Level 01 25 login to the linux trainer:
trainer.threatsims.com 167.71.187.239
username: level0 password: level0
The password will be the login to level1
ssh level0@167.71.187.239 PW level0
====================================================================
|| ||
|| .--. Welcom to the Linux Trainer! ||
|| | o_o| ||
|| | ==>| To view the level instructions again ||
|| / / \ \ type: cat welcome_message ||
|| ( | | ) ||
|| /' |_____/'\ Getting Stuck? Need help with a level? ||
|| \___)--(___/ type: cat helpme ||
|| ||
|| Use "su - level#" to change levels ||
|| ||
|| feedback: nopresearcher@gmail.com ||
|| ||
|| ||
====================================================================
Welcome to Level 0
The password for the next level is in this user's home directory
ls -la
drwxr-x--- 2 level0 level0 4096 Mar 3 10:12 . drwxr-xr-x 26 root root 4096 Mar 5 10:06 .. -rw-r--r-- 1 level0 level0 220 Apr 18 2019 .bash_logout -rw-r--r-- 1 level0 level0 3526 Apr 18 2019 .bashrc -r--r----- 1 level0 level0 303 Jan 11 11:17 helpme -rw-r----- 1 level1 level0 34 Nov 29 18:07 level1_password -rw-r--r-- 1 level0 level0 807 Apr 18 2019 .profile -rw-r--r-- 1 level0 level0 68 Jan 6 10:14 su -rw------- 1 level0 level0 916 Jan 6 09:53 .viminfo -r--r----- 1 level0 level0 85 Mar 2 10:18 welcome_message
cat level1_password
4202c26842398c1d0772ed9eed195113
ssh level1@167.71.187.239 PW 4202c26842398c1d0772ed9eed195113
Welcome to Level 1
The password for the next level is in this user's home directory, but you may have to dig a bit.
ls -la
drwxr-x--- 4 level1 level1 4096 Mar 6 15:14 .
drwxr-xr-x 26 root root 4096 Mar 5 10:06 ..
-rw-r--r-- 1 level1 level1 220 Apr 18 2019 .bash_logout
-rw-r--r-- 1 level1 level1 3526 Apr 18 2019 .bashrc
drwx------ 3 level1 level1 4096 Mar 6 15:14 .gnupg
-r--r----- 1 level1 level1 371 Jan 11 11:18 helpme
-rw-r--r-- 1 level1 level1 807 Apr 18 2019 .profile
drwx------ 2 level1 level1 4096 Nov 29 18:07 some_directory
-r--r----- 1 level1 level1 117 Mar 2 10:18 welcome_message
cd some_directory/
ls -la
drwx------ 2 level1 level1 4096 Nov 29 18:07 .
drwxr-x--- 4 level1 level1 4096 Mar 6 15:14 ..
-rw-r----- 1 level2 level1 34 Nov 29 18:07 level2_password
cat level2_password
943430e07fd566bc96aa05fca3c96e48
logout
ssh level2@trainer.threatsims.com PW 943430e07fd566bc96aa05fca3c96e48
Welcome to Level 2
The password for the next level is in this user's home directory, but you have to dig even deeper.
ls -la
drwxr-x--- 4 level2 level2 4096 Mar 6 15:15 .
drwxr-xr-x 26 root root 4096 Mar 5 10:06 ..
-rw-r--r-- 1 level2 level2 220 Apr 18 2019 .bash_logout
-rw-r--r-- 1 level2 level2 3526 Apr 18 2019 .bashrc
drwx------ 3 level2 level2 4096 Nov 29 18:07 dir
drwx------ 3 level2 level2 4096 Mar 6 15:15 .gnupg
-r--r----- 1 level2 level2 842 Jan 11 11:18 helpme
-rw-r--r-- 1 level2 level2 807 Apr 18 2019 .profile
-r--r----- 1 level2 level2 119 Mar 2 10:18 welcome_message
repeat cd dir ls until we're at cd ~/dir/another_dir/another_another_dir/some_directory ls
level3_password
cat level3_password
2cadca6148093c403d82396252b8c4db
got kicked packet_write_wait: Connection to 167.71.187.239 port 22: Broken pipe
ssh level3@trainer.threatsims.com PW 2cadca6148093c403d82396252b8c4db
Welcome to Level 3
The password for the next level is in this user's home directory, but you might not see it at first.
type: man ls read about files that start with a dot (.)
ls -lah
drwxr-x--- 3 level3 level3 4.0K Mar 6 15:16 .
drwxr-xr-x 26 root root 4.0K Mar 5 10:06 ..
