TryHackMe: Linux Fundamentals 3 - Walkthrough

September 11, 2023
Posted in TryHackMe
September 11, 2023 Jasper

Hi! It’s time to tackle the final part of the THM rooms on Linux Fundamentals. In this part we will cover more intermediate Linux skills.

I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by THMs rooms. Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.

Room URL: https://tryhackme.com/room/linuxfundamentalspart3


Task 1 (Introduction)

Let us start this final Linux Introduction room in which we will learn about automation, package management, logging and more!

Questions

Let’s proceed!

Answer: No answer needed


Task 2 (Deploy your Linux machine)

Nothing to do here either but logging in to your deployed machine using SSH.

Questions

I’ve logged into the Linux Fundamentals Part 3 machine using SSH and have deployed the AttackBox successfully!

Login by using ssh <username>@<serverip>. In this case the username is tryhackme.

Answer: No answer needed


Task 3 (Terminal Text Editors)

There are different text editors we can use in the terminal to more easily edit files. There are a few options that you can use, all with a variety of friendliness and utility. This task is going to introduce you to nano but also show you an alternative named VIM.

Nano

To create or edit a file using nano, we simply use:

nano filename

Nano will launch and we can begin to start entering or modifying our text. You can navigate each line using the “up” and “down” arrow keys or start a new line using the “Enter” key on your keyboard.

Nano has a few features that are easy to remember & covers the most general things you would want out of a text editor, including:

  • Searching for text
  • Copying and Pasting
  • Jumping to a line number
  • Finding out what line number you are on

You can use these features of nano by pressing the “Ctrl” key (which is represented as an ^ on Linux) and a corresponding letter. For example, to exit, we would want to press “Ctrl” and “X“.

VIM

VIM is a much more advanced text editor. Whilst you’re not expected to know all advanced features, it’s helpful to mention it for powering up your Linux skills. Some of VIM’s benefits include:

  • Customizable — you can modify the keyboard shortcuts to be of your choosing
  • Syntax Highlighting — this is useful if you are writing or maintaining code, making it a popular choice for software developers
  • VIM works on all terminals where nano may not be installed
  • There are a lot of resources such as cheatsheets, tutorials, and the sorts available to you use.

Questions

Create a file using Nano

Answer: No answer needed

Edit “task3” located in “tryhackme”’s home directory using Nano. What is the flag?

Write nano task3 to read the file.

Using nano to read the task3.txt file

Answer: THM{TEXT_EDITORS}


Task 4 (General Utilities)

Downloading Files

A pretty fundamental feature of computing is the ability to transfer files. For example, you may want to download a program, a script, or even a picture. There are multiple ways in which we can retrieve these files.

wget allows us to download files from the web via HTTP. We simply need to provide the address of the resource that we wish to download. An example:

wget https://assets.tryhackme.com/additional/linux-fundamentals/part3/myfile.txt

Transferring Files From Your Host — SCP (SSH)

Secure copy, or scp, makes us securely copy files. It allows us to copy files just like cp. The difference being that this command allows you to transfer files between two computers using the SSH protocol to provide both authentication and encryption. It allows both:

  • Copy files & directories from your current system to a remote system
  • Copy files & directories from a remote system to your current system

Serving Files From Your Host

Python provides a lightweight and easy-to-use module called HTTPServer. This module turns your computer into a quick and easy web server that you can use to serve your own files, where they can then be downloaded by another computing using commands such as curl and wget.

HTTPServer will serve the files in the directory that you run the command, but this can be changed by providing options that can be found in the manual pages. Simply, all we need to do is run:

python3 -m http.server

We can then use wget to download the file using the computer’s IP address and the name of the file:

wget http://127.0.0.1:8000/file

Questions

Ensure you are connected to the deployed instance (10.10.213.251)

Answer: No answer needed

Now, use Python 3’s “HTTPServer” module to start a web server in the home directory of the “tryhackme” user on the deployed instance.

You will need to write python3 -m http.server to start a server on your deployed machine (the one you accessed with SSH).

Serving the file, and downloading it from another terminal

Answer: No answer needed

Download the file http://10.10.213.251:8000/.flag.txt onto the TryHackMe AttackBox. What are the contents?

