⏰ MISSION TIME

60:00

⭐ SCORE

🎯 COMPLETED

0/5

🏆 RANK

RECRUIT

🎯 MISSION: PERMISSION HEIST

CLASSIFIED | ADVANCED CTF CHALLENGE

📡 MISSION BRIEFING

Agent,

The Phantom Collective - a notorious cyber-crime syndicate - has compromised multiple corporate Linux servers. They're planning a massive data heist worth millions.

Your mission: Simulate their attack methodology on YOUR system to understand their tactics, then secure everything they would have exploited.

You will:

Create infiltrator accounts (like they would)
Organize them into attack teams
Secure classified data with proper permissions
Extract evidence and clean up

⏰ TIME LIMIT: 60 MINUTES

Each challenge has its own countdown. Fail to complete in time, and it LOCKS PERMANENTLY with 0 points.

⚠️ CTF RULES:
• 5 Challenges - Must complete in sequential order
• Each challenge has a HARD TIME LIMIT
• Timeout = Challenge LOCKS + 0 points awarded
• Locked challenges cannot be retried
• Mission fails if main timer reaches 00:00
• You WILL create and delete test users - this is intentional!
• Works on both Kali Linux and Ubuntu

📋 HOW IT WORKS:
Each challenge gives you step-by-step commands to execute on YOUR Linux system (Kali or Ubuntu).
After completing each step, check the box to confirm you did it successfully.
Once all boxes are checked, you can submit and move to the next challenge!

Recon

Infiltrate

Organize

Lockdown

Extract

🔍 CHALLENGE 1: SYSTEM RECONNAISSANCE

150 PTS

⏱️ CHALLENGE TIME LIMIT

08:00

Complete ALL steps within 8 minutes or LOSE this challenge!

MISSION START:

Before any attack, hackers perform reconnaissance. You need to understand YOUR system - who you are, what privileges you have, and how the system tracks users.

📍 TASK 1: Execute Basic Reconnaissance Commands

Run these commands on your Linux terminal and observe the outputs:

1. Find out who you are:

whoami

This shows your current username

2. Check your User ID and groups:

Shows your UID, GID, and all groups

3. View ALL system users:

cat /etc/passwd

Lists every user account (scroll through it)

4. Find YOUR specific user entry:

grep $USER /etc/passwd

Shows just your account details

5. Check which groups you belong to:

groups

📊 Understanding /etc/passwd entries:
Format: username:x:UID:GID:fullname:home_directory:shell
Example: kali:x:1000:1000:Kali,,,:/home/kali:/usr/bin/zsh
• UID 0 = root (all powerful)
• UID 1-999 = system accounts
• UID 1000+ = normal users

✅ CONFIRM COMPLETION

Check each box after successfully completing the task:

✓ I executed whoami and saw my username ✓ I executed id and saw my UID, GID, and groups ✓ I viewed the complete /etc/passwd file with cat /etc/passwd ✓ I found my specific user entry with grep $USER /etc/passwd ✓ I understand what each field in my user entry means

🥷 CHALLENGE 2: CREATE INFILTRATOR ACCOUNTS

200 PTS

⏱️ CHALLENGE TIME LIMIT

10:00

Create ALL accounts within 10 minutes!

INFILTRATION PHASE:

Hackers create backdoor accounts to maintain access. You'll simulate this by creating THREE infiltrator accounts on YOUR system. Don't worry - you'll delete them later!

⚠️ You're creating REAL user accounts on your system. These are test accounts that you'll remove in Challenge 5. This is safe and part of the learning process!

