• Tutorials,  Vulnerable Labs

    Installing Metasploitable 3 for Windows 10

    When tasked with the installation of Metasploitable 3, unlike its predecessor, Metasploitable 2, users will be met, not with an .iso file, prebuilt VMware or VBox file, but with a Github repository containing all the files needed to build the virtual environment themselves.Metasploitable 3 is different from its predecessor, especially, in that this new method of installation allows users to build and update machines far easier than before.  The vulnerable machine can also be deployed on different OS's including Windows Server or a Linux distro, such as, Ubuntu.

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 20

    Level 20 – bandit – overthewire Level Instructions: “There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21). NOTE: Try connecting to your own network daemon to see if it works as you think”

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 19

    Level 19 – bandit – overthewire Level Instructions: “To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.” bandit19@bandit:~$ ls -la total 28 drwxr-xr-x 2 root root 4096 Dec 28 2017 . drwxr-xr-x 42 root root 4096 Jul 22 18:42 .. -rw-r--r-- 1 root root 220 Sep 1 2015 .bash_logout -rw-r--r-- 1 root root 3771 Sep 1 2015 .bashrc -rw-r--r-- 1 root root 655 Jun 24 2016 .profile -rwsr-x--- 1 bandit20 bandit19 7408 Dec 28 2017 bandit20-do bandit19@bandit:~$ ./bandit20-do Run a command as another user. Example: ./bandit20-do id bandit19@bandit:~$…

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 18

    Level 18 – bandit – overthewire Level Instructions: “The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.” bandit17@bandit:~$ ssh bandit18@localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc. Are you sure you want to continue connecting (yes/no)? yes ... ... ... Byebye ! Connection to localhost closed. bandit17@bandit:~$ ssh bandit18@localhost cat readme The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc. Are you sure you want to continue connecting (yes/no)? yes ... ... ... bandit18@localhost's password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x As hinted in the instructions for level 17 upon logging into bandit18 we receive a ‘Byebye !’…

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 17

    Level 17 – bandit – overthewire Level Instructions: “There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19.” bandit17@bandit:~$ ls -la total 40 drwxr-xr-x 3 root root 4096 Dec 28 2017 . drwxr-xr-x 42 root root 4096 Jul 22 18:42 .. -rw-r----- 1 bandit17 bandit17 33 Dec 28 2017 .bandit16.password -rw-r--r-- 1 root root 220 Sep 1 2015 .bash_logout -rw-r--r-- 1 root root 3771 Sep 1 2015 .bashrc -rw-r--r-- 1 root root 655 Jun 24 2016 .profile drwxr-xr-x 2 root…

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 16

    Level 16 – bandit – overthewire Level Instructions: “The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.” bandit16@bandit:~$ nmap -sV -A -p 31000-32000 localhost | grep open 31046/tcp open echo 31518/tcp open ssl/echo 31691/tcp open echo 31790/tcp open ssl/unknown 31960/tcp open echo bandit16@bandit:~$ openssl s_client -connect localhost:31790 -quiet depth=0 CN = bandit verify error:num=18:self signed certificate verify return:1 depth=0…

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 15

    Level 15 – bandit – overthewire Level Instructions: “The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption. Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…” bandit15@bandit:~$ openssl s_client -connect localhost:30001 -quiet depth=0 CN = bandit verify error:num=18:self signed certificate verify return:1 depth=0 CN = bandit verify return:1 BfMYroe26WYalil77FoDi9qh59eK5xNr Correct! cluFn7wTiGryunymYOu4RcffSxQluehd We use the command ‘openssl’ to establish a secure connection over port 30001.  The directions hint at possible output errors you may receive and points to appending your command with ‘-ign_eof’ which prevents…

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 14

    Level 14 – bandit – overthewire Level Instructions: “The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.” bandit14@bandit:~$ cat /etc/bandit_pass/bandit14 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e bandit14@bandit:~$ nc localhost 30000 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e Correct! BfMYroe26WYalil77FoDi9qh59eK5xNr First, we need to print out the password to the current user bandit14.  The location of the password /etc/bandit_pass/bandit14 was revealed in the previous challenge.  Next we can establish a connection with localhost:30000 using either netcat or telnet.  We paste the current password, once connected, and the password for bandit15 is returned.

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 13

    Level 13 – bandit – overthewire Level Instructions: “The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on.” bandit13@bandit:~$ ls -la total 24 drwxr-xr-x 2 root root 4096 Dec 28 2017 . drwxr-xr-x 42 root root 4096 Jul 22 18:42 .. -rw-r--r-- 1 root root 220 Sep 1 2015 .bash_logout -rw-r--r-- 1 root root 3771 Sep 1 2015 .bashrc -rw-r--r-- 1 root root 655 Jun 24 2016 .profile -rw-r----- 1 bandit14 bandit13 1679 Dec 28 2017 sshkey.private bandit13@bandit:~$…

  • overthewire
    OverTheWire - Bandit,  Tutorials

    Over the Wire’s Bandit Challenge – Level 12

    Level 12 – bandit – overthewire Level Instructions: “The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!).” bandit12@bandit:~$ ls -la total 24 drwxr-xr-x 2 root root 4096 Dec 28 2017 . drwxr-xr-x 42 root root 4096 Jul 22 18:42 .. -rw-r--r-- 1 root root 220 Sep 1 2015 .bash_logout -rw-r--r-- 1 root root 3771 Sep 1 2015 .bashrc -rw-r--r-- 1 root root 655 Jun 24 2016 .profile -rw-r----- 1 bandit13 bandit12 2646 Dec…