Beyond
This is the beyond page that an additional post enumeration and assessment are conducted as the root user after CVE-2020-7247 the target system.
FlaskBB
root@bratarina:/root# systemctl status gunicorn.service
systemctl status gunicorn.service
● gunicorn.service - gunicorn daemon
Loaded: loaded (/etc/systemd/system/gunicorn.service; enabled; vendor preset:
Active: active (running) since Fri 2024-08-02 12:49:46 EDT; 7 months 20 days
Main PID: 676 (gunicorn)
Tasks: 5 (limit: 2318)
CGroup: /system.slice/gunicorn.service
├─ 676 /opt/flaskbb/.venv/bin/python2 /opt/flaskbb/.venv/bin/gunicorn
├─1247 /opt/flaskbb/.venv/bin/python2 /opt/flaskbb/.venv/bin/gunicorn
├─1248 /opt/flaskbb/.venv/bin/python2 /opt/flaskbb/.venv/bin/gunicorn
├─1259 /opt/flaskbb/.venv/bin/python2 /opt/flaskbb/.venv/bin/gunicorn
└─1260 /opt/flaskbb/.venv/bin/python2 /opt/flaskbb/.venv/bin/gunicorn/opt/flaskbb
root@bratarina:/root# ll /opt/flaskbb
total 168K
4.0K drwxr-xr-x 14 root root 4.0K Aug 2 2024 .
4.0K -rw-r--r-- 1 root root 3.4K Aug 2 2024 flaskbb.cfg
4.0K drwxr-xr-x 17 root root 4.0K Jul 6 2020 flaskbb
4.0K -rwxr-xr-x 1 root root 275 Jul 6 2020 run-gunicorn.sh
4.0K drwxr-xr-x 4 root root 4.0K Jul 6 2020 ..
4.0K -rw-r--r-- 1 root root 400 Jul 6 2020 wsgi.pyc
4.0K drwxr-xr-x 2 root root 4.0K Jul 6 2020 work
4.0K drwxr-xr-x 2 root root 4.0K Jul 6 2020 migrations
4.0K drwxr-xr-x 3 root root 4.0K Jul 6 2020 whoosh_index
4.0K drwxr-xr-x 2 root root 4.0K Jul 6 2020 instance
4.0K drwxr-xr-x 2 root root 4.0K Jul 6 2020 logs
4.0K drwxr-xr-x 2 root root 4.0K Jul 6 2020 FlaskBB.egg-info
4.0K drwxr-xr-x 6 root root 4.0K Jul 6 2020 .venv
4.0K drwxr-xr-x 8 root root 4.0K Jul 6 2020 .git
4.0K -rw-r--r-- 1 root root 764 Jul 6 2020 tox.ini
4.0K -rw-r--r-- 1 root root 16 Jul 6 2020 requirements-cov.txt
4.0K -rw-r--r-- 1 root root 112 Jul 6 2020 requirements-dev.txt
4.0K -rw-r--r-- 1 root root 128 Jul 6 2020 requirements-test.txt
4.0K -rw-r--r-- 1 root root 78 Jul 6 2020 requirements-travis.txt
4.0K -rw-r--r-- 1 root root 968 Jul 6 2020 requirements.txt
4.0K -rw-r--r-- 1 root root 26 Jul 6 2020 setup.cfg
4.0K -rw-r--r-- 1 root root 2.6K Jul 6 2020 setup.py
4.0K drwxr-xr-x 5 root root 4.0K Jul 6 2020 tests
4.0K -rw-r--r-- 1 root root 772 Jul 6 2020 .coveragerc
4.0K -rw-r--r-- 1 root root 1.7K Jul 6 2020 .gitignore
4.0K -rw-r--r-- 1 root root 447 Jul 6 2020 .landscape.yml
4.0K -rw-r--r-- 1 root root 634 Jul 6 2020 .travis.yml
4.0K -rw-r--r-- 1 root root 249 Jul 6 2020 AUTHORS
4.0K -rw-r--r-- 1 root root 2.6K Jul 6 2020 CHANGES
4.0K -rw-r--r-- 1 root root 1.6K Jul 6 2020 LICENSE
4.0K -rw-r--r-- 1 root root 1.8K Jul 6 2020 README.md
4.0K drwxr-xr-x 6 root root 4.0K Jul 6 2020 docs
4.0K -rw-r--r-- 1 root root 339 Jul 6 2020 wsgi.py
4.0K -rw-r--r-- 1 root root 237 Jul 6 2020 .bumpversion.cfg
4.0K -rw-r--r-- 1 root root 325 Jul 6 2020 .editorconfig
0 -rw-r--r-- 1 root root 0 Jul 6 2020 .gitmodules
4.0K drwxr-xr-x 2 root root 4.0K Jul 6 2020 .tx
4.0K -rw-r--r-- 1 root root 1.5K Jul 6 2020 CONTRIBUTING.md
4.0K -rw-r--r-- 1 root root 477 Jul 6 2020 MANIFEST.in
4.0K -rw-r--r-- 1 root root 1.7K Jul 6 2020 Makefile
4.0K -rw-r--r-- 1 root root 1.4K Jul 6 2020 NOTICE
4.0K -rw-r--r-- 1 root root 198 Jul 6 2020 babel.cfg
4.0K -rw-r--r-- 1 root root 553 Jul 6 2020 celery_worker.pyflaskbb.cfg
root@bratarina:/opt/flaskbb# cat flaskbb.cfg
import os
import datetime
from flaskbb.configs.default import DefaultConfig
DEBUG = False
TESTING = False
SERVER_NAME = ""
PREFERRED_URL_SCHEME = "http"
SESSION_COOKIE_SECURE = False
SESSION_COOKIE_HTTPONLY = True
SQLALCHEMY_DATABASE_URI = "postgresql://flaskbb:5d10fe374a597c473843ff711164e32a@127.0.0.1:5432/flaskbb"
SQLALCHEMY_TRACK_MODIFICATIONS = False
SQLALCHEMY_ECHO = False
SECRET_KEY = "62d378ca0bfdb622fa0945173ccdf7e217edc28c40f89329"
