That's intended, on most npc systems guest can read all the Bank.txt/Mail.txt files, and on some npc systems guest can read /etc/passwd, though that's rare.

Thanks, after further experimentation I was getting that impression. Is it also intended behavior that I can download /etc/passwd without read permission, but still won't be able to open or decipher it on my local system?
I'm trying to suss out how, if at all, I can escalate from guest or user to root access so I can edit the logs if I can't find the information I need for social engineering. I guess in the worst case I can always erase the logs on my rental server instead...

if you got decipher in the current folder or in /bin of the system youre working on, it should work with
or you could use full path to ensure that.

For the exploits you downloaded, not all of them work on every system and they have different requirements, for instanc some could require root onlie or an specific numebr of users registered on that system (number of user accounts in /home excluding /home/guest).

read the info in the hackshops text. there are requirements. If there is "root hat to be logged on, you could force root online via mails social engineering for instance.

For all experiments and first steps , you should make use of the single player version. If something went wrong, noboddy is after you and you could always reset the system.

i forgot to mention, common issue, its all Case - Sensitive in the game do /etc/password is not sam as /ETC/... Bank.txt has a capital B. .. just in case...

Originally posted by Doctor West:

Thanks, after further experimentation I was getting that impression. Is it also intended behavior that I can download /etc/passwd without read permission, but still won't be able to open or decipher it on my local system?
I'm trying to suss out how, if at all, I can escalate from guest or user to root access so I can edit the logs if I can't find the information I need for social engineering. I guess in the worst case I can always erase the logs on my rental server instead...

If you're able to download the file then you do have read permission, the reason you then can't read it on your home computer is a combination of a couple factors, firstly, permissions are retained when files are transferred between systems, secondly, the passwd file generally has the "staff" group, giving the users on that computer the r permission because they are in the "staff" group, but your user on your home computer isn't in the "staff" group so it defaults to "o"ther permissions which are ---, hope that makes sense ^^

For the other half of your question, there's a few ways to escalate, generally for people still using hackshop tools I suggest the social engineering route:
ls /home to get a username
login issues email to admin with that username
sudo -u username to login
read/decipher root password in /etc/passwd
sudo -s to login as root

There's also local exploits, but generally those are better saved for if you have custom hacking tools, since trying to do that with the hackshop is a bit painful.

Originally posted by BNE:

i forgot to mention, common issue, its all Case - Sensitive in the game do /etc/password is not sam as /ETC/... Bank.txt has a capital B. .. just in case...

Windowz users are so cute. Those of us not using a toy OS for the past 30+ years know case sensitive.

Seriously. This game aims for the lowest of the low.

No - *nix systems don't have '.exe' - get rid of that to begin with.

Edit to add: but it will never happen because morons think they are smart in that .exe is an executable - the only executable - on the sheeple system.... they think a .bat is cool. Sheesh. Stop creating for the lowest common denominator. Some of us have been running Linux for over 25 years. Sick of reading these joke answers.

Originally posted by Sneaky_Koala:

Windowz users are so cute. Those of us not using a toy OS for the past 30+ years know case sensitive.

Seriously. This game aims for the lowest of the low.

No - *nix systems don't have '.exe' - get rid of that to begin with.

Edit to add: but it will never happen because morons think they are smart in that .exe is an executable - the only executable - on the sheeple system.... they think a .bat is cool. Sheesh. Stop creating for the lowest common denominator. Some of us have been running Linux for over 25 years. Sick of reading these joke answers.

.exe in Grey Hack is really just there to distinguish between GUI programs and terminal programs for ease of use, but gatekeeping isn't a good look. People learn things like this through Grey Hack, it's a great transition point for people who are used to windows to getting into the pentesting world.

I disagree. Anyone with the remotest interest in security would not be running the spyware known as Windows. They know it tracks everything they do yet complain about 'denuvo' (doesn't exist for the same games on Linux) or "redshell" (doesn't exist for the same games on Linux).

It's not about 'gate keeping' as you put it, it's about having at least some semblance of reason - anyone that uses Windows has no right even thinking about 'pentesting' because they are using spyware swiss cheese themselves. Explain this to them - the very opposite of 'gatekeeping' as you call it, and they say 'buuuuut mah gamez'.

They don't even know enough to know you don't need windows for games lmao.

If they're the ones you think warrant somehow becoming 'pentesters' then it only goes to show how low the bar is set, and why windows users will always be owned.

Originally posted by Sneaky_Koala:

They don't even know enough to know you don't need windows for games lmao.

Just going to respond to this bit, many games do actually require windows. No amount of tomfoolery with linux trying to pretend to be windows can change that. For some games linux can emulate aspects of windows well enough to run them, for others it can't. Anyone arguing otherwise is in denial.

Originally posted by Sneaky_Koala:

I disagree. Anyone with the remotest interest in security would not be running the spyware known as Windows. They know it tracks everything they do yet complain about 'denuvo' (doesn't exist for the same games on Linux) or "redshell" (doesn't exist for the same games on Linux).

It's not about 'gate keeping' as you put it, it's about having at least some semblance of reason - anyone that uses Windows has no right even thinking about 'pentesting' because they are using spyware swiss cheese themselves. Explain this to them - the very opposite of 'gatekeeping' as you call it, and they say 'buuuuut mah gamez'.

They don't even know enough to know you don't need windows for games lmao.

You do know that you can get games without Denuvo on Windows as well? Windows is great, because literally everything works on it. Linux has thousands of distros ranging from popular to absolute crapshoot with lackluster support. There is a reason why Windows is a more popular PC OS than Linux kernel with it's bazillion distros.