╔═══════════════════════════════════════════════════════════════════════╗ ║ Linux Privilege Escalation Enumeration Report ║ ╚═══════════════════════════════════════════════════════════════════════╝ Generated: Sat Nov 8 14:15:04 +08 2025 User: apache Hostname: localhost.localdomain Kernel: 3.10.0-1160.80.1.el7.x86_64 OS: CentOS Linux 7 (Core) ═══════════════════════════════════════════════════════════════════════ 1. SYSTEM INFORMATION ═══════════════════════════════════════════════════════════════════════ [*] Current user: apache [*] User ID: uid=48(apache) gid=48(apache) groups=48(apache),1001(emas) [*] Groups: apache emas [*] Home directory: [*] Current directory: /var/www/html/mpc_emas/public/uploads/permohonan/5914/sokongan [*] Shell: /sbin/nologin [*] PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin [*] Sudo version: Sudo version 1.8.23 [*] Users with shell access: root:/bin/bash sync:/bin/sync shutdown:/sbin/shutdown halt:/sbin/halt amandabackup:/bin/bash mpcuser:/bin/bash emas:/bin/bash [*] Sudoers configuration: [!] WARNING: Cannot read /etc/sudoers [*] Sudoers.d files: ═══════════════════════════════════════════════════════════════════════ 2. SUID/SGID BINARIES ═══════════════════════════════════════════════════════════════════════ [*] Finding SUID binaries... SUID: /etc/yum.repos.d/virtualmin.repo -rwsr-s--- 1 root root 370 May 16 2022 /etc/yum.repos.d/virtualmin.repo SUID: /usr/bin/fusermount -rwsr-xr-x 1 root root 32096 Oct 31 2018 /usr/bin/fusermount SUID: /usr/bin/chfn -rws--x--x 1 root root 23968 Feb 3 2021 /usr/bin/chfn SUID: /usr/bin/passwd -rwsr-xr-x 1 root root 27856 Apr 1 2020 /usr/bin/passwd SUID: /usr/bin/mount -rwsr-xr-x 1 root root 44264 Feb 3 2021 /usr/bin/mount SUID: /usr/bin/su -rwsr-xr-x 1 root root 32128 Feb 3 2021 /usr/bin/su SUID: /usr/bin/umount -rwsr-xr-x 1 root root 31984 Feb 3 2021 /usr/bin/umount SUID: /usr/bin/chage -rwsr-xr-x 1 root root 73888 Aug 9 2019 /usr/bin/chage SUID: /usr/bin/gpasswd -rwsr-xr-x 1 root root 78408 Aug 9 2019 /usr/bin/gpasswd SUID: /usr/bin/newgrp -rwsr-xr-x 1 root root 41936 Aug 9 2019 /usr/bin/newgrp SUID: /usr/bin/chsh -rws--x--x 1 root root 23880 Feb 3 2021 /usr/bin/chsh SUID: /usr/bin/staprun ---s--x--- 1 root stapusr 212080 Oct 14 2020 /usr/bin/staprun SUID: /usr/bin/pkexec -rwsr-xr-x 1 root root 27672 Jan 26 2022 /usr/bin/pkexec [!!!] CRITICAL: Potentially exploitable SUID binary: /usr/bin/pkexec SUID: /usr/bin/crontab -rwsr-xr-x 1 root root 57576 Jan 14 2022 /usr/bin/crontab SUID: /usr/bin/Xorg -rwsr-xr-x 1 root root 2447248 Aug 4 2022 /usr/bin/Xorg SUID: /usr/bin/at -rwsr-xr-x 1 root root 52968 May 18 2022 /usr/bin/at SUID: /usr/bin/sudo ---s--x--x 1 root root 151424 Oct 14 2021 /usr/bin/sudo SUID: /usr/bin/jk_uchroot -rwsr-xr-x 1 root root 29544 Aug 16 2021 /usr/bin/jk_uchroot SUID: /usr/bin/procmail-wrapper -rwsr-sr-x 1 root root 8656 Jan 26 2022 /usr/bin/procmail-wrapper SUID: /usr/sbin/pam_timestamp_check -rwsr-xr-x 1 root root 11232 Apr 1 2020 /usr/sbin/pam_timestamp_check SUID: /usr/sbin/unix_chkpwd -rwsr-xr-x 1 root root 36272 Apr 1 2020 /usr/sbin/unix_chkpwd SUID: /usr/sbin/userhelper -rws--x--x 1 root root 40328 Aug 9 2019 /usr/sbin/userhelper SUID: /usr/sbin/usernetctl -rwsr-xr-x 1 root root 11296 Nov 17 2020 /usr/sbin/usernetctl SUID: /usr/sbin/mount.nfs -rwsr-xr-x 1 root root 117432 Oct 14 2021 /usr/sbin/mount.nfs SUID: /usr/sbin/amcheck -rwsr-x--- 1 root disk 64768 Oct 13 2020 /usr/sbin/amcheck SUID: /usr/sbin/amservice -rwsr-x--- 1 root disk 19616 Oct 13 2020 /usr/sbin/amservice SUID: /usr/sbin/jk_chrootsh -rwsr-xr-x 1 root root 33512 Aug 16 2021 /usr/sbin/jk_chrootsh SUID: /usr/lib/polkit-1/polkit-agent-helper-1 -rwsr-xr-x 1 root root 15432 Jan 26 2022 /usr/lib/polkit-1/polkit-agent-helper-1 SUID: /usr/lib64/amanda/application/amgtar -rwsr-x--- 1 root disk 41552 Oct 13 2020 /usr/lib64/amanda/application/amgtar SUID: /usr/lib64/amanda/application/amstar -rwsr-x--- 1 root disk 32960 Oct 13 2020 /usr/lib64/amanda/application/amstar SUID: /usr/lib64/amanda/calcsize -rwsr-x--- 1 root disk 19600 Oct 13 2020 /usr/lib64/amanda/calcsize SUID: /usr/lib64/amanda/dumper -rwsr-x--- 1 root disk 52496 Oct 13 2020 /usr/lib64/amanda/dumper SUID: /usr/lib64/amanda/killpgrp -rwsr-x--- 1 root disk 11248 Oct 13 2020 /usr/lib64/amanda/killpgrp SUID: /usr/lib64/amanda/planner -rwsr-x--- 1 root disk 64792 Oct 13 2020 /usr/lib64/amanda/planner SUID: /usr/lib64/amanda/rundump -rwsr-x--- 1 root disk 11216 Oct 13 2020 /usr/lib64/amanda/rundump SUID: /usr/lib64/amanda/runtar -rwsr-x--- 1 root disk 15320 Oct 13 2020 /usr/lib64/amanda/runtar SUID: /usr/libexec/kde4/kpac_dhcp_helper -rwsr-xr-x 1 root root 11128 Oct 14 2020 /usr/libexec/kde4/kpac_dhcp_helper SUID: /usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper -rwsr-xr-x 1 root root 15440 Nov 5 2020 /usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper SUID: /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache -rwsr-sr-x 1 abrt abrt 15344 Oct 2 2020 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache SUID: /usr/libexec/qemu-bridge-helper -rwsr-xr-x 1 root root 15360 May 19 2022 /usr/libexec/qemu-bridge-helper SUID: /usr/libexec/dbus-1/dbus-daemon-launch-helper -rwsr-x--- 1 root dbus 57936 Sep 30 2020 /usr/libexec/dbus-1/dbus-daemon-launch-helper SUID: /usr/libexec/flatpak-bwrap -rwsr-xr-x 1 root root 53792 Nov 2 2021 /usr/libexec/flatpak-bwrap [*] Finding SGID binaries... SGID: /etc/yum.repos.d/virtualmin.repo -rwsr-s--- 1 root root 370 May 16 2022 /etc/yum.repos.d/virtualmin.repo SGID: /usr/bin/wall -r-xr-sr-x. 1 root tty 15344 Jun 10 2014 /usr/bin/wall SGID: /usr/bin/write -rwxr-sr-x 1 root tty 19544 Feb 3 2021 /usr/bin/write SGID: /usr/bin/ssh-agent ---x--s--x 1 root nobody 382216 Nov 25 2021 /usr/bin/ssh-agent SGID: /usr/bin/locate -rwx--s--x 1 root slocate 40520 Apr 11 2018 /usr/bin/locate SGID: /usr/bin/lockfile -rwxr-sr-x 1 root mail 19824 Nov 29 2017 /usr/bin/lockfile SGID: /usr/bin/procmail-wrapper -rwsr-sr-x 1 root root 8656 Jan 26 2022 /usr/bin/procmail-wrapper SGID: /usr/sbin/netreport -rwxr-sr-x 1 root root 11224 Nov 17 2020 /usr/sbin/netreport SGID: /usr/sbin/lockdev -rwx--s--x. 1 root lock 11208 Jun 10 2014 /usr/sbin/lockdev SGID: /usr/sbin/postdrop -rwxr-sr-x 1 root postdrop 218560 Apr 1 2020 /usr/sbin/postdrop SGID: /usr/sbin/postqueue -rwxr-sr-x 1 root postdrop 264128 Apr 1 2020 /usr/sbin/postqueue SGID: /usr/sbin/sendmail.sendmail -rwxr-sr-x 1 root smmsp 836920 Apr 1 2020 /usr/sbin/sendmail.sendmail SGID: /usr/lib64/vte-2.91/gnome-pty-helper -rwx--s--x 1 root utmp 15568 Oct 1 2020 /usr/lib64/vte-2.91/gnome-pty-helper SGID: /usr/libexec/kde4/kdesud -rwxr-sr-x 1 root nobody 53064 Apr 20 2018 /usr/libexec/kde4/kdesud SGID: /usr/libexec/utempter/utempter -rwx--s--x. 1 root utmp 11192 Jun 10 2014 /usr/libexec/utempter/utempter SGID: /usr/libexec/openssh/ssh-keysign ---x--s--x 1 root ssh_keys 465760 Nov 25 2021 /usr/libexec/openssh/ssh-keysign SGID: /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache -rwsr-sr-x 1 abrt abrt 15344 Oct 2 2020 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache [*] Finding files with both SUID and SGID... [!!!] CRITICAL: SUID+SGID: /etc/yum.repos.d/virtualmin.repo -rwsr-s--- 1 root root 370 May 16 2022 /etc/yum.repos.d/virtualmin.repo [!!!] CRITICAL: SUID+SGID: /usr/bin/procmail-wrapper -rwsr-sr-x 1 root root 8656 Jan 26 2022 /usr/bin/procmail-wrapper [!!!] CRITICAL: SUID+SGID: /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache -rwsr-sr-x 1 abrt abrt 15344 Oct 2 2020 /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache ═══════════════════════════════════════════════════════════════════════ 3. SUDO PERMISSIONS ═══════════════════════════════════════════════════════════════════════ [*] Checking sudo permissions for current user... [!] WARNING: Potential CVE-2021-3156 vulnerability (Baron Samedit) ═══════════════════════════════════════════════════════════════════════ 4. WORLD-WRITABLE FILES AND DIRECTORIES ═══════════════════════════════════════════════════════════════════════ [*] Finding world-writable files (excluding /proc, /sys, /dev)... World-writable: /home/emas/.anydesk/anydesk.trace -rwxrwxrwx 1 emas emas 1001757 Nov 8 13:20 /home/emas/.anydesk/anydesk.trace World-writable: /var/log/anydesk.trace -rwxrwxrwx 1 root root 993429 Oct 11 09:33 /var/log/anydesk.trace World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminer.php -rwxrwxrwx 1 root root 357886 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminer.php World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/css/bootstrap.css -rwxrwxrwx 1 root root 148206 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/css/bootstrap.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/css/bootstrap.css.map -rwxrwxrwx 1 root root 380986 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/css/bootstrap.css.map World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/css/bootstrap.min.css -rwxrwxrwx 1 root root 117309 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/css/bootstrap.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.eot -rwxrwxrwx 1 root root 20127 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.eot World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.svg -rwxrwxrwx 1 root root 109025 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.svg World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.ttf -rwxrwxrwx 1 root root 45404 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.ttf World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.woff -rwxrwxrwx 1 root root 23424 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.woff World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.woff2 -rwxrwxrwx 1 root root 18028 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts/glyphicons-halflings-regular.woff2 World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/js/bootstrap.js -rwxrwxrwx 1 root root 69863 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/js/bootstrap.js World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/js/bootstrap.min.js -rwxrwxrwx 1 root root 35957 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/js/bootstrap.min.js World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/js/npm.js -rwxrwxrwx 1 root root 496 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/js/npm.js World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/AdminLTE.css -rwxrwxrwx 1 root root 104593 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/AdminLTE.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/AdminLTE.min.css -rwxrwxrwx 1 root root 83057 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/AdminLTE.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-black-light.css -rwxrwxrwx 1 root root 5167 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-black-light.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-black-light.min.css -rwxrwxrwx 1 root root 4234 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-black-light.