/systemd/journal/stdout
  └─(Read Write)
/run/systemd/journal/syslog
  └─(Read Write)
/run/systemd/notify
  └─(Read Write)
/run/systemd/private
  └─(Read Write)
/run/udev/control
/run/user/108/pulse/native
/run/user/108/systemd/private
/run/uuidd/request
  └─(Read Write)
/tmp/.X11-unix/X0
  └─(Read Write)
/tmp/dbus-g4ExflzvT8
/tmp/dbus-knjIsHYxsp
/var/run/avahi-daemon/socket
  └─(Read Write)
/var/run/cups/cups.sock
  └─(Read Write)
/var/run/dbus/system_bus_socket
  └─(Read Write)
/var/run/mysqld/mysqld.sock
  └─(Read Write)

╔══════════╣ D-Bus config files
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus
Possible weak user policy found on /etc/dbus-1/system.d/avahi-dbus.conf (  <policy user="avahi">)
Possible weak user policy found on /etc/dbus-1/system.d/avahi-dbus.conf (  <policy group="netdev">)
Possible weak user policy found on /etc/dbus-1/system.d/bluetooth.conf (  <policy group="bluetooth">
  <policy group="lp">)
Possible weak user policy found on /etc/dbus-1/system.d/dnsmasq.conf (        <policy user="dnsmasq">)
Possible weak user policy found on /etc/dbus-1/system.d/kerneloops.dbus (  <policy user="kernoops">)
Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.ColorManager.conf (  <policy user="colord">)
Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf (        <policy user="whoopsie">)
Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.RealtimeKit1.conf (  <policy user="rtkit">)
Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.network1.conf (        <policy user="systemd-network">)
Possible weak user policy found on /etc/dbus-1/system.d/org.freedesktop.resolve1.conf (        <policy user="systemd-resolve">)
Possible weak user policy found on /etc/dbus-1/system.d/pulseaudio-system.conf (  <policy user="pulse">)
Possible weak user policy found on /etc/dbus-1/system.d/wpa_supplicant.conf (        <policy group="netdev">)

╔══════════╣ D-Bus Service Objects list
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus
NAME                                       PID PROCESS         USER             CONNECTION    UNIT                      SESSION    DESCRIPTION        
:1.0                                         1 systemd         root             :1.0          init.scope                -          -                  
:1.1                                       600 systemd-logind  root             :1.1          systemd-logind.service    -          -                  
:1.14                                      805 lightdm         root             :1.14         lightdm.service           -          -                  
:1.15                                      861 Xorg            root             :1.15         lightdm.service           -          -                  
:1.16                                      893 whoopsie        whoopsie         :1.16         whoopsie.service          -          -                  
:1.17                                     1009 lightdm         root             :1.17         session-c1.scope          c1         -                  
:1.20                                     1026 unity-greeter   lightdm          :1.20         session-c1.scope          c1         -                  
:1.21                                     1086 upstart         lightdm          :1.21         session-c1.scope          c1         -                  
:1.22                                     1093 indicator-bluet lightdm          :1.22         session-c1.scope          c1         -                  
:1.23                                     1092 indicator-messa lightdm          :1.23         session-c1.scope          c1         -                  
:1.24                                     1095 indicator-datet lightdm          :1.24         session-c1.scope          c1         -                  
:1.25                                     1094 indicator-power lightdm          :1.25         session-c1.scope          c1         -                  
:1.26                                     1108 indicator-sessi lightdm          :1.26         session-c1.scope          c1         -                  
:1.28                                     1140 rtkit-daemon    root             :1.28         rtkit-daemon.service      -          -                  
:1.29                                     1137 pulseaudio      lightdm          :1.29         session-c1.scope          c1         -                  
:1.3                                       603 accounts-daemon[0m root             :1.3          accounts-daemon.service   -          -                  
:1.30                                     1096 indicator-keybo lightdm          :1.30         session-c1.scope          c1         -                  
:1.32                                     1090 unity-settings- lightdm          :1.32         session-c1.scope          c1         -                  
:1.34                                     1168 upowerd         root             :1.34         upower.service            -          -                  
:1.35                                     1088 nm-applet       lightdm          :1.35         session-c1.scope          c1         -                  
:1.36                                     1176 colord          colord           :1.36         colord.service            -          -                  
:1.41                                     1350 cupsd           root             :1.41         cups.service              -          -                  
:1.42                                     1351 cups-browsed    root             :1.42         cups-browsed.service      -          -                  
:1.43                                     1351 cups-browsed    root             :1.43         cups-browsed.service      -          -                  
:1.5                                       658 avahi-daemon    avahi            :1.5          avahi-daemon.service      -          -                  
:1.58                                    29965 busctl          www-data         :1.58         apache2.service           -          -                  
:1.7                                       656 NetworkManager  root             :1.7          NetworkManager.service    -          -                  
:1.8                                       750 polkitd         root             :1.8          polkitd.service           -          -                  
com.hp.hplip                                 - -               -                (activatable) -                         -         
com.ubuntu.LanguageSelector                  - -               -                (activatable) -                         -         
com.ubuntu.SoftwareProperties                - -               -                (activatable) -                         -         
com.ubuntu.SystemService                     - -               -                (activatable) -                         -         
com.ubuntu.USBCreator                        - -               -                (activatable) -                         -         
com.ubuntu.WhoopsiePreferences               - -               -                (activatable) -                         -         
fi.epitest.hostap.WPASupplicant              - -               -                (activatable) -                         -         
fi.w1.wpa_supplicant1                        - -               -                (activatable) -                         -         
io.snapcraft.SnapdLoginService               - -               -                (activatable) -                         -         
org.bluez                                    - -               -                (activatable) -                         -         
org.debian.apt                               - -               -                (activatable) -                         -         
org.freedesktop.Accounts                   603 accounts-daemon[0m root             :1.3          accounts-daemon.service   -          -                  
org.freedesktop.Avahi                      658 avahi-daemon    avahi            :1.5          avahi-daemon.service      -          -                  
org.freedesktop.ColorManager              1176 colord          colord           :1.36         colord.service            -          -                  
org.freedesktop.DBus                       612 dbus-daemon[0m     messagebus       org.freedesktop.DBus dbus.service              -          -                  
org.freedesktop.DisplayManager             805 lightdm         root             :1.14         lightdm.service           -          -                  
org.freedesktop.ModemManager1                - -               -                (activatable) -                         -         
org.freedesktop.NetworkManager             656 NetworkManager  root             :1.7          NetworkManager.service    -          -                  
org.freedesktop.PackageKit                   - -               -                (activatable) -                         -         
org.freedesktop.PolicyKit1                 750 polkitd         root             :1.8          polkitd.service           -          -                  
org.freedesktop.RealtimeKit1              1140 rtkit-daemon    root             :1.28         rtkit-daemon.service      -          -                  
org.freedesktop.UDisks2                      - -               -                (activatable) -                         -         
org.freedesktop.UPower                    1168 upowerd         root             :1.34         upower.service            -          -                  
org.freedesktop.fwupd                        - -               -                (activatable) -                         -         
org.freedesktop.hostname1                    - -               -                (activatable) -                         -         
org.freedesktop.locale1                      - -               -                (activatable) -                         -         
org.freedesktop.login1                     600 systemd-logind  root             :1.1          systemd-logind.service    -          -                  
org.freedesktop.network1                     - -               -                (activatable) -                         -         
org.freedesktop.nm_dispatcher                - -               -                (activatable) -                         -         
org.freedesktop.resolve1                     - -               -                (activatable) -                         -         
org.freedesktop.systemd1                     1 systemd         root             :1.0          init.scope                -          -                  
org.freedesktop.thermald                     - -               -                (activatable) -                         -         
org.freedesktop.timedate1                    - -               -                (activatable) -                         -         
org.opensuse.CupsPkHelper.Mechanism          - -               -                (activatable) -                         -         


                                        ╔═════════════════════╗
════════════════════════════════════════╣ Network Information ╠════════════════════════════════════════
                                        ╚═════════════════════╝
╔══════════╣ Hostname, hosts and DNS
ubuntu
127.0.0.1	localhost
127.0.1.1	ubuntu

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
nameserver 10.0.0.2
search eu-west-1.compute.internal

╔══════════╣ Interfaces
# symbolic names for networks, see networks(5) for more information
link-local 169.254.0.0
eth0      Link encap:Ethernet  HWaddr 02:45:22:19:57:bb  
          inet addr:10.10.213.7  Bcast:10.10.255.255  Mask:255.255.0.0
          inet6 addr: fe80::45:22ff:fe19:57bb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:9001  Metric:1
          RX packets:1662 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:417719 (417.7 KB)  TX bytes:610582 (610.5 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:13916 (13.9 KB)  TX bytes:13916 (13.9 KB)


╔══════════╣ Active Ports
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      -               
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -               
tcp6       0      0 :::80                   :::*                    LISTEN      -               
tcp6       0      0 ::1:631                 :::*                    LISTEN      -               

╔══════════╣ Can I sniff with tcpdump?
No



                                         ╔═══════════════════╗
═════════════════════════════════════════╣ Users Information ╠═════════════════════════════════════════
                                         ╚═══════════════════╝
╔══════════╣ My user
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#users
uid=33(www-data) gid=33(www-data) groups=33(www-data)

╔══════════╣ Do I have PGP keys?
/usr/bin/gpg
netpgpkeys Not Found
netpgp Not Found

╔══════════╣ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid

╔══════════╣ Checking sudo tokens
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens
ptrace protection is enabled (1)
gdb was found in PATH

╔══════════╣ Checking Pkexec policy
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2

[Configuration]
AdminIdentities=unix-user:0
[Configuration]
AdminIdentities=unix-group:sudo;unix-group:admin

