# The program is typically sudo, sudoers.so, sudoreplay or visudo.              #                                                                               # Subsystems vary based on the program; "all" matches all subsystems.           # Priority may be crit, err, warn, notice, diag, info, trace or debug.          # Multiple subsystem@priority may be specified, separated by a comma.           #                                                                               #Debug sudo /var/log/sudo_debug all@debug                                       #Debug sudoers.so /var/log/sudoers_debug all@debug                              admin@i-020f08eb573cc1e85:~$ ls                                                 agent  webserver.py                                                             admin@i-020f08eb573cc1e85:~$ cat /etc/sudo                                      sudo.conf          sudo_logsrvd.conf  sudoers            sudoers.d/             admin@i-020f08eb573cc1e85:~$ cat /etc/sudoers                                   cat: /etc/sudoers: Permission denied                                            admin@i-020f08eb573cc1e85:~$                                                    

e2scrub_all.service                    static          -                        e2scrub_fail@.service                  static          -                        e2scrub_reap.service                   enabled         enabled                  emergency.service                      static          -                        flaskapp.service                       enabled         enabled                  fstrim.service                         static          -                        getty-static.service                   static          -                        getty@.service                         enabled         enabled                  gotty.service                          enabled         enabled                  hwclock.service                        masked          enabled                  ifup@.service                          static          -                        ifupdown-pre.service                   static          -                        ifupdown-wait-online.service           disabled        enabled                  initrd-cleanup.service                 static          -                        lines 14-50/235 23%                                                             

admin@i-09c028dc5e3afb94c:~$ ls             agent  webserver.py                         admin@i-09c028dc5e3afb94c:~$                

-rw-r--r-- 1 root  root  5.0G Sep 17  2023 datafile                             -rw-r--r-- 1 admin admin    0 Jan 13 17:20 filename                             -rwxr-xr-x 1 admin root  2.2M Sep 17  2023 kihei                                admin@i-0047ee52a79ccc54f:~$ ./kihei                                            panic: exit status 1                                                                                                                                            goroutine 1 [running]:                                                          main.main()                                                                             ./main.go:64 +0x47d                                                     admin@i-0047ee52a79ccc54f:~$ rm filename                                        admin@i-0047ee52a79ccc54f:~$ > datafile                                         bash: datafile: Permission denied                                               admin@i-0047ee52a79ccc54f:~$ cp /dev/null datafile                              cp: cannot create regular file 'datafile': Permission denied                    admin@i-0047ee52a79ccc54f:~$                                                    

97764   /usr/lib/python3/dist-packages                                          71928   /usr/share/locale                                                       69244   /usr/lib/modules                                                        69240   /usr/lib/modules/5.10.0-8-cloud-amd64                                   sort: write failed: 'standard output': Broken pipe                              sort: write error                                                               admin@i-06c640c37d10bfc6a:/$ lsblk -l                                           NAME       MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT                                  nvme0n1    259:0    0    8G  0 disk                                             nvme0n1p1  259:1    0  7.9G  0 part /                                           nvme0n1p14 259:2    0    3M  0 part                                             nvme0n1p15 259:3    0  124M  0 part /boot/efi                                   nvme2n1    259:4    0    1G  0 disk                                             nvme1n1    259:5    0    1G  0 disk                                             admin@i-06c640c37d10bfc6a:/$ pvcreate /dev/m                                    

admin@i-0f34322039927622b:~$ ls -la                                             total 44                                                                        drwxr-xr-x 6 admin admin 4096 Sep 24  2023 .                                    drwxr-xr-x 3 root  root  4096 Sep 17  2023 ..                                   drwx------ 3 admin admin 4096 Sep 20  2023 .ansible                             -rw------- 1 admin admin  441 Jan 12 18:26 .bash_history                        -rw-r--r-- 1 admin admin  220 Aug  4  2021 .bash_logout                         -rw-r--r-- 1 admin admin 3526 Aug  4  2021 .bashrc                              drwxr-xr-x 3 admin admin 4096 Sep 20  2023 .config                              -rw-r--r-- 1 admin admin  807 Aug  4  2021 .profile                             drwx------ 2 admin admin 4096 Sep 17  2023 .ssh                                 drwxr-xr-x 2 admin root  4096 Sep 24  2023 agent                                -rwxrwx--- 1 root  root   360 Sep 24  2023 webserver.py                         admin@i-0f34322039927622b:~$ cd .ansible/                                       admin@i-0f34322039927622b:~/.ansible$                                           

tmpfs                5120       0      5120   0% /run/lock                      /dev/nvme0n1p15    126678    6016    120662   5% /boot/efi                      admin@i-02b891be31c49d985:~$ df -u                                              df: invalid option -- 'u'                                                       Try 'df --help' for more information.                                           admin@i-02b891be31c49d985:~$ du                                                 11140   ./agent                                                                 4       ./.ansible/tmp                                                          8       ./.ansible                                                              4       ./data                                                                  8       ./.config/asciinema                                                     12      ./.config                                                               8       ./.ssh                                                                  5256228 .                                                                       admin@i-02b891be31c49d985:~$                                                    

  -help                                                                                 Display help                                                              -v    Verbose mode (print extra info)                                           -verbose                                                                              Verbose mode (print extra info)                                         admin@i-06053c8a5aeec1e0f:~$ ./kihei -v]                                        flag provided but not defined: -v]                                              Usage of ./kihei:                                                                 -h    Display help                                                              -help                                                                                 Display help                                                              -v    Verbose mode (print extra info)                                           -verbose                                                                              Verbose mode (print extra info)                                         admin@i-06053c8a5aeec1e0f:~$                                                    

admin        681  0.0  0.9   6740  4532 pts/0    S<s+ 17:03   0:00 bash -l      admin        685  0.0  4.1  98188 19252 pts/0    R<l+ 17:03   0:00 /usr/bin/pythadmin        688  0.0  3.0  24456 14384 pts/0    S<+  17:03   0:00 /usr/bin/pythadmin        689  0.0  0.1   2480   572 pts/1    S<s  17:03   0:00 sh -c /bin/baadmin        690  0.0  1.0   6952  4716 pts/1    S<   17:03   0:00 /bin/bash    admin        834  0.0  0.6   8648  3240 pts/1    R<+  17:07   0:00 ps -aux      admin@i-0855e77fc64d64a54:~$ cat /home/admin/webserver                          cat: /home/admin/webserver: No such file or directory                           admin@i-0855e77fc64d64a54:~$ ls /home/admin/                                    agent  webserver.py                                                             admin@i-0855e77fc64d64a54:~$ cat /home/admin/webserver.py                       cat: /home/admin/webserver.py: Permission denied                                admin@i-0855e77fc64d64a54:~$ ls -l /home/admin/webserver.py                     -rwxrwx--- 1 root root 360 Sep 24  2023 /home/admin/webserver.py                admin@i-0855e77fc64d64a54:~$                                                    

admin@i-00b2e441867394a24:~$ curl -A "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) GWelcome! Password is FDZPmh5AX3oiJtadmin@i-00b2e441867394a24:~$                 

admin@i-0ce34773b1621d3d7:~$ sudo cat webserver.py                                                                                                              We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                    admin@i-0ce34773b1621d3d7:~$ curl localhost:5000                                Unauthorizedadmin@i-0ce34773b1621d3d7:~$ git status                             bash: git: command not found                                                    admin@i-0ce34773b1621d3d7:~$                                                    

-rw-r--r-- 1 admin admin  807 Aug  4  2021 .profile                             drwx------ 2 admin admin 4096 Sep 17  2023 .ssh                                 drwxr-xr-x 2 admin root  4096 Sep 24  2023 agent                                -rwxrwx--- 1 root  root   360 Sep 24  2023 webserver.py                         admin@i-049d7de41c1f65c5b:~$ python webserver.py                                bash: python: command not found                                                 admin@i-049d7de41c1f65c5b:~$ python3 webserver.py                               python3: can't open file '/home/admin/webserver.py': [Errno 13] Permission denieadmin@i-049d7de41c1f65c5b:~$ systemctl status | grep nginx                                     └─838 grep nginx                                                 admin@i-049d7de41c1f65c5b:~$ ls                                                 agent  webserver.py                                                             admin@i-049d7de41c1f65c5b:~$ ls agent                                           check.sh  sadagent  sadagent.txt                                                admin@i-049d7de41c1f65c5b:~$ curl localhost:50000                               

*flag.int64Value,flag.Valuego.itab.*flag.stringValue,flag.Valuego.itab.*flag.uin*flag.uint64Value,flag.Valuego.itab.*strings.Builder,io.Writergo.itab.*errors.ermt.wrapError,errorgo.itab.*fmt.pp,fmt.Statego.itab.*os.File,io.Readergo.itab.systab.*io/fs.PathError,errorgo.itab.*os.SyscallError,errorgo.itab.syscall.Errno,erio.Writergo.itab.*os.fileStat,io/fs.FileInfogo.itab.*io.LimitedReader,io.Readerggo.itab.*os/exec.ExitError,errorgo.itab.*os/exec.Error,errorgo.itab.*bufio.Reader.UnknownUserIdError,errorgo.itab.*internal/reflectlite.rtype,internal/reflectliizeError,errorgo.itab.*internal/fmtsort.SortedMap,sort.Interfacego.itab.runtime.t_cgo_thread_start_cgo_notify_runtime_init_done_cgo_callers_cgo_yield_cgo_mmap_cntime.mainPCgo.itab.*internal/poll.DeadlineExceededError,errorgo.itab.internal/pntime.defaultGOROOT.strruntime.buildVersion.strruntime.modinfo.strtype.*runtime.7ca6b7f6d7f0fe:~$ ^C                                                            admin@i-08b7ca6b7f6d7f0fe:~$ ^C                                                 admin@i-08b7ca6b7f6d7f0fe:~$ ^C                                                 admin@i-08b7ca6b7f6d7f0fe:~$                                                    

char             hugepages     null        nvme2n1    sdc       tty10  tty2   tt   vcsa6  vhost-net                                                             console          initctl       nvme0       nvme2n1p1  sdc1      tty11  tty20  tt   vcsu   vhost-vsock                                                           core             input         nvme0n1     nvram      shm       tty12  tty21  tt   vcsu1  xvda                                                                  cpu_dma_latency  kmsg          nvme0n1p1   ptmx       snapshot  tty13  tty22  tt   vcsu2  xvda1                                                                 cuse             log           nvme0n1p14  pts        stderr    tty14  tty23  tt   vcsu3  xvda14                                                                disk             loop-control  nvme0n1p15  random     stdin     tty15  tty24  tt1  vcsu4  xvda15                                                                fd               mapper        nvme1       rtc        stdout    tty16  tty25  tt2  vcsu5  zero                                                                  admin@i-017a05d8d0b9fbe51:~$ lvcreate merged -n merged