SadServers Joined on September 10, 2023

cloud                   gdb             ld.so.conf       mtab            rc2.d           skel          vim                                                  cloud-release           groff           ld.so.conf.d     nanorc          rc3.d           ssh           wgetrc                                               cron.d                  group           ldap             netconfig       rc4.d           ssl           xattr.conf                                           cron.daily              group-          libaudit.conf    network         rc5.d           subgid        xdg                                                  cron.hourly             grub.d          lighttpd         networks        rc6.d           subgid-       xml                                                  cron.monthly            gshadow         locale.alias     nsswitch.conf   rcS.d           subuid                                                             cron.weekly             gshadow-        locale.gen       opt             reportbug.conf  subuid-                                                            admin@i-0ff8d9a1ece0ff594:/etc$ cd /var/w                                     

a.out  agent  webserver.py                                                      $                                                                               admin@i-072b43453825ba99a:~$ find / -perm -u=s -type f 2>/dev/null              /usr/lib/openssh/ssh-keysign                                                    /usr/lib/dbus-1.0/dbus-daemon-launch-helper                                     /usr/bin/chsh                                                                   /usr/bin/umount                                                                 /usr/bin/mount                                                                  /usr/bin/passwd                                                                 /usr/bin/newgrp                                                                 /usr/bin/sudo                                                                   /usr/bin/chfn                                                                   /usr/bin/su                                                                     /usr/bin/gpasswd                                                                admin@i-072b43453825ba99a:~$ ./a.out /usr/bin/su                                

admin@i-0c3f47ba3bad811b9:~$ curl localhost:5000                                Unauthorizedadmin@i-0c3f47ba3bad811b9:~$ netstat -tulpn | grep                  

flect.Typego.itab.*flag.durationValue,flag.Valuego.itab.*flag.float64Value,flag.alue,flag.Valuego.itab.*flag.int64Value,flag.Valuego.itab.*flag.stringValue,flagtValue,flag.Valuego.itab.*flag.uint64Value,flag.Valuego.itab.*strings.Builder,ioerrorString,errorgo.itab.*fmt.wrapError,errorgo.itab.*fmt.pp,fmt.Statego.itab.*o.syscall.Signal,os.Signalgo.itab.*io/fs.PathError,errorgo.itab.*os.SyscallError,rno,errorgo.itab.os.onlyWriter,io.Writergo.itab.*os.fileStat,io/fs.FileInfogo.it.Readergo.itab.*os.File,io.Closergo.itab.*os/exec.ExitError,errorgo.itab.*os/exeufio.Reader,io.Readergo.itab.os/user.UnknownUserIdError,errorgo.itab.*internal/ral/reflectlite.Typego.itab.time.fileSizeError,errorgo.itab.*internal/fmtsort.Sor.itab.runtime.errorString,error_cgo_init_cgo_thread_start_cgo_notify_runtime_iniyield_cgo_mmap_cgo_munmap_cgo_sigactionruntime.mainPCgo.itab.*internal/poll.Deadgo.itab.internal/poll.errNetClosing,errorruntime.defaultGOROOT.strruntime.buildVroot@i-0d4c9c9f8cfc1d5ed:/home/admin# ./kihei                                   Error: This program cannot be run as the 'root' superuser.                      root@i-0d4c9c9f8cfc1d5ed:/home/admin#                                           

Saving to: ‘index.html’                                                                                                                                         index.html                 100%[=====================================>]      12                                                                                 2024-01-15 05:10:43 (1.55 MB/s) - ‘index.html’ saved [12/12]                                                                                                    admin@i-0d60756cd4edc8643:~$ ls                                                 agent  index.html  webserver.py                                                 admin@i-0d60756cd4edc8643:~$ cat index.html                                     Unauthorizedadmin@i-0d60756cd4edc8643:~$ telnet localhost 5000                  Trying 127.0.0.1...                                                             Connected to localhost.                                                         Escape character is '^]'.                                                       GET /                                                                                                                                                           

root@i-02092f036fead2d0b:~# mkfs-.ext4 /dev/sad_servers/sad_servers             bash: mkfs-.ext4: command not found                                             root@i-02092f036fead2d0b:~# mkfs.ext4 /dev/sad_servers/sad_servers              mke2fs 1.46.2 (28-Feb-2021)                                                     Creating filesystem with 393216 4k blocks and 98304 inodes                      Filesystem UUID: d3e1d407-1b26-4059-8d11-8a5e5ce2ca4e                           Superblock backups stored on blocks:                                                    32768, 98304, 163840, 229376, 294912                                                                                                                    Allocating group tables: done                                                   Writing inode tables: done                                                      Creating journal (8192 blocks): done                                            Writing superblocks and filesystem accounting information: done                                                                                                 root@i-02092f036fead2d0b:~#                                                     

tmpfs            228M   24K  228M   1% /dev/shm                                 tmpfs            5.0M     0  5.0M   0% /run/lock                                /dev/nvme0n1p15  124M  5.9M  118M   5% /boot/efi                                root@i-0c46d1eed562eeeb0:/home/admin# Filesystem       Size  Used Avail Use% Mouudev             217M     0  217M   0% /dev                                     tmpfs             46M  368K   46M   1% /run                                     /dev/nvme0n1p1   7.7G  6.1G  1.2G  84% /                                        tmpfs            228M   24K  228M   1% /dev/shm                                 tmpfs            5.0M     0  5.0M   0% /run/lock                                /dev/nvme0n1p15  124M  5.9M  118M   5% /boot/efi                                root@i-0c46d1eed562eeeb0:/home/admin# eexxiitt                                  exit                                                                                                                                                            exit                                                                            admin@i-0c46d1eed562eeeb0:~$                                                    