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-black.css -rwxrwxrwx 1 root root 4229 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-black.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-black.min.css -rwxrwxrwx 1 root root 3409 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-black.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-blue-light.css -rwxrwxrwx 1 root root 4829 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-blue-light.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-blue-light.min.css -rwxrwxrwx 1 root root 4031 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-blue-light.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-blue.css -rwxrwxrwx 1 root root 3856 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-blue.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-blue.min.css -rwxrwxrwx 1 root root 3182 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-blue.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-green-light.css -rwxrwxrwx 1 root root 4582 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-green-light.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-green-light.min.css -rwxrwxrwx 1 root root 3834 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-green-light.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-green.css -rwxrwxrwx 1 root root 3668 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-green.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-green.min.css -rwxrwxrwx 1 root root 3033 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-green.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-purple-light.css -rwxrwxrwx 1 root root 4633 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-purple-light.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-purple-light.min.css -rwxrwxrwx 1 root root 3883 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-purple-light.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-purple.css -rwxrwxrwx 1 root root 3712 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-purple.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-purple.min.css -rwxrwxrwx 1 root root 3075 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-purple.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-red-light.css -rwxrwxrwx 1 root root 4480 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-red-light.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-red-light.min.css -rwxrwxrwx 1 root root 3736 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-red-light.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-red.css -rwxrwxrwx 1 root root 3580 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-red.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-red.min.css -rwxrwxrwx 1 root root 2949 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-red.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-yellow-light.css -rwxrwxrwx 1 root root 4633 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-yellow-light.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-yellow-light.min.css -rwxrwxrwx 1 root root 3883 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-yellow-light.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-yellow.css -rwxrwxrwx 1 root root 3712 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-yellow.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-yellow.min.css -rwxrwxrwx 1 root root 3075 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/skin-yellow.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/_all-skins.css -rwxrwxrwx 1 root root 51081 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/_all-skins.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/_all-skins.min.css -rwxrwxrwx 1 root root 42324 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins/_all-skins.min.css World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar.png -rwxrwxrwx 1 root root 27738 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar.png World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar04.png -rwxrwxrwx 1 root root 44586 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar04.png World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar2.png -rwxrwxrwx 1 root root 28512 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar2.png World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar3.png -rwxrwxrwx 1 root root 32476 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar3.png World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar5.png -rwxrwxrwx 1 root root 24988 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/avatar5.png World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/boxed-bg.jpg -rwxrwxrwx 1 root root 123770 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/boxed-bg.jpg World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/boxed-bg.png -rwxrwxrwx 1 root root 43694 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/boxed-bg.png World-writable: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/credit/american-express.png -rwxrwxrwx 1 root root 2796 Nov 2 2020 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/credit/american-express.png [*] Finding world-writable directories... World-writable dir: /home/backup drwxrwxrwx 4 root root 125 Nov 10 2021 /home/backup World-writable dir: /home/backup/dumpfiles drwxrwxrwx 2 root root 4096 Nov 8 12:00 /home/backup/dumpfiles World-writable dir: /home/backup/attachments drwxrwxrwx 2 root root 222 Aug 22 2021 /home/backup/attachments World-writable dir: /var/tmp drwxrwxrwt 2 root root 6 Nov 8 14:15 /var/tmp World-writable dir: /var/lib/dovecot-virtualmin/index drwxrwxrwx 2 root root 6 Nov 24 2022 /var/lib/dovecot-virtualmin/index World-writable dir: /var/lib/dovecot-virtualmin/control drwxrwxrwx 2 root root 6 Nov 24 2022 /var/lib/dovecot-virtualmin/control World-writable dir: /var/opt/remi/php72/tmp drwxrwxrwt. 