A Challengers Handbook

by

Caesum

Linux

Many challenges incorporate some kind of Linux challenge. I have tried several versions of the OS myself, and recently have found Knoppix to be an interesting version. Knoppix boots from a CD and so there is no need to mess around with boot partitions, disks, etc. Dont expect it to be quick, its just useful for the occasional foray. This is not to say that most Linux challenges actually require you to use Linux, but rather to demonstrate some knowledge of the OS.

Many challenges have some kind of emulation of a Linux command prompt, just like the DOS prompt in many respects only we use different commands there. First of all if you are asked to log in; if you do not have a username then guest/ anon/ anonymous/ ftp are the first things to try, with identical passwords.

Linux is supposedly the most stable and secure operating system and so inevitably most challenges want you to emulate the simplest hacks of the OS. So first we need to consider basic OS commands. Linux users will normally overload you with commands and switches and if you look into something like the ls command then you will find that it has many many switches, the vast majority of which are utterly pointless.

  • "ls" and "ls -al". ls is the basic dir command, listing files. -a and -l are options (combined to -al for shorthand) which are the most useful. -a means all files. Ordinarily any files beginning with a dot will not show up in a standard ls listing, like hidden files in DOS. -l means in long format and it will show you who the file owner is and the permissions of a file. A filename that has permissions like drwxrwxrwx means: d=directory or -=file or l=symbolic link to a file, rwx means read write and execute permissions. The permissions appear three times, the first set is user, then group and then world. If you see a file like '-rw-------' with a usename next to it like 'root' then only the root user can read/write it. Basically if you try to view a file and get 'permission denied' then you need to find another way.
  • "cd". cd is pretty much the same as the DOS cd command and changes current directory. "cd .." moves down one level as in DOS. "cd /" takes you to the lowermost level. Combining "cd" and "ls" you can now look at the whole filesystem.
  • "cat". cat is the command to view the contents of a file. "cat filename" will dump it to the screen.
  • Just a note on running executable files in Linux. Most executable files will be found in /bin and you can just type the name to run them. If you have a file elsewhere that you would like to run then normally it wont be found on the path and so you need to specify the pathname as well, so "./file" will run "file" in current directory ".".

    Passwd files. A lot of Unix/Linux challenges are about passwd files (/etc/passwd) which list usernames and encrypted passwords. The encryption is one-way and the OS checks your password when you log in by crypt(entered password)==stored password in passwd file ? The only way to get the original password back is to brute force guess it. To do that you will need John the Ripper or jtr as it is widely known. John is a sophisticated password guessing tool. In general you need to study this tool in depth to get the most out of it. Most challenge sites seem to think its a necessary attribute to be able to run jtr for hours on end. A good wordlist and a good set of rules will get you results, blind bruteforce will not and is generally a last resort. This file contains my preferred wordlist and rules. Jtr can also be used for other things, for example the KMd5 md5 hash cracker can be coupled to jtr to use stdin/stdout to run its wordlist and crack MD5 hashes.

    I've linked to 'Hacking linux exposed' which is a good introduction to many subjects - user privileges, password cracking, linux files and structures, dns, tcp/ip etc etc.

    Back to Contents