InfoSec LAB

MonitorsThree_Beyond

Created: 2 min read

Beyond

This is the beyond page that an additional post enumeration and assessment are conducted as the root account after compromising the target system.

Service

root@monitorsthree:~/scripts# systemctl list-units | grep -i running | awk '{print $1}'
proc-sys-fs-binfmt_misc.automount
docker-c6f014fbbd517eeea9c926a31b1aa25f238887c8fe948e8448f98cc578a98efd.scope
init.scope
session-c2.scope
auditd.service
cactid.service
containerd.service
cron.service
dbus.service
docker.service
getty@tty1.service
irqbalance.service
mariadb.service
ModemManager.service
mono-xsp4.service
multipathd.service
networkd-dispatcher.service
nginx.service
open-vm-tools.service
php8.3-fpm.service
polkit.service
rsyslog.service
ssh.service
systemd-journald.service
systemd-logind.service
systemd-networkd.service
systemd-resolved.service
systemd-timesyncd.service
systemd-udevd.service
udisks2.service
upower.service
user@1000.service
vgauth.service
dbus.socket
docker.socket
multipathd.socket
syslog.socket
systemd-journald-audit.socket
systemd-journald-dev-log.socket
systemd-journald.socket
systemd-networkd.socket
systemd-udevd-control.socket
systemd-udevd-kernel.socket

Scripts

root@monitorsthree:~/scripts# ll
total 20
drwxr-xr-x 3 root root 4096 Aug 24 23:02 ./
drwx------ 7 root root 4096 Aug 25 19:48 ../
-rwxr-xr-x 1 root root  642 May 19 12:00 cleanup_cacti.sh*
-rwxr-xr-x 1 root root  652 Aug 24 23:02 cleanup_cron.sh*
drwxr-xr-x 4 root root 4096 Aug 18 10:16 duplicati-client/

cleanup_cacti.sh

root@monitorsthree:~/scripts# cat cleanup_cacti.sh
#!/bin/bash
 
DIR="/var/www/html/cacti/resource"
 
KEEP_FILES=("index.php" "script_queries" "script_server" "snmp_queries")
 
for FILE in "$DIR"/*; do
 
    FILENAME=$(basename "$FILE")
 
    FOUND=false
    for KEEP_FILE in "${KEEP_FILES[@]}"; do
        if [[ "$FILENAME" == "$KEEP_FILE" ]]; then
            FOUND=true
            break
        fi
    done
 
    echo "Processing file: $FILENAME"
    if [ "$FOUND" = true ]; then
        echo "File is in the list of files to keep."
    else
        echo "File will be deleted."
    fi
 
    if [ "$FOUND" = false ]; then
        rm -rf "$FILE"
        echo "Deleted file: $FILENAME"
    fi
done

cleanup_cron.sh

root@monitorsthree:~/scripts# cat cleanup_cron.sh
#!/bin/bash
 
DIR="/etc/cron.d/"
 
KEEP_FILES=("cacti" "cleanup_cacti" "cleanup_cron" "php" "e2scrub_all" "duplicati" ".placeholder")
 
for FILE in "$DIR"/*; do
 
    FILENAME=$(basename "$FILE")
 
    FOUND=false
    for KEEP_FILE in "${KEEP_FILES[@]}"; do
        if [[ "$FILENAME" == "$KEEP_FILE" ]]; then
            FOUND=true
            break
        fi
    done
 
    echo "Processing file: $FILENAME"
    if [ "$FOUND" = true ]; then
        echo "File is in the list of files to keep."
    else
        echo "File will be deleted."
    fi
 
    if [ "$FOUND" = false ]; then
        rm -rf "$FILE"
        echo "Deleted file: $FILENAME"
    fi
done

Interactive Graph View

Backlinks