← Back to Lessons

  • linux

    • blue-team

  • cron-jobs

  • privilege-escalation

  • ubuntu server,

In Search of the Impostor - Navigating an Ubuntu Server

What is a web server?
Ubuntu Server: the fortress under Linux
Clues to find malicious tasks
Basic Linux commands to navigate and search
Build your mindset

In every story of struggle and camaraderie, betrayal is the darkest shadow. That person you trusted, that friend or colleague who worked side by side with you, suddenly becomes the silent enemy. The threat doesn't always come from outside; sometimes it hides within, disguised as trust and kindness.

Today you'll face that challenge: uncovering the impostor who corrupts from within, sabotaging the system everyone is defending.

What is a web server?

A web server is a machine that hosts pages and applications accessible via the Internet or internal networks. When you visit a site, your browser requests information from that server, which responds with the files that display the page.

Ubuntu Server: the fortress under Linux

Ubuntu Server is a Linux distribution designed to offer stability, security, and flexibility on servers. Unlike a desktop version, it doesn't have a graphical interface by default; everything is managed through commands.

Typical structure of an Ubuntu web server

  • /var/www/ — Folder where website files are usually hosted
  • /etc/apache2/ or /etc/nginx/ — Web server configurations (Apache or Nginx)
  • /home/ — User directories
  • /root/ — Superuser (root) folder, normally inaccessible without privileges

Services that might be running

  • Apache or Nginx: web servers that handle HTTP requests
  • MySQL or PostgreSQL: databases that store information
  • Cron: service that runs scheduled tasks automatically
  • iptables: tool to control firewall rules and packet filtering

What is crontab?

Crontab is a system for scheduling tasks to run at specific times or periodically. These tasks can be scripts that clean files, update databases, or, in the wrong hands, cause harm.

What is iptables?

Iptables is a utility for configuring firewall rules in Linux.
It allows you to control which connections enter and leave the server, blocking or permitting traffic according to defined criteria.

Users, roles, and permissions in Linux

  • Each person or process has a user with specific permissions.
  • The superuser (root) has total access.
  • Permissions control who can read, write, or execute files and commands.

Clues to find malicious tasks

  • Explore scheduled tasks with crontab -l or by checking /etc/crontab and /etc/cron.*
  • Inspect unusual rules in iptables with sudo iptables -L (though without sudo it may be limited)
  • Look for suspicious scripts or files with strange permissions in common directories
  • ls — list files and folders
  • ls -a — list including hidden files and folders (those starting with .)
  • cd — change directory
  • cat — display file contents
  • ps aux — list running processes
  • whoami — show current user
  • id — show current user and groups
  • find — search for files with certain criteria

You must use your eyes, your logic, and your commands to explore the server, discover the impostor causing the damage, and restore the web. It's not just a technical test; it's an exercise in patience, intuition, and strategy.

Build your mindset

"The greatest threat isn't always outside; sometimes, the enemy wears your own face."