Written By Akademy on Friday, February 21, 2020 | 11:25 PM
Hello there, welcome to another tryhackme CTF
write-up. Today, we are going through a Linux challenge. Either you are
a new or old Linux system user, this challenge is just for you. This
room is created to sharpen up your Linux skill.
Task 2: Introduction
Task 2-1: Garry’s home directory
First and foremost, ssh to Garry’s SSH shell using the following command.
$ ssh garry@<Machine IP>
Require directory list command
$ ls
Answer: 3
Task 3: The basic
Task 3-1: Flag 1
Require Read a file command
$ cat
Answer: f40dc0cff080ad38a6ba9a1c2c038b2c
Task 3-2: Flag 2
Login to bob’s SSH shell for flag 2
Answer: 8e255dfa51c9cce67420d2386cede596
Task 3-3: Flag 3
Use ls -la to list hidden file and directory. The flag is hidden within .bash_history.
Answer: 9daf3281745c2d75fc6e992ccfdedfcd
Task 3-4: Flag 4
Required user defined cornjob command
$ crontab -e
Answer: dcd5d1dcfac0578c99b7e7a6437827f3
Task 3-5: Flag 5
Flag 5 is hidden within bob directory. Use recursive search with -rnw flag
$ grep -rnw /home/bob -e 'flag5'
Answer: bd8f33216075e5ba07c9ed41261d1703
Task 3-6: Flag 6
Require recursive search command
$ cat /home/flag6.txt | grep c9
Answer: c9e142a1e25b24a837b98db589b08be5
Task 3-7: Flag 7
Require system process command
ps -aef
Answer: 274adb75b337307bd57807c005ee6358
Task 3-8: Flag 8
Require tar decompress command
$ tar -xvzf flag8.tar.gz
Answer: 75f5edb76fe98dd5fc9f577a3f5de9bc
Task 3-9: Flag 9
The hosts file located at /etc/hosts
$ cat /etc/hosts
Answer: dcf50ad844f9fe06339041ccc0d6e280
Task 3-10: Flag 10
You can find all user at /etc/passwd
$ /etc/passwd
Answer: 5e23deecfe3a7292970ee48ff1b6d00c
Task 4: Linux functionality
Task 4-1: Flag 11
The alias story within .bashrc file
$ cat .bashrc
Answer: b4ba05d85801f62c4c0d05d3a76432e0
Task 4-2: Flag 12
The banner usually stored at /etc/update-motd.d
$ cat /etc/update-motd.d/00-header
Answer: 01687f0c5e63382f1c9cc783ad44ff7f
Task 4-3: Flag 13
Require different command
$ diff flag13/script1 flag13/script2
Answer: 3383f3771ba86b1ed9ab7fbf8abab531
Task 4-4: Flag 14
Log files are usually store in /var/log
$ cat /var/log/flagtourteen.txt | grep 3
Answer: 71c3a8ad9752666275dadf62a93ef393
Task 4-5: Flag 15
You can find the system information at /etcc/*release
$ cat /etc/*release
Answer: a914945a4b2b5e934ae06ad6f9c6be45
Task 4-6: Flag 16
This one is a little bit tricky.
$ ls /media/f/l/a/g/1/6/is
Answer: cab4b7cae33c87794d82efa1e7f834e6
Task 4-7: Flag 17
Login to alice account and get the flag. (alice:TryHackMe123)
Answer: 89d7bce9d0bab49e11e194b54a601362
Task 4-8: Flag 18
It is a hidden file. List it using ls -la command.
$ cat .flag18
Answer: c6522bb26600d30254549b6574d2cef2
Task 4-9: Flag 19
To read a certain line of a text file, you need sed command
$ sed -n 2345p flag19
Answer: 490e69bd1bf3fc736cce9ff300653a3b
Task 5: Data representation, strings and permission
Task 5-1: Flag 20
Require base64 decoder.
$ cat flag20 | base64 --decode
Answer: 02b9aab8a29970db08ec77ae425f6e68
Task 5-2: Flag 21
You need less instead of cat to read the php file. The flag is inside bob directory.
$ less flag21.php
Answer: g00djob
Task 5-3: Flag 22
Require hex to ASCII converter
$ cat flag22 | xxd -r -p
Answer: 9d1ae8d569c83e03d8a8f61568a0fa7d
Task 5-4: Flag 23
Require a text reverse command
$ cat flag23|rev
Answer: ea52970566f4c090a7348b033852bff5
Task 5-5: Flag 24
To reveal readable strings, you are require strings command.
There are two ways to solve this problem. Through the browser or the
curl command. Since this is the Linux challenge, I suggested curl.
$ curl localhost
Answer: fe74bb12fe03c5d8dfc245bdd1eae13f
Task 6-2: Flag 31
If you are an expert on backend web production, this should be a
piece a cat for you. Firstly, log in to MySQL using the following
command.
$ mysql -u root -p
After that enter the password. The first thing you need to do is check all the available databases.
mysql> SHOW DATABASES;
Answer: 2fb1cab13bf5f4d61de3555430c917f4
Task 6-3: Flag 31_A
A bonus flag. After identifying the database, you need to list all the table.
mysql> USE database_2fb1cab13bf5f4d61de3555430c917f4
mysql> SHOW TABLES;
Look like we have a flag table inside the database. To read the content inside the table, u need to select all.
mysql> SELECT * FROM flags;
Answer: ee5954ee1d4d94d61c2f823d7b9d733c
Task 6-4: Flag 32
Download the flag from Alice directory using Filezilla and listen to it. Easy! Answer: tryhackme1337
Task 6-5: Flag 33
The .profile is the correct location to store your $PATH (Bob directory)
Answer: 547b6ceee3c5b997b625de99b044f5cf
Task 6-6: Flag 34
To list the enviroment variable, you need printenv command.
$ printenv
Answer: 7a88306309fe05070a7c5bb26a6b2def
Task 6-7: Flag 35
getent is the answer.
$ getent group
Answer: 769afb6
Task 6-8: Flag 36
The flag file is located at /etc. Who has the permission to read it?
$ id
$ cat /etc/flag36
Look like bob is the chosen one. Answer: 83d233f2ffa388e5f0b053848caed1eb
Task 6-9: Flag 37
You need remote access to the bob desktop. Punch in the following command in your own machine.
$ rdesktop -u bob -p linuxrules
The answer to this task is pending. But I found an interesting backup folder called deja-dup. Perhaps that is the answer?
Conclusion
That’s all for the Linux CTF challenge. Hope you learn something today. See you again 😉
Easter egg
This easter egg is for the Cross-site scripting in tryhackme
(XSS). This is the solution to Task 8. Just for future reference,
nothing personal. If you are interested in knowing how XSS works, you
can try the XSS room.
0 comments:
Post a Comment