#2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      sudo: a password is required                                                    admin@i-0b509c48b21df0a47:~$ sudo su -                                                                                                                          We trust you have received the usual lecture from the local System              Administrator. It usually boils down to these three things:                                                                                                         #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                      

        [ -q|--quiet ]                                                                  [ -v|--verbose ]                                                                [ -y|--yes ]                                                                    [ -t|--test ]                                                                   [    --commandprofile String ]                                                  [    --config String ]                                                          [    --driverloaded y|n ]                                                       [    --nolocking ]                                                              [    --lockopt String ]                                                         [    --longhelp ]                                                               [    --profile String ]                                                         [    --version ]                                                                                                                                          Use --longhelp to show all options and advanced commands.                     admin@i-075cf9d9f372e0f42:~$                                                    

    2  2023-09-20T15:58:02 exit                                                     3  2023-12-18T23:23:28 ls                                                       4  2023-12-18T23:23:32 vim webserver.py                                         5  2023-12-18T23:23:35 ls -l                                                    6  2023-12-18T23:23:37 sudo -l                                                  7  2023-12-18T23:23:44 sudo view webserver.py                                   8  2023-12-18T23:24:00 ls                                                       9  2023-12-18T23:24:02 ls agent                                                10  2023-12-18T23:24:08 view agent/check.sh                                     11  2023-12-18T23:24:22 netstat -nl4                                            12  2023-12-18T23:24:29 curl 127.0.0.1:5000                                     13  2023-12-18T23:24:40 curl -v 127.0.0.1:5000                                  14  2023-12-18T23:25:09 history                                              admin@i-091ee8f6864cabf76:~$ view .bash_history                                 admin@i-091ee8f6864cabf76:~$                                                    

admin@i-0db08a32edef2fcc2:~$                                                    

lsof      835                    admin  mem       REG              259,1   61712-linux-gnu/libpcre2-8.so.0.10.1                                                 lsof      835                    admin  mem       REG              259,1  190153-linux-gnu/libc-2.31.so                                                         lsof      835                    admin  mem       REG              259,1   16612-linux-gnu/libselinux.so.1                                                      lsof      835                    admin  mem       REG              259,1   17792-linux-gnu/ld-2.31.so                                                           lsof      835                    admin    4r     FIFO               0,11      0tlsof      835                    admin    7w     FIFO               0,11      0tadmin@i-00d15eebefe1eaf63:~$ lsof -nP -iTCP -sTCP:LISTEN                        COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME                        gotty    563 admin    6u  IPv6   1900      0t0  TCP *:8080 (LISTEN)             sadagent 564 admin    7u  IPv6   1875      0t0  TCP *:6767 (LISTEN)             admin@i-00d15eebefe1eaf63:~$ lsof -nP -i                                        

Saving to: ‘index.html’                                                                                                                                         index.html                                           100%[======================                                                                                2023-12-18 12:29:59 (230 KB/s) - ‘index.html’ saved [12/12]                                                                                                     admin@i-0e0c49ce0b601c9b4:~$ cat index.html                                     Unauthorizedadmin@i-0e0c49ce0b601c9b4:~$ ss -tlnp                               State                 Recv-Q                Send-Q                              LISTEN                0                     128                                 LISTEN                0                     128                                 LISTEN                0                     4096                                LISTEN                0                     4096                                LISTEN                0                     128                                 admin@i-0e0c49ce0b601c9b4:~$ wget                                               

tmpfs            5.0M     0  5.0M   0% /run/lock                                /dev/nvme0n1p15  124M  5.9M  118M   5% /boot/efi                                admin@i-034e45a58421c4056:~$ cat /etc/fstab                                     # /etc/fstab: static file system information                                    UUID=811e12d8-f542-4650-9330-8d96633bd90c / ext4 rw,discard,errors=remount-ro,x-UUID=8690-F844 /boot/efi vfat defaults 0 0                                      admin@i-034e45a58421c4056:~$ sudo lsblk -l                                      NAME       MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT                                  nvme1n1    259:0    0    1G  0 disk                                             nvme0n1    259:1    0    8G  0 disk                                             nvme2n1    259:2    0    1G  0 disk                                             nvme0n1p1  259:3    0  7.9G  0 part /                                           nvme0n1p14 259:4    0    3M  0 part                                             nvme0n1p15 259:5    0  124M  0 part /boot/efi                                   admin@i-034e45a58421c4056:~$                                                    

   DISC-ZERO  discard zeroes data                                                      WSAME  write same max bytes                                                       WWN  unique storage identifier                                                 RAND  adds randomness                                                         PKNAME  internal parent kernel device name                                        HCTL  Host:Channel:Target:Lun for SCSI                                          TRAN  device transport type                                               SUBSYSTEMS  de-duplicated chain of subsystems                                          REV  device revision                                                         VENDOR  device vendor                                                            ZONED  zone model                                                                 DAX  dax-capable device                                                                                                                                For more details see lsblk(8).                                                  admin@i-0ffaf8917b90c1ed2:~$ man lsblk                                          

