Skip to main content

Bandit 5 Over The Wire

Lessons learned

Find has a size modifier

Logging into Bandit 5

On a kali vm/ linux machine
Type:

ssh bandit5@bandit.labs.overthewire.org -p 2220 
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Completing The Challenge

The Goal:

password for next level located in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

The Solution:

My Solution:

bandit5@bandit:~$ ls inhere 
bandit5@bandit:~$ cd inhere/ 
bandit5@bandit:~/inhere$ find -size 1033c 
./maybehere07/.file2 
bandit5@bandit:~/inhere$ file maybehere07/.file2 
maybehere07/.file2: ASCII text, with very long lines 
bandit5@bandit:~/inhere$ cat maybehere07/.file2 
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

use find -size 1033c t find all files of size 1033 bytes
since there is only one, check that it is human readable and read it

A much better Solution:

find . -type f -size 1033c ! -executable -exec file {} + | grep ASCII

picked from terdon on stackoverflow in the https://unix.stackexchange.com/questions/313442/find-human-readable-files

i added this so that i could find it more easily but also so i could explain it and how it works and also modify it to make things easier. I hope

the . tells find to start in the current directory. not necessarily needed

-type f means regular file, opposed to directories or pipes. not necessarily needed

-size tells find what size to look for, but the c in 1033c is what tells it to actually check the size and not round up

! means negate, so since we have a -executable modifier which is capable of finding executable files, this will remove those instead

-exec file {} + is the part that makes me happiest

the file here is the same file command we have previously used to check file information, in this scenario the find command has the capability of running any command on the results of a find query if you add -exec CMD {} + to the find cmd.

therefore for most things this command could be written as 

find -size 1033c ! -executable -exec file {} + | grep ASCII

but the terdon's is safer and depending on the situation could be faster

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Snort Challenge - The Basics

Rules Ive Used # This file intentionally does not come with signatures.  Put your local # additions here. # alert icmp any any <> any any (msg: "IP ID 35369 Found"; id:35369; sid: 1000001; rev:1) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:S;  sid: 1000001; rev:1;) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:P,A;  sid: 1000001; rev:1;) # log ip any any <> any any (msg: "SAME-IP IN IP"; sameip; sid:1000001; rev:1;)#This was not used in the first snort, they only wanted the next 2 rules, which showed less dups log udp any any <> any any (msg: "SAME-IP IN TCP"; sameip; sid:1000001; rev:1;) log tcp any any <> any any (msg: "SAME-IP IN UDP"; sameip; sid:1000002; rev:1;)  Snort Params: Some Sniffer mode parameters are explained in the table below; Parameter Description -v Verbose. Display the TCP/IP output in the console. -d Display the packet data (payload). -e Display...
Post a Comment
Read more

Network Services

Network Services https://tryhackme.com/room/networkservices 3. Enumerating SMB Conduct an nmap scan of your choosing, How many ports are open? running nmap 10.10.197.190 results in PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 02:21:CD:94:98:F5 (Unknown) Show/Hide What ports is SMB running on? 139/445 Show/Hide this is the known default values for SMB Let's get started with Enum4Linux, conduct a full basic enumeration. For starters, what is the workgroup name? WORKGROUP Show/Hide looking at the rest of the info from enum4linux -a 10.10.197.190 ill summarize here ========================== | Target Information | ========================== Target ........... 10.10.197.190 RID Range ........ 500-550,1000-1050 Username ......... '' Password ......... '' Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none =================================================...
Post a Comment
Read more

Bandit 24 Over The Wire

Lessons Learned writing bash scripts that can brute force pins Logging in On a kali vm/ linux machine Type: ssh bandit24@bandit.labs.overthewire.org -p 2220 UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ Completing The Challenge The Goal: A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing. The Solution: create a file in the /tmp folder, fill in the folder with the following: for ((i=1000; i < 10000; i++)); do         echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i" done | nc localhost 30002 In this code i looked up for loops, but i ended up looking up what to do to get a for loop on netcat, someone gave an answer with no context on Stack Overflow and it was the first result. a much better link is http://www.softpanorama.org/Scripting/Shellorama/Co...
Post a Comment
Read more