TryHackMe: Linux Challenges [Writeup] pt.2

  1. Run the command flag11. Locate where your command alias are stored and get flag 11

Run command “flag11”


Run command “alias”


The next step is looking into “.bashrc” . This is where alias is created.

ls -la

Here’s “.bashrc”.

cat .bashrc

2. Flag12 is located were MOTD’s are usually found on an Ubuntu OS. What is flag12?
Normally, motd is stored in “/etc/update-motd.d/”

cd /etc/update-motd.d/ls
cat 00-header

3. Find the difference between two script files to find flag 13.

find / -name flag13 | grep flag13

flag13 is located in /home/bob/flag13

cd /home/bob/flag13/ls

There’re 2 scripts.

diff script1 script2

4. Where on the file system are logs typically stored? Find flag 14.

cd /var/loglscat flagtourteen.txt

5. Can you find information about the system, such as the kernel version etc. Find flag 15.
I tried these commands:

uname -ahostnamectlcat /proc/versionlsb_release -acat /etc/*release

6. Flag 16 lies within another system mount.
“/media” directory contains subdirectories of removable devices

cd /media/f/l/a/g/1/6/isls

7. Login to alice’s account using her private key and get flag 17.

su alice
Password: TryHackMe123
ls -lacat flag17

8. Find the hidden flag 18.

ls -lacat .flag18

9. Read the 2345th line of the file that contains flag 19.

awk ‘NR==2345’ flag19
  1. Find and retrieve flag 20.
    in Alice’s home directory (/home/alice/)
lscat flag 20

It is a base64 string. Have to decode it.

cat flag 20 | base64 -d

2. Inspect the flag21.php file. Find the flag
flag21.php is located in /home/bob
I tried:

cat flag21.phpmore flag21.php
less flag21.php

3. Locate and read flag 22. Its represented as hex.

find / -name flag22 | grep flag22

flag22 is located in /home/alice/flag22

cd /home/alice/lscat flag22

It is hex code.

Decoding hex

cat flag22 | xxd -r -p

4. Locate, read and reverse flag 23.

cat flag23 | rev

5. Analyse the flag 24 compiled C program. Find a command that might reveal human readable strings when looking in the source code.

find / -type f -name flag24 | grep flag24

flag 24 is located in /home/garry/flag24

cd /home/garry/./flag24
strings flag24

6. Flag 25 does not exist. — skipped

7. Locate and retrieve flag 26.

find / -xdev -type f -print0 2>/dev/null | xargs -0 grep -E ‘^[a-z0–9]{32}$’ 2>/dev/null

8. Locate and retrieve flag 27, which is owned by the root user.

sudo -l
sudo cat /home/flag27

10. What’s the linux kernel version?

uname -a

11. Find the file called flag 29 and do the following operations on it:
- Remove all spaces in file.
- Remove all new line spaces.
- Split by comma and get the last element in the split.

Find the file

find / -type f -name flag29 | grep flag29
cat /home/garry/flag29 | tr -d “ \n” > file.txtcat file.txt

Last element

  1. Use curl to find flag 30.
curl localhost

2. Flag 31 is a MySQL database name.
- MySQL username: root
- MySQL password: hello

mysql -u root -p

list database name

show databases;

3. Bonus flag question, get data out of the table from the database you found above!

use database_2fb1cab13bf5f4d61de3555430c917f4show tables;select * from flags;

4. Using SCP, FileZilla or another FTP client download flag32.mp3 to reveal flag 32.
Using FileZilla and download flag32.mp3 in /home/alice/

5. Flag 33 is located where your personal $PATH’s are stored.

cat /home/alice/.profile


Try looking into bob’s directory

cat /home/bob/.profile

6. Switch your account back to bob. Using system variables, what is flag34?

su bob
password: linuxrules

7. Look at all groups created on the system. What is flag 35?

cat /etc/group

8. Find the user which is apart of the “hacker” group and read flag 36.

List groups

groups hackergroups bob

bob is in hacker group.

find / -type f -name flag36 | grep flag36cat /etc/flag36

13. Well done! You’ve completed the LinuxCTF room!

Love podcasts or audiobooks? Learn on the go with our new app.

BUSTA VERSE State of Address!


Compare text differences between two contents (%) using Ruby on Rails

Unity for the win, on Bitrise too!

Why I go to hackathons and why you should consider going

How to Build a Serverless CRUD API with API Gateway, Lambda, and DynamoDB

Managing Kubernetes clusters with kubeadm and etcdctl

AWS Lambda trigger for logging a JIRA ticket on a 3 week rotation

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



More from Medium

Paper HackTheBox Write-Up

Hacktoria: Geolocation 10 (Walkthrough)

Livestream setup

AntyBank Security Innovations