2 root root 6 Feb 20 2019 /var/opt/remi/php72/tmp World-writable dir: /var/spool/samba drwxrwxrwt. 2 root root 6 Sep 21 2022 /var/spool/samba World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public drwxrwxrwx 16 root root 4096 Jul 1 09:06 /var/www/html/mpc_emas_01072025_maybecorrupt/public World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE drwxrwxrwx 5 root root 50 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap drwxrwxrwx 5 root root 40 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/css drwxrwxrwx 2 root root 77 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/css World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts drwxrwxrwx 2 root root 209 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/fonts World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/js drwxrwxrwx 2 root root 64 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/bootstrap/js World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist drwxrwxrwx 5 root root 38 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css drwxrwxrwx 3 root root 63 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins drwxrwxrwx 2 root root 4096 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/css/skins World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img drwxrwxrwx 3 root root 4096 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/credit drwxrwxrwx 2 root root 145 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/img/credit World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/js drwxrwxrwx 3 root root 66 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/js World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/js/pages drwxrwxrwx 2 root root 47 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/dist/js/pages World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins drwxrwxrwx 31 root root 4096 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0 drwxrwxrwx 4 root root 163 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0 World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/src drwxrwxrwx 2 root root 70 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/src World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test drwxrwxrwx 7 root root 109 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/css drwxrwxrwx 2 root root 31 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/css World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/fonts drwxrwxrwx 2 root root 167 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/fonts World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/js drwxrwxrwx 2 root root 30 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/js World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/open-iconic drwxrwxrwx 3 root root 18 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/open-iconic World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/open-iconic/font drwxrwxrwx 4 root root 30 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/open-iconic/font World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/open-iconic/font/css drwxrwxrwx 2 root root 39 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/open-iconic/font/css World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/open-iconic/font/fonts drwxrwxrwx 2 root root 122 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/open-iconic/font/fonts World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/upload drwxrwxrwx 2 root root 21 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-filestyle-2.1.0/test/upload World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-slider drwxrwxrwx 2 root root 51 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-slider World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-wysihtml5 drwxrwxrwx 2 root root 144 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/bootstrap-wysihtml5 World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/chartjs drwxrwxrwx 2 root root 42 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/chartjs World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor drwxrwxrwx 6 root root 211 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/adapters drwxrwxrwx 2 root root 23 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/adapters World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/lang drwxrwxrwx 2 root root 4096 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/lang World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins drwxrwxrwx 17 root root 276 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/a11yhelp drwxrwxrwx 3 root root 21 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/a11yhelp World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/a11yhelp/dialogs drwxrwxrwx 3 root root 37 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/a11yhelp/dialogs World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/a11yhelp/dialogs/lang drwxrwxrwx 2 root root 4096 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/a11yhelp/dialogs/lang World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/about drwxrwxrwx 3 root root 21 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/about World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/about/dialogs drwxrwxrwx 3 root root 60 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/about/dialogs World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/about/dialogs/hidpi drwxrwxrwx 2 root root 31 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/about/dialogs/hidpi World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/btgrid drwxrwxrwx 6 root root 149 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/btgrid World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/btgrid/dialogs drwxrwxrwx 2 root root 23 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/btgrid/dialogs World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/btgrid/icons drwxrwxrwx 2 root root 24 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/btgrid/icons World-writable dir: /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/btgrid/lang drwxrwxrwx 2 root root 58 Oct 4 2021 /var/www/html/mpc_emas_01072025_maybecorrupt/public/adminLTE/plugins/ckeditor/plugins/btgrid/lang ═══════════════════════════════════════════════════════════════════════ 5. CRON JOBS ═══════════════════════════════════════════════════════════════════════ [*] System-wide cron jobs (/etc/crontab): SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # For details see man 4 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed [!] WARNING: Cron job contains wildcards or scripts - check for exploitation [*] Cron directories: Directory: /etc/cron.d total 36 drwxr-xr-x. 2 root root 92 Nov 24 2022 . drwxr-xr-x. 174 root root 12288 Jun 11 16:16 .. -rw-r--r-- 1 root root 128 Jan 14 2022 0hourly -rw------- 1 root root 215 Jul 28 2022 clamav-update -rw-r--r-- 1 root root 108 Jan 8 2022 raid-check -rw-r--r-- 1 root root 459 Oct 1 2020 sa-update -rw------- 1 root root 235 Apr 1 2020 sysstat File: /etc/cron.d/0hourly # Run the hourly jobs SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root 01 * * * * root run-parts /etc/cron.hourly File: /etc/cron.d/raid-check # Run system wide raid-check once a week on Sunday at 1am by default 0 1 * * Sun root /usr/sbin/raid-check File: /etc/cron.d/sa-update # *** DO NOT MODIFY THIS FILE *** ### Spamassassin Rules Updates ### # # http://wiki.apache.org/spamassassin/RuleUpdates # # sa-update automatically updates your rules once per day if a spam daemon like # spamd or amavisd are running. You can force sa-update to run in # /etc/sysconfig/sa-update # # /var/log/sa-update.log contains a history log of sa-update runs 10 4 * * * root /usr/share/spamassassin/sa-update.cron 2>&1 | tee -a /var/log/sa-update.log Directory: /etc/cron.daily total 32 drwxr-xr-x. 2 root root 74 Nov 24 2022 . drwxr-xr-x. 174 root root 12288 Jun 11 16:16 .. -rwxr-xr-x 1 root root 205 Mar 9 2022 etckeeper -rwx------ 1 root root 219 Apr 1 2020 logrotate -rwxr-xr-x 1 root root 618 Oct 30 2018 man-db.cron -rwx------ 1 root root 208 Apr 11 2018 mlocate File: /etc/cron.daily/etckeeper #!/bin/sh set -e if [ -e /etc/etckeeper/daily ] && [ -e /etc/etckeeper/etckeeper.conf ]; then . /etc/etckeeper/etckeeper.conf if [ "$AVOID_DAILY_AUTOCOMMITS" != "1" ]; then /etc/etckeeper/daily fi fi File: /etc/cron.daily/man-db.cron #!/bin/bash if [ -e /etc/sysconfig/man-db ]; then . /etc/sysconfig/man-db fi if [ "$CRON" = "no" ]; then exit 0 fi renice +19 -p $$ >/dev/null 2>&1 ionice -c3 -p $$ >/dev/null 2>&1 LOCKFILE=/var/lock/man-db.lock # the lockfile is not meant to be perfect, it's just in case the # two man-db cron scripts get run close to each other to keep # them from stepping on each other's toes. The worst that will # happen is that they will temporarily corrupt the database [[ -f $LOCKFILE ]] && exit 0 trap "{ rm -f $LOCKFILE ; exit 0; }" EXIT touch $LOCKFILE # create/update the mandb database mandb $OPTS exit 0 Directory: /etc/cron.hourly total 28 drwxr-xr-x. 2 root root 56 Nov 24 2022 . drwxr-xr-x. 174 root root 12288 Jun 11 16:16 .. -rwxr-xr-x 1 root root 392 Jan 14 2022 0anacron -rwxr-x--- 1 root root 174 Nov 24 2022 awstats -rwxr-xr-x 1 root root 191 Aug 9 2019 mcelog.cron File: /etc/cron.hourly/0anacron #!/bin/sh # Check whether 0anacron was run today already if test -r /var/spool/anacron/cron.daily; then day=`cat /var/spool/anacron/cron.daily` fi if [ `date +%Y%m%d` = "$day" ]; then exit 0; fi # Do not run jobs when on battery power if test -x /usr/bin/on_ac_power; then /usr/bin/on_ac_power >/dev/null 2>&1 if test $? -eq 1; then exit 0 fi fi /usr/sbin/anacron -s File: /etc/cron.hourly/mcelog.cron #!