概要
TryHackMeの「Linux Fundamentals Part 3」のwalkthroughです。
Task3
Q2.Edit "task3" located in "tryhackme"'s home directory using Nano. What is the flag?
catコマンドでファイルの中身を閲覧します。
$ cat ./task3
THM{TEXT_EDITORS}
A.THM{TEXT_EDITORS}
Task4
Q3.Download the file <ip address>.flag.txt onto the TryHackMe AttackBox. Remember, you will need to do this in a new terminal.What are the contents?
Hint.Use wget! It's a hidden file so don't forget the period in .flag.txt when downloading and catting
対象マシンでpythonを使ってhttpサーバーを起動します。
tryhackme@linux3:~$ python3 -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
wgetコマンドでサーバーからflag.txtファイルをダウンロードし、ファイルの中身を閲覧します。
root@ip-10-10-67-95:~# wget http://10.10.43.27:8000/.flag.txt
--2024-04-18 12:48:48-- http://10.10.43.27:8000/.flag.txt
Connecting to 10.10.43.27:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 20 [text/plain]
Saving to: \u2018.flag.txt\u2019
.flag.txt 100%[============>] 20 --.-KB/s in 0.001s
2024-04-18 12:48:48 (34.7 KB/s) - \u2018.flag.txt\u2019 saved [20/20]
root@ip-10-10-67-95:~# cat ./.flag.txt
THM{WGET_WEBSERVER}
A.THM{WGET_WEBSERVER}
Task5
Q2.If we were to launch a process where the previous ID was "300", what would the ID of this new process be?
A.301
Q3.If we wanted to cleanly kill a process, what signal would we send it?
Task5の説明文中Managing Processes項目に記載があります。
Managing Processes
You can send signals that terminate processes; there are a variety of types of signals that correlate to exactly how "cleanly" the process is dealt with by the kernel. To kill a command, we can use the appropriately named kill command and the associated PID that we wish to kill. i.e., to kill PID 1337, we'd use kill 1337.
Below are some of the signals that we can send to a process when it is killed:
SIGTERM - Kill the process, but allow it to do some cleanup tasks beforehand
SIGKILL - Kill the process - doesn't do any cleanup after the fact
SIGSTOP - Stop/suspend a process
A.SIGTERM
Q4.Locate the process that is running on the deployed instance (10.10.43.27). What flag is given?
Hint.Use ps aux to list all running processes. We're looking for a process that seems "out of the ordinary"
ps auxの結果をフラグで使用されてるであろうTHM{の文字列でgrepする。
$ ps aux | grep "THM{"
root 480 0.0 0.0 2364 512 ? S 11:41 0:00 THM{PROCESSES}
A.THM{PROCESSES}
Q5.What command would we use to stop the service "myservice"?
Hint.systemctl [option] [service]
A.systemctl stop myservice
Q6.What command would we use to start the same service on the boot-up of the system?
Hint.systemctl [option] [service]
A.systemctl enable myservice
Q7.What command would we use to bring a previously backgrounded process back to the foreground?
A.fg
Task6
Q2.When will the crontab on the deployed instance (10.10.43.27) run?
Hint.Take a look at the position and the value within the appropriate column
crontab -eコマンドで確認する。
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').
#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
@reboot /var/opt/processes.sh
A.@reboot
Task8
Q2.What is the IP address of the user who visited the site?
/var/log/apache2/access.log.1ファイルからIPを確認する。
$ cat /var/log/apache2/access.log.1
10.9.232.111 - - [04/May/2021:18:18:16 +0000] "GET /catsanddogs.jpg HTTP/1.1" 200 51395 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"
A.10.9.232.111
Q3.What file did they access?
Q2で確認したアクセスログのパスが/catsanddogsになってる。
A.catsanddogs.jpg