SadServers Joined on September 10, 2023

admin        680  0.1  4.1  98188 19460 pts/0    R<l+ 04:47   0:00 /usr/bin/pythc -t paris/i-02e1488c6b3b7615d -q -i 2 /var/log/cast/i-02e148                   admin        683  0.0  3.1  24456 14808 pts/0    S<+  04:47   0:00 /usr/bin/pythc -t paris/i-02e1488c6b3b7615d -q -i 2 /var/log/cast/i-02e148                   admin        684  0.0  0.1   2480   512 pts/1    S<s  04:47   0:00 sh -c /bin/baadmin        685  0.0  1.0   7216  5060 pts/1    S<   04:47   0:00 /bin/bash    admin        877  0.0  0.7   8648  3284 pts/1    R<+  04:50   0:00 ps aux       admin@i-02e1488c6b3b7615d:~$ pwd                                                /home/admin                                                                     admin@i-02e1488c6b3b7615d:~$ ls                                                 agent  webserver.py                                                             admin@i-02e1488c6b3b7615d:~$ vim webserver.py                                   admin@i-02e1488c6b3b7615d:~$ cat webserver.py                                   cat: webserver.py: Permission denied                                            admin@i-02e1488c6b3b7615d:~$                                                    

udev             217M     0  217M   0% /dev                                     tmpfs             46M  368K   46M   1% /run                                     /dev/nvme0n1p1   7.7G  6.1G  1.2G  84% /                                        tmpfs            228M   12K  228M   1% /dev/shm                                 tmpfs            5.0M     0  5.0M   0% /run/lock                                /dev/nvme0n1p15  124M  5.9M  118M   5% /boot/efi                                admin@i-0aa7b9c7142e9f812:~$ df -i                                              Filesystem      Inodes IUsed  IFree IUse% Mounted on                            udev             55457   307  55150    1% /dev                                  tmpfs            58292   440  57852    1% /run                                  /dev/nvme0n1p1  516096 32800 483296    7% /                                     tmpfs            58292     4  58288    1% /dev/shm                              tmpfs            58292     3  58289    1% /run/lock                             /dev/nvme0n1p15      0     0      0     - /boot/efi                             admin@i-0aa7b9c7142e9f812:~$                                                    

admin@i-06f09f3099a79913a:~$ curl -v https:/ 2>&1 | grep -i "User-Agent"        

admin@i-0d7b1e633f1eba49f:~$ ls                                                 agent  webserver.py                                                             admin@i-0d7b1e633f1eba49f:~$ curl -A "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) G

    #1) Respect the privacy of others.                                              #2) Think before you type.                                                      #3) With great power comes great responsibility.                                                                                                            [sudo] password for admin:                                                                                                                                      [1]+  Stopped                 sudo cat webserver.py                             admin@i-03f882b0543e6e7c2:~$ ls -l webserver.py                                 -rwxrwx--- 1 root root 360 Sep 24  2023 webserver.py                            admin@i-03f882b0543e6e7c2:~$ vi webserver.py                                                                                                                    [2]+  Stopped                 vi webserver.py                                   admin@i-03f882b0543e6e7c2:~$ local                                              local       locale      locale-gen  localectl   localedef                       admin@i-03f882b0543e6e7c2:~$ curl:                                              

r10            0x7ffff7fc5d20      140737353899296                              r11            0x212               530                                          r12            0x0                 0                                            r13            0x0                 0                                            r14            0xc0000021a0        824633729440                                 r15            0xffffffffffffffff  -1                                           rip            0x4a524d            0x4a524d <main.main+1133>                    eflags         0x202               [ IF ]                                       cs             0x33                51                                           ss             0x2b                43                                           ds             0x0                 0                                            es             0x0                 0                                            fs             0x0                 0                                            gs             0x0                 0                                            (gdb) info i                                                                    

#1743577033                                                                     ls                                                                              #1743577047                                                                     curl -v localhost:5000                                                          #1743577116                                                                     sudo strings                                                                    #1743577124                                                                     strings webserver.py                                                            #1743577134                                                                     history                                                                         #1743577145                                                                     cat .bash                                                                       admin@i-0d877dbb17ad6b696:~$ ls                                                 agent  webserver.py                                                             admin@i-0d877dbb17ad6b696:~$                                                    