/bin/bash # Disabled by default on Fedora since this is run as daemon # using the mcelog.service systemd configuration entries. #/usr/sbin/mcelog --ignorenodev --filter >> /var/log/mcelog Directory: /etc/cron.weekly total 16 drwxr-xr-x. 2 root root 6 Jun 10 2014 . drwxr-xr-x. 174 root root 12288 Jun 11 16:16 .. Directory: /etc/cron.monthly total 16 drwxr-xr-x. 2 root root 6 Jun 10 2014 . drwxr-xr-x. 174 root root 12288 Jun 11 16:16 .. [*] User cron jobs: [*] No user cron jobs found [*] Checking for writable cron files... ═══════════════════════════════════════════════════════════════════════ 6. LINUX CAPABILITIES ═══════════════════════════════════════════════════════════════════════ [*] Files with capabilities: Capability: /usr/bin/ping = cap_net_admin,cap_net_raw+p Capability: /usr/bin/newgidmap = cap_setgid+ep [!!!] CRITICAL: Dangerous capability found: /usr/bin/newgidmap = cap_setgid+ep Capability: /usr/bin/newuidmap = cap_setuid+ep [!!!] CRITICAL: Dangerous capability found: /usr/bin/newuidmap = cap_setuid+ep Capability: /usr/bin/gnome-keyring-daemon = cap_ipc_lock+ep Capability: /usr/sbin/mtr = cap_net_raw+ep Capability: /usr/sbin/arping = cap_net_raw+p Capability: /usr/sbin/clockdiff = cap_net_raw+p Capability: /usr/sbin/suexec = cap_setgid,cap_setuid+ep [!!!] CRITICAL: Dangerous capability found: /usr/sbin/suexec = cap_setgid,cap_setuid+ep Capability: /usr/sbin/jk_chrootsh = cap_sys_chroot+ep ═══════════════════════════════════════════════════════════════════════ 7. ENVIRONMENT VARIABLES ═══════════════════════════════════════════════════════════════════════ [*] PATH variable: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin [*] LD_PRELOAD: Not set [*] LD_LIBRARY_PATH: Not set [*] All environment variables: LANG=C NOTIFY_SOCKET=/run/systemd/notify PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin PWD=/var/www/html/mpc_emas/public/uploads/permohonan/5914/sokongan SHLVL=2 _=/usr/bin/env ═══════════════════════════════════════════════════════════════════════ 8. NETWORK INFORMATION ═══════════════════════════════════════════════════════════════════════ [*] Network interfaces: [*] Listening ports: [*] Network connections: ═══════════════════════════════════════════════════════════════════════ 9. PROCESSES AND SERVICES ═══════════════════════════════════════════════════════════════════════ [*] Running processes (as root): root 1 0.0 0.0 191560 4536 ? Ss Jun11 26:24 /usr/lib/systemd/systemd --switched-root --system --deserialize 22 root 2 0.0 0.0 0 0 ? S Jun11 0:03 [kthreadd] root 4 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/0:0H] root 6 0.0 0.0 0 0 ? S Jun11 11:55 [ksoftirqd/0] root 7 0.0 0.0 0 0 ? S Jun11 37:52 [migration/0] root 8 0.0 0.0 0 0 ? S Jun11 0:00 [rcu_bh] root 9 0.1 0.0 0 0 ? S Jun11 291:12 [rcu_sched] root 10 0.0 0.0 0 0 ? S< Jun11 0:00 [lru-add-drain] root 13 0.0 0.0 0 0 ? S Jun11 38:29 [migration/1] root 14 0.0 0.0 0 0 ? S Jun11 10:25 [ksoftirqd/1] root 16 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/1:0H] root 18 0.0 0.0 0 0 ? S Jun11 38:24 [migration/2] root 19 0.0 0.0 0 0 ? S Jun11 9:21 [ksoftirqd/2] root 21 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/2:0H] root 23 0.0 0.0 0 0 ? S Jun11 37:49 [migration/3] root 24 0.0 0.0 0 0 ? S Jun11 9:29 [ksoftirqd/3] root 26 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/3:0H] root 28 0.0 0.0 0 0 ? S Jun11 37:44 [migration/4] root 29 0.0 0.0 0 0 ? S Jun11 9:27 [ksoftirqd/4] root 31 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/4:0H] [*] All processes: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.0 191560 4536 ? Ss Jun11 26:24 /usr/lib/systemd/systemd --switched-root --system --deserialize 22 root 2 0.0 0.0 0 0 ? S Jun11 0:03 [kthreadd] root 4 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/0:0H] root 6 0.0 0.0 0 0 ? S Jun11 11:55 [ksoftirqd/0] root 7 0.0 0.0 0 0 ? S Jun11 37:52 [migration/0] root 8 0.0 0.0 0 0 ? S Jun11 0:00 [rcu_bh] root 9 0.1 0.0 0 0 ? S Jun11 291:12 [rcu_sched] root 10 0.0 0.0 0 0 ? S< Jun11 0:00 [lru-add-drain] root 13 0.0 0.0 0 0 ? S Jun11 38:29 [migration/1] root 14 0.0 0.0 0 0 ? S Jun11 10:25 [ksoftirqd/1] root 16 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/1:0H] root 18 0.0 0.0 0 0 ? S Jun11 38:24 [migration/2] root 19 0.0 0.0 0 0 ? S Jun11 9:21 [ksoftirqd/2] root 21 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/2:0H] root 23 0.0 0.0 0 0 ? S Jun11 37:49 [migration/3] root 24 0.0 0.0 0 0 ? S Jun11 9:29 [ksoftirqd/3] root 26 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/3:0H] root 28 0.0 0.0 0 0 ? S Jun11 37:44 [migration/4] root 29 0.0 0.0 0 0 ? S Jun11 9:27 [ksoftirqd/4] root 31 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/4:0H] root 33 0.0 0.0 0 0 ? S Jun11 38:38 [migration/5] root 34 0.0 0.0 0 0 ? S Jun11 9:15 [ksoftirqd/5] root 36 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/5:0H] root 38 0.0 0.0 0 0 ? S Jun11 39:11 [migration/6] root 39 0.0 0.0 0 0 ? S Jun11 10:17 [ksoftirqd/6] root 41 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/6:0H] root 43 0.0 0.0 0 0 ? S Jun11 38:44 [migration/7] root 44 0.0 0.0 0 0 ? S Jun11 9:20 [ksoftirqd/7] root 46 0.0 0.0 0 0 ? S< Jun11 0:00 [kworker/7:0H] [*] Services status: UNIT LOAD ACTIVE SUB DESCRIPTION abrt-oops.service loaded active running ABRT kernel log watcher abrt-xorg.service loaded active running ABRT Xorg log watcher abrtd.service loaded active running ABRT Automated Bug Reporting Tool accounts-daemon.service loaded active running Accounts Service anydesk.service loaded active running AnyDesk atd.service loaded active running Job spooling tools auditd.service loaded active running Security Auditing Service avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack bolt.service loaded active running Thunderbolt system service chronyd.service loaded active running NTP client/server colord.service loaded active running Manage, Install and Generate Color Profiles crond.service loaded active running Command Scheduler cups.service loaded active running CUPS Printing Service dbus.service loaded active running D-Bus System Message Bus dovecot.service loaded active running Dovecot IMAP/POP3 email server fail2ban.service loaded active running Fail2Ban Service firewalld.service