# NETWORK ADMINISTRATION
## **True/False**
1. False: 4G/5G are 4th generation and 5th generation
2. True: each device only have one mac address
3. True: Because of NAT, all device under the same private network share the same public ip
4. True: when using vpn, the source ip adress will be changed directly
5. True: In an intranet, all packages must go through a gateway
6. False: Would also contain the reason for the failure
7. False: Because we aleeady know the ip address, so we do not really need them
8. False: DHCP only assigns ip when device joining a network
9. True: you would need https for it to be secure
10. True: Yes, in general, longer RSA key length will provide increased security
## **Short Answer**
1. Explain each of the following
* MAC Address (Media Access Control)
* unique identifier assigned to network interface controllers (NICs) for communication on physical network. It's a hardware address that is associated with a specific device, such as a network card or Ethernet adapter.
* Some key points about MAC addresses
* Uniqueness: MAC addresses are intended to be globally unique. Each network interface controller is assigned a unique MAC address by the manufacturer. This ensures that no two device on a network have the. same MAC address.
* Format: A MAC address is a 48-bit address typically represented as a series of six hexadecimal numbers sepereated by colons or hyphens. For example, 00:1A:2B:3C:4D:5E. This first half of the MAC. address (24-bits) represents the organizationally unique identifier (OUI) assigned to the manufacturer, while the second half (24-bits) is a unique identifier assigned by the manufacturer.
* Locally Administered vs. Universally Administered: MAC addresses can be classified as either locally administered or universally administered. Locally administered MAC addresses can be manually changed by device owner, while the universally administered MAC addresses are assigned by the manufacturer and are typically permanent.
* Usage: MAC addresses are used at the data link layer of the network protocol stack, such as Ethernet. They help facilitate communication within a local network by identifying the source and destination devices. MAC addresses are essential for the proper delivery of fata packets in a local network.
* MAC Adddress Filtering: Some network devices, such as routers, switched, and access points, can employ MAC address filtering to control network access. By specifying a list of allowed MAC addresses, these devices can restrict network connectivity only to devices with registered MAC addresses
* MAC addresses are specific to the local network, and they **are not** used for communication over the internet. For internet connection, IP addresses are used instead.
* MAC addresses enable devices to indentify and communicate with each other on a local network.
* Switch
* A networking device that connects devices within a local area network (LAN).
* It operates at the data link layer (Layer 2) of the network protocol stack and is commonly used in Ethernet networks.
* Here are some key points about swtitches:
* Network Connectivity: a switch provides mutiple ports to which devices, such as computers, servers, printers, and other network devices, can be connected. Each device connected to a switch has its own dedicated network connection, allowing devices to communicate with each other within the LAN.
* Forwarding and Filtering: Switches use MAC addresses to forward network traffic. When a device connected to a switch sends a data packet, the switch examines the destination MAC address and forwards the packet only to the port where the destination device is connected. This forwarding process is called unicast traffic. Additionally, switches can also perform MAC address filtering to control network access and enhance security.
* Switching Table: A switch mantains a switching table, also known as a MAC address table or CAM table. This table maps MAC addresses to the corresponding switch ports. As devices send data packets, the switch learns and updates its switching table to efficiently deliver packets to the intended destinations.
* Broadcast and Multicast Traffic: In addition to unicast traffic, switches handle broadcast and multicast traffic. Broadcast traffic is sent to all devices connected to the switch, while multicast traffic is sent to a specific group of devices interested in receiving the traffic.
* VLAN Support: Many switches support Virtual Local Area Networks (VLANs), which allow network administrators to logically segment a physical LAN into mutiple virtual LANs. VLANs help improve network performance, security, and manageability by seperating devices into different broadcast domains.
* Switches are fundamental components in building local networks, providing connectivity and efficient data forwarding among devices.
* They are commonly used in homes, offices, data centers, and enterprise networks to facilitate communication and enable the efficient transfer of data within a LAN.
