This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd ../../etc/cron.d | |
| ls -l | |
| // -rw-r--r-- 1 root root 120 May 7 20:14 cronjob_bandit22 | |
| // -rw-r--r-- 1 root root 122 May 7 20:14 cronjob_bandit23 | |
| // -rw-r--r-- 1 root root 120 May 7 20:14 cronjob_bandit24 | |
| cat cat cronjob_bandit22 | |
| // @reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null | |
| // * * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null | |
| cd ../../usr/bin/ | |
| cat cronjob_bandit22.sh |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Prepare 2 tabs in terminal | |
| // One: | |
| echo GbKksEFF4yrVs6il55v6gwY5aVje5f0j | nc -l -p 31321 | |
| // the other one: | |
| ./suconnect 31321 | |
| // Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j | |
| // Password matches, sending next password |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ls -la | |
| // -rwsr-x--- 1 bandit20 bandit19 7296 May 7 20:14 bandit20-do | |
| ./bandit20-do | |
| // Run a command as another user. | |
| // Example: ./bandit20-do id | |
| ./bandit20-do id | |
| // uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11019(bandit19) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh -p 2220 bandit18@bandit.labs.overthewire.org | |
| // Byebye ! | |
| // Connection to bandit.labs.overthewire.org closed. | |
| ssh -p 2220 bandit18@bandit.labs.overthewire.org "cat ~/readme" | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff passwords.old passwords.new | |
| // 42c42 | |
| // < w0Yfolrc5bwjS4qw5mq1nnQi6mF03bii | |
| // --- | |
| // > kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nmap -sT -p 31000-32000 localhost | |
| // Nmap scan report for localhost (127.0.0.1) | |
| // Host is up (0.00026s latency). | |
| // Not shown: 997 closed ports | |
| // PORT STATE SERVICE | |
| // 31518/tcp open unknown | |
| // 31691/tcp open unknown | |
| // 31790/tcp open unknown | |
| // 31960/tcp open unknown |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nc localhost 30000 | |
| // Type password | |
| // OR | |
| echo "Password" | nc localhost 30000 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh -i sshkey.private bandit14@localhost | |
| // type yes | |
| cd ../../etc/bandit_pass/ | |
| cat bandit14 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat data.txt | |
| // It shows dumphexed lines | |
| mkdir /tmp/kotaro666 | |
| cp data.txt /tmp/kotaro666 | |
| cd /tmp/kotaro666 | |
| ls | |
| // check if the file is sucucessfully copied in new directory | |
| xxd -r data.txt newfile | |
| ls -la |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat data.txt | |
| // Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh | |
| cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m' | |
| // Result | |
| // The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu |
NewerOlder