Skip to main content

Bandit 4 Over The Wire

Lessons learned

file tells you what type of data is found in the file, ./* Will act on all file in a folder

Logging into Bandit 4

On a kali vm/ linux machine
Type:

ssh bandit4@bandit.labs.overthewire.org -p 2220  
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Completing The Challenge

The Goal:

password for next level located in the only human-readable file in the inhere director
The Solution:

bandit4@bandit:~$ ls inhere 
bandit4@bandit:~$ cd inhere/ 
bandit4@bandit:~/inhere$ ls 
-file00 -file02 -file04 -file06 -file08 
-file01 -file03 -file05 -file07 -file09 
bandit4@bandit:~/inhere$ file ./* 
./-file00: data 
./-file01: data 
./-file02: data 
./-file03: data 
./-file04: data 
./-file05: data 
./-file06: data 
./-file07: ASCII text 
./-file08: data 
./-file09: data 
bandit4@bandit:~/inhere$ cat ./-file07 
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

the file command tells you what kind of file a certain file is, the * is a wildcard so by using ./(this directory) in conjunction with * the wildcard we tell the file command to check all the files in the directory and tell us what type of file they are, data means binary/gibberish that computers understand ascii is one of the formats available for text that is human readable.

Labels:

Comments

Post a Comment

Popular posts from this blog

Snort Challenge - The Basics

Rules Ive Used # This file intentionally does not come with signatures.  Put your local # additions here. # alert icmp any any <> any any (msg: "IP ID 35369 Found"; id:35369; sid: 1000001; rev:1) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:S;  sid: 1000001; rev:1;) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:P,A;  sid: 1000001; rev:1;) # log ip any any <> any any (msg: "SAME-IP IN IP"; sameip; sid:1000001; rev:1;)#This was not used in the first snort, they only wanted the next 2 rules, which showed less dups log udp any any <> any any (msg: "SAME-IP IN TCP"; sameip; sid:1000001; rev:1;) log tcp any any <> any any (msg: "SAME-IP IN UDP"; sameip; sid:1000002; rev:1;)  Snort Params: Some Sniffer mode parameters are explained in the table below; Parameter Description -v Verbose. Display the TCP/IP output in the console. -d Display the packet data (payload). -e Display...
Post a Comment
Read more

Network Services

Network Services https://tryhackme.com/room/networkservices 3. Enumerating SMB Conduct an nmap scan of your choosing, How many ports are open? running nmap 10.10.197.190 results in PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 02:21:CD:94:98:F5 (Unknown) Show/Hide What ports is SMB running on? 139/445 Show/Hide this is the known default values for SMB Let's get started with Enum4Linux, conduct a full basic enumeration. For starters, what is the workgroup name? WORKGROUP Show/Hide looking at the rest of the info from enum4linux -a 10.10.197.190 ill summarize here ========================== | Target Information | ========================== Target ........... 10.10.197.190 RID Range ........ 500-550,1000-1050 Username ......... '' Password ......... '' Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none =================================================...
Post a Comment
Read more

Bandit 13 Over The Wire

Lessons Learned using ssh -i filename user@localhost which is the private key ssh connection Logging in On a kali vm/ linux machine Type: ssh bandit13@bandit.labs.overthewire.org -p 2220 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL Completing The Challenge The Goal: The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14 . For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on The Solution: ssh -i sshkey.private bandit14@localhost the above command is use because we already have the private key. private keys should be used very carefully. Since we are already on the machine that hosts Bandit Over The Wire, we don't need to call the correct name, localhost will means the machine talks to itself. I don't know why, but specifying a port here caused issues. My assumption is the profiles is listeni...
Post a Comment
Read more