Menu

Bandit Summary

September 30, 2016 - OverTheWire.org, WeChall

Game Page

For beginners to familiarize themselves with CLI and networking tools.

Basic comands

cat
cat ./-    # "-" means STDIN
cat <-

ls
ls -la

clear 
reset

find (a file)

find / -group bandit6 -user bandit7 2> /dev/null
find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null -exec cat {} \;
cat `find / -user bandit7 -group bandit6 -size 33c 2>/dev/null`

find ./ -size 1033c
find . -type f -size 1033c -exec cat {} \;
cat `find ./inhere -size 1033c` | gawk '{print $1}'

grep (content)

cat data.txt | grep millionth
cat data.txt | grep "millionth" | gawk {'print $2'}
strings data.txt | grep "^="
strings data.txt | grep ^=[a-zA-Z0-9]*

sort, uniq

cat data.txt | sort | uniq -u

echo

echo -e "\#\!/bin/bash\ncat /etc/bandit_pass/bandit24 > /tmp/minez/bandit24_Herp-A-Derp\nchown bandit23:bandit23 /tmp/minez/bandit24_Herp-A-Derp\n" > /var/spool/bandit24/Herp-A-Derp.sh

Connect to the server via SSH


# With password # ============= $ ssh bandit25@bandit.labs.overthewire.org # Enter password uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG # With private key # ============= # File bandit26.sshkey is in the same folder as the command writtren to connect to the server ssh -i bandit26.sshkey bandit26@bandit.labs.overthewire.org ssh -i sshkey.private bandit14@localhost # Add command execution # ============= ssh bandit18@localhost cat readme ssh bandit18@banfit.labs.overthewire.org "cat readme"

scp

scp bandit18@bandit.labs.overthewire.org:.~/readme ./readme

base64

base64 -d data.txt
cat data.txt | base64 -d

ROT13

cat data.txt | tr a-zA-Z n-za-mN-ZA-M

xxd – hexdump or reverse

xxd -r data.txt > data1.bin^C  # reverse

file – analyze file

file data2.bin 

Decompress tar, gzip and bzip2

cat data1.bin | gzip -d > data2.bin
gzip -d > data4.bin
tar -xvf data4.bin
bzip2 -d > data3.bin

nc – connect and listen to TCP and UDP ports

echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
cat /etc/bandit_pass/bandit14 | nc -vvn 127.0.0.1 30000
nc localhost 31046
nc -l 7777  # listen
nc -l -p 1234

openssl – securely connect to a port

openssl s_client -connect localhost:30001
openssl s_client -quiet -connect localhost:30001
cat /etc/bandit_pass/bandit15 | openssl s_client -connect localhost:30001 -quiet

nmap – scan ports

nmap -p 0-65535 localhost   # see which program uses the ports: sudo netstat -plant
nmap -p 31000-32000 localhost
nmap -sT -p 31000-32000 localhost

diff

diff passwords.new passwords.old

grep

grep -wvf passwords.old passwords.new

chmod – change file mode bits

chmod 777 filename.txt
chmod 400 filename.txt  # for private keys

setuid

Setuid binary will execute in the context of the user who owns it.

./bandit20-do cat /etc/bandit_pass/bandit20

redirects

>    to file
2>    std error to file
1>&2   std out to error
2>&1   error to out
&>   out and error to file
/usr/bin/cronjob_bandit23.sh  &> /dev/null

gdb – the GNU Debugger

Explore binary file.

gdb ./bandit20-do

Pages with solutions

Bandit Keys

bandit0:bandit0
bandit1:boJ9jbbUNNfktd78OOpsqOltutMc3MY1
bandit2:CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit3:UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit4:pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit5:koReBOKuIDDepwhWk7jZC0RTdopnAYKh
bandit6:DXjZPULLxYr17uwoI01bNLQbtFemEgo7
bandit7:HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
bandit8:cvX2JJa4CFALtqS87jk27qwqGhBM9plV
bandit9:UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
bandit10:truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
bandit11:IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
bandit12:5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
bandit13:8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
bandit14:4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
bandit15:BfMYroe26WYalil77FoDi9qh59eK5xNr
bandit16:cluFn7wTiGryunymYOu4RcffSxQluehd
bandit17:xLYVMN9WE5zQ5vHacb0sZEVqbrp7nBTn
bandit18:kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
bandit19:IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
bandit20:GbKksEFF4yrVs6il55v6gwY5aVje5f0j
bandit21:gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
bandit22:Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
bandit23:jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
bandit24:UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
bandit25:uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
bandit26:5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z

Leave a Reply

Your email address will not be published.