 Alright, what is going on guys? Welcome back to another YouTube video, this time focusing on the Linux Offset Club Online Wargame. You can check it out at linux.offset.club with your web browser, just anywhere on the internet. And let's jump back into it. We are on level or user 4. Let me get into the folder that we dedicated for it. And user 4, if you can remember, was a SSH private key. We were connecting to it after we have modified the permissions on that file so that only we can view the private key. We were connecting to that account with user 4 at linux.offset.club, but we noted it had an identifier and using that tech eye, we were using the user 4.text as our private key. So without having to have to enter a password, because our private key is acting like that for us, we are logged in as user 4 here. Okay, cool. Nothing in LS by default. So let's use the hidden ones. Check out the hidden files there. LS tech A. Oh, hey, we can see a .git. Is this a git repository? I try to see if I get installed. Looks like we do have git installed in this server. It came back with a help file, not a command not found. So I can try like git log. Okay, not really a repository even though we have this .git folder. Whatever, let's check out that .git folder. Nothing in there. Oh, there's a hidden folder.noLook. Let's check that out. Oh boy, okay, there is whatever that is. I don't know if you remember the tactic from the last video, we used the star or the asterisk to act as a wild card and fill out whatever we needed it to. CD that. Okay, it worked again. More random garbage files. Again. Oh man. Okay, holy cow. There's just more stuff in this. You'll see this goes on and on and on forever and ever. So what I did at this point is I ran the find command and this is a lot of disgusting output, but you can see kind of at the top. It looks like a tree of files and folders as we drill down into the file system and all these really horribly named folders that are supposed to be difficult for us to type in and connect to or not connect to but change directory into and it goes and extends on and on and on. Eventually we see a dot password and a dot and a password dot text. Okay, so what I'm going to do now as kind of a cheap, cheap hack, not a hack, but a good, a good trick is use grep to find a pattern to find anything. And I'm going to use attack R capital R flag here to make it recursive. If you check that out in the man pages, it tells you that that is to read through every single file and every directory recursively. So if I use grep tack R, it'll look through every file. And if I want a pattern to search for as a period or the regular expression thing for just anything. Okay, it returned in this file all the way all the way all the way in this file structure to password dot text. It contains the string cloud gift Malta 49. Okay, cool. That must be our password for user five. So let's take note of that. And let's get back into user five. Let's try it. We don't need this tack I anymore, because we're just going to log into the password user five. And paste that password in cool, we're logged in that was the password user five. Now what have we got? Oh, we've got the password dot text just laying here, but we don't have the permission to read it. Okay, what is this? Hmm. So it looks like password dot text is owned by root and the group password. Everyone, or at least root can read it. And only the group password can read it and execute it to I don't know why you would ever execute a text file. But okay, what am I? Alright, we are user five in group challenges. Okay, so we can read this group dot text file, but we're not in the group password. So what is this group dot text file? Okay, it looks like a snippet of the man page for the SG command, which will let you execute commands as a different group ID. So not like where you may be used to like that SU command or pseudo like SU do, like you would to try and run a command as a super user or switch user or as another user SG will let us run a command as a different group. So let's check it out. Okay, kind of just to help message it says SG group, the group that we're trying to use. And looks like taxi in the command that we want. Okay, let's try that SG we know the group's name was password right. And we can use taxi ID just to see who we really are at this point if that if that evaluates if that works. It asks us for a password. Let's use the same one that we had from user five user five dot text, you can copy and paste that if you don't already have in your clipboard. Let's paste it here. And the ID command executed cool. So we are user five and now we're in the password group so that must be working properly we must be evaluating this command ID as the group, or as part of the group password as part of the password group. Okay, so let's update this command and now that we are running from the group password we should be able to read this password dot text file, because the permission state that anyone in the group password can see here can read it so let's try cat password dot text. Use the password that we have right now cool. And we get the password for user number six soft bone found 59 whatever. Let's call that user six dot text. So we eat. And let's jump to that user, paste that in there. Oh, I don't think I had it copied today. Did I not? Oh, no, I did. Okay, cool. It was just a slow connection. Let's close that guy. What have we got now password dot text is right in here. My connection is a little slow right now. Whoa, a lot of garbage a lot of nonsense. Okay, big binary file or stuff that we just can't read. Let's control C to break out of that cool. So let's use some capture the flag mindset here. I don't want all of the contents of this file. I just want the plain text readable strings. And we can check those out with the strings command. I'm gonna run this here. Looks like it's getting some new line characters. Oh, but it does get what looks like a password for user seven. Sweet. Let's let's take note of that one. Disconnect connect back to user seven login with that password and we're in awesome. Cool. Another quick video. Hope you guys enjoyed this one. Just run through the users and the challenges in the Linux offset club war game. Thanks for watching guys. We'll jump into users, I guess, six through nine or like seven through nine now. Yeah, whatever whatever we got next the next three who cares. All right. See y'all later. Yeah.