Linux CTF

Difficulty: Medium
2024-08-01 by Rashad Aliyev

Linux CTF Virtual Machine Linux CTF (Capture the Flag) competition, featuring 16 challenging questions designed to test and enhance Linux skills.

Questions

Exam 0: The purpose of this level is to access the server using SSH. The host you need to connect to is the Attack server provided to you, you need to SSH into it on port 2221. Username is exam0 and password is exam0. Answering a question will activate the question for the next level.
Question: What is the password for user exam0?

Exam 1: The password for the next level is stored in a file named "readme" located in the home directory. Use this password to log into the "exam1" account via SSH. Whenever you find a password for a level, use SSH (on port 2221) to log into that level and continue the exam.

Exam 2: To move to the next stage, the password of the exam2 user is in the file named - on the server.

Exam 3: To proceed to the next step, the password of the exam3 user is in the file called spaces in this filename on the server.

Exam 4: To proceed to the next step, the password of the exam4 user is in a hidden file in the inhere folder on the server.

Exam 5: To proceed to the next step, the password of the exam5 user is in the human-readable file in the inhere folder on the server.

Exam 6: To proceed to the next stage, the password of the exam6 user is in the file that meets these conditions in the inhere folder.
human-readable
1033 bytes in size
not executable


Exam 7: To move to the next stage, the password of the exam7 user is somewhere on the server in a file that satisfies these conditions.
owned by user exam7
owned by group exam6
Size 41 bytes


Exam 8: To proceed to the next step, the password of the exam8 user is in front of the word millionths in the data.txt file.

Exam 9: The password of the exam9 user to proceed to the next step is a text string used only once in the data.txt file.

Exam 10: The password of the exam10 user to proceed to the next step is in the data.txt file. In the human-readable sting of the file, you will find the password in the line with several = signs in front of it

Exam 11: To proceed to the next step, the password of the exam11 user is in base64 format in the data.txt file.

Exam 12: Home directory contains files passwords.old and passwords.new. The data in these two files is identical, only the data in one line has changed. The password of exam12 for the next stage is in the modified line in the passwords.new file.

NOTE: if you have solved this level and see “Byebye!” when trying to log into exam12, this is related to the next level, exam13

Don't forget to record the passwords somewhere.

Exam 13: The password of the exam13 user for the next stage is in the readme file in the home directory. There's just one problem, someone has changed the .bashrc file when logging in via SSH.

Exam 14: The password of the exam14 user for the next step is in the data.txt file in the home directory. Here, all lowercase (a-z) and uppercase (A-Z) letters are rotated by 13 positions.

Exam 15: The password of the exam15 user for the next stage is stored in the data.txt file, which is an archived hexdump many times.

Exam 16: The password of the exam16 user for the next stage is stored in the /etc/exam_pass/exam16 file and can only be read by the exam16 user. Now you have got the password for exam15, but the next step is to connect to localhost 2221 with the private SSH key in the current directory to go in and read the password from the /etc/exam_pass/exam16 file.


Question Points

Exam0: 200 points
Exam1: 40 points
Exam2: 40 points
Exam3: 40 points
Exam4: 20 points
Exam5: 4 points
Exam6: 40 points
Exam7: 40 points
Exam8: 40 points
Exam9: 20 points
Exam10: 20 points
Exam11: 40 points
Exam12: 60 points
Exam13: 8 points
Exam14: 100 points
Exam15: 120 points
Exam16: 60 points


Configuration

Open VirtualBox and in the VirtualBox Manager, navigate to the File menu at the top left corner and select Import Appliance.... In the Appliance to Import window, click the folder icon to choose a virtual appliance file to import. Browse to the location of your .ova file, select it, and click Open.

Review the Appliance Settings window that appears. Here, you can review and change the settings if necessary, such as the name of the virtual machine, CPU count, and memory allocation. Once you are satisfied with the settings, click Next and then Import to begin the import process. VirtualBox will start importing the .ova file, and this process may take a few minutes depending on the size of the .ova file and your system's performance. Once the import is complete, your virtual machine will be ready to use.


