Overthewire wargame-bandit

文章目录

    • Bandit
      • **Level 0->Level 1**
      • **Level 1-> Level 2**
      • **Level 2->Level 3**
      • **Level 3-> Level 4**
      • **Level 4->Level 5**
      • **Level 6 -> level 7**
      • Level 7-> Level 8
      • Level 8 -> Level 9
      • Level 9-> Level 10
      • Level 10-> Level 11
      • Level 11-> Level 12
      • Level 12->Level 13
      • Level 13->Level 14
      • Level 14->Level 15
      • Level 15->Level 16
      • Level 16->Level 17
      • Level 17 -> Level 18
      • Level 18->Level 19

#Overthewire wargame

Bandit

Level 0->Level 1

ssh [email protected] -p 2220
cat readme

Level 1-> Level 2

cat ./-
password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Level 2->Level 3

cat spaces\ in\ this\ filename
password: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Level 3-> Level 4

cat inhere/.hidden
password: pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Level 4->Level 5

The password for the next level is stored in the only human-readable file in the inhere directory
find . -exec file {} \;|grep ASCII|cut -b -9|xargs cat
password: koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Level 5->Level 6
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

find inhere/ -size 1033c -exec file {} \;|cut -d : -f 1|xargs cat
password: DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Level 6 -> level 7

The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size

find / -user bandit7 -group bandit6 -size 33c
password; HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Level 7-> Level 8

grep millionth data.txt
password: cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Level 8 -> Level 9

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

cat data.txt |sort|uniq -c|grep '1 '
password: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Level 9-> Level 10

The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.
strings data.txt |grep ===
password: truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Level 10-> Level 11

The password for the next level is stored in the file data.txt, which contains base64 encoded data
strings data.txt |base64 -d
password: IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

Level 11-> Level 12

The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
cat data.txt |tr 'A-Za-z' 'N-ZA-Mn-za-m'
password:5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Level 12->Level 13

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

xxd -r data.txt > data
file data
mv data data.gz
gunzip data.gz
反复用file gunzip, tar xvf 或bunzip2
password: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

Level 13->Level 14

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on

ssh bandit14@localhost -i private.key
password: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Level 14->Level 15

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
telnet localhost 30000
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
password: BfMYroe26WYalil77FoDi9qh59eK5xNr

Level 15->Level 16

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
openssl s_client -ign_eof -connect localhost:30001
password: cluFn7wTiGryunymYOu4RcffSxQluehd

Level 16->Level 17

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
nmap localhost -p 31001-32001
openssl s_client -connect localhost:31xxx
or
echo aaa |nc localhost 31xxx and then openssl s_client -connect localhost:31xxx -quiet
private key: -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama +TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT 8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM 77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3 vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY= -----END RSA PRIVATE KEY-----
save the private key to a file and chmod 400 abc.priv

Level 17 -> Level 18

There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new
diff passwords.old passwords.new
password: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

Level 18->Level 19

The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.

cmd: ssh [email protected] -p 2220 /bin/sh
password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

你可能感兴趣的:(Overthewire wargame-bandit)