HTB- Linux Fundamentals

3 min readAug 7, 2023

Module: System Information

Here is a list of the necessary tools that will help us get the structure and the information about the system, its processes, network configurations, users, directories, user settings, and the corresponding parameters

Hostname

The hostname command is pretty self-explanatory and will just print the name of the computer that we are logged into

username@htb[/htb]$ hostname

nixfund

Whoami

This quick and easy command can be used on both Windows and Linux systems to get our current username. During a security assessment, we obtain reverse shell access on a host, and one of the first bits of situational awareness we should do is figuring out what user we are running as. From there, we can figure out if the user has any special privileges/access.

cry0l1t3@htb[/htb]$ whoami

cry0l1t3

Id

The id command expands on the whoami command and prints out our effective group membership and IDs.
Penetration testers looking to see what access a user may have and sysadmins looking to audit account permissions and group membership.

>> In this output:
i.) the hackthebox group is of interest because it is non-standard,

ii.) the adm group means that the user can read log files in /var/log and could potentially gain access to sensitive information, membership in the sudo group is of particular interest as this means our user can run some or all commands as the all-powerful root user.

iii.) Sudo rights could help us escalate privileges or could be a sign to a sysadmin that they may need to audit permissions and group memberships to remove any access that is not required for a given user to carry out their day-to-day tasks.

cry0l1t3@htb[/htb]$ id

uid=1000(cry0l1t3) gid=1000(cry0l1t3) groups=1000(cry0l1t3),1337(hackthebox),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare)

Uname

If we type man uname in our terminal, we will bring up the man page for the command, which will show the possible options we can run with the command and the results.

Running uname -a will print all information about the machine in a specific order: kernel name, hostname, the kernel release, kernel version, machine hardware name, and operating system. The -a flag will omit -p (processor type) and -i (hardware platform) if they are unknown.

Example : -a flag

cry0l1t3@htb[/htb]$ uname -a

Linux box 4.15.0-99-generic #100-Ubuntu SMP Wed Apr 22 20:32:56 UTC 2020 x86_64 GNU/Linuxp flag:

From above , we can interpret that the kernel name is Linux, the hostname is box, the kernel release is 4.15.0-99-generic, the kernel version is #100-Ubuntu SMP Wed Apr 22 20:32:56 UTC 2020,machine hardware namex86_64, and so on.

Uname to Obtain Kernel Release

Suppose we want to print out the kernel release to search for potential kernel exploits quickly. We can type uname -r to obtain this information.

cry0l1t3@htb[/htb]$ uname -r

4.15.0-99-generic

Questions:

To solve these questions you first need to connect to the ssh with the given login credentials.

Find out the machine hardware name and submit it as the answer.

x86_64

Explanation : To find out the hardware name either, you can use the
‘uname -m’ command or else the just simple ‘uname’.

2. What is the path to htb-student’s home directory?

/home/htb-student

Explanation : Use PWD command

3. What is the path to the htb-student’s mail?

var/mail/htb-student

Explanation : For this we can either use ‘env’ or else
cd /var/mail

4. Which shell is specified for the htb-student user?

/bin/bash

Explanation : Navigate to /etc/passwd

5. Which kernel version is installed on the system? (Format: 1.22.3)

4.15.0

Explanation : use command ‘uname -r’

6. What is the name of the network interface that MTU is set to 1500?

ens192

Explanation: Use command ‘ifconfig’ or also use ‘ifconfig -a’