Prompt

One of our analysts had their laptop damaged. However, we were able to recover and mount the hard drive. Access the terminal and recover various flags from the disk.

Tutorial Video

Walk-Through

This challenge will give you experience running basic Linux commands. Additional learning materials about Linux commands can be found on Linux Journey. To solve these challenges, you will be using a Linux Command Line Interface (aka terminal or shell).

Background

You can imagine the command line interface (CLI) to be equivalent to File Explorer on Windows machines or Finder on OSX machines. However, instead of having a graphical user interface (GUI) the command line uses a text-based interface. Just like its GUI counterparts, the CLI allows the user to navigate to different directories (aka folders) and open files or programs. When you open the CLI and start typing, you should see: the prompt and the command.

The prompt can be customized and configured for your personal preference. In this case, the default prompt contains some important information:

root is the name of the user that we are logged in as. Root is significant because on Linux systems, the root user is the default admin account.

dir-easy is the hostname, or the name of the computer.

/home is the path of the directory that we are in. The term “path” is a reference to a specific directory. It indicates “where” something is. You may have seen paths when using File Explorer as it will often be displayed in the navigation bar and allow you easy access to go back a folder.

When you type on the prompt, you are specifying the command you want the command line interface to process. This could be to change the directory we are in, display the contents of a file, delete a file, rename a folder, etc. There are different programs to perform each of these actions.

You simply type the name of the program, provide any input it needs, and hit enter. You will see the results of the program on the screen. There will be examples of commands and their outputs throughout this document.

Guide

Question 1 requires you to list the contents of the root user’s home directory and print out the contents of the flag1.txt file. In this challenge, the you are given access to the root user and you are, by default, placed in root’s home directory. You can run the ls (short for list) command to get a listing of the files in the current directory.

ls

This directory listing shows that only 1 file, flag1.txt, is present in the home directory. From here, the cat (short for concatenate) command can be used to display out the contents of the file. The cat command requires the name of the file you wish to display. To provide that information, you type a space after typing in cat. You then follow with the name of the file. Once you hit enter to execute your command, the answer to Question 1 is revealed.

cat flag1.txt

Question 2 requires you to navigate to the root directory. This can be done using the cd (short for change directory) command along with the path to the root directory.

cd /

Notice how the path in the command line prompt has switched from ~ to /. The ~ indicates that the command line is in the home directory of the current user while the / indicates that the command line is in the root directory. Please note the dual use of the term “root” which at times is referring to the root user, Linux’s equivalent to an admin user, and the root directory, the top-most directory on the computer system.

Now that we are in the root directory, we can run ls again to view what files are in this directory and run cat again to display the contents of flag2.txt.

cat flag2.txt

When you run ls in the root directory, you will notice there are other things in this directory other than flag2.txt. These other items happen to be other folders. You may notice that these items are displayed in blue while flag2.txt is displayed in white. The blue items are directories while flag2.txt is a file and the color denotes this distinction. However, just like with the prompt, these colors are customizable and may be different on other terminals.

Question 3 requires you to navigate to another directory. Again, we will use the cd command to change directories and the ls command to list the contents of this directory.

ls

Unlike with Questions 1 and 2, this time, the flag is not easily accessible as a text file. Instead, it is stored as a tar archive (aka tarball), identified by the “.tar” in the filename. You might be more familiar with zip files. Like a zip file, a tarball combines multiple files into a single file for easier storage and transfer. Unlike a zip file, a tarball cannot be compressed by default and often uses gunzip, identified by the “.gz” in the filename to provide the compression.

To view files inside the tarball, we will need to use the tar program to decompress and extract the files. The tar program will require us to configure certain settings, known as command line flags, when we run the command. When providing command line flags, a shorthand is often used where a single letter indicates a specific flag. The authors of each program will determine their own flags and how they are used. You will either need to remember the flags for each program or look them up when you need them. To specify a flag, you precede it with a hyphen.

For the tar program, the “z” flag indicates that decompression is needed. The “x” flag indicates that we are extracting a tarball. The “v” flag is optional and turns on verbose mode, which gives you additional information in the output when the program runs. The “f” flag is used to indicate that the filename will follow next.

The tar -zxvf flag.tar.gz command will decompress and extract the files from the tarball

If you read the output, you will notice ./flag and ./flag/flag3.txt listed. The ./flag/ result indicates that tar extracted a folder named “flag” since folders are explicitly identified by the backslash at the end. The ./flag/flag3.txt result indicates that there is a file named “flag3.txt” that is inside the “flag” folder. You will notice that there is now a “flag” folder inside the current directory. We can navigate into that folder and display the contents of flag3.txt.

cat flag3.txt

Question 4 requires you to navigate to the flag user’s home directory. In this case, flag user means the user named “flag”. Like on Windows or Mac, each user can keep their own private files which are stored in their respective home directories. You can navigate to these directories by visiting the /home/ directory. From here, the folder containing the flag user’s files can be accessed to obtain the answer to Question 4.

cat flag4.txt

Question 5 requires you to run the flag5 program. To do this, simply type in flag5 into the command line and hit enter.

flag5

Question 6 requires you to identify the full path to the flag5 program. Any non built-in program in the Linux Command Line is just a file that is stored somewhere on the computer. You can navigate to the specific folder where they reside and see them for yourself. To save the hassle of having to switch folders constantly to run different programs, the command line will search a preset group of folders on your behalf when you reference a program that is not in your current folder. You can find out where each program resides on the computer by using the which command.

which flag5

The result of the which command is the path to the program that you queried.

Questions

Dir

Prompt

Tutorial Video

Walk-Through

Background

Guide

Questions

What are the contents of flag1.txt, found in root's home directory?

What are the contents of flag2.txt, found in the root directory?

What are the contents of flag3.txt, found in an archive in /var/log?

What are the contents of flag4.txt, found in the flag user's home directory?

What flag is printed when you run the flag5 program?

What is the full path to the flag5 program?

What are the contents of flag3.txt, found in an archive in `/var/log`?