Повышение прав [задай вопрос - получи ответ]

Неужели тут нет никого кто бы знал как зарутаться?

 

Добрый день, есть WSO шел, задача повысить привилегии ну нужен бек конект. Ну сервер не тает соединится бэк конектом, пробовал https://github.com/pentestmonkey/php-findsock-shell тоже безуспешно т.к там nginx У кого ксть кике либо идеи сделать нормальный шел? Заранее спасибо

 

Не понял, а какая разница, nginx там или нет...
Попробуй https://github.com/0x00-0x00/ShellPop (инструкция там же) и выполнить сгенеренный код через шелл. Меня не раз выручал, бэкконнект устанавливался без проблем, когда иные варианты не срабатывали.

 

Это не подходит бэк конект не идет на мой хост пробовал и юдп итд итп, только в локалке видно где-то прописано в правилах, есть еще идее попробовал юдп итд, порт тоже биндит ну закрыт циской.

 

Понимаю, что не актуально, но чисто на заметку, можно было попробовать эксплоит:

https://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html

 

Code:

$ uname -a
Linux ek240119-2 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

$ ls -la /boot
итого 101072
drwxr-xr-x  4 root root     4096 окт  4 06:02 .
drwxr-xr-x 24 root root     4096 окт  2 06:20 ..
-rw-r--r--  1 root root   217373 сен 12 14:30 config-4.15.0-64-generic
-rw-r--r--  1 root root   217362 сен 17 21:12 config-4.15.0-65-generic
drwx------  3 root root     4096 янв  1  1970 efi
drwxr-xr-x  5 root root     4096 окт  3 06:33 grub
-rw-r--r--  1 root root 38826123 окт  1 06:14 initrd.img-4.15.0-64-generic
-rw-r--r--  1 root root 38823483 окт  2 06:20 initrd.img-4.15.0-65-generic
-rw-r--r--  1 root root   182704 янв 28  2016 memtest86+.bin
-rw-r--r--  1 root root   184380 янв 28  2016 memtest86+.elf
-rw-r--r--  1 root root   184840 янв 28  2016 memtest86+_multiboot.bin
-rw-------  1 root root  4062624 сен 12 14:30 System.map-4.15.0-64-generic
-rw-------  1 root root  4064177 сен 17 21:12 System.map-4.15.0-65-generic
-rw-------  1 root root  8330904 сен 12 17:38 vmlinuz-4.15.0-64-generic
-rw-------  1 root root  8359576 сен 17 21:20 vmlinuz-4.15.0-65-generic

$ ls -la --full-time /lib64
итого 8
drwxr-xr-x  2 root root 4096 2018-07-25 08:03:05.000000000 +0500 .
drwxr-xr-x 24 root root 4096 2019-10-02 06:20:15.195644895 +0500 ..
lrwxrwxrwx  1 root root   32 2019-01-24 13:11:42.802432577 +0500 ld-linux-x86-64.so.2 -> /lib/x86_64-linux-gnu/ld-2.27.so

$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=1934996k,nr_inodes=483749,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=391424k,mode=755)
/dev/sda2 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=24,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=13569)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/sda1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
tmpfs on /run/user/1001 type tmpfs (rw,nosuid,nodev,relatime,size=391424k,mode=700,uid=1001,gid=1001)
gvfsd-fuse on /run/user/1001/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1001,group_id=1001)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=391424k,mode=700,uid=1000,gid=1000)
tmpfs on /run/user/110 type tmpfs (rw,nosuid,nodev,relatime,size=391424k,mode=700,uid=110,gid=115)
gvfsd-fuse on /run/user/110/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=110,group_id=115)

$ df -h
Файл.система   Размер Использовано  Дост Использовано% Cмонтировано в
udev             1,9G            0  1,9G            0% /dev
tmpfs            383M         3,0M  380M            1% /run
/dev/sda2        110G          13G   92G           12% /
tmpfs            1,9G         111M  1,8G            6% /dev/shm
tmpfs            5,0M         4,0K  5,0M            1% /run/lock
tmpfs            1,9G            0  1,9G            0% /sys/fs/cgroup
/dev/sda1        511M         6,1M  505M            2% /boot/efi
tmpfs            383M          24K  383M            1% /run/user/1001
tmpfs            383M            0  383M            0% /run/user/1000
tmpfs            383M         4,0K  383M            1% /run/user/110