╔══════════╣ Superusers
root:x:0:0:root:/root:/bin/bash

╔══════════╣ Users with console
root:x:0:0:root:/root:/bin/bash

╔══════════╣ All users & groups
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon[0m) gid=1(daemon[0m) groups=1(daemon[0m)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=100(systemd-timesync) gid=102(systemd-timesync) groups=102(systemd-timesync)
uid=101(systemd-network) gid=103(systemd-network) groups=103(systemd-network)
uid=102(systemd-resolve) gid=104(systemd-resolve) groups=104(systemd-resolve)
uid=103(systemd-bus-proxy) gid=105(systemd-bus-proxy) groups=105(systemd-bus-proxy)
uid=104(syslog) gid=108(syslog) groups=108(syslog),4(adm)
uid=105(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=106(messagebus) gid=110(messagebus) groups=110(messagebus)
uid=107(uuidd) gid=111(uuidd) groups=111(uuidd)
uid=108(lightdm) gid=114(lightdm) groups=114(lightdm)
uid=109(whoopsie) gid=117(whoopsie) groups=117(whoopsie)
uid=110(avahi-autoipd) gid=119(avahi-autoipd) groups=119(avahi-autoipd)
uid=111(avahi) gid=120(avahi) groups=120(avahi)
uid=112(dnsmasq) gid=65534(nogroup) groups=65534(nogroup)
uid=113(colord) gid=123(colord) groups=123(colord)
uid=114(speech-dispatcher) gid=29(audio) groups=29(audio)
uid=115(hplip) gid=7(lp) groups=7(lp)
uid=116(kernoops) gid=65534(nogroup) groups=65534(nogroup)
uid=117(pulse) gid=124(pulse) groups=124(pulse),29(audio)
uid=118(rtkit) gid=126(rtkit) groups=126(rtkit)
uid=119(saned) gid=127(saned) groups=127(saned),122(scanner)
uid=120(usbmux) gid=46(plugdev) groups=46(plugdev)
uid=121(mysql) gid=129(mysql) groups=129(mysql)
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=5(games) gid=60(games) groups=60(games)
uid=6(man) gid=12(man) groups=12(man)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)

╔══════════╣ Login now
 18:30:23 up  1:20,  0 users,  load average: 1.37, 1.60, 2.10
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

╔══════════╣ Last logons

wtmp begins Fri Feb 11 17:16:18 2022

╔══════════╣ Last time logon each user
Username         Port     From             Latest

╔══════════╣ Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)

╔══════════╣ Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!



                                       ╔══════════════════════╗
═══════════════════════════════════════╣ Software Information ╠═══════════════════════════════════════
                                       ╚══════════════════════╝
╔══════════╣ Useful software
/usr/bin/base64
/usr/bin/g++
/usr/bin/gcc
/usr/bin/gdb
/usr/bin/make
/bin/nc
/bin/netcat
/usr/bin/perl
/usr/bin/php
/bin/ping
/usr/bin/python
/usr/bin/python2
/usr/bin/python2.7
/usr/bin/python3
/usr/bin/sudo
/usr/bin/wget
/usr/bin/xterm

╔══════════╣ Installed Compilers
ii  g++                                        4:5.3.1-1ubuntu1                             amd64        GNU C++ compiler
ii  g++-5                                      5.4.0-6ubuntu1~16.04.11                      amd64        GNU C++ compiler
ii  gcc                                        4:5.3.1-1ubuntu1                             amd64        GNU C compiler
ii  gcc-5                                      5.4.0-6ubuntu1~16.04.11                      amd64        GNU C compiler
ii  hardening-includes                         2.7ubuntu2                                   all          Makefile for enabling compiler flags for security hardening
/usr/bin/gcc

╔══════════╣ MySQL version
mysql  Ver 14.14 Distrib 5.7.27, for Linux (x86_64) using  EditLine wrapper

═╣ MySQL connection using default root/root ........... No
═╣ MySQL connection using root/toor ................... No
═╣ MySQL connection using root/NOPASS ................. No

╔══════════╣ Searching mysql credentials and exec
From '/etc/mysql/mysql.conf.d/mysqld.cnf' Mysql user: user		= mysql
Found readable /etc/mysql/my.cnf
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/

╔══════════╣ Analyzing MariaDB Files (limit 70)

-rw------- 1 root root 317 Jul 26  2019 /etc/mysql/debian.cnf

╔══════════╣ Analyzing Apache Files (limit 70)
Version: Server version: Apache/2.4.18 (Ubuntu)
Server built:   2019-04-03T13:34:47
httpd Not Found

══╣ PHP exec extensions
/etc/apache2/mods-enabled/php7.0.conf-<FilesMatch ".+\.ph(p[3457]?|t|tml)$">
/etc/apache2/mods-enabled/php7.0.conf:    SetHandler application/x-httpd-php
--
/etc/apache2/mods-enabled/php7.0.conf-<FilesMatch ".+\.phps$">
/etc/apache2/mods-enabled/php7.0.conf:    SetHandler application/x-httpd-php-source
--
/etc/apache2/mods-available/php7.0.conf-<FilesMatch ".+\.ph(p[3457]?|t|tml)$">
/etc/apache2/mods-available/php7.0.conf:    SetHandler application/x-httpd-php
--
/etc/apache2/mods-available/php7.0.conf-<FilesMatch ".+\.phps$">
/etc/apache2/mods-available/php7.0.conf:    SetHandler application/x-httpd-php-source
--
/etc/apache2/conf-available/php7.0-cgi.conf-
/etc/apache2/conf-available/php7.0-cgi.conf:# application/x-httpd-php                        phtml pht php
/etc/apache2/conf-available/php7.0-cgi.conf:# application/x-httpd-php3                       php3
/etc/apache2/conf-available/php7.0-cgi.conf:# application/x-httpd-php4                       php4
/etc/apache2/conf-available/php7.0-cgi.conf:# application/x-httpd-php5                       php
/etc/apache2/conf-available/php7.0-cgi.conf-<FilesMatch ".+\.ph(p[3457]?|t|tml)$">
/etc/apache2/conf-available/php7.0-cgi.conf:    SetHandler application/x-httpd-php
/etc/apache2/conf-available/php7.0-cgi.conf-</FilesMatch>
/etc/apache2/conf-available/php7.0-cgi.conf:# application/x-httpd-php-source                 phps
/etc/apache2/conf-available/php7.0-cgi.conf-<FilesMatch ".+\.phps$">
/etc/apache2/conf-available/php7.0-cgi.conf:    SetHandler application/x-httpd-php-source
--
/etc/apache2/conf-available/php7.0-cgi.conf-#</Directory>
/etc/apache2/conf-available/php7.0-cgi.conf:#Action application/x-httpd-php /cgi-bin/php7.0
drwxr-xr-x 2 root root 4096 Jul 26  2019 /etc/apache2/sites-enabled
drwxr-xr-x 2 root root 4096 Jul 26  2019 /etc/apache2/sites-enabled
lrwxrwxrwx 1 root root 35 Jul 26  2019 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf


-rw-r--r-- 1 root root 1473 Jul 26  2019 /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory /var/www/html/>
          Options FollowSymlinks
          AllowOverride All
          Require all granted
     </Directory>
	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
lrwxrwxrwx 1 root root 35 Jul 26  2019 /etc/apache2/sites-enabled/000-default.conf -> ../sites-available/000-default.conf
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory /var/www/html/>
          Options FollowSymlinks
          AllowOverride All
          Require all granted
     </Directory>
	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

-rw-r--r-- 1 root root 70999 Jun  4  2019 /etc/php/7.0/apache2/php.ini
allow_url_fopen = On
allow_url_include = Off
odbc.allow_persistent = On
ibase.allow_persistent = 1
mysqli.allow_persistent = On
pgsql.allow_persistent = On
-rw-r--r-- 1 root root 70999 Jun  4  2019 /etc/php/7.0/cgi/php.ini
allow_url_fopen = On
allow_url_include = Off
odbc.allow_persistent = On
ibase.allow_persistent = 1
mysqli.allow_persistent = On
pgsql.allow_persistent = On
-rw-r--r-- 1 root root 70656 Jun  4  2019 /etc/php/7.0/cli/php.ini
allow_url_fopen = On
allow_url_include = Off
odbc.allow_persistent = On
ibase.allow_persistent = 1
mysqli.allow_persistent = On
pgsql.allow_persistent = On

╔══════════╣ Analyzing Rsync Files (limit 70)
-rw-r--r-- 1 root root 1044 Sep 30  2013 /usr/share/doc/rsync/examples/rsyncd.conf
[ftp]
	comment = public archive
	path = /var/www/pub
	use chroot = yes
	lock file = /var/lock/rsyncd
	read only = yes
	list = yes
	uid = nobody
	gid = nogroup
	strict modes = yes
	ignore errors = no
	ignore nonreadable = yes
	transfer logging = no
	timeout = 600
	refuse options = checksum dry-run
	dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz


╔══════════╣ Analyzing Wifi Connections Files (limit 70)
drwxr-xr-x 2 root root 4096 Nov  2  2018 /etc/NetworkManager/system-connections
drwxr-xr-x 2 root root 4096 Nov  2  2018 /etc/NetworkManager/system-connections


╔══════════╣ Analyzing Ldap Files (limit 70)
The password hash is from the {SSHA} to 'structural'
drwxr-xr-x 2 root root 4096 Feb 26  2019 /etc/ldap


╔══════════╣ Searching ssl/ssh files

══╣ Possible private SSH keys were found!
/etc/ImageMagick-6/mime.xml

══╣ /etc/hosts.allow file found, trying to read the rules:
/etc/hosts.allow


Searching inside /etc/ssh/ssh_config for interesting info
Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no

╔══════════╣ Analyzing PAM Auth Files (limit 70)
drwxr-xr-x 2 root root 4096 Jul 26  2019 /etc/pam.d


╔══════════╣ Passwords inside pam.d
/etc/pam.d/lightdm:auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin



╔══════════╣ Analyzing Cloud Credentials Files (limit 70)
drwxr-xr-x 2 root root 4096 Feb 26  2019 /usr/share/help/C/web-credentials










╔══════════╣ Analyzing Keyring Files (limit 70)
drwxr-xr-x 2 root root 4096 Feb 26  2019 /usr/share/keyrings
drwxr-xr-x 2 root root 4096 Feb 26  2019 /var/lib/apt/keyrings




╔══════════╣ Analyzing Backup Manager Files (limit 70)

