SadServers Joined on September 10, 2023

~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               -- INSERT --                                                                    

linux-gnu/libpthread-2.31.so                                                    lsof      769                    admin  mem       REG              259,1    1868linux-gnu/libdl-2.31.so                                                         lsof      769                    admin  mem       REG              259,1   61712linux-gnu/libpcre2-8.so.0.10.1                                                  lsof      769                    admin  mem       REG              259,1  190153linux-gnu/libc-2.31.so                                                          lsof      769                    admin  mem       REG              259,1   16612linux-gnu/libselinux.so.1                                                       lsof      769                    admin  mem       REG              259,1   17792linux-gnu/ld-2.31.so                                                            lsof      769                    admin    4r     FIFO               0,11      0tlsof      769                    admin    7w     FIFO               0,11      0tadmin@i-059fb7e158508f014:~$ lsof |grep webserver                               admin@i-059fb7e158508f014:~$ lsof |grep .pyu                                    

    581 ?        Ss     0:00 /usr/bin/python3 /home/admin/webserver.py              582 ?        Ssl    0:00 /usr/sbin/rsyslogd -n -iNONE                           585 ?        Ss     0:00 /lib/systemd/systemd-logind                            590 tty1     Ss+    0:00 /sbin/agetty -o -p -- \u --noclear tty1 linux          591 ttyS0    Ss+    0:00 /sbin/agetty -o -p -- \u --keep-baud 115200,57600,3    592 ?        Ss     0:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 star    594 ?        S      0:00 /usr/sbin/chronyd -F 1                                 602 ?        S      0:00  \_ /usr/sbin/chronyd -F 1                             601 ?        Ss     0:00 /usr/bin/python3 /usr/share/unattended-upgrades/una--wait-for-signal                                                               admin@i-00f8248b2e8900994:~$ ps -fax|grep http                                      900 pts/1    S<+    0:00                  \_ grep http                      admin@i-00f8248b2e8900994:~$ ps -fax|grep 5000                                      902 pts/1    S<+    0:00                  \_ grep 5000                      admin@i-00f8248b2e8900994:~$ n                                                  

root         579       1  0 10:14 ttyS0    00:00:00 /sbin/agetty -o -p -- \u --k_chrony      589       1  0 10:14 ?        00:00:00 /usr/sbin/chronyd -F 1      root         590       1  0 10:14 ?        00:00:00 sshd: /usr/sbin/sshd -D [lis_chrony      591     589  0 10:14 ?        00:00:00 /usr/sbin/chronyd -F 1      root         598       1  0 10:14 ?        00:00:00 /usr/bin/python3 /usr/share/root         678       2  0 10:14 ?        00:00:00 [kworker/0:3-events]        root         679       2  0 10:14 ?        00:00:00 [kworker/0:4-mm_percpu_wq]  admin        796     561  0 10:18 pts/0    00:00:00 bash -l                     admin        800     796  0 10:18 pts/0    00:00:00 /usr/bin/python3 /usr/bin/asadmin        803     800  0 10:18 pts/0    00:00:00 /usr/bin/python3 /usr/bin/asadmin        804     800  0 10:18 pts/1    00:00:00 sh -c /bin/bash             admin        805     804  0 10:18 pts/1    00:00:00 /bin/bash                   root         843       2  0 10:19 ?        00:00:00 [kworker/u4:2-events_unboundadmin        846     805  0 10:19 pts/1    00:00:00 ps -ef                      admin@i-01ba3fb0890c35be2:~$                                                    

root@i-0c2a4233b77648504:~# ls                                                  mc.sh                                                                           root@i-0c2a4233b77648504:~# cd /home/admin                                      root@i-0c2a4233b77648504:/home/admin# ls                                        agent  data  datafile  kihei                                                    root@i-0c2a4233b77648504:/home/admin# vi kihei                                  root@i-0c2a4233b77648504:/home/admin# ./kihei -h                                Usage: ./kihei [options]                                                          -h    Display help                                                              -help                                                                                 Display help                                                              -v    Verbose mode (print extra info)                                           -verbose                                                                              Verbose mode (print extra info)                                         root@i-0c2a4233b77648504:/home/admin# ./kihei -                                 

tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)      cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegapstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)          none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)         systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeo=5,direct,pipe_ino=10306)                                                      hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)            mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)             debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)     tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)   fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatimconfigfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)  /dev/nvme0n1p15 on /boot/efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepahortname=mixed,utf8,errors=remount-ro)                                          admin@i-07e1cebffd652dba0:~$ free -                                             

5.1G    .                                                                       admin@i-04ba647eafae86351:~$ ls                                                 agent  data  datafile  kihei                                                    admin@i-04ba647eafae86351:~$ cd ..                                              admin@i-04ba647eafae86351:/home$ du -h .                                        11M     ./admin/agent                                                           4.0K    ./admin/.ansible/tmp                                                    8.0K    ./admin/.ansible                                                        4.0K    ./admin/data                                                            8.0K    ./admin/.config/asciinema                                               12K     ./admin/.config                                                         8.0K    ./admin/.ssh                                                            5.1G    ./admin                                                                 5.1G    .                                                                       admin@i-04ba647eafae86351:/home$ cd                                             