-rw-r--r-- 1 level3 level3 220 Apr 18 2019 .bash_logout
-rw-r--r-- 1 level3 level3 3.5K Apr 18 2019 .bashrc
drwx------ 3 level3 level3 4.0K Mar 6 15:16 .gnupg
-r--r----- 1 level3 level3 353 Jan 11 11:18 helpme
-rw-r----- 1 level4 level3 34 Nov 29 18:07 .level4_password
-rw-r--r-- 1 level3 level3 807 Apr 18 2019 .profile
-r--r----- 1 level3 level3 181 Mar 2 10:18 welcome_message
cat .level4_password
72f6af6b0005adb15fbc91e1b140115f
su - level4
packet_write_wait: Connection to 167.71.187.239 port 22: Broken pipe
ssh level4@trainer.threatsims.com PW 72f6af6b0005adb15fbc91e1b140115f
ran
topfor fun packet_write_wait: Connection to 167.71.187.239 port 22: Broken pipe kworker/0:0H-kblockd
ssh level4@trainer.threatsims.com
ssh: connect to host trainer.threatsims.com port 22: Connection refused
ssh level4@trainer.threatsims.com
ssh_exchange_identification: Connection closed by remote host
ssh level3@trainer.threatsims.com PW 2cadca6148093c403d82396252b8c4db
the network.... not great RN
sign in as level3, su to level 4, finally got a password prompt. let's see how this goes.
let's work on things higher up on the scoreboard
NEW trainer boxes/ warboxes : 167.172.132.210 <- assigned 165.227.195.68 165.227.85.182
ssh level4@167.172.132.210 PW 72f6af6b0005adb15fbc91e1b140115f
The password for the next level is in this user's home directory, just like the last levels you might have to dig.
type: man ls read about files and folders that start with a dot (.)
ls -lah
drwxr-x--- 5 level4 level4 4.0K Mar 6 16:36 .
drwxr-xr-x 26 root root 4.0K Mar 6 16:23 ..
-rw-r--r-- 1 level4 level4 220 Apr 4 2018 .bash_logout
-rw-r--r-- 1 level4 level4 3.7K Apr 4 2018 .bashrc
drwx------ 2 level4 level4 4.0K Mar 6 16:36 .cache
drwx------ 3 level4 level4 4.0K Mar 6 16:36 .gnupg
drwx------ 2 level4 level4 4.0K Mar 6 16:24 .hidden_dir
-rw-r--r-- 1 level4 level4 807 Apr 4 2018 .profile
-r--r----- 1 level4 level4 436 Mar 6 16:24 helpme
-r--r----- 1 level4 level4 207 Mar 6 16:24 welcome_message
cd .hidden_dir/ ls -lah
drwx------ 2 level4 level4 4096 Mar 6 16:24 .
drwxr-x--- 5 level4 level4 4096 Mar 6 16:36 ..
-rw-r----- 1 level5 level4 34 Mar 6 16:24 .level5_password
cat .level5_password
7b6c2552940f47a27fbd729ae0e2893c
su - level5 PW 7b6c2552940f47a27fbd729ae0e2893c
Welcome to Level 5
For this level the password is in level6's home directory. Due to a persmissions error, the level5 user can access it. Think about the directories you have already seen and what file name patterns.
pwd
/home/level5
ls -lah /home/level6
ls: cannot open directory '/home/level6': Permission denied
ls -lah /home
drwxr-xr-x 26 root root 4.0K Mar 6 16:23 .
drwxr-xr-x 23 root root 4.0K Mar 6 16:16 ..
