command-line-murders/i-06f2ea3ecd8954559
by SadServersMore by SadServers
file"] /var/log/cast/i-008b0220d06b61fa7:[297.457658, "o", "\b\b\b\b\b\b\b\b\b\b\b-name/var/log/cast/i-008b0220d06b61fa7:[301.266025, "o", "\b\b\b\b\b\b\b\b\b\b\b\b\b\/var/log -name newdatafile"] /var/log/cast/i-008b0220d06b61fa7:[339.22969, "o", "\b\b\b\b\b\b\b\b\b\b\b\b\b\btafile /var/log"] /var/log/cast/i-008b0220d06b61fa7:[339.527642, "o", "\b\b\b\b\b\b\b\b\b\b\b\b\b\file"] /var/log/cast/i-008b0220d06b61fa7:[340.82254, "o", "\b\b\b\b\b\b\b\b\b\b\b-name /var/log/cast/i-008b0220d06b61fa7:[347.397351, "o", "\b\b\b\b\b\b\b\b\b\b\b\b\b\atafile /var/log"] grep: /var/log/btmp: Permission denied grep: /var/log/private: Permission denied grep: /var/log/chrony: Permission denied admin@i-008b0220d06b61fa7:~$ /home/admin/kihei
kihei/i-008b0220d06b61fa7 06:01
by SadServers-rw-r--r-- 1 admin admin 3526 Aug 4 2021 .bashrc -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout drwxr-xr-x 3 root root 4096 Sep 17 16:44 .. drwx------ 2 admin admin 4096 Sep 17 16:44 .ssh drwx------ 3 admin admin 4096 Sep 20 15:52 .ansible drwxr-xr-x 3 admin admin 4096 Sep 20 15:56 .config drwxr-xr-x 8 admin admin 4096 Sep 30 17:45 .git drwxr-xr-x 2 admin root 4096 Sep 30 17:45 agent -rw-r--r-- 1 admin admin 109 Oct 1 17:06 curler.sh -rw------- 1 admin admin 1294 Oct 1 17:06 .viminfo drwxr-xr-x 7 admin admin 4096 Oct 1 17:06 . -rw------- 1 admin admin 289 Oct 1 17:06 .bash_history admin@i-0ee2f3007d5494cc2:~$ less .bash_history admin@i-0ee2f3007d5494cc2:~$ less .viminfo admin@i-0ee2f3007d5494cc2:~$ less
monaco/i-0ee2f3007d5494cc2 02:34
by SadServersmessage+ 560 0.0 0.7 7864 3680 ? Ss 15:01 0:00 /usr/bin/dbuss=systemd: --nofork --nopidfile --systemd-activation root 562 0.0 0.9 220796 4308 ? Ssl 15:01 0:00 /usr/sbin/rsyroot 569 0.0 1.4 13500 6580 ? Ss 15:01 0:00 /lib/systemd/root 575 0.1 0.3 2872 1684 tty1 Ss+ 15:01 0:00 /sbin/agetty 1 linux root 577 0.0 0.4 4396 2104 ttyS0 Ss+ 15:01 0:00 /sbin/agetty 15200,57600,38400,9600 ttyS0 vt220 root 578 0.0 1.5 13348 7196 ? Ss 15:01 0:00 sshd: /usr/sbf 10-100 startups root 585 0.0 3.6 26612 17240 ? Ss 15:01 0:00 /usr/bin/pyth-upgrades/unattended-upgrade-shutdown --wait-for-sign _chrony 586 0.0 0.7 10856 3616 ? S 15:01 0:00 /usr/sbin/chr_chrony 587 0.0 0.1 10724 552 ? S 15:01 0:00 \_ /usr/sbinadmin@i-0e32b87ce506c1530:~$ ps faxu | grep ki
kihei/i-0e32b87ce506c1530 00:47
by SadServersdrwxr-xr-x 2 admin root 4096 Sep 24 23:20 agent -rwxrwx--- 1 root root 360 Sep 24 23:20 webserver.py admin@i-0607715dd43c3c574:~$ sudo vi webserver.py We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin: sudo: a password is required admin@i-0607715dd43c3c574:~$ curl localhost:5000 Unauthorizedadmin@i-0607715dd43c3c574:~$ curl localhost:5000