SadServers Joined on September 10, 2023
1656 public recordings by SadServers
write(2, "(", 1() = 1 write(2, ")\n", 2) ) = 2 write(2, "\t", 1 ) = 1 write(2, "./main.go", 9./main.go) = 9 write(2, ":", 1:) = 1 write(2, "64", 264) = 2 write(2, " +", 2 +) = 2 write(2, "0x47d", 50x47d) = 5 write(2, "\n", 1 ) = 1 exit_group(2) = ? +++ exited with 2 +++ admin@i-0053deee79e60da67:~$ vim kihei
kihei/i-0053deee79e60da67 03:24
by SadServers-rw------- 1 admin admin 338 Nov 6 22:15 .bash_history -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout -rw-r--r-- 1 admin admin 3526 Aug 4 2021 .bashrc drwxr-xr-x 3 admin admin 4096 Sep 20 2023 .config -rw-r--r-- 1 admin admin 807 Aug 4 2021 .profile drwx------ 2 admin admin 4096 Sep 17 2023 .ssh drwxr-xr-x 2 admin root 4096 Sep 24 2023 agent -rwxrwx--- 1 root root 360 Sep 24 2023 webserver.py admin@i-0e8108e3a59a33ce2:~$ cat /etc/sudoers cat: /etc/sudoers: Permission denied admin@i-0e8108e3a59a33ce2:~$ cat /etc/sudoers.d/ cat: /etc/sudoers.d/: Permission denied admin@i-0e8108e3a59a33ce2:~$ cat /etc/sudo sudo.conf sudo_logsrvd.conf sudoers sudoers.d/ admin@i-0e8108e3a59a33ce2:~$ cat /etc/sudo
paris/i-0e8108e3a59a33ce2 02:59
by SadServersroot 587 0.0 1.4 13352 6828 ? Ss 21:55 0:00 sshd: /usr/sbroot 588 0.0 0.3 2872 1664 tty1 Ss+ 21:55 0:00 /sbin/agetty root 589 0.0 0.4 4396 2144 ttyS0 Ss+ 21:55 0:00 /sbin/agetty _chrony 591 0.0 0.7 10852 3664 ? S 21:55 0:00 /usr/sbin/chr_chrony 592 0.0 0.1 10724 548 ? S 21:55 0:00 /usr/sbin/chrroot 610 0.0 3.7 26612 17404 ? Ss 21:55 0:00 /usr/bin/pythroot 683 0.0 0.0 0 0 ? I 21:55 0:00 [kworker/1:3-admin 714 0.0 0.9 6740 4368 pts/0 S<s+ 21:56 0:00 bash -l admin 718 0.2 4.1 98320 19392 pts/0 R<l+ 21:56 0:00 /usr/bin/pythadmin 721 0.0 3.1 24456 14836 pts/0 R<+ 21:56 0:00 /usr/bin/pythadmin 722 0.0 0.1 2480 508 pts/1 S<s 21:56 0:00 sh -c /bin/baadmin 723 0.0 0.9 6820 4500 pts/1 S< 21:56 0:00 /bin/bash admin 819 0.0 0.6 8648 3260 pts/1 R<+ 21:59 0:00 ps aux admin@i-0cdefb94500ecc5ae:~$ vim log admin@i-0cdefb94500ecc5ae:~$ netsstat
paris/i-0cdefb94500ecc5ae 05:03
by SadServerscron.daily/ hosts.deny mtab rpc cron.hourly/ init.d/ nanorc rsyslog.cron.monthly/ initramfs-tools/ netconfig rsyslog.cron.weekly/ inputrc network/ runit/ crontab iproute2/ networks sadscenadbus-1/ issue nsswitch.conf screenrcdebconf.conf issue.net opt/ securitydebian_version kernel/ os-release selinux/default/ kernel-img.conf pam.conf servicesdeluser.conf ld.so.conf pam.d/ sgml/ dhcp/ ld.so.conf.d/ passwd shadow dpkg/ ldap/ passwd- shadow- admin@i-01cf0f52ecf5df661:~$ ls agent webserver.py admin@i-01cf0f52ecf5df661:~$
paris/i-01cf0f52ecf5df661 03:04
by SadServerstcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 172.31.46.95:36554 172.31.18.4:9000 TIME_WAIT tcp 0 0 172.31.46.95:36542 172.31.18.4:9000 TIME_WAIT tcp 0 0 172.31.46.95:36528 172.31.18.4:9000 TIME_WAIT tcp 0 0 172.31.46.95:36558 172.31.18.4:9000 TIME_WAIT tcp6 0 0 :::6767 :::* LISTEN tcp6 0 0 :::8080 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 172.31.46.95:8080 172.31.16.109:59882 ESTABLISHED udp 0 0 127.0.0.1:323 0.0.0.0:* udp 0 0 0.0.0.0:68 0.0.0.0:* udp6 0 0 fe80::8cf:dff:fe7d::546 :::* udp6 0 0 ::1:323 :::* admin@i-02f99f045f22e8777:~$ lso