drwxr-x--- 3 level0 level0 4.0K Mar 6 16:34 level0
drwxr-x--- 4 level1 level1 4.0K Mar 6 16:35 level1
drwxr-x--- 2 level10 level10 4.0K Mar 6 16:26 level10
drwxr-x--- 2 level11 level11 4.0K Mar 6 16:26 level11
drwxr-x--- 3 level12 level12 4.0K Mar 6 16:38 level12
drwxr-x--- 2 level13 level13 4.0K Mar 6 16:27 level13
drwxr-x--- 2 level14 level14 4.0K Mar 6 16:27 level14
drwxr-x--- 2 level15 level15 4.0K Mar 6 16:27 level15
drwxr-x--- 2 level16 level16 4.0K Mar 6 16:27 level16
drwxr-x--- 2 level17 level17 4.0K Mar 6 16:27 level17
drwxr-x--- 2 level18 level18 4.0K Mar 6 16:39 level18
drwxr-x--- 3 level19 level19 4.0K Mar 6 16:28 level19
drwxr-x--- 4 level2 level2 4.0K Mar 6 16:35 level2
drwxr-x--- 3 level20 level20 4.0K Mar 6 16:28 level20
drwxr-x--- 2 level21 level21 4.0K Mar 6 16:29 level21
drwxr-xr-x 2 level22 level22 4.0K Mar 6 16:23 level22
drwxr-x--- 3 level3 level3 4.0K Mar 6 16:35 level3
drwxr-x--- 5 level4 level4 4.0K Mar 6 16:36 level4
drwxr-x--- 3 level5 level5 4.0K Mar 6 16:36 level5
drwxr-x--- 53 level6 level6 4.0K Mar 6 16:36 level6
drwxr-x--- 5 level7 level7 4.0K Mar 6 16:42 level7
drwxr-x--- 52 level8 level8 4.0K Mar 6 16:25 level8
drwxr-x--- 2 level9 level9 4.0K Mar 6 16:26 level9
drwxr-x--- 2 trainer trainer 4.0K Mar 6 16:22 trainer
Looks like level 6 hasn't been unlocked on this server. it hasn't moved back to the OG server, got it working
ssh level5@trainer.threatsims.com PW 7b6c2552940f47a27fbd729ae0e2893c
same info
cd /home/level6 ls -la
drwxrwxrwx 54 level6 level5 4096 Mar 6 16:47 .
drwxr-xr-x 26 root root 4096 Mar 5 10:06 ..
-rw-r--r-- 1 level6 level6 0 Mar 6 16:45 8
-rw-r--r-- 1 level7 level6 220 Apr 18 2019 .bash_logout
-rw-r--r-- 1 level7 level6 3526 Apr 18 2019 .bashrc
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir1
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir10
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir11
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir12
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir13
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir14
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir15
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir16
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir17
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir18
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir19
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir2
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir20
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir21
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir22
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir23
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir24
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir25
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir26
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir27
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir28
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir29
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir3
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir30
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir31
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir32
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir33
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir34
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir35
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir36
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir37
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir38
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir39
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir4
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir40
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir41
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir42
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir43
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir44
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir45
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir46
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir47
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir48
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir49
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir5
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir50
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir6
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir7
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir8
drwxr-x--- 52 level7 level6 4096 Nov 29 18:07 dir9
drwx------ 3 level6 level6 4096 Mar 6 15:52 .gnupg
-r--r----- 1 level6 level6 482 Jan 11 11:18 helpme
-rw------- 1 level6 level6 28 Mar 6 16:47 .lesshst
-rwxrwxrwx 1 level6 level5 34 Nov 29 18:07 level6_password
drwxr-xr-x 3 level6 level6 4096 Dec 30 12:33 .local
-rw-r--r-- 1 level7 level6 807 Apr 18 2019 .profile
-r--r----- 1 level6 level6 305 Mar 2 10:19 welcome_message
cat level6_password
7cb1963d316b9a302cf6c204d35b7302
ssh level6@167.172.132.210 PW 7cb1963d316b9a302cf6c204d35b7302
Welcome to Level 6
The password for the next level is in this user's home directory, however this time there are too many directories to manually dig through. For this level you will need the find command and search for a file that has pass in the title.
type: man find read searching for filenames
I know how to find. But I want to figure out how to look at a flattened file tree
find . -name "password" nothing
find /home/level6 -name "password" still nothing
level6@trainer4:$ find . -name "password"
level6@trainer4:$ find /home/level6 -name "password"
level6@trainer4:$ find /home/level6 -name "level"
level6@trainer4:$ find /home/level6 -name "pass"
level6@trainer4:$ find . -name "pass"
level6@trainer4:$
find -name level7_password
./dir13/subdir40/level7_password
cat ./dir13/subdir40/level7_password
RG8geW91IGV2ZW4gbGlmdCBicm8g <- FLAG
(for personal confusion, spent a moment on find) https://askubuntu.com/questions/621063/command-to-find-files-by-searching-only-part-of-their-names
find -name '*pass*'
./dir13/subdir40/level7_password
./level6_password