Jasper Alblas
TryHackMe: Linux Fundamentals Part 3 - Walkthrough
Hi! It’s time to tackle the final part of the THM rooms on Linux Fundamentals. In this part we will cover more intermediate Linux skills, for example automation, package management, and service/application logging.
I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by THMs rooms. Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.
Room URL: https://tryhackme.com/room/linuxfundamentalspart3
Table of Contents
Task 1: Introduction
Let us start this final Linux Introduction room in which we will learn about automation, package management, logging and more!
Questions
Let’s proceed!
Answer: No answer needed
Task 2: Deploy your Linux machine
Nothing to do here either but logging in to your deployed machine using SSH.
Questions
I’ve logged into the Linux Fundamentals Part 3 machine using SSH and have deployed the AttackBox successfully!
Log into the deployed machine by using:
ssh <username>@<serverip>In this case the username is tryhackme. The password you will be prompted for is also tryhackme.
Answer: No answer needed
Task 3 (Terminal Text Editors)
There are different text editors we can use in the terminal to more easily edit files. There are a few options that you can use, all with a variety of friendliness and utility. This task is going to introduce you to nano but also show you an alternative named VIM.
Nano
To create or edit a file using nano, we simply use:
nano filenameNano will launch and we can begin to start entering or modifying our text. You can navigate each line using the “up” and “down” arrow keys or start a new line using the “Enter” key on your keyboard.
Nano has a few features that are easy to remember & covers the most general things you would want out of a text editor, including:
- Searching for text
- Copying and Pasting
- Jumping to a line number
- Finding out what line number you are on
You can use these features of nano by pressing the Ctrl key (which is represented as an ^ on Linux) and a corresponding letter. For example, to exit, we would want to press Ctrl and X.
VIM
VIM is a much more advanced text editor. Whilst you’re not expected to know all advanced features, it’s helpful to mention it for powering up your Linux skills. Some of VIM’s benefits include:
- Customizable — you can modify the keyboard shortcuts to be of your choosing
- Syntax Highlighting — this is useful if you are writing or maintaining code, making it a popular choice for software developers
- VIM works on all terminals where nano may not be installed
- There are a lot of resources such as cheatsheets, tutorials, and the sorts available to you use.
Questions
Create a file using Nano
Answer: No answer needed
Edit “task3” located in “tryhackme”’s home directory using Nano. What is the flag?
Write nano task3 to read the file.
Answer: THM{TEXT_EDITORS}
Task 4 (General Utilities)
Downloading Files
A pretty fundamental feature of computing is the ability to transfer files. For example, you may want to download a program, a script, or even a picture. There are multiple ways in which we can retrieve these files.
wget allows us to download files from the web via HTTP. We simply need to provide the address of the resource that we wish to download. An example:
wget https://assets.tryhackme.com/additional/linux-fundamentals/part3/myfile.txtTransferring Files From Your Host — SCP (SSH)
Secure copy, or scp, makes us securely copy files. It allows us to copy files just like cp. The difference being that this command allows you to transfer files between two computers using the SSH protocol to provide both authentication and encryption. It allows both:
- Copy files & directories from your current system to a remote system
- Copy files & directories from a remote system to your current system
Serving Files From Your Host
Python provides a lightweight and easy-to-use module called HTTPServer. This module turns your computer into a quick and easy web server that you can use to serve your own files, where they can then be downloaded by another computing using commands such as curl and wget.
HTTPServer will serve the files in the directory that you run the command, but this can be changed by providing options that can be found in the manual pages. Simply, all we need to do is run:
python3 -m http.serverWe can then use wget to download the file using the computer’s IP address and the name of the file:
wget http://127.0.0.1:8000/fileQuestions
Ensure you are connected to the deployed instance (10.10.213.251)
Answer: No answer needed
Now, use Python 3’s “HTTPServer” module to start a web server in the home directory of the “tryhackme” user on the deployed instance.
You will need to write python3 -m http.server to start a server on your deployed machine (the one you accessed with SSH).
Answer: No answer needed
Download the file http://10.10.213.251:8000/.flag.txt onto the TryHackMe AttackBox. What are the contents?
Now that the server is running, you should be able to download the file by running a new terminal window.
