─[eu-academy-1]─[10.10.14.140]─[htb-ac-2126681@htb-xfny1nxvss]─[~]
└──╼ [★]$ ssh htb-student@10.129.71.40
The authenticity of host '10.129.71.40 (10.129.71.40)' can't be established.
ED25519 key fingerprint is SHA256:PHsjpBEAl6hSCzjVohppUybupbLXdBZy8FqtwlMpmjU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.129.71.40' (ED25519) to the list of known hosts.
htb-student@10.129.71.40's password:
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-123-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon Sep 8 16:34:25 UTC 2025
System load: 0.21 Processes: 155
Usage of /: 51.0% of 6.76GB Users logged in: 0
Memory usage: 21% IP address for ens192: 10.129.71.40
Swap usage: 0%
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
0 packages can be updated.
0 updates are security updates.
Last login: Wed Sep 23 22:09:41 2020 from 10.10.14.6
What is the name of the hidden "history" file in the htb-user's home directory?
htb-student@nixfund:~$ cd /var/backups
htb-student@nixfund:/var/backups$ ls -lt
total 2160
-rw-r--r-- 1 root root 41872 Nov 12 2020 apt.extended_states.0 ***
-rw-r--r-- 1 root root 4437 Nov 12 2020 apt.extended_states.1.gz
-rw-r--r-- 1 root root 742750 Nov 11 2020 dpkg.status.0
-rw-r--r-- 1 root root 206270 Nov 11 2020 dpkg.status.1.gz
-rw-r--r-- 1 root root 206270 Nov 5 2020 dpkg.status.2.gz
-rw-r--r-- 1 root root 206270 Nov 5 2020 dpkg.status.3.gz
-rw-r--r-- 1 root root 206270 Nov 5 2020 dpkg.status.4.gz
-rw-r--r-- 1 root root 206270 Nov 5 2020 dpkg.status.5.gz
-rw-r--r-- 1 root root 206270 Nov 5 2020 dpkg.status.6.gz
-rw-r--r-- 1 root root 51200 Oct 29 2020 alternatives.tar.0
-rw-r--r-- 1 root root 4623 Oct 22 2020 apt.extended_states.2.gz
-rw-r--r-- 1 root root 2497 Oct 16 2020 alternatives.tar.1.gz
-rw-r--r-- 1 root root 4601 Oct 15 2020 apt.extended_states.3.gz
-rw-r--r-- 1 root root 2492 Sep 24 2020 alternatives.tar.2.gz
-rw-r--r-- 1 root root 367 Sep 23 2020 dpkg.statoverride.0
-rw-r--r-- 1 root root 229 Sep 23 2020 dpkg.statoverride.1.gz
-rw-r--r-- 1 root root 229 Sep 23 2020 dpkg.statoverride.2.gz
-rw-r--r-- 1 root root 229 Sep 23 2020 dpkg.statoverride.3.gz
-rw-r--r-- 1 root root 229 Sep 23 2020 dpkg.statoverride.4.gz
-rw-r--r-- 1 root root 229 Sep 23 2020 dpkg.statoverride.5.gz
-rw-r--r-- 1 root root 229 Sep 23 2020 dpkg.statoverride.6.gz
-rw-r--r-- 1 root root 4572 Sep 23 2020 apt.extended_states.4.gz
-rw------- 1 root root 2014 Sep 23 2020 passwd.bak
-rw------- 1 root shadow 1362 Sep 23 2020 shadow.bak
-rw------- 1 root shadow 716 Sep 23 2020 gshadow.bak
-rw------- 1 root root 860 Sep 23 2020 group.bak
-rw-r--r-- 1 root root 437 Aug 5 2019 dpkg.diversions.0
-rw-r--r-- 1 root root 202 Aug 5 2019 dpkg.diversions.1.gz
-rw-r--r-- 1 root root 202 Aug 5 2019 dpkg.diversions.2.gz
-rw-r--r-- 1 root root 202 Aug 5 2019 dpkg.diversions.3.gz
-rw-r--r-- 1 root root 202 Aug 5 2019 dpkg.diversions.4.gz
-rw-r--r-- 1 root root 202 Aug 5 2019 dpkg.diversions.5.gz
-rw-r--r-- 1 root root 202 Aug 5 2019 dpkg.diversions.6.gz
也可以用htb-student@nixfund:/var/backups$ tree -t(先列出舊的新的在最後)
(如果要新的在最上面用tree -tr)
.
├── dpkg.diversions.0
├── dpkg.diversions.1.gz
├── dpkg.diversions.2.gz
├── dpkg.diversions.3.gz
├── dpkg.diversions.4.gz
├── dpkg.diversions.5.gz
├── dpkg.diversions.6.gz
├── group.bak
├── gshadow.bak
├── passwd.bak
├── shadow.bak
├── apt.extended_states.4.gz
├── dpkg.statoverride.0
├── dpkg.statoverride.1.gz
├── dpkg.statoverride.2.gz
├── dpkg.statoverride.3.gz
├── dpkg.statoverride.4.gz
├── dpkg.statoverride.5.gz
├── dpkg.statoverride.6.gz
├── alternatives.tar.2.gz
├── apt.extended_states.3.gz
├── alternatives.tar.1.gz
├── apt.extended_states.2.gz
├── alternatives.tar.0
├── dpkg.status.2.gz
├── dpkg.status.3.gz
├── dpkg.status.4.gz
├── dpkg.status.5.gz
├── dpkg.status.6.gz
├── dpkg.status.0
├── dpkg.status.1.gz
├── apt.extended_states.1.gz
└── apt.extended_states.0 **
0 directories, 33 files
What is the inode number of the "shadow.bak" file in the "/var/backups" directory?
htb-student@nixfund:/var/backups$ ls -i
262248 alternatives.tar.0 262310 dpkg.statoverride.2.gz
262559 alternatives.tar.1.gz 262311 dpkg.statoverride.3.gz
262261 alternatives.tar.2.gz 262247 dpkg.statoverride.4.gz
266334 apt.extended_states.0 262250 dpkg.statoverride.5.gz
266335 apt.extended_states.1.gz 262236 dpkg.statoverride.6.gz
266430 apt.extended_states.2.gz 263999 dpkg.status.0
264827 apt.extended_states.3.gz 262179 dpkg.status.1.gz
262233 apt.extended_states.4.gz 262234 dpkg.status.2.gz
262178 dpkg.diversions.0 262241 dpkg.status.3.gz
262203 dpkg.diversions.1.gz 262243 dpkg.status.4.gz
262264 dpkg.diversions.2.gz 262220 dpkg.status.5.gz
262257 dpkg.diversions.3.gz 262230 dpkg.status.6.gz
262246 dpkg.diversions.4.gz 265226 group.bak
262249 dpkg.diversions.5.gz 265817 gshadow.bak
262235 dpkg.diversions.6.gz 264599 passwd.bak
262231 dpkg.statoverride.0 265293 shadow.bak
262205 dpkg.statoverride.1.gz
也可以指定
htb-student@nixfund:/var/backups$ ls -i /var/backups | grep shadow.bak
265817 gshadow.bak
265293 shadow.bak
或是用status
htb-student@nixfund:/var/backups$ stat /var/backups/shadow.bak
File: /var/backups/shadow.bak
Size: 1362 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 265293 Links: 1
Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 42/ shadow)
Access: 2020-11-12 06:25:02.359822822 +0000
Modify: 2020-09-23 22:11:07.101663506 +0000
Change: 2020-09-24 06:25:03.741470540 +0000
Birth: -
