command-line-murders/i-0a480cda63409bece
by SadServersMore by SadServers
root 593 0.0 1.4 13488 6708 ? Ss 11:53 0:00 /lib/systemd/_chrony 597 0.0 0.7 10856 3636 ? S 11:53 0:00 /usr/sbin/chrroot 598 0.0 1.5 13348 7144 ? Ss 11:53 0:00 sshd: /usr/sbroot 599 0.0 0.3 2872 1684 tty1 Ss+ 11:53 0:00 /sbin/agetty root 600 0.0 0.4 4396 2100 ttyS0 Ss+ 11:53 0:00 /sbin/agetty _chrony 601 0.0 0.1 10724 548 ? S 11:53 0:00 /usr/sbin/chrroot 622 0.0 3.7 26612 17332 ? Ss 11:53 0:00 /usr/bin/pythroot 677 0.0 0.0 0 0 ? I 11:53 0:00 [kworker/1:4-admin 789 0.0 0.7 5920 3552 pts/0 S<s+ 11:57 0:00 bash -l admin 791 0.7 4.1 98188 19356 pts/0 R<l+ 11:57 0:00 /usr/bin/pythadmin 794 0.0 3.1 24456 14504 pts/0 S<+ 11:57 0:00 /usr/bin/pythadmin 795 0.0 0.1 2480 508 pts/1 S<s 11:57 0:00 sh -c /bin/baadmin 796 0.0 0.9 6820 4532 pts/1 S< 11:57 0:00 /bin/bash admin 799 0.0 0.6 8648 3180 pts/1 R<+ 11:57 0:00 ps aux admin@i-0f090ab9a046ad6f3:~$ ps aux | gtr
kihei/i-0f090ab9a046ad6f3 00:16
by SadServers> GET / HTTP/1.1 > Host: localhost:5000 > User-Agent: curl/7.74.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: Werkzeug/2.3.7 Python/3.9.2 < Date: Wed, 04 Oct 2023 19:07:43 GMT < Content-Type: text/html; charset=utf-8 < Content-Length: 12 < Connection: close < * Closing connection 0 Unauthorizedadmin@i-09e85561fc3517875:~$ curl -Lv http://localhost:5000
paris/i-09e85561fc3517875 02:44
by SadServersadmin@i-0bf562d53de649339:~/agent$ cd ../ admin@i-0bf562d53de649339:~$ ls -lah total 44K drwxr-xr-x 6 admin admin 4.0K Sep 24 23:20 . drwxr-xr-x 3 root root 4.0K Sep 17 16:44 .. drwx------ 3 admin admin 4.0K Sep 20 15:52 .ansible -rw------- 1 admin admin 186 Jan 18 18:58 .bash_history -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout -rw-r--r-- 1 admin admin 3.5K Aug 4 2021 .bashrc drwxr-xr-x 3 admin admin 4.0K Sep 20 15:56 .config -rw-r--r-- 1 admin admin 807 Aug 4 2021 .profile drwx------ 2 admin admin 4.0K Sep 17 16:44 .ssh drwxr-xr-x 2 admin root 4.0K Sep 24 23:20 agent -rwxrwx--- 1 root root 360 Sep 24 23:20 webserver.py admin@i-0bf562d53de649339:~$ curl -v http://localhos