SadServers: Linux, DevOps & SRE Labs | Job Interview Prep

Troubleshooting Scenarios: Hacking

Linux & Bash

- Linux commands, Bash scripting
- Systemd
- Networking, DNS
- Storage
- SSH, Firewall
- Libraries
- Cron and more...

Web Servers

- Nginx
- Apache
- HAProxy
- Caddy
- Gunicorn
- uWSGI
- HTTPS/TLS

Databases

- PostgreSQL
- MySQL
- SQLite
- Redis
- ClickHouse
- MongoDB
- etcd

Data Processing

- CSV
- JSON
- SQL queries

Docker

- Building images
- Multi-stage builds
- Volumes
- Networks
- Docker Compose
- Podman

Kubernetes

- kubectl
- Helm
- K8S Roles & Permissions
- Services
- Namespaces
- Deployments, StatefulSets
- ConfigMaps, Secrets

Tooling / Applications

- Git
- Rabbitmq
- Envoy
- Vault
- Harbor
- Prometheus
- Jenkins

Hacking

- Capture the Flag (CTF) Challenges
- Code Vulnerabilities
- Privilege Escalation

Languages

- Python
- Golang
- PHP
- Java
- Node.js
- C

hack

realistic / interviews new pro

Easy

#	Name	Time	Type
1	"Taipei": Come a-knocking	15 m	Hack	"Taipei": Come a-knocking Scenario: "Taipei": Come a-knocking Level: Easy Type: Hack Access: Email Description: There is a web server on port :80 protected with Port Knocking. Find the one "knock" needed (sending a SYN to a single port, not a sequence) so you can `curl localhost`. Test: Executing `curl localhost` returns a message with md5sum fe474f8e1c29e9f412ed3b726369ab65. (Note: the resulting md5sum includes the new line terminator: `echo $(curl localhost)`) Time to Solve: 15 minutes.

Medium

#	Name	Time	Type
1	"Paris": Where is my webserver?	15 m	Hack	"Paris": Where is my webserver? Scenario: "Paris": Where is my webserver? Level: Medium Type: Hack Access: Email Description: A developer put an important password on his webserver localhost:5000 . However, he can't find a way to recover it. This scenario is easy to to once you realize the one "trick". Find the password and save it in /home/admin/mysolution , for example: `echo "somepassword" > ~/mysolution` Scenario credit: PuppiestDoggo Test: `md5sum ~/mysolution` returns `d8bee9d7f830d5fb59b89e1e120cce8e` Time to Solve: 15 minutes.
2	"Constanta": Jumping Frog	20 m	Hack	"Constanta": Jumping Frog Scenario: "Constanta": Jumping Frog Level: Medium Type: Hack Access: Email Description: This is a "hacking" or Capture The Flag challenge. You need to copy the message at `/home/user3/secret.txt` into the `/home/admin/solution.txt` file. Test: Running `md5sum /home/admin/solution.txt` returns the hash `7fe16554d0b326309d980314cebc2994` The "Check My Solution" button runs the script /home/admin/agent/check.sh, which you can see and execute. Time to Solve: 20 minutes.
3	"La Rinconada": Elevating privileges	15 m	Hack	"La Rinconada": Elevating privileges Scenario: "La Rinconada": Elevating privileges Level: Medium Type: Hack Access: Email Description: You are logged in as the user "admin" without general "sudo" privileges. The system administrator has granted you limited "sudo" access; this was intended to allow you to read log files. Your mission is to find a way to exploit this limited sudo permission to gain a full root shell and read the secret file at /root/secret.txt Copy the content of /root/secret.txt into the /home/admin/solution.txt file, for example: `cat /root/secret.txt > /home/admin/solution.txt` (the "admin" user must be able to read the file). Test: As the user "admin", `md5sum /home/admin/solution.txt` returns `52a55258e4d530489ffe0cc4cf02030c` (we also accept the hash of the same secret string without an ending newline). The "Check My Solution" button runs the script /home/admin/agent/check.sh, which you can see and execute. Time to Solve: 15 minutes.
4	"Annapurna": High privileges	20 m	Hack	"Annapurna": High privileges Scenario: "Annapurna": High privileges Level: Medium Type: Hack Access: Email Description: You are logged in as the user admin. You have been tasked with auditing the admin user privileges in this server; "admin" should not have sudo (root) access. Exploit this server so you as the admin user can read the file /root/mysecret.txt Save the content of /root/mysecret.txt to the file /home/admin/mysolution.txt , for example: `echo "secret" > ~/mysolution.txt` Test: Running `md5sum /home/admin/mysolution.txt` returns `47ee165a2262476f6866902a93f2a41d`. (We also accept the md5sum of the same file without a newline at the end). The "Check My Solution" button runs the script /home/admin/agent/check.sh, which you can see and execute. Time to Solve: 20 minutes.

Hard

#	Name	Time	Type
1	"Roseau": Hack a Web Server	30 m	Hack	"Roseau": Hack a Web Server Scenario: "Roseau": Hack a Web Server Level: Hard Type: Hack Access: Email Description: There is a secret stored in a file that the local Apache web server can provide. Find this secret and have it as a /home/admin/secret.txt file. Note that in this server the admin user is not a sudoer. Also note that the password crackers Hashcat and Hydra are installed from packages and John the Ripper binaries have been built from source in /home/admin/john/run Test: `sha1sum /home/admin/secret.txt \|awk '{print $1}'` returns `cc2c322fbcac56923048d083b465901aac0fe8f8` Time to Solve: 30 minutes.
2	"Monaco": Disappearing Trick	30 m	Hack	"Monaco": Disappearing Trick Scenario: "Monaco": Disappearing Trick Level: Hard Type: Hack Access: Email Description: There is a web server on :5000 with a form. POSTing the correct form password into this web service will return a secret. Save this secret provided by the web page (not the password you sent to it) to /home/admin/mysolution, for example: `echo "SecretFromWebSite" > ~/mysolution` TIP: a developer worked on the web server code in this VM, using the same 'admin' account. Scenario credit: PuppiestDoggo Test: `md5sum /home/admin/mysolution` returns `a250aa19f16dda6f9fcef286f035ec4b` Time to Solve: 30 minutes.