Public recordings
Sort by
check.sh sadagent sadagent.txt admin@i-095ed92c0df54793b:~$ cat agent/ check.sh sadagent sadagent.txt admin@i-095ed92c0df54793b:~$ cat agent/sadagent.txt | tr -cd "[:print:]" admin@i-095ed92c0df54793b:~$ admin@i-095ed92c0df54793b:~$ admin@i-095ed92c0df54793b:~$ admin@i-095ed92c0df54793b:~$ apt install strings E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission dE: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are yadmin@i-095ed92c0df54793b:~$ telnet localhost 5000 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.
paris/i-095ed92c0df54793b 01:27
by SadServersls: cannot access '/pid/579': No such file or directory admin@i-02fded2ca795f43ce:~$ ls /proc/579 ls: cannot read symbolic link '/proc/579/cwd': Permission denied ls: cannot read symbolic link '/proc/579/root': Permission denied ls: cannot read symbolic link '/proc/579/exe': Permission denied arch_status cgroup coredump_filter environ gid_map map_files mountattr clear_refs cpu_resctrl_groups exe io maps mountautogroup cmdline cpuset fd limits mem net auxv comm cwd fdinfo loginuid mountinfo ns admin@i-02fded2ca795f43ce:~$ ls /proc/579^C admin@i-02fded2ca795f43ce:~$ ^C admin@i-02fded2ca795f43ce:~$ ^C admin@i-02fded2ca795f43ce:~$ /proc/579/root curl localhost:5000 bash: /proc/579/root: Permission denied admin@i-02fded2ca795f43ce:~$
paris/i-02fded2ca795f43ce 03:41
by SadServerstmpfs 228M 12K 228M 1% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock /dev/nvme0n1p15 124M 5.9M 118M 5% /boot/efi admin@i-0189e4926341da6e5:~$ ls -lrt /home/admin/kihei -rwxr-xr-x 1 admin root 2207109 Sep 17 2023 /home/admin/kihei admin@i-0189e4926341da6e5:~$ /home/admin/kihei panic: exit status 1 goroutine 1 [running]: main.main() ./main.go:64 +0x47d admin@i-0189e4926341da6e5:~$ cd /home/admin admin@i-0189e4926341da6e5:~$ ls agent data datafile kihei admin@i-0189e4926341da6e5:~$ strace
kihei/i-0189e4926341da6e5 01:15
by SadServersroot@i-0347f0aa3131a44e8:/home/admin# mount /dev/vg/lv /home/admin/data root@i-0347f0aa3131a44e8:/home/admin# mount /dev/vg/lv /home/admin/data mount: /home/admin/data: /dev/mapper/vg-lv already mounted on /home/admin/data. root@i-0347f0aa3131a44e8:/home/admin# ~/kihei bash: /root/kihei: No such file or directory root@i-0347f0aa3131a44e8:/home/admin# exit exit admin@i-0347f0aa3131a44e8:~$ ~/kihei panic: remove /home/admin/data/newdatafile: no such file or directory goroutine 1 [running]: main.main() ./main.go:62 +0x465 admin@i-0347f0aa3131a44e8:~$
kihei/i-0347f0aa3131a44e8 00:50
by SadServers2024-10-17 22:21:02.809421 token: 1097540917 2024-10-17 22:21:03.109941 token: 304977580 2024-10-17 22:21:03.410451 token: 41358422 2024-10-17 22:21:03.710949 token: 374178011 2024-10-17 22:21:04.011467 token: 1898843884 2024-10-17 22:21:04.311956 token: 258222149 2024-10-17 22:21:04.612482 token: 335274110 2024-10-17 22:21:04.912984 token: 1316794133 2024-10-17 22:21:05.213381 token: 289474147 2024-10-17 22:21:05.513879 token: 825212008 2024-10-17 22:21:05.814342 token: 1224319754 2024-10-17 22:21:06.114820 token: 48114471 2024-10-17 22:21:06.415375 token: 1717364180 2024-10-17 22:21:06.715891 token: 361435512
/i-07be58042e412c5dc 01:35
by SadServerschmod: changing permissions of './webserver.py': Operation not permitted admin@i-0fe5db61e982e9777:~$ chmod -R 755 . chmod: changing permissions of './webserver.py': Operation not permitted admin@i-0fe5db61e982e9777:~$ grep -ri 'password' | /etc/apache2/* bash: /etc/apache2/conf-available: Is a directory grep: agent/sadagent: binary file matches grep: webserver.py: Permission denied admin@i-0fe5db61e982e9777:~$ grep -ri 'password' | /etc/apache2/conf-available bash: /etc/apache2/conf-available: Is a directory grep: agent/sadagent: binary file matches grep: webserver.py: Permission denied grep: write error: Broken pipe admin@i-0fe5db61e982e9777:~$ admin@i-0fe5db61e982e9777:~$ grep -ri 'password' /etc/apache2/conf-available admin@i-0fe5db61e982e9777:~$
