root 66 0.0 0.0 0 0 ? I 02:53 0:00 [kworker/0:2-cgroup_destroy] root 75 0.0 0.0 0 0 ? I< 02:53 0:00 [kstrp] root 80 0.0 0.0 0 0 ? I< 02:53 0:00 [kworker/u5:0] root 116 0.0 0.0 0 0 ? I< 02:53 0:00 [ena] root 117 0.0 0.0 0 0 ? I 02:53 0:00 [kworker/1:2-events] root 136 0.0 0.0 0 0 ? S 02:53 0:00 [jbd2/nvme0n1p1-] root 137 0.0 0.0 0 0 ? I< 02:53 0:00 [ext4-rsv-conver] root 201 0.1 2.7 56588 12672 ? Ss 02:54 0:00 /lib/systemd/systemd-journald root 218 0.0 1.1 19456 5168 ? Ss 02:54 0:00 /lib/systemd/systemd-udevd root 246 0.0 0.0 0 0 ? I< 02:54 0:00 [cryptd] root 323 0.0 0.0 0 0 ? I 02:54 0:00 [kworker/0:3-events] root 399 0.0 1.2 99884 5828 ? Ssl 02:54 0:00 /sbin/dhclient -4 -v -i -pf /run/dhclient.ens5.pid -lf /var/lib/dhcp/dhclient.ens5.leases -I -df /var/ root 473 0.0 1.2 99884 5668 ? Ssl 02:54 0:00 /sbin/dhclient -6 -v -pf /run/dhclient6.ens5.pid -lf /var/lib/dhcp/dhclient6.ens5.leases -I -df /var/l admin 568 0.2 2.7 1230664 12700 ? S<sl 02:54 0:00 /usr/local/gotty --permit-write --reconnect --max-connection 5 bash -l admin 569 0.0 2.1 1080680 10236 ? S<sl 02:54 0:00 /home/admin/agent/sadagent root 572 0.0 0.5 5636 2640 ? Ss 02:54 0:00 /usr/sbin/cron -f message+ 573 0.0 0.8 7864 3748 ? Ss 02:54 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-on root 585 0.0 0.9 220796 4336 ? Ssl 02:54 0:00 /usr/sbin/rsyslogd -n -iNONE root 588 0.1 1.4 13488 6828 ? Ss 02:54 0:00 /lib/systemd/systemd-logind root 593 0.1 0.3 2872 1740 tty1 Ss+ 02:54 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux root 594 0.0 0.4 4396 2008 ttyS0 Ss+ 02:54 0:00 /sbin/agetty -o -p -- \u --keep-baud 115200,57600,38400,9600 ttyS0 vt220 _chrony 596 0.0 0.7 10856 3592 ? S 02:54 0:00 /usr/sbin/chronyd -F 1 root 597 0.0 1.5 13348 7212 ? Ss 02:54 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups _chrony 598 0.0 0.1 10724 548 ? S 02:54 0:00 /usr/sbin/chronyd -F 1 root 618 0.1 3.7 26612 17364 ? Ss 02:54 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal root 673 0.0 0.0 0 0 ? I 02:54 0:00 [kworker/1:3-mm_percpu_wq] admin 676 0.0 0.7 5920 3672 pts/0 S<s+ 02:55 0:00 bash -l admin 678 0.4 4.1 98188 19260 pts/0 R<l+ 02:55 0:00 /usr/bin/python3 /usr/bin/asciinema rec -t kihei/i-0df1765d381c3a083 -q -i 2 /var/log/cast/i-0df1765d3 admin 681 0.0 3.0 24456 14444 pts/0 R<+ 02:55 0:00 /usr/bin/python3 /usr/bin/asciinema rec -t kihei/i-0df1765d381c3a083 -q -i 2 /var/log/cast/i-0df1765d3 admin 682 0.0 0.1 2480 572 pts/1 S<s 02:55 0:00 sh -c /bin/bash admin 683 0.0 0.9 6820 4536 pts/1 S< 02:55 0:00 /bin/bash admin 716 0.0 0.6 8648 3136 pts/1 R<+ 02:56 0:00 ps -aux admin@i-0df1765d381c3a083:~$ ps -aux | grep kihei admin 678 0.4 4.1 98188 19260 pts/0 S<l+ 02:55 0:00 /usr/bin/python3 /usr/bin/asciinema rec -t kihei/i-0df1765d381c3a083 -q -i 2 /var/log/cast/i-0df1765d381c3a083 admin 681 0.0 3.0 24456 14444 pts/0 S<+ 02:55 0:00 /usr/bin/python3 /usr/bin/asciinema rec -t kihei/i-0df1765d381c3a083 -q -i 2 /var/log/cast/i-0df1765d381c3a083 admin 718 0.0 0.1 5264 704 pts/1 S<+ 02:56 0:00 grep kihei admin@i-0df1765d381c3a083:~$ ls agent data datafile kihei admin@i-0df1765d381c3a083:~$
kihei/i-0df1765d381c3a083
by SadServersMore by SadServers
drwxr-xr-x 2 admin root 4096 Sep 24 23:20 agent -rwxrwx--- 1 root root 360 Sep 24 23:20 webserver.py admin@i-0607715dd43c3c574:~$ sudo vi webserver.py We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin: sudo: a password is required admin@i-0607715dd43c3c574:~$ curl localhost:5000 Unauthorizedadmin@i-0607715dd43c3c574:~$ curl localhost:5000
paris/i-0607715dd43c3c574 01:22
by SadServersed find: ‘./var/log/private’: Permission denied find: ‘./var/log/chrony’: Permission denied find: ‘./var/lib/private’: Permission denied find: ‘./var/lib/apt/lists/partial’: Permission denied find: ‘./var/lib/chrony’: Permission denied admin@i-0454b5c96348909f7:/$ ^C admin@i-0454b5c96348909f7:/$ ^C admin@i-0454b5c96348909f7:/$ find . -type f -iname "webserver.py" 2>/dev/null ./home/admin/webserver.py admin@i-0454b5c96348909f7:/$ pwd / admin@i-0454b5c96348909f7:/$ less a9da3e83a611 a9da3e83a611: No such file or directory admin@i-0454b5c96348909f7:/$ less /h
paris/i-0454b5c96348909f7 05:15
by SadServersWe trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin: Sorry, try again. [sudo] password for admin: sudo: 1 incorrect password attempt admin@i-066efd15b3da3bd70:~$ lsof -n -i:5000 admin@i-066efd15b3da3bd70:~$ ls agent webserver.py admin@i-066efd15b3da3bd70:~$ ls