-
Notifications
You must be signed in to change notification settings - Fork 3
/
Devang Arora
230 lines (177 loc) · 6.6 KB
/
Devang Arora
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
Solution and Explanations for Bandit Level 0-15
- Devang Arora
MIST Linux & Scripting
Level 0 to 1
ssh bandit.labs.overthewire.org -l bandit0 -p 222
ls
cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
ls lists what files are in the directory in which we are present
cat is used to read file
Level 1 to 2
ssh bandit.labs.overthewire.org -l bandit1 -p 2220
ls
cat ./- (to read dashed file)
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
Level 2 to 3
ssh bandit.labs.overthewire.org -l bandit2 -p 2220
ls
cat "spaces in this filename"
(by putting quotation marks around a file name which has spaces, the file can be read using cat command)
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Level 3 to 4
ssh bandit.labs.overthewire.org -l bandit3 -p 2220
ls
cd inhere
ls -a
cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
ls -a lists all hidden files
Level 4 to 5
ssh bandit.labs.overthewire.org -l bandit4 -p 2220
ls
cd inhere
cat ./-file07 (checked each file)
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
Level 5 to 6
ssh bandit.labs.overthewire.org -l bandit5 -p 2220
ls
cd inhere
man find
find -size 1033c (c represents bytes)
cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
Level 6 to 7
ssh bandit.labs.overthewire.org -l bandit6 -p 2220
man find
find -user bandit7 -group bandit6 -size 33c (man page of find shows to access file given it’s user, group and size)
find / -user bandit7 -group bandit6 -size 33c (with '/' find searches entire server)
cat /var/lib/dpkg/info/bandit7.password (Only file which didn't show "Permission denied")
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
Level 7 to 8
ssh bandit.labs.overthewire.org -l bandit7 -p 2220
ls
cat data.txt
man grep
grep millionth data.txt
millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plV
grep command here searches the named input files a particular word in the file.
Level 8 to 9
ssh bandit.labs.overthewire.org -l bandit8 -p 2220
ls
cat data.txt
sort data.txt | uniq -c
1 UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
sort command is used to sort lines of text files
uniq command can be used to report or omit repeated lines
uniq -c counts and prefixes lines by the number of occurrences
Level 9 to 10
ssh bandit.labs.overthewire.org -l bandit9 -p 2220
ls
cat data.txt
strings -a "==" data.txt ( strings command prints the strings of printable characters in files and hence
we can see the line of ‘=’ signs along with the password)
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
Level 10 to 11
ssh bandit.labs.overthewire.org -l bandit10 -p 2220
ls
man base64
base64 -d data.txt
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
base64 -d decodes base64 data
Level 11 to 12
ssh bandit.labs.overthewire.org -l bandit11 -p 2220
ls
cat data.txt
man tr
cat data.txt | tr 'a-zA-Z' 'n-za-mN-ZA-M'
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
(tr command is used to translate or delete characters. Each character in the first set will be
replaced with the corresponding character in the second set.
E.g. A replaced with N, B replaced with O, etc.. And then the same for the lower case letters.)
Level 12 to 13
ssh bandit.labs.overthewire.org -l bandit12 -p 2220
mkdir /tmp/directory ( mkdir command is used to make a new directory)
cp data.txt /tmp/directory/ (copies data from data.txt to /tmp/directory/)
xxd -r data.txt (used to revert hexdump into binary)
xxd -r data.txt > devang
ls
file devang (file command determines type of file)
devang: gzip compressed data, was "data2.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix
man mv (command mv is used to rename files)
mv devang devang.gz
gzip -d devang.gz
(Gzip reduces the size of the named files using Lempel-Ziv coding (LZ77). Compressed files can be restored to their original form using gzip -d or gunzip or zcat.)
file devang
devang: bzip2 compressed data, block size = 900k
mv devang devang.bz2
bzip2 -d devang.bz2
file devang
devang.bz2: gzip compressed data, was "data4.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix
bzip2 compresses files using the Burrows-Wheeler block sorting text compression algo‐
rithm, and Huffman coding. bzip2 –d is used to decompress the file.
mv devang.bz2 devang.gz
gzip -d devang.gz
devang: POSIX tar archive (GNU)
man tar
mv devang devang.tar
tar -xvf devang.tar ( -x is used to extract files from an archive, the -v option
requests the verbose operation, and the f option takes an argument that
sets the name of the archive to operate upon.)
data5.bin
file data5.bin
data5.bin: POSIX tar archive (GNU)
tar -xvf data5.bin
data6.bin
file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
ls
mv data6.bin data.bz2
bunzip2 data.bz2
file data
data: POSIX tar archive (GNU)
mv data data.tar
tar -xvf data.tar
data8.bin
file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix
mv data8.bin data8.gz
gunzip data8.gz
file data8
cat data8
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
Level 13 to 14
ssh bandit.labs.overthewire.org -l bandit13-p 2220
ls
sshkey.private
man ssh
ssh -i ./sshkey.private bandit14@localhost
( ssh -i Selects a file from which the identity (private key) for public key authentication is read.
We transfer the key to host and switch to user bandit14)
*user changes to bandit14*
cat /etc/bandit_pass/bandit14 (Reading location for password which could only be read by user bandit14)
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Level 14 to 15
man telnet
man nc
nc localhost 30000
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
( nc/netcat- "nc host port" creates a TCP connection to the
given port on the given target host. The input is then sent
to the host, and anything that comes back across the connection is sent
to output.)
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr
Level 15 to 16
ssh bandit.labs.overthewire.org -l bandit15 -p 2220
man openssl
man s_client
echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -connect localhost:30001
echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -connect localhos t:30001 -quiet
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd
echo command is used to pipe the password with openssl
The openssl s_client command implements a generic SSL/TLS client which connects
to a remote host using SSL/TLS
By using the –quiet suffix we inhibit printing of session and certificate information.
The suffix <-connect host:port> is used to sppecify the host and optional port to connect to.