In the new window write:
wget <serving machine ip>/.flag.txtNow you can access the file on your attacker machine.
Answer: THM{WGET_WEBSERVER}
Create and download files to further apply your learning — see how you can read the documentation on Python3’s “HTTPServer” module. Use Ctrl + C to stop the Python3 HTTPServer module once you are finished.
Answer: No answer needed
Task 5 (Processes 101)
Processes are the programs that are running on your machine. They are managed by the kernel, where each process will have an ID associated with it, also known as its PID. The PID increments for the order In which the process starts. I.e. the 60th process will have a PID of 60.
Viewing Processes
We can use the ps command to provide a list of the running processes as our user’s session and some additional information such as its status code, the session that is running it, how much usage time of the CPU it is using, and the name of the actual program or command that is being executed.
To see the processes run by other users and those that don’t run from a session (i.e. system processes), we need to provide aux to the ps command like so:
ps auxAnother very useful command is the top command; top gives you real-time statistics about the processes running on your system instead of a one-time view. These statistics will refresh every 10 seconds, but will also refresh when you use the arrow keys to browse the various rows.
Managing Processes
You can use commands to manage processes. There are a variety of types of signals that change the way in which your stop a process. To kill a command, we can use the appropriately named kill command and the associated PID that we wish to kill. i.e., to kill PID 1337, we’d use:
kill 1337Below are some of the signals that we can send to a process when it is killed:
- SIGTERM (9)— Kill the process, but allow it to do some cleanup tasks beforehand
- SIGKILL (15)— Kill the process — doesn’t do any cleanup after the fact
- SIGSTOP (23) — Stop/suspend a process
We use these signals by using their name (-SIGTERM) or number (-9) after the kill command as a flag.
kill -9 1337
OR
kill -SIGTERM 1337How do Processes Start?
The process with an ID of 0 is a process that is started when the system boots. This process is the system’s init on Ubuntu, such as systemd, which is used to provide a way of managing a user’s processes and sits in between the operating system and the user.
Any program or piece of software that we want to start afterwards will start as a child process of systemd. This means that it is controlled by systemd, but will run as its own process (although sharing the resources from systemd).
Getting Processes/Services to Start on Boot
Some applications can be started on the boot of the system that we own. For example, web servers, database servers or file transfer servers. This software is often critical and is often told to start during the boot-up of the system by administrators.
Enter the use of systemctl. This command allows us to interact with the systemd process/daemon. The syntax is like this:
systemctl [option] [service]To tell apache to start up we use:
systemctl start apache2We can provide four options to systemctl:
- Start
- Stop
- Enable
- Disable
An Introduction to Backgrounding and Foregrounding in Linux
Processes can run in two states: In the background and in the foreground. For example, commands that you run in your terminal such as “echo” or things of that sort will run in the foreground of your terminal. We then expect the output to be returned to us.
But when we add the & operator to the command, we’re instead just given the ID of the echo process rather than the actual output, since we will run it in the background. This is great for commands such as copying files because it means that we can run the command in the background and continue on with whatever further commands we wish to execute (without having to wait for the file copy to finish first).
We can do the exact same when executing things like scripts — rather than relying on the & operator, we can use Control + Z on our keyboard to background a process. It is also an effective way of “pausing” the execution of a script or command.
Foregrounding a process
When we have a background running in the background (which we can see by using the ps command), we can choose to foreground it again. We can use fg to bring this back to focus.
Questions
Read me!
Answer: No answer needed
If we were to launch a process where the previous ID was “300”, what would the ID of this new process be?
The PID increments each time you start a new process. So the answer should be 301.
Answer: 301
If we wanted to cleanly kill a process, what signal would we send it?
The answer is SIGTERM. If you want to avoid cleaning up you can use SIGKILL.
Answer: SIGTERM
Locate the process that is running on the deployed instance (10.10.213.251). What flag is given?
Enter ps aux to list the current running services of all users. If you look carefully you can find a key:
Answer: THM{PROCESSES}
What command would we use to stop the service “myservice”?
To stop a service we use the systemctl command, followed by stop and the service name:
systemctl stop myserviceAnswer: systemctl stop myservice
What command would we use to start the same service on the boot-up of the system?
