Sadserver Day 4: The Spy’s Secret

Muskan AgrawalMuskan Agrawal
3 min read

Table of contents

The Problem Statement

On Day 4 of Sadserver, the task looked simple on the surface:

A spy has left a password in a file under /proc/sys. The file’s contents begin with secret:. Find the file, extract the password, and save it to /home/admin/secret.txt.

At first glance, this sounds easy. But if you’ve ever explored /proc, you know it’s a huge collection of virtual files that reflect kernel and system state. Most are read-only and filled with numbers, which makes hunting for a string like secret: tricky if you try to do it manually.

Finding the File

I wasn’t going to open files one by one in the age of AI, so I decided to let find and grep do the heavy lifting:

find /proc/sys -type f -exec grep -El '^secret:' {} 2>/dev/null \;

Here’s what’s happening:

  • find /proc/sys -type f: Looks through /proc/sys for regular files. This skips directories and other types of filesystem objects.

  • -exec grep -El '^secret:' {}: For every file found, runs grep to search for lines that start with secret:.

    • -E: Enables extended regular expressions, making it easier to write patterns.

    • -l: Only display filenames with matches, not the matching content.

    • '^secret:': Regular expression to match lines beginning with secret:.

  • 2>/dev/null: Redirects error messages (like permission denied) away, so you only see successful results.

This prints the path to the file we’re after.

An Alternative

Another way is to use xargs:

find /proc/sys -type f -print0 | xargs -0 grep -El '^secret:' 2>/dev/null

This does pretty much the same thing. The -print0 and -0 pairing ensures filenames with spaces get handled correctly.

  • -print0 (in find) and -0 (in xargs): These flags work together to handle filenames with spaces or odd characters.

  • xargs grep -El '^secret:': Runs grep on all files found. Same pattern as before, just handled in batch instead of one-by-one.

Extracting the Password

Once the right file is identified, getting the actual password is straightforward. Let’s say the file is /proc/sys/spy/hidden:

grep -oP '^secret:\K.*' /proc/sys/spy/hidden > /home/admin/secret.txt

The \K in the regex drops everything before the password and saves only the part after secret:. Redirecting the output into /home/admin/secret.txt completes the task, with the password sitting there on its own line.

Takeaway

This challenge wasn’t really about /proc itself. The interesting part was using the right tools to sift through a large set of files efficiently. When you need to find a pattern hidden in system files, combining find with grep is a quick and reliable approach.

Day 4 closed with the spy’s password safely captured. Tomorrow brings the next puzzle.

0
Subscribe to my newsletter

Read articles from Muskan Agrawal directly inside your inbox. Subscribe to the newsletter, and don't miss out.

linux-basicslinux-commandslinux for beginnersgrepproc/dev/null

Written by

Muskan Agrawal
Muskan Agrawal

Cloud and DevOps professional with a passion for automation, containers, and cloud-native practices, committed to sharing lessons from the trenches while always seeking new challenges. Combining hands-on expertise with an open mind, I write to demystify the complexities of DevOps and grow alongside the tech community.