$ cat /etc/issue
Ubuntu 18.04.2 LTS \n \l

$ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

$ cat /proc/version
Linux version 4.15.0-65-generic (buildd@lgw01-amd64-006) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019

$ cat /proc/sys/vm/mmap_min_addr
65536

$ find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null
-rwsr-xr-- 1 root messagebus 42992 июн 10 23:05 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-sr-x 1 root root 105336 июн  5 11:41 /usr/lib/snapd/snap-confine
-rwsr-xr-x 1 root root 14328 мар 27  2019 /usr/lib/policykit-1/polkit-agent-helper-1
-rwsr-xr-x 1 root root 10232 мар 28  2017 /usr/lib/eject/dmcrypt-get-device
-rwsr-sr-x 1 root root 10232 мая 31 16:10 /usr/lib/xorg/Xorg.wrap
-rwsr-xr-x 1 root root 436552 мар  4  2019 /usr/lib/openssh/ssh-keysign
-rwsr-xr-x 1 root root 6312 ноя 13  2018 /usr/local/share/tsc/printer/thermalprinterut
-rwsr-xr-x 1 root root 22520 мар 27  2019 /usr/bin/pkexec
-rwsr-xr-x 1 root root 76496 мар 23  2019 /usr/bin/chfn
-rwsr-xr-x 1 root root 75824 мар 23  2019 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 149080 янв 18  2018 /usr/bin/sudo
-rwsr-xr-x 1 root root 18448 июн 28 16:05 /usr/bin/traceroute6.iputils
-rwsr-xr-x 1 root root 22528 июн 28 16:05 /usr/bin/arping
-rwsr-xr-x 1 root root 40344 мар 23  2019 /usr/bin/newgrp
-rwsr-xr-x 1 root root 59640 мар 23  2019 /usr/bin/passwd
-rwsr-xr-x 1 root root 44528 мар 23  2019 /usr/bin/chsh
-rwsr-xr-- 1 root dip 378600 июн 12  2018 /usr/sbin/pppd
-rwsr-xr-x 1 root root 30800 авг 11  2016 /bin/fusermount
-rwsr-xr-x 1 root root 44664 мар 23  2019 /bin/su
-rwsr-xr-x 1 root root 43088 окт 16  2018 /bin/mount
-rwsr-xr-x 1 root root 64424 июн 28 16:05 /bin/ping
-rwsr-xr-x 1 root root 26696 окт 16  2018 /bin/umount
-rwsr-xr-x 1 root root 227832 июл 13 04:16 /opt/google/chrome/chrome-sandbox
-rwsr-xr-x 1 root root 19800 дек 10  2015 /opt/brick/bin/chrome-sandbox

Подскажите, что с этим можно сделать?

 

Spoiler: Info

Code:

pastebin.com/JGwa0EXr

Ребят подскажите, есть варианты побороть данную машину?

 

FreeBSD 9.2-RELEASE-p5

На системе сделано так, что файл /etc/hosts различается. Даже /etc/passwd

Возможно ли повысить права на шелле?

 

Приветствую. Подскажите, кому не трудно, что можно сделать, куда копнуть. Ничего дельного найти не смог в силу мизерного опыта. Буду благодарен за любую помощь.

Spoiler: uname -a

Linux ***.**.**.*** 4.15.0-76-generic #86~16.04.1-Ubuntu SMP Mon Jan 20 11:02:50 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Spoiler: ls -la /boot

