command-line-murders/i-0efa5c33fae225109

by SadServers 2 years ago

GNU/Linux ◆ xterm-256color ◆ bash 973 views

More by SadServers

root         587  0.0  1.4  13352  6828 ?        Ss   21:55   0:00 sshd: /usr/sbroot         588  0.0  0.3   2872  1664 tty1     Ss+  21:55   0:00 /sbin/agetty root         589  0.0  0.4   4396  2144 ttyS0    Ss+  21:55   0:00 /sbin/agetty _chrony      591  0.0  0.7  10852  3664 ?        S    21:55   0:00 /usr/sbin/chr_chrony      592  0.0  0.1  10724   548 ?        S    21:55   0:00 /usr/sbin/chrroot         610  0.0  3.7  26612 17404 ?        Ss   21:55   0:00 /usr/bin/pythroot         683  0.0  0.0      0     0 ?        I    21:55   0:00 [kworker/1:3-admin        714  0.0  0.9   6740  4368 pts/0    S<s+ 21:56   0:00 bash -l      admin        718  0.2  4.1  98320 19392 pts/0    R<l+ 21:56   0:00 /usr/bin/pythadmin        721  0.0  3.1  24456 14836 pts/0    R<+  21:56   0:00 /usr/bin/pythadmin        722  0.0  0.1   2480   508 pts/1    S<s  21:56   0:00 sh -c /bin/baadmin        723  0.0  0.9   6820  4500 pts/1    S<   21:56   0:00 /bin/bash    admin        819  0.0  0.6   8648  3260 pts/1    R<+  21:59   0:00 ps aux       admin@i-0cdefb94500ecc5ae:~$ vim log                                            admin@i-0cdefb94500ecc5ae:~$ netsstat

paris/i-0cdefb94500ecc5ae 05:03

by SadServers 11 months ago

admin        801  0.0  4.1  98188 19424 pts/0    S<l+ 10:11   0:00 /usr/bin/pythec -t kihei/i-025570eb46de4c5ab -q -i 2 /var/log/cast/i-025570eb46de4c5ab       admin        804  0.0  3.0  24456 14368 pts/0    S<+  10:11   0:00 /usr/bin/pythec -t kihei/i-025570eb46de4c5ab -q -i 2 /var/log/cast/i-025570eb46de4c5ab       admin        953  0.0  0.1   5264   640 pts/1    S<+  10:16   0:00 grep kihei   admin@i-025570eb46de4c5ab:~$ kill 801                                           admin@i-025570eb46de4c5ab:~$ ps aux | grep kihei                                admin        987  2.0  4.1  98188 19436 pts/0    S<l+ 10:16   0:00 /usr/bin/pythec -t kihei/i-025570eb46de4c5ab --append -q -i 2 /var/log/cast/i-025570eb46de4c5admin        990  0.0  3.1  24456 14872 pts/0    S<+  10:16   0:00 /usr/bin/pythec -t kihei/i-025570eb46de4c5ab --append -q -i 2 /var/log/cast/i-025570eb46de4c5admin        996  0.0  0.1   5264   640 pts/1    S<+  10:16   0:00 grep kihei   admin@i-025570eb46de4c5ab:~$ ls -al /var/log/cast/i-025570eb46de4c5ab           -rw-r--r-- 1 admin admin 19241 Nov  5 10:17 /var/log/cast/i-025570eb46de4c5ab   admin@i-025570eb46de4c5ab:~$ l /var/log/cast/i-025570eb46de4c5ab

kihei/i-025570eb46de4c5ab 05:17

by SadServers 11 months ago

-r--r--r--   1 root root 0 Nov 28 20:01 timers                                  -rw-rw-rw-   1 root root 0 Nov 28 20:01 timerslack_ns                           -rw-r--r--   1 root root 0 Nov 28 20:01 uid_map                                 -r--r--r--   1 root root 0 Nov 28 20:01 wchan                                   admin@i-03c3097309a075b56:/proc/576$ cd map_files/                              bash: cd: map_files/: Permission denied                                         admin@i-03c3097309a075b56:/proc/576$ ls -l^C                                    admin@i-03c3097309a075b56:/proc/576$ less smaps                                 smaps: Permission denied                                                        admin@i-03c3097309a075b56:/proc/576$ cat smaps                                  cat: smaps: Permission denied                                                   admin@i-03c3097309a075b56:/proc/576$ stra^C                                     admin@i-03c3097309a075b56:/proc/576$ strace -p 576                              strace: attach: ptrace(PTRACE_SEIZE, 576): Operation not permitted              admin@i-03c3097309a075b56:/proc/576$

paris/i-03c3097309a075b56 01:47

by SadServers 10 months ago

unix  3      [ ]         STREAM     CONNECTED     11510                         unix  3      [ ]         STREAM     CONNECTED     10674    /run/systemd/journal/unix  2      [ ]         DGRAM                    11561                         admin@i-0b765541c55edca19:~$ netstat tulnp | grep LISTEN                        admin@i-0b765541c55edca19:~$ netstat tulpn | grep LISTEN                        admin@i-0b765541c55edca19:~$ netstat -tulpn | grep LISTEN                       (Not all processes could be identified, non-owned process info                   will not be shown, you would have to be root to see it all.)                   tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      tcp6       0      0 :::22                   :::*                    LISTEN      tcp6       0      0 :::6767                 :::*                    LISTEN      tcp6       0      0 :::8080                 :::*                    LISTEN      admin@i-0b765541c55edca19:~$ curl 127.0.0.1:5000                                Unauthorizedadmin@i-0b765541c55edca19:~$ curl 127.0.0.1:5000

paris/i-0b765541c55edca19 01:57

by SadServers 8 months ago

See all

You can download this recording in asciicast v2 format, as a .cast file.

Download

Replay in terminal

You can replay this recording in your terminal with asciinema play command:

asciinema play 311.cast

If you don't have asciinema cli installed then see installation instructions.

Use with stand-alone player on your website

Download asciinema player from player's releases page (you only need .js and .css file), then use it like this:

<!DOCTYPE html>
<html>
<head>
  <link rel="stylesheet" type="text/css" href="asciinema-player.css" />
</head>
<body>
  <div id="player"></div>
  <script src="asciinema-player.min.js"></script>
  <script>
    AsciinemaPlayer.create(
      '311.cast',
      document.getElementById('player'),
      { cols: 105, rows: 39 }
    );
  </script>
</body>
</html>

See asciinema player README for full usage instructions.