Skip to content

Linux Basic 06

Introduction

EHCTF

Category: Misc

Write-up date: 03/03/2025

Question: Trong linux, ví dụ có một tiến trình là opera.exe có định danh là 6969 thì làm sao để biết được folder gốc mà nó hoạt động là ở đâu?

Point: 286

Solve

In linux file hierarchy, all information of a process in linux is present as file in subdirectory name as process ID ( PID) inside /proc. So to find a process has a PID 6969 run in what folder, we can use ls to see the real directory of the symlink cwd. And because /proc need more permission than user, we need sudo to promote our permision to root.

FLAG: EHCTF{sudo ls -la /proc/6969/cwd}