Skip to main content
Godfrey Yang
  1. Posts/

Linux Challenges

·1971 words·10 mins
Security Cloud Try Hack Me Beginner
Author
Godfrey Yang
Engineering background, cybersecurity focus, and a preference for practical writeups.
Table of Contents

As this blog is about my journey from zero to hero in the infosec community, I thought a good place to start would be to do some writeups of some basic Linux challenges. The way I will structure these posts is by first providing a list of fundamental knowledge that you will require to understand followed by a walkthrough of every challenge.

Knowledge
#

I am within the assumption that you what Linux is, however if you don’t; Linux is an operating system much like the similarly used Windows and MacOS. There are multiple methods to run Linux and this is either through a virtual machine or to downloaded it for your computer. A recommendation would be to use a distribution called Ubuntu or use the Kali Tool for this challenge.

Specifically for this set of Linux challenge, there are a few commands that you should be comfortable with and these are:

  • ls - Lists folders/files within your current directory (Folder you are currently in).
  • cd - Change directory to a specified folder.
  • cat - Show content of file within the command-line.
  • vi - Text editor to make modifications of a file.
  • grep - Search for keywords/regular expressions and print all matching lines.
  • history - Show history of previous commands used.
  • su - Substitute user which allows using certain privileges by authenticating as a different user.
  • sudo - When required to use elevated privileges.
  • ps - Show system processes
  • tar - Used to compress/decompress files or quickly access a collection of files.

Some of these commands have flags (Command-line flags to specify options) to have a more advanced utility and it is recommended to research through using Google by typing the commands as listed above.

Walkthrough
#

Task 1 - Linux Challenges Introduction
#

How many visible files can you see in Garry’s home directory?
#

By typing “ls” within the command-line you can see the list of folders/files.

  ls

flag1.txt flag24 flag29

This answer is self-explanatory. Just count the number of files.

Answer: 3

Task 2 - The Basics
#

Flag 1
#

To read what is within flag 1, you will have to use a text editor. For this example, I will use VI.

  vi flag1.txt

Flag 1: f40dc0cff080ad38a6ba9a1c2c038b2c

Log into bobs account to get flag 2.

Username: bob Password: linuxrules

Flag 1 is listed and the username and password for bob is required for the next flag. To exit out press the “Esc” key and type “:q!”.

Answer: f40dc0cff080ad38a6ba9a1c2c038b2c

Flag 2
#

Log into bob’s account using the credentials shown in flag 1 by using the following command:

  su -l bob

Password: linuxrules

You are then prompted to type the password as shown in flag 1. After that you can determine the flag by using the same method through obtaining flag 1 or use an easier method using:

  cat flag2.txt

Flag 2: 8e255dfa51c9cce67420d2386cede596

Answer: 8e255dfa51c9cce67420d2386cede596

Flag 3
#

Through using the “history” command, you can see the commands you have used. Flag 3 will be at the top of the history.

  history

1 9daf3281745c2d75fc6e992ccfdedfcd

Answer: 9daf3281745c2d75fc6e992ccfdedfcd

Flag 4
#

As stated within the challenge, we will be using crontab. Otherwise, the commands “cat” or “vi” will do the same.

  crontab -l

Flag4: dcd5d1dcfac0578c99b7e7a6437827f3

Answer: dcd5d1dcfac0578c99b7e7a6437827f3

Flag 5
#

Using “grep” and the “-rnw” flag, you can find specific file names you want. It shows the location of the file.

  grep -rnw 'flag5'

/lib/terminfo/E/flag5.txt

After knowing the location, use the “cat” command to find the contents within.

  cat /lib/terminfo/E/flag5.txt

bd8f33216075e5ba07c9ed41261d1703

Answer: bd8f33216075e5ba07c9ed41261d1703

Flag 6
#

Similarly using “grep”, find the location of flag 6.

  grep -rnw 'flag6'

/home/flag6.txt

Here you are unable to “cat” as it contains other messages unrelated to the flag. Therefore you must use “grep” in conjunction with “cat”. As stated within the challenge, we require to find “c9” and this will be highlighted within the text.

  cat /home/flag6.txt | grep c9

c9e142a1e25b24a837b98db589b08be5

Answer: c9e142a1e25b24a837b98db589b08be5

Flag 7
#

To check the system processes you use the command “ps”. Furthermore, using the flags “-aef” are necessary. After scrolling through the system processes, you can see a line containing flag 7.

  ps -aef

root 1388 1 0 01:38 ? 00:00:00 flag7:274adb75b337307bd57807c005ee6358 1000000

Answer: 274adb75b337307bd57807c005ee6358

Flag 8
#

To decompress a “tar.gz” file we require to use the “tar” command with the flags “-xvf”.

  tar -xvf flag8.tar.gz

flag8.txt

Using “cat” command to read content.