paris/i-0fe5db61e982e9777 04:33
by SadServersls -la #1709925997 cat webserver.py admin@i-042eff4e631813f8b:~$ ls agent webserver.py admin@i-042eff4e631813f8b:~$ ls agent webserver.py admin@i-042eff4e631813f8b:~$ cd ~ admin@i-042eff4e631813f8b:~$ l bash: l: command not found admin@i-042eff4e631813f8b:~$ sls bash: sls: command not found admin@i-042eff4e631813f8b:~$ ls agent webserver.py admin@i-042eff4e631813f8b:~$
paris/i-042eff4e631813f8b 02:08
by SadServersnittaskpath.ErrBadPatterngo.itab.*flag.boolValue,flag.Valuego.itab.*os.File,io.WmError,errorgo.itab.*reflect.rtype,reflect.Typego.itab.*flag.durationValue,flag.64Value,flag.Valuego.itab.*flag.intValue,flag.Valuego.itab.*flag.int64Value,flagngValue,flag.Valuego.itab.*flag.uintValue,flag.Valuego.itab.*flag.uint64Value,fl.Builder,io.Writergo.itab.*errors.errorString,errorgo.itab.*fmt.wrapError,errorggo.itab.*os.File,io.Readergo.itab.syscall.Signal,os.Signalgo.itab.*io/fs.PathErrallError,errorgo.itab.syscall.Errno,errorgo.itab.os.onlyWriter,io.Writergo.itab.nfogo.itab.*io.LimitedReader,io.Readergo.itab.*os.File,io.Closergo.itab.*os/exec*os/exec.Error,errorgo.itab.*bufio.Reader,io.Readergo.itab.os/user.UnknownUserIdrnal/reflectlite.rtype,internal/reflectlite.Typego.itab.time.fileSizeError,errort.SortedMap,sort.Interfacego.itab.runtime.errorString,error_cgo_init_cgo_thread__init_done_cgo_callers_cgo_yield_cgo_mmap_cgo_munmap_cgo_sigactionruntime.mainPCeadlineExceededError,errorgo.itab.internal/poll.errNetClosing,errorruntime.defaudVersion.strruntime.modinfo.strtype.*runtime.textsectionmapadmin@i-0ecfba1c645ee/dev/nu /home/admin/kihei
kihei/i-0ecfba1c645ee2ea8 01:24
by SadServersadmin@i-0dbd5dce9178f03c1:~$ ls data lost+found admin@i-0dbd5dce9178f03c1:~$ touch data/newdatafile touch: cannot touch 'data/newdatafile': Permission denied admin@i-0dbd5dce9178f03c1:~$ sudo touch data/newdatafile admin@i-0dbd5dce9178f03c1:~$ sudo chown admin:admin data/newdatafile admin@i-0dbd5dce9178f03c1:~$ ./kihei panic: remove /home/admin/data/newdatafile: permission denied goroutine 1 [running]: main.main() ./main.go:50 +0x48d admin@i-0dbd5dce9178f03c1:~$ ls -alh /home/admin/data/newdatafile -rw-r--r-- 1 admin admin 0 Mar 8 16:31 /home/admin/data/newdatafile admin@i-0dbd5dce9178f03c1:~$
kihei/i-0dbd5dce9178f03c1 03:59
by SadServersdrwxr-xr-x 2 admin root 4096 Sep 17 17:28 data -rw-r--r-- 1 root root 5368709120 Sep 17 17:28 datafile -rwxr-xr-x 1 admin root 2207109 Sep 17 17:28 kihei admin@i-0847c56ed353b4fb9:~$ sudo -l Matching Defaults entries for admin on i-0847c56ed353b4fb9: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sn User admin may run the following commands on i-0847c56ed353b4fb9: (ALL : ALL) ALL (ALL) NOPASSWD: ALL (ALL) NOPASSWD: ALL (ALL) NOPASSWD: ALL (ALL) NOPASSWD: /sbin/shutdown admin@i-0847c56ed353b4fb9:~$ rm .bash
kihei/i-0847c56ed353b4fb9 00:43
by SadServersxxd: Broken pipe admin@i-032a23e8be421d153:~$ xxd datafile | head ^C admin@i-032a23e8be421d153:~$ gzip datafile ^C admin@i-032a23e8be421d153:~$ ls agent data datafile kihei admin@i-032a23e8be421d153:~$ df -h Filesystem Size Used Avail Use% Mounted on udev 217M 0 217M 0% /dev tmpfs 46M 368K 46M 1% /run /dev/nvme0n1p1 7.7G 6.1G 1.2G 84% / tmpfs 228M 12K 228M 1% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock /dev/nvme0n1p15 124M 5.9M 118M 5% /boot/efi admin@i-032a23e8be421d153:~$