-rwxrwxrwx 1 root root 4646 Jul 26  2019 /var/www/html/fuel/application/config/database.php
|	['password'] The password used to connect to the database
|	['database'] The name of the database you want to connect to
	'password' => 'mememe',
	'database' => 'fuel_schema',

╔══════════╣ Searching uncommon passwd files (splunk)
passwd file: /etc/pam.d/passwd
passwd file: /etc/passwd
passwd file: /usr/share/bash-completion/completions/passwd
passwd file: /usr/share/lintian/overrides/passwd

╔══════════╣ Analyzing PGP-GPG Files (limit 70)
/usr/bin/gpg
gpg Not Found
netpgpkeys Not Found
netpgp Not Found

-rw-r--r-- 1 root root 12255 Feb 26  2019 /etc/apt/trusted.gpg
-rw-r--r-- 1 root root 4114 Jun 14  2018 /usr/share/gnupg2/distsigkey.gpg
-rw-r--r-- 1 root root 12335 May 18  2012 /usr/share/keyrings/ubuntu-archive-keyring.gpg
-rw-r--r-- 1 root root 0 May 18  2012 /usr/share/keyrings/ubuntu-archive-removed-keys.gpg
-rw-r--r-- 1 root root 2253 Nov  5  2017 /usr/share/keyrings/ubuntu-esm-keyring.gpg
-rw-r--r-- 1 root root 1139 Nov  5  2017 /usr/share/keyrings/ubuntu-fips-keyring.gpg
-rw-r--r-- 1 root root 1227 May 18  2012 /usr/share/keyrings/ubuntu-master-keyring.gpg
-rw-r--r-- 1 root root 2256 Feb 26  2016 /usr/share/popularity-contest/debian-popcon.gpg
-rw-r--r-- 1 root root 12335 Feb 26  2019 /var/lib/apt/keyrings/ubuntu-archive-keyring.gpg


╔══════════╣ Kubernetes information

╔══════════╣ Analyzing Postfix Files (limit 70)
-rw-r--r-- 1 root root 694 May 18  2016 /usr/share/bash-completion/completions/postfix


╔══════════╣ Analyzing FTP Files (limit 70)


-rw-r--r-- 1 root root 69 Jun  4  2019 /etc/php/7.0/mods-available/ftp.ini
-rw-r--r-- 1 root root 69 Jun  4  2019 /usr/share/php7.0-common/common/ftp.ini






╔══════════╣ Analyzing Windows Files Files (limit 70)






















lrwxrwxrwx 1 root root 20 Jul 26  2019 /etc/alternatives/my.cnf -> /etc/mysql/mysql.cnf
lrwxrwxrwx 1 root root 24 Jul 26  2019 /etc/mysql/my.cnf -> /etc/alternatives/my.cnf
-rw-r--r-- 1 root root 81 Jul 26  2019 /var/lib/dpkg/alternatives/my.cnf




-rw-r--r-- 1 root root 553164 Feb 17  2016 /usr/share/gutenprint/5.2/xml/printers.xml























╔══════════╣ Analyzing Other Interesting Files Files (limit 70)
-rw-r--r-- 1 root root 3771 Aug 31  2015 /etc/skel/.bashrc





-rw-r--r-- 1 root root 655 May 16  2017 /etc/skel/.profile






                                         ╔═══════════════════╗
═════════════════════════════════════════╣ Interesting Files ╠═════════════════════════════════════════
                                         ╚═══════════════════╝
╔══════════╣ SUID - Check easy privesc, exploits and write perms
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid
-rwsr-xr-- 1 root dip 386K Jun 12  2018 /usr/sbin/pppd  --->  Apple_Mac_OSX_10.4.8(05-2007)
-rwsr-xr-x 1 root root 19K Mar 17  2017 /usr/lib/x86_64-linux-gnu/oxide-qt/chrome-sandbox
-rwsr-xr-x 1 root root 15K Jan 15  2019 /usr/lib/policykit-1/polkit-agent-helper-1
-rwsr-sr-x 1 root root 97K Jan 29  2019 /usr/lib/snapd/snap-confine  --->  Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304)
-rwsr-xr-- 1 root messagebus 42K Jan 12  2017 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-sr-x 1 root root 11K Oct 25  2018 /usr/lib/xorg/Xorg.wrap
-rwsr-xr-x 1 root root 419K Jan 31  2019 /usr/lib/openssh/ssh-keysign
-rwsr-xr-x 1 root root 10K Mar 27  2017 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 40K May 16  2017 /usr/bin/chsh
-rwsr-xr-x 1 root root 74K May 16  2017 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 39K May 16  2017 /usr/bin/newgrp  --->  HP-UX_10.20
-rwsr-xr-x 1 root root 23K Jan 15  2019 /usr/bin/pkexec  --->  Linux4.10_to_5.1.17(CVE-2019-13272)/rhel_6(CVE-2011-1485)
-rwsr-xr-x 1 root root 11K May  8  2018 /usr/bin/vmware-user-suid-wrapper
-rwsr-xr-x 1 root root 134K Jul  4  2017 /usr/bin/sudo  --->  check_if_the_sudo_version_is_vulnerable
-rwsr-xr-x 1 root root 49K May 16  2017 /usr/bin/chfn  --->  SuSE_9.3/10
-rwsr-xr-x 1 root root 53K May 16  2017 /usr/bin/passwd  --->  Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
-rwsr-xr-x 1 root root 40K May 16  2017 /bin/su
-rwsr-xr-x 1 root root 44K May  7  2014 /bin/ping6
-rwsr-xr-x 1 root root 139K Jan 28  2017 /bin/ntfs-3g  --->  Debian9/8/7/Ubuntu/Gentoo/others/Ubuntu_Server_16.10_and_others(02-2017)
-rwsr-xr-x 1 root root 44K May  7  2014 /bin/ping
-rwsr-xr-x 1 root root 40K May 16  2018 /bin/mount  --->  Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
-rwsr-xr-x 1 root root 27K May 16  2018 /bin/umount  --->  BSD/Linux(08-1996)
-rwsr-xr-x 1 root root 31K Jul 12  2016 /bin/fusermount

╔══════════╣ SGID
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid
-rwxr-sr-x 1 root shadow 35K Apr  9  2018 /sbin/pam_extrausers_chkpwd
-rwxr-sr-x 1 root shadow 35K Apr  9  2018 /sbin/unix_chkpwd
-rwxr-sr-x 1 root utmp 10K Mar 11  2016 /usr/lib/x86_64-linux-gnu/utempter/utempter
-rwxr-sr-x 1 root mail 14K Jul 25  2018 /usr/lib/evolution/camel-lock-helper-1.2
-rwsr-sr-x 1 root root 97K Jan 29  2019 /usr/lib/snapd/snap-confine  --->  Ubuntu_snapd<2.37_dirty_sock_Local_Privilege_Escalation(CVE-2019-7304)
-rwsr-sr-x 1 root root 11K Oct 25  2018 /usr/lib/xorg/Xorg.wrap
-rwxr-sr-x 1 root shadow 23K May 16  2017 /usr/bin/expiry
-rwxr-sr-x 1 root crontab 36K Apr  5  2016 /usr/bin/crontab
-rwxr-sr-x 1 root tty 27K May 16  2018 /usr/bin/wall
-rwxr-sr-x 1 root mlocate 39K Nov 17  2014 /usr/bin/mlocate
-rwxr-sr-x 1 root ssh 351K Jan 31  2019 /usr/bin/ssh-agent
-rwxr-sr-x 1 root tty 15K Mar  1  2016 /usr/bin/bsd-write
-rwxr-sr-x 1 root shadow 61K May 16  2017 /usr/bin/chage

╔══════════╣ Checking misconfigurations of ld.so
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so
/etc/ld.so.conf
include /etc/ld.so.conf.d/*.conf

/etc/ld.so.conf.d
  /etc/ld.so.conf.d/fakeroot-x86_64-linux-gnu.conf
/usr/lib/x86_64-linux-gnu/libfakeroot
  /etc/ld.so.conf.d/libc.conf
/usr/local/lib
  /etc/ld.so.conf.d/x86_64-linux-gnu.conf
/lib/x86_64-linux-gnu
/usr/lib/x86_64-linux-gnu
  /etc/ld.so.conf.d/x86_64-linux-gnu_EGL.conf
/usr/lib/x86_64-linux-gnu/mesa-egl
  /etc/ld.so.conf.d/x86_64-linux-gnu_GL.conf
/usr/lib/x86_64-linux-gnu/mesa

╔══════════╣ Capabilities
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities
Current capabilities:
Current: =
CapInh:	0000000000000000
CapPrm:	0000000000000000
CapEff:	0000000000000000
CapBnd:	0000003fffffffff
CapAmb:	0000000000000000

Shell capabilities:
0x0000000000000000=
CapInh:	0000000000000000
CapPrm:	0000000000000000
CapEff:	0000000000000000
CapBnd:	0000003fffffffff
CapAmb:	0000000000000000

Files with capabilities (limited to 50):
/usr/lib/x86_64-linux-gnu/gstreamer1.0/gstreamer-1.0/gst-ptp-helper = cap_net_bind_service,cap_net_admin+ep
/usr/bin/arping = cap_net_raw+ep
/usr/bin/mtr = cap_net_raw+ep
/usr/bin/gnome-keyring-daemon = cap_ipc_lock+ep
/usr/bin/systemd-detect-virt = cap_dac_override,cap_sys_ptrace+ep
/usr/bin/traceroute6.iputils = cap_net_raw+ep

╔══════════╣ Files with ACLs (limited to 50)
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls
files with acls in searched folders Not Found

╔══════════╣ .sh files in path
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path
/usr/sbin/alsa-info.sh
/usr/bin/amuFormat.sh
/usr/bin/gettext.sh