total 840124
drwxr-xr-x 3 root root 4096 Apr 21 06:55 .
drwxr-xr-x 27 root root 4096 May 6 14:43 ..
-rw------- 1 root root 4049376 Feb 12 2019 System.map-4.15.0-46-generic
-rw------- 1 root root 4049889 Mar 15 2019 System.map-4.15.0-47-generic
-rw------- 1 root root 4051368 Apr 5 2019 System.map-4.15.0-48-generic
-rw-r----- 1 root root 4052501 May 8 2019 System.map-4.15.0-50-generic
-rw------- 1 root root 4050792 May 16 2019 System.map-4.15.0-51-generic
-rw------- 1 root root 4050825 Jun 6 2019 System.map-4.15.0-52-generic
-rw------- 1 root root 4050903 Jun 24 2019 System.map-4.15.0-54-generic
-rw------- 1 root root 4054631 Aug 7 2019 System.map-4.15.0-58-generic
-rw------- 1 root root 4061501 Aug 26 2019 System.map-4.15.0-60-generic
-rw------- 1 root root 4061501 Sep 6 2019 System.map-4.15.0-62-generic
-rw------- 1 root root 4061501 Sep 13 2019 System.map-4.15.0-64-generic
-rw------- 1 root root 4062077 Sep 18 2019 System.map-4.15.0-65-generic
-rw------- 1 root root 4062584 Oct 1 2019 System.map-4.15.0-66-generic
-rw------- 1 root root 4064065 Nov 12 18:23 System.map-4.15.0-70-generic
-rw------- 1 root root 4064436 Nov 26 22:04 System.map-4.15.0-72-generic
-rw-r----- 1 root root 4066237 Dec 18 09:15 System.map-4.15.0-74-generic
-rw-r----- 1 root root 4066237 Jan 20 15:23 System.map-4.15.0-76-generic
-rw------- 1 root root 4067466 Feb 12 08:35 System.map-4.15.0-88-generic
-rw------- 1 root root 4067536 Feb 28 20:24 System.map-4.15.0-91-generic
-rw------- 1 root root 4068326 Apr 1 08:44 System.map-4.15.0-96-generic
-rw-r----- 1 root root 3841523 Jan 5 2018 System.map-4.9.75-timeweb
-rw-r--r-- 1 root root 217004 Feb 12 2019 config-4.15.0-46-generic
-rw-r--r-- 1 root root 217004 Mar 15 2019 config-4.15.0-47-generic
-rw-r--r-- 1 root root 217286 Apr 5 2019 config-4.15.0-48-generic
-rw-r--r-- 1 root root 217286 May 8 2019 config-4.15.0-50-generic
-rw-r--r-- 1 root root 217286 May 16 2019 config-4.15.0-51-generic
-rw-r--r-- 1 root root 217286 Jun 6 2019 config-4.15.0-52-generic
-rw-r--r-- 1 root root 217286 Jun 24 2019 config-4.15.0-54-generic
-rw-r--r-- 1 root root 217262 Aug 7 2019 config-4.15.0-58-generic
-rw-r--r-- 1 root root 217381 Aug 26 2019 config-4.15.0-60-generic
-rw-r--r-- 1 root root 217381 Sep 6 2019 config-4.15.0-62-generic
-rw-r--r-- 1 root root 217381 Sep 13 2019 config-4.15.0-64-generic
-rw-r--r-- 1 root root 217370 Sep 18 2019 config-4.15.0-65-generic
-rw-r--r-- 1 root root 217370 Oct 1 2019 config-4.15.0-66-generic
-rw-r--r-- 1 root root 217488 Nov 12 18:23 config-4.15.0-70-generic
-rw-r--r-- 1 root root 217468 Nov 26 22:04 config-4.15.0-72-generic
-rw-r--r-- 1 root root 217503 Dec 18 09:15 config-4.15.0-74-generic
-rw-r--r-- 1 root root 217503 Jan 20 15:23 config-4.15.0-76-generic
-rw-r--r-- 1 root root 217503 Feb 12 08:35 config-4.15.0-88-generic
-rw-r--r-- 1 root root 217465 Feb 28 20:24 config-4.15.0-91-generic
