command-line-murders/i-0792ea48d1ec8e4ea
by SadServersMore by SadServers
drwxrwxrwt 2 root root 4096 Mar 3 19:55 .ICE-unix/ drwxrwxrwt 2 root root 4096 Mar 3 19:55 .Test-unix/ drwxrwxrwt 2 root root 4096 Mar 3 19:55 .X11-unix/ drwxrwxrwt 2 root root 4096 Mar 3 19:55 .XIM-unix/ drwxrwxrwt 2 root root 4096 Mar 3 19:55 .font-unix/ drwx------ 3 root root 4096 Mar 3 19:56 systemd-private-ae51ce1ae4234c22ab3262drwx------ 3 root root 4096 Mar 3 19:56 systemd-private-ae51ce1ae4234c22ab3262admin@i-09003b20608883cd1:/tmp$ ls -lap iCE ls: cannot access 'iCE': No such file or directory admin@i-09003b20608883cd1:/tmp$ ls -lap ICE^C admin@i-09003b20608883cd1:/tmp$ ls -lap .ICE-unix/ total 8 drwxrwxrwt 2 root root 4096 Mar 3 19:55 ./ drwxrwxrwt 9 root root 4096 Mar 3 19:56 ../ admin@i-09003b20608883cd1:/tmp$ df
kihei/i-09003b20608883cd1 03:45
by SadServersnobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin _apt:x:100:65534::/nonexistent:/usr/sbin/nologin messagebus:x:101:101::/nonexistent:/usr/sbin/nologin uuidd:x:102:102::/run/uuidd:/usr/sbin/nologin tcpdump:x:103:103::/nonexistent:/usr/sbin/nologin _chrony:x:104:104:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin systemd-network:x:105:106:systemd Network Management,,,:/run/systemd:/usr/sbin/nsystemd-resolve:x:106:107:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin sshd:x:107:65534::/run/sshd:/usr/sbin/nologin systemd-timesync:x:999:999:systemd Time Synchronization:/:/usr/sbin/nologin systemd-coredump:x:998:998:systemd Core Dumper:/:/usr/sbin/nologin admin:x:1000:1000:Debian:/home/admin:/bin/bash admin@i-0f0c9e55a5c0d9a6f:~$ ls agent webserver.py admin@i-0f0c9e55a5c0d9a6f:~$ tcpdump
paris/i-0f0c9e55a5c0d9a6f 05:06
by SadServersadmin@i-00b82d36c94eedc8e:~$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT nvme0n1 259:0 0 8G 0 disk ├─nvme0n1p1 259:1 0 7.9G 0 part / ├─nvme0n1p14 259:2 0 3M 0 part └─nvme0n1p15 259:3 0 124M 0 part /boot/efi nvme1n1 259:4 0 1G 0 disk nvme2n1 259:5 0 1G 0 disk admin@i-00b82d36c94eedc8e:~$ df -h . Filesystem Size Used Avail Use% Mounted on /dev/nvme0n1p1 7.7G 6.1G 1.2G 84% / admin@i-00b82d36c94eedc8e:~$ vgs WARNING: Running as a non-root user. Functionality may be unavailable. /run/lock/lvm/P_global:aux: open failed: Permission denied admin@i-00b82d36c94eedc8e:~$
kihei/i-00b82d36c94eedc8e 02:54
by SadServersusage: knock [options] <host> <port[:proto]> [port[:proto]] ... options: -u, --udp make all ports hits use UDP (default is TCP) -d, --delay <t> wait <t> milliseconds between port hits -v, --verbose be verbose -V, --version display version -h, --help this help example: knock myserver.example.com 123:tcp 456:udp 789:tcp admin@i-061b09841336bd6c6:~$ knock localhost 5000 admin@i-061b09841336bd6c6:~$ curl localhost curl: (7) Failed to connect to localhost port 80: Connection refused admin@i-061b09841336bd6c6:~$ nano enum.sh admin@i-061b09841336bd6c6:~$ chmod +x enum.sh nd