Linux Fundamentals - Part 2 2021
The link for this lab is located here: https://tryhackme.com/room/linuxfundamentalspart2
This room covers flags and switches for commands, permissions, common directories and some more filesystem interaction commands that are useful.
Task 2 - Accessing Your Linux Machine Using SSH
SSH (Secure Shell) is a protocol between devices in an encrypted form. Using cryptography, any input we send in a human-readable format is encrypted for travelling over a network - where it is then unencrypted once it reaches the remote machine.
SSH allows us to remotely execute commands on another device remotely. Any data sent between the devices is encrypted when it is sent over a network such as the Internet.
Before we connect however, we need to download the VPN file and use OpenVPN to connect to TryHackMe’s network. To do this, we simply type “sudo openvpn [file].ovpn” and provide the sudo password. It should then connect to the network.
The syntax to use SSH is very simple. We provide two things:
The IP address of the remote machine
Correct credentials to a valid account to login with on the remote machine
For example, “ssh tryhackme@IP” will login to the remote machine asking for a password. Once the password is entered, you will be connected to the machine.
Task 3 - Introduction to Flags and Switches
A majority of commands allow for arguments to be provided. These arguments are identified by a hyphen and a certain keyword known as flags or switches.
When using a command, unless otherwise specified, it will perform its default behaviour. For example, the “ls” command lists the contents of the working directory. However, hidden files are NOT shown. For example, to show the hidden files, we can use the “-a” switch (short for --all).
Commands that accept these will also have a “--help” option which lists the possible options that the command accepts, provides a brief description and example of how to use it.
The manual pages are a great source of information for both system commands and apps. To access this documentation, use the “man” command and then provide the command we want to read the documentation for - as an example “man ls”.
Questions
Q2: What directional arrow key would we use to navigate down the man page?
A: downQ3: What flag would we use to display the output in a "human-readable" way?
A: Looking through the manual and scrolling down, we will see the option for human-readable (either -h or --human-readable)
Task 4 - Filesystem Interaction (cont.)
Creating files and folders on Linux is simple. The “touch” command takes exactly one argument - the name we want to give the file we create - e.g “touch note”. It simply creates a blank file. If you wanted to add content to that file, you need to use echo or a text editor.
To create a directory, it is a similar process. Instead of the touch command, we use the “mkdir” command providing the name we want to give it.
The “rm” command is used to either remove a file or remove a directory. If you want to remove a directory, you have to add the “-R” switch.
Copying and moving files is an important functionality on a Linux machine. Starting with “cp”, this command takes two arguments:
The name of the existing file
The name we wish to assign to the new file
The “cp” command copies the entire contents of the existing file into the new file.
Moving a file takes two arguments. However, rather than copying and/or creating a new file, “mv” will merge or modify the second file that we provide as an argument. You can also use “mv” command to rename a file or folder. For example, we can rename the file “note2” to be named “note3”.
What is often misleading is making presumptions from files as to what their purpose or contents may be. Files usually have what is known as an extension to make this easier. So far, the files we have used haven’t had an extension. Without knowing the context of why the file is there - we don’t really know its purpose.
The “file” command takes one argument. We can use the file command to confirm whether or not a file is indeed a text file for example.
Questions
Q1: How would you create the file named "newnote"?
A: touch newnote
Q2: What is the file type of "unknown1" in tryhackme's home directory?
A: ASCII text
Q3: How would we move the file "myfile" to the directory "myfolder"?
A: mv myfile myfolder
Q4: What are the contents of this file?
A: THM{FILESYSTEM}
Task 5 - Permissions 101
When using the “ls -l” command, we can see ten columns. However, for permissions, we are only interested in the first three columns:
These three columns are very important in determining certain characteristics of a file or folder and whether or not we have access to it. A file or folder can have a couple of characteristics that determine both what it is that and who we can do with it as.
The diagram below is a great representation of how these permissions can be translated.
The great thing about Linux is that permissions can be so granular, that whilst a user technically owns a file, if the permissions have been set, then a group of users can also have either the same or a different set of permissions to the exact same file without affecting the file owner itself.
The system user that runs a web server MUST have permissions to read and write files for an effective web application. However, companies such as web hosting companies will have to want to allow their customers to upload their own files for their website without behind the webserver system user.
Switching between users on Linux is easy thanks to the “su” command. Unless you are the root user, then you are required to know two things to facilitate this transition:
The user we wish to switch to
The user’s password
The “su” command takes a couple of switches that may be of relevance. For example, executing a command once you log in or specifying a specific shell to use. By providing the “-l” switch to “su”, we start a shell that is MUCH more similar to the actual user logging into the system - we inherit a lot more properties of the new user (environment variables, etc…).
Questions
Q1: On the deployable machine, who is the owner of "important"?
A: user2
Q2: What would the command be to switch to the user "user2"?
A: su user2
Q3: Output the contents of important, what is the flag?
A: THM{SU_USER2}
Task 6 - Common Directories
The “/etc” directory is one of the most important directories. It is a commonplace location to store system files that are used by your OS. For example, the sudoers file highlighted contains a list of the users and groups that have permission to run sudo or a set of commands as the root user.
Also, the “passwd” and “shadow” files are two files that show how your system stores the passwords for each user in encrypted formatting called sha512.
The “/var” directory is one of the main root folders. This folder stores data that is frequently accessed or written by services or applications running on the system. For example, log files from running services and applications are written here (/var/log) or other data that is not necessarily associated with a specific user (databases for example).
The “/root” directory is the home folder for the root system user. There isn’t anything more to this folder than that.
The “/tmp” directory is a unique directory. It is volatile and is used to store data that is only needed to be accessed once or twice. Similar to RAM, once the computer is restarted, the contents are wiped. It is useful to know that ANY user can write to this folder by default. Meaning, once we have access, it serves as a good place to store things like scripts.