Information

Network
DHCP: Enabled
IP Address Assignment: Automatically assigned (visible upon server startup)

Access (for configuration)
Attack server (Linux CTF - Attack):
SSH port: 2221
user: finalexam
pass: Fnl3489xfk
sudo su (same password)

Questions server (Linux CTF - Questions):
CTF Panel (Admin access):
login: finexam
pass: Adm1n@pd2dw3

Change passwords after logging into the server


Flags

Question 0; user: exam0; flag: exam0
Question 1; user: exam1; flag: 27563978c4ecbad5d966ae5fc410a89e9c336db1
Question 2; user: exam2; flag: e6469b1f067abcaca3cbd313e094105332f377ad
Question 3; user: exam3; flag: 9786bbc519e76544bdda0a0e2f90bb256fbb2a0b
Question 4; user: exam4; flag: 77ce9a459e1d97044479c042625c74398cf3978c
Question 5; user: exam5; flag: b30af36d00bf3584df2eac87e91c309bfaf6220b
Question 6; user: exam6; flag: e5bd961943bcaf6365a87ba5c27338384efef35a
Question 7; user: exam7; flag: 5df6ce2d0c4c984bcabefcee3239a2a3a034aa70
Question 8; user: exam8; flag: 334a821c09bd76249a5e28b7afad1d670aa6f107
Question 9; user: exam9; flag: 6fadfa73f27c1fa9bad0bbde413fcf2d192ce079
Question 10; user: exam10; flag: baa199734364a4e0181a4ef8e28d7fa47ddcafd2
Question 11; user: exam11; flag: a53afc28f10283ee0d6e49e0fca82439ac99338c
Question 12; user: exam12; flag: e17e0ab14a905a8b6417dabd057bbf22170d5438
Question 13; user: exam13; flag: ce43d3f825521133020cf633930468670c2118cf
Question 14; user: exam14; flag: ff916c7d7af5dd23b31a2cb9f55613327c84c83c
Question 15; user: exam15; flag: bd3135cad784fe5eaedabb8e9792dd9f219d0872
Question 16; user: exam16; flag: 673ede67a530693d35fedc8e4ab36e494b7b607f


Resolving Duplicate IPs After Importing Multiple VMs

If you notice that all your imported VMs are showing the same IP address, this is likely due to the VMs having the same machine ID. Follow these steps to resolve the issue by changing the machine ID on each VM:
Open a Terminal on the VM:
Begin by accessing the terminal of the VM where you need to change the machine ID.

Check the Current Machine ID:
Run the following command to view the current machine ID:
cat /etc/machine-id
Remove the Existing Machine ID:
Execute the command below to remove the existing machine ID file:
sudo rm -f /etc/machine-id
Generate a New Machine ID:
Create a new machine ID using the following command:
sudo dbus-uuidgen --ensure=/etc/machine-id
Remove the D-Bus Machine ID File:
Remove the D-Bus machine ID file by running:
sudo rm /var/lib/dbus/machine-id
Generate a New D-Bus Machine ID:
Ensure the creation of a new D-Bus machine ID with the command:
sudo dbus-uuidgen --ensure
Reboot the VM:
Finally, reboot the VM to apply the changes:
reboot

After following these steps, your VM should now have a unique machine ID, which will prevent it from having the same IP address as other VMs.

Files

Open Virtual Appliance (OVA) package.

This script should change passwords but only use passwords that are exactly 40 symbols long. Default passwords should not be changed; only imported VM passwords should be altered.
Run the script exclusively on the imported "Linux CTF - Attack" Virtual Machine (VM).
Run Script:
chmod +x linuxctf.sh
sudo ./linuxctf.sh

Open Virtual Appliance (OVA) package.

To prepare the tasks, first, extract the file. Next, modify the CTF flags within the flags.json file according to your requirements. After making the necessary changes, archive all again as .zip. Then, log in to the Questions server as an admin. Navigate to the configuration section, select the backup option, and choose to import the updated file. Finally, wait for the process to complete.