Dr. Brian Robert Callahan
academic, developer, with an eye towards a brighter techno-social life
In order to do good work on my own cybersecurity teaching platform, I should learn how others do it. TryHackMe was recently brought to my attention, so I signed up to see what it might offer. I will be posting solutions here so spoilers ahead!
The Learn Linux room only has one "real" flag, Task 43. Here is how I solved it:
shiba4 user and immediately tried to sudo cat /root/root.txt. But shiba4 wasn't in the sudoers file. So I tried the shiba3, shiba2, and shiba1 users, none of which were in the sudoers file.ls /home to see what other users there might be. There is a noot and a nootnoot user. So I chose nootnoot to start and looked in their /home directory with ls -a. There was a hidden file .sudo_as_admin_successful so I figured that nootnoot might be in the sudoers file.find / -user nootnoot to see if there were any files hiding in the filesystem like we had to do for Task 33. No luck. But I remembered that each password was able to be learned from the previous user (i.e., shiba2's password was discovered with files owned by shiba1). So I re-ran find / -user shibaX, where X was replaced with 1, 2, 3, and 4. Success was found with shiba2: /var/log/test1234.su shiba2 and then cat /var/log/test1234 which informed us that the password for the nootnoot user was notsofast.su nootnoot.sudo cat /root/root.txt. What is contained in that file is the flag. :)
