Public recordings
Sort by
drwxr-xr-x 7 admin admin 4096 Dec 6 15:59 . drwxr-xr-x 3 root root 4096 Sep 17 16:44 .. drwx------ 3 admin admin 4096 Sep 17 17:15 .ansible -rw-r--r-- 1 admin admin 220 Aug 4 2021 .bash_logout -rw-r--r-- 1 admin admin 3526 Aug 4 2021 .bashrc drwxr-xr-x 3 admin admin 4096 Dec 6 15:59 .config -rw-r--r-- 1 admin admin 807 Aug 4 2021 .profile drwx------ 2 admin admin 4096 Sep 17 16:44 .ssh drwxr-xr-x 2 admin root 4096 Sep 17 17:28 agent drwxr-xr-x 2 admin root 4096 Sep 17 17:28 data -rw-r--r-- 1 root root 5368709120 Sep 17 17:28 datafile -rwxr-xr-x 1 admin root 2207109 Sep 17 17:28 kihei admin@i-06aaa324a79f9607e:~$ less kihei "kihei" may be a binary file. See it anyway? admin@i-06aaa324a79f9607e:~$
kihei/i-06aaa324a79f9607e 00:49
by SadServers└─576 /usr/bin/python3 /home/admin/webserver.py Dec 06 15:26:25 i-0698a665f0c5ecc54 systemd[1]: Started Flask Application. Dec 06 15:26:25 i-0698a665f0c5ecc54 python3[576]: * Serving Flask app 'webserver' Dec 06 15:26:25 i-0698a665f0c5ecc54 python3[576]: * Debug mode: off Dec 06 15:26:26 i-0698a665f0c5ecc54 python3[576]: WARNING: This is a development server. Do not use it in a production deployment. Use a product> Dec 06 15:26:26 i-0698a665f0c5ecc54 python3[576]: * Running on http://127.0.0.1:5000 Dec 06 15:26:26 i-0698a665f0c5ecc54 python3[576]: Press CTRL+C to quit admin@i-0698a665f0c5ecc54:~$
paris/i-0698a665f0c5ecc54 06:06
by SadServersadmin@i-0215c6153f5619eae:~$ ls -a .ansible/tmp/ . .. admin@i-0215c6153f5619eae:~$ ls -a agent/ . .. check.sh sadagent sadagent.txt admin@i-0215c6153f5619eae:~$ ls -a agent/sadagent agent/sadagent admin@i-0215c6153f5619eae:~$ ls -a agent/sadagent sadagent sadagent.txt admin@i-0215c6153f5619eae:~$ ls -a agent/sadagent sadagent sadagent.txt admin@i-0215c6153f5619eae:~$ less agent/check.sh admin@i-0215c6153f5619eae:~$ less agent/sadagent.txt admin@i-0215c6153f5619eae:~$ less agent/sadagent "agent/sadagent" may be a binary file. See it anyway? admin@i-0215c6153f5619eae:~$ sudo echo '
paris/i-0215c6153f5619eae 05:50
by SadServerstotal 8 drwxr-xr-x 2 admin root 4096 Sep 24 23:20 agent -rwxrwx--- 1 root root 360 Sep 24 23:20 webserver.py admin@i-06bbe1bb9a1bed390:~$ sudo wc -l webserver.py We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin: sudo: a password is required admin@i-06bbe1bb9a1bed390:~$ grep password
paris/i-06bbe1bb9a1bed390 00:47
by SadServers~ ~ ~ ~ ~ ~ ~ ~ admin@i-0780ef3211c9664fa:~$ curl --user-agent "whate" localhost:5000 Welcome! Password is FDZPmh5AX3oiJtadmin@i-0780ef3211c9664fa:~$ admin@i-0780ef3211c9664fa:~$ curl --user-agent localhost:5000 curl: no URL specified! curl: try 'curl --help' or 'curl --manual' for more information admin@i-0780ef3211c9664fa:~$ curl --user-agent localhost:5000
paris/i-0780ef3211c9664fa 01:24
by SadServers-rw-r----- 1 root adm 928 Dec 6 07:51 user.log -rw-r----- 1 root adm 7751 Sep 24 23:20 user.log.1 -rw-r----- 1 root adm 2927 Sep 20 15:56 user.log.2.gz -rw-rw-r-- 1 root utmp 67968 Dec 6 07:51 wtmp admin@i-0e05d284027a30782:/var/log$ cd journal/ admin@i-0e05d284027a30782:/var/log/journal$ ls -la total 12 drwxr-sr-x+ 3 root systemd-journal 4096 Sep 17 16:44 . drwxr-xr-x 9 root root 4096 Dec 6 07:51 .. drwxr-sr-x+ 2 root systemd-journal 4096 Dec 6 07:51 ec26942be8219bc22967aa0256120fca admin@i-0e05d284027a30782:/var/log/journal$ cat ec26942be8219bc22967aa0256120fca/ cat: ec26942be8219bc22967aa0256120fca/: Is a directory admin@i-0e05d284027a30782:/var/log/journal$
paris/i-0e05d284027a30782 04:37