paris/i-02f99f045f22e8777 01:59
by SadServersR Repaint screen, discarding buffered input. --------------------------------------------------- Default "window" is the screen height. Default "half-window" is half of the screen height. --------------------------------------------------------------------------- SEARCHING /pattern * Search forward for (N-th) matching line. ?pattern * Search backward for (N-th) matching line. n * Repeat previous search (for N-th occurrence). N * Repeat previous search in reverse direction. ESC-n * Repeat previous search, spanning files. ESC-N * Repeat previous search, reverse dir. & spanning files. HELP -- Press RETURN for more, or q when done
kihei/i-0c7b24e701041061a 04:20
by SadServersnt/ webserver.py admin@i-051f7c5ffc2106615:~$ sudo user We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin: Sorry, try again. [sudo] password for admin: sudo: 1 incorrect password attempt admin@i-051f7c5ffc2106615:~$ vim
paris/i-051f7c5ffc2106615 02:36
by SadServers0021ace0 6e 65 45 78 63 65 65 64 65 64 45 72 72 6f 72 2c |neExceededError,| 0021acf0 65 72 72 6f 72 00 67 6f 2e 69 74 61 62 2e 69 6e |error.go.itab.in| 0021ad00 74 65 72 6e 61 6c 2f 70 6f 6c 6c 2e 65 72 72 4e |ternal/poll.errN| 0021ad10 65 74 43 6c 6f 73 69 6e 67 2c 65 72 72 6f 72 00 |etClosing,error.| 0021ad20 72 75 6e 74 69 6d 65 2e 64 65 66 61 75 6c 74 47 |runtime.defaultG| 0021ad30 4f 52 4f 4f 54 2e 73 74 72 00 72 75 6e 74 69 6d |OROOT.str.runtim| 0021ad40 65 2e 62 75 69 6c 64 56 65 72 73 69 6f 6e 2e 73 |e.buildVersion.s| 0021ad50 74 72 00 72 75 6e 74 69 6d 65 2e 6d 6f 64 69 6e |tr.runtime.modin| 0021ad60 66 6f 2e 73 74 72 00 74 79 70 65 2e 2a 00 72 75 |fo.str.type.*.ru| 0021ad70 6e 74 69 6d 65 2e 74 65 78 74 73 65 63 74 69 6f |ntime.textsectio| 0021ad80 6e 6d 61 70 00 |nmap.| 0021ad85 admin@i-01aeb2c22dddf5e3e:~$ strings ./kihei bash: strings: command not found admin@i-01aeb2c22dddf5e3e:~$ reade
kihei/i-01aeb2c22dddf5e3e 05:19
by SadServersadmin 801 0.0 4.1 98188 19424 pts/0 S<l+ 10:11 0:00 /usr/bin/pythec -t kihei/i-025570eb46de4c5ab -q -i 2 /var/log/cast/i-025570eb46de4c5ab admin 804 0.0 3.0 24456 14368 pts/0 S<+ 10:11 0:00 /usr/bin/pythec -t kihei/i-025570eb46de4c5ab -q -i 2 /var/log/cast/i-025570eb46de4c5ab admin 953 0.0 0.1 5264 640 pts/1 S<+ 10:16 0:00 grep kihei admin@i-025570eb46de4c5ab:~$ kill 801 admin@i-025570eb46de4c5ab:~$ ps aux | grep kihei admin 987 2.0 4.1 98188 19436 pts/0 S<l+ 10:16 0:00 /usr/bin/pythec -t kihei/i-025570eb46de4c5ab --append -q -i 2 /var/log/cast/i-025570eb46de4c5admin 990 0.0 3.1 24456 14872 pts/0 S<+ 10:16 0:00 /usr/bin/pythec -t kihei/i-025570eb46de4c5ab --append -q -i 2 /var/log/cast/i-025570eb46de4c5admin 996 0.0 0.1 5264 640 pts/1 S<+ 10:16 0:00 grep kihei admin@i-025570eb46de4c5ab:~$ ls -al /var/log/cast/i-025570eb46de4c5ab -rw-r--r-- 1 admin admin 19241 Nov 5 10:17 /var/log/cast/i-025570eb46de4c5ab admin@i-025570eb46de4c5ab:~$ l /var/log/cast/i-025570eb46de4c5ab
kihei/i-025570eb46de4c5ab 05:17