* Broadcast Storm
* refers to a situation in computer networks where a large number of broadcast messages overwhelm the network, causing excessive network congestion and performance degradation
* Occurs when broadcast packets are continuosly forwarded and replicated throughout the network, resulting in a cycle of repeated broadcast
* Here are some key points about broadcast storms:
* Broadcast Packets: In computer networks, broadcast packets are messages sent by a device to all other devices on a network. They are typically used for various network discovery protocols, such as Address Resolution Protocol (ARP) request or Dynamic Host Configuration Protocol (DHCP) broadcasts.
* Broadcast Domain: A broadcast domain is logical division of a network in which broadcast packets are forwarded. In traditional Ethernet networks, all devices connected to the same physical LAN segment belong to the same broadcast domain. Broadcast packets are typically not forwaarded beyond the boundaries of the broadcast domain.
* Broadcast Storm Effects: When a broadcast storm occurs, the excessive number of broadcast packets floods the network, consuming available bandwidth and overwhelming network resources. This can lead to network congestion, degraded performance, inceased latency, and even network outages.
* Causes of Broadcast Storms: Broadcast storms can be caused by various factors, such as misconfigured network devices, faulty network interfaces, loops in the network topology, or malware or misbehaving devices generating an excessive number of braodcast.
* Prevention and Mitigation: To prevent or mitigate broadcast storms, network adminstrators can emply techniques such as implementing proper network design with loop prevention mechanisms, segmenting networks into smaller broadcasr domains using VLANs, implementing broadcast storm control mechanisms on switches to limit the rate of broadcast traffic, and monitoring network traffic for abnormal broadcast behavior.
* Detecting and resolving broadcast storms is crucial to maintaining network stability and performance.
* Identifying the source of the excessive broadcast and implementing appropriate measures to mitigate the storm can help restore normal network operation.
2. Subnet Mask
* Explain
* a 32-bit value used in IP networking
* Divide an IP address into network and host portions
* The subnet mask is represented in decimal dotted notation, but internally stored as a binary value
* Helps calculate the network address by performing a logical AND operation between the IP address and the subnet mask
* Subnet masks are essential for dividing a large network into smaller subnetworks
* Have default values based on the class of the IP address
* Subnet masks play a crucial role in IP networking by determining network boundaries and facilitating efficient communiction within networks.
* Pick the one with the same subnet as the ip address 192.168.0.1/23
* 192.168.0.0
* Because they have the same network portion (192.168.0) which means they are within the same subnet
3. Five-Layer Internet Protocol Stack (TCP/IP model): a conceptual framework that describes the functionality and organization of protocols used for communication over ther internet. It serves as a reference model for understanding how different protocols and layers work together to enable reliable and efficient communicaation across interconnected networks.
* Physical Layer: Responsible for the physical transmission of data bits over a communication medium, such as **cables or wireless signals**. It defines the electrical, opticl, and mechanical characteristics of the physical medium.
* Data Link Layer: This layer provides reliable data transfer between directly connected nodes over a physical network. It handles error detection and correction, as well as the fraaming of data into frames. **Ethernet and Wi-Fi** are examples of data link layer protocols.
* Network Layer: Also known as the Internet Layer, this is responsible for logical addressing and routing of data packets across multiple networks. It includes the **Internet Protocol (IP)** and **routing protocol** such as **OSPF (Open Shortest Path First)** and **BGP (Broder Gateway Protocol)**.
* Transport Layer: This layer provides end-to-end communication between devices. It ensures reliable data delivery, segmentation, and reassembly of data streams. The **Transmisssion Control Protocol (TCP) and User Datagram Protocol (UDP)** operate at this layer
* Application Layer: This layer contains protocols and services that directly interact with end-users or applications. It provides functions for specific applications, such as **web browsing (HTTP), email (SMTP), file transfer (FTP), and domain name resolution (DNS)**.
