The find command-泓源视野

The find command

The find command插图

The find command ~ THM Writeup

The find command插图1

May 13, 2020·4 min read

I sincerely thanks the Tryhackme.com for creating such a platform for the cyber community!

The find command插图2

The find command插图3

This is a writeup for the room: The find command []

To be precise, the ‘find’ command is used to search for files in a directory hierarchy, and as the necessary explanation is available there, we will look at the tasks.

Note: The tasks are easy to solve on sight, but only few questions needs explanation for beginners and you can find them so!

TASK -1 : ?

TASK -2 :

#1 Find all files whose name ends with “.xml”

Ans: find / -type f -name “*.xml”

#2 Find all files in the /home directory (recursive) whose name is “user.txt”

Ans: find /home -type f -iname user.txt

#3 Find all directories whose name contains the word “exploits”

Ans: find / -type d -name “*exploits*”

TASK -3:

#1 Find all files owned by the user “kittycat”

Ans: find / -type f -user kittycat

#2 Find all files that are exactly 150 bytes in size

Ans: find / -type f -size 150c

Explanation: To sort the files by size, one can use ‘-size’. The size number ‘150’ is suffixed by ‘c’ denotes “bytes”.

#3 Find all files in the /home directory (recursive) with size less than 2 KiB’s and extension “.txt”

Ans: find /home -type f -size -2k -name “*.txt”

Explanation: To sort by kilobytes, the size number is suffixed with ‘k’ and due to the condition “less than”, final size denoted as ‘-2k’. In the extension, ‘*’ denotes to find all the files that contains that name ‘.txt’.

#4 Find all files that are exactly readable and writeable by the owner, and readable by everyone else (use octal format)

Ans: find / -type f -perm 644

Explanation: To sort by file permissions, one can use ‘-perm’. The file permissions can be represented in either symbolic or octal format (i.e. u=r [or] 644 ). On further breaking down, the number ‘6’ denotes the OWNER & the rest denotes the USER GROUP & OTHER USERS.

#5 Find all files that are only readable by anyone (use octal format)

Ans: find / -type f -perm /444

Explanation: The ‘444' is prefixed by ‘/’, so that it will match files that are readable and writable by at least one of the groups (owner, group, or others).

#6 Find all files with write permission for the group “others”, regardless of any other permissions, with extension “.sh” (use symbolic format)

Ans: find / -type f -perm -o=w -name “*.sh”

#7 Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (use symbolic format)

Ans: find /usr/bin -type f -user root -perm -u=s

#8 Find all files that were not accessed in the last 10 days with extension “.png”

Ans: find / -type f -atime +10 -name “*.png”

Explanation: To filter the file by DAYs of ACCESSING, ‘time’ is used prefixed with ‘-a’. As the requirement is that the file should NOT be accessed in last ‘10’ days, the number ‘10’ is prefixed with ‘+’.

#9 Find all files in the /usr/bin directory (recursive) that have been modified within the last 2 hours

Ans: find /usr/bin -type f -mmin -120

Explanation: To filter the file by HOURs of MODIFICATION, ‘min’ is used prefixed with ‘-m’. As the requirement is that the file should have been MODIFIED within last two hours, the hours in minutes is taken prefixed with ‘-120’.

TASK -4:

2> /dev/null

The above flag is used with findcommand to neglect the unwanted error that are displayed in the terminal, making the output bit legible to view. This is helpful when the search surface is bit huge

-exec

The above flag is used to execute any defined action, after performing the ‘find’ operation. Remember the privilege escalation bug in sudo!!! ?

IF YOU FIND THIS ARTICLE USEFUL, MAKE A CLAP. I’ LL BE WRITING MORE USEFUL ARTICLES!

Reference:

本文由 泓源视野 作者:admin 发表,其版权均为 泓源视野 所有,文章内容系作者个人观点,不代表 泓源视野 对观点赞同或支持。如需转载,请注明文章来源。
15

发表评论

Protected with IP Blacklist CloudIP Blacklist Cloud
您是第8231734 位访客, 您的IP是:[18.97.14.87]