loaded active running firewalld - dynamic firewall daemon fprintd.service loaded active running Fingerprint Authentication Daemon fwupd.service loaded active running Firmware update daemon gdm.service loaded active running GNOME Display Manager gssproxy.service loaded active running GSSAPI Proxy Daemon httpd.service loaded active running The Apache HTTP Server ksmtuned.service loaded active running Kernel Samepage Merging (KSM) Tuning Daemon libstoragemgmt.service loaded active running libstoragemgmt plug-in server daemon libvirtd.service loaded active running Virtualization daemon lookup-domain.service loaded active running SYSV: Daemon for quickly looking up Virtualmin servers from procmail lvm2-lvmetad.service loaded active running LVM2 metadata daemon mariadb.service loaded active running MariaDB database server mcelog.service loaded active running Machine Check Exception Logging Daemon ═══════════════════════════════════════════════════════════════════════ 10. PASSWORD FILES ═══════════════════════════════════════════════════════════════════════ [*] Checking /etc/passwd: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:996:User for polkitd:/:/sbin/nologin colord:x:997:995:User for colord:/var/lib/colord:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin hacluster:x:189:189:cluster user:/home/hacluster:/sbin/nologin unbound:x:996:994:Unbound DNS resolver:/etc/unbound:/sbin/nologin libstoragemgmt:x:995:993:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash saslauth:x:994:76:Saslauthd user:/run/saslauthd:/sbin/nologin geoclue:x:993:990:User for geoclue:/var/lib/geoclue:/sbin/nologin setroubleshoot:x:992:989::/var/lib/setroubleshoot:/sbin/nologin rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin qemu:x:107:107:qemu user:/:/sbin/nologin radvd:x:75:75:radvd user:/:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin chrony:x:991:988::/var/lib/chrony:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:42::/var/lib/gdm:/sbin/nologin gnome-initial-setup:x:990:985::/run/gnome-initial-setup/:/sbin/nologin avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin mpcuser:x:1000:1000:mpcuser:/home/mpcuser:/bin/bash apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin saned:x:989:983:SANE scanner daemon user:/usr/share/sane:/sbin/nologin gluster:x:988:982:GlusterFS daemons:/run/gluster:/sbin/nologin clamupdate:x:987:981:Clamav database update user:/var/lib/clamav:/sbin/nologin opendkim:x:986:979:OpenDKIM Milter:/var/run/opendkim:/sbin/nologin postgrey:x:985:978:Postfix Greylisting Service:/var/spool/postfix/postgrey:/sbin/nologin grmilter:x:984:977:Greylist-milter user:/var/lib/milter-greylist:/sbin/nologin dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin dovenull:x:983:976:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin clamscan:x:982:975:Clamav scanner user:/:/sbin/nologin emas:x:1001:1001::/home/emas:/bin/bash [!] WARNING: Users with UID 0 found: root:x:0:0:root:/root:/bin/bash sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt operator:x:11:0:operator:/root:/sbin/nologin [*] Checking /etc/shadow: [*] Shadow file not readable (normal) [*] Checking for backup password files: [!] WARNING: Backup password file found: /etc/passwd- root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:997:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:996:User for polkitd:/:/sbin/nologin colord:x:997:995:User for colord:/var/lib/colord:/sbin/nologin abrt:x:173:173::/etc/abrt:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin ═══════════════════════════════════════════════════════════════════════ 11. SSH KEYS AND CONFIGURATION ═══════════════════════════════════════════════════════════════════════ [*] SSH authorized_keys: [*] SSH private keys: [*] SSH configuration: [*] Root SSH keys: ═══════════════════════════════════════════════════════════════════════ 12. HISTORY FILES ═══════════════════════════════════════════════════════════════════════ [*] Bash history: [*] No bash history found [*] Other history files: ═══════════════════════════════════════════════════════════════════════ 13. WRITABLE SYSTEM FILES ═══════════════════════════════════════════════════════════════════════ [*] Checking for writable /etc/passwd: [*] Checking for writable /etc/shadow: [*] Checking for writable /etc/sudoers: [*] Checking for writable /etc/sudoers.d: ═══════════════════════════════════════════════════════════════════════ 14. DOCKER AND CONTAINERS ═══════════════════════════════════════════════════════════════════════ [*] Docker not found ═══════════════════════════════════════════════════════════════════════ 15. KERNEL VERSION ═══════════════════════════════════════════════════════════════════════ [*] Kernel version: 3.10.0-1160.80.1.el7.x86_64 [*] Kernel architecture: x86_64 [*] Checking for known vulnerable kernel versions... [!] WARNING: Potential Dirty COW vulnerability (CVE-2016-5195) ═══════════════════════════════════════════════════════════════════════ 16. NFS SHARES ═══════════════════════════════════════════════════════════════════════ [*] NFS exports: [*] Mounted NFS shares: sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) ═══════════════════════════════════════════════════════════════════════ 17. WRITABLE SCRIPTS IN PATH ═══════════════════════════════════════════════════════════════════════ [*] Checking for writable scripts in PATH directories... ═══════════════════════════════════════════════════════════════════════ 18. SYSTEMD