wargames bandit 1-25

http://overthewire.org/wargames/bandit/bandit12.html
http://blog.csdn.net/winkar/article/details/38408873
https://www.aerian.fr/bandit-challenges-overthewire/
http://completelyunoptimized.com/2014/08/13/726/

ssh bandit.labs.overthewire.org


bandit0
bandit0
cat ./-

bandit1
boJ9jbbUNNfktd78OOpsqOltutMc3MY1

bandit2
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

bandit3
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
cat inhere/.

bandit4
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

bandit5
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
du -a | grep '1033'

bandit6
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
find / -user 'bandit7' -group 'bandit6' -size 33c | grep -v 'denied'

bandit7
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
cat data.txt | grep 'millionth'

bandit8
cvX2JJa4CFALtqS87jk27qwqGhBM9plV
cat data.txt | sort | uniq -u

bandit9
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
cat data.txt | strings | grep '='

bandit10
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
cat data.txt | base64 -d
echo -n 'VGhlIHBhc3N3b3JkIGlzIElGdWt3S0dzRlc4TU9xM0lSRnFyeEUxaHhUTkViVVBSCg==' | base64 -d


bandit11
IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
cat data.txt | tr [a-z] [n-za-m] | tr [A-Z] [N-ZA-M]
or sed

bandit12
5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
xxd -r XXX.txt XXX 还原为压缩文件
mv name rename
xxd data | head
gzip -d xxx.gz
bzip2 -d xxx.bz2
tar -xvf xxx.tar

bandit13
8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
chmod 600 ./ssh_private
ssh -i ./ssh_private bandit14@localhost

bandit14
cat /etc/bandit_pass/bandit14
nc localhost 30000
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e



bandit15
BfMYroe26WYalil77FoDi9qh59eK5xNr
openssl s_client -connect localhost:30001 -quiet
-quiet用以关闭session和证书的信息,同时打开-ign_eof这个选项。前者可简化显示的界面,后者则保证在输入完成后不是立即

断开连接,否则无法看到回显的下一个等级的密码。

bandit16
cluFn7wTiGryunymYOu4RcffSxQluehd
nmap localhost -p 31000-32000
openssl s_client -connect localhost:31790 -quiet

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----

mkdir /tmp/bandit16jx
cd /tmp/bandit16jx
pico sshkey.private
copy paste
chmod 600 sshkey.private
ssh -i sshkey.private bandit17@localhost

bandit17
diff passwords.old passwords.new
< PRjrhDcANrVM6em57fPnFp4Tcq8gvwzK
---
> kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

bandit18
kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
ssh [email protected] 'cat ./readme'
or
scp  [email protected]:./readme ./readme

bandit19
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
./bandit20-do cat /etc/bandit_pass/bandit20

bandit20
GbKksEFF4yrVs6il55v6gwY5aVje5f0j
two terminel:
1:terminal 1:nc -l 12345
2:terminal 2:./suconnect 12345
3.terminal 1:GbKksEFF4yrVs6il55v6gwY5aVje5f0j

bandit21
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
cd /etc/cron.d/
cat cron-apt
cat cronjob_bandit22
cat /usr/bin/cronjob_bandit22.sh
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv


bandit22
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
cat /usr/bin/cronjob_bandit23.sh
echo I am user bandit23 | md5sum | cut -d ' ' -f 1
cat /tmp/8ca319486bfbbc3663ea0fbe81326349

bandit23
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n


最后一题,实在是没有什么办法了,参考了网上两个人的解法,都没有成功。好累的赶脚。。。

你可能感兴趣的:(上下求索)