command-line-murders/i-0a782c90605771ccf
by SadServersMore by SadServers
Saving to: ‘index.html’ index.html 100%[====================== 2023-12-18 12:29:59 (230 KB/s) - ‘index.html’ saved [12/12] admin@i-0e0c49ce0b601c9b4:~$ cat index.html Unauthorizedadmin@i-0e0c49ce0b601c9b4:~$ ss -tlnp State Recv-Q Send-Q LISTEN 0 128 LISTEN 0 128 LISTEN 0 4096 LISTEN 0 4096 LISTEN 0 128 admin@i-0e0c49ce0b601c9b4:~$ wget
paris/i-0e0c49ce0b601c9b4 03:16
by SadServers/dev/nvme0n1p1 7.7G 6.1G 1.2G 84% / admin@i-0cb4275c09b1a51bf:~$ ls -l total 5245048 drwxr-xr-x 2 admin root 4096 Sep 17 2023 agent drwxr-xr-x 2 admin root 4096 Feb 26 13:33 data -rw-r--r-- 1 root root 5368709120 Sep 17 2023 datafile -rwxr-xr-x 1 admin root 2207109 Sep 17 2023 kihei admin@i-0cb4275c09b1a51bf:~$ du -sh . 5.1G . admin@i-0cb4275c09b1a51bf:~$ strings datafile |less bash: strings: command not found admin@i-0cb4275c09b1a51bf:~$ admin@i-0cb4275c09b1a51bf:~$ cd / admin@i-0cb4275c09b1a51bf:/$ cd admin@i-0cb4275c09b1a51bf:~$
kihei/i-0cb4275c09b1a51bf 03:42
by SadServersadmin@i-0e3126c91f22b8e7e:~$ cd /home/admin/ admin@i-0e3126c91f22b8e7e:~$ ls agent data datafile kihei admin@i-0e3126c91f22b8e7e:~$ ps aux | grep kihei admin 733 0.4 4.1 98188 19420 pts/0 S<l+ 21:13 0:00 /usr/bin/pyth-t kihei/i-0e3126c91f22b8e7e -q -i 2 /var/log/cast/i-0e3126c91f22b8e7e admin 736 0.0 3.0 24456 14364 pts/0 S<+ 21:13 0:00 /usr/bin/pyth-t kihei/i-0e3126c91f22b8e7e -q -i 2 /var/log/cast/i-0e3126c91f22b8e7e admin 747 0.0 0.1 5264 696 pts/1 S<+ 21:14 0:00 grep kihei admin@i-0e3126c91f22b8e7e:~$ chmod -R a-w /var/log/cast/ admin@i-0e3126c91f22b8e7e:~$
kihei/i-0e3126c91f22b8e7e 00:44
by SadServersadmin@i-0be5d169af42c0cb5:~$ admin@i-0be5d169af42c0cb5:~$ admin@i-0be5d169af42c0cb5:~$ admin@i-0be5d169af42c0cb5:~$ localhost:5000 bash: localhost:5000: command not found admin@i-0be5d169af42c0cb5:~$ curl localhost:5000 Unauthorizedadmin@i-0be5d169af42c0cb5:~$ curl localhost:5000? Unauthorizedadmin@i-0be5d169af42c0cb5:~$ curl localhost:5000?/ls Unauthorizedadmin@i-0be5d169af42c0cb5:~$ curl localhost:5000?/'' Unauthorizedadmin@i-0be5d169af42c0cb5:~$ curl localhost:5000?/\\ls Unauthorizedadmin@i-0be5d169af42c0cb5:~$ curl localhost:5000?/