Linux

Overview While practicing Linux fundamentals through OverTheWire-style wargames, I built a set of notes and small scripts focused on understanding how Linux systems behave from a security and attacker-observer perspective. This post does not contain level solutions or flags. Instead, it documents concepts, techniques, and automation patterns that are directly applicable to: penetration testing, CTF-style challenges, and real-world Linux enumeration. The goal is to show how to think, not what to solve. ...

Machine: Strutted Platform: Hack The Box Difficulty: Medium OS: Linux Focus: Apache Struts2 exploitation (CVE-2024-53677), file upload bypass, JSP web shell, reverse shell, credential disclosure, privilege escalation via misconfigured tcpdump sudo permissions Enumeration We begin the assessment with a full TCP port scan using nmap in order to identify exposed services: nmap -p- --min-rate=1000 -T4 10.10.11.59 This scan checks all TCP ports while increasing the scan speed using a higher timing template and minimum packet rate. ...

Reference & Disclaimer This article is based on my personal study notes from the Information Security Foundations track. Due to scope and readability constraints, theoretical explanations, command details, output interpretation, and script code examples are intentionally highly summarized in this article. For full explanations, complete command usage, real outputs, and detailed script implementations, readers are strongly encouraged to consult the full repository. Full repository: https://github.com/lameiro0x/pentesting-path-htb Introduction Linux privilege escalation starts with careful enumeration, then moves through environment weaknesses, permissions, services, and kernel internals. This guide blends theory with concrete commands you can reuse during post-exploitation. ...

Introduction Bash is the scripting language used to interact directly with Unix‑based operating systems through the shell. It allows administrators and security practitioners to automate repetitive tasks, chain command‑line utilities, and process large volumes of data efficiently. In modern environments, Bash is not limited to Linux systems, as Windows provides compatibility through the Windows Subsystem for Linux, enabling cross‑platform usage. In enterprise and security‑focused environments, Bash scripting becomes essential due to the scale and velocity of data handled daily. Analysts frequently rely on scripts to enumerate systems, filter logs, test connectivity, and orchestrate reconnaissance or defensive workflows. Instead of manually executing dozens of commands, a single well‑designed script can perform complex logic reliably and repeatably. ...