root 55 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [acpi_thermal_pm] root 56 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [nvme-wq] root 57 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [nvme-reset-wq] root 58 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [nvme-delete-wq] root 59 0.0 0.0 0 0 ? I 10:31 0:00 \_ [kworker/u4:1-events_unbound] root 60 0.0 0.0 0 0 ? I 10:31 0:00 \_ [kworker/u4:2-events_unbound] root 62 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [kworker/0:1H-kblockd] root 63 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [ipv6_addrconf] root 72 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [kstrp] root 77 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [kworker/u5:0] root 113 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [ena] root 131 0.0 0.0 0 0 ? S 10:31 0:00 \_ [jbd2/nvme0n1p1-] root 132 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [ext4-rsv-conver] root 193 0.0 0.0 0 0 ? I 10:31 0:00 \_ [kworker/1:2-events] root 234 0.0 0.0 0 0 ? I< 10:31 0:00 \_ [cryptd] root 313 0.0 0.0 0 0 ? I 10:31 0:00 \_ [kworker/0:3-events] root 370 0.0 0.0 0 0 ? I 10:32 0:00 \_ [kworker/u4:3-events_unbound] root 679 0.0 0.0 0 0 ? I 10:32 0:00 \_ [kworker/1:3-events] root 756 0.0 0.0 0 0 ? I 10:34 0:00 \_ [kworker/u4:4] root 1 0.7 2.0 98152 9688 ? Ss 10:31 0:02 /sbin/init root 194 0.1 2.7 64788 12744 ? Ss 10:31 0:00 /lib/systemd/systemd-journald root 211 0.0 1.1 19536 5348 ? Ss 10:31 0:00 /lib/systemd/systemd-udevd root 395 0.0 1.2 99884 5828 ? Ssl 10:32 0:00 /sbin/dhclient -4 -v -i -pf /run/dhclient.ens5.pid -lf /var/lib/dhcp/dhclient.ens5.leases -I -df /var/lib/dhcp/dhclient6.ens5.leases ens5 root 468 0.0 1.2 99884 5788 ? Ssl 10:32 0:00 /sbin/dhclient -6 -v -pf /run/dhclient6.ens5.pid -lf /var/lib/dhcp/dhclient6.ens5.leases -I -df /var/lib/dhcp/dhclient.ens5.leases -nw ens5 admin 563 0.1 2.5 1304716 12084 ? S<sl 10:32 0:00 /usr/local/gotty --permit-write --reconnect --max-connection 5 bash -l admin 681 0.0 0.9 6740 4548 pts/0 S<s+ 10:33 0:00 \_ bash -l admin 685 0.0 4.1 98188 19344 pts/0 S<l+ 10:33 0:00 \_ /usr/bin/python3 /usr/bin/asciinema rec -t paris/i-0f1eaa7d28ad4d0f3 -q -i 2 /var/log/cast/i-0f1eaa7d28ad4d0f3 admin 688 0.0 3.1 24456 14900 pts/0 S<+ 10:33 0:00 \_ /usr/bin/python3 /usr/bin/asciinema rec -t paris/i-0f1eaa7d28ad4d0f3 -q -i 2 /var/log/cast/i-0f1eaa7d28ad4d0f3 admin 689 0.0 0.1 2480 512 pts/1 S<s 10:33 0:00 \_ sh -c /bin/bash admin 690 0.0 1.0 6952 4752 pts/1 S< 10:33 0:00 \_ /bin/bash admin 840 0.0 0.7 8804 3328 pts/1 R<+ 10:37 0:00 \_ ps auxf admin 564 0.0 2.3 1007204 10820 ? S<sl 10:32 0:00 /home/admin/agent/sadagent root 570 0.0 0.5 5636 2728 ? Ss 10:32 0:00 /usr/sbin/cron -f message+ 572 0.0 0.7 7864 3652 ? Ss 10:32 