SadServers Joined on September 10, 2023

admin@i-0ad6c08cadcda54ab:~$ curl -su 'user' localhost:5000                     Enter host password for user 'user':                                            Unauthorizedadmin@i-0ad6c08cadcda54ab:~$ curl -su 'root' localhost:5000         Enter host password for user 'root':                                            

                                                                                *******                                                                         Crime Scene Report #066820028026                                                ********                                                                        The Mock Turtle sighed deeply, and began, in a voice sometimes choked           with sobs, to sing this:--                                                                                                                                         'Beautiful Soup, so rich and green,                                             Waiting in a hot tureen!                                                        Who for such dainties would not stoop?                                          Soup of the evening, beautiful Soup!                                            Soup of the evening, beautiful Soup!                                              Beau--ootiful Soo--oop!                                                                                                                                    admin@i-07378e98c8174004e:~/clmystery/mystery$ grep                             

Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                    admin@i-0f9d17817910b720d:~$ ls -l                                              total 8                                                                         drwxr-xr-x 2 admin root 4096 Sep 24 23:20 agent                                 -rwxrwx--- 1 root  root  360 Sep 24 23:20 webserver.py                          admin@i-0f9d17817910b720d:~$ cat webserver.py                                   cat: webserver.py: Permission denied                                            admin@i-0f9d17817910b720d:~$ nc localhost:                                      

Commands generally take the format:                                                                                                                                     [name of the command] [option] [option] [option] ...                                                                                                    The prompt will also show what directory you're currently sitting in.  Whenever                                                                                 #### Relative Paths                                                                                                                                             Specifying a file or directory as a relative path means you are specifying where                                                                                        /files/videos$                                                                                                                                                                                     [ Read 358 lines ]                   ^G Help       ^O Write Out  ^W Where Is   ^K Cut        ^T Execute    ^C Locatio^X Exit       ^R Read File  ^\ Replace    ^U Paste      ^J Justify    ^_ Go To L

admin@i-071024f78811da9a2:~/clmystery$ ls                                       LICENSE.md  README.md  cheatsheet.md  cheatsheet.pdf  hint1  hint2  hint3  hint4int8  instructions  mystery                                                     admin@i-071024f78811da9a2:~/clmystery$ vim instructions                         

Tomasz Lanzone  M       86      Necco Court, line 16                            Dirk Steuer     M       43      Bagnal Street, line 175                         Lukasz Dudas    M       58      Birchcroft Road, line 247                       Virginie Medina F       27      Waldorf Street, line 143                        Andriy Hrachov  M       16      Bantry Way, line 299                            Ziwei Braas     F       70      Lyne Road, line 168                             Hector Moutoussamy      M       66      Muller Avenue, line 110                 Xiaodong Dulko  F       69      Homewood Road, line 242                         Ivan Radu       M       29      Clinton Place, line 181                         Christopher Sadauskas   M       86      Lancaster Street, line 47               Lizeth Coertzen F       58      Greenock Street, line 402                       Alexander Heffernan     M       43      Oleander Street, line 147               admin@i-09ce66c81cab7b1b1:~/clmystery/mystery$ ls                               crimescene  interviews  memberships  people  streets  vehicles                  admin@i-09ce66c81cab7b1b1:~/clmystery/mystery$ ca                               

Crime Scene Report #066820028026                                                ********                                                                        The Mock Turtle sighed deeply, and began, in a voice sometimes choked           with sobs, to sing this:--                                                                                                                                         'Beautiful Soup, so rich and green,                                             Waiting in a hot tureen!                                                        Who for such dainties would not stoop?                                          Soup of the evening, beautiful Soup!                                            Soup of the evening, beautiful Soup!                                              Beau--ootiful Soo--oop!                                                                                                                                    admin@i-0b085601a1c3edfe4:~/clmystery/mystery$ grep CLUE                        crimescene   interviews/  memberships/ people       streets/     vehicles       admin@i-0b085601a1c3edfe4:~/clmystery/mystery$ grep CLUE c                      

agent  webserver.py                                                             admin@i-0fcbbedeb8752ba6f:~$ ls -la                                             total 44                                                                        drwxr-xr-x 6 admin admin 4096 Sep 24 23:20 .                                    drwxr-xr-x 3 root  root  4096 Sep 17 16:44 ..                                   drwx------ 3 admin admin 4096 Sep 20 15:52 .ansible                             -rw------- 1 admin admin  296 Oct 20 18:46 .bash_history                        -rw-r--r-- 1 admin admin  220 Aug  4  2021 .bash_logout                         -rw-r--r-- 1 admin admin 3526 Aug  4  2021 .bashrc                              drwxr-xr-x 3 admin admin 4096 Sep 20 15:56 .config                              -rw-r--r-- 1 admin admin  807 Aug  4  2021 .profile                             drwx------ 2 admin admin 4096 Sep 17 16:44 .ssh                                 drwxr-xr-x 2 admin root  4096 Sep 24 23:20 agent                                -rwxrwx--- 1 root  root   360 Sep 24 23:20 webserver.py                         admin@i-0fcbbedeb8752ba6f:~$ curl X localhost:5000                              

