Beyond
This is the beyond page that an additional post enumeration and assessment are conducted as the root account after compromising the target system.
Firewall (ufw)
root@ubuntu:~# ufw status
Status: active
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
127.0.0.1 27017 ALLOW OUT Anywhere
172.17.0.2 27017 ALLOW OUT Anywhere
6000:6007/tcp ALLOW OUT Anywhere
6000:6007/tcp (v6) ALLOW OUT Anywhere (v6) All rules
backup.sh
root@ubuntu:~# cat backup.sh cat backup.sh
# !/bin/bash
rm -rf /var/www/html/internal/submissions/*
touch /var/www/html/internal/submissions/report1
touch /var/www/html/internal/submissions/report2
touch /var/www/html/internal/submissions/report3
touch /var/www/html/internal/submissions/report4
chown -R www-data:www-data /var/www/html/internal/submissions This was the bash script that the root cronjob process was executing every 2 minutes
Docker
root@ubuntu:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
85b45169ebbf mongo "docker-entrypoint.s…" 4 years ago Up 7 months 127.0.0.1:27017->27017/tcp mongodb85b45169ebbf
85b45169ebbf Container
root@ubuntu:~# docker inspect 85b45169ebbf
[
{
"Id": "85b45169ebbfc0914668fe706828e6f845d143379e73baabcb9e166e9cda08b1",
"Created": "2021-02-23T13:37:09.962499402Z",
"Path": "docker-entrypoint.sh",
"Args": [
"mongod"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 1491,
"ExitCode": 0,
"Error": "",
"StartedAt": "2024-08-03T00:16:57.674565721Z",
"FinishedAt": "2021-02-23T14:13:06.748108561Z"
},
"Image": "sha256:ca8e14b1fda68aedb435fec2a6eaa326cf5633fc57b7e28b5cc37d938ead9edd",
"ResolvConfPath": "/var/lib/docker/containers/85b45169ebbfc0914668fe706828e6f845d143379e73baabcb9e166e9cda08b1/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/85b45169ebbfc0914668fe706828e6f845d143379e73baabcb9e166e9cda08b1/hostname",
"HostsPath": "/var/lib/docker/containers/85b45169ebbfc0914668fe706828e6f845d143379e73baabcb9e166e9cda08b1/hosts",
"LogPath": "/var/lib/docker/containers/85b45169ebbfc0914668fe706828e6f845d143379e73baabcb9e166e9cda08b1/85b45169ebbfc0914668fe706828e6f845d143379e73baabcb9e166e9cda08b1-json.log",
"Name": "/mongodb",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "docker-default",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {
"27017/tcp": [
{
"HostIp": "127.0.0.1",
"HostPort": "27017"
}
]
},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Capabilities": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": [
"/proc/asound",
"/proc/acpi",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/proc/scsi",
"/sys/firmware"
],
"ReadonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/e5c5bc8a5476c90841e5330ce6de134e8436334bf94fc25e649222919f5cfac5-init/diff:/var/lib/docker/overlay2/c6e2702bcbc0cb7ebbf006678ef4635d2b71890ab0f85ad212317c9118c69ce4/diff:/var/lib/docker/overlay2/f5bb962e429aa6e864fe0423b260c74a4e2ec966adb24d5580e7c8df2f2e87c5/diff:/var/lib/docker/overlay2/6578d30b837184689492a5fc326801b4e8cbd54e874db59f3742f9fc97e98860/diff:/var/lib/docker/overlay2/b45ddc9dc0f38760345f7606616763f161e475bccb5534a17fd6e96704a0aabe/diff:/var/lib/docker/overlay2/1a4865b9b8e01afdea16e0f63f1af81571539d2e5fecbe05c0f7422e2d36cd25/diff:/var/lib/docker/overlay2/3096d1796f03a972084d42867d29aca6bef395d9560ae8526454877f5ec55e61/diff:/var/lib/docker/overlay2/0eb817abb10715b9ce8835be12b83583438891a8d04ee2159fc2f37f3dfabbb7/diff:/var/lib/docker/overlay2/9e73e0d59388f1751e99a1a38d6114abf0e40bd67675d854da058f8e4c8c0023/diff:/var/lib/docker/overlay2/3245c995d12b1a0f4cd09009cd4cb8c3ff31c7205500842755caffc585cbbe9b/diff:/var/lib/docker/overlay2/9391120ecbeb17893036377e943fcb42751d28f9f06b0aa5e079e51915d425e4/diff:/var/lib/docker/overlay2/36826d157780d56aca22b1094e16e3cf9522a95f65048644063e5f486accc445/diff:/var/lib/docker/overlay2/5c02aba77d7c918ad1349d7f162ab210abbe8ef7873909c5fd00e5db8a067b14/diff",
"MergedDir": "/var/lib/docker/overlay2/e5c5bc8a5476c90841e5330ce6de134e8436334bf94fc25e649222919f5cfac5/merged",
"UpperDir": "/var/lib/docker/overlay2/e5c5bc8a5476c90841e5330ce6de134e8436334bf94fc25e649222919f5cfac5/diff",
"WorkDir": "/var/lib/docker/overlay2/e5c5bc8a5476c90841e5330ce6de134e8436334bf94fc25e649222919f5cfac5/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "volume",
"Name": "7c97fc6f9e2fe4e18a49b59d5b6c65386c8fb0e76742d73df53da08eb0eda840",
"Source": "/var/lib/docker/volumes/7c97fc6f9e2fe4e18a49b59d5b6c65386c8fb0e76742d73df53da08eb0eda840/_data",
"Destination": "/data/configdb",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "22c4b69b5d9f485aafc6d65c6bd657895b38c03a9e53bc56579f51428e58fee2",
"Source": "/var/lib/docker/volumes/22c4b69b5d9f485aafc6d65c6bd657895b38c03a9e53bc56579f51428e58fee2/_data",
"Destination": "/data/db",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "85b45169ebbf",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"27017/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"GOSU_VERSION=1.12",
"JSYAML_VERSION=3.13.1",
"GPG_KEYS=20691EEC35216C63CAF66CE1656408E390CFB1F5",
"MONGO_PACKAGE=mongodb-org",
"MONGO_REPO=repo.mongodb.org",
"MONGO_MAJOR=4.4",
"MONGO_VERSION=4.4.3"
],
"Cmd": [
"mongod"
],
"Image": "mongo",
"Volumes": {
"/data/configdb": {},
"/data/db": {}
},
"WorkingDir": "",
"Entrypoint": [
"docker-entrypoint.sh"
],
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "a26ae0e00650cd1b033e5f195040c0dab31df1fc4bcd975580f0d7a1b1743ee4",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"27017/tcp": [
{
"HostIp": "127.0.0.1",
"HostPort": "27017"
}
]
},
"SandboxKey": "/var/run/docker/netns/a26ae0e00650",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "5c9eafbb6b46d30d3171136a5f2b9e8ab05c12db730294124db9122e2271df21",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "4ef3cc007da93fd0c79158e9b5c03d5ca4857d90375df8e4560bb28a21690f1c",
"EndpointID": "5c9eafbb6b46d30d3171136a5f2b9e8ab05c12db730294124db9122e2271df21",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]