command-line-murders/i-0857e01cf0352a183
by SadServersMore by SadServers
# The program is typically sudo, sudoers.so, sudoreplay or visudo. # # Subsystems vary based on the program; "all" matches all subsystems. # Priority may be crit, err, warn, notice, diag, info, trace or debug. # Multiple subsystem@priority may be specified, separated by a comma. # #Debug sudo /var/log/sudo_debug all@debug #Debug sudoers.so /var/log/sudoers_debug all@debug admin@i-020f08eb573cc1e85:~$ ls agent webserver.py admin@i-020f08eb573cc1e85:~$ cat /etc/sudo sudo.conf sudo_logsrvd.conf sudoers sudoers.d/ admin@i-020f08eb573cc1e85:~$ cat /etc/sudoers cat: /etc/sudoers: Permission denied admin@i-020f08eb573cc1e85:~$
paris/i-020f08eb573cc1e85 06:02
by SadServersnvme2n1 259:5 0 1G 0 disk b /dev /sdcad10b7a8f2a5dc:~$ sudo pvcreate /dev/sd No device found for /dev. No device found for /sdc. Physical volume "/dev/sdb" successfully created. me1n1 /dev/nvme1n28f2a5dc:~$ sudo pvcreate /dev/nv No device found for /dev/nvme1n2. Physical volume "/dev/nvme1n1" successfully created. admin@i-06ead10b7a8f2a5dc:~$ sudo pvcreate /dev/nvme1n1 /dev/nvme2n2 No device found for /dev/nvme2n2. Physical volume "/dev/nvme1n1" successfully created. admin@i-06ead10b7a8f2a5dc:~$ sudo pvcreate /dev/nvme1n1 /dev/nvme2n1 Physical volume "/dev/nvme1n1" successfully created. Physical volume "/dev/nvme2n1" successfully created. admin@i-06ead10b7a8f2a5dc:~$
kihei/i-06ead10b7a8f2a5dc 01:39
by SadServersagent webserver.py admin@i-04dca6e1ae246a837:~$ curl localhost:5000 Unauthorizedadmin@i-04dca6e1ae246a837:~$ history | grep sudo 5 2025-03-28T01:12:44 sudo cat webserver.py 8 2025-03-28T01:14:06 history | grep sudo admin@i-04dca6e1ae246a837:~$ sudo udo grep -r "password" /etc/ We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin:
paris/i-04dca6e1ae246a837 01:41
by SadServersunattended-upgrades alternatives.log.1 btmp cloud-init.log debug.1 journal user.log apt btmp.1 daemon.log debug.2.gz kern.log user.log.1 auth.log cast daemon.log.1 dpkg.log kern.log.11 user.log.2.gz auth.log.1 chrony daemon.log.2.gz dpkg.log.1 kern.log.22.gz wtmp admin@i-06683be665f75c9a6:/var/log$ cd ./cast/ admin@i-06683be665f75c9a6:/var/log/cast$ ls i-06683be665f75c9a6 admin@i-06683be665f75c9a6:/var/log/cast$ ls- la bash: ls-: command not found admin@i-06683be665f75c9a6:/var/log/cast$