Linux Path

🎮 Linux Path

📍 Hermey Hall

chl2-1

🧝🏻‍♂️ SugarPlum Mary

Oh me oh my - I need some help!
I need to review some files in my Linux terminal, but I can't get a file listing.
I know the command is ls, but it's really acting up.
Do you think you could help me out? As you work on this, think about these questions:

  1. Do the words in green have special significance?

  2. How can I find a file with a specific name?

  3. What happens if there are multiple executables with the same name in my $PATH?

Linux Path

Green words matter, files must be found, and the terminal's $PATH matters.

Get a listing (ls) of your current directory.


⚡️ Solution

When You open the Cranberry Pi terminal, You see:

chl2-t

With given hints we have the greens words to help us solve the challenge:
files, home/, ls, which, find, path, locate, $PATH

We will go through different solutions to list the content of the directory and find files:

1. Finding files by name:

In linux, searching for files can be done by using find4 command which Find files within a directory hierarchy:

find location filename

Or locate6 command finds files by name on the local machine.

locate filename

To get all files in current working directory which include also the hidden files:

find
chl2-8

To get for files with name contains logos in current working directory :

find *logos*
chl2-12

To get for files with name contains logos in the local machine:

locate filename
chl2-11

To print the file content to the terminal we can use cat5 command:

cat .elfscream.txt
chl2-9

cat rejected-elfu-logos.txt
chl2-10


2. Listing directory contents by ls:

Let's try to list all files & folders in home directory using ls command.

ls
chl2-2

Let's check which executable ls is running :

which ls
chl2-3

The path of the running executable ls is /usr/local/bin/ls which is not what we want. The /bin contains the essential user binaries1 that where ls executable we need to list directory contents.

Also you can check all ls executable files by running whereis 2 command:

whereis ls
chl2-4

The quickest solution is running ls directly from with full PATH to the executable:

 /bin/ls
chl2-5

You have completed the Linux Path challenge! 🎉


3. Making the /bin/ls executable as first one to run:

Check the $PATH:

echo $PATH
chl2-6

/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
As you see /usr/local/bin comes before /bin that why runs first when we type ls command.
Executables are found in PATH order3. So We need to prepend /bin/ to $PATH to be the first to run:
export PATH="/bin:$PATH"

Then run ls command to list directory contents:

ls

chl2-7

You have completed the Linux Path challenge! 🎉

Talk to SugarPlum Mary again:

🧝🏻‍♂️ SugarPlum Mary

Oh there they are! Now I can delete them. Thanks!
Have you tried the Sysmon and EQL challenge?
If you aren't familiar with Sysmon, Carlos Perez has some great info about it. Haven't heard of the Event Query Language?
Check out some of Ross Wolf's work on EQL or that blog post by Josh Wright in your badge.

Check your badge for the hints:

Event Query Language

EQL Threat Hunting

🎓 What you've learned

  • Linux essential user binaries location.
  • Editing $PATH to change running order of multiple executables with the same name.
  • whereis, ls, find, locate, cat commands.