admin@i-03e7f50dfa07833fa:~$ python                                             bash: python: command not found                                                 admin@i-03e7f50dfa07833fa:~$ python3                                            Python 3.9.2 (default, Feb 28 2021, 17:03:44)                                   [GCC 10.2.1 20210110] on linux                                                  Type "help", "copyright", "credits" or "license" for more information.          >>> import requests                                                             >>> requests.get("localho")                                                     

    return super().server_bind()                                                  File "/usr/lib/python3.9/http/server.py", line 138, in server_bind                socketserver.TCPServer.server_bind(self)                                      File "/usr/lib/python3.9/socketserver.py", line 466, in server_bind               self.socket.bind(self.server_address)                                       OSError: [Errno 98] Address already in use                                      admin@i-05c1936b123b31b0a:~$ python3 -m http.server 8086                        Serving HTTP on 0.0.0.0 port 8086 (http://0.0.0.0:8086/) ...                    ^C                                                                              Keyboard interrupt received, exiting.                                           admin@i-05c1936b123b31b0a:~$ ^C                                                 admin@i-05c1936b123b31b0a:~$ python3 -m http.server 8086 &                      [1] 733                                                                         admin@i-05c1936b123b31b0a:~$ Serving HTTP on 0.0.0.0 port 8086 (http://0.0.0.0:8                                                                                

admin@i-0204613df27f2c44c:~$ ls                                                 agent  webserver.py                                                             admin@i-0204613df27f2c44c:~$ c                                                  

   15  2023-10-20T18:23:03 ./blu                                                   16  2023-10-20T18:23:04 ./blub                                                  17  2023-10-20T18:23:06 bash blub                                               18  2023-10-20T18:23:24 cat /dev/stdout < blub                                  19  2023-10-20T18:23:37 ngrep                                                   20  2023-10-20T18:23:51 curl -v localhost:5000                                  21  2023-10-20T18:24:20 curl -v localhost:5000 -H 'User-Agent: Mozilla/4.0'     22  2023-10-20T18:24:30 curl -v localhost:5000/kekl -H 'User-Agent: Mozilla/4   23  2023-10-20T18:24:33 history                                              admin@i-09a08604fdf46a1ed:~$ curl -H "User-Agent: Mozilla/5.0 (X11; U; Linux i5800101 Firefox/5.0" localhost:curl -H "User-Agent: Mozilla/5.0 (X11; U; Linux i5800101 Firefox/5.0" localhost:5000                                               Welcome! Password is FDZPmh5AX3oiJtadmin@i-09a08604fdf46a1ed:~$ curl -H "User-Ag; Linux i586; de; rv:5.0) Gecc^C                                                admin@i-09a08604fdf46a1ed:~$ curl -H 'Us                                        

> GET / HTTP/1.1                                                                > Host: localhost:5000                                                          > Accept: */*                                                                   > User-Agent: Firefix                                                           >                                                                               * Mark bundle as not supporting multiuse                                        < HTTP/1.1 200 OK                                                               < Server: Werkzeug/2.3.7 Python/3.9.2                                           < Date: Fri, 20 Oct 2023 18:27:19 GMT                                           < Content-Type: text/html; charset=utf-8                                        < Content-Length: 35                                                            < Connection: close                                                             <                                                                               * Closing connection 0                                                          Welcome! Password is FDZPmh5AX3oiJtadmin@i-09dc8f23dc5f45423:~$                 

MISC:                                                                             -6: Enable IPv6 scanning                                                        -A: Enable OS detection, version detection, script scanning, and traceroute     --datadir <dirname>: Specify custom Nmap data file location                     --send-eth/--send-ip: Send using raw ethernet frames or IP packets              --privileged: Assume that the user is fully privileged                          --unprivileged: Assume the user lacks raw socket privileges                     -V: Print version number                                                        -h: Print this help summary page.                                             EXAMPLES:                                                                         nmap -v -A scanme.nmap.org                                                      nmap -v -sn 192.168.0.0/16 10.0.0.0/8                                           nmap -v -iR 10000 -Pn -p 80                                                   SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES admin@i-04b40f92bf972f881:~$ nmaop