-rw-r--r-- 1 root root 217465 Apr 1 08:44 config-4.15.0-96-generic
-rw-r--r-- 1 root root 163824 Jan 5 2018 config-4.9.75-timeweb
-rw-r--r-- 1 root root 163824 Jan 5 2018 config-4.9.75-timeweb.old
drwxr-xr-x 5 root root 12288 Apr 21 06:55 grub
-rw-r--r-- 1 root root 38087263 May 15 2019 initrd.img-4.15.0-50-generic
-rw-r--r-- 1 root root 38087364 Jun 21 2019 initrd.img-4.15.0-52-generic
-rw-r--r-- 1 root root 38080526 Jul 3 2019 initrd.img-4.15.0-54-generic
-rw-r--r-- 1 root root 38084498 Sep 3 2019 initrd.img-4.15.0-58-generic
-rw-r--r-- 1 root root 38091332 Sep 6 2019 initrd.img-4.15.0-60-generic
-rw-r--r-- 1 root root 38092722 Sep 15 2019 initrd.img-4.15.0-62-generic
-rw-r--r-- 1 root root 38091156 Sep 20 2019 initrd.img-4.15.0-64-generic
-rw-r--r-- 1 root root 38092258 Oct 3 2019 initrd.img-4.15.0-65-generic
-rw-r--r-- 1 root root 38093333 Oct 23 2019 initrd.img-4.15.0-66-generic
-rw-r--r-- 1 root root 38103191 Nov 20 06:47 initrd.img-4.15.0-70-generic
-rw-r--r-- 1 root root 38100730 Dec 11 06:42 initrd.img-4.15.0-72-generic
-rw-r--r-- 1 root root 38108528 Jan 16 07:11 initrd.img-4.15.0-74-generic
-rw-r--r-- 1 root root 38109016 Feb 5 07:06 initrd.img-4.15.0-76-generic
-rw-r--r-- 1 root root 38110808 Feb 26 07:03 initrd.img-4.15.0-88-generic
-rw-r--r-- 1 root root 38115311 Mar 26 07:15 initrd.img-4.15.0-91-generic
-rw-r--r-- 1 root root 38116820 Apr 21 06:55 initrd.img-4.15.0-96-generic
-rw-r--r-- 1 root root 22714999 Jan 10 2018 initrd.img-4.9.75-timeweb
-rw-r--r-- 1 root root 176500 Mar 12 2014 memtest86+.bin
-rw-r--r-- 1 root root 178176 Mar 12 2014 memtest86+.elf
-rw-r--r-- 1 root root 178680 Mar 12 2014 memtest86+_multiboot.bin
-rw------- 1 root root 8141336 May 14 2019 vmlinuz-4.15.0-50-generic
-rw------- 1 root root 8141080 Jun 17 2019 vmlinuz-4.15.0-52-generic
-rw------- 1 root root 8140856 Jun 25 2019 vmlinuz-4.15.0-54-generic
-rw------- 1 root root 8148696 Aug 8 2019 vmlinuz-4.15.0-58-generic
-rw------- 1 root root 8173112 Aug 26 2019 vmlinuz-4.15.0-60-generic
-rw------- 1 root root 8172440 Sep 6 2019 vmlinuz-4.15.0-62-generic
-rw------- 1 root root 8172440 Sep 17 2019 vmlinuz-4.15.0-64-generic
-rw------- 1 root root 8181016 Sep 19 2019 vmlinuz-4.15.0-65-generic
-rw------- 1 root root 8181656 Oct 3 2019 vmlinuz-4.15.0-66-generic
-rw------- 1 root root 8184600 Nov 13 10:24 vmlinuz-4.15.0-70-generic
-rw------- 1 root root 8185592 Nov 27 12:18 vmlinuz-4.15.0-72-generic
-rw------- 1 root root 8187192 Dec 19 14:43 vmlinuz-4.15.0-74-generic
-rw------- 1 root root 8187320 Jan 21 18:48 vmlinuz-4.15.0-76-generic
-rw------- 1 root root 8193496 Feb 12 16:28 vmlinuz-4.15.0-88-generic
-rw------- 1 root root 8193432 Mar 1 13:28 vmlinuz-4.15.0-91-generic
-rw------- 1 root root 8191544 Apr 6 19:08 vmlinuz-4.15.0-96-generic
-rw-r--r-- 1 root root 6761232 Jan 5 2018 vmlinuz-4.9.75-timeweb