Same as before, but now using enable instead of stop.
systemctl enable myserviceAnswer: systemctl enable myservice
What command would we use to bring a previously backgrounded process back to the foreground?
We can use the fg (foreground) command to bring a previously backgrounded process back to the foreground.
Answer: fg
Task 6 (Maintaining Your System: Automation)
To schedule tasks or actions to run after the system boots—like launching applications or backing up files—you can use the cron process, which is managed via crontabs. A crontab is a special file containing formatted instructions that the cron process executes step-by-step during boot.
Crontabs require six fields:
- MIN – Minute of execution.
- HOUR – Hour of execution.
- DOM – Day of the month.
- MON – Month of the year.
- DOW – Day of the week.
- CMD – The command to execute.
For example, to back up the “Documents” folder for user “cmnatic” every 12 hours:
0 *12 * * * cp -R /home/cmnatic/Documents /var/backups/ Using a wildcard * means a field can remain unspecified, allowing flexible scheduling (e.g., running every 12 hours regardless of the month, day, or year).
Questions
Ensure you are connected to the deployed instance and look at the running crontabs.
Answer: No answer needed
When will the crontab on the deployed instance (10.10.213.251) run?
To figure this out simply write the following command in the terminal:
crontab -e
You can find the command in the bottom of the file. It runs on a interval specified by a special command: @reboot, which means that it runs verything the system reboots.
Answer: @reboot
Task 7 ( Maintaining Your System: Package Management)
Introducing Packages & Software Repos
When developers wish to submit software to the community, they will submit it to an apt repository. If approved, their programs and tools will be released into the wild.
In Linux, the repository is a storage location hosted on remote servers from which the system retrieves and installs software and updates. On TryHackMe’s systems, these repositories are listed in the /etc/apt/sources.list file and in the files under the /etc/apt/sources.
Whilst Operating System vendors will maintain their own repositories, you can also add community repositories to your list! This allows you to extend the capabilities of your OS. Additional repositories can be added by using the add-apt-respository command or by listing another provider! For example, some vendors will have a repository that is closer to their geographical location.
Managing Your Repositories (Adding and Removing)
This gets pretty technical. Refer to the task page on THM to learn more about this.
Questions
Since TryHackMe instances do not have an internet connection…this task only requires you to read through the material.
Answer: No answer needed
Task 8 ( Maintaining Your System: Logs)
Log files are located in the /var/log directory and contain logging information for applications and services running on your system.
These services and logs are a great way in monitoring the health of your system and protecting it. Not only that, but the logs for services such as a web server contain information about every single request — allowing developers or administrators to diagnose performance issues or investigate an intruder’s activity.
Questions
Look for the apache2 logs on the deployable Linux machine
The apache2 logs are found at /var/log/apache2.
Answer: No answer needed
What is the IP address of the user who visited the site?
Access the access log by opening access.log.1 with cat:
cat access.log.1
The answer is right there at the start of the second line.
Answer: 10.9.232.111
What file did they access?
Look at the screenshot above. They have accessed the file catsanddogs.jpg.
Answer: catsanddogs.jpg
Task 9 (Conclusion)
To recap, this room introduced you to the following topics:
- Using terminal text editors
- General utilities such as downloading and serving contents using a python webserver
- A look into processes
- Maintaining & automating your system by the use of crontabs, package management, and reviewing logs
Continue your learning in some other TryHackMe rooms that are dedicated to Linux tools or utilities:
- The find command — https://tryhackme.com/room/thefindcommand
- Bash Scripting — https://tryhackme.com/room/bashscripting
- Regular Expressions — https://tryhackme.com/room/catregex
Questions
Terminate the machine deployed in this room from task 2.
Answer: No answer needed
Continue your learning in other Linux-dedicated rooms
Answer: No answer needed
Great job on finishing this room!
Congratulations, we are done!
It was great to learn some more essential Linux Fundamentals in this TryHackMe: Linux Fundamentals Part 3 room, and I hope my walkthrough helped you on your cybersecurity journey.
See you next time. Happy hacking!
You can find my other walkthroughs here.
Like my articles?
I would be so grateful if you support me by buying me a cup of coffee:
I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link:
