Which directory contains a file TryHackMe

This write-up goes through finding flags on a Linux Machine using different commands, services, and tools found in Linux Operating System

Finding Hidden Flags

The room Linux Challenges on the TryHackMe platform is great for brushing up your Linux skills. I would be going through the entire room step by step and on our way, we will find flags hidden throughout the systems which will lead to the completion of each task systematically. If you are already familiar with the Linux Commands and services have a look at “Learn to exploit and take over a vulnerable Linux based machine”

P.S I recommend you, folks to try solving the challenges on your own and if you get stuck somewhere you can always come back here

Objectives

1. Learn to use commands such as find, locate, ls, grep, tar, etc
2. Understand Cron jobs, MOTDs, locate hidden directories and files on the system
3. Learn to SSH into different user account using private keys
4. Understand system files, paths, variables and file permissions
5. Learn to transfer files using SCP and remote desktop via GUI etc

Task1 Linux Challenges Introduction

First things first we need to connect to the TryHackMe network to access our target machine. For this, we can either connect to OpenVPN or use the in-browser machine access (Available for subscribed users). We could use the following credentials in case we need to log in via SSH manually

SSH Credentials for Target Machine

Lets ssh to the target machine using the credentials above. Use ls to list all the files of user Garry’s home directory as seen below

[Task 2] The Basics

This section covers the basics of Linux. We are required to look for hidden flags and we might need to switch to another user account for our objectives. We need to find 10 flags to complete this section’s challenge

Let’s find out our first flag by using the cat command as seen below

Flag 1 (Home Directory of User Garry)

We have to log in to bobs account to find our Flag 2

SSH Bob Account

After switching to bobs account use cat to output Flag 2 as seen below

Flag 2

Flag 3 is hidden where the bash history of the current user is stored. We don’t know the exact location of the bash history file which is hidden so we can use the locate command and find the flag 3 as seen below

Flag 3

Our Flag 4 is located in crontab. Crontab is a list of commands that are used to run on a specified schedule. Crontab is related to cronjobs whose purpose is to execute specified instructions or commands at a specified schedule or time. crontab -e allows to edit the crontab entries

edits the crontab entries

Going through the entries of crontab we find our flag 4

Flag 4 Found in the crontab entries

Moving to our next flag i.e. Flag 5. Let’s use the grep command which comes in handy while finding any file, directory, or content of the file. grep -r ‘flag5’ will recursively search for the content flag5. As seen below we find the path to our Flag5

Flag 5

We are going to find the flag 6 similarly. The task gives us a hint that the flag contains the letters ‘c9’ in it. First, locate the Flag 6 directory using the locate command. As we output the file there is too much text so here grep comes into action.

Flag 6

Moving on to our next flag. The challenge hints us to look into the path were processes are found. e will use the ps command which is used to list down all the active processes on the system. The flags we set with the ps commands allow us to list down active connections in a list format.

Flag 7

Flag 8 can be found on the home directory of the user bob. This file needs to be decompressed to output the content of Flag 8

Flag 8

The challenge hints us to look in the hosts’ file to find our Flag 9.

Flag 9

For our final flag i.e. Flag 10 we need to look into the directories where we find all the users mainly password hashes are stored in this file and if you are already familiar with the Linux files system and directories you might have guessed it until now. Yes, it is the etc/passwd file we have to look into. Analyzing the file we get our final flag 10

Flag 10

We have our final flag fo this task which completes this challenge

[Task 3] Linux Functionality

Moving on to the next challenge task, we would be using more of the Linux commands here. Let’s run the flag11 and see what it says. As the output says we have to look in where alias is created so .bashrc is the right place to look and as seen below we have our flag 11

Flag 11

Flag 12 is found in the motd (Message of the day ) directory. So navigate to the directory as shown below. Checking the header file we have our flag12.

Flag 12

For the next flag, we navigate to the Flag13 directory. There are two scripts contained in this directory. As the challenge says to use the diff command, diff command compares the content line by line and produces the output. Doing so we get our Flag 13

Moving on to the next flag i.e. Flag14. We can find the flag where logs are stored, navigate to the var/log directory as seen below. It can be seen that our Flag14 is named flagtourteen.txt , there is a lot of text and you will find the flag at the end. For simplicity, I use grep 3 as my flag contained the number three you can skip this command as it is not necessary

Flag 14 in the log directory

Flag15 can be found where system information is stored and that can be found in the release directory. Navigating to this directory we find our flag 15.

Flag 15

Moving on to our next flag i.e Flag 16. This is hidden on one of the mounts of the files system usually found in the directory of media. Let's navigate to this directory. Seems like there are more directories in each having a prefix of the word “Flag16is” as seen below.

Flag 16

Flag17 is found on Alice Account. So lets ssh into Alice's account, her password is “TryHackMe123”. Use ls to list all the files in the directory and here we find our flag as seen below

Alice Account: Flag 17

Moving on to our next hidden flag i.e. Flag18, it's hidden so we use ls -la to list down all the hidden files and directories. Use cat to output the result of the hidden flag

Hidden Flag: Flag18

The last flag for this section is flag19. We have to find the 2435 line which will show us our flag19. We need to read a specific line of file so we would use sed. -n flag is used to suppress the unmatched text while the flag p is used to print the matched lines.

Flag 19

With this, we conclude our Task 3 i.e. Linux Functionality. Navigate here to get to part2 of Linux Challenges

I hope you enjoyed the walkthrough. Practice these commands on this machine and try to reinforce your knowledge. Till then Happy Hacking ;)

About Me

I am a cybersecurity enthusiast pursuing my Master’s Degree in Information Security and trying to get into a full-time cybersecurity career. You can follow for more write-ups and walkthroughs here

What is the username of who you re logged in as on your deployed Linux machine root?

What flag would we use to display the output in a human readable way?

What are Linux fundamentals?