╔══════════╣ Unexpected in root
/initrd.img.old
/initrd.img
/vmlinuz

╔══════════╣ Files (scripts) in /etc/profile.d/
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files
total 36
drwxr-xr-x   2 root root  4096 Feb 26  2019 .
drwxr-xr-x 134 root root 12288 Jul 26  2019 ..
-rw-r--r--   1 root root    40 Feb 16  2017 appmenu-qt5.sh
-rw-r--r--   1 root root   825 Jan 29  2019 apps-bin-path.sh
-rw-r--r--   1 root root   663 May 18  2016 bash_completion.sh
-rw-r--r--   1 root root  1003 Dec 29  2015 cedilla-portuguese.sh
-rw-r--r--   1 root root  1941 Mar 16  2016 vte-2.91.sh

╔══════════╣ Permissions in init, init.d, systemd, and rc.d
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d

═╣ Hashes inside passwd file? ........... No
═╣ Writable passwd file? ................ No
═╣ Credentials in fstab/mtab? ........... No
═╣ Can I read shadow files? ............. No
═╣ Can I read shadow plists? ............ No
═╣ Can I write shadow plists? ........... No
═╣ Can I read opasswd file? ............. No
═╣ Can I write in network-scripts? ...... No
═╣ Can I read root folder? .............. No

╔══════════╣ Searching root files in home dirs (limit 30)
/home/
/home/www-data/flag.txt
/root/

╔══════════╣ Searching folders owned by me containing others files on it (limit 100)
/home/www-data

╔══════════╣ Readable files belonging to root and readable by me but not world readable

╔══════════╣ Modified interesting files in the last 5mins (limit 100)
/var/log/auth.log
/var/log/syslog

╔══════════╣ Writable log files (logrotten) (limit 100)
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation
Writable: /var/www/html/assets/images/linpeas.log

╔══════════╣ Files inside /home/www-data (limit 20)
total 12
drwx--x--x 2 www-data www-data 4096 Jul 26  2019 .
drwxr-xr-x 3 root     root     4096 Jul 26  2019 ..
-rw-r--r-- 1 root     root       34 Jul 26  2019 flag.txt

╔══════════╣ Files inside others home (limit 20)

╔══════════╣ Searching installed mail applications

╔══════════╣ Mails (limit 50)

╔══════════╣ Backup folders

╔══════════╣ Backup files (limited 100)
-rw-r--r-- 1 root root 17899 Jul 26  2019 /var/log/Xorg.0.log.old
-rw-r--r-- 1 root root 128 Feb 26  2019 /var/lib/sgml-base/supercatalog.old
-rw-r--r-- 1 root root 8022 Jan 29  2019 /lib/modules/4.15.0-45-generic/kernel/drivers/net/team/team_mode_activebackup.ko
-rw-r--r-- 1 root root 7974 Jan 29  2019 /lib/modules/4.15.0-45-generic/kernel/drivers/power/supply/wm831x_backup.ko
-rw-r--r-- 1 root root 446 Sep 10  2015 /usr/share/app-install/desktop/kbackup:kde4__kbackup.desktop
-rw-r--r-- 1 root root 449 Sep 10  2015 /usr/share/app-install/desktop/luckybackup:luckybackup.desktop
-rw-r--r-- 1 root root 396 Sep 10  2015 /usr/share/app-install/desktop/barrybackup-gui:barrybackup.desktop
-rw-r--r-- 1 root root 502 Sep 10  2015 /usr/share/app-install/desktop/slbackup-php:slbackup-php.desktop
-rw-r--r-- 1 root root 298768 Dec 29  2015 /usr/share/doc/manpages/Changes.old.gz
-rw-r--r-- 1 root root 7867 May  6  2015 /usr/share/doc/telnet/README.telnet.old.gz
-rwxr-xr-x 1 root root 1513 Oct 19  2013 /usr/share/doc/libipc-system-simple-perl/examples/rsync-backup.pl
-rw-r--r-- 1 root root 11308 Feb 26  2019 /usr/share/info/dir.old
-rw-r--r-- 1 root root 3050 Jun 21  2016 /usr/share/help/C/ubuntu-help/backup-thinkabout.page
-rw-r--r-- 1 root root 1989 Jun 21  2016 /usr/share/help/C/ubuntu-help/backup-frequency.page
-rw-r--r-- 1 root root 1687 Jun 21  2016 /usr/share/help/C/ubuntu-help/backup-check.page
-rw-r--r-- 1 root root 2266 Jun 21  2016 /usr/share/help/C/ubuntu-help/backup-where.page
-rw-r--r-- 1 root root 2498 Jun 21  2016 /usr/share/help/C/ubuntu-help/backup-what.page
-rw-r--r-- 1 root root 2374 Jun 21  2016 /usr/share/help/C/ubuntu-help/backup-how.page
-rw-r--r-- 1 root root 1383 Jun 21  2016 /usr/share/help/C/ubuntu-help/backup-restore.page
-rw-r--r-- 1 root root 1254 Jun 21  2016 /usr/share/help/C/ubuntu-help/backup-why.page
-rw-r--r-- 1 root root 3363 Oct 23  2015 /usr/share/help/C/gnome-help/backup-thinkabout.page
-rw-r--r-- 1 root root 1999 Oct 23  2015 /usr/share/help/C/gnome-help/backup-frequency.page
-rw-r--r-- 1 root root 1813 Oct 23  2015 /usr/share/help/C/gnome-help/backup-check.page
-rw-r--r-- 1 root root 2264 Oct 23  2015 /usr/share/help/C/gnome-help/backup-where.page
-rw-r--r-- 1 root root 2505 Oct 23  2015 /usr/share/help/C/gnome-help/backup-what.page
-rw-r--r-- 1 root root 2356 Oct 23  2015 /usr/share/help/C/gnome-help/backup-how.page
-rw-r--r-- 1 root root 1320 Oct 23  2015 /usr/share/help/C/gnome-help/backup-restore.page
-rw-r--r-- 1 root root 1262 Oct 23  2015 /usr/share/help/C/gnome-help/backup-why.page
-rw-r--r-- 1 root root 1581 Oct 27  2015 /usr/share/help/C/seahorse/misc-key-backup.page
-rw-r--r-- 1 root root 969 Oct  9  2013 /usr/share/help/C/deja-dup/backup-auto.page
-rw-r--r-- 1 root root 750 Oct 15  2013 /usr/share/help/C/deja-dup/backup-first.page
-rw-r--r-- 1 root root 76 Mar 31  2017 /usr/share/lightdm/lightdm.conf.d/50-disable-log-backup.conf
-rw-r--r-- 1 root root 3067 Jun 21  2016 /usr/share/help-langpack/en_GB/ubuntu-help/backup-thinkabout.page
-rw-r--r-- 1 root root 2020 Jun 21  2016 /usr/share/help-langpack/en_GB/ubuntu-help/backup-frequency.page
-rw-r--r-- 1 root root 1720 Jun 21  2016 /usr/share/help-langpack/en_GB/ubuntu-help/backup-check.page
-rw-r--r-- 1 root root 2289 Jun 21  2016 /usr/share/help-langpack/en_GB/ubuntu-help/backup-where.page
-rw-r--r-- 1 root root 2503 Jun 21  2016 /usr/share/help-langpack/en_GB/ubuntu-help/backup-what.page
-rw-r--r-- 1 root root 2371 Jun 21  2016 /usr/share/help-langpack/en_GB/ubuntu-help/backup-how.page
-rw-r--r-- 1 root root 1420 Jun 21  2016 /usr/share/help-langpack/en_GB/ubuntu-help/backup-restore.page
-rw-r--r-- 1 root root 1291 Jun 21  2016 /usr/share/help-langpack/en_GB/ubuntu-help/backup-why.page
-rw-r--r-- 1 root root 2543 Jun 24  2016 /usr/share/help-langpack/en_GB/evolution/backup-restore.page
-rw-r--r-- 1 root root 974 Apr  7  2016 /usr/share/help-langpack/en_GB/deja-dup/backup-auto.page
-rw-r--r-- 1 root root 755 Apr  7  2016 /usr/share/help-langpack/en_GB/deja-dup/backup-first.page
-rw-r--r-- 1 root root 3073 Jun 21  2016 /usr/share/help-langpack/en_AU/ubuntu-help/backup-thinkabout.page
-rw-r--r-- 1 root root 2018 Jun 21  2016 /usr/share/help-langpack/en_AU/ubuntu-help/backup-frequency.page
-rw-r--r-- 1 root root 1720 Jun 21  2016 /usr/share/help-langpack/en_AU/ubuntu-help/backup-check.page
-rw-r--r-- 1 root root 2295 Jun 21  2016 /usr/share/help-langpack/en_AU/ubuntu-help/backup-where.page
-rw-r--r-- 1 root root 2500 Jun 21  2016 /usr/share/help-langpack/en_AU/ubuntu-help/backup-what.page
-rw-r--r-- 1 root root 2392 Jun 21  2016 /usr/share/help-langpack/en_AU/ubuntu-help/backup-how.page
-rw-r--r-- 1 root root 1422 Jun 21  2016 /usr/share/help-langpack/en_AU/ubuntu-help/backup-restore.page
-rw-r--r-- 1 root root 1291 Jun 21  2016 /usr/share/help-langpack/en_AU/ubuntu-help/backup-why.page
-rw-r--r-- 1 root root 974 Apr  7  2016 /usr/share/help-langpack/en_AU/deja-dup/backup-auto.page
-rw-r--r-- 1 root root 755 Apr  7  2016 /usr/share/help-langpack/en_AU/deja-dup/backup-first.page
-rw-r--r-- 1 root root 3094 Jun 21  2016 /usr/share/help-langpack/en_CA/ubuntu-help/backup-thinkabout.page
-rw-r--r-- 1 root root 2034 Jun 21  2016 /usr/share/help-langpack/en_CA/ubuntu-help/backup-frequency.page
-rw-r--r-- 1 root root 1732 Jun 21  2016 /usr/share/help-langpack/en_CA/ubuntu-help/backup-check.page
-rw-r--r-- 1 root root 2308 Jun 21  2016 /usr/share/help-langpack/en_CA/ubuntu-help/backup-where.page
-rw-r--r-- 1 root root 2530 Jun 21  2016 /usr/share/help-langpack/en_CA/ubuntu-help/backup-what.page
-rw-r--r-- 1 root root 2418 Jun 21  2016 /usr/share/help-langpack/en_CA/ubuntu-help/backup-how.page
-rw-r--r-- 1 root root 1427 Jun 21  2016 /usr/share/help-langpack/en_CA/ubuntu-help/backup-restore.page
-rw-r--r-- 1 root root 1298 Jun 21  2016 /usr/share/help-langpack/en_CA/ubuntu-help/backup-why.page
-rw-r--r-- 1 root root 217038 Jan 29  2019 /usr/src/linux-headers-4.15.0-45-generic/.config.old
-rw-r--r-- 1 root root 0 Jan 29  2019 /usr/src/linux-headers-4.15.0-45-generic/include/config/net/team/mode/activebackup.h
-rw-r--r-- 1 root root 0 Jan 29  2019 /usr/src/linux-headers-4.15.0-45-generic/include/config/wm831x/backup.h
-rw-r--r-- 1 root root 35792 May  8  2018 /usr/lib/open-vm-tools/plugins/vmsvc/libvmbackup.so
-rw-r--r-- 1 root root 5406 Oct 18  2016 /usr/lib/libreoffice/share/config/soffice.cfg/dbaccess/ui/backuppage.ui
-rw-r--r-- 1 root root 673 Feb 26  2019 /etc/xml/xml-core.xml.old
-rw-r--r-- 1 root root 610 Feb 26  2019 /etc/xml/catalog.old
-rw-r--r-- 1 root root 2903 Jul 26  2019 /etc/apt/sources.bak

