InfoSec LAB

Bashed_Post_Enumeration

Created: 2 min read

/scripts

scriptmanager@bashed:/$ ll
total 92
drwxr-xr-x  23 root          root           4096 Jun  2  2022 ./
drwxr-xr-x  23 root          root           4096 Jun  2  2022 ../
-rw-------   1 root          root            174 Jun 14  2022 .bash_history
drwxr-xr-x   2 root          root           4096 Jun  2  2022 bin/
drwxr-xr-x   3 root          root           4096 Jun  2  2022 boot/
drwxr-xr-x  19 root          root           4140 jan 13 05:53 dev/
drwxr-xr-x  89 root          root           4096 Jun  2  2022 etc/
drwxr-xr-x   4 root          root           4096 Dec  4  2017 home/
lrwxrwxrwx   1 root          root             32 Dec  4  2017 initrd.img -> boot/initrd.img-4.4.0-62-generic
drwxr-xr-x  19 root          root           4096 Dec  4  2017 lib/
drwxr-xr-x   2 root          root           4096 Jun  2  2022 lib64/
drwx------   2 root          root          16384 Dec  4  2017 lost+found/
drwxr-xr-x   4 root          root           4096 Dec  4  2017 media/
drwxr-xr-x   2 root          root           4096 Jun  2  2022 mnt/
drwxr-xr-x   2 root          root           4096 Dec  4  2017 opt/
dr-xr-xr-x 174 root          root              0 jan 13 05:53 proc/
drwx------   3 root          root           4096 Jun  2  2022 root/
drwxr-xr-x  18 root          root            520 jan 13 06:25 run/
drwxr-xr-x   2 root          root           4096 Dec  4  2017 sbin/
drwxrwxr--   2 scriptmanager scriptmanager  4096 Jun  2  2022 scripts/
drwxr-xr-x   2 root          root           4096 Feb 15  2017 srv/
dr-xr-xr-x  13 root          root              0 jan 13 14:24 sys/
drwxrwxrwt  10 root          root           4096 jan 13 14:24 tmp/
drwxr-xr-x  10 root          root           4096 Dec  4  2017 usr/
drwxr-xr-x  12 root          root           4096 Jun  2  2022 var/
lrwxrwxrwx   1 root          root             29 Dec  4  2017 vmlinuz -> boot/vmlinuz-4.4.0-62-generic

I found a very unusual directory at the system root; /scripts it’s also owned by scriptmanager:scriptmanager

I currently have a session as the scriotmanager user, so I am able to check on this directory thoroughly

scriptmanager@bashed:/scripts$ ll
total 16
drwxrwxr--  2 scriptmanager scriptmanager 4096 Jun  2  2022 ./
drwxr-xr-x 23 root          root          4096 Jun  2  2022 ../
-rw-r--r--  1 scriptmanager scriptmanager   58 Dec  4  2017 test.py
-rw-r--r--  1 root          root            12 jan 13 14:56 test.txt

There are 2 files within the directory; /scripts

scriptmanager@bashed:/scripts$ cat test.txt
testing 123!
 
scriptmanager@bashed:/scripts$ cat test.py
f = open("test.txt", "w")
f.write("testing 123!")
f.close

The /scripts/test.py is a Python script that writes a string, “testing 123!”, out to a file, test.txt, in the current working directory

Interactive Graph View

Backlinks