TryHackMe: Linux Fundamentals 2 –  Walkthrough

September 6, 2023
Posted in TryHackMe
September 6, 2023 Jasper

Welcome to my walkthrough of the second Linux Fundamentals room on TryHackMe! Let’s continue where we left of in part 1. The previous article van be found here.

I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by THMs rooms. Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.

Task 1 (Introduction)

Let’s get started. This room will introduce you to flags, arguments, advanced filesystem knowledge, and permissions!

Nothing more to do here but proceed to part 2!


Task 2 (Accessing Your Linux Machine Using SSH)

This task is very specific to TryHackMe. Therefore I recommend you to follow their guide very thoroughly at: https://tryhackme.com/room/linuxfundamentalspart2

I will be moving to task 3.


Task 3 (Introduction to flags and switches)

Most of the terminal commands allow for arguments to be given. These are given by writing a hyphen (‘-’) and a keyword, known as flags or switches).

When using a command, unless otherwise specified, it will perform its default behavior. For example, ls lists the contents of the working directory. However, hidden files are not shown. We can use flags and switches to extend the behavior of commands.

However, after using the -a argument (short for --all), we now suddenly have an output with a few more files and folders such as “.hiddenfolder”. Files and folders with “.” are hidden files.

Commands that accept these will also have a--help option. This option will list the possible options that the command accepts, provide a brief description and example of how to use it.

The manual pages are a great source of information for both system commands and applications available on both a Linux machine, which is accessible on the machine itself and online. To access this documentation, we can use the mancommand and then provide the command we want to read the documentation for.

Questions

Explore the manual page of the ls command

Write man ls.

Answer: Done

What directional arrow key would we use to navigate down the manual page?

Answer: down

What flag would we use to display the output in a “human-readable” way?

Using the -h flag

Answer: -h


Task 4 (Filesystem Interaction Continued)

It’s time to learn some new commands. In this room we will focus on creating, moving and deleting files and folder. We will learn the following commands:

  • touch — Creates a file
  • mkdir — Creates a directory
  • copy — Copies a file or folder
  • mv — Moves a file or folder
  • rm — Removes a file or folder
  • type — Outputs the type of a file

Creating Files and Folders (touch, mkdir)

Creating files and folders on Linux is a simple process. First, we’ll cover creating a file. The touch command takes exactly one argument — the name we want to give the file we create. For example, we can create the file “note” by using touch note. It’s worth noting that touch simply creates a blank file.

This is a similar process for making a folder, which just involves using the mkdir command and again providing the name that we want to assign to the directory.

Removing Files and Folders

You can simply remove files by using rm. If you want to remove folders though, you need to add the R switch alongside the name of the directory you wish to remove.

Copying and Moving Files and Folders

Copying and moving files is an important functionality on a Linux machine. Starting with cp, this command takes two arguments:

1. the name of the existing file

2. the name we wish to assign to the new file when copying

Moving a file takes two arguments, just like the cp command. However, rather than copying and/or creating a new file, mv will merge or modify the second file that we provide as an argument. Not only can you use mv to move a file to a new folder, but you can also use mv to rename a file or folder.

Determining File Type

We use file to determine the file type of a file:

tryhackme@linux2:~$ file note
note: ASCII text

Questions

How would you create the file named “newnote”?

Answer: touch newnote

On the deployable machine, what is the file type of “unknown1” in “tryhackme’s” home directory?

Just write file unknown1.

Reading the file type of unknown1

Answer: ASCII text

How would we move the file “myfile” to the directory “myfolder”

Answer: mv myfile myfolder

What are the contents of this file?

Reading the flag

Answer: THM{FILESYSTEM}

Continue to apply your knowledge and practice the commands from this task.

Answer: No answer needed


Task 5 (Permissions 101)

We can use the command ls -lh to list the permissions of all files in a folder.

tryhackme@linux2:~$ ls -lh
-rw-r--r-- 1 cmnatic cmnatic 0 Feb 19 10:37 file1
-rw-r--r-- 8 cmnatic cmnatic 0 Feb 19 10:37 file2

Although intimidating, these three columns are very important in determining certain characteristics of a file or folder and whether or not we have access to it. A file or folder can have a couple of characteristics that determine both what actions are allowed and what user or group has the ability to perform:

  • Read
  • Write
  • Execute

It has the “-” indicator highlighting that it is a file and then “rw” followed after. This means that only the owner of the file can read and write to this file but cannot execute it.

These symbols appear in three sets, corrosponding to different groups. They are grouped based on their ownership level (examples from ls -lh above):

1. Owner (rw-)
2. Group (r—-)
3. Other (r—-)

Switching Between Users

Switching between users on a Linux install is easy using the su command. Unless you are the root user (or using root permissions through sudo), then you are required to know two things to facilitate this transition of user accounts:

  • The user we wish to switch to
  • The user’s password

The su command takes a couple of switches that may be useful. An important one is the -l or –login switch. By using this flag we start a shell that is much more similar to the actual user logging into the system – we inherit a lot more properties of the new user, i.e., environment variables and the likes.

Questions

On the deployable machine, who is the owner of “important”?

Answer: user2

What would the command be to switch to the user “user2”?

Answer: su user2

Now switch to this user “user2” using the password “user2”

Answer: No answer needed

Output the contents of “important”, what is the flag?

Make sure you change user to user 2 by writing su user2, followed by typing in the password (user2).

Reading the flag

Answer: No answer needed


Task 6 (Common Directories)

Linux has a number of common directories that you should know about. These are the following:

/etc

This root directory is one of the most important root directories on your system. The etc folder (short for etcetera) is a commonplace location to store system files that are used by your operating system.

For example, the sudoers file contains a list of the users & groups that have permission to run sudo or a set of commands as the root user. Also important are the “passwd” and “shadow” files. These two files are special for Linux as they show how your system stores the passwords for each user in a hash formatting called sha512.

/var

The “/var” directory, with “var” being short for variable data, stores data that is frequently accessed or written by services or applications running on the system. For example, log files from running services and applications are written here (/var/log), or other data that is not necessarily associated with a specific user (i.e., databases and the like).

/root

There isn’t anything more to this folder other than just understanding that this is the home directory for the “root” user. You might assume that the root user would have their data in a directory such as “/home/root” by default, but this is not the case.

/tmp

This is a unique root directory found on a Linux install. Short for “temporary”, the /tmp directory is used to store data that is only needed to be accessed once or twice. Similar to the memory on your computer, once the computer is restarted, the contents of this folder are cleared out. What’s useful for us in pentesting is that any user can write to this folder by default. Meaning once we have access to a machine, it serves as a good place to store things like our enumeration scripts.

Questions

What is the directory path that would we expect logs to be stored in?

Answer: /var/log

What root directory is similar to how RAM on a computer works?

Answer: /tmp

Name the home directory of the root user

Answer: /root

Now apply your learning and navigate through these directories on the deployed Linux machine.

Answer: No answer needed

Task 7 (Conclusions and Summaries)

We are done! I hope you learned as much as I did by writing this summary. Thank you so much for reading!


Like my articles?

You are welcome to give my article a clap or two 🙂
I would be so grateful if you support me by buying me a cup of coffee:

I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link: