The Shahzada: Linux Privilege Escalation
Tags
attack-pattern: Data Cron - T1053.003 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Connection Proxy - T1090 Sudo - T1169
Show in Graph
Common Information
Type Value
UUID 62778bbf-455f-4dbb-a90a-0e23c029ac17
Fingerprint 95119c5e67e30a81
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 25, 2021, 4:26 p.m.
Added to db Jan. 18, 2023, 9 p.m.
Last updated Nov. 17, 2024, 10:43 p.m.
Headline Linux Privilege Escalation
Title The Shahzada: Linux Privilege Escalation
Detected Hints/Tags/Attributes 56/1/33
Source URLs
Redirection Url
Details Source https://blog.theshahzada.com/2021/01/linux-privilege-escalation.html
URL Provider
Details Provider Source level domain
Details theshahzada.com blog.theshahzada.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
identity.pub
Details Domain 3 
mail.info
Details Domain 13 
config.inc
Details Domain 4 
www.howtoforge.com
Details File 1 
identity.pub
Details File 49 
id_rsa.pub
Details File 4 
id_dsa.pub
Details File 2 
ssh_host_dsa_key.pub
Details File 3 
ssh_host_rsa_key.pub
Details File 1 
ssh_host_key.pub
Details File 91 
access.log
Details File 49 
error.log
Details File 115 
auth.log
Details File 1 
chttp.log
Details File 12 
dpkg.log
Details File 5 
yum.log
Details File 1 
miniserv.log
Details File 3 
daemon.log
Details File 8 
kern.log
Details File 6 
mail.inf
Details File 5 
mail.log
Details File 13 
config.inc
Details File 2 
anaconda-ks.cfg
Details File 1 
network-secret.txt
Details File 5 
shadow.txt
Details File 124 
os.sys
Details File 1 
fpipe.exe
Details IPv4 10 
192.168.1.7
Details IPv4 1 
10.2.2.222
Details IPv4 27 
192.168.1.5
Details IPv4 1441 
127.0.0.1
Details IPv4 1 
10.1.1.251
Details Url 1 
http://www.howtoforge.com/port-forwarding-with-rinetd-on-debian-etch