Skip to content

Instantly share code, notes, and snippets.

@jxub

jxub/bandit-wargame.md

Created May 7, 2019 09:04
Show Gist options
  • Save jxub/21d071622509a6a36a824515eb4aaf00 to your computer and use it in GitHub Desktop.
Save jxub/21d071622509a6a36a824515eb4aaf00 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
bandit-wargame.md

lab 5

pass: koReBOKuIDDepwhWk7jZC0RTdopnAYKh command: find . -type f -size 1033c ! -executable

lab 6

pass: DXjZPULLxYr17uwoI01bNLQbtFemEgo7 command: find . -user bandit7 -group bandit6 -size 33c -ls 2>&1 | grep -v find | awk -F " " '{print $NF}' | xargs cat

lab 7

pass: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs command: find . -name "data.txt" -type f -ls 2>&1 | grep -v find: | awk -F " " '{print $NF}' | xargs cat | grep millionth | grep -v catA

lab 8

pass: cvX2JJa4CFALtqS87jk27qwqGhBM9plV command: sort data.txt | uniq -u

lab 9

pass: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR command: cat data.txt | grep -a "===="

lab 10

pass: truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk command: base64 -d data.txt

lab 11

pass: IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR command: cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'

lab 12

pass: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

lab 13

pass: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

lab 14

pass: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

lab 15

pass: BfMYroe26WYalil77FoDi9qh59eK5xNr

lab 16

pass: cluFn7wTiGryunymYOu4RcffSxQluehd command: openssl s_client -connect localhost:30001

lab 17

pass: -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama +TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT 8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM 77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3 vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY= -----END RSA PRIVATE KEY----- command: nmap -sT -p 31000-32000 localhost

lab 17

bandit17@bandit:~$ diff passwords.old passwords.new 42c42 < hlbSBPAWJmL6WFDb06gpTx1pPButblOA

kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd (pass)

lab 18

command: ssh -t bandit18@bandit.labs.overthewire.org -p 2220 'cat readme' pass: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

lab 19

command: bandit19@bandit:~$ ./bandit20-do /bin/sh $ cat /etc/bandit_pass/bandit20 pass: GbKksEFF4yrVs6il55v6gwY5aVje5f0j

lab 20

command: bandit20@bandit:$ echo "GbKksEFF4yrVs6il55v6gwY5aVje5f0j" | nc -l -p 12344 & [3] 19295 bandit20@bandit:$ ./suconnect 12344 Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j Password matches, sending next password gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

lab 21

pass: Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

lab 22

command: bandit22@bandit:~$ cat /tmp/8169b67bd894ddbb4412f91573b38db3 pass: Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

lab 23

pass: jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n

lab 24

pass: UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

lab 25

command: bandit24@bandit:/tmp/tmp.qHFHY7gF2O$ cat bf.sh #! /usr/bin/env bash

set -euo pipefail

#trap "echo exiting...; exit" INT

nums=(1 2 3 4 5 6 7 8 9 0)

#var=1

for n1 in "${nums[@]}" do for n2 in "${nums[@]}" do for n3 in "${nums[@]}" do for n4 in "${nums[@]}" do #echo "Intent $var out of 10000" #echo "Trying with UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $n1$n2$n3$n4" echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $n1$n2$n3$n4" # | nc localhost 30002 ; # ((var=var+1)) done done done done

bandit24@bandit:/tmp/tmp.qHFHY7gF2O$ sort passes -r | nc localhost 30002 | grep -vi wrong I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space. Correct! The password of user bandit25 is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG

lab 26

command: bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27 pass: 3ba3118a22e93127a4ed485be72ef5ea

lab 27

command: ssh bandit27-git@localhost -t -- "git upload-pack '/home/bandit27-git/repo'" passwd: 0ef186ac70e04ea33b4c1853d2526fa2

lab 28

sol: buried in git log password: bbc96594b4e001778eee9975372716b2

lab 29

sol: in a dev remote ref pass: 5b90576bedb2cc04c86a9e924ce42faf

lab 30

bandit30@bandit:/tmp/tmp.PSB9GsNVWl/repo$ cat .git/packed-refs

pack-refs with: peeled fully-peeled

3aa4c239f729b07deb99a52f125893e162daac9e refs/remotes/origin/master f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea refs/tags/secret bandit30@bandit:/tmp/tmp.PSB9GsNVWl/repo$ git cat-file --batch-check --batch-all-objects 029ba421ef4c34205d52133f8da3d69bc1853777 blob 30 3aa4c239f729b07deb99a52f125893e162daac9e commit 194 bd85592e905590f084b8df33363a46f9ac4aa708 tree 37 f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea blob 33 bandit30@bandit:/tmp/tmp.PSB9GsNVWl/repo$ git cat-file f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea -p 47e603bb428404d265f59c42920d81e5 (pass)

lab 31

sol: simply push to master pass: 56a9bf19c63d650ce78e6ec0354ee45e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment