else                                                                              echo -n "NO"                                                                  fi                                                                              admin@i-08604040ea56a1548:~$ file kihei                                         kihei: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Gadmin@i-08604040ea56a1548:~$ ./kihei                                            panic: exit status 1                                                                                                                                            goroutine 1 [running]:                                                          main.main()                                                                             ./main.go:64 +0x47d                                                     admin@i-08604040ea56a1548:~$ which vim                                          /usr/bin/vim                                                                    admin@i-08604040ea56a1548:~$ vim -b kihei                                       (gdb) e.in runtime/sys_linux_amd64.so such file or directory.in at main.go:16   

admin@i-095e18688feef4e03:~$ cd /home/admin/kihei                               bash: cd: /home/admin/kihei: Not a directory                                    admin@i-095e18688feef4e03:~$ ls                                                 agent  data  datafile  kihei                                                    admin@i-095e18688feef4e03:~$ cd                                                 

udp        0      0 0.0.0.0:68              0.0.0.0:*                           udp6       0      0 fe80::813:15ff:fe50:546 :::*                                udp6       0      0 ::1:323                 :::*                                Active UNIX domain sockets (only servers)                                       Proto RefCnt Flags       Type       State         I-Node   PID/Program name     unix  2      [ ACC ]     STREAM     LISTENING     9661     -                    unix  2      [ ACC ]     STREAM     LISTENING     10561    -                    unix  2      [ ACC ]     STREAM     LISTENING     10563    -                    unix  2      [ ACC ]     STREAM     LISTENING     9615     -                    unix  2      [ ACC ]     STREAM     LISTENING     9617     -                    unix  2      [ ACC ]     STREAM     LISTENING     9618     -                    unix  2      [ ACC ]     STREAM     LISTENING     9630     -                    unix  2      [ ACC ]     STREAM     LISTENING     9638     -                    unix  2      [ ACC ]     SEQPACKET  LISTENING     9640     -                    admin@i-05f9095b8fa200e0d:~$ ls                                                 

                                                                                if [[ "$actual_checksum" == "$expected_checksum" ]]; then                         echo -n "OK"                                                                  else                                                                              echo -n "NO"                                                                  fiadmin@i-053e95096bbd62d08:~/agent$ file sadagent                              sadagent: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linke-linux-x86-64.so.2, Go BuildID=H6A8cVluPFUvaNojVwMi/C5t-5rNiA5GJLWeSm5Qz/KXfivG_EPr4lPEnoe, not stripped                                                        admin@i-053e95096bbd62d08:~/agent$ cd ..                                        admin@i-053e95096bbd62d08:~$ ls                                                 agent  webserver.py                                                             admin@i-053e95096bbd62d08:~$ cat webserver.py                                   cat: webserver.py: Permission denied                                            admin@i-053e95096bbd62d08:~$ ls                                                 

admin@i-07ee6b558ede8f810:~$ file /home/admin/kihei                             /home/admin/kihei: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), staticalolUanvRPB7DWhc7e4I/nM83nW4qxDvf9asNaf7E/5u1Qa6jnFvq2KL4kV5G1/6IwNz7tVbey9uC58oKsadmin@i-07ee6b558ede8f810:~$ lsof /home/admin/kihei                             admin@i-07ee6b558ede8f810:~$ ls -l /home/admin/kihei                            -rwxr-xr-x 1 admin root 2207109 Sep 17  2023 /home/admin/kihei                  admin@i-07ee6b558ede8f810:~$ man strace                                         

admin@i-0a272b4b7909988f7:~$ ss -tunlp                                          

Unauthorizedadmin@i-09ceaaf94time curl http://127.0.0.1:50007.0.0.1:5000        Unauthorized                                                                    real    0m0.017s                                                                user    0m0.008s                                                                sys     0m0.008s                                                                admin@i-09ceaaf94b2b4036f:~$ curl http://localhost:5000                         Unauthorizedadmin@i-09ceaaf94curl -I -L http://localhost:5000calhost:5000       HTTP/1.1 200 OK                                                                 Server: Werkzeug/2.3.7 Python/3.9.2                                             Date: Fri, 03 Jan 2025 15:53:33 GMT                                             Content-Type: text/html; charset=utf-8                                          Content-Length: 12                                                              Connection: close                                                                                                                                               admin@i-09ceaaf94b2b4036f:~$                                                    

lrwxrwxrwx  1 root root       8 Nov  7  2019  ypdomainname -> hostname          -rwxr-xr-x  1 root root    2.0K Apr 10  2022  zcat                              -rwxr-xr-x  1 root root    1.7K Apr 10  2022  zcmp                              -rwxr-xr-x  1 root root    5.8K Apr 10  2022  zdiff                             -rwxr-xr-x  1 root root     23K Apr 19  2023  zdump                             -rwxr-xr-x  1 root root      29 Apr 10  2022  zegrep                            -rwxr-xr-x  1 root root      29 Apr 10  2022  zfgrep                            -rwxr-xr-x  1 root root    2.1K Apr 10  2022  zforce                            -rwxr-xr-x  1 root root    7.9K Apr 10  2022  zgrep                             -rwxr-xr-x  1 root root     51K Sep 24  2021  zipdetails                        -rwxr-xr-x  1 root root    2.2K Apr 10  2022  zless                             -rwxr-xr-x  1 root root    1.8K Apr 10  2022  zmore                             -rwxr-xr-x  1 root root    4.5K Apr 10  2022  znew                              admin@i-09caab26a6727cfcc:/usr/bin$ cd                                          admin@i-09caab26a6727cfcc:~$                                                    

-rw------- 1 admin admin  269 Jan  2 11:38 .bash_history                        -rw-r--r-- 1 admin admin  220 Aug  4  2021 .bash_logout                         -rw-r--r-- 1 admin admin 3526 Aug  4  2021 .bashrc                              drwxr-xr-x 3 admin admin 4096 Sep 20  2023 .config                              drwxr-xr-x 3 admin admin 4096 Jan  2 11:37 .local                               -rw-r--r-- 1 admin admin  807 Aug  4  2021 .profile                             drwx------ 2 admin admin 4096 Sep 17  2023 .ssh                                 -rw-r--r-- 1 admin admin 1024 Jan  2 11:37 .webserver.py.swp                    drwxr-xr-x 2 admin root  4096 Sep 24  2023 agent                                -rwxrwx--- 1 root  root   360 Sep 24  2023 webserver.py                         admin@i-0f995f369ab3b4d0d:~$ ls .config/                                        asciinema                                                                       admin@i-0f995f369ab3b4d0d:~$ less .webserver.py.swp                             ".webserver.py.swp" may be a binary file.  See it anyway?                       admin@i-0f995f369ab3b4d0d:~$ cat .bashr                                         

  WARNING: Running as a non-root user. Functionality may be unavailable.          /run/lock/lvm/P_global:aux: open failed: Permission denied                    admin@i-0c12183255fc7984a:~$ sudo pvcreate /dev/nvme1n1 /dev/nvme2n1              Physical volume "/dev/nvme1n1" successfully created.                            Physical volume "/dev/nvme2n1" successfully created.                          admin@i-0c12183255fc7984a:~$ sudo vgcreate vg /dev/nvme1n1 /dev/nvme2n1           Volume group "vg" successfully created                                        admin@i-0c12183255fc7984a:~$ lvcreate -n lv -l 100%FREE vg                        WARNING: Running as a non-root user. Functionality may be unavailable.          /dev/mapper/control: open failed: Permission denied                             Failure to communicate with kernel device-mapper driver.                        Incompatible libdevmapper 1.02.175 (2021-01-08) and kernel driver (unknown ver  striped: Required device-mapper target(s) not detected in your kernel.          Run `lvcreate --help' for more information.                                   admin@i-0c12183255fc7984a:~$ lvcreate -n lv -l 100%FREE vg                      

admin@i-098254eea58bd89b7:~$ ls -la                                             total 5245080                                                                   drwxr-xr-x 7 admin admin       4096 Jan  2 08:54 .                              drwxr-xr-x 3 root  root        4096 Sep 17  2023 ..                             drwx------ 3 admin admin       4096 Sep 17  2023 .ansible                       -rw-r--r-- 1 admin admin        220 Aug  4  2021 .bash_logout                   -rw-r--r-- 1 admin admin       3526 Aug  4  2021 .bashrc                        drwxr-xr-x 3 admin admin       4096 Jan  2 08:54 .config                        -rw-r--r-- 1 admin admin        807 Aug  4  2021 .profile                       drwx------ 2 admin admin       4096 Sep 17  2023 .ssh                           drwxr-xr-x 2 admin root        4096 Sep 17  2023 agent                          drwxr-xr-x 2 admin root        4096 Sep 17  2023 data                           -rw-r--r-- 1 root  root  5368709120 Sep 17  2023 datafile                       -rwxr-xr-x 1 admin root     2207109 Sep 17  2023 kihei                          admin@i-098254eea58bd89b7:~$ ln -s /home/admin/datafile                         

admin@i-0d285af1bf9841b85:~$ df -h                                              Filesystem       Size  Used Avail Use% Mounted on                               udev             217M     0  217M   0% /dev                                     tmpfs             46M  368K   46M   1% /run                                     /dev/nvme0n1p1   7.7G  6.1G  1.2G  84% /                                        tmpfs            228M   12K  228M   1% /dev/shm                                 tmpfs            5.0M     0  5.0M   0% /run/lock                                /dev/nvme0n1p15  124M  5.9M  118M   5% /boot/efi                                admin@i-0d285af1bf9841b85:~$ ./kihei                                            panic: exit status 1                                                                                                                                            goroutine 1 [running]:                                                          main.main()                                                                             ./main.go:64 +0x47d                                                     admin@i-0d285af1bf9841b85:~$                                                    

Jan 02 08:42:39 i-06e56fbb61602f300 python3[580]: 127.0.0.1 - - [02/Jan/2025 08:admin@i-06e56fbb61602f300:~$ curl http://127.0.0.1:5000                         Unauthorizedadmin@i-06e56fbb61602f300:~$ sudo su                                                                                                                We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                                                                                                      [2]+  Stopped                 sudo su                                           admin@i-06e56fbb61602f300:~$                                                    

                                                                                    #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                    admin@i-033b6c6ec40e2452e:~$ lsof -i :5000                                      admin@i-033b6c6ec40e2452e:~$ netstat -ano | findstr :5000                       bash: findstr: command not found                                                admin@i-033b6c6ec40e2452e:~$ ls                                                 agent  webserver.py                                                             admin@i-033b6c6ec40e2452e:~$ cat webserver.py                                   cat: webserver.py: Permission denied                                            admin@i-033b6c6ec40e2452e:~$ cat webserver.py