missing / modified files?

hosakaa · May 18, 2021, 10:24pm

Hi,

am new to you but think I know a bit about Linux. The uptime of the machine with which I should work on the tasks was already over 8 days. Some files seem to be missing or modified. Are the VMs shared? Are there some that find it funny to delete files that are needed to solve the tasks? Example:

What is the inode number of the “shadow.bak” file in the “/var/backups” directory?

┌─[user183986@htb-eaztqlqwmp]─[/var/backups]
└─╼ $ls -a -l /var/backups/ | grep bak
┌─[✗]─[user183986@htb-eaztqlqwmp]─[/var/backups]

Doesn’t seem to exist or did I miss something?

Another example:

What is the index number of the “sudoers” file in the “/etc” directory?

$ls -i /etc/sudoers
18467 /etc/sudoers

But 18467 is the wrong answer.

Thanks for the effort.

hosakaa · May 19, 2021, 11:07am

I’m talking about the Academy courses, by the way. I have found something again that makes me wonder. The question is:

What is the name of the config file that has been created after 2020-03-03 and is smaller than 28k but larger than 25k?

──╼ $sudo find / -type f -name *.conf -newermt 2020-03-03 -size +25k -size -28k
/etc/postgresql/12/main/postgresql.conf
┌─[user183986@htb-iidsarhfy3]─[~]

No matter if I specify the file with full path or just the filename the answer is evaluated as wrong. As I said I am still new here and these things confuse me a bit. Maybe someone can give me a hint if I am on the wrong track or where the thinking error is. These things are piling up and I would like to complete the course.

newbody · May 22, 2021, 9:54am

I struggled so much with this shadow.bak. I realized after about an hour that I had initially ssh’ed to the target but had subsequently terminated connection after completing the first question. I just had to SSH back to the target and was able to get exactly what I needed. Not the first time I goofed and forgot to SSH

PoirsLJpHY · May 23, 2021, 3:53pm

In all of these examples it looks like your commands are good, but you’re searching on the Parrot machine (user183986@htb-eaztqlqwmp). You need to spawn the target system, ssh in with the provided credentials, and run the same commands on the target system.

primqt · July 3, 2022, 8:44pm

for find out the inode number you can use the fallowing commmand ls -li /var/backups/shadow.bak

MilosMarkovic · November 16, 2022, 8:30pm

I find out that my SSH connection is being stopped every time when I complete a specific task. In this case when I submitted my answer to the question “What is the name of the last modified file in the “/var/backups” directory?” my SSH connection was interrupted. And I could find shadow.bak file because of it. I had to go over again and enable SSH and from there everything went smoothly. I hope this helps.

mrrobot1 · March 17, 2023, 12:24pm

ls -i

butterz · November 12, 2023, 8:16am

Thanks! I realized my issue was similar. I was searching the virtual box instance instead of the target system. I entered the password wrong a few times and when the connection closed, I thought I was in, while I wasn’t.