SERVICES ═══════════════════════════════════════════════════════════════════════ [*] Writable systemd service files: [*] User systemd services: [*] Writable user systemd services: ═══════════════════════════════════════════════════════════════════════ 19. SYSTEMD TIMERS ═══════════════════════════════════════════════════════════════════════ [*] System timers: NEXT LEFT LAST PASSED UNIT ACTIVATES Sat 2025-11-08 16:41:25 +08 2h 26min left Fri 2025-11-07 16:41:25 +08 21h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service Sat 2025-11-08 16:41:25 +08 2h 26min left Fri 2025-11-07 16:41:25 +08 21h ago etckeeper.timer etckeeper.service 2 timers listed. Pass --all to see loaded but inactive timers, too. [*] Writable timer files: ═══════════════════════════════════════════════════════════════════════ 20. MOUNTED FILESYSTEMS ═══════════════════════════════════════════════════════════════════════ [*] Mounted filesystems: /dev/vda2 on / type xfs (rw,relatime,attr2,inode64,usrquota,grpquota) devtmpfs on /dev type devtmpfs (rw,nosuid,size=16373884k,nr_inodes=4093471,mode=755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) mqueue on /dev/mqueue type mqueue (rw,relatime) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=8041) sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_prio,net_cls) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) configfs on /sys/kernel/config type configfs (rw,relatime) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) debugfs on /sys/kernel/debug type debugfs (rw,relatime) tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=3277932k,mode=700) gvfsd-fuse on /run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0) tmpfs on /run/user/1001 type tmpfs (rw,nosuid,nodev,relatime,size=3277932k,mode=700,uid=1001,gid=1001) gvfsd-fuse on /run/user/1001/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1001,group_id=1001) /dev/vda1 on /boot type xfs (rw,relatime,attr2,inode64,noquota) /dev/vda5 on /home type xfs (rw,relatime,attr2,inode64,usrquota,grpquota) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) /dev/vda2 on /tmp type xfs (rw,relatime,attr2,inode64,usrquota,grpquota) /dev/vda2 on /var/tmp type xfs (rw,relatime,attr2,inode64,usrquota,grpquota) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime) [*] Checking for noexec, nosuid, nodev flags: devtmpfs on /dev type devtmpfs (rw,nosuid,size=16373884k,nr_inodes=4093471,mode=755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_prio,net_cls) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=3277932k,mode=700) gvfsd-fuse on /run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0) tmpfs on /run/user/1001 type tmpfs (rw,nosuid,nodev,relatime,size=3277932k,mode=700,uid=1001,gid=1001) gvfsd-fuse on /run/user/1001/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1001,group_id=1001) [*] Checking for interesting mounts: devtmpfs on /dev type devtmpfs (rw,nosuid,size=16373884k,nr_inodes=4093471,mode=755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=8041) sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=3277932k,mode=700) tmpfs on /run/user/1001 type tmpfs (rw,nosuid,nodev,relatime,size=3277932k,mode=700,uid=1001,gid=1001) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime) ═══════════════════════════════════════════════════════════════════════ 21. INIT SCRIPTS ═══════════════════════════════════════════════════════════════════════ [*] Writable init scripts: ═══════════════════════════════════════════════════════════════════════ 22. WRITABLE CRON FILES ═══════════════════════════════════════════════════════════════════════ ═══════════════════════════════════════════════════════════════════════ 23. SUDO VERSION CHECK ═══════════════════════════════════════════════════════════════════════ [*] Sudo version: Sudo version 1.8.23 [!!!] CRITICAL: Vulnerable to CVE-2021-3156 (Baron Samedit)! [!] WARNING: Check for known sudo vulnerabilities (CVE-2019-14287, CVE-2021-3156, etc.) ═══════════════════════════════════════════════════════════════════════ 24. ADDITIONAL VULNERABILITY CHECKS ═══════════════════════════════════════════════════════════════════════ [*] pkexec found - checking for PwnKit (CVE-2021-4034)... [*] pkexec version: pkexec version 0.112 [!] WARNING: Check for PwnKit vulnerability (CVE-2021-4034) [*] Checking for screen/tmux sessions... ═══════════════════════════════════════════════════════════════════════ 25. SUMMARY AND RECOMMENDATIONS ═══════════════════════════════════════════════════════════════════════ [*] Report saved to: privilege_escalation_report_20251108_141504.txt [*] Exploit methods saved to: exploit_methods_20251108_141504.txt ═══════════════════════════════════════════════════════════════════════ SUMMARY ═══════════════════════════════════════════════════════════════════════ [!] WARNING: 1. Review the exploit methods file: exploit_methods_20251108_141504.txt [!] WARNING: 2. Research kernel exploits for: 3.10.0-1160.80.1.el7.x86_64 [!] WARNING: 3. Check for known CVEs in installed software versions [!] WARNING: 4. Test SUID binaries for exploitation methods [!] WARNING: 5. Verify sudo permissions and test for bypasses [!] WARNING: 6. Check for misconfigured services and cron jobs [!] WARNING: 7. Look for writable system files and directories [!] WARNING: 8. Check for exposed credentials in history files [!] WARNING: 9. Test Docker/container escape if applicable [!] WARNING: 10. Verify network services for additional attack surface