4. TCP and UDP
* Explain, also give their PROs/CONs
* TCP: a reliable, connection oriented transport protocol that operates at the transport layer of the TCP/IP model. It provides reliable, error-checked, and ordered delivery of data packets over IP networks. Overall, TCP is widely used for applications that prioritize data integrity, reliability, and ordered delivery. Its reliability features make it suitable for protocols like HTTP, FTP, and email, where accurate and error-free data transmission is essential. However, the added overhead and latency of TCP can make it less suitable for applications that prioritize low latency or real-time communication.
* PROs:
* Reliable Delivery: TCP ensures reliable delivery of data by susing acknowledgement mechanisms, retransmission of lost packets, and error detection through checksums. This make TCP suitable for applications that require accurate and error-free data transmission.
* Ordered Delivery: TCP maintains the order of data packets during transmission. It guarantees that data arrives in the same order it wass sent, which is crucial for applications such as file transfer or video streaming.
* Flow Control: TCP employs flow control mechanisms to prevent overwhelming the receiver with a large amount of data. It dynamically adjust the transmission rate based on the receiver's ability to handle data, preventing congestion and optimizing performance.
* Connection-oriented: TCP establishes a connection between the sender and receiver before transmitting data. This ensures that both parties are ready to exchange data and provides mechanisms for connection establishment, maintenance, and termination.
* CONs:
* Overhead: TCP adds additional overhead to transmitted data due to its mechanisms for reliability, ordering, and flow control. This overhead includes sequence numbers, acknowledgments, and other control information. Consquently, TCP can be less efficient in terms of bandwidth utilization compared to UDP.
* Latency: The reliablility and acknowledgment mechanisms of TCP introduce additional latency. The need for acknowledgment and potential retransmissions can increase the time required for data transmission compared to connectionless protocols like UDP.
* Connection Setup Time: The establishment of a TCP connection requires a three-way handshake process, which includes an exchange of messeages between sender and receiver. This handshake introduces an additional delay before data transmission can begin.
* Unsuitable for Real-time Applications: TCP's reliability and congestion control mechanisms are designed for accuracy and congestion avoidance, which can lead to variable delays and packet reordering. This makes TCP less suitable for real-time applications that require low latency, such as live video streaming or real-time gaming.
* UDP: User Datagram Protocol is a connectionless, lightweight transport protocol that operates at the transport layer of the TCP/IP model. Unlike TCP, UDP does not provide built-in reliability or ordered delivery of data packets. More suitable for applications that prioritize speed, efficiency, and real-time responsiveness over reliability. It is commonly used for applications that can tolerate occasional data loss, such as real-time multimedia streaming, online gaming, DNS (Domain Name System), and IoT (Internet of Things) applications where low overhead and reduced latency are essential.
* PROs:
* Low Overhead: UDP has a minimal header overhead compared to TCP. It does not include mechanisms for reliability, acknowledgment, or flow control. This makes UDP more efficient in terms of bandwidth utilization and reduces latency.
* Simple and Fast: UDP's simplicity allows for faster transmission and processing of data compared to TCP. The absence of reliability mechanisms means less computational overhead and quicker data transfers.
* Suitable for Real-Time Applications: UDP is commonly used in real-time applications, such as VoIP (Voice over IP) and video streaming. It provides lower latency and is suitable for applications where slight delays or occasional data loss are acceptable, but real-time responsiveness is prioritized.
* Broadcast and Muticast Support: UDP supports broadcasting and multicasting of data packets. This allows for efficient communication to multiple recipients simultaneously.
* CONs:
* Unreliable Delivery: Unlike TCP, UDP does not provide reliability guarantees. It does not have mechanisms for packet acknowledgment, retransmission, or error detection. This means that data packets may be lost, duplicated, or received out of order.
* No Flow Control: UDP does not have built-in flow control mechanisms to prevent overwhelming the receiver with excessive data. If the sender transmits data at a faster rate than the receiver can process, it may result in packet loss or congestion.
* Limited Packet Size: UDP packets are limited to a maximum size of 64 kilobytes (including headers). Larger data needs to be divided into smaller packets or handled by higher-level protocols.
