Tryhackme - Linux Strength Training

Tryhackme – Linux Strength Training

In this walkthrough, we will be going through Linux Strength Training room by Tryhackme.This room is specifically designed to harden our linux command line skills and is a continuation to the Tryhackme’s Linux fundamentals series. After completing this room, you will be navigating on the linux terminal like ninja. The content of the room covers finding files and working with files, cracking hashes and decoding base 64 strings, followed by some interesting challenges. So, let’s get started.

Introduction

Task 1 – Intro

Intro

Task 2 – Finding your way around linux – overview

Question 1 – I have read and understood

Done

Question 2 – What is the correct option for finding files based on group

-group 

Question 3 – What is format for finding a file with the user named Francis and with a size of 52 kilobytes in the directory /home/francis/

find /home/francis -type f -user francis -size 50k

Question 4 – SSH as topson using his password topson. Go to the /home/topson/chatlogs directory and type the following: grep -iRl ‘keyword’. What is the name of the file that you found using this command?

ssh as topson

2019-10-11

Question 5 – Type: less [filename] to open the file. Then, before anything, type / before typing: keyword followed by [ENTER]. Notice how that allowed us to search for the first instance of that word in the entire document. For much larger documents this can be useful and if there are many more instances of that word in the document, we would be able to hit enter again to find the next instance in the document.

reading 2019-10-11

finding the keyword
Done

Question 6 – What are the characters subsequent to the word you found?

finding the subsequent word

ttitor

Question 7 – Read the file named ‘ReadMeIfStuck.txt’. What is the Flag?

We will start with finding the text file using the command given below. Here, we are specifying the type as “file” and name to search for is “ReadmeIfStuck.txt”.

find -type f -name ReadMeIfStuck.txt

finding ReadMeIfStuck file

Looks like, this is only a clue. As per the text, we have to find and read file named “additionalHINT”. So, let’s do it by following the given command below.

find -type f -name additionalHINT

finding additionalHINT file

Now, we have to find a directory named telephone numbers. We will do it using the given below command, where we have specified the type as “directory” and name as “telephone numbers”.

find -type d -name 'telephone numbers'

finding telephone directory

As per the readME.txt in telephone numbers directory, we have to find a file with a modified date of 2016-09-12 from the /workflows directory. This can be achieved by following the given command below. Let me break it down for you. Firstly we are specifying the type as “file”, then we are specifying the start modified date following the end modified date. This command will exclude all the files before the start date and after the end date. As per the task, we have to find a file with a modified date of 2016-09-12. For which, we have selected the start date as 2016-09-11 and end date as 2016-09-13.

find -type f -newermt 2016-09-11 ! -newermt 2016-09-13

finding file with a modified date of 2016-09-13

Checking the content of the file with “less”, followed with a search of the keyword “Flag” gives us our first flag.

less xft/eBQRhHvx 

reading file xft/eBQRhHvx

Claiming the flag

Flag{81726350827fe53g}

Finding your way around linux - overview

Task 3 – Working with files

Question 1 – Hypothetically, you find yourself in a directory with many files and want to move all these files to the directory of /home/francis/logs. What is the correct command to do this?

mv *  /home/francis/logs

Question 2 – Hypothetically, you want to transfer a file from your /home/james/Desktop/ with the name script.py to the remote machine (192.168.10.5) directory of /home/john/scripts using the username of john. What would be the full command to do this?

scp /home/james/Desktop/script.py [email protected]:/home/john/scripts

Question 3 – How would you rename a folder named -logs to -newlogs

mv -- -logs -newlogs

Question 4 – How would you copy the file named encryption keys to the directory of /home/john/logs

mv "encryption keys" /home/john/logs

Question 5 – Find a file named readME_hint.txt inside topson’s directory and read it. Using the instructions it gives you, get the second flag.

find -type -f -name readME_hint.txt

finding readME_hint.txt

mv -- -MoveMe.txt "-march folder"/

moving file into -march folder directory

cd -- -march\ folder/

Getting the flag

Flag{234@i4s87u5hbn$3}

Working with files

Task 4 – Hashing – introduction

Question 1 – Download the hash file attached to this task and attempt to crack the MD5 hash. What is the password?

john --format=raw-md5 hash1.txt

cracking MD5 with john

secret123

Question 2 – What is the hash type stored in the file hashA.txt

find -type f -name hashA.txt

finding hashA.txt

getting the password hash

Using hash-identifier to identify the hash found in hashA.txt

Identifying MD4 with hash-identifier

MD4

Question 3 – Crack hashA.txt using john the ripper, what is the password?

john --format=raw-md4 MD4_hash.txt

cracking MD4 with john

admin

Question 4 – What is the hash type stored in the file hashB.txt

find -type f -name hashB.txt

finding hashB.txt

Identifying SHA1 using hash-identifier

SHA-1

Question 5 – Find a wordlist  with the file extention of ‘.mnf’ and use it to crack the hash with the filename hashC.txt. What is the password?

We will start with finding the file hashC.txt using the given command below. Later, we will use hash-identifier to identify the hash inside the file.

find -type f -name hashC.txt

finding hashC.txt

Identifying hash as SHA256 using Hash-identifier

Next, we will find the wordlist we need for this task using the following command. Once find, we will download it to in our system using wget. For that we have to start a python server in the tryhackme box using – python3 -m http.server and downloading the file in our system using – wget http://<Tryhackme Box IP>:8000/ww.mnf

find -type f -name "*.mnf"

finding wordlist to crack

Finally, cracking the hash using John the ripper and the downloaded wordlist.

john --format=raw-sha256 SHA_hash.txt --wordlist=ww.mnf

Cracking SHA256 with john

unacvaolipatnuggi

Question 6 – Crack hashB.txt using john the ripper, what is the password?

john --format=raw-sha1 SHA1.txt

cracking SHA1 with john

letmein

Hashing - Introduction

Also read: Tryhackme – Crack the hash

Task 5 – Decoding base64

Question 1 – what is the name of the tool which allows us to decode base64 strings?

base64

Question 2 – find a file called encoded.txt. What is the special answer?

find -type f -name encoded.txt

finding encoded.txt

less system\ AB/managed/encoded.txt | base64 -d > decoded.txt
cat decoded.txt | grep "special"

decoding base64 text

As per the decoded text, we will get the answer in a file named “ent.txt”. Next, we will find the file using the given command below. Reading it will gives us a hashed string.

find -type f -name ent.txt

finding content of ent.txt

Using Crackstation to crack the hashed string gives us our answer for the question.

Cracking using crackstation

john

Decoding base64

Task 6 – Encryption/Decryption using gpg

Question 1 – Now try it for yourself. Make a random text file and enter some readable sentences in there before encrypting and decrypting it as illustrated above.

Done
gpg --cipher-algo AES-256 --symmetric message.txt
generating an encrypted file

gpg message.txt.gpg

encrypting and decrypting a file

Question 2 – You wish to encrypt a file called history_logs.txt using the AES-128 scheme. What is the full command to do this?

gpg -cipher-algo AES-128 symmetric history_logs.txt

Question 3 – What is the command to decrypt the file you just encrypted?

gpg  history_logs.txt.gpg

Question 4 – Find an encrypted file called layer4.txt, its password is bob. Use this to locate the flag. What is the flag?

find -type f -name layer4.txt

finding layer4.txt

gpg layer4.txt

decrypting layer4.txt

find -type f -name layer3.txt

finding layer3.txt

gpg layer3.txt

decrypting layer3.txt

find -type f -name layer2.txt

finding layer2.txt

gpg layer2.txt

decrypting layer2.txt

Seems like a base 64 encoded string. We can decode it using Cyberchef. Doing that, we got our next clue.

decoding base 64 string

find -type f -name layer1.txt

finding layer1.txt and flag

Flag{B07$f854f5ghg4s37}

Encryption/Decryption using gpg

Task 7 – Cracking encrypted gpg files

Question 1 – Now try it yourself! Encrypt a file and use a common password contained in the wordlist you wish to use. Follow the instructions above to decrypt as if you are a hacker. If it worked, well done.

Done

gpg2john message.txt.gpg > john_gpg

gpg2john convert

john --format=gpg john_gpg

cracking encrypted file using gpg

Question 2 – Find an encrypted file called personal.txt.gpg and find a wordlist called data.txt. Use tac to reverse the wordlist before brute-forcing it against the encrypted file. What is the password to the encrypted file?

find -type f -name personal.txt.gpg

finding personal.txt.gpg

find -type f -name data.txt

finding data.txt

tac data.txt > data1.txt

tac wordlist

gpg2john personal.txt.gpg > personal_hash

gpg2john hash convert

john --format=gpg personal_hash --wordlist=data1.txt

cracking encrypted file using john

valamanezivonia

Question 3 – What is written in this now decrypted file?

gpg personal.txt.gpg

cracking personal.txt.gpg

Cracking encrypted gpg files

Getting stronger Linux

Tryhackme - Linux Strength Training

Task 8 – Reading SQL databases

Question 1 – Find a file called employees.sql and read the SQL database. (Sarah and Sameer can log both into mysql using the password: password). Find the flag contained in one of the tables. What is the flag?

find -type f -name employees.sql

finding employees.sql

mysql -u sarah -p 
source employees.sql

login as sarah in Mysql

show databases;
use employees;
show tables;

show databases

describe employees;
select * from employees where first_name like "Lobel";

describe employees

Finding our flag

Flag{13490AB8}

Reading SQL databases

Task 9 – Final Challenge

Question 1 – Go to the /home/shared/chatlogs directory and read the first chat log named: LpnQ. Use this to help you to proceed to the next task.

Done

By reading LpnQ, we came to know that Sarah and Lucy is talking about an employee’s SSH password that is unchanged mistakenly.

less LpnQ

finding hints

Question 2 – What is Sameer’s SSH password?

Next, we tried to find Sameer’s SSH password using command given below. Result shows two files, that has a occurrence of the word “SSH” in it. We have already read the contents of the file LpnQ. So, we’ll get into the another one – KfnP for getting the password.

grep -iRl "SSH"

finding sameer SSH password

SSH password of Sameer
thegreatestpasswordever000

Question 3 – What is the password for the sql database back-up copy

Next, in the above content, we can see that Michael is talking about a wordlist file that contain password for the sql database backup copy. So, we’ll start with finding the same.

grep -iRl "wordlist"

finding wordlist

getting wordlist directory

Reading out the file we found, we got a string in place of the Wordlist directory path. Seems like a base 64 encoded string, we can decode it using Cyberchef. That gives us, the directory of the wordlist.

decoding wordlist directory base 64 string

As per the above text, the password did start with “ebq”. So, we will try to find files that has a word starting with the former.

grep -iRl "ebq"

searching for sql password

less Ulpsmt

finding sql password

ebqattle

Question 4 – Find the SSH password of the user James. What is the password?

We will start with decrypting the sql backup password, we have found earlier.

gpg 2020-08-13.zip.gpg
unzip 2020-08-13.zip

decrypt sql backup copy

mysql -u sameer -p

Password to login in the Mysql database – password

login to to Mysql with sameer creds

source employees.sql
show databases;
use employees;
show tables;

source employees.sql

show databases

show tables

select * from employees where first_name like "james";
ssh password of james

vuimaxcullings

Question 5 – SSH as james and change the user to root?

Done

sudo su

switching to root

Question 6 – What is the root flag?

root flag

Flag{6$8$hyJSJ3KDJ3881}

Final Challenge

Conclusion:

Conclusion

So, that was it. We conquered this room as well. Summarizing the above room, we first start with finding files using the “find” command and then slowly navigates into the system. Further, we have a introduction on the topics of hashes. Moving ahead, we identify and crack the hashes. Along with that, we wet our feet in some base64 decoding followed by the encryption and decryption of some gpg files. Next, we learned how we can read the sql databases using the command line. Finally, we completed the room with a final challenge, which test our skills on all the above mentioned topics. On that note, i will bid a goodbye but remember always to “Hack the Planet”.

Scroll to Top