Bandit Walk Through 4


Bandit Level 9

This challenge wanted us to read the file data.txt and find the human readable strings beginning with several equal signs. Since there was non-human readable code in there, I knew that I could use the strings command to get the readable code. I also used grep to find only the lines that matched the === pattern.

Password = truKLdjsbJ5g7yyJ2X2Ro3a5HQJFuLK

Bandit Level 10

This time the flag is again stored in a data.txt file, but the data is encoded using base64. For this challenge I need to read the data using echo and pipe it to decode using base64 decoder.

Password = IFukwKGsFW8M0q3IRFqrxE1hxTNEbUPR

Bandit Level 11

This time the flag is again stored in a data.txt file, but this time the encoding method is ROT13. I looked up how to encode ROT13 in linux and found a command using the translate command. I echoed the data from the file and piped the translate code.

Password = 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Bandit Level 12

This one was very tedious. I am sure there was a much simpler way than the way I did, it but I will have to find out later. Essentially this time the data.txt file has been compressed several times. The objective is to decompress the file every time by determining the name of the file, renaming it, then decompressing the file. This was done in several steps so I will not explain how I did it but will show it all below.

Password = 8ZjyCRiBWFYkneahHwxCv3wb2a10RpYL

Bandit Level 13

This time the challenge required us to use ssh from the level 13 server and log on as the level14 user using a private key. I had to look up how to use private keys in ssh and was able to find ample information. I’m becoming a Google Fu blackbelt!  I used the below command to do so.

Then it was as simple as reading the etc/bandit_pass/bandit14 file to get the flag.

Password = 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Bandit Level 14

For level 14 the requirement was to send the password for level 14 to port 30000 to retrieve the next flag. I used netcat and then put the current password in. That gave me the next flag

Password = BfMYroe26WYalil77FoDi9qh59ek5xNr

Bandit Walk through 3

Level 5:

This level required me to find the password stored in the inhere directory that had three properties; it had to be human readable, 1033 bytes in size, and not an executable. For this, I decided to use the find command. I knew I would need to give it a few other flags, so I started by changing the directory to the inhere directory. I constructed the command to look for the size of 1033c ensure it was readable with the readable flag and not an executable by inputting the special character for not in front of the flag for executable. This returned a directory and file; I used the cat command to read the file, notice the file has a period in front of it, so I had to use an escape character to get to it.

The password for level 6: DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Level 6:

Level six’s password was stored somewhere on the server and had to be owned by the user bandit7 and the group bandit6 and had to be 33 bytes in size. Using the find command, I searched the entire server by inputting /. Then looked for a file type of f for file and inputted a couple of flags for size, the user and the group. Initially, when I did this it returned so much information, I got a headache. I wanted to figure out how to only return the one location that met all these parameters. I came across the Linux documentation and saw the final command in the string 2>/dev/null. This specific string returns only the correct location because it stores all the errors (stderr) I was seeing earlier into the dev/null file. Once I got that information, I was able to cat the file and receive the password.

Password for level 7: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Level 7:

I got Occupy the Web’s book “Linux Basics for Hackers” for Christmas, when reading that book I learned a lot about grep, I had used it previously but was not very familiar with it prior. As soon as I saw this challenge I knew how to figure this one out. Level 7 stores the password in a data.txt file next to the word millionth. I know I could pipe grep millionth into a cat command call and it would return the password.

Password for level 8: cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Level 8:

Level 8 had a password stored in the data.txt file, but it was the only line of text that was unique. I decided to read the file, sort it by piping the sort command, and then identify the unique line of text by using the uniq -u command. That inevitably returned the password.

Password for level 9: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Over the Wire Bandit Walk-through 2

Level 4:

This level required that I find the flag in the only human readable file in the Inhere directory. I thought about trying a few other ways of doing this, but I found out on my first attempt that what I had intended, worked, and I did not go any further. For this one, I used the cat command with an asterisk at the end of the file. The asterisk is a wildcard that searched through each of the files that start with file, no matter what is at the end. When I used this command in that sequence, it worked, and I was able to sort through just a little bit of junk to find the password.

