rtmoran.org — Cybersecurity and Linux Resource

CategoryOverTheWire – Bandit

Over the Wire’s Bandit Challenge – Level 10

Level 10 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in the file data.txt, which contains base64 encoded data.”


bandit10@bandit:~$ ls -la
total 24
drwxr-xr-x  2 root     root     4096 Dec 28  2017 .
drwxr-xr-x 42 root     root     4096 Jul 22 18:42 ..
-rw-r--r--  1 root     root      220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root     root     3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root     root      655 Jun 24  2016 .profile
-rw-r-----  1 bandit11 bandit10   69 Dec 28  2017 data.txt
bandit10@bandit:~$ cat data.txt
VGhlIHBhc3N3b3JkIGlzIElGdWt3S0dzRlc4TU9xM0lSRnFyeEUxaHhUTkViVVBSCg==
bandit10@bandit:~$ cat data.txt | base64 -d
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

The password in level 10 has been encoded in base64, as detailed in the instructions.  Printing the contents of data.txt reveals a seemingly random string of characters appended with “==”.  By piping the contents of the file into base64 with the switch -d we are able to decrypt the password for level 11.

Over the Wire’s Bandit Challenge – Level 9

Level 09 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.”


bandit9@bandit:~$ ls -la
total 40
drwxr-xr-x  2 root     root     4096 Dec 28  2017 .
drwxr-xr-x 42 root     root     4096 Jul 22 18:42 ..
-rw-r--r--  1 root     root      220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root     root     3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root     root      655 Jun 24  2016 .profile
-rw-r-----  1 bandit10 bandit9 19379 Dec 28  2017 data.txt
bandit9@bandit:~$ file data.txt
data.txt: data
bandit9@bandit:~$ strings data.txt | grep "=="
========== theP`
========== password
L========== isA
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Because the majority of data.txt is not human readable, as revealed by the instructions, we use the command ‘strings’ to access the contents of the file, piping its output into grep, and filtering out those lines with “==”.

Over the Wire’s Bandit Challenge – Level 8

Level 08 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in the file data.txt and is the only line of text that occurs only once”


bandit8@bandit:~$ ls -la
total 56
drwxr-xr-x  2 root    root     4096 Dec 28  2017 .
drwxr-xr-x 42 root    root     4096 Jul 22 18:42 ..
-rw-r--r--  1 root    root      220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root    root     3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root    root      655 Jun 24  2016 .profile
-rw-r-----  1 bandit9 bandit8 33033 Dec 28  2017 data.txt
bandit8@bandit:~$ cat data.txt | sort | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

This time we are piping the contents of the data.txt file first through the sort command and secondly into the uniq command to print only unique entries in the sorted text.

Over the Wire’s Bandit Challenge – Level 7

Level 07 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in the file data.txt next to the word millionth”


bandit7@bandit:~$ ls -la
total 4108
drwxr-xr-x  2 root    root       4096 Dec 28  2017 .
drwxr-xr-x 42 root    root       4096 Jul 22 18:42 ..
-rw-r--r--  1 root    root        220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root    root       3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root    root        655 Jun 24  2016 .profile
-rw-r-----  1 bandit8 bandit7 4184396 Dec 28  2017 data.txt
bandit7@bandit:~$ cat data.txt | grep millionth
millionth       cvX2JJa4CFALtqS87jk27qwqGhBM9plV

By piping the contents of data.txt into grep, we are able to search for specific strings, and filter our output, limited to those particular lines in the text.

Over the Wire’s Bandit Challenge – Level 6

Level 6 – bandit – overthewire

Level Instructions:

“The password for the next level is stored somewhere on the server and has all of the following properties:

owned by user bandit7
owned by group bandit6
33 bytes in size”


bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Again, using the powerful find command, we can specify the owner, group, and file size of a particular file.  The “2>/dev/null” appended to the end of the command filters and forwards all erroneous returns to /dev/null which can essentially be considered ‘to nowhere’.

Over the Wire’s Bandit Challenge – Level 5

Level 05- bandit – overthewire

Level Instructions:

“The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

human-readable
1033 bytes in size
not executable”


bandit5@bandit:~$ ls
inhere
bandit5@bandit:~$ cd inhere
bandit5@bandit:~/inhere$ ls -la
total 88
drwxr-x--- 22 root bandit5 4096 Dec 28  2017 .
drwxr-xr-x  3 root root    4096 Dec 28  2017 ..
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere00
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere01
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere02
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere03
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere04
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere05
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere06
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere07
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere08
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere09
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere10
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere11
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere12
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere13
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere14
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere15
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere16
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere17
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere18
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere19
bandit5@bandit:~/inhere$ find . -type f -size 1033c ! -executable
./maybehere07/.file2
bandit5@bandit:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Increasing in difficulty, this challenge presents 20 directories with many different files residing within each.  Passing the ‘find’ command enables us to search the current directory for files 1033 bytes in size that are not executable.

Over the Wire’s Bandit Challenge – Level 4

Level 04 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.”


bandit4@bandit:~$ ls -la
total 24
drwxr-xr-x  3 root root 4096 Dec 28  2017 .
drwxr-xr-x 42 root root 4096 Jul 22 18:42 ..
-rw-r--r--  1 root root  220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root root 3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root root  655 Jun 24  2016 .profile
drwxr-xr-x  2 root root 4096 Dec 28  2017 inhere
bandit4@bandit:~$ cd inhere
bandit4@bandit:~/inhere$ ls -la
total 48
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file00
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file01
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file02
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file03
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file04
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file05
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file06
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file07
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file08
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file09
drwxr-xr-x 2 root    root    4096 Dec 28  2017 .
drwxr-xr-x 3 root    root    4096 Dec 28  2017 ..
bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@bandit:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

We are presented with 10 different files that the password could be residing within.  The instructions hinted that the password resided within the only human readable file.

Using the command ‘file’ prints additional file information to the terminal. Appending ./* to the end of the file command instructs the file command to print additional information for all files residing withing that current directory.

Over the Wire’s Bandit Challenge – Level 3

Level 03 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in a hidden file in the inhere directory.”


bandit3@bandit:~$ ls -la
total 24
drwxr-xr-x  3 root root 4096 Dec 28  2017 .
drwxr-xr-x 42 root root 4096 Jul 22 18:42 ..
-rw-r--r--  1 root root  220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root root 3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root root  655 Jun 24  2016 .profile
drwxr-xr-x  2 root root 4096 Dec 28  2017 inhere
bandit3@bandit:~$ cd inhere
bandit3@bandit:~/inhere$ ls -la
total 12
drwxr-xr-x 2 root    root    4096 Dec 28  2017 .
drwxr-xr-x 3 root    root    4096 Dec 28  2017 ..
-rw-r----- 1 bandit4 bandit3   33 Dec 28  2017 .hidden
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Listing the contents of the home directory reveals a folder named, ‘inhere’.  Because we were instructed the password would be stored within a hidden file, we use the -l & -a switches with command ‘ls’.  The -l switch simply provides a listed format with additional permissions information.  The -a switch reveals all the contents of the directory, including those that are hidden.

Over the Wire’s Bandit Challenge – Level 2

Level 02 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in a file called spaces in this filename located in the home directory”


bandit2@bandit:~$ ls
spaces in this filename
bandit2@bandit:~$ cat "spaces in this filename"
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit2@bandit:~$ ssh bandit3@localhost

Within the directory is a file named ‘spaces in this filename’.

Because of the spaces within the file, in order to access it, the file name must be enclosed within quotes.  Sure enough, the password for bandit3 is found inside.