* Lack of Congestion Contorl: UDP does not include congestion control mechanisms like TCP. If the network experiences congestion, UDP packets may be dropped, leading to potential data loss.
* Example
* Favors TCP: **Software update**. The assurance that the entire file will be received accurately makes TCP the preferred choice in such scenarios, even if it introduces some additional overhead and latency.
* Favors UDP: **Real-time streaming or live video broadcasting**. In these applications, delivering the most recent data to the receiver as quickly as possible is crucial. While reliability is desirable, occasional loss of a packet or minor glitches can be tolerated without significantly impacting the overall user experience.
5. Explain each of the following attack AND how to prevent it
* DoS (Denial of Service)
* A type of cyber attack aimed at rendering a computer system, network, or service unavailable to its intended users
* The attacker overwhelms the target with a flood of malicious traffic, excessive requests, or resource consumption, causing a disruption in normal operations and denying legitimate users access to the service
* Types of DoS Attacks:
* Bandwidth-Based Attacks: These attacks flood the target's network with an overwhelming volume of traffic, consuming available bandwidth and making the network inaccessible. Examples include ICMP floods and UDP floods.
* Resource-Based Attacks: These attacks exploit vulnerabilities in the target's resources, such as web servers or databases, causing them to consume excessive resources and become unavailable. Examples include HTTP floods, SYN floods, or Slowloris attacks.
* Application-Layer Attacks: These attacks target specific applications or services, exploiting weaknesses to exhaust resources or overwhelm processing capabilities. Examples include HTTP request floods, DNS amplification attacks, or application-level protocol attacks.
* Preventive Measures against DoS Attacks:
* Network Monitoring: Implement robust network monitoring and traffic analysis tools to identify abnormal patterns or sudden increases in traffic that could indicate a DoS attack. This enables quick detection and response.
* Firewalls and Intrusion Prevention Systems (IPS):Deploy firewalls and IPS devices to filter and block malicious traffic. Configure them to detect and mitigate DoS attacks by recognizing attack patterns and blocking suspicious or excessive traffic.
* Load Balancers: Utilize load balancers to distribute traffic evenly across multiple servers or resources. This helps distribute the load during a DoS attack, preventing a single target from being overwhelmed.
* Traffic Filtering and Rate Limiting: Employ traffic filtering mechanisms to drop or limit packets that originate from suspicious or unauthorized sources. Rate limiting techniques can restrict the number of requests or connections from a single source to prevent overwhelming the target.
* Intrusuon Detection and Preventioon Systems (IDPS): Deploy IDPS solutions that can detect and respond to DoS attacks in real-time. They can automatically detect and mitigate attacks by analyzing network traffic and applying appropriate countermeasures.
* Redundancy and Scalability: Design systems with redundancy and scalability in mind. Distribute critical services across multiple servers or data centers to mitigate the impact of a DoS attack and ensure continuous availability.
* Incident Response Planning: Develop an incident response plan to handle DoS attacks. Define roles, responsibilities, and procedures to be followed in the event of an attack. Regularly test and update the plan to ensure its effectiveness.
* It's important to note that while preventive measures can significantly reduce the risk of DoS attacks, no defense is entirely foolproof.
* Attackers constantly evolve their techniques, so it's essential to maintain vigilance, stay updated on emerging threats, and employ a multi-layered security approach to protect against DoS attacks.
* DDos (Distributed Denial of Service)
* An advance form of a DoS attack where multiple compromised systems (often a botnet) are used to flood a targetr with malicious traffic, overwhelming its resources and causing a denial of service to legitimate users.
* How DDoS Attacks Work:
* Botnet Formation: Attackers create a botnet by infecting a large number of computers or devices with malware. These compromised devices, known as "bots" or "zombies," can be controlled remotely.
* Coordinated Attack: The attacker commands the botnet to simultaneously send massive amounts of traffic or requests to the target. This flood of traffic overwhelms the target's resources, such as bandwidth, processing power, or application capacity.