admin        686  0.0  0.9   6740  4540 pts/0    S<s+ 22:25   0:00 bash -l      admin        690  0.8  4.1  98188 19416 pts/0    D<l+ 22:25   0:00 /usr/bin/pyth-t paris/i-07602503257110b80 -q -i 2 /var/log/cast/i-076025032571               admin        693  0.0  3.0  24456 14444 pts/0    R<+  22:25   0:00 /usr/bin/pyth-t paris/i-07602503257110b80 -q -i 2 /var/log/cast/i-076025032571               admin        694  0.0  0.1   2480   512 pts/1    S<s  22:25   0:00 sh -c /bin/baadmin        695  0.0  0.9   6820  4460 pts/1    S<   22:25   0:00 /bin/bash    admin        730  0.0  0.6   8648  3160 pts/1    R<+  22:26   0:00 ps aux       admin@i-07602503257110b80:~$ ps aux | grep nginx                                admin        732  0.0  0.1   5264   640 pts/1    S<+  22:26   0:00 grep nginx   admin@i-07602503257110b80:~$ ps aux | grep apache                               admin        734  0.0  0.1   5264   640 pts/1    S<+  22:26   0:00 grep apache  admin@i-07602503257110b80:~$ ls                                                 agent  webserver.py                                                             admin@i-07602503257110b80:~$ cat webserver.py                                   

     Memory: 21.9M                                                                      CPU: 345ms                                                                   CGroup: /system.slice/flaskapp.service                                                  └─582 /usr/bin/python3 /home/admin/webserver.py                                                                                                    Dec 17 20:47:26 i-0d7d6ed418963724f systemd[1]: Started Flask Application.      Dec 17 20:47:27 i-0d7d6ed418963724f python3[582]:  * Serving Flask app 'webserveDec 17 20:47:27 i-0d7d6ed418963724f python3[582]:  * Debug mode: off            Dec 17 20:47:27 i-0d7d6ed418963724f python3[582]: WARNING: This is a developmentDec 17 20:47:27 i-0d7d6ed418963724f python3[582]:  * Running on http://127.0.0.1Dec 17 20:47:27 i-0d7d6ed418963724f python3[582]: Press CTRL+C to quit          Dec 17 20:48:01 i-0d7d6ed418963724f python3[582]: 127.0.0.1 - - [17/Dec/2023 20:Dec 17 20:48:40 i-0d7d6ed418963724f python3[582]: 127.0.0.1 - - [17/Dec/2023 20:Dec 17 20:51:59 i-0d7d6ed418963724f python3[582]: 127.0.0.1 - - [17/Dec/2023 20:(reverse-i-search)`curl': curl localhost:5000                                   

admin@i-0393e74711a64a715:~$ curl -A                                            

admin@i-037723d04d1282399:~$ netstat -tulnp                                     (Not all processes could be identified, non-owned process info                   will not be shown, you would have to be root to see it all.)                   Active Internet connections (only servers)                                      Proto Recv-Q Send-Q Local Address           Foreign Address         State       tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      tcp        0      0 127.0.0.1:5000          0.0.0.0:*               LISTEN      tcp6       0      0 :::22                   :::*                    LISTEN      tcp6       0      0 :::6767                 :::*                    LISTEN      tcp6       0      0 :::8080                 :::*                    LISTEN      udp        0      0 127.0.0.1:323           0.0.0.0:*                           udp        0      0 0.0.0.0:68              0.0.0.0:*                           udp6       0      0 fe80::8e1:d4ff:fe9b:546 :::*                                udp6       0      0 ::1:323                 :::*                                admin@i-037723d04d1282399:~$                                                    

/dev/nvme0n1p15  130M  6.2M  124M   5% /boot/efi                                admin@i-009350819f2d6345b:~$ pvcreate /dev/nvme1n1 /dev/nvme2n1                   WARNING: Running as a non-root user. Functionality may be unavailable.          /run/lock/lvm/P_global:aux: open failed: Permission denied                    admin@i-009350819f2d6345b:~$ sudo pvcreate /dev/nvme1n1 /dev/nvme2n1              Physical volume "/dev/nvme1n1" successfully created.                            Physical volume "/dev/nvme2n1" successfully created.                          admin@i-009350819f2d6345b:~$ sudo vgcreate vg /dev/nvme1n1 /dev/nvme2n1           Volume group "vg" successfully created                                        admin@i-009350819f2d6345b:~$ sudo lvcreate -n lv -l 100%FREE vg                   Logical volume "lv" created.                                                  admin@i-009350819f2d6345b:~$ mkfs.ext4 /dev/vg/lv                               mke2fs 1.46.2 (28-Feb-2021)                                                     Could not open /dev/vg/lv: Permission denied                                    admin@i-009350819f2d6345b:~$ mkfs.ext4 /dev/vg/lv                               

write(2, "main.main", 9main.main)                = 9                            write(2, "(", 1()                        = 1                                    write(2, ")\n", 2)                                                              )                      = 2                                                      write(2, "\t", 1        )                       = 1                             write(2, "./main.go", 9./main.go)                = 9                            write(2, ":", 1:)                        = 1                                    write(2, "64", 264)                       = 2                                   write(2, " +", 2 +)                       = 2                                   write(2, "0x47d", 50x47d)                    = 5                                write(2, "\n", 1                                                                )                       = 1                                                     exit_group(2)                           = ?                                     +++ exited with 2 +++                                                           admin@i-035d976ba3c56dd73:~$