SadServers Joined on September 10, 2023

user@.service (5)    - System units to start the user manager                   user_caps (5)        - user-defined terminfo capabilities                       user_namespaces (7)  - overview of Linux user namespaces                        useradd (8)          - create a new user or update default new user information userdel (8)          - delete a user account and related files                  userfaultfd (2)      - create a file descriptor for handling page faults in userusermod (8)          - modify a user account                                    users (1)            - print the user names of users currently logged in to the vmsplice (2)         - splice user pages to/from a pipe                         wall (1)             - write a message to all users                             whoami (1)           - print effective userid                                   write (1)            - send a message to another user                           write-mime-multipart (1) - utilty for creating mime-multipart files, likely for write.ul (1)         - send a message to another user                           admin@i-0b1e3b196bdf95a1f:~$                                                    

 misc        Options that don't fit into any other category                      output      Filesystem output                                                   pop3        POP3 protocol options                                               post        HTTP Post specific options                                          proxy       All options related to proxies                                      scp         SCP protocol options                                                sftp        SFTP protocol options                                               smtp        SMTP protocol options                                               ssh         SSH protocol options                                                telnet      TELNET protocol options                                             tftp        TFTP protocol options                                               tls         All TLS/SSL related options                                         upload      All options for uploads                                             verbose     Options related to any kind of command line output of curl         admin@i-0f481c1d0236fdaeb:~$                                                    

                                                                                We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      Sorry, try again.                                                               [sudo] password for admin:                                                      Sorry, try again.                                                               [sudo] password for admin:                                                      sudo: 2 incorrect password attempts                                             admin@i-0e73febb68bb05c6c:~$ ls                                                 

./.ansible/tmp                                                                  ./webserver.py                                                                  ./.config                                                                       ./.config/asciinema                                                             ./.config/asciinema/install-id                                                  ./.profile                                                                      ./.ssh                                                                          ./.ssh/authorized_keys                                                          ./.bash_logout                                                                  ./.bashrc                                                                       ./.bash_history                                                                 admin@i-0ef18dd77d0e9e972:~$ findl^C                                            admin@i-0ef18dd77d0e9e972:~$ ls                                                 agent  webserver.py                                                             admin@i-0ef18dd77d0e9e972:~$ caat                                               

                                                            udp        0      0 0.0.0.0:68              0.0.0.0:*                           0          10132      -                                                                             udp6       0      0 fe80::897:94ff:fecf:546 :::*                                0          10400      -                                                                             udp6       0      0 ::1:323                 :::*                                0          11514      -                                                                             admin@i-05084dbfa031c910e:~$ ss -lptn 'sport = :80'         State        Recv-Q         Send-Q                 Local Address:Port                 Peer Address:Port        Process                                                              admin@i-05084dbfa031c910e:~$                                

sudo:x:27:admin                                                                 admin@i-07aabdeac228c0ec5:~$ su                                                 Password:                                                                       admin@i-07aabdeac228c0ec5:~$ su -                                               Password:                                                                       admin@i-07aabdeac228c0ec5:~$ sudo ls                                                                                                                            We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      

  0 LVM physical volume whole disks                                               0 LVM physical volumes                                                        admin@i-02cd5fb1b51af0596:~$ sudo pvcreate /dev/sdb                               Physical volume "/dev/sdb" successfully created.                              admin@i-02cd5fb1b51af0596:~$ sudo pvcreate /dev/sdc                               Physical volume "/dev/sdc" successfully created.                              admin@i-02cd5fb1b51af0596:~$ sudo vgcreate vg                                     No command with matching syntax recognised.  Run 'vgcreate --help' for more in  Correct command syntax is:                                                      vgcreate VG_new PV ...                                                                                                                                        admin@i-02cd5fb1b51af0596:~$ sudo vgextend vg /dev/sdb                            Volume group "vg" not found                                                     Cannot process volume group vg                                                admin@i-02cd5fb1b51af0596:~$ sudo vgcreate vg /d                                

root         582  0.5  0.3   2872  1680 tty1     Ss+  08:20   0:00 /sbin/agetty 1 linux                                                                         root         583  0.0  0.4   4396  2100 ttyS0    Ss+  08:20   0:00 /sbin/agetty 15200,57600,38400,9600 ttyS0 vt220                                              root         584  0.0  1.5  13352  7036 ?        Ss   08:20   0:00 sshd: /usr/sbf 10-100 startups                                                               _chrony      586  0.0  0.7  10852  3680 ?        S    08:20   0:00 /usr/sbin/chr_chrony      587  0.0  0.1  10724   552 ?        S    08:20   0:00  \_ /usr/sbinroot         590  0.3  3.7  26612 17376 ?        Ss   08:20   0:00 /usr/bin/pyth-upgrades/unattended-upgrade-shutdown --wait-for-signal                         admin@i-05c71fbccf670d19a:~$ ls -l                                              total 8                                                                         drwxr-xr-x 2 admin root 4096 Sep 24 23:20 agent                                 -rwxrwx--- 1 root  root  360 Sep 24 23:20 webserver.py                          admin@i-05c71fbccf670d19a:~$ python3                                            

