SadServers Joined on September 10, 2023

#                                                                               # m h  dom mon dow   command                                                    ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               ~                                                                               :q                                                                              

admin@i-02fa9eeb4808a3df7:~$ nc localhos                                        

                                                                                    #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                    admin@i-01ea60294022f2d7a:~$ curl localhost:5000                                Unauthorizedadmin@i-01ea60294022f2d7a:~$ ns localhost:5000                      bash: ns: command not found                                                     admin@i-01ea60294022f2d7a:~$ nc localhost:5000                                  nc: missing port number                                                         admin@i-01ea60294022f2d7a:~$ GET /                                              bash: GET: command not found                                                    admin@i-01ea60294022f2d7a:~$ nc localhost:5000                                  

total 52K                                                                       drwxr-xr-x 7 admin admin 4.0K Jan  1 17:19 .                                    drwxr-xr-x 3 root  root  4.0K Sep 17 16:44 ..                                   drwx------ 3 admin admin 4.0K Sep 20 15:52 .ansible                             -rw------- 1 admin admin  517 Jan  1 17:22 .bash_history                        -rw-r--r-- 1 admin admin  220 Aug  4  2021 .bash_logout                         -rw-r--r-- 1 admin admin 3.5K Aug  4  2021 .bashrc                              drwxr-xr-x 3 admin admin 4.0K Sep 20 15:56 .config                              drwxr-xr-x 3 admin admin 4.0K Jan  1 17:19 .local                               -rw-r--r-- 1 admin admin  807 Aug  4  2021 .profile                             drwx------ 2 admin admin 4.0K Sep 17 16:44 .ssh                                 -rw-r--r-- 1 admin admin 1.0K Jan  1 17:19 .webserver.py.swp                    drwxr-xr-x 2 admin root  4.0K Sep 24 23:20 agent                                -rwxrwx--- 1 root  root   360 Sep 24 23:20 webserver.py                         admin@i-02771b3f9cef454ca:~$ curl localhost:5000/                               

mmap(0x7f6d4f8a6000, 151552, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, mmap(0x7f6d4f8cb000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENY6d4f8cb000                                                                      mmap(0x7f6d4f8d1000, 848, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYM000                                                                             close(3)                                = 0                                     openat(AT_FDCWD, "/usr/lib/sudo/libpam.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (Nopenat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3                    fstat(3, {st_mode=S_IFREG|0644, st_size=17664, ...}) = 0                        mmap(NULL, 17664, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f6d4f8e6000                close(3)                                = 0                                     openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpam.so.0", O_RDONLY|O_CLOEXEC) = 3   read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2005\0\0\0\0\0\0"..., 83fstat(3, {st_mode=S_IFREG|0644, st_size=67584, ...}) = 0                        :                                                                               

admin@i-02d1e5ec374b04a2a:~$  localhost:5000                                    bash: localhost:5000: command not found                                         admin@i-02d1e5ec374b04a2a:~$ curl localhost:5000                                Unauthorizedadmin@i-02d1e5ec374b04a2a:~$ sudo  localhost:5000                   

write(2, ":", 1:)                        = 1                                    write(2, "64", 264)                       = 2                                   write(2, " +", 2 +)                       = 2                                   write(2, "0x47d", 50x47d)                    = 5                                write(2, "\n", 1                                                                )                       = 1                                                     exit_group(2)                           = ?                                     +++ exited with 2 +++                                                           admin@i-0a7b505525f0420f4:~$ ls                                                 agent  data  datafile  kihei                                                    admin@i-0a7b505525f0420f4:~$ ^C                                                 admin@i-0a7b505525f0420f4:~$ cd /home/admin/                                    admin@i-0a7b505525f0420f4:~$ ls                                                 agent  data  datafile  kihei                                                    admin@i-0a7b505525f0420f4:~$ cd                                                 

tcp        0      0 127.0.0.1:33060         127.0.0.1:5000          TIME_WAIT   tcp        0      0 127.0.0.1:53540         127.0.0.1:5000          TIME_WAIT   admin@i-033468d33a03be844:~$ sudo netstat -natup | grep 5000                                                                                                    We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                                                                                                    admin@i-033468d33a03be844:~$ sudo                                               

