Skip to main content

Bandit 3 Over The Wire

Lessons learned

. Prepending a file "hides" it

Logging into Bandit 3

On a kali vm/ linux machine
Type:

ssh bandit3@bandit.labs.overthewire.org -p 2220 
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Completing The Challenge

The Goal:

password for next level located in a a hidden file in the inhere directory

The Solution:

bandit3@bandit:~$ ls 
inhere 
bandit3@bandit:~$ cd inhere/ 
bandit3@bandit:~/inhere$ ls 
bandit3@bandit:~/inhere$ ls -a 
. .. .hidden 
bandit3@bandit:~/inhere$ cat .hidden 
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Sometimes its easier to copy the terminal. But let me explain:
ls lists files in the current directory. the - is a modifier for the previous command.
ls -a displays all files including hidden.
the . is the current directory
the .. is the previous directory
and .hidden is the hidden file
file that start with a . are automagically hidden from a normal ls

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Snort Challenge - The Basics

Rules Ive Used # This file intentionally does not come with signatures.  Put your local # additions here. # alert icmp any any <> any any (msg: "IP ID 35369 Found"; id:35369; sid: 1000001; rev:1) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:S;  sid: 1000001; rev:1;) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:P,A;  sid: 1000001; rev:1;) # log ip any any <> any any (msg: "SAME-IP IN IP"; sameip; sid:1000001; rev:1;)#This was not used in the first snort, they only wanted the next 2 rules, which showed less dups log udp any any <> any any (msg: "SAME-IP IN TCP"; sameip; sid:1000001; rev:1;) log tcp any any <> any any (msg: "SAME-IP IN UDP"; sameip; sid:1000002; rev:1;)  Snort Params: Some Sniffer mode parameters are explained in the table below; Parameter Description -v Verbose. Display the TCP/IP output in the console. -d Display the packet data (payload). -e Display...
Post a Comment
Read more

Network Services

Network Services https://tryhackme.com/room/networkservices 3. Enumerating SMB Conduct an nmap scan of your choosing, How many ports are open? running nmap 10.10.197.190 results in PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 02:21:CD:94:98:F5 (Unknown) Show/Hide What ports is SMB running on? 139/445 Show/Hide this is the known default values for SMB Let's get started with Enum4Linux, conduct a full basic enumeration. For starters, what is the workgroup name? WORKGROUP Show/Hide looking at the rest of the info from enum4linux -a 10.10.197.190 ill summarize here ========================== | Target Information | ========================== Target ........... 10.10.197.190 RID Range ........ 500-550,1000-1050 Username ......... '' Password ......... '' Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none =================================================...
Post a Comment
Read more

Bandit 24 Over The Wire

Lessons Learned writing bash scripts that can brute force pins Logging in On a kali vm/ linux machine Type: ssh bandit24@bandit.labs.overthewire.org -p 2220 UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ Completing The Challenge The Goal: A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing. The Solution: create a file in the /tmp folder, fill in the folder with the following: for ((i=1000; i < 10000; i++)); do         echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i" done | nc localhost 30002 In this code i looked up for loops, but i ended up looking up what to do to get a for loop on netcat, someone gave an answer with no context on Stack Overflow and it was the first result. a much better link is http://www.softpanorama.org/Scripting/Shellorama/Co...
Post a Comment
Read more