“Enumerate the Linux environment and look for interesting files that might contain sensitive data. Submit the flag as the answer.” I ran every command that was on the page and linenum + linpeas, but can’t find the file? am I suppose to escalate privileges? any hints would be much appreciated.
1 Like
It’s hard to guess the sensitive file name, so your best bet is to think what the flag would look like and craft your comment to ravage through all file content searching for the flag pattern.
1 Like
Hi there, hope I’m not spoiling too much, but
regex may help alot in this one.
1 Like
This is a very poorly designed lab exercise. The course, up till this point, provides no information on how to perform such an action. Based on the reading, you would expect participants to instead enumerate tmp directories, locate hidden files/folders, SUID/SGID files, etc. NOT write a one liner to located a flag. This may be the first flag a user ever submits, so how would they know to regex by searching for HTB{}?
5 Likes
please i need the command to use. i am stuck here. Thans
Basically, grep with a simple regex pattern should do it. Regex can have many dialects, depending on the system. Sometimes you have to escape such characters as curly braces. You can escape those with backslashes before them. One more little hint: look for custom bash scripts, in folders where they logically can belong (from an admin perspective).
1 Like
I am lost here. I tried grep -r “HTB”. Norhing came up.Please help with the guidelines if possibel the command.
You’ll succeed! This one is really easy. BTW if you are literally using the command above, you have two illegal characters there. Can you guess, which? Then, speaking more globally, with such tasks as these where we must find inside an unknown text file something specific and vague at the same time, our best bet usually is to ask a question, which types of files could we (incrementally) exclude, to make our search space smaller? Quite often those are so called binary files. I would like to recommend this excellent and short reading about how grep distinguishes between some of those different file types: Using grep While Excluding Binary Files | Baeldung on Linux
1 Like
I was able to get it. it is a grep command.Thanks everyone.
1 Like
Thank you! I didn’t know the flag had the structure “HTB{}”
This lab is rather irrelevant to what you learn. You can recursively search within files with grep and then list the filenames that match your search query to find the flag.
You can do this with:
grep -r -l 'search-query-here' /path/to/search
Unless there was another way to find the file in question (I’d be glad to hear about it in a reply if anyone knows), the lab also assumes you know the flags generally are HTB{some-random-string}.
So armed with the knowledge of the general syntax of the flag, you can construct various search patterns to find it. You could use something like HTB{[^}]*}', which will find HTB{any-string}, but that’s more complicated than it has to be. So you could use something more simple like HTB{', which will just find any string that starts with HTB{.
Also, don’t forget to redirect the standard errors to null with 2>/dev/null.
So in summary, you could find the flag with one of these two commands (but try yourself before revealing!)
* grep -r -l 'HTB{[^}]*}' / 2>/dev/null
* grep -r -l 'HTB{' / 2>/dev/null
Then you can cat the result. If it was a big file (it isn’t in this case, but just for future reference) and you can’t be bothered scrolling through it, you could cat /file/ | grep HTB{ to just return the line with the flag.
8 Likes
find / -type f -print0 | xargs -0 grep -H ‘HTB{’
1 Like
I was so stuck until I found this thank you.
find / -type f -print0 | grep -r -l ‘HTB{[^}]*}’ / 2>/dev/null
Since it is part of the Linux PrivEsc module, I’ve escalated my privileges and I’ve become lab_adm. I don’t know if that’s a good thing or not, since the flag could be found from the htb-student.
P.S.: grep -EoR "HTB\{.*\}" / 2>/dev/null works for me.
thank a lot