command-line-murders/i-098174ee7e11a20ae
by SadServersMore by SadServers
-rw------- 1 admin admin 269 Jan 2 11:38 .bash_history -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout -rw-r--r-- 1 admin admin 3526 Aug 4 2021 .bashrc drwxr-xr-x 3 admin admin 4096 Sep 20 2023 .config drwxr-xr-x 3 admin admin 4096 Jan 2 11:37 .local -rw-r--r-- 1 admin admin 807 Aug 4 2021 .profile drwx------ 2 admin admin 4096 Sep 17 2023 .ssh -rw-r--r-- 1 admin admin 1024 Jan 2 11:37 .webserver.py.swp drwxr-xr-x 2 admin root 4096 Sep 24 2023 agent -rwxrwx--- 1 root root 360 Sep 24 2023 webserver.py admin@i-0f995f369ab3b4d0d:~$ ls .config/ asciinema admin@i-0f995f369ab3b4d0d:~$ less .webserver.py.swp ".webserver.py.swp" may be a binary file. See it anyway? admin@i-0f995f369ab3b4d0d:~$ cat .bashr
paris/i-0f995f369ab3b4d0d 01:44
by SadServers12 2025-02-06T12:08:17 curl localhost:5000 13 2025-02-06T12:08:20 ls 14 2025-02-06T12:08:23 cat webserver.py 15 2025-02-06T12:08:31 ls -la 16 2025-02-06T12:08:49 history admin@i-06266520ce0c16bec:~$ sudo su We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin:
paris/i-06266520ce0c16bec 03:31
by SadServersadmin 692 0.3 4.1 98188 19300 pts/0 S<l+ 01:27 0:00 /usr/bin/python3 /usr/bin/asciinemaadmin 695 0.0 3.0 24456 14424 pts/0 R<+ 01:27 0:00 /usr/bin/python3 /usr/bin/asciinemaadmin 696 0.0 0.1 2480 580 pts/1 S<s 01:27 0:00 sh -c /bin/bash admin 697 0.0 0.9 6820 4564 pts/1 S< 01:27 0:00 /bin/bash admin 704 0.0 0.6 8648 3224 pts/1 R<+ 01:28 0:00 ps aux admin@i-007c10c3a2a32db9b:~$ ls agent webserver.py admin@i-007c10c3a2a32db9b:~$ cat webserver.py cat: webserver.py: Permission denied admin@i-007c10c3a2a32db9b:~$ sudo cat