root         574  0.0  0.3   2872  1672 tty1     Ss+  10:17   0:00 /sbin/agetty root         575  0.0  0.4   4396  2040 ttyS0    Ss+  10:17   0:00 /sbin/agetty _chrony      577  0.0  0.7  10852  3668 ?        S    10:17   0:00 /usr/sbin/chr_chrony      578  0.0  0.1  10724   556 ?        S    10:17   0:00 /usr/sbin/chrroot         579  0.0  1.5  13352  7084 ?        Ss   10:17   0:00 sshd: /usr/sbroot         583  0.0  3.7  26612 17396 ?        Ss   10:17   0:00 /usr/bin/pythroot         662  0.0  0.0      0     0 ?        I    10:17   0:00 [kworker/1:4-admin        664  0.0  0.9   6740  4464 pts/0    S<s+ 10:17   0:00 bash -l      admin        668  0.1  4.1  98320 19236 pts/0    D<l+ 10:17   0:00 /usr/bin/pythadmin        671  0.0  3.1  24456 14924 pts/0    R<+  10:17   0:00 /usr/bin/pythadmin        672  0.0  0.1   2480   568 pts/1    S<s  10:17   0:00 sh -c /bin/baadmin        673  0.0  1.0   6952  4792 pts/1    S<   10:17   0:00 /bin/bash    root         717  0.0  0.0      0     0 ?        R    10:18   0:00 [kworker/u4:4admin        762  0.0  0.6   8648  3212 pts/1    R<+  10:19   0:00 ps aux       admin@i-0cace07c960fab3ec:/etc$ ps aux                                          

admin@i-0d5a51c7686a7e115:/tmp$ sudo su                                         root@i-0d5a51c7686a7e115:/tmp# du -sh *                                         8.0K    systemd-private-ce42415b58914051806e4cf3566d786e-chrony.service-PFNEZf  8.0K    systemd-private-ce42415b58914051806e4cf3566d786e-systemd-logind.service-root@i-0d5a51c7686a7e115:/tmp# du -sh /                                         du: cannot access '/proc/972/task/972/fd/4': No such file or directory          du: cannot access '/proc/972/task/972/fdinfo/4': No such file or directory      du: cannot access '/proc/972/fd/3': No such file or directory                   du: cannot access '/proc/972/fdinfo/3': No such file or directory               6.1G    /                                                                       root@i-0d5a51c7686a7e115:/tmp# exit                                             exit                                                                            admin@i-0d5a51c7686a7e115:/tmp$ cd                                              admin@i-0d5a51c7686a7e115:~$ cd data                                            admin@i-0d5a51c7686a7e115:~/data$ mv datafile                                   

# kihei runs succesfully                                                        res=$(/home/admin/kihei)                                                        res=$(echo $res|tr -d '\r')                                                                                                                                     if [[ "$res" = "Done." ]]                                                       then                                                                              echo -n "OK"                                                                  else                                                                              echo -n "NO"                                                                  fi                                                                              admin@i-0afe27aa1ce9cfeda:~/agent$ ls -l /home/admin/datafile |cut -d' ' -f 5   5368709120                                                                      admin@i-0afe27aa1ce9cfeda:~/agent$ ls -l /home/admin/datafile                   -rw-r--r-- 1 root root 5368709120 Sep 17  2023 /home/admin/datafile             admin@i-0afe27aa1ce9cfeda:~/agent$                                              

       -l        Make bash act as if it had been invoked as a login shell (see I       -r        If the -r option is present, the shell becomes restricted (see        -s        If the -s option is present, or if no arguments remain after op                 the positional parameters to be set when invoking an interactiv       -v        Print shell input lines as they are read.                             -x        Print commands and their arguments as they are executed.              -D        A  list  of all double-quoted strings preceded by $ is printed                  when the current locale is not C or POSIX.  This implies the -n       [-+]O [shopt_option]                                                                      shopt_option is one of the shell options accepted by the shopt                  value  of  that option; +O unsets it.  If shopt_option is not s                 standard output.  If the invocation option is +O, the output is       --        A -- signals the end of options and disables further option pro                 ment of - is equivalent to --.                                  Manual page bash(1) line 1 (press h for help or q to quit)                     

