Bandit Level 1

Bandit 1 

We just got the password for level one and are now logging in. I got sick of PuTTY and VM'ed kali really quickly.


root@kali:~# ssh bandit1@bandit.labs.overthewire.org -p 2220
The authenticity of host '[bandit.labs.overthewire.org]:2220 ([176.9.9.172]:2220)' can't be established.
ECDSA key fingerprint is SHA256:SCySwNrZFEHArEX1cAlnnaJ5gz2O8VEigY9X80nFWUU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[bandit.labs.overthewire.org]:2220,[176.9.9.172]:2220' (ECDSA) to the list of known hosts.
 _                     _ _ _   
| |__   __ _ _ __   __| (_) |_ 
| '_ \ / _` | '_ \ / _` | | __|
| |_) | (_| | | | | (_| | | |_ 
|_.__/ \__,_|_| |_|\__,_|_|\__|
                               
a http://www.overthewire.org wargame.

bandit1@bandit.labs.overthewire.org's password: 
Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.0-71-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

bandit1@bandit:~$

Remember the syntax to connect is "ssh <user@host> -p <port#>" For levels 1-2 of bandit these are our instructions...

Level Goal

The password for the next level is stored in a file called - located in the home directory

Commands you may need to solve this level

ls, cd, cat, file, du, find

Okay so now what? 


bandit1@bandit:~$  
bandit1@bandit:~$ ls
-
bandit1@bandit:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit1@bandit:~$

We list stuff here with "ls" and see the file. When using the cat command to display that file we use "./" before our file name, this tells the cat command to look in our current working directory. The tac "-" symbol is a character that indicates a switch for commands. The CLI wouldn't know what we are asking it to do if we just used "cat -" and question us, unless we specify the full file path or put quotations around the tac symbol.

bandit1@bandit:~$ cat "-"
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

 Both solutions would work, as we move on, remember there are more solutions possible than the one's I show. Nobody cares how you pwn a system they just care that you did.


Glowfish Contrast

Comments

Post a Comment

Popular posts from this blog

Thoughts on ISSA talk on using AI to automate security

Recently I attended the ISSA presentation in MN, the description of it: The Power and Potential of Robotic Process Automation. And the Security Risks. Please join us on March 22 nd  as we explore the powerful and emerging Robotic Process Automation technology in regards to what IT security professionals need to know about RPA platforms . Robotic process automation (RPA) is a powerful and emerging technology that streamlines and standardizes many human user processes as well as harmonizes different systems across an organization’s environment. So what do IT security professionals need to know about RPA platforms? Very simply, it is a new attack vector and organizations need to start to understand their risk. Because RPA software interacts directly with business applications and mimics the way applications use and mirror human credentials and entitlements, this can introduce risks when the software robots automate and perform routine business processes across multiple
Read more

Bandit 12

Bandit 12 bandit12@bandit:~$ ls data.txt bandit12@bandit:~$ mkdir data bandit12@bandit:~$ cp data.txt ./data bandit12@bandit:~$ cd data bandit12@bandit:~/data$ ls data.txt bandit12@bandit:~/data$ file data.txt data.txt: ASCII text 0000000: 1f8b 0808 4572 4259 0203 6461 7461 322e ....ErBY..data2. 0000010: 6269 6e00 0143 02bc fd42 5a68 3931 4159 bin..C...BZh91AY 0000020: 2653 59a3 fd61 8800 0019 ffff dffb 1ff5 &SY..a.......... 0000030: f7d7 dfdb fe4f ffb3 b5f7 ffdf b2d8 fefb .....O.......... 0000040: e7dd fffa fefd 7f7b d1fb fe3f b001 3b56 .......{...?..;V 0000050: a106 81a0 1a00 07a8 0068 01a1 a69a 0000 .........h...... 0000060: d1a0 d034 6868 34f5 0641 a000 000d 000f ...4hh4..A...... 0000070: 5064 00d0 321a 69e9 0323 1a27 a883 4003 Pd..2.i..#.'..@. 0000080: 41a0 01ea 0000 0003 4000 0068 7a4f 4800 A.......@..hzOH. 0000090: 0c8c 803d 41a0 64d1 a3d4 d1a3 6a68 01a0 ...=A.d.....jh.. 00000a0: 34da 8340 003d 4347 a83a 69a6 8699 0034 4..@.=CG.:i....4 00000b0: 3203 4610 3
Read more

Bandit level 14

Bandit 14 Level Goal The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost . Commands you may need to solve this level ssh, telnet, nc, openssl, s_client, nmap Helpful Reading Material How the Internet works in 5 minutes (YouTube) (Not completely accurate, but good enough for beginners) IP Addresses IP Address on Wikipedia Localhost on Wikipedia Ports Port (computer networking) on Wikipedia Okay so I know telnet doesn't have authentication. I know I'm probably using that so I check the man page. Synopsis telnet [ -8EFKLacdfrx ] [ -X authtype ] [ -b hostalias ] [ -e escapechar ] [ -k realm ] [ -l user ] [ -n tracefile ] [ host [ port ]] Okay so the command will be "telnet localhost 30000", remember those instructions from the previous level on where that password was? Neither do , lets read it again! "The pa
Read more