command-line-murders/i-024136273a2ae3d39

by SadServers 1 year ago

GNU/Linux ◆ xterm-256color ◆ bash 604 views

More by SadServers

                                                                                                                                                                There's been a murder in Terminal City, and TCPD needs your help.                                                                                               To figure out whodunit, you need access to a command line.                                                                                                      Once you're ready, clone this repo, or [download it as a zip file](https://githurchive/master.zip).                                                                                                                                             Open a Terminal, go to the location of the files, and start by reading the file                                                                                 One way you can do this is with the command:                                                                                                                            cat instructions                                                        :

command-line-murders/i-0c7298ed6663449e5 00:42

by SadServers 1 year ago

drwxr-xr-x 2 admin root  4096 Sep 24  2023 agent                                -rwxrwx--- 1 root  root   360 Sep 24  2023 webserver.py                         admin@i-010d84eaab4d0fc03:~$ cp /home/admin/webserver.py /tmp/                  cp: cannot open '/home/admin/webserver.py' for reading: Permission denied       admin@i-010d84eaab4d0fc03:~$                                                    admin@i-010d84eaab4d0fc03:~$ ls -la /home/admin/agent/                          total 11144                                                                     drwxr-xr-x 2 admin root      4096 Sep 24  2023 .                                drwxr-xr-x 6 admin admin     4096 Sep 24  2023 ..                               -rwxr-xr-x 1 admin admin      230 Sep 24  2023 check.sh                         -rwxr-xr-x 1 admin root  11397096 Sep 20  2023 sadagent                         -rw-r--r-- 1 admin admin        0 Sep 20  2023 sadagent.txt                     admin@i-010d84eaab4d0fc03:~$ ls -la /home/admin/agent/sadagent                  -rwxr-xr-x 1 admin root 11397096 Sep 20  2023 /home/admin/agent/sadagent        admin@i-010d84eaab4d0fc03:~$

paris/i-010d84eaab4d0fc03 02:29

by SadServers 6 months ago

            [:delay_enter=DELAY][:delay_exit=DELAY][:when=WHEN],                  --inject=SET[:error=ERRNO|:retval=VALUE][:signal=SIG][:syscall=SYSCALL]                  [:delay_enter=DELAY][:delay_exit=DELAY][:when=WHEN]                                   perform syscall tampering for the syscalls in SET                   delay:      microseconds or NUMBER{s|ms|us|ns}                                  when:       FIRST[..LAST][+[STEP]]                                           -e fault=SET[:error=ERRNO][:when=WHEN], --fault=SET[:error=ERRNO][:when=WHEN]                  synonym for -e inject with default ERRNO set to ENOSYS.                                                                                        Miscellaneous:                                                                    -d, --debug    enable debug output to stderr                                    -h, --help     print help message                                               --seccomp-bpf  enable seccomp-bpf filtering                                     -V, --version  print version                                                  admin@i-054157b3157fdc4cd:~$ strace ./kihei -v

kihei/i-054157b3157fdc4cd 01:21

by SadServers 1 year ago

-rw-r--r--  1 root root  235 Sep 20 15:53 gotty.service                         -rw-r--r--  1 root root  196 Sep 20 15:56 mc.service                            -rw-r--r--  1 root root  136 Sep 20 15:56 mc.timer                              drwxr-xr-x  2 root root 4.0K Sep 24 23:20 multi-user.target.wants               drwxr-xr-x  2 root root 4.0K Sep 28  2021 network-online.target.wants           -rw-r--r--  1 root root  197 Sep 20 15:53 sadagent.service                      drwxr-xr-x  2 root root 4.0K Sep 28  2021 sockets.target.wants                  lrwxrwxrwx  1 root root   31 Sep 28  2021 sshd.service -> /lib/systemd/system/ss-rw-r--r--  1 root root  195 Sep 20 15:56 syncmc.service                        drwxr-xr-x  2 root root 4.0K Sep 28  2021 sysinit.target.wants                  lrwxrwxrwx  1 root root   35 Sep 28  2021 syslog.service -> /lib/systemd/system/drwxr-xr-x  2 root root 4.0K Sep 20 15:56 timers.target.wants                   admin@i-00ee07a1b1a72b1d8:/etc/systemd/system$ systemctl edit --full mc         Failed to create temporary file for "/etc/systemd/system/mc.service": Permissionadmin@i-00ee07a1b1a72b1d8:/etc/systemd/system$ systemctl edit --full mc.serv

paris/i-00ee07a1b1a72b1d8 05:28

by SadServers 1 year ago

See all

You can download this recording in asciicast v2 format, as a .cast file.

Download

Replay in terminal

You can replay this recording in your terminal with asciinema play command:

asciinema play 812.cast

If you don't have asciinema cli installed then see installation instructions.

Use with stand-alone player on your website

Download asciinema player from player's releases page (you only need .js and .css file), then use it like this:

<!DOCTYPE html>
<html>
<head>
  <link rel="stylesheet" type="text/css" href="asciinema-player.css" />
</head>
<body>
  <div id="player"></div>
  <script src="asciinema-player.min.js"></script>
  <script>
    AsciinemaPlayer.create(
      '812.cast',
      document.getElementById('player'),
      { cols: 105, rows: 39 }
    );
  </script>
</body>
</html>

See asciinema player README for full usage instructions.