overthewire wargame

-

bandit

 
hostname    :    bandit.labs.overthewire.org

ping bandit.labs.overthewire.org

ipaddress    :    176.9.9.172
port number    :    2220

ssh bandit0@176.9.9.172 -p 2220


bandit0    :bandit0               :
                 cat readme

bandit1    :boJ9jbbUNNfktd78OOpsqOltutMc3MY1 :
                 cat ./-

bandit2    :CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 :
                 cat spaces\ in\ this\ filename

bandit3    :UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK :
                 cd inhere/ && cat .hidden

bandit4    :pIwrPrtPN36QITSp3EQaw936yaFoFgAB :
                 cd inhere/ && cat ./-file07

bandit5    :koReBOKuIDDepwhWk7jZC0RTdopnAYKh :
                  cd inhere/ && cat ./maybehere07/.file2

bandit6    :DXjZPULLxYr17uwoI01bNLQbtFemEgo7 :
                 cd / && find -user bandit7 && cat /var/lib/dpkg/info/bandit7.password

bandit7    :HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs :
                 grep millionth data.txt

bandit8    :cvX2JJa4CFALtqS87jk27qwqGhBM9plV :
                 cat data.txt | sort | uniq -u

bandit9    :UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR :
                 strings data.txt | grep '='   

bandit10   :truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk :
                  base64 -d data.txt

bandit11   :IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR :
                 https://cryptii.com/pipes/caesar-cipher (paste plain text and n is 13)

bandit12   :5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu :
                 cd  /tmp/myname (tar xvf , file ,mv to rename file and extract until                     get ascii)

bandit13   :8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL :
                 ssh -i sshkey.private bandit14@localhost

bandit14    :<use ssh privatekey for password>:
                   cat /etc/bandit_pass/bandit14 
                   4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e  
                   echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000

bandit15    :BfMYroe26WYalil77FoDi9qh59eK5xNr :
                   openssl s_client -ign_eof -connect localhost:30001
                   BfMYroe26WYalil77FoDi9qh59eK5xNr   

bandit16    :cluFn7wTiGryunymYOu4RcffSxQluehd : 
                   nmap -p 31000-32000 localhost
                   openssl s_client -ign_eof -connect localhost:31790   
                   cluFn7wTiGryunymYOu4RcffSxQluehd   
                   copy and paste the private key and change the "chmod 600"
                   ssh -i ssh.private bandit17@176.9.9.172 -p 2220

bandit17    :<login through using above steps>:
                  diff passwords.old password.new
                  kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd (password to login to bandit18)

bandit18    :kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd:
                  ssh bandit18@localhost (if you login bandit18 with the above password
                  through ssh it will automatically logout and say "byebye!"
                  because someone made a script to automatically logout when login     using ssh)
                  so i am going force to open the shell using -t flag
                  ssh -t bandit@localhost /bin/sh
                  IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x (password for bandit19)
 

bandit19    :IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x:
                 ./bandit20-do cat /etc/bandit_pass/bandit20
                 GbKksEFF4yrVs6il55v6gwY5aVje5f0j

bandit20    :GbKksEFF4yrVs6il55v6gwY5aVje5f0j




Comments

Post a Comment

Popular posts from this blog

vowels in the file

-
Vowels in the File: Find the number of vowels in the file and add the count on the file . Program: f=open('a.txt','r') #a.txt (filename) total=0 for line in f.read():     if(line=='a' or line=='e' or line=='i' or line=='o' or line=='u' or line=='A' or line=='E' or line=='I' or line=='O' or line=='U'):         total+=1 f=open('a.txt','a') f.write('Number of vowels in the file :'+str(total)) f.close
Read more

Software Freedom Day 2020

-
Image
Software Freedom Day 2020 (SFD_2020) Software Freedom Day (SFD) is an annual worldwide celebration of Free Software. SFD is a public education effort with the aim of increasing awareness of Free Software,we have conducting the event in the villupuram District, our community name is called VGLUG .   In this year Due to this pandemic COVID-19 situation we can't conduct the event in live location so we are planned to conduct in the online mode and also made some videos for the  vglug youtube channel about free softwares , And I have a new Experiance for making video about linux commands and shell scripting. learning is a good thing and teaching others what we know is a very good thing. mega virtual event all so conducted on the sep 20 ,from morning 9 am to evening 3:30 pm, 10 stalls with 10 technology.   VGLUG_5050 VGLUG SFD 2020 celebration with the theme of 50contributions from 50 Contributors. videos Contributed by   : Vigneshwaran S Topic     ...
Read more

gobuster

-
Image
Gobuster     Gobuster is a tool used to brute-force URI's (Uniform Resource Identifier) (directories and files) in web sites.  It is used to enumerate the directories in the given path of the site using the wordlist. Result is shown in the status code like 200,403,301,etc. similar tools  dirbuster which is builtin tool in   kali linux.  Command : gobuster dir -u http://websitename/ -w /usr/share/wordlists/dirb/common.txt websitename:  we can use the IP address with port number or site name. git-hub : gobuster
Read more