Play with wargame — Bandit 0–10
OverTheWire is truly a cool staff, which offer several challenges for you to practice server-side exploitation.
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of…
Regrettably, I never free myself to finish those series carefully and record them somewhere. This time, I won’t let it go. Consider that I am pretty an novice, content below will seem kinda of redundant. Anyway, here we go.
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0
Of course this one is indeed a Check-in
ssh -p 2220 firstname.lastname@example.org finish it
The password for the next level is stored in a file called - located in the home directory
You can see that the password file is there, safe and sound
However, this specialized filename seems meaningful and you cannot simply cat it. Let’s find out why through the manual.
The cat utility reads files sequentially, writing them to the standard output. The file operands are processed in command-line order. If file is a single dash (`-`) or absent, cat reads from the standard input. If file is a UNIX domain socket, cat connects to it and then reads it until EOF. This complements the UNIX domain binding capability available is inetd(8).
Well, that make sense if you know commands like
cat | ./someprog which allows you to transfer standard input to a program.
Anyway, just use
cat ./- to pass it
The password for the next level is stored in a file called spaces in this filename located in the home directory
I just think of what this challenge want to tell us. Perhaps it just want us know that some specific characters like space need a
/ in commands
Thanks for current shell’s automatic completion
The password for the next level is stored in a hidden file in the inhere directory.
There will always be some special hidden file in Unix system, starting with
ls -a and we can get it
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
The introduction is weird and when you open the folder you can see 10 files like below.
reset instruction is really cool which can reactive the shell. But
clear is much suitable for me.
Learn some basic shell script can help to solve this
for((i=0;i<10;i++));do cat './-file'$i; echo '\n'; done
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
- 1033 bytes in size
- not executable
Well this challenge will be truly tedious if done by hand. we should figure out some clever solution.
Considering those three clues offered, we finally get commands like
find ./ -size 1033c and
/myabehere07/.file2 is our target
The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
find and parameters game. Read the manual of
find carefully and we can try with instruction like
find / -size 33c -readble -group bandit6 -user bandit7
The answer is located in /var/lib/dpkg/info/bandit7.password
The password for the next level is stored in the file data.txt next to the word millionth
Starting from this challenge. The hint becomes to
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
Seems we have to deal with
string tricks and some
cat data.txt | grep millionth and succeed.
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
The very direct feeling is to delete lines that are duplicated.
This challenge held up me for a while. For I haven’t carefully read the description of
Filter adjacent matching lines from INPUT (or standard input), writing to OUTPUT (or standard output).
That is to say if two identical lines are split by other lines. This instruction won’t do much
The answer should be
sort data.txt | uniq -u
The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.
Begin with several ‘=’? This definitely refer to the regex expression.
cat data.txt | grep -a "==="
-a for processing this binary file
The password for the next level is stored in the file data.txt, which contains base64 encoded data
That was simple. Though I usually encode/decode base64 using python scripts.
base64 -d ./data.txt