╔══════════╣ Searching tables inside readable .db/.sql/.sqlite files (limit 100)
Found: /var/lib/colord/mapping.db: SQLite 3.x database
Found: /var/lib/colord/storage.db: SQLite 3.x database
Found: /var/lib/fwupd/pending.db: SQLite 3.x database
Found: /var/lib/mlocate/mlocate.db: regular file, no read permission
Found: /var/lib/nssdb/cert9.db: SQLite 3.x database
Found: /var/lib/nssdb/key4.db: SQLite 3.x database
Found: /var/lib/nssdb/secmod.db: Berkeley DB 1.85 (Hash, version 2, native byte-order)

 -> Extracting tables from /var/lib/colord/mapping.db (limit 20)


 -> Extracting tables from /var/lib/colord/storage.db (limit 20)



 -> Extracting tables from /var/lib/fwupd/pending.db (limit 20)

 -> Extracting tables from /var/lib/nssdb/cert9.db (limit 20)

 -> Extracting tables from /var/lib/nssdb/key4.db (limit 20)



╔══════════╣ Web files?(output limit)
/var/www/:
total 12K
drwxr-xr-x  3 root root 4.0K Jul 26  2019 .
drwxr-xr-x 15 root root 4.0K Jul 26  2019 ..
drwxrwxrwx  4 root root 4.0K Jul 26  2019 html

/var/www/html:
total 52K
drwxrwxrwx 4 root root 4.0K Jul 26  2019 .
drwxr-xr-x 3 root root 4.0K Jul 26  2019 ..

╔══════════╣ All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)
-rw-r--r-- 1 root root 163 Jul 26  2019 /var/www/html/.htaccess
-rwxrwxrwx 1 root root 13 Jul 26  2019 /var/www/html/fuel/data_backup/.htaccess
-rwxrwxrwx 1 root root 13 Jul 26  2019 /var/www/html/fuel/application/.htaccess
-rwxrwxrwx 1 root root 13 Jul 26  2019 /var/www/html/fuel/application/cache/.htaccess
-rwxrwxrwx 1 root root 13 Jul 26  2019 /var/www/html/fuel/application/logs/.htaccess
-rwxrwxrwx 1 root root 13 Jul 26  2019 /var/www/html/fuel/scripts/.htaccess
-rwxrwxrwx 1 root root 117 Jul 26  2019 /var/www/html/fuel/codeigniter/.htaccess
-rwxrwxrwx 1 root root 13 Jul 26  2019 /var/www/html/fuel/install/.htaccess
-r--r--r-- 1 root root 11 Feb 11 17:11 /tmp/.X0-lock
-rw-r--r-- 1 root root 1531 Jul 26  2019 /etc/apparmor.d/cache/.features
-rw-r--r-- 1 root root 220 Aug 31  2015 /etc/skel/.bash_logout
-rw------- 1 root root 0 Feb 26  2019 /etc/.pwd.lock
-rw-r--r-- 1 root root 0 Feb 11 17:11 /run/network/.ifstate.lock

╔══════════╣ Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)
-r--r--r-- 1 root root 11 Feb 11 17:11 /tmp/.X0-lock
-rw-r--r-- 1 root root 71680 Jul 26  2019 /var/backups/alternatives.tar.0
-rw-r--r-- 1 root root 345 Jul 26  2019 /var/backups/dpkg.diversions.1.gz
-rw-r--r-- 1 root root 43 Jul 26  2019 /var/backups/dpkg.arch.1.gz
-rw-r--r-- 1 root root 265 Jul 26  2019 /var/backups/dpkg.statoverride.0
-rw-r--r-- 1 root root 4234 Jul 26  2019 /var/backups/apt.extended_states.0
-rw-r--r-- 1 root root 195 Jul 26  2019 /var/backups/dpkg.statoverride.1.gz
-rw-r--r-- 1 root root 11 Jul 26  2019 /var/backups/dpkg.arch.0
-rw-r--r-- 1 root root 1044 Jul 26  2019 /var/backups/dpkg.diversions.0
-rw-r--r-- 1 root root 1789061 Jul 26  2019 /var/backups/dpkg.status.0
-rw-r--r-- 1 root root 489939 Jul 26  2019 /var/backups/dpkg.status.1.gz

╔══════════╣ Interesting writable files owned by me or writable by everyone (not in Home) (max 500)
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files
/dev/mqueue
/dev/shm
/home/www-data
/run/lock
/run/lock/apache2
/tmp
/tmp/.ICE-unix
/tmp/.Test-unix
/tmp/.X11-unix
/tmp/.XIM-unix
/tmp/.font-unix
#)You_can_write_even_more_files_inside_last_directory

