Introduction

Let's proceed

No answer needed

Deploy Your Linux Machine

I've logged into the Linux Fundamentals Part 3 machine using SSH and have deployed the AttackBox successfully!

No answer needed Note: You have to deploy the machine in order to complete the following tasks. To do so click on the "Start Machine"-button. After a minute you are given the IP-address of the machine. Connect to the machine using ssh with "tryhackme" as username and password.

Terminal Text Editors

Create a file using Nano

To do so use nano filename.

No answer needed

Edit "task3" located in "tryhackme"'s home directory using Nano. What is the flag?

Type in nano task3and press enter. Nano will be opened and you can see the flag:

THM{TEXT_EDITORS}

Note: There is actually no reason to use nano, because we do not actually have to change the content of the file. It is easier to use the cat-command.

General/Useful Utilities

Ensure you are connected to the deployed instance (IP)

No answer needed

Now, use Python 3's "HTTPServer" module to start a web server in the home directory of the "tryhackme" user on the deployed instance.

Use python3 -m http.server PORT to host the server. Exchange the word "PORT" with port of your choice e.g. 8000 .

No answer needed

Download the file http://IP:PORT/.flag.txt onto the TryHackMe AttackBox. What are the contents?

Open a second terminal on your device and use the command wget http://IP:PORT/.flag.txt to download the file. Then use cat .flag.txt to see the contents and the flag:

THM{WGET_WEBSERVER}

Note: It is not necessary to download the file to see its contents. You can simply use cat .flag.txtto get the flag

Create and download files to further apply your learning -- see how you can read the documentation on Python3's "HTTPServer" module. Use Ctrl + C to stop the Python3 HTTPServer module once you are finished.

No answer needed

Process 101

Read me!

No answer needed

If we were to launch a process where the previous ID was "300", what would the ID of this new process be?

301

If we wanted to cleanly kill a process, what signal would we send it

SIGTERM

Locate the process that is running on the deployed instance (10.10.151.69). What flag is given?

Use ps aux to get all the running processes. Look through the commands and you should be able to make out the flag:

THM{PROCESSES}

What command would we use to stop the service "myservice"?

systemctl stop myservice

What command would we use to start the same service on the boot-up of the system?

systemctl enable myservice

What command would we use to bring a previously backgrounded process back to the foreground?

fg

Maintaining Your System: Automation

Ensure you are connected to the deployed instance and look at the running crontabs.

No answer needed

When will crontab on the deployed instance (10.10.151.69) run?

Use crontab -e to get information about crontab.

@reboot

Maintaining Your System: Package Management

Since TryHackMe instances do not have an internet connection...this task only requires you to read through the material.

No answer needed

Maintaining Your System: Logs

Look for the apache2 logs on the deployable Linux machine

No answer needed

What is the IP address of the user who visited the site?

Use cd /var/log/apache2 to get to the logs. Then use cat access.log.1 to get the required information. In the file there is only one access. The IP of this access is the answer to the question.

10.9.232.111

What file did they access?

catsanddogs.jpg

Conclusions & Summaries

Terminate the machine deployed in this room from task 2.

No answer needed

Continue your learning in other Linux-dedicated rooms

No answer needed