Spoiler: ls -la --full-time /lib

total 332
drwxr-xr-x 21 root root 4096 2019-03-20 06:39:13.338937021 +0300 .
drwxr-xr-x 27 root root 4096 2020-05-06 14:52:50.318163636 +0300 ..
lrwxrwxrwx 1 root root 21 2016-02-16 13:18:42.115126992 +0300 cpp -> /etc/alternatives/cpp
drwxr-xr-x 3 root root 4096 2019-03-20 06:39:13.478937018 +0300 crda
drwxr-xr-x 2 root root 4096 2017-02-21 03:33:36.203966177 +0300 discover
drwxr-xr-x 2 root root 4096 2017-02-21 03:34:26.419965014 +0300 drbd
drwxr-xr-x 72 root root 32768 2019-07-20 13:16:38.864405916 +0300 firmware
drwxr-xr-x 2 root root 4096 2017-02-21 03:30:18.631970753 +0300 hdparm
drwxr-xr-x 2 root root 4096 2018-07-05 06:45:20.437203377 +0300 ifupdown
drwxr-xr-x 2 root root 4096 2019-01-16 06:49:08.667034612 +0300 init
-rwxr-xr-x 1 root root 71528 2017-06-13 18:47:43.000000000 +0300 klibc-gLiulUM5C1Zpwc25rCxX8UZ6S-s.so
lrwxrwxrwx 1 root root 17 2014-01-09 02:32:00.000000000 +0400 libip4tc.so.0 -> libip4tc.so.0.1.0
-rw-r--r-- 1 root root 27392 2014-01-09 02:32:05.000000000 +0400 libip4tc.so.0.1.0
lrwxrwxrwx 1 root root 17 2014-01-09 02:32:00.000000000 +0400 libip6tc.so.0 -> libip6tc.so.0.1.0
-rw-r--r-- 1 root root 31520 2014-01-09 02:32:05.000000000 +0400 libip6tc.so.0.1.0
lrwxrwxrwx 1 root root 16 2014-01-09 02:32:00.000000000 +0400 libiptc.so.0 -> libiptc.so.0.0.0
-rw-r--r-- 1 root root 5816 2014-01-09 02:32:05.000000000 +0400 libiptc.so.0.0.0
lrwxrwxrwx 1 root root 20 2014-01-09 02:32:00.000000000 +0400 libxtables.so.10 -> libxtables.so.10.0.0
-rw-r--r-- 1 root root 47712 2014-01-09 02:32:06.000000000 +0400 libxtables.so.10.0.0
drwxr-xr-x 3 root root 4096 2017-02-21 03:29:05.103972456 +0300 lsb
drwxr-xr-x 2 root root 4096 2020-04-21 06:54:38.683867507 +0300 modprobe.d
drwxr-xr-x 24 root root 4096 2020-04-21 06:54:37.623867532 +0300 modules
drwxr-xr-x 2 root root 4096 2017-02-21 03:32:07.783968225 +0300 modules-load.d
drwxr-xr-x 3 root root 4096 2018-05-30 06:25:18.758465321 +0300 plymouth
drwxr-xr-x 3 root root 4096 2016-02-16 13:17:51.699128162 +0300 recovery-mode
drwxr-xr-x 3 root root 4096 2019-04-12 07:07:29.311777451 +0300 systemd
drwxr-xr-x 15 root root 4096 2016-02-16 13:01:39.123150686 +0300 terminfo
drwxr-xr-x 4 root root 4096 2019-04-12 07:07:52.995928901 +0300 udev
drwxr-xr-x 2 root root 4096 2017-02-21 03:33:25.463966426 +0300 ufw
drwxr-xr-x 4 root root 16384 2019-04-12 07:07:29.515675446 +0300 x86_64-linux-gnu
drwxr-xr-x 2 root root 20480 2017-02-21 03:33:22.667966491 +0300 xtables

Spoiler: mount

/dev/sda1 on / type ext4 (rw,noatime,discard)
proc on /proc type proc (rw,noexec,nosuid,nodev,hidepid=1)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /tmp type tmpfs (rw,noexec,nosuid,nodev,noatime,size=4g)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
shm on /run/shm type tmpfs (rw,nosuid,nodev,size=1g)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
none on /sys/fs/pstore type pstore (rw)
none on /var/spool/exim4 type tmpfs (rw,noexec,nosuid,nodev,noatime,size=1g)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,relatime,name=systemd)
/dev/drbd0 on /home type ext4 (rw,nosuid,noatime,nodiratime,usrjquota=aquota.user,jqfmt=vfsv0,usrquota,discard,_netdev)
/tmp on /var/tmp type none (rw,bind,_netdev)
/tmp on /var/tmp type none (rw,bind,_netdev)
none on /run/shm type tmpfs (rw,nosuid,nodev,size=1g)
//***.**.**.***/on_demand on /mnt/on_demand_storage-cs3-old type cifs (ro,noexec,nosuid,nodev)
//***.**.**.***/homes on /mnt/backup type cifs (ro,noexec,nosuid,nodev)
//***.**.**.***/on_demand on /mnt/on_demand_storage-cs2 type cifs (ro,noexec,nosuid,nodev)
//***.**.**.***/on_demand on /mnt/on_demand_storage-cs1 type cifs (ro,noexec,nosuid,nodev)