👤 TASK 2: Create Three Infiltrator Accounts

Execute these commands exactly as shown:

Create "phantom" user:

sudo useradd -m -s /bin/bash phantom

sudo passwd phantom

Set password: phantom123 (type it twice)

Create "shadow" user:

sudo useradd -m -s /bin/bash shadow

sudo passwd shadow

Set password: shadow123

Create "ghost" user:

sudo useradd -m -s /bin/bash ghost

sudo passwd ghost

Set password: ghost123

📊 Command breakdown:
• sudo = Run with admin privileges
• useradd = Create new user
• -m = Make home directory
• -s /bin/bash = Give bash shell
• passwd = Set password

✅ TASK 3: Verify and Test Accounts

Verify all accounts exist:

grep phantom /etc/passwd

grep shadow /etc/passwd

grep ghost /etc/passwd

Test login as phantom:

su - phantom

Password: phantom123

whoami

Should show: phantom

exit

✅ CONFIRM COMPLETION

✓ I created the "phantom" user with password phantom123 ✓ I created the "shadow" user with password shadow123 ✓ I created the "ghost" user with password ghost123 ✓ I verified all three users exist in /etc/passwd using grep ✓ I successfully logged in as phantom using su - phantom and exited

🎖️ CHALLENGE 3: ORGANIZE ATTACK TEAM

200 PTS

⏱️ CHALLENGE TIME LIMIT

12:00

Organize the team within 12 minutes!

TACTICAL ORGANIZATION:

Hackers organize compromised accounts into groups for coordinated attacks. Create a "hackers" group, add all infiltrators, and set up their command center with proper permissions.

👥 TASK 4: Create and Populate Group

Create the hackers group:

sudo groupadd hackers

grep hackers /etc/group

Add all infiltrators to the group:

sudo usermod -aG hackers phantom

sudo usermod -aG hackers shadow

sudo usermod -aG hackers ghost

Verify all members added:

grep hackers /etc/group

Should show: hackers:x:####:phantom,shadow,ghost

⚠️ ALWAYS use -aG together!
-a = Append (keeps existing groups)
-G = Group to add to
Without -a, you'll remove users from ALL their other groups!

📁 TASK 5: Create and Secure Command Center

Create command center directory:

sudo mkdir /tmp/hacker_base

Set group ownership:

sudo chgrp hackers /tmp/hacker_base

Set permissions (770):

sudo chmod 770 /tmp/hacker_base

ls -ld /tmp/hacker_base

Should show: drwxrwx---

📊 Permission 770 = drwxrwx---
7 (owner): rwx = read+write+execute (4+2+1)
7 (group): rwx = read+write+execute (4+2+1)
0 (others): --- = NO ACCESS
Only hackers group members can access!

✅ TASK 6: Test Group Access

su - phantom

Password: phantom123

cd /tmp/hacker_base

Should work!

touch test.txt

exit

✅ CONFIRM COMPLETION

✓ I created the "hackers" group ✓ I added all three users (phantom, shadow, ghost) to the hackers group ✓ I verified all three members appear in grep hackers /etc/group ✓ I created /tmp/hacker_base directory and set group to hackers ✓ I set permission 770 and verified phantom can access the directory

🔒 CHALLENGE 4: SECURE CLASSIFIED DATA

250 PTS

⏱️ CHALLENGE TIME LIMIT

15:00

Secure ALL files within 15 minutes!

SECURITY LOCKDOWN:

Now you switch sides! Create test files with different security levels and apply proper permissions to prevent theft. Master the permission system!

📁 TASK 7: Create Test Files

cd ~

mkdir data_vault

cd data_vault

touch public_data.txt confidential.txt top_secret.txt secure_script.sh

echo "Public info" > public_data.txt

echo "Confidential" > confidential.txt

echo "Top Secret" > top_secret.txt

echo '#!/bin/bash' > secure_script.sh

echo 'echo "Script running"' >> secure_script.sh

🔒 TASK 8: Apply Security Permissions

Public file (644 = rw-r--r--):

chmod 644 public_data.txt

ls -l public_data.txt

Confidential (640 = rw-r-----):

chmod 640 confidential.txt

ls -l confidential.txt

Top Secret (600 = rw-------):

chmod 600 top_secret.txt

ls -l top_secret.txt

Executable Script (755 = rwxr-xr-x):

chmod 755 secure_script.sh

ls -l secure_script.sh

./secure_script.sh

Should execute!

