InfoSec LAB

Chemistry_Beyond

Created: 3 min read

Beyond

This is the beyond page that an additional post enumeration and assessment are conducted as the root user after compromising the target system.

Cron

root@chemistry:~# crontab -l
# Edit this file to introduce tasks to be run by cron.
# 
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
# 
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').
# 
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
# 
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
# 
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
# 
# For more information see the manual pages of crontab(5) and cron(8)
# 
# m h  dom mon dow   command
*/5 * * * * find /home/app/uploads -type f -mmin +10 -exec rm -f {} \;
*/30 * * * * sqlite3 -line /home/app/instance/database.db "DELETE FROM structure WHERE id >= 0;"

monitoring_site

root@chemistry:/opt/monitoring_site# ll
total 24
drwx------ 5 root root 4096 Oct  9 20:27 ./
drwxr-xr-x 3 root root 4096 Jun 16 00:01 ../
-rwx------ 1 root root  900 Oct  9 20:27 app.py*
drwx------ 2 root root 4096 Jun  9 18:47 data/
drwx------ 5 root root 4096 Jun 16 17:13 static/
drwx------ 2 root root 4096 Oct  9 20:28 templates/

app.py

root@chemistry:/opt/monitoring_site# cat app.py 
import aiohttp
import aiohttp_jinja2
import jinja2
import os
import json
import re
from aiohttp import web
import subprocess
 
async def list_services(request):
    # Logic to retrieve and return the list of services
    services = subprocess.check_output(['service', '--status-all']).decode('utf-8').split('\n')
    return web.json_response({"services": services})
 
async def index(request):
    # Load sample data from a JSON file
    with open('data/data.json') as f:
        data = json.load(f)
 
    return aiohttp_jinja2.render_template('index.html', request, data)
 
app = web.Application()
aiohttp_jinja2.setup(app, loader=jinja2.FileSystemLoader('templates'))
 
app.router.add_get('/', index)
app.router.add_static('/assets/', path='static/', follow_symlinks=True)
app.router.add_get('/list_services', list_services)
 
if __name__ == '__main__':
    web.run_app(app, host='127.0.0.1', port=8080)

data

root@chemistry:/opt/monitoring_site# ll data
total 12
drwx------ 2 root root 4096 Jun  9 18:47 ./
drwx------ 5 root root 4096 Oct  9 20:27 ../
-rwx------ 1 root root  569 Jun  9 18:46 data.json*
root@chemistry:/opt/monitoring_site# cat data/data.json 
{
    "earnings": {
        "January": 1500,
        "February": 2000,
        "March": 2500,
        "April": 3000,
        "May": 3500,
        "June": 4000,
        "July": 4500,
        "August": 5000,
        "September": 5500
    },
    "views": {
        "January": 25000,
        "February": 30000,
        "March": 35000,
        "April": 40000,
        "May": 45000,
        "June": 50000,
        "July": 55000,
        "August": 60000,
        "September": 65000
    },
    "ad_clicks": {
        "Ad1": 650,
        "Ad2": 200,
        "Ad3": 1000
    }
}

Interactive Graph View

Backlinks