Differences

This shows you the differences between two versions of the page.

--- command_line [2024/10/05 14:05]
admin
+++ command_line [2025/08/18 20:16] (current)
admin
@@ Line 19: / Line 19: @@
 ===== Passwords =====
+QJ3TgzHDq
+NsN1HwFoyN
 These are here in case you lose your place, or want to resume from where you left off.
 <code>
@@ Line 36: / Line 39: @@
 Level 13: FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn
 Level 14:
+Level 14
+is accesed from 13
+Level 15
+xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
+Level 16
+kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
+Level 17
+bandit16@bandit:~$ nmap localhost -p 31000-32000
+Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-08-18 00:27 UTC
+Nmap scan report for localhost (127.0.0.1)
+Host is up (0.00011s latency).
+Not shown: 996 closed tcp ports (conn-refused)
+PORT      STATE SERVICE
+/tcp open  unknown
+/tcp open  unknown
+/tcp open  unknown
+/tcp open  unknown
+/tcp open  unknown
+Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
+bandit16@bandit:~$
+here is the 5 possabels I will try each
+  not it
+  keyupdate
+  not it
+  it
+  not it
+the pass to current
+bandit16@bandit:~$ cat /etc/bandit_pass/bandit16
+kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
+bandit16@bandit:~$
+after openssl s_client -connect localhost:31790 and feeding it the pass from 17 I got a ssh private key to get 18
+Level 18
+bandit17@bandit:~$ ls -a
+.  ..  .bandit16.password  .bash_logout  .bashrc  passwords.new  passwords.old  .profile  .ssh
+bandit17@bandit:~$ diff passwords.new passwords.old
+c42
+< x2gLTTjFwMOhQ8oWNbMN362QKxfRqGlO
+---
+> CgmS55GVlEKTgx8xpW8HuWnHlBKP924b
+bandit17@bandit:~$
+x2gLTTjFwMOhQ8oWNbMN362QKxfRqGlO
+Level 19
+arron@arron-laptop:~/Documents/overTheWire/Bandit$ ssh bandit.labs.overthewire.org -p 2220 -l bandit18 cat readme
+                         _                     _ _ _
+                        | |__   __ _ _ __   __| (_) |_
+                        | '_ \ / _` | '_ \ / _` | | __|
+                        | |_) | (_| | | | | (_| | | |_
+                        |_.__/ \__,_|_| |_|\__,_|_|\__|
+                      This is an OverTheWire game server.
+            More information on http://www.overthewire.org/wargames
+backend: gibson-1
+bandit18@bandit.labs.overthewire.org's password:
+cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8
+cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8
+Level 20
+bandit19@bandit:~$ ls
+bandit20-do
+bandit19@bandit:~$ ./bandit20-do
+Run a command as another user.
+  Example: ./bandit20-do id
+bandit19@bandit:~$ ./bandit20-do id
+uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11019(bandit19)
+bandit19@bandit:~$ ./bandit20-do ks
+env: ‘ks’: Permission denied
+bandit19@bandit:~$ ./bandit20-do ls
+bandit20-do
+bandit19@bandit:~$ ./bandit20-do pwd
+/home/bandit19
+bandit19@bandit:~$ ./bandit20-do whoami
+bandit20
+bandit19@bandit:~$ ./bandit20-do  cat /ect/bandit/bandit20
+cat: /ect/bandit/bandit20: No such file or directory
+bandit19@bandit:~$ cat /etc/bandit_pass/bandit20
+cat: /etc/bandit_pass/bandit20: Permission denied
+bandit19@bandit:~$ cat /etc/bandit_pass/bandit19
+cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8
+bandit19@bandit:~$ ./bandit20-do /etc/bandit_pass/bandit20
+env: ‘/etc/bandit_pass/bandit20’: Permission denied
+bandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass/bandit20
+qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
+qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
+Level 21
+bandit20@bandit:~$ nc -l localhost 1024
+qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
+EeoULMCra2q0dSkYj561DX7s1CpBuOBt
+bandit20@bandit:~$
+bandit20@bandit:~$ ./suconnect 1024
+Read: 0qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
+Password matches, sending next password
+bandit20@bandit:~$
+EeoULMCra2q0dSkYj561DX7s1CpBuOBt
+Level 22
+#!/bin/bash
+cat /etc/bandit_pass/bandit24 > /tmp/tmp.XVNmYMdvDE/banpass24.txt
+gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8

Open Source Glasgow

User Tools

Site Tools

Differences

Page Tools