Linux

Overview While practicing Linux fundamentals through OverTheWire-style wargames, I built a set of notes and small scripts focused on understanding how Linux systems behave from a security and attacker-observer perspective. This post does not contain level solutions or flags. Instead, it documents concepts, techniques, and automation patterns that are directly applicable to: penetration testing, CTF-style challenges, and real-world Linux enumeration. The goal is to show how to think, not what to solve. ...

Machine: Strutted Platform: Hack The Box Difficulty: Medium OS: Linux Focus: Apache Struts2 exploitation (CVE-2024-53677), file upload bypass, JSP web shell, reverse shell, credential disclosure, privilege escalation via misconfigured tcpdump sudo permissions Enumeration We begin the assessment with a full TCP port scan using nmap in order to identify exposed services: nmap -p- --min-rate=1000 -T4 10.10.11.59 This scan checks all TCP ports while increasing the scan speed using a higher timing template and minimum packet rate. ...

Introduction Linux privilege escalation starts with careful enumeration, then moves through environment weaknesses, permissions, services, and kernel internals. This guide blends theory with concrete commands you can reuse during post-exploitation. Enumeration First Enumeration gives you the attack surface and the likely paths to root. Focus on OS version, kernel version, running services, user context, sudo rights, and writable locations. System, Users, and Services Collect system and user context early, then expand to services and network state. These quick commands set the baseline and guide later steps. ...

Introduction Bash is the scripting language used to interact directly with Unix‑based operating systems through the shell. It allows administrators and security practitioners to automate repetitive tasks, chain command‑line utilities, and process large volumes of data efficiently. In modern environments, Bash is not limited to Linux systems, as Windows provides compatibility through the Windows Subsystem for Linux, enabling cross‑platform usage. In enterprise and security‑focused environments, Bash scripting becomes essential due to the scale and velocity of data handled daily. Analysts frequently rely on scripts to enumerate systems, filter logs, test connectivity, and orchestrate reconnaissance or defensive workflows. Instead of manually executing dozens of commands, a single well‑designed script can perform complex logic reliably and repeatably. ...