Skip to content

Linux CLI - Shells Bells Banner

Linux CLI - Shells Bells Logo

image Linux CLI - Shells Bells | Advent of Cyber 2025 - Day 1

This guide contains the answer and steps necessary to get to them for the Linux CLI - Shells Bells room.

Table of contents

Linux CLI

  1. Which CLI command would you use to list a directory?

    The answer to this question can be found in the text.

    Click for answerls

  2. Complete on machine: Identify the flag inside of the McSkidy's guide.

    After listing the directory, we can see a readme file. Lets read it using: cat README.txt.

    This tells us there is a hidden guide in the guides folder. We navigate into it and look for any files using:

    cd Guides
ls -la

    Here we find the file '.guide.txt' which will hold the first flag. Opening it (cat .guide.txt) will automatically answer the question in Tryhackme.

    Guide

    Click for answerTHM{learning-linux-cli}

  3. Which command helped you filter the logs for failed logins?

    The answer to this question can be found in the text.

    Click for answergrep

  4. Complete on machine: Identify the flag inside the Eggstrike script.

    As stated in the text we look for failed login attempts in the 'auth' log.

    grep "Failed password" auth.log

    This gives us a few failed attempts for user 'socmas'. Next we will look into its home directory for any suspicious files.

    find /home/socmas/ -name *eggs*
cat /home/socmas/2025/eggstrike.sh

    Here we see a possibly malicious script file. Opening it reveals the next flag.

    Script

    Click for answerTHM{sir-carrotbane-attacks}

  5. Which command would you run to switch to the root user?

    The answer to this question can be found in the text.

    Click for answersudo su

  6. Finally, what flag did Sir Carrotbane leave in the root bash history?

    To view the bash history of the roort user, we must first switch to the root user using sudo su. Now we can use history to view the used bash commands.

    History

    Indeed we find the flag left behind for us.

    Click for answerTHM{until-we-meet-again}

  7. For those who consider themself intermediate and want another challenge, check McSkidy's hidden note in/home/mcskidy/Documents/to get access to the key forSide Quest 1!

    Navigating to '/home/mcskidy/Documents/' we find a file called 'read-me-please.txt'. This files contains some information and several clues needed for us to find the key for the first sidequest of 2025. This will be further investigated in Advent of Cyber '25 Side Quest

    Click for answer