Open Source Glasgow

User Tools

Site Tools

Trace: command_line
command_line

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
command_line [2024/07/10 14:21]
admin 		command_line [2025/08/18 21:16] (current)
admin
Line 19: Line 19:
  
 ===== Passwords ===== ===== Passwords =====
 +3QJ3TgzHDq
 +NsN1HwFoyN
 +
 These are here in case you lose your place, or want to resume from where you left off. These are here in case you lose your place, or want to resume from where you left off.
 <​code>​ <​code>​
Line 36: Line 39:
 Level 13: FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn Level 13: FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn
 Level 14:  Level 14: 
 +
 +Level 14
 +is accesed from 13
 +
 +Level 15
 +
 +8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
 +
 +
 +Level 16
 +
 +kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
 +
 +Level 17
 +
 +bandit16@bandit:​~$ nmap localhost -p 31000-32000
 +Starting Nmap 7.94SVN ( https://​nmap.org ) at 2025-08-18 00:27 UTC
 +Nmap scan report for localhost (127.0.0.1)
 +Host is up (0.00011s latency).
 +Not shown: 996 closed tcp ports (conn-refused)
 +PORT      STATE SERVICE
 +31046/tcp open  unknown
 +31518/tcp open  unknown
 +31691/tcp open  unknown
 +31790/tcp open  unknown
 +31960/tcp open  unknown
 +
 +Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
 +bandit16@bandit:​~$
 +
 +here is the 5 possabels I will try each
 +
 +31046  not it
 +31518  keyupdate
 +31691  not it
 +31790  it
 +31960  not it
 +
 +
 +the pass to current
 +bandit16@bandit:​~$ cat /​etc/​bandit_pass/​bandit16
 +kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
 +bandit16@bandit:​~$
 +
 +
 +after openssl s_client -connect localhost:​31790 and feeding it the pass from 17 I got a ssh private key to get 18
 +
 +
 +Level 18
 +
 +bandit17@bandit:​~$ ls -a
 +.  ..  .bandit16.password ​ .bash_logout ​ .bashrc ​ passwords.new ​ passwords.old ​ .profile ​ .ssh
 +bandit17@bandit:​~$ diff passwords.new passwords.old
 +42c42
 +< x2gLTTjFwMOhQ8oWNbMN362QKxfRqGlO
 +---
 +> CgmS55GVlEKTgx8xpW8HuWnHlBKP924b
 +bandit17@bandit:​~$
 +
 +
 +x2gLTTjFwMOhQ8oWNbMN362QKxfRqGlO
 +
 +Level 19
 +
 +arron@arron-laptop:​~/​Documents/​overTheWire/​Bandit$ ssh bandit.labs.overthewire.org -p 2220 -l bandit18 cat readme
 +                         ​_ ​                    _ _ _
 +                        | |__   __ _ _ __   __| (_) |_
 +                        | '_ \ / _` | '_ \ / _` | | __|
 +                        | |_) | (_| | | | | (_| | | |_
 +                        |_.__/ \__,_|_| |_|\__,​_|_|\__|
 +
 +
 +                      This is an OverTheWire game server.
 +            More information on http://​www.overthewire.org/​wargames
 +
 +backend: gibson-1
 +bandit18@bandit.labs.overthewire.org'​s password:
 +cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8
 +
 +cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8
 +
 +Level 20
 +
 +bandit19@bandit:​~$ ls
 +bandit20-do
 +bandit19@bandit:​~$ ./​bandit20-do
 +Run a command as another user.
 +  Example: ./​bandit20-do id
 +bandit19@bandit:​~$ ./​bandit20-do id
 +uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11019(bandit19)
 +bandit19@bandit:​~$ ./​bandit20-do ks
 +env: ‘ks’: Permission denied
 +bandit19@bandit:​~$ ./​bandit20-do ls
 +bandit20-do
 +bandit19@bandit:​~$ ./​bandit20-do pwd
 +/​home/​bandit19
 +bandit19@bandit:​~$ ./​bandit20-do whoami
 +bandit20
 +bandit19@bandit:​~$ ./​bandit20-do ​ cat /​ect/​bandit/​bandit20
 +cat: /​ect/​bandit/​bandit20:​ No such file or directory
 +bandit19@bandit:​~$ cat /​etc/​bandit_pass/​bandit20
 +cat: /​etc/​bandit_pass/​bandit20:​ Permission denied
 +bandit19@bandit:​~$ cat /​etc/​bandit_pass/​bandit19
 +cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8
 +bandit19@bandit:​~$ ./​bandit20-do /​etc/​bandit_pass/​bandit20
 +env: ‘/​etc/​bandit_pass/​bandit20’:​ Permission denied
 +bandit19@bandit:​~$ ./​bandit20-do cat /​etc/​bandit_pass/​bandit20
 +0qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
 +
 +
 +0qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
 +
 +
 +Level 21
 +
 +bandit20@bandit:​~$ nc -l localhost 1024
 +0qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
 +EeoULMCra2q0dSkYj561DX7s1CpBuOBt
 +bandit20@bandit:​~$ ​
 +
 +bandit20@bandit:​~$ ./suconnect 1024
 +Read: 0qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
 +Password matches, sending next password
 +bandit20@bandit:​~$
 +
 +EeoULMCra2q0dSkYj561DX7s1CpBuOBt
 +
 +
 +Level 22
 +
 +#!/bin/bash
 +
 +cat /​etc/​bandit_pass/​bandit24 > /​tmp/​tmp.XVNmYMdvDE/​banpass24.txt
  
  
 +gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8
  
  
Line 71: Line 208:
  
 ===== Links ===== ===== Links =====
 +  * [[https://​missing.csail.mit.edu/​2020/​shell-tools/​|Missing Semester: Shell Tools and Scripting]]
   * [[https://​linuxcommandlibrary.com/​basic/​oneliners.html|Interesting Linux One-Liners]]   * [[https://​linuxcommandlibrary.com/​basic/​oneliners.html|Interesting Linux One-Liners]]
   * [[Bash Scripts]]   * [[Bash Scripts]]
   * https://​home.adelphi.edu/​~ni21347/​cybersecgames/​OverTheWire/​Bandit/​index.html   * https://​home.adelphi.edu/​~ni21347/​cybersecgames/​OverTheWire/​Bandit/​index.html
   * [[https://​mayadevbe.me/​posts/​overthewire/​bandit/​level12/​|Bandit Wargame Walkthroughs]]   * [[https://​mayadevbe.me/​posts/​overthewire/​bandit/​level12/​|Bandit Wargame Walkthroughs]]
command_line.1720617669.txt.gz · Last modified: 2024/07/10 14:21 by admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki