Linux priv esc Environment Enumeration help please

“Enumerate the Linux environment and look for interesting files that might contain sensitive data. Submit the flag as the answer.” I ran every command that was on the page and linenum + linpeas, but can’t find the file? am I suppose to escalate privileges? any hints would be much appreciated.

1 Like

It’s hard to guess the sensitive file name, so your best bet is to think what the flag would look like and craft your comment to ravage through all file content searching for the flag pattern.

1 Like

Hi there, hope I’m not spoiling too much, but
regex may help alot in this one.

1 Like

This is a very poorly designed lab exercise. The course, up till this point, provides no information on how to perform such an action. Based on the reading, you would expect participants to instead enumerate tmp directories, locate hidden files/folders, SUID/SGID files, etc. NOT write a one liner to located a flag. This may be the first flag a user ever submits, so how would they know to regex by searching for HTB{}?


Indeed the statement doesn’t point you in the right direction. Thanks for the tip @voidbyte

1 Like

please i need the command to use. i am stuck here. Thans

Basically, grep with a simple regex pattern should do it. Regex can have many dialects, depending on the system. Sometimes you have to escape such characters as curly braces. You can escape those with backslashes before them. One more little hint: look for custom bash scripts, in folders where they logically can belong (from an admin perspective).

1 Like

I am lost here. I tried grep -r “HTB”. Norhing came up.Please help with the guidelines if possibel the command.

You’ll succeed! This one is really easy. BTW if you are literally using the command above, you have two illegal characters there. Can you guess, which? Then, speaking more globally, with such tasks as these where we must find inside an unknown text file something specific and vague at the same time, our best bet usually is to ask a question, which types of files could we (incrementally) exclude, to make our search space smaller? Quite often those are so called binary files. I would like to recommend this excellent and short reading about how grep distinguishes between some of those different file types: Using grep While Excluding Binary Files | Baeldung on Linux

1 Like

I was able to get it. it is a grep command.Thanks everyone.

1 Like

Thank you! I didn’t know the flag had the structure “HTB{}”

1 Like

This lab is rather irrelevant to what you learn. You can recursively search within files with grep and then list the filenames that match your search query to find the flag.

You can do this with:

grep -r -l 'search-query-here' /path/to/search

Unless there was another way to find the file in question (I’d be glad to hear about it in a reply if anyone knows), the lab also assumes you know the flags generally are HTB{some-random-string}.

So armed with the knowledge of the general syntax of the flag, you can construct various search patterns to find it. You could use something like, which will find HTB{any-string}, but that’s more complicated than it has to be. So you could use something more simple like , which will just find any string that starts with HTB{.

Also, don’t forget to redirect the standard errors to null with 2>/dev/null.

So in summary, you could find the flag with one of these two commands (but try yourself before revealing!)

Then you can cat the result. If it was a big file (it isn’t in this case, but just for future reference) and you can’t be bothered scrolling through it, you could cat /file/ | grep HTB{ to just return the line with the flag.


I was so stuck until I found this thank you.

1 Like

Since it is part of the Linux PrivEsc module, I’ve escalated my privileges and I’ve become lab_adm. I don’t know if that’s a good thing or not, since the flag could be found from the htb-student.

1 Like

Hi guys. I actually don’t think you need to use grep. This exercise does test what you have learned in the module. Enumerate the /home directory. What is the other user? Enumerate his home directory carefully. He has used vim? Interesting. Check what he used vim for. The idea is not to be able to find a flag because in a real situation, you will not be searching for a flag with a well-defined structure. You will be searching for anythingi interesting and following any possible leads. So, I would advise doing the exercise without the use of grep.

I am curious about one thing. But the file containing the vim information is locked and only readable by the other user ? Then how would one use it?


Hi, for anyone else struggling with this, use grep from / with your specified search parameters and you will get the flag.

I join the question above from “ST0RM123494”, how to find out what another user used vim for.
What deductive methods should have been used in this assignment?

This is for section “Environment Enumeration”? Since I can’t see anything about the task asking about VIM.

Linux Privilege Escalation > Environment Enumeration > “List the Linux environment and find interesting files that may contain sensitive data. Send a flag as a response.”