Spoiler: df -h

Filesystem Size Used Avail Use% Mounted on
/dev/sda1 46G 33G 11G 76% /
none 4.0K 0 4.0K 0% /sys/fs/cgroup
udev 32G 12K 32G 1% /dev
/tmp 4.0G 400M 3.7G 10% /var/tmp
tmpfs 6.3G 872K 6.3G 1% /run
none 5.0M 4.0K 5.0M 1% /run/lock
shm 1.0G 36K 1.0G 1% /run/shm
none 100M 8.0K 100M 1% /run/user
none 1.0G 736K 1.0G 1% /var/spool/exim4
/dev/drbd0 1.3T 1.3T 38G 98% /home
none 1.0G 36K 1.0G 1% /run/shm

Spoiler: cat /etc/issue

Ubuntu 14.04.6 LTS \n \l

Spoiler: cat /etc/crontab

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

Spoiler: cat /proc/version

Linux version 4.15.0-76-generic (buildd@lgw01-amd64-023) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12)) #86~16.04.1-Ubuntu SMP Mon Jan 20 11:02:50 UTC 2020

Spoiler: find / -type f -perm -u+s -exec ls -la {} \; 2>/dev/null

-rwsr-xr-x 1 root root 30800 May 15 2015 /bin/fusermount
-rwsr-xr-x 1 root root 94792 Nov 24 2016 /bin/mount
-rwsr-xr-x 1 root root 69120 Nov 24 2016 /bin/umount
-rwsr-xr-x 1 root root 36936 May 17 2017 /bin/su
-rwsr-xr-x 1 root root 36592 May 17 2017 /usr/bin/newgrp
-rwsr-xr-x 1 root root 75256 Oct 21 2013 /usr/bin/mtr
-rwsr-xr-x 1 root root 23104 Mar 15 2014 /usr/bin/traceroute6.iputils
-rwsr-xr-x 1 root root 46424 May 17 2017 /usr/bin/chfn
-rwsr-sr-x 1 daemon daemon 51464 Oct 21 2013 /usr/bin/at
-rwsr-xr-x 1 root root 35712 Nov 8 2009 /usr/bin/tcptraceroute.mt
-rwsr-xr-x 1 root root 23304 Mar 27 2019 /usr/bin/pkexec
-rwsr-xr-x 1 root root 41336 May 17 2017 /usr/bin/chsh
-rwsr-xr-x 1 root root 72280 May 17 2017 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 47032 May 17 2017 /usr/bin/passwd
-rwsr-xr-x 1 root root 155008 May 29 2017 /usr/bin/sudo
-rwsr-sr-x 1 libuuid libuuid 18904 Nov 24 2016 /usr/sbin/uuidd
-r-sr-x--- 1 root customers 983424 Feb 10 2018 /usr/sbin/exim4
-rwsr-xr-- 1 root dip 347296 Jun 12 2018 /usr/sbin/pppd
-rwsr-xr-x 1 root root 440416 Mar 4 2019 /usr/lib/openssh/ssh-keysign
-rwsr-xr-- 1 root messagebus 310800 Dec 7 2016 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 10240 Mar 27 2017 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 14808 Mar 27 2019 /usr/lib/policykit-1/polkit-agent-helper-1
-rwsr-xr-x 1 root root 35608 Jun 28 2013 /sbin/mount.cifs

 

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS

 

Всем Привет подскажите есть ли сплойт под это ядро:

Spoiler

Linux 3.10.0-862.3.2.el7.x86_64 #1 SMP Mon May 21 23:36:36 UTC 2018 x86_64

 

Ищите хорошо, система старенькая, должно пробить)