  cat flag8.txt

75f5edb76fe98dd5fc9f577a3f5de9bc

Answer: 75f5edb76fe98dd5fc9f577a3f5de9bc

Flag 9
#

The host file is located within “/etc/hosts” on Linux machines. You can use “cat” to find the contents inside.

  cat /etc/hosts

127.0.0.0 dcf50ad844f9fe06339041ccc0d6e280.com

Answer: dcf50ad844f9fe06339041ccc0d6e280

Flag 10
#

To find all the users within the system, you can use the “/etc/passwd” file to see them (It does not tell the password of each user though as it requires a hash key). The flag will be shown under Bob’s account.

  cat /etc/passwd

bob:x:1001:1001:BOB,,,:/home/bob:/bin/bash 5e23deecfe3a7292970ee48ff1b6d00c:x:1002:1002:,,,:/home/5e23deecfe3a7292970ee48ff1b6d00c:/bin/bash

Answer: 5e23deecfe3a7292970ee48ff1b6d00c

Task 3 - Linux Functionality
#

Flag 11
#

To find the flag, you are required to understand that each time you open the command-line interface (Called Bash on Linux); the “.bashrc” automatically runs with the set of commands contained within the file. The alias is a command that makes other commands more simple each time Bash is initiated and thus is also stored within the “.bashrc” file.

  cat .bashrc

alias flag 11=‘echo “You need to look where the alias are created…”’ #b4ba05d85801f62c4c0d05d3a76432e0

Answer: b4ba05d85801f62c4c0d05d3a76432e0

Flag 12
#

The MOTD (Message of the Day), sends a common message to all the users when they log into the system. This file is normally located within “/etc/update-motd.d”. The script however, is listed as “00-header” and therefore the command “cat” should be used on the file.

  cat /etc/update-motd.d/00-header

Flag12: 01687f0c5e63382f1c9cc783ad44ff7f

Answer: 01687f0c5e63382f1c9cc783ad44ff7f

Flag 13
#

As flag 13 is a folder, we would change into the directory and list the file contents. Through using the commands:

  cd flag13
  ls

script1 script2

As seen here, there are two files. To check the difference between the two files, we require to use the “diff” command followed by the two files that require checking.

  diff script1 script2

Lightroller sees 3383f3771ba86b1ed9ab7fbf8abab531 Smith walking stiffly toward him and quickly goes to him. He yells into the Captain’s ear, though cupped hands, over the roar of the steam…

Answer: 3383f3771ba86b1ed9ab7fbf8abab531

Flag 14
#

The log files are normally stored within “/var/log”. First it is required to change into the directory and then “cat” the content from “flagtourteen.txt” (Yes, the file is spelt like that).

  cd /var/log
  ls

apeche2 flagtourteen.txt syslog

  cat flagtourteen.txt

71c3a8ad9752666275dadf62a93ef393

Answer: 71c3a8ad9752666275dadf62a93ef393

Flag 15
#

The system information can be found within the “/etc/*release” file.

  cat /etc/*release

FLAG_15=a914945a4b2b5e934ae06ad6f9c6be45

Answer: a914945a4b2b5e934ae06ad6f9c6be45

Flag 16
#

To check system mounts, you are able to see it within “/media”. This challenge required you to change directory (cd) multiple times until you can see the folder containing the actual flag.

  cd /media/f/l/a/g/1/6/is
  ls

cab4b7cae33c87794d82efa1e7f834e6

Answer: cab4b7cae33c87794d82efa1e7f834e6

Flag 17
#

Similar to logging in as Bob, now you have Alice’s account details. To login use the “su -l” command and type her corresponding password. After inside her account, we are then able to use the “cat” command to find flag 17.

  su -l alice

Password: TryHackMe123

  cat flag17

89d7bce9d0bab49e11e194b54a601362

Answer: 89d7bce9d0bab49e11e194b54a601362

Flag 18
#

To list invisible folders/files you are required to use the “ls” command in conjunction with the “-a” flag.

  ls -a

.. .bashrc .flag18 flag22 .lesshst .viminfo

  cat .flag18

c6522bb26600d30254549b6574d2cef2

Answer: c6522bb26600d30254549b6574d2cef2

Flag 19
#

There are a few ways to find a specific line. Originally, I used the “head” command which shows all the lines up to a particular number.

  head -n 2345 flag19

… 490e69bd1bf3fc736cce9ff300653a3b

Through the hint, it said to use the “sed” command which shows the specified line.

  sed -n 2345p flag19

490e69bd1bf3fc736cce9ff300653a3b

Answer: 490e69bd1bf3fc736cce9ff300653a3b

Task 4 - Data Representation, Strings and Permissions
#

Flag 20
#

Decode with base64

  base64 -d flag20

02b9aab8a29970db08ec77ae425f6e68

Answer: 02b9aab8a29970db08ec77ae425f6e68

Flag 21
#

  su -l bob

Password: linuxrules

  less flag21.php

<?=`$ POST[Flag21_g00djob]`?><?=‘MoreToThisFileThanYouThink’;?>

Answer: g00djob

Flag 22
#

  su -l alice

Password: TryHackMe123

“-r” converts hex into ascii “-p” use plain format

  xxd -r -p flag22

9d1ae8d569c83e03d8a8f61568a0fa7d

Answer: 9d1ae8d569c83e03d8a8f61568a0fa7d

Flag 23
#

  rev flag23

ea52970566f4c090a7348b033852bff5

Answer: ea52970566f4c090a7348b033852bff5

Flag 24
#

  su -l garry

Password: letmein

  strings flag24

Answer: hidd3nStr1ng

Flag 25
#

Does not exist.