WTF_CSRF_ENABLED = True
WTF_CSRF_SECRET_KEY = "c585bbff23597c4b13d2228d32244108553b1a3c963c5283"
LOGIN_VIEW = "auth.login"
REAUTH_VIEW = "auth.reauth"
LOGIN_MESSAGE_CATEGORY = "info"
REFRESH_MESSAGE_CATEGORY = "info"
REMEMBER_COOKIE_NAME = "remember_token"
REMEMBER_COOKIE_DURATION = datetime.timedelta(days=365)
REMEMBER_COOKIE_DOMAIN = None
REMEMBER_COOKIE_SECURE = False
REMEMBER_COOKIE_HTTPONLY = True
WHOOSHEE_DIR = os.path.join(DefaultConfig.basedir, "whoosh_index", DefaultConfig.py_version)
WHOOSHEE_WRITER_TIMEOUT = 2
WHOOSHEE_MIN_STRING_LEN = 3
REDIS_ENABLED = False
REDIS_URL = ""
REDIS_DATABASE = 0
CELERY_BROKER_URL = ""
CELERY_RESULT_BACKEND = ""
RATELIMIT_STORAGE_URL = "memory://"
CACHE_TYPE = "simple"
CACHE_DEFAULT_TIMEOUT = 60
MAIL_SERVER = ""
MAIL_PORT = 25
MAIL_USE_SSL = False
MAIL_USE_TLS = False
MAIL_USERNAME = ""
MAIL_PASSWORD = ""
MAIL_DEFAULT_SENDER = ("FlaskBB Mailer", "noreply@yourdomain")
ADMINS = ["admin@yourdomain"]
LOG_CONF_FILE = None
LOG_PATH = os.path.join(DefaultConfig.basedir, 'logs')
LOG_DEFAULT_CONF = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'standard': {
'format': '%(asctime)s %(levelname)-7s %(name)-25s %(message)s'
},
'advanced': {
'format': '%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'
}
},
'handlers': {
'console': {
'level': 'NOTSET',
'formatter': 'standard',
'class': 'logging.StreamHandler',
},
'flaskbb': {
'level': 'DEBUG',
'formatter': 'standard',
'class': 'logging.handlers.RotatingFileHandler',
'filename': os.path.join(LOG_PATH, 'flaskbb.log'),
'mode': 'a',
'maxBytes': 10485760, # 10MB
'backupCount': 5,
},
'infolog': {
'level': 'INFO',
'formatter': 'standard',
'class': 'logging.handlers.RotatingFileHandler',
'filename': os.path.join(LOG_PATH, 'info.log'),
'mode': 'a',
'maxBytes': 10485760, # 10MB
'backupCount': 5,
},
'errorlog': {
'level': 'ERROR',
'formatter': 'standard',
'class': 'logging.handlers.RotatingFileHandler',
'filename': os.path.join(LOG_PATH, 'error.log'),
'mode': 'a',
'maxBytes': 10485760, # 10MB
'backupCount': 5,
}
},
'loggers': {
'flask.app': {
'handlers': ['infolog', 'errorlog'],
'level': 'INFO',
'propagate': True
},
'flaskbb': {
'handlers': ['console', 'flaskbb'],
'level': 'WARNING',
'propagate': True
},
}
}
USE_DEFAULT_LOGGING = True
SEND_LOGS = False
FORUM_URL_PREFIX = ""
USER_URL_PREFIX = "/user"
MESSAGE_URL_PREFIX = "/message"
AUTH_URL_PREFIX = "/auth"
ADMIN_URL_PREFIX = "/admin"
REMOVE_DEAD_PLUGINS = Falsenginx
root@bratarina:/root# cat /etc/nginx/sites-enabled/flaskbb
server {
listen 80 default_server;
access_log /var/log/nginx/access.forums.log;
error_log /var/log/nginx/error.forums.log;
location / {
try_files $uri @flaskbb;
}
# Static files
location /static {
alias /opt/flaskbb/flaskbb/static/;
}
location ~ ^/_themes/([^/]+)/(.*)$ {
alias /opt/flaskbb/flaskbb//themes/$1/static/$2;
}
# robots.txt
location /robots.txt {
alias /opt/flaskbb/flaskbb/static/robots.txt;
}
location @flaskbb {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://127.0.0.1:8000;
}
}
root@bratarina:/root# catcat /etc/nginx/sites-available/default | grep -v '^#'
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
root@bratarina:/root# cat /etc/nginx/sites-available/flaskbb | grep -v '^#'
server {
listen 80 default_server;
access_log /var/log/nginx/access.forums.log;
error_log /var/log/nginx/error.forums.log;
location / {
try_files $uri @flaskbb;
}
# Static files
location /static {
alias /opt/flaskbb/flaskbb/static/;
}
location ~ ^/_themes/([^/]+)/(.*)$ {
alias /opt/flaskbb/flaskbb//themes/$1/static/$2;
}
# robots.txt
location /robots.txt {
alias /opt/flaskbb/flaskbb/static/robots.txt;
}
location @flaskbb {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering off;
proxy_pass http://127.0.0.1:8000;
}
}