3 box enum fox

PEAS

â•£ Checking sudo tokens
â•š https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens
/proc/sys/kernel/yama/ptrace_scope is enabled (0)

â•£ Users with console
fox:x:1000:1001::/home/fox:/bin/sh
root:x:0:0:root:/root:/bin/bash

-rw-r--r-- 1 root root 2279 Jan 18  2018 /etc/fail2ban/filter.d/mongodb-auth.conf

â•£ Analyzing Htpasswd Files (limit 70)
-rw-r--r-- 1 root root 47 Jan 18  2018 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd
username:$apr1$1f5oQUl4$21lLXSN7xQOPtNsj5s4Nk/
-rw-r--r-- 1 root root 47 Jan 18  2018 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd
username:$apr1$uUMsOjCQ$.BzXClI/B/vZKddgIAJCR.
-rw-r--r-- 1 root root 117 Jan 18  2018 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd
username:digest anon:25e4077a9344ceb1a88f2a62c9fb60d8
05bbb04
anonymous:digest anon:faa4e5870970cf935bb9674776e6b26a
-rw-r--r-- 1 root root 62 Jan 18  2018 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htpasswd
username:digest private area:fad48d3a7c63f61b5b3567a4105bbb04
-rw-r--r-- 1 root root 62 Jan 18  2018 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd
username:digest private area:fad48d3a7c63f61b5b3567a4105bbb04
-rw-r--r-- 1 root root 62 Jan 18  2018 /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd
username:wrongrelm:99cd340e1283c6d0ab34734bd47bdc30
4105bbb04

â•£ Analyzing Rsync Files (limit 70)
-rw-r--r-- 1 root root 112 Nov 19  2020 /etc/rsyncd.conf
[fox]
    path = /home/fox
    comment = fox home
    uid = fox
    gid = fox
    read only = no
    list = yes

-rw-r--r-- 1 root root 37 Nov 19  2020 /etc/rsyncd.secrets
fox:f1bddf02cd53fab415c1b46853072f6a

â•£ Searching uncommon passwd files (splunk)
passwd file: /etc/pam.d/passwd
passwd file: /etc/passwd
passwd file: /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd
passwd file: /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd
passwd file: /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd
passwd file: /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest/.htpasswd
passwd file: /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd
passwd file: /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd
passwd file: /usr/share/bash-completion/completions/passwd
passwd file: /usr/share/lintian/override

â•£ Interesting GROUP writable files (not in Home) (max 500)
â•š https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files
  Group fox:

  Group fail2ban:
/etc/fail2ban/action.d

Last updated