admin@i-0fd58112254eedc6c:~$ pwd                                                /home/admin                                                                     admin@i-0fd58112254eedc6c:~$ ls                                                 agent  data  datafile  kihei                                                    admin@i-0fd58112254eedc6c:~$ cat dataf                                          

admin@i-0c387d7e1fbccda67:~$ cd /home/ad                                        bash: cd: /home/ad: No such file or directory                                   admin@i-0c387d7e1fbccda67:~$ }                                                  bash: syntax error near unexpected token `}'                                    admin@i-0c387d7e1fbccda67:~$ cd /home/admin/                                    admin@i-0c387d7e1fbccda67:~$ ls                                                 agent  data  datafile  kihei                                                    admin@i-0c387d7e1fbccda67:~$ kihei                                              bash: kihei: command not found                                                  admin@i-0c387d7e1fbccda67:~$                                                    

*flag.int64Value,flag.Valuego.itab.*flag.stringValue,flag.Valuego.itab.*flag.uin*flag.uint64Value,flag.Valuego.itab.*strings.Builder,io.Writergo.itab.*errors.ermt.wrapError,errorgo.itab.*fmt.pp,fmt.Statego.itab.*os.File,io.Readergo.itab.systab.*io/fs.PathError,errorgo.itab.*os.SyscallError,errorgo.itab.syscall.Errno,erio.Writergo.itab.*os.fileStat,io/fs.FileInfogo.itab.*io.LimitedReader,io.Readerggo.itab.*os/exec.ExitError,errorgo.itab.*os/exec.Error,errorgo.itab.*bufio.Reader.UnknownUserIdError,errorgo.itab.*internal/reflectlite.rtype,internal/reflectliizeError,errorgo.itab.*internal/fmtsort.SortedMap,sort.Interfacego.itab.runtime.t_cgo_thread_start_cgo_notify_runtime_init_done_cgo_callers_cgo_yield_cgo_mmap_cntime.mainPCgo.itab.*internal/poll.DeadlineExceededError,errorgo.itab.internal/pntime.defaultGOROOT.strruntime.buildVersion.strruntime.modinfo.strtype.*runtime.58c220d3e62109:~$ ^C                                                            admin@i-0c358c220d3e62109:~$ ^C                                                 admin@i-0c358c220d3e62109:~$ ^C                                                 admin@i-0c358c220d3e62109:~$                                                    

admin@i-0319fb71f5713def6:~$                                                    

root         572  0.1  6.0 107132 28272 ?        Ss   21:59   0:00 /usr/bin/pythroot         575  0.0  0.9 220796  4224 ?        Ssl  21:59   0:00 /usr/sbin/rsyroot         585  0.0  1.4  13492  6540 ?        Ss   21:59   0:00 /lib/systemd/root         590  0.0  1.5  13352  7188 ?        Ss   21:59   0:00 sshd: /usr/sbroot         591  0.0  0.3   2872  1764 tty1     Ss+  21:59   0:00 /sbin/agetty root         592  0.0  0.4   4396  2036 ttyS0    Ss+  21:59   0:00 /sbin/agetty _chrony      594  0.0  0.7  10852  3604 ?        S    21:59   0:00 /usr/sbin/chr_chrony      595  0.0  0.1  10724   556 ?        S    21:59   0:00  \_ /usr/sbinroot         609  0.0  3.7  26612 17372 ?        Ss   21:59   0:00 /usr/bin/pythroot         770  0.0  0.7   5788  3268 ?        Ss   22:02   0:00 /bin/bash /roroot         789  0.0  6.7 1254320 31692 ?       Sl   22:02   0:00  \_ mc mirroradmin@i-002259b1376148ae2:/var/log$ cd /home/admin/                             admin@i-002259b1376148ae2:~$ ls                                                 agent  webserver.py                                                             admin@i-002259b1376148ae2:~$ ps auxf | grep w                                   