> GET / HTTP/1.1                                                                > Host: localhost:5000                                                          > User-Agent: curl/7.74.0                                                       > Accept: */*                                                                   >                                                                               * Mark bundle as not supporting multiuse                                        < HTTP/1.1 200 OK                                                               < Server: Werkzeug/2.3.7 Python/3.9.2                                           < Date: Tue, 01 Apr 2025 18:12:34 GMT                                           < Content-Type: text/html; charset=utf-8                                        < Content-Length: 12                                                            < Connection: close                                                             <                                                                               * Closing connection 0                                                          Unauthorizedadmin@i-0ee1ca32c9dfadcdf:~$ curl -                                 

HTTP/1.1 200 OK                                                                 < Server: Werkzeug/2.3.7 Python/3.9.2                                           Server: Werkzeug/2.3.7 Python/3.9.2                                             < Date: Tue, 01 Apr 2025 17:58:27 GMT                                           Date: Tue, 01 Apr 2025 17:58:27 GMT                                             < Content-Type: text/html; charset=utf-8                                        Content-Type: text/html; charset=utf-8                                          < Content-Length: 12                                                            Content-Length: 12                                                              < Connection: close                                                             Connection: close                                                                                                                                               <                                                                               * Closing connection 0                                                          admin@i-008ec799d95ca98b2:~$ curl -A "Mozilla/5.0 (Debug Mode)" http://lo       

.py                                                                             admin@i-0ce7f2ac65a56b811:~$ ls -la                                             total 44                                                                        drwxr-xr-x 6 admin admin 4096 Sep 24  2023 .                                    drwxr-xr-x 3 root  root  4096 Sep 17  2023 ..                                   drwx------ 3 admin admin 4096 Sep 20  2023 .ansible                             -rw------- 1 admin admin  357 Apr  1 17:37 .bash_history                        -rw-r--r-- 1 admin admin  220 Aug  4  2021 .bash_logout                         -rw-r--r-- 1 admin admin 3526 Aug  4  2021 .bashrc                              drwxr-xr-x 3 admin admin 4096 Sep 20  2023 .config                              -rw-r--r-- 1 admin admin  807 Aug  4  2021 .profile                             drwx------ 2 admin admin 4096 Sep 17  2023 .ssh                                 drwxr-xr-x 2 admin root  4096 Sep 24  2023 agent                                -rwxrwx--- 1 root  root   360 Sep 24  2023 webserver.py                         admin@i-0ce7f2ac65a56b811:~$                                                    

admin@i-01cb6332476038615:~$ nc localhost 5000                                  GET /                                                                                                                                                           Welcome! Password is FDZPmh5AX3oiJt                                             

admin@i-0ed3276435f610d44:~$ nv localhost 5000                                  bash: nv: command not found                                                     admin@i-0ed3276435f610d44:~$ nc localhost 5000                                                                                                                  GET /                                                                           admin@i-0ed3276435f610d44:~$                                                    admin@i-0ed3276435f610d44:~$ Get /                                              bash: Get: command not found                                                    admin@i-0ed3276435f610d44:~$ nc localhost 5000                                  GET /                                                                                                                                                           Welcome! Password is FDZPmh5AX3oiJt                                             admin@i-0ed3276435f610d44:~$ echo FDZPmh5AX3oiJt                                

Nmap scan report for localhost (127.0.0.1)                                      Host is up (0.00012s latency).                                                  Not shown: 65531 closed ports                                                   PORT     STATE SERVICE                                                          22/tcp   open  ssh                                                              5000/tcp open  upnp                                                             6767/tcp open  bmc-perf-agent                                                   8080/tcp open  http-proxy                                                                                                                                       Nmap done: 1 IP address (1 host up) scanned in 2.00 seconds                     admin@i-0bd5b654fd39570e9:~$ nc 5000 port                                       nc: port number invalid: port                                                   admin@i-0bd5b654fd39570e9:~$ nc localhost port                                  nc: port number invalid: port                                                   admin@i-0bd5b654fd39570e9:~$ nc                                                 

  nmap -v -iR 10000 -Pn -p 80                                                   SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES admin@i-0c4a9c08824633f19:~$ nmap -p- --min-rate=1000 -T4 localhost             Starting Nmap 7.80 ( https://nmap.org ) at 2025-04-01 14:02 UTC                 Nmap scan report for localhost (127.0.0.1)                                      Host is up (0.00019s latency).                                                  Not shown: 65531 closed ports                                                   PORT     STATE SERVICE                                                          22/tcp   open  ssh                                                              5000/tcp open  upnp                                                             6767/tcp open  bmc-perf-agent                                                   8080/tcp open  http-proxy                                                                                                                                       Nmap done: 1 IP address (1 host up) scanned in 2.18 seconds                     admin@i-0c4a9c08824633f19:~$ nmap -p- --min-rate=1000 -T4