> User-Agent: curl/7.74.0                                                       > Accept: */*                                                                   >                                                                               * Mark bundle as not supporting multiuse                                        < HTTP/1.1 200 OK                                                               < Server: Werkzeug/2.3.7 Python/3.9.2                                           < Date: Fri, 26 Jan 2024 08:14:13 GMT                                           < Content-Type: text/html; charset=utf-8                                        < Content-Length: 12                                                            < Connection: close                                                             <                                                                               * Closing connection 0                                                          Unauthorizedadmin@i-048defd814f7a6edd:~$ ls localhost:5000                      ls: cannot access 'localhost:5000': No such file or directory                   admin@i-048defd814f7a6edd:~$ l                                                  

admin@i-0135396ea42201af3:~$                                                    admin@i-0135396ea42201af3:~$                                                    admin@i-0135396ea42201af3:~$                                                    admin@i-0135396ea42201af3:~$ pwd                                                /home/admin                                                                     admin@i-0135396ea42201af3:~$                                                    

drwx------   5 root root  4096 Jan 25 19:49 root                                drwxr-xr-x  22 root root   620 Jan 25 19:49 run                                 lrwxrwxrwx   1 root root     8 Sep 28  2021 sbin -> usr/sbin                    drwxr-xr-x   2 root root  4096 Sep 28  2021 srv                                 dr-xr-xr-x  13 root root     0 Jan 25 19:48 sys                                 drwxrwxrwt   9 root root  4096 Jan 25 19:49 tmp                                 drwxr-xr-x  14 root root  4096 Sep 28  2021 usr                                 drwxr-xr-x  11 root root  4096 Sep 28  2021 var                                 admin@i-0f29e47a857c873d8:/$ ls opt                                             admin@i-0f29e47a857c873d8:/$ ls run                                             agetty.reload  cloud-init    dbus                initramfs  network          sshblkid          credentials   dhclient.ens5.pid   lock       screen           sshchrony         crond.pid     dhclient6.ens5.pid  log        sendsigs.omit.d  sudchrony-dhcp    crond.reboot  initctl             mount      shm              sysadmin@i-0f29e47a857c873d8:/$ cd run                                             

/dev/nvme0n1p1   7.7G  6.1G  1.2G  84% /                                        tmpfs            228M   12K  228M   1% /dev/shm                                 tmpfs            5.0M     0  5.0M   0% /run/lock                                /dev/nvme0n1p15  124M  5.9M  118M   5% /boot/efi                                admin@i-028b46998ca7b18c9:~$ du ./                                              11140   ./agent                                                                 4       ./.ansible/tmp                                                          8       ./.ansible                                                              4       ./data                                                                  4       ./.config/procps                                                        8       ./.config/asciinema                                                     16      ./.config                                                               8       ./.ssh                                                                  5256232 ./                                                                      admin@i-028b46998ca7b18c9:~$ df -ht                                             

sudo: 3 incorrect password attempts                                             admin@i-0ade0a697ccc4e8f9:/$ cd /usr/                                           bin/     include/ lib32/   libexec/ local/   share/                             games/   lib/     lib64/   libx32/  sbin/    src/                               admin@i-0ade0a697ccc4e8f9:/$ cd /home/admin/                                    admin@i-0ade0a697ccc4e8f9:~$ ls                                                 agent  webserver.py                                                             admin@i-0ade0a697ccc4e8f9:~$ ls agent/                                          check.sh  sadagent  sadagent.txt                                                admin@i-0ade0a697ccc4e8f9:~$ ls agent/sadagent                                  agent/sadagent                                                                  admin@i-0ade0a697ccc4e8f9:~$ less agent/sadagent                                sadagent      sadagent.txt                                                      admin@i-0ade0a697ccc4e8f9:~$ less agent/sadagent.txt                            admin@i-0ade0a697ccc4e8f9:~$ less agent/sadagent.txt                            

write(2, "\t", 1        )                       = 1                             write(2, "./main.go", 9./main.go)                = 9                            write(2, ":", 1:)                        = 1                                    write(2, "64", 264)                       = 2                                   write(2, " +", 2 +)                       = 2                                   write(2, "0x47d", 50x47d)                    = 5                                write(2, "\n", 1                                                                )                       = 1                                                     exit_group(2)                           = ?                                     +++ exited with 2 +++                                                           admin@i-0cf4052df7f7472c2:~$ strace -v /home/admin/kihei > strace.txt^C         admin@i-0cf4052df7f7472c2:~$ cat strace.txt                                     admin@i-0cf4052df7f7472c2:~$ strace^C                                           admin@i-0cf4052df7f7472c2:~$ ^C                                                 admin@i-0cf4052df7f7472c2:~$