Feb 4, 2020
TryHackMe: Linux Challenges [Writeup] pt.2
[Task 3] Linux Functionality
- Run the command flag11. Locate where your command alias are stored and get flag 11
Run command “flag11”
flag11
Run command “alias”
alias
The next step is looking into “.bashrc” . This is where alias is created.
ls -laHere’s “.bashrc”.
cat .bashrc
2. Flag12 is located were MOTD’s are usually found on an Ubuntu OS. What is flag12?
Normally, motd is stored in “/etc/update-motd.d/”
cd /etc/update-motd.d/ls
cat 00-header
3. Find the difference between two script files to find flag 13.
find / -name flag13 | grep flag13flag13 is located in /home/bob/flag13
cd /home/bob/flag13/ls
There’re 2 scripts.
diff script1 script2
4. Where on the file system are logs typically stored? Find flag 14.
cd /var/loglscat flagtourteen.txt
5. Can you find information about the system, such as the kernel version etc. Find flag 15.
I tried these commands:
uname -ahostnamectlcat /proc/versionlsb_release -acat /etc/*release
6. Flag 16 lies within another system mount.
“/media” directory contains subdirectories of removable devices
cd /media/f/l/a/g/1/6/isls
7. Login to alice’s account using her private key and get flag 17.
su alice
Password: TryHackMe123ls -lacat flag17
8. Find the hidden flag 18.
ls -lacat .flag18
9. Read the 2345th line of the file that contains flag 19.
awk ‘NR==2345’ flag19
[Task 4] Data Representation, Strings and Permissions
- Find and retrieve flag 20.
in Alice’s home directory (/home/alice/)
lscat flag 20
It is a base64 string. Have to decode it.
cat flag 20 | base64 -d
2. Inspect the flag21.php file. Find the flag
flag21.php is located in /home/bob
I tried:
cat flag21.phpmore flag21.php
less flag21.php
3. Locate and read flag 22. Its represented as hex.
find / -name flag22 | grep flag22flag22 is located in /home/alice/flag22
cd /home/alice/lscat flag22
It is hex code.
Decoding hex
cat flag22 | xxd -r -p
4. Locate, read and reverse flag 23.
cat flag23 | rev
5. Analyse the flag 24 compiled C program. Find a command that might reveal human readable strings when looking in the source code.
find / -type f -name flag24 | grep flag24flag 24 is located in /home/garry/flag24
cd /home/garry/./flag24
strings flag24
6. Flag 25 does not exist. — skipped
7. Locate and retrieve flag 26.
find / -xdev -type f -print0 2>/dev/null | xargs -0 grep -E ‘^[a-z0–9]{32}$’ 2>/dev/null
8. Locate and retrieve flag 27, which is owned by the root user.
sudo -l
sudo cat /home/flag27
10. What’s the linux kernel version?
uname -a
11. Find the file called flag 29 and do the following operations on it:
- Remove all spaces in file.
- Remove all new line spaces.
- Split by comma and get the last element in the split.
Find the file
find / -type f -name flag29 | grep flag29
cat /home/garry/flag29 | tr -d “ \n” > file.txtcat file.txt
Last element
[Task 5] SQL, FTP, Groups and RDP
- Use curl to find flag 30.
curl localhost
2. Flag 31 is a MySQL database name.
- MySQL username: root
- MySQL password: hello
mysql -u root -p
list database name
show databases;
3. Bonus flag question, get data out of the table from the database you found above!
use database_2fb1cab13bf5f4d61de3555430c917f4show tables;select * from flags;
4. Using SCP, FileZilla or another FTP client download flag32.mp3 to reveal flag 32.
Using FileZilla and download flag32.mp3 in /home/alice/
5. Flag 33 is located where your personal $PATH’s are stored.
cat /home/alice/.profileNothing
Try looking into bob’s directory
cat /home/bob/.profile
6. Switch your account back to bob. Using system variables, what is flag34?
su bob
password: linuxrulesprintenv
7. Look at all groups created on the system. What is flag 35?
cat /etc/group
8. Find the user which is apart of the “hacker” group and read flag 36.
List groups
groups
groups hackergroups bob
bob is in hacker group.
find / -type f -name flag36 | grep flag36cat /etc/flag36
13. Well done! You’ve completed the LinuxCTF room!