* Distributed Nature: DDoS attacks are distributed across multiple sources, making it challenging to block the attack by simply blocking a single IP address. The traffic comes from different locations and appears as legitimate requests, making it harder to distinguish legitimate traffic from malicious traffic.
* Preventive Measures against DDoS attacks:
* DDoS Mitigation Services: Employ the services of specialized DDoS mitigation providers who have the expertise and infrastructure to detect and mitigate DDoS attacks. They can use various techniques, such as traffic filtering, rate limiting, or traffic diversion, to protect your network from DDoS attacks.
* Network Traffic Analysis: Implement network traffic analysis tools to detect abnormal patterns and traffic spikes that could indicate a DDoS attack. These tools can monitor network behavior and identify traffic anomalies in real-time, allowing for quick response and mitigation.
* Bandwidth Scalability: Ensure that your network infrastructure has sufficient bandwidth to handle sudden traffic surges during a DDoS attack. Scalable bandwidth resources can help absorb and distribute the attack traffic across multiple paths, minimizing the impact on the target.
* Intrusion Prevention System (IPS) and Firewalls: Deploy IPS and firewall solutions with built-in DDoS protection capabilities. These devices can detect and filter out malicious traffic, block suspicious IP addresses, or apply rate limiting to mitigate the impact of DDoS attacks.
* Anomaly-Based Detection Systems: Utilize anomaly-based detection systems that monitor network behavior and can identify deviations from normal traffic patterns. These systems can help detect and mitigate DDoS attacks by recognizing abnormal traffic spikes or unusual patterns.
* Traffic Scrubbing: Implement traffic scrubbing techniques, which involve diverting the traffic through specialized devices that analyze and filter out malicious traffic. This allows only legitimate traffic to reach the target network.
* Incident Response Planning: Develop an incident response plan specific to DDoS attacks. Define roles, responsibilities, and procedures to be followed during an attack. Test the plan regularly and update it based on emerging threats and technologies.
* Preventing DDoS attacks entirely is challenging due to the distributed nature and evolving tactics of attackers.
* However, employing a combination of preventive measures can significantly reduce the impact of DDoS attacks and help ensure the availability of your network and services.
* It's essential to have a proactive approach to security, monitor network traffic, and collaborate with experienced DDoS mitigation providers to defend against DDoS attacks effectively.
* Man in the middle attacks (MitM attacks)
* A type of cyber attack where an attacker intercepts and alters communications between two parties who believe they are directly communicating with each other
* The attacker positions themselves between the legitimate parties and can eavesdrop on or manipulate the data being transmitted.
* How does MitM Attacks Work:
* Intercepting Communication: The attacker positions themselves between the legitimate sender and recipient, intercepting the data being exchanged. This can be done by exploiting vulnerabilities in the network, compromising routers, or using techniques like ARP spoofing or DNS spoofing.
* Impersonation: The attacker may impersonate one or both parties to establish a connection. This can involve creating a fake website or a rogue Wi-Fi access point that mimics a legitimate one to deceive users into connecting to it.
* Manipulation: Once in the middle, the attacker can manipulate the data being transmitted. They can alter messages, steal sensitive information, inject malicious code, or perform other unauthorized actions.
* Prevention Measures against MitM Attacks:
* Encryption: Use strong encryption protocols like SSL/TLS (Secure Sockets Layer/Transport Layer Security) to encrypt communications between the parties. Encryption ensures that even if the data is intercepted, it remains unreadable to the attacker. Always ensure that websites and applications use secure HTTPS connections.
* Digital Certificates: Implement digital certificates issued by trusted Certificate Authorities (CAs). Certificates validate the authenticity of websites and enable users to verify that they are connecting to the legitimate site. Users should look for the padlock icon or a green address bar to ensure a secure connection.
* Public Key Infrastructure (PKI): Implement a PKI system that uses asymmetric encryption and digital signatures to establish and verify the authenticity of communications. PKI relies on the secure distribution and management of digital certificates and private keys.
