Linux Luminarium

As agreed, I would not be doing any write-ups for pwn.college because that’s against the ground rules for their generously offered free educational material. That being said, I do want to keep record of the core skills I’ve gained through each section of their course in such a way that the notes won’t take away from the challenges - because it’s in the struggling that learning really happens.

Earning my 🐧 (2024 September 19)

Having only completed the white belt and Linux Luminarium so far, I can already say that if the rest of the material is this good, then this content is a steal. If you’re interested in learning this kind of material at all and it’s still available by the time you read this, sign up and start as soon as you can. Though it is but a small thing, I was absolutely delighted to see the little penguin emoji badge pop up next to my user name when I completed this section. I hope you feel the same way as your skills grow and you receive marks of your progress.

Notes from the Linux Luminarium

A. Hello Hackers

What the ‘shell prompt’ is
user ($) vs root (#) privilege indication
$ whoami command to print the indication
How to invoke commands in the shell
echo to print desired text in the terminal

B. Pondering Paths

Understanding file paths
The root directory (/)
Invoking a program by providing its path to the CLI
Absolute vs Relative file paths - and invoking commands/programs from these paths
pwd to print the working directory in the terminal - the concept of cwd as ‘current working directory’
.. as the parent directory - one directory level up from the current working directory
. as the current directory
~ is the ‘/home/user` directory

C. Comprehending Commands

cat to read out files (even multiples files with $ cat first second)
cat a file using an absolute path from a different cwd
grep SEARCH_STRING /path/to/file to find specific file contents
ls to list the contents of a directory
touch to create files
rm to remove files
ls -a to list hidden files as well
mkdir to create a directory in the cwd
find to find files - no criteria = find every file in the cwd
- $ find -name <file-name> to find a specific file
- $ find / -name <file-name> to search the whole system for the file name
Symbolic links (hard links and soft links)
- ln -s <base/file/path> <new/target/file/path> to create a symbolic link
- Now when you interact with the target file, it’s like you’re interacting with the original file
- file <new/target/file/path> will tell you whether it’s a symbolic link and where the file it links to is located
Creating a symbolic link to a file and interacting with that symbolic link to access a file you may not have permissions for

D. Digesting Documentation

How to add arguments like -a to linux commands
Adding arguments to further specify what an option (like -f) should do
Using man to access a command’s manual page, containing its Name, Synopsis, Description, etc.
Searching man with / or searching backwards with ? - and navigating forward and backward through matches with n and N
Searching through available man pages with man -k <key-word> and printing matching man pages
Using the -h / --help option
List shell builtins (commands built into the shell itself) with $ help and $ help <builtin-name>

E. File Globbing

Use globbing when you’re tired of fully typing out file paths
* as the “anything that matches what came before or after” wildcard
? as the “single character” wildcard (only fills as many characters as there are ?’s)
Characters within [] as “any ONE of ONLY these characters” (for individual files AND paths)
Exclusion of characters with [!...] or [^...]

F. Practice Piping

Redirecting output with > to overwrite file contents
Redirecting output with >> to append standard output to a destination
File Descriptor (FD) numbers - 0 = Std Input, 1 = Std Output, 2 = Std Error
Redirecting stdout with 1> and stderr with 2>
Redirecting different outputs to different files from the same command
- e.g. $ a_command > stdout.log 2> stderr.log
Redirecting output to programs using <
- e.g. $ echo yo > message then
- e.g. $ rev < message - the stdout of message is directed to the rev command
| pipe operator to take stdout from the first command and pass it to the stdin of the next command
>& to redirect a FD to another FD, and using it to redirect stderr to the stdout
- e.g. $ 2>% 1 –> $ command 2>& 1 | grep 'target' to take the stderror from the command, change it to stdout, which only then can we grep through the contents for what we’re looking for
$ tee to duplicate piped data
- e.g. $ echo hi | teel pwn college so now both pwn and college contain ‘hi’
$ tee inline to debug
- e.g. $ command_1 | tee cmd1_output | command_2 to not only pass the command_1 stdout to command_2, but also to a file so we can see what’s going on in case there are errors
“Everything is a file” - linux gives file-like access to most resources
Process substitution with >(command)
$ rev takes stdin and writes the reverse as stdout