The password for level 5 is koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Level 5:

I was incredibly surprised at how easily I figured this one out. I thought it would take me a long time. However, it only took me a few minutes with a little help from google. The point behind this challenge is to find a file in the inhere directory that is human-readable, 1033 bytes in size and not executable. In this challenge, I used the find command. I knew since I had some properties that I had to follow I would have to add a few extra flags to get to the file. Using the find command, I had to use the size flag to put the size of the file we wanted to see. Since the file size was 1033 bytes, we had to add the file size as -size 1033c and add a readable as well as an executable flag. The readable flag is simply -readable, but since the property has to be not executable a ! is required before the -executable flag. This tells the shell that we do not want to find a file that is executable. After running this command the file  ./maybehere07/.file2 is returned, so I run the cat command on that and the password for level 6 is returned.

Level 6 password is DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Level 6:

Level 6 offered some challenges. This challenge was very similar to the last challenge; I had to look for a file that had three properties. This had to be owned by the user bandit7 and the group bandit6 and a size of 33 bytes. This initially I thought it would be very similar to the last challenge, except I would have to search the entire drive and add the owners and it would return the value I wanted. However, I kept getting stuck on a bunch of random characters and so forth. I googled how to sort through all of the information and figured out I could redirect my output from the command to dev/null, and it would return the name of the directory. From there I could cat the file. So I searched the entire drive by using. Instead of just the period like last time, then I wanted to view a file, that was 33 bytes in size, so I used the command -type f and -size 33c. Next, the user and group needed to be given, so I used the -user and -group flags and directed it to the dev/null. Then I was given the directory and was able to cat into it.

Password for Level 7: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Level 7:

Level 7 was one that I was very familiar with the commands. The challenge requirement was to find the password in the data.txt file that was next to the word millionth. I knew from previous classes, and other endeavors that grep was the perfect tool for this one. I was able to pipe grep with the words millionth with the cat command and it worked. When used grep allows the user to locate specific information in a file.

Password for level 8: cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Over The Wire Bandit Walk-through 1

For the last few weeks I have been playing a war game at called Bandit. The game essentially teaches linux basics. I thought it would be a great opportunity to share what how I came to the results in my blog. This specific blog post goes through levels zero through 3.

Level 0:

This level is simple. The object is to login to the server using SSH, next look for the readme file that  has the password stored in it and read it.

First I log into the server then use the listing command ls to show the files. There is a file named readme so I use the cat command to print the contents of the readme file.

The password for level 1 is boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Level 1:

In level 1 I need to read a file that does not have a traditional filename, but it has a special character as the filename. When reading files in Linux it is necessary to use an escape character to read a file that uses special characters. This is done by using the string combination of ./

For this level I again used ls to read the listing of files in the directory. I see that the directory has a file named -, in order to read a file that is named using a special character I have to use the escape combination of ./ and the cat command.

The password for level 2 is CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Level 2:

This level requires that I read a file that has spaces in it. Again an escape character is needed to do this, if an escape character was not used then cat would try to read each word in the filename as a different file and would likely give an error saying “spaces does not exist in this directory” or something to that degree. The solution to this problem would be to used the escape character \ after each word, and include the space. The command would look like that cat spaces\ in\ this\ filename

Since we use the escape character it continues to read through the file as  if it were one string.

The password for level 3 is UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Level 3:

This level requires that I find a hidden file in the inhere directory. For this level it is necessary to use a few other commands. First I use the change directory to command to change to the inhere directory. Since the file is hidden if I were to ls I would not find any directories. So I have to use a special command that shows all files in a directory. I use the listing all command by using ls with a flag a. The command would be crafted as such ls -a. As can be seen in the screen shot below we see a .hidden file. In order to read the file an escape character is required because the file begins with a special character. I used the forward slash again for this so the command reads cat \.hidden

The password for level 4 is  pIwrPrtPN36QITSp3EQaw936yaFoFgAB