                [46][protocol][@hostname|hostaddr][:service|port]                                                                                                               where:                                                                               46 specifies the IP version, IPv4 or IPv6                                            that applies to the following address.                                          '6' may be be specified only if the UNIX                                        dialect supports IPv6.  If neither '4' nor                                      '6' is specified, the following address                                         applies to all IP versions.                                                protocol is a protocol name - TCP, UDP                                          hostname is an Internet host name.  Unless a                                         specific IP version is specified, open                                          network files associated with host names                                        of all versions will be selected.                      Manual page lsof(8) line 380 (press h for help or q to quit)                   

agent  localhost:5000  webserver.py                                             admin@i-08fcdcee789be6a4c:~$ cd localhost\:5000/                                admin@i-08fcdcee789be6a4c:~/localhost:5000$ ll                                  bash: ll: command not found                                                     admin@i-08fcdcee789be6a4c:~/localhost:5000$ ls -al                              total 8                                                                         drwxr-xr-x 2 admin admin 4096 Dec  7 20:45 .                                    drwxr-xr-x 7 admin admin 4096 Dec  7 20:45 ..                                   admin@i-08fcdcee789be6a4c:~/localhost:5000$ ls -aL                              .  ..                                                                           admin@i-08fcdcee789be6a4c:~/localhost:5000$ cd                                  admin@i-08fcdcee789be6a4c:~$ ls                                                 agent  localhost:5000  webserver.py                                             admin@i-08fcdcee789be6a4c:~$ curl http://localhost:5000/                        Unauthorizedadmin@i-08fcdcee789be6a4c:~$ echo "Un"                              

unix  3      [ ]         STREAM     CONNECTED     10550    /run/systemd/journal/unix  3      [ ]         STREAM     CONNECTED     10538                         unix  2      [ ]         DGRAM                    10261                         unix  3      [ ]         SEQPACKET  CONNECTED     11536                         unix  3      [ ]         STREAM     CONNECTED     11423                         unix  3      [ ]         STREAM     CONNECTED     11449    /run/systemd/journal/unix  3      [ ]         STREAM     CONNECTED     10539    /run/systemd/journal/unix  2      [ ]         DGRAM                    11518                         unix  2      [ ]         DGRAM                    1580                          unix  3      [ ]         SEQPACKET  CONNECTED     11537                         unix  3      [ ]         STREAM     CONNECTED     10753    /run/dbus/system_bus_unix  3      [ ]         STREAM     CONNECTED     11605                         unix  2      [ ]         DGRAM                    11467                         unix  3      [ ]         STREAM     CONNECTED     11448                         admin@i-0970915ceca7ecbf9:~$ netstat n-l                                        

                                                                                   -p, --program                                                                       Show the PID and name of the program to which each socket belongs.                                                                                          -l, --listening                                                                     Show only listening sockets.  (These are omitted by default.)                                                                                               -a, --all                                                                           Show both listening and non-listening sockets.  With the --interfaces opt                                                                                   -F                                                                                  Print routing information from the FIB.  (This is the default.)                                                                                             -C                                                                            Manual page netstat(8) line 71 (press h for help or q to quit)                 

admin@i-0be4fa9417f6a9d57:~$ less /var/log/journal/ec26942be8219bc22967aa0256120system.journal                                                                  system@df99c4b1471c47279f87f0a9acf83714-0000000000000001-00060590bd3fe579.journaadmin@i-0be4fa9417f6a9d57:~$ less /var/log/journal/ec26942be8219bc22967aa0256120"/var/log/journal/ec26942be8219bc22967aa0256120fca/system.journal" may be a binaadmin@i-0be4fa9417f6a9d57:~$ less /var/log/^C                                   admin@i-0be4fa9417f6a9d57:~$ ls                                                 agent  webserver.py                                                             admin@i-0be4fa9417f6a9d57:~$ ./webserver.py                                     bash: ./webserver.py: Permission denied                                         admin@i-0be4fa9417f6a9d57:~$ chmod +x ./webserver.py                            chmod: changing permissions of './webserver.py': Operation not permitted        admin@i-0be4fa9417f6a9d57:~$ curl localhost:500                                 curl: (7) Failed to connect to localhost port 500: Connection refused           admin@i-0be4fa9417f6a9d57:~$