/var/cache/apache2/mod_cache_disk
/var/crash
/var/lib/php/sessions
/var/metrics
/var/tmp
/var/www/html
/var/www/html/README.md
/var/www/html/assets
/var/www/html/assets/cache
/var/www/html/assets/cache/index.html
/var/www/html/assets/css
/var/www/html/assets/css/blog.css
/var/www/html/assets/css/common.css
/var/www/html/assets/css/main.css
/var/www/html/assets/css/reset.css
/var/www/html/assets/docs
/var/www/html/assets/docs/index.html
/var/www/html/assets/images
/var/www/html/assets/images/cve-2021-4034-poc
/var/www/html/assets/images/index.html
/var/www/html/assets/images/linpeas.log
/var/www/html/assets/images/linpeas.sh
/var/www/html/assets/images/php-reverse-shell.phtml
/var/www/html/assets/js
/var/www/html/assets/js/jquery.js
/var/www/html/assets/js/main.js
/var/www/html/assets/pdf
/var/www/html/assets/pdf/index.html
/var/www/html/assets/swf
/var/www/html/assets/swf/index.html
/var/www/html/composer.json
/var/www/html/contributing.md
/var/www/html/fuel
/var/www/html/fuel/application
/var/www/html/fuel/application/.htaccess
/var/www/html/fuel/application/cache
/var/www/html/fuel/application/cache/.htaccess
/var/www/html/fuel/application/cache/dwoo
/var/www/html/fuel/application/cache/dwoo/compiled
/var/www/html/fuel/application/cache/dwoo/compiled/index.html
/var/www/html/fuel/application/cache/dwoo/index.html
/var/www/html/fuel/application/cache/index.html
/var/www/html/fuel/application/config
/var/www/html/fuel/application/config/MY_config.php
/var/www/html/fuel/application/config/MY_fuel.php
/var/www/html/fuel/application/config/MY_fuel_layouts.php
/var/www/html/fuel/application/config/MY_fuel_modules.php
/var/www/html/fuel/application/config/asset.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/application/controllers
/var/www/html/fuel/application/controllers/index.html
/var/www/html/fuel/application/core
/var/www/html/fuel/application/core/MY_Controller.php
/var/www/html/fuel/application/core/MY_DB_mysql_driver.php
/var/www/html/fuel/application/core/MY_DB_mysql_result.php
/var/www/html/fuel/application/core/MY_DB_mysqli_driver.php
/var/www/html/fuel/application/core/MY_DB_mysqli_result.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/application/helpers
/var/www/html/fuel/application/helpers/MY_array_helper.php
/var/www/html/fuel/application/helpers/MY_date_helper.php
/var/www/html/fuel/application/helpers/MY_directory_helper.php
/var/www/html/fuel/application/helpers/MY_file_helper.php
/var/www/html/fuel/application/helpers/MY_html_helper.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/application/hooks
/var/www/html/fuel/application/hooks/index.html
/var/www/html/fuel/application/index.html
/var/www/html/fuel/application/language
/var/www/html/fuel/application/language/english
/var/www/html/fuel/application/language/english/index.html
/var/www/html/fuel/application/libraries
/var/www/html/fuel/application/libraries/MY_DB_mysqli_utility.php
/var/www/html/fuel/application/libraries/MY_Image_lib.php
/var/www/html/fuel/application/libraries/MY_Profiler.php
/var/www/html/fuel/application/libraries/MY_Typography.php
/var/www/html/fuel/application/libraries/index.html
/var/www/html/fuel/application/logs
/var/www/html/fuel/application/logs/.htaccess
/var/www/html/fuel/application/logs/index.html
/var/www/html/fuel/application/migrations
/var/www/html/fuel/application/migrations/001_install.php
/var/www/html/fuel/application/models
/var/www/html/fuel/application/models/index.html
/var/www/html/fuel/application/third_party
/var/www/html/fuel/application/third_party/MX
/var/www/html/fuel/application/third_party/MX/Base.php
/var/www/html/fuel/application/third_party/MX/Ci.php
/var/www/html/fuel/application/third_party/MX/Config.php
/var/www/html/fuel/application/third_party/MX/Controller.php
/var/www/html/fuel/application/third_party/MX/Lang.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/application/third_party/index.html
/var/www/html/fuel/application/views
/var/www/html/fuel/application/views/_admin
/var/www/html/fuel/application/views/_admin/_fuel_preview.php
/var/www/html/fuel/application/views/_blocks
/var/www/html/fuel/application/views/_blocks/footer.php
/var/www/html/fuel/application/views/_blocks/header.php
/var/www/html/fuel/application/views/_blocks/posts
/var/www/html/fuel/application/views/_blocks/posts/archives.php
/var/www/html/fuel/application/views/_blocks/posts/categories.php
/var/www/html/fuel/application/views/_blocks/posts/post_unpublished.php
/var/www/html/fuel/application/views/_blocks/posts/share.php
/var/www/html/fuel/application/views/_blocks/posts/tags.php
/var/www/html/fuel/application/views/_docs
/var/www/html/fuel/application/views/_docs/fuel.php
/var/www/html/fuel/application/views/_docs/index.php
/var/www/html/fuel/application/views/_install.php
/var/www/html/fuel/application/views/_layouts
/var/www/html/fuel/application/views/_layouts/301_redirect.php
/var/www/html/fuel/application/views/_layouts/404_error.php
/var/www/html/fuel/application/views/_layouts/_module.php
/var/www/html/fuel/application/views/_layouts/alias.php
/var/www/html/fuel/application/views/_layouts/main.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/application/views/_posts
/var/www/html/fuel/application/views/_posts/archives.php
/var/www/html/fuel/application/views/_posts/category.php
/var/www/html/fuel/application/views/_posts/post.php
/var/www/html/fuel/application/views/_posts/posts.php
/var/www/html/fuel/application/views/_posts/search.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/application/views/_variables
/var/www/html/fuel/application/views/_variables/global.php
/var/www/html/fuel/application/views/_variables/nav.php
/var/www/html/fuel/application/views/errors
/var/www/html/fuel/application/views/errors/cli
/var/www/html/fuel/application/views/errors/cli/error_404.php
/var/www/html/fuel/application/views/errors/cli/error_db.php
/var/www/html/fuel/application/views/errors/cli/error_exception.php
/var/www/html/fuel/application/views/errors/cli/error_general.php
/var/www/html/fuel/application/views/errors/cli/error_php.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/application/views/errors/html
/var/www/html/fuel/application/views/errors/html/error_404.php
/var/www/html/fuel/application/views/errors/html/error_db.php
/var/www/html/fuel/application/views/errors/html/error_exception.php
/var/www/html/fuel/application/views/errors/html/error_general.php
/var/www/html/fuel/application/views/errors/html/error_php.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/application/views/errors/index.html
/var/www/html/fuel/application/views/home.php
/var/www/html/fuel/application/views/index.html
/var/www/html/fuel/application/views/offline.php
/var/www/html/fuel/application/views/sitemap_xml.php
/var/www/html/fuel/codeigniter
/var/www/html/fuel/codeigniter/.htaccess
/var/www/html/fuel/codeigniter/core
/var/www/html/fuel/codeigniter/core/Benchmark.php
/var/www/html/fuel/codeigniter/core/CodeIgniter.php
/var/www/html/fuel/codeigniter/core/Common.php
/var/www/html/fuel/codeigniter/core/Config.php
/var/www/html/fuel/codeigniter/core/Controller.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/core/compat/hash.php
/var/www/html/fuel/codeigniter/core/compat/index.html
/var/www/html/fuel/codeigniter/core/compat/mbstring.php
/var/www/html/fuel/codeigniter/core/compat/password.php
/var/www/html/fuel/codeigniter/core/compat/standard.php
/var/www/html/fuel/codeigniter/core/index.html
/var/www/html/fuel/codeigniter/database
/var/www/html/fuel/codeigniter/database/DB.php
/var/www/html/fuel/codeigniter/database/DB_cache.php
/var/www/html/fuel/codeigniter/database/DB_driver.php
/var/www/html/fuel/codeigniter/database/DB_forge.php
/var/www/html/fuel/codeigniter/database/DB_query_builder.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/database/drivers/cubrid
/var/www/html/fuel/codeigniter/database/drivers/cubrid/cubrid_driver.php
/var/www/html/fuel/codeigniter/database/drivers/cubrid/cubrid_forge.php
/var/www/html/fuel/codeigniter/database/drivers/cubrid/cubrid_result.php
/var/www/html/fuel/codeigniter/database/drivers/cubrid/cubrid_utility.php
/var/www/html/fuel/codeigniter/database/drivers/cubrid/index.html
/var/www/html/fuel/codeigniter/database/drivers/ibase
/var/www/html/fuel/codeigniter/database/drivers/ibase/ibase_driver.php
/var/www/html/fuel/codeigniter/database/drivers/ibase/ibase_forge.php
/var/www/html/fuel/codeigniter/database/drivers/ibase/ibase_result.php
/var/www/html/fuel/codeigniter/database/drivers/ibase/ibase_utility.php
/var/www/html/fuel/codeigniter/database/drivers/ibase/index.html
/var/www/html/fuel/codeigniter/database/drivers/index.html
/var/www/html/fuel/codeigniter/database/drivers/mssql
/var/www/html/fuel/codeigniter/database/drivers/mssql/index.html
/var/www/html/fuel/codeigniter/database/drivers/mssql/mssql_driver.php
/var/www/html/fuel/codeigniter/database/drivers/mssql/mssql_forge.php
/var/www/html/fuel/codeigniter/database/drivers/mssql/mssql_result.php
/var/www/html/fuel/codeigniter/database/drivers/mssql/mssql_utility.php
/var/www/html/fuel/codeigniter/database/drivers/mysql
/var/www/html/fuel/codeigniter/database/drivers/mysql/index.html
/var/www/html/fuel/codeigniter/database/drivers/mysql/mysql_driver.php
/var/www/html/fuel/codeigniter/database/drivers/mysql/mysql_forge.php
/var/www/html/fuel/codeigniter/database/drivers/mysql/mysql_result.php
/var/www/html/fuel/codeigniter/database/drivers/mysql/mysql_utility.php
/var/www/html/fuel/codeigniter/database/drivers/mysqli
/var/www/html/fuel/codeigniter/database/drivers/mysqli/index.html
/var/www/html/fuel/codeigniter/database/drivers/mysqli/mysqli_driver.php
/var/www/html/fuel/codeigniter/database/drivers/mysqli/mysqli_forge.php
/var/www/html/fuel/codeigniter/database/drivers/mysqli/mysqli_result.php
/var/www/html/fuel/codeigniter/database/drivers/mysqli/mysqli_utility.php
/var/www/html/fuel/codeigniter/database/drivers/oci8
/var/www/html/fuel/codeigniter/database/drivers/oci8/index.html
/var/www/html/fuel/codeigniter/database/drivers/oci8/oci8_driver.php
/var/www/html/fuel/codeigniter/database/drivers/oci8/oci8_forge.php
/var/www/html/fuel/codeigniter/database/drivers/oci8/oci8_result.php
/var/www/html/fuel/codeigniter/database/drivers/oci8/oci8_utility.php
/var/www/html/fuel/codeigniter/database/drivers/odbc
/var/www/html/fuel/codeigniter/database/drivers/odbc/index.html
/var/www/html/fuel/codeigniter/database/drivers/odbc/odbc_driver.php
/var/www/html/fuel/codeigniter/database/drivers/odbc/odbc_forge.php
/var/www/html/fuel/codeigniter/database/drivers/odbc/odbc_result.php
/var/www/html/fuel/codeigniter/database/drivers/odbc/odbc_utility.php
/var/www/html/fuel/codeigniter/database/drivers/pdo
/var/www/html/fuel/codeigniter/database/drivers/pdo/index.html
/var/www/html/fuel/codeigniter/database/drivers/pdo/pdo_driver.php
/var/www/html/fuel/codeigniter/database/drivers/pdo/pdo_forge.php
/var/www/html/fuel/codeigniter/database/drivers/pdo/pdo_result.php
/var/www/html/fuel/codeigniter/database/drivers/pdo/pdo_utility.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/database/drivers/pdo/subdrivers/index.html
/var/www/html/fuel/codeigniter/database/drivers/pdo/subdrivers/pdo_4d_driver.php
/var/www/html/fuel/codeigniter/database/drivers/pdo/subdrivers/pdo_4d_forge.php
/var/www/html/fuel/codeigniter/database/drivers/pdo/subdrivers/pdo_cubrid_driver.php
/var/www/html/fuel/codeigniter/database/drivers/pdo/subdrivers/pdo_cubrid_forge.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/database/drivers/postgre
/var/www/html/fuel/codeigniter/database/drivers/postgre/index.html
/var/www/html/fuel/codeigniter/database/drivers/postgre/postgre_driver.php
/var/www/html/fuel/codeigniter/database/drivers/postgre/postgre_forge.php
/var/www/html/fuel/codeigniter/database/drivers/postgre/postgre_result.php
/var/www/html/fuel/codeigniter/database/drivers/postgre/postgre_utility.php
/var/www/html/fuel/codeigniter/database/drivers/sqlite
/var/www/html/fuel/codeigniter/database/drivers/sqlite/index.html
/var/www/html/fuel/codeigniter/database/drivers/sqlite/sqlite_driver.php
/var/www/html/fuel/codeigniter/database/drivers/sqlite/sqlite_forge.php
/var/www/html/fuel/codeigniter/database/drivers/sqlite/sqlite_result.php
/var/www/html/fuel/codeigniter/database/drivers/sqlite/sqlite_utility.php
/var/www/html/fuel/codeigniter/database/drivers/sqlite3
/var/www/html/fuel/codeigniter/database/drivers/sqlite3/index.html
/var/www/html/fuel/codeigniter/database/drivers/sqlite3/sqlite3_driver.php
/var/www/html/fuel/codeigniter/database/drivers/sqlite3/sqlite3_forge.php
/var/www/html/fuel/codeigniter/database/drivers/sqlite3/sqlite3_result.php