by SadServers693 pts/1 00:00:00 sh 694 pts/1 00:00:00 bash 800 pts/1 00:00:00 ps admin@i-0b98d3e9a33585961:~$ netstat -an | grep 5000 tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN admin@i-0b98d3e9a33585961:~$ lsof -i :5000 admin@i-0b98d3e9a33585961:~$ lsof -i :5000 admin@i-0b98d3e9a33585961:~$ ss -lntu | grep 5000 tcp LISTEN 0 128 127.0.0.1:5000 0.0.0.0:* admin@i-0b98d3e9a33585961:~$ lsof -i :5000 admin@i-0b98d3e9a33585961:~$ netstat -tulnp | grep 5000 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN admin@i-0b98d3e9a33585961:~$ netstat -tulnp | grep
paris/i-0b98d3e9a33585961 03:01
by SadServersdrwxr-xr-x 2 admin root 4.0K Sep 24 23:20 agent -rwxrwx--- 1 root root 360 Sep 24 23:20 webserver.py admin@i-0a40943c8c217e6da:~$ vim webserver.py admin@i-0a40943c8c217e6da:~$ sudo su We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for admin: Sorry, try again. [sudo] password for admin:
paris/i-0a40943c8c217e6da 00:30
by SadServersbash: cd: in: No such file or directory admin@i-038c74fd3d1199e7c:/usr/share/javascript/sphinxdoc$ cat index # <filename> [min-version] 1.0/doctools.js 1.8 1.0/jquery.js 1.0/language_data.js 2.4.3-5~ 1.0/searchtools.js 2.0 1.0/sidebar.js 1.0/theme_extras.js 1.0/underscore.js 1.0/css3-mediaqueries.js 1.3 admin@i-038c74fd3d1199e7c:/usr/share/javascript/sphinxdoc$ cd 1.0/ admin@i-038c74fd3d1199e7c:/usr/share/javascript/sphinxdoc/1.0$ ls css3-mediaqueries.js doctools.js jquery.js language_data.js searchtools.js admin@i-038c74fd3d1199e7c:/usr/share/javascript/sphinxdoc/1.0$ cat
paris/i-038c74fd3d1199e7c 01:54
by SadServersgoroutine 1 [running]: main.main() ./main.go:64 +0x47d admin@i-07ceb80639215b899:~$ vim kihei admin@i-07ceb80639215b899:~$ admin@i-07ceb80639215b899:~$ admin@i-07ceb80639215b899:~$ admin@i-07ceb80639215b899:~$ admin@i-07ceb80639215b899:~$ ls -l total 5245048 drwxr-xr-x 2 admin root 4096 Sep 17 17:28 agent drwxr-xr-x 2 admin root 4096 Dec 5 20:45 data -rw-r--r-- 1 root root 5368709120 Sep 17 17:28 datafile -rwxr-xr-x 1 admin root 2207109 Sep 17 17:28 kihei admin@i-07ceb80639215b899:~$
kihei/i-07ceb80639215b899 01:05
by SadServersadmin 704 0.0 0.9 6704 4456 pts/0 S<s+ 19:38 0:00 bash -l admin 709 0.1 4.1 98188 19368 pts/0 S<l+ 19:38 0:00 /usr/bin/python3 /usr/bin/asciinema rec -t paris/i-0afe6889c9b29258b -q -i 2 /v admin 714 0.0 3.1 24456 14868 pts/0 S<+ 19:38 0:00 /usr/bin/python3 /usr/bin/asciinema rec -t paris/i-0afe6889c9b29258b -q -i 2 /v admin 715 0.0 0.1 2480 504 pts/1 S<s 19:38 0:00 sh -c /bin/bash admin 716 0.0 1.0 6952 4720 pts/1 S< 19:38 0:00 /bin/bash admin 851 0.0 0.6 8648 3240 pts/1 R<+ 19:42 0:00 ps aux admin@i-0afe6889c9b29258b:~$
paris/i-0afe6889c9b29258b 03:55
by SadServerswrite(2, "0x47d", 50x47d) = 5 write(2, "\n", 1 ) = 1 exit_group(2) = ? +++ exited with 2 +++ admin@i-05088a4f1fc43f619:~$ strace ./kihei 2>&1 | grep datafile newfstatat(AT_FDCWD, "/home/admin/data/newdatafile", 0xc00008e9f8, 0) = -1 ENOENunlinkat(AT_FDCWD, "/home/admin/data/newdatafile", 0) = 0 admin@i-05088a4f1fc43f619:~$ cd data admin@i-05088a4f1fc43f619:~/data$ ls -al total 8 drwxr-xr-x 2 admin root 4096 Dec 5 09:17 . drwxr-xr-x 7 admin admin 4096 Dec 5 09:12 .. admin@i-05088a4f1fc43f619:~/data$ touch newdatafile admin@i-05088a4f1fc43f619:~/data$ strace .../kihei 2>&1 | grep datafile
kihei/i-05088a4f1fc43f619 07:44
by SadServersadmin adm dialout cdrom floppy sudo audio dip video plugdev netdev admin@i-0ac9ef3cd50b10b68:~$ cat webserver.py cat: webserver.py: Permission denied admin@i-0ac9ef3cd50b10b68:~$ < webserver > archivo bash: webserver: No such file or directory admin@i-0ac9ef3cd50b10b68:~$ echo < webserver > archivo bash: webserver: No such file or directory admin@i-0ac9ef3cd50b10b68:~$ echo < webserver.py > archivo bash: webserver.py: Permission denied admin@i-0ac9ef3cd50b10b68:~$ passwd Changing password for admin. Current password: asd