Linux fundamentals part 3

-
Linux fundamentals

Linux Fundamentals Part 3

Task 1

Let’s go ahead and connect to the shiba3. We got theshiba3 credentials from Linux Fundamentals Part 2.

[visith@parrot][~/Desktop/CTF/thm/Linux_Fundamentals/part_3]
└──╼ $ssh shiba3@10.10.242.136
The authenticity of host '10.10.242.136 (10.10.242.136)' can't be established.
ECDSA key fingerprint is SHA256:IivpLEJoW3uwEdrsiUSFX8EfJsQgcQS0K6mfWr08BNU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.242.136' (ECDSA) to the list of known hosts.
shiba3@10.10.242.136's password:happynootnoises
....
shiba3@nootnoot:~$

Task 3

  1. Using relative paths, how would you cd to your home directory?
cd ~
  1. Using absolute paths how would you make a directory called test in /tmp?
mkdir /tmp /test

Task 4

  1. How would I link /home/test/testfile to /tmp/test?
ln  /home/test/testfile /tmp/test

Task 5

  1. How do you find files that have specific permissions?
-perm
  1. How would you find all the files in /home?
find /home
  1. How would you find all the files owned by paradox on the whole system?
find / -user paradox

Task 6

  1. What flag lists line numbers for every string found?
-n
  1. How would I search for the string boop in the file aaaa in the directory /tmp?
grep boop /tmp /aaaa

Task 7

shiba3@nootnoot:~/test$ find /* |grep shiba4 > shiba4_location.txt
....
shiba3@nootnoot:~/test$ cat shiba4_location.txt 
/etc/shiba/shiba4
/home/shiba4
/home/shiba4/.profile
/home/shiba4/.bashrc
/home/shiba4/.bash_logout
/opt/secret/shiba4

This will also give you a list with files you do not have acces to. So I pipe the results into
shiba4_location.txt and output this on screen using cat shiba4_location.txt

  1. What is shiba4’s password?
hiba3@nootnoot:~/test$ cd ~
shiba3@nootnoot:~$ cd /opt/secret
shiba3@nootnoot:/opt/secret$ ls
shiba4
shiba3@nootnoot:/opt/secret$ ./shiba4
<password>
shiba3@nootnoot:/opt/secret$

Task 9

  1. How do you specify which user you want to run a command as.?
-u
  1. How would I run whoami as user jen?
sudo -u jen whoami
  1. How do you list your current sudo privileges(what commands you can run, who you can run them as etc.)
-l

Task 10

  1. How would I add the user test to the group test?
sudo usermod -a -G test test

Task 13

Important files and directories

  • /etc/passwd - Stores user information - Often used to see all the users on a system
  • /etc/shadow - Has all the passwords of these users
  • /etc/sudoers - Used to control the sudo permissions of every user on the system -
  • /home - The directory where all your downloads, documents etc are.
  • /root - The root user’s home directory
  • /usr - Where all your software is installed
  • /bin and /sbin - Used for system critical files - DO NOT DELETE
  • /var - The Linux miscellaneous directory, a myriad of processes store data in /var
  • $PATH - Stores all the binaries you’re able to run - same as $PATH on Windows

Popular posts from this blog

Mustacchio - TryHackMe

-
Image
thm What we can learn from this machine : XXE injection Enumerations SUID exploit let’s start with a nmap scan. normal nmap scan found port 80 webserver called Mustacchio and port 22 ssh open running ubuntu. I try to running a full nmap scan for see more ports are open above the port 1000. # Nmap 7.91 scan initiated Sat Jun 12 14:57:25 2021 as: nmap -sC -sV -p- -oN scans/nmap-allports 10.10.236.36 Nmap scan report for 10.10.236.36 Host is up (0.15s latency). Not shown: 65532 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 d3:9e:50:66:5f:27:a0:60:a7:e8:8b:cb:a9:2a:f0:19 (RSA) | 256 5f:98:f4:5d:dc:a1:ee:01:3e:91:65:0a:80:52:de:ef (ECDSA) |_ 256 5e:17:6e:cd:44:35:a8:0b:46:18:cb:00:8d:49:b3:f6 (ED25519) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-robots.txt: 1 disallowed entry |_/ |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-t
Read more

Tech_Supp0rt: 1 - TryHackMe

-
Image
Welcome file Welcome to another CTF-writeup !! Tech_support:1 by vikaran. What we can learn from this machine. nmap scan , smbmap etc. (enumeration skills) subrion cms 4.2.1 RCE iconv sudo permission to overwritten files and read the files Let’s start with enumeration. First with nmap to see what port we have in the box. Nmap scan ┌── ( defalt@kali ) - [ ~/Documents/tryhackme/Tech_Supp0rt:1 ] └─$ nmap -sC -sV 10.10.168.200 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-15 21:29 PDT Nmap scan report for 10.10.168.20 Host is up ( 0.37s latency ) . Not shown: 996 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 ( Ubuntu Linux ; protocol 2.0 ) | ssh-hostkey: | 2048 10:8a:f5:72:d7:f9:7e:14:a5:c5:4f:9e:97:8b:3d:58 ( RSA ) | 256 7f:10:f5:57:41:3c:71:db:b5:5b:db:75:c9:76:30:5c ( ECDSA ) | _ 256 6b:4c:23:50:6f:36:00:7c:a6:7c:11:73:c1:a8:60:0c ( ED25519 ) 80/tcp open http Apache ht
Read more