G. Shell Var

By default, variables that you set in the shell session ar local to that shell process - other commands won’t inherit them
Call shell variables with $VARNAME
Print in the shell with $ echo
Assigning variables with = (no spaces around the =)
Using " around multi-word variable assignments
sh to invoke a child shell process
export VAR to export the VAR to the environment
env to print every exported variable in the shell
Command substitution with $() - the output of the command is stored as a variable!!
- e.g. $ echo $(pwd)
read to read user input; the -p option allows us to specify a prompt
- e.g. $ read -p "INPUT: " MY_VARIABLE
- e.g. INPUT: your-input
- e.g. $ echo "You entered: $MY_VARIABLE
- e.g. You entered: your-input
Reading files with :
- $ echo 'test' > file
- $ read VAR < file - this reads the contents of ‘file’ INTO the VAR variable!
- $ echo $VAR
- test

H. Processes and Jobs

List processes with $ ps
- PID = Unique process identification number
- TTY = The terminal the process is running on
- CPU TIME = The CPU time the process is using
- -ef to list EVERY process in the FULL FORMAT
- -a to list processes for all users
- -u to list processes in a user-readable format
- -x to list processes not running in the terminal
- -aux for all three options combined
$ kill <PID> to terminate the program in a manner that allows it to get its affairs in order
Interrupt terminal processes with aka CTRL + c
Suspend processes to the background with
Resume the suspended process with $ fg
Resume processes and put it in the background with $ bg
- Viewing processes with $ ps -o
- STAT
- S = sleeping, waiting for input
- T = suspended by
- R = running
- R+ = running in the foreground
Bringing a bg process to the fg with $ fg
Starting a process straight into the background with & at the end of the command
- e.g. $ sleep 256 &
Exit codes rn when a code finishes running and terminates
- Access the exit code of the most-recently terminated command using $ echo $?
- Success = 0
- Failure = 1

I. Perceiving Permissions

Seeing more details about a directory’s contents with $ ls -l including what the listed item is, permissions, owner, group,
- a normal file, d = a directory
Permissions: 3 for the user, 3 for the group, 3 for others
Ownership user and ownership group
Permissions User-Group-Public –> READ = 4, WRITE = 2, EXECUTE = 1
- e.g. 777 = User, Group, and Others can read, write and execute the file
- e.g. 700 = User can read, write and execute the file, but no one else can
- e.g. 544 = User can read and execute, group and others can read
$ chown to change ownership of the files - $ chown <username> <file>
Check which groups you’re in wiht $ id
Change group access to a file with $ chgrp <group> <file>
Changing permissions with $ chmod (options) <file>
- who+/-what e.g. r+x,g+wx OR o-rwx OR a+r or something like that
- NOTE: You usually need write permissions in order to change its permissions
Setting permissions with $ chmod u=rwx,g=r <file>
- zero out permissions with =-

J. Untangling Users

’s’ in a permission means it is executable as though you were the owner by using the $ sudo command
- NOTE: Setting s to a root-owned file can give attackers a vector to BECOMING THE ROOT (this is dangerous)
Elevate to root privileges with the $ su command and the root password
Switch the user with the $ su <user-name> command and that user password
Passwords used to be in the /etc/passwd, but they’re now in /etc/shadow, which is not globally readable
- - or ! means that password login for the account is disabled
- Blank means there is no password - NOTE: *This allows some password-less su, leading to huge security issues~
- Listed passwords may be hashed (unreadable the way they are displayed)
  - Password checks happen as the system taking your input, one-way hashing it, and comparing that to the stored hash value
- Often times backups of systems are stored in under-secured servers
  - Leaked /etc/shadow file can be used as a vector to crack passwords
$ sudo to run commands as root, but not actually change to root
- The system checks whether the user is in the /etc/sudoers group

K. Chaining Commands

Separating commands with ;
- This is like entering both commands before anything is executed
- e.g. $ echo COLLEGE > pwn; cat pwn
- COLLEGE
Shell scripts (.sh files) - function as a list of commands to run in the shell
- Run with $ bash x.sh
Redirecting your script output to another command
- > for stdout, >> to append stdout
- 2> for stderr, 2>> to append stderr
- < for stdin
- >& for redirecting to other File Descriptors
- | for piping the output to another command’s input
$ bash tells the shell to read the commands from your .sh script as shell commands
You can make your shell scripts executable and then invoke them with the file’s path

L. Pondering PATH

PATH is a special variable that stores a bunch of directory paths, in which the shell will search for programs’ corresponding commands. Without PATH, bash cannot find any of your commands. Be careful.
Changing the PATH to include another directory
- `$ PATH=’/home/my_commands’
Setting the path to only search a desired directory for bare bones script execution

Linux Luminarium (pwn.college)