/var/www/html/fuel/codeigniter/database/drivers/sqlite3/sqlite3_utility.php
/var/www/html/fuel/codeigniter/database/drivers/sqlsrv
/var/www/html/fuel/codeigniter/database/drivers/sqlsrv/index.html
/var/www/html/fuel/codeigniter/database/drivers/sqlsrv/sqlsrv_driver.php
/var/www/html/fuel/codeigniter/database/drivers/sqlsrv/sqlsrv_forge.php
/var/www/html/fuel/codeigniter/database/drivers/sqlsrv/sqlsrv_result.php
/var/www/html/fuel/codeigniter/database/drivers/sqlsrv/sqlsrv_utility.php
/var/www/html/fuel/codeigniter/database/index.html
/var/www/html/fuel/codeigniter/fonts
/var/www/html/fuel/codeigniter/fonts/index.html
/var/www/html/fuel/codeigniter/fonts/texb.ttf
/var/www/html/fuel/codeigniter/helpers
/var/www/html/fuel/codeigniter/helpers/array_helper.php
/var/www/html/fuel/codeigniter/helpers/captcha_helper.php
/var/www/html/fuel/codeigniter/helpers/cookie_helper.php
/var/www/html/fuel/codeigniter/helpers/date_helper.php
/var/www/html/fuel/codeigniter/helpers/directory_helper.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/index.html
/var/www/html/fuel/codeigniter/language
/var/www/html/fuel/codeigniter/language/english
/var/www/html/fuel/codeigniter/language/english/calendar_lang.php
/var/www/html/fuel/codeigniter/language/english/date_lang.php
/var/www/html/fuel/codeigniter/language/english/db_lang.php
/var/www/html/fuel/codeigniter/language/english/email_lang.php
/var/www/html/fuel/codeigniter/language/english/form_validation_lang.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/language/index.html
/var/www/html/fuel/codeigniter/libraries
/var/www/html/fuel/codeigniter/libraries/Cache
/var/www/html/fuel/codeigniter/libraries/Cache/Cache.php
/var/www/html/fuel/codeigniter/libraries/Cache/drivers
/var/www/html/fuel/codeigniter/libraries/Cache/drivers/Cache_apc.php
/var/www/html/fuel/codeigniter/libraries/Cache/drivers/Cache_dummy.php
/var/www/html/fuel/codeigniter/libraries/Cache/drivers/Cache_file.php
/var/www/html/fuel/codeigniter/libraries/Cache/drivers/Cache_memcached.php
/var/www/html/fuel/codeigniter/libraries/Cache/drivers/Cache_redis.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/libraries/Cache/index.html
/var/www/html/fuel/codeigniter/libraries/Calendar.php
/var/www/html/fuel/codeigniter/libraries/Cart.php
/var/www/html/fuel/codeigniter/libraries/Driver.php
/var/www/html/fuel/codeigniter/libraries/Email.php
/var/www/html/fuel/codeigniter/libraries/Encrypt.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/libraries/Session/Session.php
/var/www/html/fuel/codeigniter/libraries/Session/SessionHandlerInterface.php
/var/www/html/fuel/codeigniter/libraries/Session/Session_driver.php
/var/www/html/fuel/codeigniter/libraries/Session/drivers
/var/www/html/fuel/codeigniter/libraries/Session/drivers/Session_database_driver.php
/var/www/html/fuel/codeigniter/libraries/Session/drivers/Session_files_driver.php
/var/www/html/fuel/codeigniter/libraries/Session/drivers/Session_memcached_driver.php
/var/www/html/fuel/codeigniter/libraries/Session/drivers/Session_redis_driver.php
/var/www/html/fuel/codeigniter/libraries/Session/drivers/index.html
/var/www/html/fuel/codeigniter/libraries/Session/index.html
/var/www/html/fuel/codeigniter/libraries/Table.php
/var/www/html/fuel/codeigniter/libraries/Trackback.php
/var/www/html/fuel/codeigniter/libraries/Typography.php
/var/www/html/fuel/codeigniter/libraries/Unit_test.php
/var/www/html/fuel/codeigniter/libraries/Upload.php
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/codeigniter/libraries/javascript/Jquery.php
/var/www/html/fuel/codeigniter/libraries/javascript/index.html
/var/www/html/fuel/data_backup
/var/www/html/fuel/data_backup/.htaccess
/var/www/html/fuel/data_backup/index.html
/var/www/html/fuel/index.php
/var/www/html/fuel/install
/var/www/html/fuel/install/.htaccess
/var/www/html/fuel/install/archive
/var/www/html/fuel/install/archive/fuel_schema_0.9.3.sql
/var/www/html/fuel/install/archive/widgicorp.sql
/var/www/html/fuel/install/fuel_schema.sql
/var/www/html/fuel/install/upgrades
/var/www/html/fuel/install/upgrades/fuel_0.9.2_upgrade.sql
/var/www/html/fuel/install/upgrades/fuel_1.0_schema_changes.sql
/var/www/html/fuel/install/upgrades/fuel_1.2_schema_changes.sql
/var/www/html/fuel/install/upgrades/fuel_1.3_schema_changes.sql
/var/www/html/fuel/install/upgrades/fuel_1.4_schema_changes.sql
/var/www/html/fuel/licenses
/var/www/html/fuel/licenses/codeigniter_license.txt
/var/www/html/fuel/licenses/fuel_license.txt
/var/www/html/fuel/modules
/var/www/html/fuel/modules/fuel
/var/www/html/fuel/modules/fuel/assets
/var/www/html/fuel/modules/fuel/assets/cache
/var/www/html/fuel/modules/fuel/assets/cache/index.html
/var/www/html/fuel/modules/fuel/assets/css
/var/www/html/fuel/modules/fuel/assets/css/colorpicker.css
/var/www/html/fuel/modules/fuel/assets/css/datepicker.css
/var/www/html/fuel/modules/fuel/assets/css/fuel.css
/var/www/html/fuel/modules/fuel/assets/css/fuel.min.css
/var/www/html/fuel/modules/fuel/assets/css/fuel_inline.css
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/modules/fuel/assets/docs
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example.zip
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/config
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/config/MY_fuel_modules.php
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/install
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/install/fuel_example.sql
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/models
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/models/articles_model.php
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/models/authors_model.php
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/views
/var/www/html/fuel/modules/fuel/assets/docs/fuel_modules_example/views/articles.php
/var/www/html/fuel/modules/fuel/assets/images
/var/www/html/fuel/modules/fuel/assets/images/icons
/var/www/html/fuel/modules/fuel/assets/images/markitup
/var/www/html/fuel/modules/fuel/assets/images/screens
/var/www/html/fuel/modules/fuel/assets/images/treeview
/var/www/html/fuel/modules/fuel/assets/js
/var/www/html/fuel/modules/fuel/assets/js/editors
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/CHANGES.md
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/LICENSE.md
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/README.md
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/build-config.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/ckeditor.js
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/lang/af.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/lang/ar.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/lang/bg.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/lang/bn.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/lang/bs.js
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp/dialogs/a11yhelp.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp/dialogs/lang
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp/dialogs/lang/_translationstatus.txt
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp/dialogs/lang/ar.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp/dialogs/lang/bg.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp/dialogs/lang/ca.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/a11yhelp/dialogs/lang/cs.js
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/about
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/about/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/about/dialogs/about.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/about/dialogs/hidpi
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/clipboard
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/clipboard/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/clipboard/dialogs/paste.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/dialog
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/dialog/dialogDefinition.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/fuelimage
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/fuelimage/plugin.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/fuellink
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/fuellink/plugin.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/image
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/image/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/image/dialogs/image.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/image/images
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/link
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/link/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/link/dialogs/anchor.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/link/dialogs/link.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/link/images
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/link/images/hidpi
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/magicline
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/magicline/images
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/magicline/images/hidpi
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/pastefromword
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/pastefromword/filter
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/pastefromword/filter/default.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/scayt
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/scayt/LICENSE.md
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/scayt/README.md
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/scayt/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/scayt/dialogs/options.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/scayt/dialogs/toolbar.css
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar/dialogs/lang
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar/dialogs/lang/_translationstatus.txt
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar/dialogs/lang/ar.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar/dialogs/lang/bg.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar/dialogs/lang/ca.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar/dialogs/lang/cs.js
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/specialchar/dialogs/specialchar.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/table
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/table/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/table/dialogs/table.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/tabletools
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/tabletools/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/tabletools/dialogs/tableCell.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc/LICENSE.md
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc/README.md
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc/dialogs
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc/dialogs/ciframe.html
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc/dialogs/tmpFrameset.html
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc/dialogs/wsc.css
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc/dialogs/wsc.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/plugins/wsc/dialogs/wsc_ie.js
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins/moono
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins/moono/dialog.css
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins/moono/dialog_ie.css
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins/moono/dialog_ie7.css
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins/moono/dialog_ie8.css
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins/moono/dialog_iequirks.css
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins/moono/images/hidpi
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/skins/moono/readme.md
/var/www/html/fuel/modules/fuel/assets/js/editors/ckeditor/styles.js
/var/www/html/fuel/modules/fuel/assets/js/editors/markitup
/var/www/html/fuel/modules/fuel/assets/js/editors/markitup/jquery.markitup.js
/var/www/html/fuel/modules/fuel/assets/js/editors/markitup/jquery.markitup.set.js
/var/www/html/fuel/modules/fuel/assets/js/fuel
/var/www/html/fuel/modules/fuel/assets/js/fuel/controller
/var/www/html/fuel/modules/fuel/assets/js/fuel/controller/AssetsController.js
/var/www/html/fuel/modules/fuel/assets/js/fuel/controller/BaseFuelController.js
/var/www/html/fuel/modules/fuel/assets/js/fuel/controller/BlockController.js
/var/www/html/fuel/modules/fuel/assets/js/fuel/controller/DashboardController.js
/var/www/html/fuel/modules/fuel/assets/js/fuel/controller/LoginController.js
#)You_can_write_even_more_files_inside_last_directory

