HackTool.Linux.Enum.VSNW18H22

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Other Details

This Hacking Tool does the following:

• It displays the following information on the console:
  • Kernel information
  • Specific release information
  • Hostname
  • Current user/group information
  • Users that have previously logged onto the system
  • Logged on users
  • Group memberships
  • Admin users
  • Contents of /etc/passwd
  • Super user accounts
  • Accounts that have recently used sudo
  • Permissions on /home directories
  • Environment information
  • Path information
  • Available shells
  • Current umask value
  • umask value as specified in /etc/login.defs
  • Password and storage information
  • Cron jobs
  • Crontab contents
  • Systemd timers
  • Network and IP information
  • ARP history
  • Nameservers
  • Default route
  • Listening TCP
  • Listening UDP
  • Running processes
  • Process binaries and associated permissions
  • /etc/init.d/ binary permissions
  • /etc/init/ config file permissions
  • /lib/systemd/* config file permissions
  • Sudo version
  • Postgres version
  • Unusual file locations
  • Installed compilers
  • Permissions on sensitive files
  • SUID files
  • SGID files
  • Files with POSIX capabilities set
  • All *.conf files in /etc
  • Current user's history files
  • Location and contents of .bash_history files
  • Location and permissions of .bak files
  • Any interesting mail in /var/mail