command-line-murders/i-0c629ae76a30f1d05
by SadServersMore by SadServers
sudo: 3 incorrect password attempts admin@i-0151a73fc156ac6e0:~$ ls -lsa total 44 4 drwxr-xr-x 6 admin admin 4096 Sep 24 23:20 . 4 drwxr-xr-x 3 root root 4096 Sep 17 16:44 .. 4 drwx------ 3 admin admin 4096 Sep 20 15:52 .ansible 4 -rw------- 1 admin admin 231 Oct 9 13:45 .bash_history 4 -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout 4 -rw-r--r-- 1 admin admin 3526 Aug 4 2021 .bashrc 4 drwxr-xr-x 3 admin admin 4096 Sep 20 15:56 .config 4 -rw-r--r-- 1 admin admin 807 Aug 4 2021 .profile 4 drwx------ 2 admin admin 4096 Sep 17 16:44 .ssh 4 drwxr-xr-x 2 admin root 4096 Sep 24 23:20 agent 4 -rwxrwx--- 1 root root 360 Sep 24 23:20 webserver.py admin@i-0151a73fc156ac6e0:~$ cat .basg
paris/i-0151a73fc156ac6e0 01:45
by SadServers-rw------- 1 admin admin 269 Jan 2 11:38 .bash_history -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout -rw-r--r-- 1 admin admin 3526 Aug 4 2021 .bashrc drwxr-xr-x 3 admin admin 4096 Sep 20 2023 .config drwxr-xr-x 3 admin admin 4096 Jan 2 11:37 .local -rw-r--r-- 1 admin admin 807 Aug 4 2021 .profile drwx------ 2 admin admin 4096 Sep 17 2023 .ssh -rw-r--r-- 1 admin admin 1024 Jan 2 11:37 .webserver.py.swp drwxr-xr-x 2 admin root 4096 Sep 24 2023 agent -rwxrwx--- 1 root root 360 Sep 24 2023 webserver.py admin@i-0f995f369ab3b4d0d:~$ ls .config/ asciinema admin@i-0f995f369ab3b4d0d:~$ less .webserver.py.swp ".webserver.py.swp" may be a binary file. See it anyway? admin@i-0f995f369ab3b4d0d:~$ cat .bashr
paris/i-0f995f369ab3b4d0d 01:44
by SadServersWe trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin: Sorry, try again. [sudo] password for admin: Sorry, try again. [sudo] password for admin: sudo: 3 incorrect password attempts admin@i-040ec55e8e002101c:~$ find / -name webserver
paris/i-040ec55e8e002101c 02:48
by SadServerscrontab [ -u user ] [ -i ] { -e | -l | -r } (default operation is replace, per 1003.2) -e (edit user's crontab) -l (list user's crontab) -r (delete user's crontab) -i (prompt before deleting user's crontab) admin@i-0707c9522c663d8b0:/etc$ crontab -e -u admin no crontab for admin - using an empty one Select an editor. To change later, run 'select-editor'. 1. /bin/nano <---- easiest 2. /usr/bin/vim.basic 3. /usr/bin/vim.tiny Choose 1-3 [1]: