For beginners to familiarize themselves with CLI and networking tools.
Basic comands
cat
cat ./- # "-" means STDIN
cat <-
ls
ls -la
clear
reset
find (a file)
find / -group bandit6 -user bandit7 2> /dev/null
find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null -exec cat {} \;
cat `find / -user bandit7 -group bandit6 -size 33c 2>/dev/null`
find ./ -size 1033c
find . -type f -size 1033c -exec cat {} \;
cat `find ./inhere -size 1033c` | gawk '{print $1}'
grep (content)
cat data.txt | grep millionth
cat data.txt | grep "millionth" | gawk {'print $2'}
strings data.txt | grep "^="
strings data.txt | grep ^=[a-zA-Z0-9]*
sort, uniq
cat data.txt | sort | uniq -u
echo
echo -e "\#\!/bin/bash\ncat /etc/bandit_pass/bandit24 > /tmp/minez/bandit24_Herp-A-Derp\nchown bandit23:bandit23 /tmp/minez/bandit24_Herp-A-Derp\n" > /var/spool/bandit24/Herp-A-Derp.sh
Connect to the server via SSH
# With password
# =============
$ ssh bandit25@bandit.labs.overthewire.org
# Enter password
uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
# With private key
# =============
# File bandit26.sshkey is in the same folder as the command writtren to connect to the server
ssh -i bandit26.sshkey bandit26@bandit.labs.overthewire.org
ssh -i sshkey.private bandit14@localhost
# Add command execution
# =============
ssh bandit18@localhost cat readme
ssh bandit18@banfit.labs.overthewire.org "cat readme"
scp
scp bandit18@bandit.labs.overthewire.org:.~/readme ./readme
base64
base64 -d data.txt
cat data.txt | base64 -d
ROT13
cat data.txt | tr a-zA-Z n-za-mN-ZA-M
xxd – hexdump or reverse
xxd -r data.txt > data1.bin^C # reverse
file – analyze file
file data2.bin
Decompress tar, gzip and bzip2
cat data1.bin | gzip -d > data2.bin
gzip -d > data4.bin
tar -xvf data4.bin
bzip2 -d > data3.bin
nc – connect and listen to TCP and UDP ports
echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
cat /etc/bandit_pass/bandit14 | nc -vvn 127.0.0.1 30000
nc localhost 31046
nc -l 7777 # listen
nc -l -p 1234
openssl – securely connect to a port
openssl s_client -connect localhost:30001
openssl s_client -quiet -connect localhost:30001
cat /etc/bandit_pass/bandit15 | openssl s_client -connect localhost:30001 -quiet
nmap – scan ports
nmap -p 0-65535 localhost # see which program uses the ports: sudo netstat -plant
nmap -p 31000-32000 localhost
nmap -sT -p 31000-32000 localhost
diff
diff passwords.new passwords.old
grep
grep -wvf passwords.old passwords.new
chmod – change file mode bits
chmod 777 filename.txt
chmod 400 filename.txt # for private keys
setuid
Setuid binary will execute in the context of the user who owns it.
./bandit20-do cat /etc/bandit_pass/bandit20
redirects
> to file
2> std error to file
1>&2 std out to error
2>&1 error to out
&> out and error to file
/usr/bin/cronjob_bandit23.sh &> /dev/null
gdb – the GNU Debugger
Explore binary file.
gdb ./bandit20-do
Pages with solutions
- https://github.com/Cathon/mySolutions/tree/master/overthewire/Bandit
- http://www.jaxhax.org/index.php/OverTheWire.org
- http://codebluedev.blogspot.si/2015/07/overthewire-bandit-cheat-sheet.html
Bandit Keys
bandit0:bandit0
bandit1:boJ9jbbUNNfktd78OOpsqOltutMc3MY1
bandit2:CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit3:UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit4:pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit5:koReBOKuIDDepwhWk7jZC0RTdopnAYKh
bandit6:DXjZPULLxYr17uwoI01bNLQbtFemEgo7
bandit7:HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
bandit8:cvX2JJa4CFALtqS87jk27qwqGhBM9plV
bandit9:UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
bandit10:truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
bandit11:IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
bandit12:5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
bandit13:8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
bandit14:4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
bandit15:BfMYroe26WYalil77FoDi9qh59eK5xNr
bandit16:cluFn7wTiGryunymYOu4RcffSxQluehd
bandit17:xLYVMN9WE5zQ5vHacb0sZEVqbrp7nBTn
bandit18:kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
bandit19:IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
bandit20:GbKksEFF4yrVs6il55v6gwY5aVje5f0j
bandit21:gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
bandit22:Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
bandit23:jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
bandit24:UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
bandit25:uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
bandit26:5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z