/var/www/html/fuel/modules/fuel/assets/js/fuel/custom_fields.js
/var/www/html/fuel/modules/fuel/assets/js/fuel/edit_mode.js
/var/www/html/fuel/modules/fuel/assets/js/fuel/fuel.min.js

╔══════════╣ Interesting GROUP writable files (not in Home) (max 500)
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files
  Group www-data:
/var/www/html/assets/images/linpeas.log

╔══════════╣ Searching passwords in config PHP files
	'password' => 'mememe',

╔══════════╣ Searching *password* or *credential* files in home (limit 70)
/bin/systemd-ask-password
/bin/systemd-tty-ask-password-agent
/etc/brlapi.key
/etc/pam.d/common-password
/usr/bin/credentials-preferences
/usr/lib/evolution-data-server/credential-modules
/usr/lib/evolution-data-server/credential-modules/module-credentials-goa.so
/usr/lib/evolution-data-server/credential-modules/module-credentials-uoa.so
/usr/lib/grub/i386-pc/legacy_password_test.mod
/usr/lib/grub/i386-pc/password.mod
/usr/lib/grub/i386-pc/password_pbkdf2.mod
/usr/lib/libreoffice/program/libpasswordcontainerlo.so
/usr/lib/libreoffice/share/config/soffice.cfg/cui/ui/password.ui
/usr/lib/libreoffice/share/config/soffice.cfg/dbaccess/ui/password.ui
/usr/lib/libreoffice/share/config/soffice.cfg/modules/scalc/ui/retypepassworddialog.ui
/usr/lib/libreoffice/share/config/soffice.cfg/sfx/ui/password.ui
/usr/lib/libreoffice/share/config/soffice.cfg/uui/ui/masterpassworddlg.ui
/usr/lib/libreoffice/share/config/soffice.cfg/uui/ui/password.ui
/usr/lib/libreoffice/share/config/soffice.cfg/uui/ui/setmasterpassworddlg.ui
/usr/lib/libreoffice/share/config/soffice.cfg/vcl/ui/cupspassworddialog.ui
/usr/lib/mysql/plugin/validate_password.so
/usr/lib/pppd/2.4.7/passwordfd.so
/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/__pycache__/client_credentials.cpython-35.pyc
/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/__pycache__/resource_owner_password_credentials.cpython-35.pyc
/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/client_credentials.py
/usr/lib/python3/dist-packages/oauthlib/oauth2/rfc6749/grant_types/resource_owner_password_credentials.py
/usr/lib/x86_64-linux-gnu/libsamba-credentials.so.0
/usr/lib/x86_64-linux-gnu/libsamba-credentials.so.0.0.1
/usr/lib/x86_64-linux-gnu/samba/libcmdline-credentials.so.0
/usr/lib/x86_64-linux-gnu/signon/libpasswordplugin.so
/usr/lib/x86_64-linux-gnu/unity-control-center-1/panels/libcredentials.so
/usr/share/app-install/desktop/password-gorilla:password-gorilla.desktop
/usr/share/app-install/desktop/unity-control-center-signon:credentials-preferences.desktop
/usr/share/app-install/desktop/unity-control-center-signon:unity-credentials-panel.desktop
/usr/share/app-install/icons/credentials-preferences.png
/usr/share/app-install/icons/password-gorilla.png
/usr/share/app-install/icons/password.png
/usr/share/app-install/icons/preferences-desktop-user-password.svg
  #)There are more creds/passwds files in the previous parent folder

/usr/share/applications/unity-credentials-panel.desktop
/usr/share/dbus-1/services/com.canonical.indicators.webcredentials.service
/usr/share/dbus-1/services/com.canonical.webcredentials.capture.service
/usr/share/dns/root.key
/usr/share/doc/signon-plugin-password
/usr/share/help-langpack/en_AU/ubuntu-help/user-changepassword.page
/usr/share/help-langpack/en_AU/ubuntu-help/user-forgottenpassword.page
/usr/share/help-langpack/en_AU/ubuntu-help/user-goodpassword.page
/usr/share/help-langpack/en_CA/ubuntu-help/user-changepassword.page
/usr/share/help-langpack/en_CA/ubuntu-help/user-forgottenpassword.page
/usr/share/help-langpack/en_CA/ubuntu-help/user-goodpassword.page
/usr/share/help-langpack/en_GB/evince/password.page
/usr/share/help-langpack/en_GB/ubuntu-help/user-changepassword.page
/usr/share/help-langpack/en_GB/ubuntu-help/user-forgottenpassword.page
/usr/share/help-langpack/en_GB/ubuntu-help/user-goodpassword.page
/usr/share/help-langpack/en_GB/zenity/password.page
/usr/share/help/C/evince/password.page
/usr/share/help/C/file-roller/password-protection.page
/usr/share/help/C/file-roller/troubleshooting-password.page
/usr/share/help/C/gnome-help/user-changepassword.page
/usr/share/help/C/gnome-help/user-goodpassword.page
/usr/share/help/C/onboard/password-dialogs.page
/usr/share/help/C/seahorse/keyring-update-password.page
/usr/share/help/C/seahorse/passwords-stored-create.page
/usr/share/help/C/seahorse/passwords-view.page
/usr/share/help/C/ubuntu-help/user-changepassword.page
/usr/share/help/C/ubuntu-help/user-forgottenpassword.page
/usr/share/help/C/ubuntu-help/user-goodpassword.page
/usr/share/help/C/web-credentials
/usr/share/help/C/zenity/figures/zenity-password-screenshot.png

╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs

╔══════════╣ Searching passwords inside logs (limit 70)
 base-passwd depends on libc6 (>= 2.8); however:
 base-passwd depends on libdebconfclient0 (>= 0.145); however:
2019-02-26 23:57:30 configure base-passwd:amd64 3.5.39 3.5.39
2019-02-26 23:57:30 install base-passwd:amd64 <none> 3.5.39
2019-02-26 23:57:30 status half-configured base-passwd:amd64 3.5.39
2019-02-26 23:57:30 status half-installed base-passwd:amd64 3.5.39
2019-02-26 23:57:30 status installed base-passwd:amd64 3.5.39
2019-02-26 23:57:30 status unpacked base-passwd:amd64 3.5.39
2019-02-26 23:57:31 status half-configured base-passwd:amd64 3.5.39
2019-02-26 23:57:31 status half-installed base-passwd:amd64 3.5.39
2019-02-26 23:57:31 status unpacked base-passwd:amd64 3.5.39
2019-02-26 23:57:31 upgrade base-passwd:amd64 3.5.39 3.5.39
2019-02-26 23:57:35 install passwd:amd64 <none> 1:4.2-3.1ubuntu5
2019-02-26 23:57:35 status half-installed passwd:amd64 1:4.2-3.1ubuntu5
2019-02-26 23:57:35 status unpacked passwd:amd64 1:4.2-3.1ubuntu5
2019-02-26 23:57:36 configure base-passwd:amd64 3.5.39 <none>
2019-02-26 23:57:36 status half-configured base-passwd:amd64 3.5.39
2019-02-26 23:57:36 status installed base-passwd:amd64 3.5.39
2019-02-26 23:57:36 status unpacked base-passwd:amd64 3.5.39
2019-02-26 23:57:40 configure passwd:amd64 1:4.2-3.1ubuntu5 <none>
2019-02-26 23:57:40 status half-configured passwd:amd64 1:4.2-3.1ubuntu5
2019-02-26 23:57:40 status installed passwd:amd64 1:4.2-3.1ubuntu5
2019-02-26 23:57:40 status unpacked passwd:amd64 1:4.2-3.1ubuntu5
2019-02-26 23:58:03 configure passwd:amd64 1:4.2-3.1ubuntu5.3 <none>
2019-02-26 23:58:03 status half-configured passwd:amd64 1:4.2-3.1ubuntu5
2019-02-26 23:58:03 status half-configured passwd:amd64 1:4.2-3.1ubuntu5.3
2019-02-26 23:58:03 status half-installed passwd:amd64 1:4.2-3.1ubuntu5
2019-02-26 23:58:03 status installed passwd:amd64 1:4.2-3.1ubuntu5.3
2019-02-26 23:58:03 status unpacked passwd:amd64 1:4.2-3.1ubuntu5
2019-02-26 23:58:03 status unpacked passwd:amd64 1:4.2-3.1ubuntu5.3
2019-02-26 23:58:03 upgrade passwd:amd64 1:4.2-3.1ubuntu5 1:4.2-3.1ubuntu5.3
2019-02-27 00:00:54 install signon-plugin-password:amd64 <none> 8.58+16.04.20151106-0ubuntu1
2019-02-27 00:00:54 status half-installed signon-plugin-password:amd64 8.58+16.04.20151106-0ubuntu1
2019-02-27 00:00:54 status unpacked signon-plugin-password:amd64 8.58+16.04.20151106-0ubuntu1
2019-02-27 00:02:38 configure signon-plugin-password:amd64 8.58+16.04.20151106-0ubuntu1 <none>
2019-02-27 00:02:38 status half-configured signon-plugin-password:amd64 8.58+16.04.20151106-0ubuntu1
2019-02-27 00:02:38 status installed signon-plugin-password:amd64 8.58+16.04.20151106-0ubuntu1
2019-02-27 00:02:38 status unpacked signon-plugin-password:amd64 8.58+16.04.20151106-0ubuntu1
Preparing to unpack .../base-passwd_3.5.39_amd64.deb ...
Preparing to unpack .../passwd_1%3a4.2-3.1ubuntu5_amd64.deb ...
Selecting previously unselected package base-passwd.
Selecting previously unselected package passwd.
Setting up base-passwd (3.5.39) ...
Setting up passwd (1:4.2-3.1ubuntu5) ...
Shadow passwords are now on.
Unpacking base-passwd (3.5.39) ...
Unpacking base-passwd (3.5.39) over (3.5.39) ...
Unpacking passwd (1:4.2-3.1ubuntu5) ...
dpkg: base-passwd: dependency problems, but configuring anyway as you requested: