admin@i-0300b63fb986ef336:~/.local$ cd /var/www                                 bash: cd: /var/www: No such file or directory                                   admin@i-0300b63fb986ef336:~/.local$ ls                                          share                                                                           admin@i-0300b63fb986ef336:~/.local$ cd ..                                       admin@i-0300b63fb986ef336:~$ ls                                                 agent  webserver.py                                                             admin@i-0300b63fb986ef336:~$ tail webserver.py                                  tail: cannot open 'webserver.py' for reading: Permission denied                 admin@i-0300b63fb986ef336:~$ tail .webserver.py.swp                             b0nano 5.4�admini-0300b63fb986ef336webserver.pyadmin@i-0300b63fb986ef336:~$ nanoadmin@i-0300b63fb986ef336:~$ cat .webserver.py.swp                              b0nano 5.4�admini-0300b63fb986ef336webserver.pyadmin@i-0300b63fb986ef336:~$ cat b0nano 5.4�admini-0300b63fb986ef336webserver.pyadmin@i-0300b63fb986ef336:~$ nanoadmin@i-0300b63fb986ef336:~$ echo "somepassword" > ~/mysolution                 

drwxr-xr-x 2 admin root        4096 Sep 17 17:28 data                           -rw-r--r-- 1 root  root  5368709120 Sep 17 17:28 datafile                       -rwxr-xr-x 1 admin root     2207109 Sep 17 17:28 kihei                          admin@i-0847c56ed353b4fb9:~$ sudo -l                                            Matching Defaults entries for admin on i-0847c56ed353b4fb9:                         env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sn                                                                                                                                                               User admin may run the following commands on i-0847c56ed353b4fb9:                   (ALL : ALL) ALL                                                                 (ALL) NOPASSWD: ALL                                                             (ALL) NOPASSWD: ALL                                                             (ALL) NOPASSWD: ALL                                                             (ALL) NOPASSWD: /sbin/shutdown                                              admin@i-0847c56ed353b4fb9:~$ rm .bash                                           

admin@i-04a70a1cb57af9522:~$ pwd                                                /home/admin                                                                     admin@i-04a70a1cb57af9522:~$ dotdotpwn -m -h  localhost:5000                    

                                                                                              Passing  on  a "Transfer-Encoding: chunked" header when doing a HT              quest body, will make curl send the data using chunked encoding.                                                                                                Example:                                                                                                                                                         curl -H "X-First-Name: Joe" http://example.com/                                                                                                                WARNING: headers set with this option will be set in all requests               rects are followed, like when told with -L, --location. This can l              ing sent to other hosts than the original host, so sensitive  head              with caution combined with following redirects.                                                                                                                 This option can be used multiple times to add/replace/remove multi Manual page curl(1) line 1104 (press h for help or q to quit)