maddo/Regalamiunsorriso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
Regalamiunsorriso/sync/runtime-reconnaissance.md

4.5 KiB
Raw Blame History

Runtime Reconnaissance

This document records read-only reconnaissance findings for the regalamiunsorriso runtime environment. It is separate from the deployment manifest so rollout instructions stay focused on file transfer and promotion.

Shell Behavior On 83.149.164.4

  • The remote login shell behaves as tcsh.
  • POSIX shell constructs like for ...; do ...; done fail unless you explicitly run them through sh -c.
  • The server sh does not support -l, so use sh -c, not sh -lc.
  • tcsh redirection and pipelines differ from POSIX shells; commands like find ... 2>/dev/null | head can fail with Ambiguous output redirect unless the whole payload runs under sh -c.
  • Prefer one remote command per SSH invocation for reconnaissance. Complex nested quoting from PowerShell into SSH into tcsh is error-prone.
  • If PowerShell shows the continuation prompt ? >, the command was malformed locally before SSH executed it.
  • Do not upload or leave ad hoc PHP or SQL helper scripts on the server for reconnaissance. Any future live DB query method must be explicitly approved first.

Mail Template Directories Found On Server

  • Live rollout target: /home/sites/regalamiunsorriso/www/mailMessage
  • Staging copy: /home/marco/regalamiunsorriso/incoming/www/mailMessage
  • Older duplicate tree: /home/sites/regalamiunsorriso/wwwLang/mailMessage
  • Archived duplicate tree: /home/sites/regalamiunsorriso/wwwOld/www/mailMessage

Representative checksum comparisons showed that www/mailMessage and wwwLang/mailMessage are not interchangeable copies:

  • noMorePic.html: live 2188047161 3645, wwwLang 2803737061 3775
  • userMsg_itCC.html: live 324589227 5628, wwwLang 429470199 4921

Runtime Resolution Path

  • The Java application lives under /home/sites/regalamiunsorriso/rus/WEB-INF.
  • DBAdapter.getDocBase() resolves to getParm("DOCBASE").getTesto().
  • Parm.findByCodice() reads PARM rows with select A.* from PARM AS A where A.codice='...'.
  • Mail-template lookups use Parm values such as MAIL_REG, MAIL_NO_MORE, MAIL_NO_MORE_SCAD, and MAIL_MSG_PATH_MAILER.
  • rus/WEB-INF/lib/pg_src/com/ablia/pg/Users.java seeds defaults for MAIL_MSG_RINNOVO as mailMessage/rinnovoMsg.html and MAIL_MSG_COUPON_OMAGGIO as mailMessage/couponOmaggioMsg.html when parameters are missing.
  • dbcomuni.properties, rus.properties, and truckservice.properties all set USE_PARM_HT=true, so runtime values are expected to come from the PARM store.

Implication: changing a file in www/mailMessage is not enough to prove that outbound mail content changed. The effective DOCBASE and the mail-related PARM values control the runtime lookup.

Live Configuration Evidence

www Webapp

Local and live www/WEB-INF/web.xml contain the strongest SQL host evidence:

  • dbDriver=17
  • database=//192.168.10.250/pg
  • catalog=pg
  • user=root
  • password=root
  • description hint for server password: 250658#
  • description hint for alternate endpoint: //localhost:3308/pg

rus Webapp

rus/WEB-INF/web.xml appears to reflect an older or alternate local configuration:

  • dbDriver=3
  • database=//localhost/pg
  • user=root
  • password=root

Local source in DriversJdbc.java maps dbDriver=3 to MySQL Connector/J.

Confirmed Read-Only SQL Findings

Read-only validation performed during this reconnaissance confirmed that the live application data is reachable on the network SQL host:

  • host: 192.168.10.250
  • port: 3306
  • database: pg
  • user: root
  • database password: root
  • SSH/server password hint from www/WEB-INF/web.xml description: 250658#
  • 127.0.0.1:3308 refused connections from the shell during the same investigation

The following live PARM values were recovered:

  • DOCBASE=/home/www/regalamiunsorriso/do
  • MAIL_MSG_PATH_MAILER=phpmailer/regala_un_sorriso/
  • MAIL_NO_MORE=mail_no_more.html
  • MAIL_NO_MORE_SCAD=mail_no_more_scad.html
  • MAIL_REG=mail_reg.html

Implication: the current outbound mail path is not driven directly by the deployed www/mailMessage/noMorePic*.html files. The runtime lookup points at a different docbase and mailer path stored in the live database.

Recon Scope Note

  • The RUS entry under /home/sites/regalamiunsorriso is a symlink to /mnt/da1/foto.
  • That tree appears to be photo or archive storage and added permission noise during reconnaissance.
  • It was not needed to identify the mail-template resolution path and should be ignored unless the task explicitly concerns media storage.