Post

Bandit 1 ~ 10

bandit

1
2
3
host : bandit.labs.overthewire.org
port : 2220
환경 : putty, Hyper(WSL2)

bandit0

1
2
3
4
5
bandit0@bandit:~$ ls
readme

bandit0@bandit:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY

bandit1

1
2
bandit1@bandit:~$ cat <-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

bandit2

1
2
3
4
5
bandit2@bandit:~$ ls
spaces in this filename

bandit2@bandit:~$ cat 'spaces in this filename'
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

bandit3

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
bandit3@bandit:~$ ls
inhere
bandit3@bandit:~$ ls -al
total 24
drwxr-xr-x  3 root root 4096 May  7 20:14 .
drwxr-xr-x 41 root root 4096 May  7 20:14 ..
-rw-r--r--  1 root root  220 May 15  2017 .bash_logout
-rw-r--r--  1 root root 3526 May 15  2017 .bashrc
drwxr-xr-x  2 root root 4096 May  7 20:14 inhere
-rw-r--r--  1 root root  675 May 15  2017 .profile
bandit3@bandit:~$ cd inhere
bandit3@bandit:~/inhere$ ls
bandit3@bandit:~/inhere$ ls -al
total 12
drwxr-xr-x 2 root    root    4096 May  7 20:14 .
drwxr-xr-x 3 root    root    4096 May  7 20:14 ..
-rw-r----- 1 bandit4 bandit3   33 May  7 20:14 .hidden
bandit3@bandit:~/inhere$ cat < .hidden # or cat -- .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

bandit4

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
bandit4@bandit:~/inhere$ file -- -file00
-file00: data
bandit4@bandit:~/inhere$ file -- -file01
-file01: data
bandit4@bandit:~/inhere$ file -- -file02
-file02: data
bandit4@bandit:~/inhere$ file -- -file03
-file03: data
bandit4@bandit:~/inhere$ file -- -file04
-file04: data
bandit4@bandit:~/inhere$ file -- -file05
-file05: data
bandit4@bandit:~/inhere$ file -- -file06
-file06: data
bandit4@bandit:~/inhere$ file -- -file07
-file07: ASCII text                         # <- flag is in here
bandit4@bandit:~/inhere$ file -- -file08
-file08: data
bandit4@bandit:~/inhere$ file -- -file09
-file09: data
bandit4@bandit:~/inhere$ cat -- -file07 # or cat < -file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

bandit5

1
2
3
4
5
6
The password for the next level is stored in a file somewhere 
under the inhere directory and has all of the following properties:

human-readable
1033 bytes in size
not executable
1
2
3
4
bandit5@bandit:~/inhere$ find . -type f -size 1033c -perm 640
./maybehere07/.file2     
bandit5@bandit:~/inhere$ cat < ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

bandit6

1
2
3
4
5
6
The password for the next level is stored somewhere on the server 
and has all of the following properties:

owned by user bandit7
owned by group bandit6
33 bytes in size
1
2
3
4
5
6
bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c
#redacted
/var/lib/dpkg/info/bandit7.password
#redacted
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

bandit7

1
2
The password for the next level is stored in the file data.txt 
next to the word millionth
1
2
bandit7@bandit:~$ grep -n "millionth" data.txt
37262:millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plV

bandit8

1
2
The password for the next level is stored in the file data.txt 
and is the only line of text that occurs only once
1
2
bandit8@bandit:~$ cat data.txt | sort | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

bandit9

1
2
The password for the next level is stored in the file data.txt 
in one of the few human-readable strings, preceded by several ‘=’ characters.
1
2
3
4
bandit9@bandit:~$ strings data.txt
#redacted
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
#redacted

bandit10

1
2
The password for the next level is stored in the file data.txt, 
which contains base64 encoded data
1
2
bandit10@bandit:~$ base64 -d data.txt
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
This post is licensed under CC BY 4.0 by the author.