Now that the server is running, you should be able to download the file by running a new terminal window.

In the new window write:

wget <serving machine ip>/.flag.txt.

Now you can access the file from your attacker machine without logging into it.

Answer: THM{WGET_WEBSERVER}

Create and download files to further apply your learning — see how you can read the documentation on Python3’s “HTTPServer” module. Use Ctrl + C to stop the Python3 HTTPServer module once you are finished.

Answer: No answer needed


Task 5 (Processes 101)

Processes are the programs that are running on your machine. They are managed by the kernel, where each process will have an ID associated with it, also known as its PID. The PID increments for the order In which the process starts. I.e. the 60th process will have a PID of 60.

Viewing Processes

We can use the ps command to provide a list of the running processes as our user’s session and some additional information such as its status code, the session that is running it, how much usage time of the CPU it is using, and the name of the actual program or command that is being executed.

To see the processes run by other users and those that don’t run from a session (i.e. system processes), we need to provide aux to the ps command like so:

ps aux

Another very useful command is the top command; top gives you real-time statistics about the processes running on your system instead of a one-time view. These statistics will refresh every 10 seconds, but will also refresh when you use the arrow keys to browse the various rows.

Managing Processes

You can use commands to manage processes. There are a variety of types of signals that change the way in which your stop a process. To kill a command, we can use the appropriately named kill command and the associated PID that we wish to kill. i.e., to kill PID 1337, we’d use:

kill 1337

Below are some of the signals that we can send to a process when it is killed:

  • SIGTERM (9)— Kill the process, but allow it to do some cleanup tasks beforehand
  • SIGKILL (15)— Kill the process — doesn’t do any cleanup after the fact
  • SIGSTOP (23) — Stop/suspend a process

We use these signals by using their name (-SIGTERM) or number (-9) after the kill command as a flag.

kill -9 1337
OR 
kill -SIGTERM 1337

How do Processes Start?

The process with an ID of 0 is a process that is started when the system boots. This process is the system’s init on Ubuntu, such as systemd, which is used to provide a way of managing a user’s processes and sits in between the operating system and the user.

Any program or piece of software that we want to start afterwards will start as a child process of systemd. This means that it is controlled by systemd, but will run as its own process (although sharing the resources from systemd).

Getting Processes/Services to Start on Boot

Some applications can be started on the boot of the system that we own. For example, web servers, database servers or file transfer servers. This software is often critical and is often told to start during the boot-up of the system by administrators.

Enter the use of systemctl. This command allows us to interact with the systemd process/daemon. The syntax is like this:

systemctl [option] [service]

To tell apache to start up we use:

systemctl start apache2

We can provide four options to systemctl:

  • Start
  • Stop
  • Enable
  • Disable

An Introduction to Backgrounding and Foregrounding in Linux

Processes can run in two states: In the background and in the foreground. For example, commands that you run in your terminal such as “echo” or things of that sort will run in the foreground of your terminal. We then expect the output to be returned to us.

But when we add the & operator to the command, we’re instead just given the ID of the echo process rather than the actual output, since we will run it in the background. This is great for commands such as copying files because it means that we can run the command in the background and continue on with whatever further commands we wish to execute (without having to wait for the file copy to finish first).

We can do the exact same when executing things like scripts — rather than relying on the & operator, we can use Control + Z on our keyboard to background a process. It is also an effective way of “pausing” the execution of a script or command.

Foregrounding a process

When we have a background running in the background (which we can see by using the ps command), we can choose to foreground it again. We can use fg to bring this back to focus.

Questions

Read me!

Answer: No answer needed

If we were to launch a process where the previous ID was “300”, what would the ID of this new process be?

The PID increments for the order in which the process starts. So the answer should be 301.

Answer: 301

If we wanted to cleanly kill a process, what signal would we send it?

The answer is SIGTERM. If you want to avoid cleaning up you can use SIGKILL.

Answer: SIGTERM

Locate the process that is running on the deployed instance (10.10.213.251). What flag is given?

Enter ps aux to list the current running services of all users. If you look carefully you can find a key:

Looking throught the ps aux output

Answer: THM{PROCESSES}

What command would we use to stop the service “myservice”?

