Embedded Files
<Linux Strength Training PART 1>
Welcome to Linux Fundamental 1!
In this room, we are going to learn:
Finding your way around linux
Finding your way around linux
It's important to get around to finding specific files/directories on Linux system. There are a lot of ways that helps you find specific files/folders by inputting filename, size of a file, user/group name, date modified, accessed, and keyword with specified syntax. Take a look at the chart and see how finding files/folders can be done using various syntaxes.
Placing 2>/dev/null will allow you to filter results to exclude any files/folders that you don't have permission to.
Task 1.1: What is the correct option for finding files based on group?
-> Look at the chart
Task 1.2: What is format for finding a file with the user named Francis and with a size of 52 kilobytes in the directory /home/francis/?
-> Look at the chart
Task 1.3: SSH as topson using his password topson. Go to the /home/topson/chatlogs directory and type the following: grep -iRl 'keyword'. What is the name of the file that you found using this command?
-> ssh@YOUR_MACHINE_IP -> enter password -> cd <the following directory> -> type grep -iRl 'keyword'
Task 1.4: What are the characters subsequent to the word you found?
-> less <filename> > /keyword
Task 1.5: Read the file named 'ReadMeIfStuck.txt'. What is the Flag?
-> cat ReadMeIfStuck.txt -> find / -type f -name additionalHINT 2>/dev/null -> cat /home/topson/channels/additionalHINT -> find / -type d -name "telephone numbers" 2>/dev/null -> cd /home/topson/corporatefiles/xch -> cd 'telephone numbers' -> ls -al -> cat readMe.txt -> find / -type d -name "workflows" 2>/dev/null -> cd workflows/ -> find . -type f -newermt 2016-09-11 ! -newermt 2016-09-13 -> less eBQRhHvx -> /Flag -> 'Answer'
------> click 'Answer' to see the answers
Working with files
Working with files
It's also important to be familiar with working with files in various ways. You should be able to do the following:
copy files and folders
move files and folders
rename files and folders
create files and folders
Refer to the chart
Just remember that if you try to copy or move these files you will encounter errors because Linux interprets the - as a type of argument, therefore you will have to place -- just before the filename.
Task 2.1: Hypothetically, you find yourself in a directory with many files and want to move all these files to the directory of /home/francis/logs. What is the correct command to do this?
-> Look at the chart
Task 2.2: Hypothetically, you want to transfer a file from your /home/james/Desktop/ with the name script.py to the remote machine (192.168.10.5) directory of /home/john/scripts using the username of john. What would be the full command to do this?
-> Look at the chart
Task 2.3: How would you rename a folder named -logs to -newlogs
-> Look at the chart
Task 2.4: How would you copy the file named encryption keys to the directory of /home/john/logs
-> Look at the chart
Task 2.5: Find a file named readME_hint.txt inside topson's directory and read it. Using the instructions it gives you, get the second flag.
-> ls -> find / -type f -name readME_hint.txt 2>/dev/null -> cd /home/topson/corporateFiles/RecordsFinances -> ls -> nano readME_hint.tx -> mv -- -MoveMe.txt '-march folder' -> cd /home/topson/corporateFiles/RecordsFinances/"-march folder" -> ls -al -> ./"runME.sh"
------> click 'Answer' to see the answers
Hashing-Introduction
Hashing-Introduction
Hashing refers to taking any data input, such as a password and calculating its hash equivalent. The hash equivalent is a long string which cannot be reversed since the act of hashing is known as a one-way function.
Watch the video below to understand why Hashing is important.
Hash can be cracked through brute forcing which uses a wordlist consists of millions of potential passwords and input them into the has function to check if a hash equivalent output is equal to any of the hashes stored in the database. Using john-the-ripper program, we can specify what type of hash the hash you found is and find the password you're looking for. In the real world, you may have to find a larger wordlist with a strong amount of common password/username combinations because otherwise it's very hard to find.
Task 3.1: Download the hash file attached to this task and attempt to crack the MD5 hash. What is the password?
-> cat <filename> | hash-identifier -> john <filename> --format=raw-MD5 --wordlist=/usr/share/wordlists/rockyou.txt
SSH as sarah using: sarah@[MACHINE_IP] and use the password: rainbowtree1230x
Task 3.2: What is the hash type stored in the file hashA.txt
-> find / -type f -name hashA.txt 2>/dev/null -> cd /home/sarah/"system AB"/server
_mail/"server settings" -> cat hashA.txt -> hash-identifier [hash]
Task 3.3: Crack hashA.txt using john the ripper, what is the password?
-> return to your own machine -> echo [hash] > hash1.txt -> sudo john -> john hash1.txt --format=raw-md4 --wordlist=/usr/share/wordlists/rockyou.txt
Task 3.4: What is the hash type stored in the file hashB.txt
-> find / -type f -name "hashB.txt" 2>/dev/null -> cat /home/sarah/oldLogs/settings/craft/hashB.txt -> hash-identifier [hash] -> go to https://hashcat.net/wiki/doku.php?id=example_hashes to see exactly what type of hash it is.
Task 3.5: Find a wordlist with the file extention of '.mnf' and use it to crack the hash with the filename hashC.txt. What is the password?
1) -> find / -type f -name "*.mnf" 2>/dev/null -> cd /home/sarah/"system AB"/db -> ls -al ww.mnf -> scp ww.mnf kali@<YOUR_IP_ADDRESS>:<Directory Path> (if it doesn't work, then try to put -p and your port number between scp and filename)
2) -> find / -name "hashC.txt" 2>/dev/null -> cd /home/sarah/system\ AB/server_mail -> scp hashC.txt kali@<YOUR_IP_ADDRESS>:<Directory Path> -> go to your machine -> cat hashC.txt | hash-identifier -> john hashC.txt --format=Raw-SHA256 --wordlist=ww.mnf
Task 3.6: Crack hashB.txt using john the ripper, what is the password?
-> refer to the task 3.4 and check the result of the hash
------> click 'Answer' to see the answers
To continue go to Linux Strength Training part 2!
Page updated
Google Sites
Report abuse