root         572  0.1  6.0 107132 28272 ?        Ss   21:59   0:00 /usr/bin/pythroot         575  0.0  0.9 220796  4224 ?        Ssl  21:59   0:00 /usr/sbin/rsyroot         585  0.0  1.4  13492  6540 ?        Ss   21:59   0:00 /lib/systemd/root         590  0.0  1.5  13352  7188 ?        Ss   21:59   0:00 sshd: /usr/sbroot         591  0.0  0.3   2872  1764 tty1     Ss+  21:59   0:00 /sbin/agetty root         592  0.0  0.4   4396  2036 ttyS0    Ss+  21:59   0:00 /sbin/agetty _chrony      594  0.0  0.7  10852  3604 ?        S    21:59   0:00 /usr/sbin/chr_chrony      595  0.0  0.1  10724   556 ?        S    21:59   0:00  \_ /usr/sbinroot         609  0.0  3.7  26612 17372 ?        Ss   21:59   0:00 /usr/bin/pythroot         770  0.0  0.7   5788  3268 ?        Ss   22:02   0:00 /bin/bash /roroot         789  0.0  6.7 1254320 31692 ?       Sl   22:02   0:00  \_ mc mirroradmin@i-002259b1376148ae2:/var/log$ cd /home/admin/                             admin@i-002259b1376148ae2:~$ ls                                                 agent  webserver.py                                                             admin@i-002259b1376148ae2:~$ ps auxf | grep w                                   

admin@i-06f0d07ff112b7c2d:~/clmystery/mystery$ ^C                               admin@i-06f0d07ff112b7c2d:~/clmystery/mystery$ ^C                               admin@i-06f0d07ff112b7c2d:~/clmystery/mystery$ ^C                               admin@i-06f0d07ff112b7c2d:~/clmystery/mystery$ cat people | awk '{ system("bash awk: 1: unexpected character '''                                                cat: write error: Broken pipe                                                   admin@i-06f0d07ff112b7c2d:~/clmystery/mystery$ cat people | awk '{ system("bash  d                                                                              awk: 1: unexpected character '''                                                cat: write error: Broken pipe                                                   admin@i-06f0d07ff112b7c2d:~/clmystery/mystery$ cat people | awk '{ system("bash                                                                                 awk: 1: unexpected character '''                                                cat: write error: Broken pipe                                                   admin@i-06f0d07ff112b7c2d:~/clmystery/mystery$ cat people | awk '{ system("bash 

            [:delay_enter=DELAY][:delay_exit=DELAY][:when=WHEN],                  --inject=SET[:error=ERRNO|:retval=VALUE][:signal=SIG][:syscall=SYSCALL]                  [:delay_enter=DELAY][:delay_exit=DELAY][:when=WHEN]                                   perform syscall tampering for the syscalls in SET                   delay:      microseconds or NUMBER{s|ms|us|ns}                                  when:       FIRST[..LAST][+[STEP]]                                           -e fault=SET[:error=ERRNO][:when=WHEN], --fault=SET[:error=ERRNO][:when=WHEN]                  synonym for -e inject with default ERRNO set to ENOSYS.                                                                                        Miscellaneous:                                                                    -d, --debug    enable debug output to stderr                                    -h, --help     print help message                                               --seccomp-bpf  enable seccomp-bpf filtering                                     -V, --version  print version                                                  admin@i-054157b3157fdc4cd:~$ strace ./kihei -v                                  

> GET / HTTP/1.1                                                                > Host: localhost:5000                                                          > User-Agent: curl/7.74.0                                                       > Accept: */*                                                                   >                                                                               * Mark bundle as not supporting multiuse                                        < HTTP/1.1 200 OK                                                               < Server: Werkzeug/2.3.7 Python/3.9.2                                           < Date: Wed, 29 Jan 2025 13:43:21 GMT                                           < Content-Type: text/html; charset=utf-8                                        < Content-Length: 12                                                            < Connection: close                                                             <                                                                               * Closing connection 0                                                          Unauthorizedadmin@i-0c965baba3280997a:/etc/apache2/conf-available$ ls -la /etc/h