* Network Segmentation: Segment networks and use separate VLANs (Virtual Local Area Networks) to isolate sensitive systems and data from potential attackers. This limits the impact of a MitM attack, as attackers would have more difficulty moving laterally within the network.
* Secure Network Protocols: Use secure network protocols that authenticate and encrypt data, such as SSH (Secure Shell) for remote access, VPN (Virtual Private Network) for secure remote connections, and IPsec (Internet Protocol Security) for secure IP communications.
* Two-Factor Authentication (2FA): Implement 2FA for user authentication to add an additional layer of security. This helps protect against unauthorized access even if an attacker manages to intercept login credentials.
* Network Monitoring and Intrusion Detection Systems (IDS): Deploy monitoring tools and IDS solutions to detect suspicious network activities, such as ARP spoofing or unauthorized changes to network configurations. These systems can help identify potential MitM attacks and trigger alerts.
* User Awareness and Training: Educate users about the risks of MitM attacks and how to identify suspicious signs, such as certificate warnings, unexpected changes in website appearance, or unsecured Wi-Fi networks. Encourage users to verify the authenticity of websites and avoid connecting to untrusted or unknown networks.
* Preventing MitM attacks requires a combination of technical measures, such as encryption and secure protocols, along with user awareness and best practices.
* By implementing these preventive measures, organizations and individuals can significantly reduce the risk of falling victim to MitM attacks and protect the confidentiality and integrity of their communications.
## Command Line Utilities
1. Find the respecting IP address / Domain name
* ping [link] or nslookup www.example.com
* www.ntu.edu.tw : 140.112.8.116
* csie.ntu.edu.tw : 140.112.30.26
* nslookup [IP address] or host [IP address]
* 140.112.30.32 : linux1.csie.ntu.edu.tw
* 140.112.161.178 : ceiba.ntu.edu.tw
2. NTU VPN
* The IP address tht I obtain
* 140.112.87.129
* What is the IP of the DNS server where you submitted domain name request to with the address csie.ntu.edu.tw? Please also provide the delegation path from query to root name servers
* nslookup example.com AND dig +trace example.com
* IP of DNS server: 140.112.254.4
* 140.112.30.26->csman.csie.ntu.edu.tw->csman2.csie.ntu.edu.tw->dns.tp1rc.edu.tw->dns.ntu.edu.tw->ntu3.ntu.edu.tw->h.dns.tw->ns.twnic.net->b.dns.tw->f.dns.tw->d.dns.tw->c.dns.tw->a.dns.tw->anytld.apnic.net->g.dns.tw->g.root-servers.net->j.root-servers.net->e.root-servers.net->h.root-servers.net->l.root-servers.net->d.root-servers.net->a.root-servers.net->b.root-servers.net->k.root-servers.net->i.root-servers.net->m.root-servers.net->f.root-servers.net->c.root-servers.net
* Turn off the vpn, repeat the previous problem, and explain
* IP of DNS server: 8.8.8.8
* When you enable a VPN (Virtual Private Network), your internet traffic is routed through a different network infrastructure.
* This change in routing can result in a different DNS (Domain Name System) server being used when the VPN is on compared to when it is off.