by SadServersadmin@i-082a10ed701b98ae6:~$ /home/admin/kihei panic: exit status 1 goroutine 1 [running]: main.main() ./main.go:64 +0x47d admin@i-082a10ed701b98ae6:~$ df -h Filesystem Size Used Avail Use% Mounted on udev 217M 0 217M 0% /dev tmpfs 46M 368K 46M 1% /run /dev/nvme0n1p1 7.7G 6.1G 1.2G 84% / tmpfs 228M 12K 228M 1% /dev/shm tmpfs 5.0M 0 5.0M 0% /run/lock /dev/nvme0n1p15 124M 5.9M 118M 5% /boot/efi admin@i-082a10ed701b98ae6:~$
kihei/i-082a10ed701b98ae6 02:25
by SadServersdrwx------ 2 admin admin 4096 Sep 17 2023 .ssh drwxr-xr-x 2 admin root 4096 Sep 24 2023 agent -rwxrwx--- 1 root root 360 Sep 24 2023 webserver.py admin@i-06c820ab5c704e842:~$ less webserver.py webserver.py: Permission denied admin@i-06c820ab5c704e842:~$ cat webserver.py cat: webserver.py: Permission denied admin@i-06c820ab5c704e842:~$ strace /home/admin/webserver.py execve("/home/admin/webserver.py", ["/home/admin/webserver.py"], 0x7ffd151c1ec0 ES (Permission denied) strace: exec: Permission denied +++ exited with 1 +++ admin@i-06c820ab5c704e842:~$ ctrace /home/admin/webserver.py bash: ctrace: command not found admin@i-06c820ab5c704e842:~$
paris/i-06c820ab5c704e842 02:58
by SadServersasciinema 1021 admin mem REG 259,1 149520 15088 /usr/lib/x86_64-linux-gnasciinema 1021 admin mem REG 259,1 14536 132274 /usr/lib/python3.9/lib-dx86_64-linux-gnu.so asciinema 1021 admin mem REG 259,1 177928 13 /usr/lib/x86_64-linux-gnasciinema 1021 admin DEL REG 0,23 2 /dev/shm/Ovvy0c asciinema 1021 admin 0u CHR 136,0 0t0 3 /dev/pts/0 asciinema 1021 admin 1u CHR 136,0 0t0 3 /dev/pts/0 asciinema 1021 admin 2u CHR 136,0 0t0 3 /dev/pts/0 asciinema 1021 admin 3r FIFO 0,11 0t0 12195 pipe asciinema 1021 admin 4w FIFO 0,11 0t0 12195 pipe asciinema 1021 admin 5r CHR 1,3 0t0 4 /dev/null asciinema 1021 admin 6w FIFO 0,11 0t0 12196 pipe asciinema 1021 admin 7r FIFO 0,11 0t0 12197 pipe asciinema 1021 admin 8w REG 259,1 9550 264863 /var/log/cast/i-09d7e7d9admin@i-09d7e7d93e5a6dcdb:~$ less /var/log/cast/i-09d7e7d93e5a6dcdb
kihei/i-09d7e7d93e5a6dcdb 01:07
by SadServers--privileged: Assume that the user is fully privileged --unprivileged: Assume the user lacks raw socket privileges -V: Print version number -h: Print this help summary page. EXAMPLES: nmap -v -A scanme.nmap.org nmap -v -sn 192.168.0.0/16 10.0.0.0/8 nmap -v -iR 10000 -Pn -p 80 SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES admin@i-01a29057fe7aae69b:~$ nmap -A localhost:5000 Starting Nmap 7.80 ( https://nmap.org ) at 2024-11-04 04:09 UTC Failed to resolve "localhost:5000". WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.65 seconds admin@i-01a29057fe7aae69b:~$
paris/i-01a29057fe7aae69b 00:54
by SadServerstotal 44 drwxr-xr-x 6 admin admin 4096 Sep 24 2023 . drwxr-xr-x 3 root root 4096 Sep 17 2023 .. drwx------ 3 admin admin 4096 Sep 20 2023 .ansible -rw------- 1 admin admin 379 Nov 4 03:55 .bash_history -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout -rw-r--r-- 1 admin admin 3526 Aug 4 2021 .bashrc drwxr-xr-x 3 admin admin 4096 Sep 20 2023 .config -rw-r--r-- 1 admin admin 807 Aug 4 2021 .profile drwx------ 2 admin admin 4096 Sep 17 2023 .ssh drwxr-xr-x 2 admin root 4096 Sep 24 2023 agent -rwxrwx--- 1 root root 360 Sep 24 2023 webserver.py admin@i-0462cf041b08d8861:~$ chown -R admin:admin /home/admin/ chown: changing ownership of '/home/admin/webserver.py': Operation not permittedadmin@i-0462cf041b08d8861:~$ curl http