-
Notifications
You must be signed in to change notification settings - Fork 70
Exfiltrated Data
alxk edited this page Jun 28, 2018
·
3 revisions
A Web UI for dref is currently under development. In the mean time the exfiltrated data can be viewed from the MongoDB database.
SSH into the box running dref and list the running Docker containers:
root@dref:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0544c5a454c6 node:9.11.1-alpine "sh -c 'npm install …" 28 minutes ago Up 28 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:8000->80/tcp, 0.0.0.0:8080->80/tcp, 0.0.0.0:8888->80/tcp deploy_api_1
b3591d487367 node:9.11.1-alpine "sh -c 'npm install …" 28 minutes ago Up 28 minutes 0.0.0.0:53->53/udp deploy_dns_1
6fbb5e0f1a67 node:9.11.1-alpine "sh -c 'npm install …" 28 minutes ago Up 28 minutes deploy_scripts_1
00bd2456a9b6 mongo:3.6.5-jessie "docker-entrypoint.s…" 28 minutes ago Up 28 minutes 27017/tcp deploy_mongo_1
The MongoDB database is the last container in the output above. You can get an interactive MongoDB shell directly on the dref database with the following command:
$ docker exec -it $(docker ps | grep mongo | awk '{print $1}') mongo dref
From there you can list any exfiltrated data from the logs
collection:
> db.logs.find()
Please refer to the MongoDB documentation for more information.