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 578 0.1 5.9 33040 27868 ? Ss 10:32 0:00 /usr/bin/python3 /home/admin/webserver.py root 579 0.0 0.9 220796 4272 ? Ssl 10:32 0:00 /usr/sbin/rsyslogd -n -iNONE root 584 0.0 1.4 13492 6568 ? Ss 10:32 0:00 /lib/systemd/systemd-logind root 589 0.0 0.3 2872 1632 tty1 Ss+ 10:32 0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux root 590 0.0 0.4 4396 2104 ttyS0 Ss+ 10:32 0:00 /sbin/agetty -o -p -- \u --keep-baud 115200,57600,38400,9600 ttyS0 vt220 root 591 0.0 1.5 13352 7200 ? Ss 10:32 0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups _chrony 593 0.0 0.7 10852 3700 ? S 10:32 0:00 /usr/sbin/chronyd -F 1 _chrony 594 0.0 0.1 10724 556 ? S 10:32 0:00 \_ /usr/sbin/chronyd -F 1 root 602 0.0 3.7 26612 17524 ? Ss 10:32 0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal admin@i-0f1eaa7d28ad4d0f3:~$ vim /home/admin/webserver.py admin@i-0f1eaa7d28ad4d0f3:~$ ls -l total 8 drwxr-xr-x 2 admin root 4096 Sep 24 2023 agent -rwxrwx--- 1 root root 360 Sep 24 2023 webserver.py admin@i-0f1eaa7d28ad4d0f3:~$ chown admin:admin webserver.py chown: changing ownership of 'webserver.py': Operation not permitted admin@i-0f1eaa7d28ad4d0f3:~$ lsattr -i webserver.py lsattr: invalid option -- 'i' Usage: lsattr [-RVadlpv] [files...] admin@i-0f1eaa7d28ad4d0f3:~$ lsattr webserver.py lsattr: Permission denied While reading flags on webserver.py admin@i-0f1eaa7d28ad4d0f3:~$ h
paris/i-0f1eaa7d28ad4d0f3
by SadServersMore by SadServers
admin@i-07594f4388b113ffb:~/agent$ cd .. admin@i-07594f4388b113ffb:~$ ls -la total 44 drwxr-xr-x 6 admin admin 4096 Sep 24 23:20 . drwxr-xr-x 3 root root 4096 Sep 17 16:44 .. drwx------ 3 admin admin 4096 Sep 20 15:52 .ansible -rw------- 1 admin admin 484 Nov 2 18:40 .bash_history -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout -rw-r--r-- 1 admin admin 3526 Aug 4 2021 .bashrc drwxr-xr-x 3 admin admin 4096 Sep 20 15:56 .config -rw-r--r-- 1 admin admin 807 Aug 4 2021 .profile drwx------ 2 admin admin 4096 Sep 17 16:44 .ssh drwxr-xr-x 2 admin root 4096 Sep 24 23:20 agent -rwxrwx--- 1 root root 360 Sep 24 23:20 webserver.py admin@i-07594f4388b113ffb:~$
paris/i-07594f4388b113ffb 02:04
by SadServerscloud environment hosts lighttpd modules-loaadmin@i-07b1f6f3834fd3ea0:/etc$ cd apache2/ admin@i-07b1f6f3834fd3ea0:/etc/apache2$ ls conf-available admin@i-07b1f6f3834fd3ea0:/etc/apache2$ cd conf-available/ admin@i-07b1f6f3834fd3ea0:/etc/apache2/conf-available$ ls javascript-common.conf admin@i-07b1f6f3834fd3ea0:/etc/apache2/conf-available$ cat javascript-common.conAlias /javascript /usr/share/javascript/ <Directory "/usr/share/javascript/"> Options FollowSymLinks MultiViews </Directory> admin@i-07b1f6f3834fd3ea0:/etc/apache2/conf-available$ cd ~ admin@i-07b1f6f3834fd3ea0:~$ cd conf-available/