Note:
- The questions are shortened for a cleaner view
- Questions that are straightforward will only have answers attached. Such questions can be easily answered by reading the documentation given in the room.
Task 1 - Introduction#
No answer needed
Task 2 - Physical Security#
1) What command can you use to create a password for the GRUB bootloader?#
Ans: grub2-mkpasswd-pbkdf2
2) What does PBKDF2 stand for?#
PBKDF2 (Password-Based Key Derivation Function 2) is ==a cryptographic standard that securely turns a password or passphrase into a long, strong cryptographic key, primarily by applying a pseudorandom function (like HMAC) iteratively with a unique salt and a high number of rounds (iterations)==. Its purpose is to make brute-force attacks computationally expensive and slow, protecting stored passwords and creating encryption keys, and is defined in RFC 2898.
Ans: Password-Based Key Derivation Function 2
Task 3 - Filesystem Partitioning and Encryption#
1) What does LUKS stand for?#
Ans: Linux Unified Key Setup
2) What is the flag in the secret vault?#
Step 1: Decrypt/Open the Encrypted Image with cryptsetup#
Use cryptsetup to decrypt the image file.
sudo cryptsetup open /home/tryhackme/secretvault.img myvaultopen: Opens/decrypts the LUKS container/home/tryhackme/secretvault.img: The encrypted filemyvault: The name for the decrypted device mapping- When prompted, enter the password:
2N9EdZYNkszEE3Ad
After this command, the decrypted device will be available at /dev/mapper/myvault
Step 2: Mount the Decrypted Device#
Now mount the decrypted device
sudo mount /dev/mapper/myvault myvaultStep 3: Access the Files#
Now you can read the files:
ls myvaultAns: THM{LUKS_not_LUX}
Task 4 - Firewall#
1) It is allowing another TCP port; what is it?#
Run the following command:
sudo ufw statusStatus: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
14298/udp ALLOW Anywhere
12526/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
14298/udp (v6) ALLOW Anywhere (v6)
12526/tcp (v6) ALLOW Anywhere (v6) Ans: 12526
2) What is the allowed UDP port?#
Ans: 14298
Task 5 - Remote Access#
1) What flag is hidden in the sshd_config file?#
I used grep to search through the file to make it easier:
grep "THM" /etc/ssh/sshd_config
# THM{secure_SEA_shell}Ans: THM{secure_SEA_shell}
Task 6 - Securing User Accounts#
1) What is the suggested value to use for the shell?#
Ans: /sbin/nologin
2) What is the name of the RedHat and Fedora systems sudoers group?#
Ans: wheel
3) What is the name of the sudoers group on Debian and Ubuntu systems?#
Ans: sudo
4) Other than tryhackme and ubuntu, what is the username…?#
The following command lists all users in sudo group:
getent group sudoAns: blacksmith
Task 7 - Software and Services#
1) Besides FTPS, what is another secure replacement for TFTP and FTP?#
Instead of Telnet, the SSH protocol is now widely available. For example, the Secure File Transfer Protocol (SFTP) protocol provides a great alternative to the TFTP protocol. The critical point is that a secure alternative is selected and used.
Ans: SFTP
Task 8 - Update and Upgrade Policies#
1) What command would you use to update an older Red Hat system?#
Ans: yum update
2) What command would you use to update a modern Fedora system?#
Ans: dnf update
3) What two commands are required to update a Debian system?#
Ans: apt update && apt upgrade
4) What does yum stand for?#
Ans: Yellowdog Updater, Modified
5) What does dnf stand for?#
Ans: Dandified YUM
6) What flag is hidden in the sources.list file?#
For some reason there was no flag when I was doing the room but this command would have worked:
grep "THM" /etc/apt/sources.listAns: THM{not_Advanced_Persistent_Threat}
Task 9 - Audit and Log Configuration#
1) What command can you use to display the last 15 lines of kern.log?#
Ans: tail -n 15 kern.log
2) What command can you use to display the lines containing…?#
Ans: grep denied secure