      unattended-upgrades                                                       alternatives.log.1  btmp           cloud-init.log         debug.1     journal         user.log                                                                  apt                 btmp.1         daemon.log             debug.2.gz  kern.log        user.log.1                                                                auth.log            cast           daemon.log.1           dpkg.log    kern.log.11     user.log.2.gz                                                             auth.log.1          chrony         daemon.log.2.gz        dpkg.log.1  kern.log.22.gz  wtmp                                                                      admin@i-06683be665f75c9a6:/var/log$ cd ./cast/                                  admin@i-06683be665f75c9a6:/var/log/cast$ ls                                     i-06683be665f75c9a6                                                             admin@i-06683be665f75c9a6:/var/log/cast$ ls- la                                 bash: ls-: command not found                                                    admin@i-06683be665f75c9a6:/var/log/cast$                                        

lsof: unknown protocol name (5000) in: -i 5000                                  lsof 4.93.2                                                                      latest revision: https://github.com/lsof-org/lsof                               latest FAQ: https://github.com/lsof-org/lsof/blob/master/00FAQ                  latest (non-formatted) man page: https://github.com/lsof-org/lsof/blob/master/L usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-E] [+|-e s] [+|-f[gG]] [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]           [+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]   Use the ``-h'' option to get more help information.                             admin@i-0dd9ca4bd7a358734:~$ ^Cof -i 5000                                       admin@i-0dd9ca4bd7a358734:~$ ps aux | grep upnp                                 admin        828  0.0  0.1   5264   632 pts/1    S<+  00:54   0:00 grep upnp    admin@i-0dd9ca4bd7a358734:~$ systemctl | grep upnp                              admin@i-0dd9ca4bd7a358734:~$ journalctl | grep upnp                             admin@i-0dd9ca4bd7a358734:~$ lsof -i TLS                                        

admin@i-0778f3b27cbbe6784:~$ cd                                                 .ansible/ .config/  .ssh/     agent/                                            admin@i-0778f3b27cbbe6784:~$ ls                                                 agent  webserver.py                                                             admin@i-0778f3b27cbbe6784:~$ cd ..                                              admin@i-0778f3b27cbbe6784:/home$ cd                                             admin@i-0778f3b27cbbe6784:~$ ks                                                 bash: ks: command not found                                                     admin@i-0778f3b27cbbe6784:~$ ls                                                 agent  webserver.py                                                             admin@i-0778f3b27cbbe6784:~$ car                                                

admin@i-0c17fc97359aff9e0:~$ curl localhost:5000                                Unauthorizedadmin@i-0c17fc97359aff9e0:~$ wget localhost:5000                    --2024-02-14 03:27:44--  http://localhost:5000/                                 Resolving localhost (localhost)... 127.0.0.1                                    Connecting to localhost (localhost)|127.0.0.1|:5000... connected.               HTTP request sent, awaiting response... 200 OK                                  Length: 12 [text/html]                                                          Saving to: ‘index.html’                                                                                                                                         index.html                 100%[=====================================>]      12                                                                                 2024-02-14 03:27:44 (210 KB/s) - ‘index.html’ saved [12/12]                                                                                                     admin@i-0c17fc97359aff9e0:~$ curl --user-agent "                                

drwxr-xr-x 6 admin admin     4096 Feb 14 01:24 ..                               -rwxr-xr-x 1 admin admin      230 Sep 24 23:20 check.sh                         -rwxr-xr-x 1 admin root  11397096 Sep 20 15:53 sadagent                         -rw-r--r-- 1 admin admin        0 Sep 20 15:53 sadagent.txt                     admin@i-0613915f249b84d87:~/agent$ cat check.sh                                 #!/bin/bash                                                                                                                                                     expected_checksum="d8bee9d7f830d5fb59b89e1e120cce8e"                            actual_checksum=$(md5sum /home/admin/mysolution | awk '{print $1}')                                                                                             if [[ "$actual_checksum" == "$expected_checksum" ]]; then                         echo -n "OK"                                                                  else                                                                              echo -n "NO"                                                                  fiadmin@i-0613915f249b84d87:~/agent$ ./                                         

        <p>Error code: 400</p>                                                          <p>Message: Bad request syntax ('GET').</p>                                     <p>Error code explanation: HTTPStatus.BAD_REQUEST - Bad request syntax o    </body>                                                                     </html>                                                                         Connection closed by foreign host.                                              admin@i-06a33af7aaa6ba9f1:~$                                                    admin@i-06a33af7aaa6ba9f1:~$ telnet localhost 5000                              Trying 127.0.0.1...                                                             Connected to localhost.                                                         Escape character is '^]'.                                                       ^Cexit                                                                          Connection closed by foreign host.                                              admin@i-06a33af7aaa6ba9f1:~$                                                    admin@i-06a33af7aaa6ba9f1:~$                                                    

admin@i-020dd541aa3bd3dfe:~$                                                    admin@i-020dd541aa3bd3dfe:~$                                                    admin@i-020dd541aa3bd3dfe:~$ /home/admin/kihei                                  panic: exit status 1                                                                                                                                            goroutine 1 [running]:                                                          main.main()                                                                             ./main.go:64 +0x47d                                                     admin@i-020dd541aa3bd3dfe:~$ ls -al /home/admin/datafile                        -rw-r--r-- 1 root root 5368709120 Sep 17 17:28 /home/admin/datafile             admin@i-020dd541aa3bd3dfe:~$                                                    admin@i-020dd541aa3bd3dfe:~$