Categories: Misc | Tags: Tryhackme

Original description

The goal of this room is to answer the questions about the following files:

• 8V2L
• bny0
• c4ZX
• D8B3
• FHl1
• oiMO
• PFbD
• rmfX
• SRSq
• uqyw
• v2Vb
• X1Uy

The aim is to answer the questions as efficiently as possible.

Create a variable with the filenames.

$ filenames="8V2L\nbny0\nc4ZX\nD8B3\nFHl1\noiMO\nPFbD\nrmfX\nSRSq\nuqyw\nv2Vb\nX1Uy"

To do this as efficiently as possible the files should only be searched for only once. Find the paths to these files and save them in a file.

$ echo "$filenames" | xargs -I{} sh -c 'find / -type f -name {}' 2>>/dev/null > paths

The “paths” file looks like this.

$ cat paths
/etc/8V2L
/mnt/c4ZX
/mnt/D8B3
/var/FHl1
/opt/oiMO
/opt/PFbD
/media/rmfX
/etc/ssh/SRSq
/var/log/uqyw
/home/v2Vb
/X1Uy

For some reason, the command did not find the path to the “bny0” file, but since that is the only file missing, it is acceptable to just keep that in mind and proceed with the questions.

1. Which of the above files are owned by the best-group group?

Use find command to check which files are owned by the group “best-group”.

$ cat paths | xargs -I{} sh -c 'find {} -group best-group'
/mnt/D8B3
/home/v2Vb

2. Which of these files contain an IP address?

Use grep to search for the IP address pattern inside the files.

$ cat paths | xargs -I{} sh -c 'grep -HEl "([0-9]{1,3}[\.]){3}[0-9]{1,3}" {}'
/opt/oiMO

3. Which file has the SHA1 hash of 9d54da7584015647ba052173b84d45e8007eba94

Compute the SHA1 hash for each of the files and search for the desired hash in the output with grep.

$ cat paths | xargs -I{} sh -c 'sha1sum {}' | grep 9d54da7584015647ba052173b84d45e8007eba94
9d54da7584015647ba052173b84d45e8007eba94  /mnt/c4ZX

4. Which file contains 230 lines?

Use wc to count the lines in each file and grep to search for the desired amount in the output.

$ cat paths | xargs -I{} sh -c 'wc -l {}' | grep 230

No output was returned. Running the same command without filtering the output shows that all of the files have 209 lines.

$ cat paths | xargs -I{} sh -c 'wc -l {}'
209 /etc/8V2L
209 /mnt/c4ZX
209 /mnt/D8B3
209 /var/FHl1
209 /opt/oiMO
209 /opt/PFbD
209 /media/rmfX
209 /etc/ssh/SRSq
209 /var/log/uqyw
209 /home/v2Vb
209 /X1Uy

Remembering that one file was missing and it’s safe to assume that the file “bny0” is the answer.

5. Which file’s owner has an ID of 502?

Use find command to check which files are owned by the user with a UID 502.

$ cat paths | xargs -I{} sh -c 'find {} -user 502'
/X1Uy

6. Which file is executable by everyone?

Use find to check which files have executable bit set for others class.

$ cat paths | xargs -I{} sh -c 'find {} -perm -o+x'
/etc/8V2L