Answer: systemctl stop myservice

What command would we use to start the same service on the boot-up of the system?

Answer: systemctl enable myservice

What command would we use to bring a previously backgrounded process back to the foreground?

Answer: fg


Task 6 (Maintaining Your System: Automation)

Users may want to schedule a certain action or task to take place after the system has booted. Take, for example, running commands, backing up files, or launching your favorite programs on, such as Spotify or Google Chrome.

We’re going to be talking about the cron process, but more specifically, how we can interact with it via the use of crontabs . Crontab is one of the processes that is started during boot, which is responsible for facilitating and managing cron jobs.

A crontab is simply a special file with formatting that is recognized by the cron process to execute each line step-by-step. Crontabs require 6 specific values:

  • MIN — What minute to execute at
  • HOUR — What hour to execute at
  • DOM — What day of the month to execute at
  • MON — What month of the year to execute at
  • DOW — What day of the week to execute at
  • CMD — The actual command that will be executed.

Let’s use the example of backing up files. You may wish to backup “cmnatic”’s “Documents” every 12 hours. We would use the following formatting:

0 *12 * * * cp -R /home/cmnatic/Documents /var/backups/

An interesting feature of crontabs is that these also support the wildcard or asterisk (*). If we do not wish to provide a value for that specific field, i.e. we don’t care what month, day, or year it is executed — only that it is executed every 12 hours, we simply just place an asterisk.

Questions

Ensure you are connected to the deployed instance and look at the running crontabs.

Answer: No answer needed

When will the crontab on the deployed instance (10.10.213.251) run?

To figure this out simply write crontab -e in the terminal.

The crontab on the deployed instance

You can find the command in the bottom of the file. It runs on a interval specified by a special command: @reboot. Which means that it runs verything the system reboots.

Answer: @reboot


Task 7 ( Maintaining Your System: Package Management)

Introducing Packages & Software Repos

When developers wish to submit software to the community, they will submit it to an “apt” repository. If approved, their programs and tools will be released into the wild.

In Linux, the repository is a storage location hosted on remote servers from which the system retrieves and installs software and updates. In our systems, these repositories are listed in the /etc/apt/sources. list file and in the files under the /etc/apt/sources.

Whilst Operating System vendors will maintain their own repositories, you can also add community repositories to your list! This allows you to extend the capabilities of your OS. Additional repositories can be added by using the add-apt-respository command or by listing another provider! For example, some vendors will have a repository that is closer to their geographical location.

Managing Your Repositories (Adding and Removing)

This gets pretty technical. Refer to the task page on THM to learn more about this.

Questions

Since TryHackMe instances do not have an internet connection…this task only requires you to read through the material.

Answer: No answer needed


Task 8 ( Maintaining Your System: Logs)

Log files are located in the /var/log directory and contain logging information for applications and services running on your system.

These services and logs are a great way in monitoring the health of your system and protecting it. Not only that, but the logs for services such as a web server contain information about every single request — allowing developers or administrators to diagnose performance issues or investigate an intruder’s activity.

Questions

Look for the apache2 logs on the deployable Linux machine

The apache2 logs are found at /var/log/apache2.

Looking for the apache2 log file

Answer: No answer needed

What is the IP address of the user who visited the site?

Access the access log by opening access.log.1 with cat.

Reading the access.log.1 file

The answer is right there on the second line.

Answer: 10.9.232.111

What file did they access?

Look at the screenshot above. They have accessed the file catsanddogs.jpg.

Answer: catsanddogs.jpg


Task 9 (Conclusion)

To recap, this room introduced you to the following topics:

  • Using terminal text editors
  • General utilities such as downloading and serving contents using a python webserver
  • A look into processes
  • Maintaining & automating your system by the use of crontabs, package management, and reviewing logs

Continue your learning in some other TryHackMe rooms that are dedicated to Linux tools or utilities:

Questions

Terminate the machine deployed in this room from task 2.

Answer: No answer needed

Continue your learning in other Linux-dedicated rooms

Answer: No answer needed


Like my articles?

You are welcome to give my article a clap or two 🙂
I would be so grateful if you support me by buying me a cup of coffee:

I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link: