Bandit Walk Through 4

Bandit Level 9

This challenge wanted us to read the file data.txt and find the human readable strings beginning with several equal signs. Since there was non-human readable code in there, I knew that I could use the strings command to get the readable code. I also used grep to find only the lines that matched the === pattern.

Password = truKLdjsbJ5g7yyJ2X2Ro3a5HQJFuLK

Bandit Level 10

This time the flag is again stored in a data.txt file, but the data is encoded using base64. For this challenge I need to read the data using echo and pipe it to decode using base64 decoder.

Password = IFukwKGsFW8M0q3IRFqrxE1hxTNEbUPR

Bandit Level 11

This time the flag is again stored in a data.txt file, but this time the encoding method is ROT13. I looked up how to encode ROT13 in linux and found a command using the translate command. I echoed the data from the file and piped the translate code.

Password = 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Bandit Level 12

This one was very tedious. I am sure there was a much simpler way than the way I did, it but I will have to find out later. Essentially this time the data.txt file has been compressed several times. The objective is to decompress the file every time by determining the name of the file, renaming it, then decompressing the file. This was done in several steps so I will not explain how I did it but will show it all below.

Password = 8ZjyCRiBWFYkneahHwxCv3wb2a10RpYL

Bandit Level 13

This time the challenge required us to use ssh from the level 13 server and log on as the level14 user using a private key. I had to look up how to use private keys in ssh and was able to find ample information. I’m becoming a Google Fu blackbelt!  I used the below command to do so.

Then it was as simple as reading the etc/bandit_pass/bandit14 file to get the flag.

Password = 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Bandit Level 14

For level 14 the requirement was to send the password for level 14 to port 30000 to retrieve the next flag. I used netcat and then put the current password in. That gave me the next flag

Password = BfMYroe26WYalil77FoDi9qh59ek5xNr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s