Just another student with big dreams. I hack things and write about them. I'm trying to give clear notes and a good explanation for each one of them.
Linux fundamentals part 2
Get link
Facebook
Twitter
Pinterest
Email
Other Apps
-
Linux fundamentals
Linux Fundamentals Part 2
Task 1,2,3,4
In this case you can use their attack box or your machine. I’m using my machine to do this.
We got credentials to shiba2 from Linux Fundamentals Part 1
┌─[visith@parrot]─[~/Desktop/CTF/thm/Linux_Fundamentals/part_2]
└──╼ $ssh shiba2@10.10.204.136
The authenticity of host '10.10.204.136 (10.10.204.136)' can't be established.
ECDSA key fingerprint is SHA256:IivpLEJoW3uwEdrsiUSFX8EfJsQgcQS0K6mfWr08BNU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.10.204.136' (ECDSA) to the list of known hosts.
shiba2@10.10.204.136's password:pinguftw (you can't see the password when you typing it)....
shiba2@nootnoot:~$
Task 6
How would you set nootnoot equal to 1111?
export nootnoot=1111
What is the value of the home environment variable?
/home/shiba2
Task 9
How would you output twenty to a file called test?
How would you change the owner of file to paradox?
chown paradox file
What about the owner and the group of file to paradox?
chown paradox:paradox file
What flag allows you to operate on every file in the directory at once?
Look in to the man file using man chown
-R, --recursive
operate on files and directories recursively
Task 15
What permissions mean the user can read the file, the group can read and write to the file, and no one else can read, write or execute the file?
460
What permissions mean the user can read, write, and execute the file, the group can read, write, and execute the file, and everyone else can read, write, and execute the file.
777
Task 16
What flag deletes every file in a directory?
Take peek into the man page and u can find this flag
-r, -R, --recursive
remove directories and their contents recursively
How do you suppress all warning prompts?
-f, --force
ignore nonexistent files and arguments, never prompt
thm What we can learn from this machine : XXE injection Enumerations SUID exploit let’s start with a nmap scan. normal nmap scan found port 80 webserver called Mustacchio and port 22 ssh open running ubuntu. I try to running a full nmap scan for see more ports are open above the port 1000. # Nmap 7.91 scan initiated Sat Jun 12 14:57:25 2021 as: nmap -sC -sV -p- -oN scans/nmap-allports 10.10.236.36 Nmap scan report for 10.10.236.36 Host is up (0.15s latency). Not shown: 65532 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 d3:9e:50:66:5f:27:a0:60:a7:e8:8b:cb:a9:2a:f0:19 (RSA) | 256 5f:98:f4:5d:dc:a1:ee:01:3e:91:65:0a:80:52:de:ef (ECDSA) |_ 256 5e:17:6e:cd:44:35:a8:0b:46:18:cb:00:8d:49:b3:f6 (ED25519) 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) | http-robots.txt: 1 disallowed entry |_/ |_http-server-header: Apache/2.4.18 (Ubuntu) |_http-t
Welcome file Welcome to another CTF-writeup !! Tech_support:1 by vikaran. What we can learn from this machine. nmap scan , smbmap etc. (enumeration skills) subrion cms 4.2.1 RCE iconv sudo permission to overwritten files and read the files Let’s start with enumeration. First with nmap to see what port we have in the box. Nmap scan ┌── ( defalt@kali ) - [ ~/Documents/tryhackme/Tech_Supp0rt:1 ] └─$ nmap -sC -sV 10.10.168.200 Starting Nmap 7.92 ( https://nmap.org ) at 2022-04-15 21:29 PDT Nmap scan report for 10.10.168.20 Host is up ( 0.37s latency ) . Not shown: 996 closed tcp ports ( conn-refused ) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 ( Ubuntu Linux ; protocol 2.0 ) | ssh-hostkey: | 2048 10:8a:f5:72:d7:f9:7e:14:a5:c5:4f:9e:97:8b:3d:58 ( RSA ) | 256 7f:10:f5:57:41:3c:71:db:b5:5b:db:75:c9:76:30:5c ( ECDSA ) | _ 256 6b:4c:23:50:6f:36:00:7c:a6:7c:11:73:c1:a8:60:0c ( ED25519 ) 80/tcp open http Apache ht
Welcome file transformation Here u can use two methods recover this flag. you can simply use cyberchef online decoder or You can make a decode python script decode = '灩捯䍔䙻ㄶ形楴獟楮獴㌴摟潦弸彥ㄴㅡて㝽' print ( decode . encode ( 'utf-16-be' ) )