HTTP/1.1 200 OK                                                                 < Server: Werkzeug/2.3.7 Python/3.9.2                                           Server: Werkzeug/2.3.7 Python/3.9.2                                             < Date: Sun, 31 Dec 2023 17:57:48 GMT                                           Date: Sun, 31 Dec 2023 17:57:48 GMT                                             < Content-Type: text/html; charset=utf-8                                        Content-Type: text/html; charset=utf-8                                          < Content-Length: 12                                                            Content-Length: 12                                                              < Connection: close                                                             Connection: close                                                                                                                                               <                                                                               * Closing connection 0                                                          Unauthorizedadmin@i-0aea4ea4fa670d67d:~$ curl -localhost:5000                   

        crontab [ -u user ] [ -i ] { -e | -l | -r }                                             (default operation is replace, per 1003.2)                              -e      (edit user's crontab)                                                   -l      (list user's crontab)                                                   -r      (delete user's crontab)                                                 -i      (prompt before deleting user's crontab)                         admin@i-0707c9522c663d8b0:/etc$ crontab -e -u admin                             no crontab for admin - using an empty one                                                                                                                       Select an editor.  To change later, run 'select-editor'.                          1. /bin/nano        <---- easiest                                               2. /usr/bin/vim.basic                                                           3. /usr/bin/vim.tiny                                                                                                                                          Choose 1-3 [1]:                                                                 

admin@i-07246b6a279d1d538:/etc$ cat sadscenario                                 paris                                                                           admin@i-07246b6a279d1d538:/etc$                                                 

  <meta name="viewport" content="width=device-width, initial-scale=1">          </head>                                                                                                                                                         <body>                                                                            <div id="terminal"></div>                                                       <script src="./auth_token.js"></script>                                         <script src="./config.js"></script>                                             <script src="./js/gotty.js"></script>                                         </body>                                                                                                                                                         </html>admin@i-01458a02fd7896dbc:~$ curl localhost:323                          curl: (7) Failed to connect to localhost port 323: Connection refused           admin@i-01458a02fd7896dbc:~$ curl localhost:68                                  curl: (7) Failed to connect to localhost port 68: Connection refused            admin@i-01458a02fd7896dbc:~$                                                    

admin@i-0e3126c91f22b8e7e:~$ cd /home/admin/                                    admin@i-0e3126c91f22b8e7e:~$ ls                                                 agent  data  datafile  kihei                                                    admin@i-0e3126c91f22b8e7e:~$ ps aux | grep kihei                                admin        733  0.4  4.1  98188 19420 pts/0    S<l+ 21:13   0:00 /usr/bin/pyth-t kihei/i-0e3126c91f22b8e7e -q -i 2 /var/log/cast/i-0e3126c91f22b8e7e          admin        736  0.0  3.0  24456 14364 pts/0    S<+  21:13   0:00 /usr/bin/pyth-t kihei/i-0e3126c91f22b8e7e -q -i 2 /var/log/cast/i-0e3126c91f22b8e7e          admin        747  0.0  0.1   5264   696 pts/1    S<+  21:14   0:00 grep kihei   admin@i-0e3126c91f22b8e7e:~$ chmod -R a-w /var/log/cast/                        admin@i-0e3126c91f22b8e7e:~$                                                    

admin@i-0fa25442adfe553ec:~$ cat /var/log/                                      alternatives.log       chrony/                dpkg.log               messages   ades/                                                                           apt/                   cloud-init-output.log  faillog                minio.log  auth.log               cloud-init.log         journal/               private/   btmp                   daemon.log             kern.log               runit/     cast/                  debug                  lastlog                syslog     admin@i-0fa25442adfe553ec:~$ cat /var/log/                                      alternatives.log       chrony/                dpkg.log               messages   ades/                                                                           apt/                   cloud-init-output.log  faillog                minio.log  auth.log               cloud-init.log         journal/               private/   btmp                   daemon.log             kern.log               runit/     cast/                  debug                  lastlog                syslog     admin@i-0fa25442adfe553ec:~$ cat /var/log/cast/i-0fa25442adfe553ec