Flag 26
#

Unable to locate.

Flag 27
#

By running “sudo -l”, you are able to see which user is able to access the root flag. In this case it states Alice is able to use Flag 27.

  su -l alice

Password: TryHackMe123

  sudo cat /home/flag27

6fc0c805702baebb0ecc01ae9e5a0db5

Answer: 6fc0c805702baebb0ecc01ae9e5a0db5

Flag 28
#

To find the details of the computer software, “uname” command is used. You are able to use the “-a” flag to show all the details, or specifically use the “-r” flag to see the kernel version.

  uname -r

4.4.0-1075-aws

Answer: 4.4.0-1075-aws

Flag 29
#

This can be found if you remove all the spaces within the file. As stated in the question, it is the last element split by the comma.

  cat flag29 | tr -d ' '

,fastidiisuscipitmeaei.

Answer: fastidiisuscipitmeaei

Task 5 - SQL, FTP, Groups and RDP
#

Flag 30
#

Through using curl, you want to collect files through the localhost.

  curl localhost

flag30: fe74bb12fe03c5d8dfc245bdd1eae13f

Answer: fe74bb12fe03c5d8dfc245bdd1eae13f

Flag 31
#

Firstly, you have to login to mySQL to be able to have assess to the database name.

  mysql -u root -p

Password: hello

After logging in, you issue the command to see all the database names:

  show databases;

database_2fb1cab13bf5f4d61de3555430c917f4

Answer: 2fb1cab13bf5f4d61de3555430c917f4

Flag 31 (Bonus)
#

After finding the name of the database, you must now access it and read inside the contents.

  use database_2fb1cab13bf5f4d61de3555430c917f4
  show tables;

| flags |

As you can see, the database only contains one set of data. To read inside, you use the command:

  select * from flags:

|1| ee5954ee1d4d94d61c2f823d7b9d733c |

Answer: ee5954ee1d4d94d61c2f823d7b9d733c

Flag 32
#

This flag is quite difficult. Firstly, you must log in as Alice.

  su -l alice

Password: TryHackMe123

After logging in as Alice, we require to send the file “flag32.mp3” from her home directory. Use the “ls” command to ensure you can see the file. After making sure that it exist, we are then required to secure copy (scp command) through the use of SSH. It is assumed that you have connected to the “TryHackMe” server with OpenVPN already.

On Linux and Windows, you are able to find your username (Don’t mistaken with computer name) with the command:

  whoami

Then to find your IP address, you use the command:

  LINUX:
    ifconfig
    OR
    ip a
  WINDOWS:
    ipconfig

In the command below, between the “<” and “>” you must replace it with your own details. This will save the file to your desktop.

  LINUX:
    scp flag32.mp3 <USERNAME>@<IP-ADDRESS>:/home/<USERNAME>/Desktop
  WINDOWS:
    scp flag32.mp3 <USERNAME>@<IP-ADDRESS>:/C:/Users/<USERNAME>/Desktop

Password:

If it doesn’t work, make sure SSH service is running on your computer. Finally you can open the file and listen what is in it.

Answer: tryhackme1337

Flag 33
#

This flag is stored in Bob’s directory.

  su -l bob

Password: linuxrules

Then to see your profile, use the command:

  cat .profile

#Flag 33: 547b6ceee3c5b997b625de99b044f5cf

Answer: 547b6ceee3c5b997b625de99b044f5cf

Flag 34
#

To list all the system variables, you use the command:

  env

flag34=7a88306309fe05070a7c5bb26a6b2def

Otherwise, as the hint also states:

  echo $flag34

7a88306309fe05070a7c5bb26a6b2def

Answer: 7a88306309fe05070a7c5bb26a6b2def

Flag 35
#

To list all groups on a system, use the command:

  getent group

flag35_769afb6:x:1005:

Answer: 769afb6

Flag 36
#

  getent group hacker

hacker:x:1004:bob

As Bob is within the group hacker, he has permission to read flag 36. The flag is within the path “etc”.

  cat /etc/flag36

83d233f2ffa388e5f0b053848caed1eb

Answer: 83d233f2ffa388e5f0b053848caed1eb

Conclusion
#

In conclusion, this challenge had jogged up my memory and made me understand Linux a bit better. There are a lot of commands that I had no previous knowledge about and this is why Google is the best tool to use for research and learning concepts.