Scribd
Upload
252 views6 pages

Bandit Levels

The document contains output from multiple commands run on different bandit levels. It shows passwords and hints to access higher levels: - Bandit5's password is found in a file to access bandit6. - Bandit6's password is found by searching a file to access bandit7. - Bandit7's password is found by sorting and filtering data to access bandit8. - Several compression and archive commands on a file reveal bandit12's password to access bandit13. - Bandit13's private SSH key is used to access bandit14 via localhost. - Netcat is used to obtain bandit14's password to access bandit15. - OpenSSL

Uploaded by

Simbad M
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
252 views6 pages

Bandit Levels

The document contains output from multiple commands run on different bandit levels. It shows passwords and hints to access higher levels: - Bandit5's password is found in a file to access bandit6. - Bandit6's password is found by searching a file to access bandit7. - Bandit7's password is found by sorting and filtering data to access bandit8. - Several compression and archive commands on a file reveal bandit12's password to access bandit13. - Bandit13's private SSH key is used to access bandit14 via localhost. - Netcat is used to obtain bandit14's password to access bandit15. - OpenSSL

Uploaded by

Simbad M
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 6

bandit5@bandit:~/inhere$ cat ./maybehere07/.

file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
bandit7@bandit:~$ grep 'millionth' data.txt
millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plV
bandit8@bandit:~$ sort data.txt | uniq -c -u
1 UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
bandit9@bandit:~$ grep -a '==' data.txt | tr -cs '== [:alnum:]' '\n'
| grep '=='
========== theP
========== password
L========== isA
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
bandit10@bandit:~$ base64 -d data.txt
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
bandit11@bandit:~$ cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
bandit12@bandit:/tmp/myname1234$ zcat data2.bin | bzcat |
zcat | tar -xO | tar -xO | bzcat | tar -xO | zcat
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

//Copiază fișier din server ssh


/* scp -P 2220 [email protected]:./sshkey.private
/Users/Andrei/Desktop */

bandit13@bandit:~$ ssh -i sshkey.private bandit14@localhost


Could not create directory '/home/bandit13/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is
SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts
(/home/bandit13/.ssh/known_hosts).
This is a OverTheWire game server…