~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                                                                                                               :                                                                               

admin@i-094407eb5173ca7f2:~$ telnet loaclhost 5000                              telnet: could not resolve loaclhost/5000: Name or service not known             admin@i-094407eb5173ca7f2:~$ telnet localhost 5000                              Trying 127.0.0.1...                                                             Connected to localhost.                                                         Escape character is '^]'.                                                       GET /                                                                                                                                                           Welcome! Password is FDZPmh5AX3oiJtConnection closed by foreign host.           admin@i-094407eb5173ca7f2:~$ curl --insecure --anyauth -u admin:passowrd -X GET Unauthorizedadmin@i-094407eb5173ca7f2:~$ curl --insecure --anyauth -u admin:pass                                                                                admin@i-094407eb5173ca7f2:~$                                                    admin@i-094407eb5173ca7f2:~$                                                    admin@i-094407eb5173ca7f2:~$ curl --insecure --anyauth -u admin:FDZPmh5AX3oiJt -

unix  3      [ ]         STREAM     CONNECTED     11366                         unix  3      [ ]         STREAM     CONNECTED     11352                         unix  3      [ ]         STREAM     CONNECTED     11353    /run/systemd/journal/unix  3      [ ]         STREAM     CONNECTED     11367    /run/dbus/system_bus_admin@i-04e9b3dc5974733a8:~$ netstat -nptl                                      (Not all processes could be identified, non-owned process info                   will not be shown, you would have to be root to see it all.)                   Active Internet connections (only servers)                                      Proto Recv-Q Send-Q Local Address           Foreign Address         State       tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      tcp6       0      0 :::6767                 :::*                    LISTEN      tcp6       0      0 :::8080                 :::*                    LISTEN      tcp6       0      0 :::22                   :::*                    LISTEN      admin@i-04e9b3dc5974733a8:~$ telnet                                             

drwxr-xr-x 3 root  root  4096 Sep 17 16:44 ..                                   drwx------ 3 admin admin 4096 Sep 20 15:52 .ansible                             -rw------- 1 admin admin   57 Sep 20 15:58 .bash_history                        -rw-r--r-- 1 admin admin  220 Aug  4  2021 .bash_logout                         -rw-r--r-- 1 admin admin 3526 Aug  4  2021 .bashrc                              drwxr-xr-x 3 admin admin 4096 Sep 20 15:56 .config                              -rw-r--r-- 1 admin admin  807 Aug  4  2021 .profile                             drwx------ 2 admin admin 4096 Sep 17 16:44 .ssh                                 drwxr-xr-x 2 admin root  4096 Sep 24 23:20 agent                                -rwxrwx--- 1 root  root   360 Sep 24 23:20 webserver.py                         admin@i-057a22a824cc9eb82:~$ pwd                                                /home/admin                                                                     admin@i-057a22a824cc9eb82:~$ curl localhost:5000                                Unauthorizedadmin@i-057a22a824cc9eb82:~$                                        admin@i-057a22a824cc9eb82:~$ netstat                                            

drwxr-xr-x 2 admin root  4096 Sep 24 23:20 agent                                -rwxrwx--- 1 root  root   360 Sep 24 23:20 webserver.py                         admin@i-0607715dd43c3c574:~$ sudo vi webserver.py                                                                                                               We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                    admin@i-0607715dd43c3c574:~$ curl localhost:5000                                Unauthorizedadmin@i-0607715dd43c3c574:~$ curl localhost:5000                    

cat: /etc/sudoers: Permission denied                                            admin@i-092d4cf55fa0651c2:~$ sudo python3 webserver.py                                                                                                          We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                    admin@i-092d4cf55fa0651c2:~$ ls                                                 agent  webserver.py                                                             admin@i-092d4cf55fa0651c2:~$ ps aux |grep webserver                             

admin@i-04cb2fba7b744d25a:~$ ls                                                 agent  webserver.py                                                             admin@i-04cb2fba7b744d25a:~$ cd ..                                              admin@i-04cb2fba7b744d25a:/home$ ls                                             admin                                                                           admin@i-04cb2fba7b744d25a:/home$ cd admin                                       admin@i-04cb2fba7b744d25a:~$ ls                                                 agent  webserver.py                                                             admin@i-04cb2fba7b744d25a:~$ su -u admin                                        Try 'su --help' for more information.                                           admin@i-04cb2fba7b744d25a:~$ su -i admin                                        su: invalid option -- 'i'                                                       Try 'su --help' for more information.                                           admin@i-04cb2fba7b744d25a:~$ su - admin