* Provide the routing path from query when the VPN is off to the DNS server when the VPN is on
* 140.112.30.26->csman.csie.ntu.edu.tw->csman2.csie.ntu.edu.tw->ntu3.ntu.edu.tw->dns.tp1rc.edu.tw->dns.ntu.edu.tw(140.112.254.4)
# SYSTEM ADMINISTRATION
## I want to join NASA
1. 星球權限掌握 (3 pts)
To become the Superuser (root) simply run **sudo -i**
To end Superuser shell run **exit**
To open the file run **./treasure_box-1**
ANS: NASA{P1_I'm a good root}
2. 遠端操控 (5 pts)
Make sure you are the Super User
Automatically enable ssh service whenever linux is turned on run **systemctl enble sshd**
Next check if the server is running by **ssh localhost**
If it ask for key/password, the server is running
If *not*, manually start it by **sudo systemctl start sshd**
Use **whoami** to get the current user name
Use **ip addr** to geth the current ip address
Use **ssh userName@IPaddress** to connect remotely
Open the file **./treasure_box-2**
ANS: NASA{P2_GoodRemote}
3. 新手大禮包 (3 pts)
Unzip using **tar xvf <.tar file>**
Use **cat flag_3** to print the file
ANS: NASA{P3_I Love SA}
4. 星球資訊 (3 pts)
use **cat /proc/version** or **uname -r** to find kernal version and information
ANS: NASA{P4_Linux 6.1.4-arch1-1}
5. 這是我的星球 (3 pts)
to change hostname use **sudo vim /etc/hostname**
for it to change need to reboot with **sudo reboot**
verify with **uname -n**
ANS: NASA{P5_AHOY My planet}
6. 強制更名 (8 pts)
7. 臥底 (5 pts)
add user by **sudo useradd username**
remember to set a password **sudo passwd username**
add user to a group by **sudo usermod -aG groupname username**
modify group name with **sudo groupmod -n newgroupname oldgroupname**
transfer ownership of a file to the other user **sudo chown newuser:newusergroup filename**
change to the other user by **su username**
ANS: NASA{P7_Door opened}
8. 辣個男人 (5 pts)
We can use **man pacman** to display the manual for pacman which should include the full name of it
Pacman is a package management utility that tracks installed packages on a Linux system. It features dependency support, package groups, install and uninstall scripts, and the ability to sync your local machine with a remote repository to automatically upgrade packages. Pacman packages are a zipped tar format.
ANS:NASA{P8_man pacman_package manager utility}
9. 中文才是王道!(5 pts)
**sudo vim /etc/locale.gen** and comment out (#) the language you will be using
when done run **sudo locale-gen**
Next, locate and modify the locale file at **sudo vim /etc/locale.conf** to the language you will be using
**sudo reboot** to update the settings
verify by using **locale**
ANS: NASA{P9_Taiwan No.1!}
10. 誰說這個星球很無聊?(8 pts + Bonus 5 pts)
train
**sudo pacman -S sl**
ANS4BW_train:NASA{P10_sl}
ANS4Disco_train:NASA{P10_sl -d}
pet
**sudo pacman -S cowsay**
**sudo pacman -S lolcat**
ANS4BW_pet:NASA{P10_cowsay " " && cowsay -f dragon " "}
ANS4Color_pet:NASA{P10_(cowsay " " && cowsay -f dragon " ") | lolcat --spread 1.0}
11. 竊取機密文件 (3 pts)
https://www.redhat.com/sysadmin/manage-permissions
NASA{P11_good spy}
12. 製造大檔案 (9 pts)
fallocate
truncate
dd
NASA{P12_nice large file}
13. Bocchi The Rock! (16 pts)
control+z
kill %%
https://www.csie.ntu.edu.tw/~b09902109
wget https://www.csie.ntu.edu.tw/~b09902109/bocchi.jpg
14. 加密文件 (8 pts)
15. 國家機器動得很厲害 (5 pts)
16. 來自 SA 的嘲諷 (11 pts)
Broadcast message is typically generated by a script or scheduled task that runs periodically.
These kind of schedule task (cron jobs) are typically located in the cron directory **/etc/cron.d/, /etc/cron.hourly/, /etc/cron.daily/**
Examine them and comment out/delete the broadcasting msg
This is the abosolute path to the files causing the broadcasting: /etc/cron.d/minute
ANS: NASA{P16_don't laugh me!}
We now need to figure out what file is checking if we completed the task and giving us the flag for this prob
Since we already went through all the 'cron', another common place for peiodically run script are located in **/etc/systemd/system**.
We can noticed a file called **AutoExec.sh** stands out
As we can see inside the file it periodically check if the message is still being broadcast, if not it will create this message "NASA{P16_don't laugh me!}" at this directory for us /home/musk/flag16
Sign in with Wallet
Connect another wallet