bandit14@bandit:/etc/bandit_pass$ cat bandit14


4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

bandit14@bandit:~$ nc localhost 30000


4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr

bandit15@bandit:~$ openssl s_client -ign_eof -connect


localhost:30001
CONNECTED(00000003)
depth=0 CN = bandit
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = bandit
verify return:1
---
Certificate chain
0 s:/CN=bandit
i:/CN=bandit
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICsjCCAZqgAwIBAgIJAKZI1xYeoXFuMA0GCSqGSIb3DQEBCwUAMBE
xDzANBgNV
BAMMBmJhbmRpdDAeFw0xNzEyMjgxMzIzNDBaFw0yNzEyMjYxMzIzN
DBaMBExDzAN
BgNVBAMMBmJhbmRpdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADC
CAQoCggEBAOcX
ruVcnQUBeHJeNpSYayQExCJmcHzSCktnOnF/H4efWzxvLRWt5z4gYaKv
TC9ixLrb
K7a255GEaUbP/NVFpB/sn56uJc1ijz8u0hWQ3DwVe5ZrHUkNzAuvC2O
eQgh2HanV
5LwB1nmRZn90PG1puKxktMjXsGY7f9Yvx1/yVnZqu2Ev2uDA0RXij/T+
hEqgDMI7
y4ZFmuYD8z4b2kAUwj7RHh9LUKXKQlO+Pn8hchdR/4IK+Xc4+GFOin
0XdQdUJaBD
8quOUma424ejF5aB6QCSE82MmHlLBO2tzC9yKv8L8w+fUeQFECH1
WfPC56GcAq3U
IvgdjGrU/7EKN5XkONcCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqh
kiG9w0BAQsF
AAOCAQEAnrOty7WAOpDGhuu0V8FqPoKNwFrqGuQCTeqhQ9LP0bFNh
uH34pZ0JFsH
L+Y/q4Um7+66mNJUFpMDykm51xLY2Y4oDNCzugy+fm5Q0EWKRwr
q+hIM+5hs0RdC
nARP+719ddmUiXF7r7IVP2gK+xqpa8+YcYnLuoXEtpKkrrQCCUiqablt
U5yRMR77
3wqB54txrB4IhwnXqpO23kTuRNrkG+JqDUkaVpvct+FAdT3PODMONP/
oHII3SH9i
ar/rI9k+4hjlg4NqOoduxX9M+iLJ0Zgj6HAg3EQVn4NHsgmuTgmknbhq
TU3o4IwB
XFnxdxVy0ImGYtvmnZDQCGivDok6jA==
-----END CERTIFICATE-----
subject=/CN=bandit
issuer=/CN=bandit
---
No client certificate CA names sent
---
SSL handshake has read 1015 bytes and written 631 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID:
AB974EE547C3B22AAF7FCECD1AEF67E5C403596CEAD2EBC7730EB
7F0C7336593
Session-ID-ctx:
Master-Key:
9A2180552AC144C6B6D7CFB71C6AC41437169EF0C4C1BAE170386
83E0666321AC191F5667FBA6CD27DF306F7A681A5EE
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - d8 e7 5e 4d 05 16 cc c8-da 3a 0c 2f ea 07 06 d5
..^M.....:./....
0010 - 37 2a 18 23 6c c6 f6 6d-5b ce 97 d7 69 7e 50 7b
7*.#l..m[...i~P{
0020 - 8b fc cf 6c da 4a 52 fb-0a 11 dc c9 94 c2 23 89
...l.JR.......#.
0030 - 2b 84 d9 c7 01 3f 8e f5-92 11 4b 5d c4 db 6c 9a
+....?....K]..l.
0040 - 60 0b 7d c4 fd f7 1a 42-46 e3 b9 11 d3 c7 f8 56
`.}....BF......V
0050 - ad ac ae 7d 1a c9 28 83-32 3f cd 04 56 8a f1 fc ...}..
(.2?..V...
0060 - 10 29 25 4f 12 ad 94 b8-41 35 56 ea a6 4c bc e1 .)
%O....A5V..L..
0070 - 4d dd c2 4c 6d bb 6d 41-4e 97 7e 92 96 89 d8 c3
M..Lm.mAN.~.....
0080 - e0 be dd 06 77 8d a1 a0-14 43 e2 83 7a 3b 2d 7f
....w....C..z;-.
0090 - 5d ac 0d 50 bb e7 3d ba-fe 51 22 55 13 88 c1
70 ]..P..=..Q"U...p
Start Time: 1516473002
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd

closed

bandit16@bandit:~$ nmap -A -p 31000-32000 localhost


31790/tcp open ssl/unknown
bandit16@bandit:~$ openssl s_client -connect localhost:31790
cluFn7wTiGryunymYOu4RcffSxQluehd
Correct!
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqU
H57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7
YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5T
btJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3Oeke
PQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0L
WN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1
aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1
NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UE
SzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCX
kMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom
+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DG
L51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0N
xHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+q
DpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMS
kCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+E
xdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l
5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V
5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2
m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD
6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6
CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnab
vXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MI
AEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCW
W+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX
8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----

closed

bandit16@bandit:/tmp/rsaForNL$ touch nextlev.private


bandit16@bandit:/tmp/rsaForNL$ ls
nextlev.private
bandit16@bandit:/tmp/rsaForNL$ vim nextlev.private

/*Paste rsa private key from above, press ESC to save it to the file
and then type “:wq” for comming back to command line */

bandit16@bandit:/tmp/rsaForNL$ chmod 600 nextlev.private


bandit16@bandit:/tmp/rsaForNL$ ssh -i nextlev.private
bandit17@localhost

bandit17@bandit:~$ diff passwords.new passwords.old


42c42
< kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
---
> 6vcSC74ROI95NqkKaeEC2ABVMDX9TyUr

bandit17@bandit:/tmp/coppyFrom18$ scp -P 2220


bandit18@localhost:./readme ./
bandit18@localhost's password:
readme 100% 33 0.0KB/s
00:00
bandit17@bandit:/tmp/coppyFrom18$ ls
readme
bandit17@bandit:/tmp/coppyFrom18$ cat readme
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

bandit19@bandit:/etc/bandit_pass$ cat bandit19


IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

bandit19@bandit:~$ ./bandit20-do
Run a command as another user.
Example: ./bandit20-do id
bandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass/bandit20
GbKksEFF4yrVs6il55v6gwY5aVje5f0j

You might also like