SadServers Joined on September 10, 2023
1667 public recordings by SadServers
cloud-release fstab.old issue magic.mime passwdcron.d gai.conf issue.net manpath.config perl cron.daily gdb kernel mime.types pm admin@i-07ee8069972d7eb33:/etc$ crontab -e no crontab for admin - using an empty one Select an editor. To change later, run 'select-editor'. 1. /bin/nano <---- easiest 2. /usr/bin/vim.basic 3. /usr/bin/vim.tiny Choose 1-3 [1]: ^C^C^Clq Choose 1-3 [1]: 1 No modification made admin@i-07ee8069972d7eb33:/etc$ cat
paris/i-07ee8069972d7eb33 05:46
by SadServersadmin@i-032b14b686448662d:/etc$ ping 127.0.1.1 PING 127.0.1.1 (127.0.1.1) 56(84) bytes of data. 64 bytes from 127.0.1.1: icmp_seq=1 ttl=64 time=0.022 ms 64 bytes from 127.0.1.1: icmp_seq=2 ttl=64 time=0.033 ms ^C --- 127.0.1.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1025ms rtt min/avg/max/mdev = 0.022/0.027/0.033/0.005 ms admin@i-032b14b686448662d:/etc$ curl 127.0.1.1 curl: (7) Failed to connect to 127.0.1.1 port 80: Connection refused admin@i-032b14b686448662d:/etc$ ssh 127.0.1.1 The authenticity of host '127.0.1.1 (127.0.1.1)' can't be established. ECDSA key fingerprint is SHA256:hMf6KbwaoxjGUmKFdpvRsbq4Vv1XDQTAlST34YIiPA8. Are you sure you want to continue connecting (yes/no/[fingerprint])?
paris/i-032b14b686448662d 05:49
by SadServersHTTP/1.1 200 OK Server: Werkzeug/2.3.7 Python/3.9.2 Date: Wed, 20 Dec 2023 19:16:42 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12 Connection: close Unauthorizedadmin@i-0539ff55ccurl http://127.0.0.1:5000/password000/password <!doctype html> <html lang=en> <title>404 Not Found</title> <h1>Not Found</h1> <p>The requested URL was not found on the server. If you entered the URL manualling and try again.</p> admin@i-0539ff55c188ce054:~$ curl http://127.0.0.1:5000/фв
paris/i-0539ff55c188ce054 00:20
by SadServers[sudo] password for admin: 3Sorry, try again. [sudo] password for admin: adminSorry, try again. [sudo] password for admin: admin sudo: 3 incorrect password attempts admin@i-0b7facb522ba65534:~$ admin bash: admin: command not found admin@i-0b7facb522ba65534:~$ docker ps bash: docker: command not found admin@i-0b7facb522ba65534:~$ ls agent webserver.py admin@i-0b7facb522ba65534:~$ ls
paris/i-0b7facb522ba65534 01:47
by SadServersadmin@i-0264325fffd925a1b:/etc$ cd apache2/ admin@i-0264325fffd925a1b:/etc/apache2$ sl bash: sl: command not found admin@i-0264325fffd925a1b:/etc/apache2$ ls conf-available admin@i-0264325fffd925a1b:/etc/apache2$ cd conf-available/ admin@i-0264325fffd925a1b:/etc/apache2/conf-available$ ls javascript-common.conf admin@i-0264325fffd925a1b:/etc/apache2/conf-available$ cd .. admin@i-0264325fffd925a1b:/etc/apache2$ cd .. admin@i-0264325fffd925a1b:/etc$ cd .. admin@i-0264325fffd925a1b:/$ cd usr/share/java admin@i-0264325fffd925a1b:/usr/share/java$ ls libintl-0.21.jar libintl.jar admin@i-0264325fffd925a1b:/usr/share/java$ cd ..
paris/i-0264325fffd925a1b 05:48
by SadServerswrite(2, ":", 1:) = 1 write(2, "64", 264) = 2 write(2, " +", 2 +) = 2 write(2, "0x47d", 50x47d) = 5 write(2, "\n", 1 ) = 1 exit_group(2) = ? +++ exited with 2 +++ admin@i-0383999b6e9ab8158:~$ ls agent data datafile kihei admin@i-0383999b6e9ab8158:~$ ls datafile datafile admin@i-0383999b6e9ab8158:~$ ls /usr/local/sbin/fallocate ls: cannot access '/usr/local/sbin/fallocate': No such file or directory admin@i-0383999b6e9ab8158:~$ whereis fallo
kihei/i-0383999b6e9ab8158 01:37
by SadServersle="unconfined" name="man_filter" pid=355 comm="apparmor_parser" [ 4.838571] audit: type=1400 audit(1703061908.844:6): apparmor="STATUS" operale="unconfined" name="man_groff" pid=355 comm="apparmor_parser" [ 4.854310] audit: type=1400 audit(1703061908.884:7): apparmor="STATUS" operale="unconfined" name="lsb_release" pid=356 comm="apparmor_parser" [ 4.869891] audit: type=1400 audit(1703061908.892:8): apparmor="STATUS" operale="unconfined" name="tcpdump" pid=357 comm="apparmor_parser" [ 4.885181] audit: type=1400 audit(1703061908.908:9): apparmor="STATUS" operale="unconfined" name="/usr/sbin/chronyd" pid=358 comm="apparmor_parser" [ 56.344814] IPv6: ADDRCONF(NETDEV_CHANGE): ens5: link becomes ready [ 58.685545] device-mapper: uevent: version 1.0.3 [ 58.690960] device-mapper: ioctl: 4.43.0-ioctl (2020-10-01) initialised: dm-dadmin@i-0934faf01c3d7420c:~$ vim /home/admin/kihei root@i-0934faf01c3d7420c:/home/admin# tar czf datafile > /tmp/datafile.tar.gz
kihei/i-0934faf01c3d7420c 04:53
by SadServerstcp ESTAB 0 0 [::ffff:172.31. [::ffff:172.31.16.109]:49770 timer:(keepalive,3.216ms,0) admin@i-0bce630416db45b25:~$ admin@i-0bce630416db45b25:~$ admin@i-0bce630416db45b25:~$ admin@i-0bce630416db45b25:~$ lsof -i:5000 admin@i-0bce630416db45b25:~$ admin@i-0bce630416db45b25:~$ lsof -i COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME gotty 558 admin 6u IPv6 10895 0t0 TCP *:http-alt (LISTEN) gotty 558 admin 7u IPv6 12340 0t0 TCP ip-172-31-40-35.us-east-2.co>ip-172-31-16-109.us-east-2.compute.internal:49770 (ESTABLISHED) sadagent 559 admin 7u IPv6 1958 0t0 TCP *:6767 (LISTEN) admin@i-0bce630416db45b25:~$ admin@i-0bce630416db45b25:~$