📊 Permission Reference:
644 (rw-r--r--) = Everyone can read, only owner can write
640 (rw-r-----) = Group can read, others blocked
600 (rw-------) = Owner only, maximum security
755 (rwxr-xr-x) = Everyone can read/execute, owner can write

✅ TASK 9: Test Security

Test from phantom account:

su - phantom

Password: phantom123

cat ~/data_vault/top_secret.txt

Should be DENIED! ✅

cat ~/data_vault/public_data.txt

Should WORK! ✅

exit

💡 Replace ~ with your actual username path if needed (e.g., /home/kali/data_vault/)

✅ CONFIRM COMPLETION

✓ I created all 4 test files in ~/data_vault/ ✓ I set public_data.txt to permission 644 ✓ I set confidential.txt to permission 640 ✓ I set top_secret.txt to permission 600 ✓ I set secure_script.sh to 755 and successfully executed it ✓ I verified phantom CANNOT read top_secret.txt but CAN read public_data.txt

💾 CHALLENGE 5: EVIDENCE EXTRACTION & CLEANUP

200 PTS

⏱️ CHALLENGE TIME LIMIT

10:00

Extract and clean up within 10 minutes!

FINAL PHASE:

Create a forensic report, then remove ALL infiltrator accounts. Leave no trace!

📄 TASK 10: Create Forensics Report

cd ~/data_vault

echo "=== SECURITY AUDIT REPORT ===" > forensics.txt

echo "Mission: Permission Heist" >> forensics.txt

echo "Status: COMPLETED" >> forensics.txt

echo "Files Secured: 4" >> forensics.txt

echo "" >> forensics.txt

ls -lh >> forensics.txt

cat forensics.txt

🗑️ TASK 11: System Cleanup

Remove all infiltrator accounts:

sudo userdel -r phantom 2>/dev/null

sudo userdel -r shadow 2>/dev/null

sudo userdel -r ghost 2>/dev/null

Remove hackers group:

sudo groupdel hackers 2>/dev/null

Remove command center:

sudo rm -rf /tmp/hacker_base

💡 The 2>/dev/null hides "mail spool not found" warnings - these are normal and harmless!

✅ TASK 12: Verify Cleanup

Verify users removed:

grep -E "phantom|shadow|ghost" /etc/passwd

Should return NOTHING ✅

Verify group removed:

grep hackers /etc/group

Should return NOTHING ✅

✅ CONFIRM COMPLETION

✓ I created forensics.txt with the security audit report ✓ I removed all three infiltrator accounts (phantom, shadow, ghost) ✓ I removed the hackers group ✓ I removed /tmp/hacker_base directory ✓ I verified cleanup with grep commands (no results returned)

🎉 MISSION COMPLETE! 🎉

🏆

MASTER OPERATIVE

MISSION DEBRIEFING

Outstanding work, Agent! You've successfully completed the Permission Heist challenge.

Skills Mastered:

✅ System reconnaissance (whoami, id, /etc/passwd)
✅ User account creation and management
✅ Group organization and membership
✅ File permission codes (644, 640, 600, 755, 770)
✅ Security testing from different accounts
✅ System cleanup and forensic documentation

FINAL SCORE

TIME USED

00:00

COMPLETED

0/5

SUCCESS RATE

🔑 COMMAND REFERENCE CARD:

# User Management sudo useradd -m -s /bin/bash user # Create user with home sudo passwd user # Set password su - user # Switch user sudo userdel -r user # Remove user + home # Group Management sudo groupadd group # Create group sudo usermod -aG group user # Add user to group grep group /etc/group # View group members # Permissions chmod 644 file # rw-r--r-- (documents) chmod 640 file # rw-r----- (confidential) chmod 600 file # rw------- (top secret) chmod 755 file # rwxr-xr-x (executables) chmod 770 dir # rwxrwx--- (shared dirs) # Information whoami # Current user id # UID, GID, groups groups # Show my groups cat /etc/passwd # All users ls -l file # View permissions