Beyond
This is the beyond page that an additional post enumeration and assessment are conducted as the root user after compromising the target system.
Cron
root@trickster:~# crontab -l | grep -v '^#'
*/5 * * * * /root/scripts/clean_up/clean_up.sh
*/2 * * * * /root/changedetection/backup_restore.sh > /dev/null
*/20 * * * * /usr/bin/docker restart changedetection.ioclean_up.sh
oot@trickster:~# cat /root/scripts/clean_up/clean_up.sh
#!/bin/bash
themes_dir="/var/www/prestashop/themes"
# List of files and folders to exclude
excluded=("8342d42b17603f2993b0-chunk.js" "classic" "core.js" "debug.tpl" "index.php" "javascript.tpl" "_libraries" "package-lock.json" "preview-fallback.png")
for item in "$themes_dir"/*; do
# Check if the item is not in the excluded list
if ! [[ " ${excluded[@]} " =~ " $(basename "$item") " ]]; then
# Remove the item
rm -r "$item"
echo "Removed: $item"
fi
done
echo "Cleanup complete."backup_restore.sh
root@trickster:~# cat /root/changedetection/backup_restore.sh
#!/bin/bash
# Directory and file paths
backup_dir="/root/changedetection/data/Backups/"
restore_dir="/root/changedetection/restore/"
file1="changedetection-backup-20240830194841.zip"
file2="changedetection-backup-20240830202524.zip"
# Expected md5sums
md5_file1="fa62d835b7b3bf5c54367f4caa03af1a"
md5_file2="16fdbb5060fe68a55556fbecb7710392"
# Step 1: Check if backup directory exists, if not, create it and copy the files
if [ ! -d "$backup_dir" ]; then
echo "Backup directory not found, creating it and copying files."
mkdir -p "$backup_dir"
cp "$restore_dir$file1" "$backup_dir"
cp "$restore_dir$file2" "$backup_dir"
echo "Files copied to $backup_dir. Exiting."
exit 0
fi
# Step 2: Check if the files exist and their md5sums match
check_md5() {
file_path="$1"
expected_md5="$2"
if [ -f "$file_path" ]; then
actual_md5=$(md5sum "$file_path" | awk '{print $1}')
if [ "$actual_md5" == "$expected_md5" ]; then
echo "MD5 for $file_path matches."
return 0
else
echo "MD5 for $file_path does NOT match."
return 1
fi
else
echo "$file_path does NOT exist."
return 1
fi
}
# Check for both files
needs_copy=false
check_md5 "$backup_dir$file1" "$md5_file1" || needs_copy=true
check_md5 "$backup_dir$file2" "$md5_file2" || needs_copy=true
# Step 3: If any file is missing or has wrong md5sum, copy both files
if $needs_copy; then
echo "Copying files due to missing or incorrect md5sum."
cp "$restore_dir$file1" "$backup_dir"
cp "$restore_dir$file2" "$backup_dir"
echo "Files copied to $backup_dir."
else
echo "Both files are present and their md5sums match. No action needed."
fiDocker
root@trickster:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ae5c137aa8ef changedetectionio:latest "python ./changedete…" 12 days ago Up 15 minutes 5000/tcp changedetection.iochangedetection.io
root@trickster:~# docker inspect changedetection.io
[
{
"Id": "ae5c137aa8efc8eee17e3f5e2f93594b6bfc9ea2d7b350faba36e80d588aa47c",
"Created": "2024-09-10T09:18:31.303815158Z",
"Path": "python",
"Args": [
"./changedetection.py",
"-d",
"/datastore"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 89155,
"ExitCode": 0,
"Error": "",
"StartedAt": "2024-09-22T10:00:11.913447531Z",
"FinishedAt": "2024-09-22T10:00:11.278388758Z"
},
"Image": "sha256:de5ae2176ddaaf7d45e56bdda8721ae56cc46d366ed50595adac3274c2220b13",
"ResolvConfPath": "/var/lib/docker/containers/ae5c137aa8efc8eee17e3f5e2f93594b6bfc9ea2d7b350faba36e80d588aa47c/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/ae5c137aa8efc8eee17e3f5e2f93594b6bfc9ea2d7b350faba36e80d588aa47c/hostname",
"HostsPath": "/var/lib/docker/containers/ae5c137aa8efc8eee17e3f5e2f93594b6bfc9ea2d7b350faba36e80d588aa47c/hosts",
