Beyond
This is the beyond page that an additional post enumeration and assessment are conducted as the root user after compromising the target system.
supervisor
user@pc:/home/user$ systemctl status supervisor
● supervisor.service - Supervisor process control system for UNIX
Loaded: loaded (/lib/systemd/system/supervisor.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2024-08-03 02:28:59 UTC; 7 months 23 days ago
Docs: http://supervisord.org
Main PID: 860 (supervisord)
Tasks: 8 (limit: 2256)
Memory: 485.0M
CGroup: /system.slice/supervisor.service
├─ 860 /usr/bin/python3 /usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
├─ 1040 python3 /opt/rpc.py
├─ 1041 /snap/ttyd/199/usr/bin/ttyd -p 8000 -w /home/user/ -W bash
├─11409 gpg-agent --homedir /home/user/.gnupg --use-standard-socket --daemon
├─36326 bash
├─36443 systemctl status supervisor
└─36444 pager/lib/systemd/system/supervisor.service
user@pc:/home/user$ cat /lib/systemd/system/supervisor.service
[Unit]
Description=Supervisor process control system for UNIX
Documentation=http://supervisord.org
After=network.target
[Service]
ExecStart=/usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
ExecStop=/usr/bin/supervisorctl $OPTIONS shutdown
ExecReload=/usr/bin/supervisorctl -c /etc/supervisor/supervisord.conf $OPTIONS reload
KillMode=process
Restart=on-failure
RestartSec=50s
[Install]
WantedBy=multi-user.target/etc/supervisor/supervisord.conf
/etc/supervisor/supervisord.conf
user@pc:/home/user$ cat /etc/supervisor/supervisord.conf | grep -v '^[#/]'
; supervisor config file
[unix_http_server]
file=/var/run/supervisor.sock ; (the path to the socket file)
chmod=0700 ; sockef file mode (default 0700)
[supervisord]
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.confconf.d
user@pc:/home/user$ cat /etc/supervisor/conf.d/rpc.conf
[program:rpc]
user=root
command=python3 /opt/rpc.py
nodaemon=false
autostart=true
autorestart=true
stderr_logfile=/var/log/python.err.log
stdout_logfile=/var/log/python.out.log
user@pc:/home/user$ cat /etc/supervisor/conf.d/ttyd.conf
[program:ttyd]
user=user
command=ttyd -p 8000 -w /home/user/ -W bash
nodaemon=false
autostart=true
autorestart=true
stderr_logfile=/var/log/python.err.log
stdout_logfile=/var/log/python.out.log