admin        719  0.0  3.0  24456 14356 pts/0    S<+  20:51   0:00          \_ /usr/bin/python3 /usr/bin/asciinema rec -t paris/i-0bae289e83951581b -q -i 2 /var/log/cast/i-0bae289e83951581b                                         admin        720  0.0  0.1   2480   512 pts/1    S<s  20:51   0:00          \_ sh -c /bin/bash                     admin        721  0.0  0.9   6820  4548 pts/1    S<   20:51   0:00              \_ /bin/bash                       admin        768  0.0  0.7   8804  3328 pts/1    R<+  20:53   0:00                  \_ ps auxf                     admin        564  0.0  2.2 1080680 10348 ?       S<sl 20:50   0:00 /home/admin/agent/sadagent                      root         577  0.0  0.5   5636  2656 ?        Ss   20:50   0:00 /usr/sbin/cron -f                               message+     578  0.0  0.7   7864  3684 ?        Ss   20:50   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only                                                           root         580  0.2  6.0 107132 28260 ?        Ss   20:50   0:00 /usr/bin/python3 /home/admin/webserver.py       root         581  0.0  0.9 220796  4240 ?        Ssl  20:50   0:00 /usr/sbin/rsyslogd -n -iNONE                    root         584  0.0  1.4  13492  6836 ?        Ss   20:50   0:00 /lib/systemd/systemd-logind                     _chrony      586  0.0  0.7  10852  3616 ?        S    20:50   0:00 /usr/sbin/chronyd -F 1                          _chrony      590  0.0  0.1  10724   548 ?        S    20:50   0:00  \_ /usr/sbin/chronyd -F 1                      root         592  0.0  0.3   2872  1716 tty1     Ss+  20:50   0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux   root         597  0.0  0.4   4396  2036 ttyS0    Ss+  20:50   0:00 /sbin/agetty -o -p -- \u --keep-baud 115200,57600,38400,9600 ttyS0 vt220                                                                                           root         599  0.0  1.5  13352  7020 ?        Ss   20:50   0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups                                                                                                            root         606  0.0  3.7  26612 17408 ?        Ss   20:50   0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal                                                                      admin@i-0bae289e83951581b:~$ cat webserver.py                                                                      cat: webserver.py: Permission denied                                                                               admin@i-0bae289e83951581b:~$ su                                                                                    Password:                                                                                                          su: Authentication failure                                                                                         admin@i-0bae289e83951581b:~$ su  -                                                                                 Password:                                                                                                          su: Authentication failure                                                                                         admin@i-0bae289e83951581b:~$                                                                                       admin@i-0bae289e83951581b:~$ curl -v l
--:----:--

paris/i-0bae289e83951581b

by SadServers
Share Download
GNU/Linux ◆ xterm-256color ◆ bash 411 views

More by SadServers 

admin@i-051100b07140b7832:~/clmystery$ cat hint                                 hint1  hint2  hint3  hint4  hint5  hint6  hint7  hint8                          admin@i-051100b07140b7832:~/clmystery$ cat hint                                 hint1  hint2  hint3  hint4  hint5  hint6  hint7  hint8                          admin@i-051100b07140b7832:~/clmystery$ cat hint6                                To find a matching license plate, or a matching car, you can use grep on the 've                                                                                        grep "Honda" vehicles                                                                                                                                           grep "Blue" vehicles                                                                                                                                            grep "L337" vehicles                                                                                                                                    This doesn't give us anything useful - why not? Try using 'head' on the file to admin@i-051100b07140b7832:~/clmystery$ grep L337 mystery/

command-line-murders/i-051100b07140b7832 14:45

by SadServers 
drwxr-xr-x 2 admin root  4096 Sep 24 23:20 agent                                -rwxrwx--- 1 root  root   360 Sep 24 23:20 webserver.py                         admin@i-08d654c3783758f46:~$ vim webserver.py                                   admin@i-08d654c3783758f46:~$ sudo vim webserver.py                                                                                                              We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                    admin@i-08d654c3783758f46:~$

paris/i-08d654c3783758f46 01:07

by SadServers 
admin@i-087a5b03b064b40a0:~/clmystery/mystery/memberships$ ls                   AAA         Delta_SkyMiles          REI                      Terminal_City_LibraAAdvantage  Fitness_Galaxy          Rotary_Club              United_MileagePlus Costco      Museum_of_Bash_History  TCSU_Alumni_Association                     admin@i-087a5b03b064b40a0:~/clmystery/mystery/memberships$ cat ../crimescene|greCLUE: Footage from an ATM security camera is blurry but shows that the perpetratast 6'.                                                                         CLUE: Found a wallet believed to belong to the killer: no ID, just loose change,r Rotary_Club, Delta SkyMiles, the local library, and the Museum of Bash Historyuntraceable and have no name, for some reason.                                  CLUE: Questioned the barista at the local coffee shop. He said a woman left righshots. The name on her latte was Annabel, she had blond spiky hair and a New Zeaadmin@i-087a5b03b064b40a0:~/clmystery/mystery/memberships$ mkdir a              admin@i-087a5b03b064b40a0:~/clmystery/mystery/memberships$ cp Rotary_Club a     admin@i-087a5b03b064b40a0:~/clmystery/mystery/memberships$ cp

command-line-murders/i-087a5b03b064b40a0 08:14

by SadServers 
admin@i-098403fc39803a851:~$ curl localhost:5000                     Unauthorizedadmin@i-098403fc39803a851:~$ nc localhost 5000                                                                                GET /                                                                admin@i-098403fc39803a851:~$                                         admin@i-098403fc39803a851:~$ nc -v localhost 5000                    Connection to localhost (127.0.0.1) 5000 port [tcp/*] succeeded!     GET /                                                                                                                                     Welcome! Password is FDZPmh5AX3oiJt                                  admin@i-098403fc39803a851:~$ curl -u FDZPmh5AX3oiJt localhost:5000   Enter host password for user 'FDZPmh5AX3oiJt':

paris/i-098403fc39803a851 01:49

by SadServers

See all