"LogPath": "/var/lib/docker/containers/ae5c137aa8efc8eee17e3f5e2f93594b6bfc9ea2d7b350faba36e80d588aa47c/ae5c137aa8efc8eee17e3f5e2f93594b6bfc9ea2d7b350faba36e80d588aa47c-json.log",
"Name": "/changedetection.io",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/root/changedetection/data:/datastore"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
33,
161
],
"CapAdd": null,
"CapDrop": [
"MKNOD"
],
"CgroupnsMode": "private",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": [],
"BlkioDeviceWriteBps": [],
"BlkioDeviceReadIOps": [],
"BlkioDeviceWriteIOps": [],
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/3646f74596d79087403b037b903959f7bcaa1b016d578a7fa36fa0d2d0016ba4-init/diff:/var/lib/docker/overlay2/a22eb96c089b0ffb25522637d7695cd4983566f8eac36f8cdaa6034e1f5195c4/diff:/var/lib/docker/overlay2/dc442a972d33ca966baf969ca0f1d655949a4d1a31c6f24881f54de717c24f4a/diff:/var/lib/docker/overlay2/9174c92c61e4b4aeed7affc4335494260fac17fdf3119ba6ff4eb8edab80d146/diff:/var/lib/docker/overlay2/30e4ca09a32735682bf90d204a237aad10f1e3e2974ee3058130f87465af23d5/diff:/var/lib/docker/overlay2/43281f2d82ee16fefe777a02f7f05a43bb272f570a57e4b147aaca92c1dc1e5d/diff:/var/lib/docker/overlay2/43e75ac406c0972fccc9e0c295b4aa29601751f65599abc8d094da815e078de6/diff:/var/lib/docker/overlay2/db8c168f488f3fc50d99b74f8b607c0714271a5a60c7f379d0c5090c6f291ec8/diff:/var/lib/docker/overlay2/82346c21f0a804ebe30384e8e7693bb7cee75b540ca3b3476fecc2948bc68cd6/diff:/var/lib/docker/overlay2/5dbb76cfd77efe549f4d514e2e18c3740b3a542533e118d56a8419bc766ca95e/diff:/var/lib/docker/overlay2/70a85992fc5bfff046d7481be1df8b20fa001012d08abae6c82d2eca0c04eccb/diff:/var/lib/docker/overlay2/5cd2b238900608652c6a736860d5bfacb553303dbe86d3020250a57b37f1d6b1/diff:/var/lib/docker/overlay2/75e017e46f911cc06d6322136c92b933d3a67e793289cc97ff9dbdbf7f72e838/diff:/var/lib/docker/overlay2/1ce1e5985c379c156ab7ecbe94ef238ee9cbdd12794c38b1beeb952e87c1d654/diff",
"MergedDir": "/var/lib/docker/overlay2/3646f74596d79087403b037b903959f7bcaa1b016d578a7fa36fa0d2d0016ba4/merged",
"UpperDir": "/var/lib/docker/overlay2/3646f74596d79087403b037b903959f7bcaa1b016d578a7fa36fa0d2d0016ba4/diff",
"WorkDir": "/var/lib/docker/overlay2/3646f74596d79087403b037b903959f7bcaa1b016d578a7fa36fa0d2d0016ba4/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "bind",
"Source": "/root/changedetection/data",
"Destination": "/datastore",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "ae5c137aa8ef",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"5000/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D",
"PYTHON_VERSION=3.10.14",
"PYTHON_PIP_VERSION=23.0.1",
"PYTHON_SETUPTOOLS_VERSION=65.5.1",
"PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/dbf0c85f76fb6e1ab42aa672ffca6f0a675d9ee4/public/get-pip.py",
"PYTHON_GET_PIP_SHA256=dfe9fd5c28dc98b5ac17979a953ea550cec37ae1b47a5116007395bfacff2ab9",
"PYTHONUNBUFFERED=1",
"PYTHONPATH=/usr/local",
"LOGGER_LEVEL="
],
"Cmd": [
"python",
"./changedetection.py",
"-d",
"/datastore"
],
"Image": "changedetectionio:latest",
"Volumes": null,
"WorkingDir": "/app",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "8cd614e683046ad26af1cf99e2e51af519b2f96aff8f1015e5a9f638d95b2cc4",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"5000/tcp": null
},
"SandboxKey": "/var/run/docker/netns/8cd614e68304",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "d75047d2f3ff69e4711ad54a6ead052292cc811c406b4a17da7039ac7145c2c4",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "0d4969b3da5693d525fb9324a8f259176470ce73d19fb462eadec5233c5a3964",
"EndpointID": "d75047d2f3ff69e4711ad54a6ead052292cc811c406b4a17da7039ac7145c2c4",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]