command-line-murders/i-067653bae8b9ad6df
by SadServersMore by SadServers
admin@i-05d27a7439a0e6399:~$ ls agent data datafile kihei admin@i-05d27a7439a0e6399:~$ file kihei kihei: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, G7tVbey9uC58oKsR, not stripped admin@i-05d27a7439a0e6399:~$ ps aux | grep "kihei" admin 704 0.6 4.1 98188 19192 pts/0 S<l+ 10:38 0:00 /usr/bin/pythi-05d27a7439a0e6399 admin 707 0.0 3.0 24456 14448 pts/0 S<+ 10:38 0:00 /usr/bin/pythi-05d27a7439a0e6399 admin 715 0.0 0.1 5264 704 pts/1 S<+ 10:38 0:00 grep kihei admin@i-05d27a7439a0e6399:~$
kihei/i-05d27a7439a0e6399 00:26
by SadServers42108d7968f7038 (ED25519) Jan 12 17:27:40 i-0842108d7968f7038 ec2: 3072 SHA256:hj5IRhHgQNWK1wNwOHkxby3pdb0842108d7968f7038 (RSA) Jan 12 17:27:40 i-0842108d7968f7038 ec2: -----END SSH HOST KEY FINGERPRINTS-----Jan 12 17:27:40 i-0842108d7968f7038 ec2: #######################################admin@i-0842108d7968f7038:~$ curl localhost curl: (7) Failed to connect to localhost port 80: Connection refused admin@i-0842108d7968f7038:~$ curl localhost:3000 curl: (7) Failed to connect to localhost port 3000: Connection refused admin@i-0842108d7968f7038:~$ curl localhost:5000 Unauthorizedadmin@i-0842108d7968f7038:~$ lsof -i -P -n | grep LISTEN gotty 558 admin 6u IPv6 10589 0t0 TCP *:8080 (LISTEN) sadagent 559 admin 7u IPv6 11492 0t0 TCP *:6767 (LISTEN) admin@i-0842108d7968f7038:~$ less /etc/services admin@i-0842108d7968f7038:~$ lsof -i:
paris/i-0842108d7968f7038 03:30
by SadServers-L possibly with LWP and NLWP columns -m, m after processes -T possibly with SPID column For more details see ps(1). admin@i-06321e2dae7759c94:~$ sudo lsof -i -P -n | grep LISTEN We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin: