Open in app

Sign in

Write

Sign in

Mastodon

Member-only story

Introduction

This article can be used to help solve the HackTheBox Sherlock, β€œBrutus”.

https://app.hackthebox.com/sherlocks/Brutus

Regardless, this information is useful if you need to read a wtmp file from any Linux system on any system which supports Python.

Read for Free:

Parsing and Reading the wtmp File

What is a wtmp file?

The wtmp file is a binary log file that stores historical records in the form of entries for logins, logouts, system reboots, and system shutdowns. It serves as a record and history of all user sessions on the system.

This log file is typically located at β€œ/var/log/wtmp”.

Since the data is stored in binary, we will use a ready-made Python library to parse and read the entries stored in the binary log.

Python Libraries

The Python library β€œutmp” is used to parse the history entries.

utmp is described as:

Pure-Python library to decode/read utmp and wtmp files.

https://pypi.org/project/utmp/

What Type of Data is Parsed in our Program

--

--

β‹– π‘±π™€π‘Ίπ™Žπ‘¬ 𝑺𝙃𝑬𝙇𝑳𝙀𝒀 β­ƒ
β‹– π‘±π™€π‘Ίπ™Žπ‘¬ 𝑺𝙃𝑬𝙇𝑳𝙀𝒀 β­ƒ

Written by β‹– π‘±π™€π‘Ίπ™Žπ‘¬ 𝑺𝙃𝑬𝙇𝑳𝙀𝒀 β­ƒ

2.2K Followers
3.2K Following

Passionate writer and crafter of flash fiction, health insights, and diverse topics. Expert in criminal investigations, evidence custody, IT, and InfoSec.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams