Skip to main content

Bandit 6 Over The Wire

Lessons learned

Find has modifiers for user, group, size, and can execute a command on find files

Logging into Bandit 6

On a kali vm/ linux machine
Type:

ssh bandit6@bandit.labs.overthewire.org -p 2220 
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Completing The Challenge

The Goal:

password for next level located in a file somewhere in the server and has all of the following properties:

  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size

The Solution:

bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null 
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null -exec cat {} +
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

using what we learned previously we know how to get size
an easy way to look for modifiers if you already have an idea of what your looking for is to do:  

man CMD | grep MOD

this pipes/lets grep read the output of the man page and then look for certain strings
in this case i looked for group and user
2> means errors are output here instead of where they normally go such as the screen
/dev/null is a black hole as far as I'm concerned.
you could just cat the file after you found it, but isn't the -exec modifier fun. i sure think so

Labels:

Comments

Post a Comment

Popular posts from this blog

Snort Challenge - The Basics

Rules Ive Used # This file intentionally does not come with signatures.  Put your local # additions here. # alert icmp any any <> any any (msg: "IP ID 35369 Found"; id:35369; sid: 1000001; rev:1) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:S;  sid: 1000001; rev:1;) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:P,A;  sid: 1000001; rev:1;) # log ip any any <> any any (msg: "SAME-IP IN IP"; sameip; sid:1000001; rev:1;)#This was not used in the first snort, they only wanted the next 2 rules, which showed less dups log udp any any <> any any (msg: "SAME-IP IN TCP"; sameip; sid:1000001; rev:1;) log tcp any any <> any any (msg: "SAME-IP IN UDP"; sameip; sid:1000002; rev:1;)  Snort Params: Some Sniffer mode parameters are explained in the table below; Parameter Description -v Verbose. Display the TCP/IP output in the console. -d Display the packet data (payload). -e Display...
Post a Comment
Read more

Network Services

Network Services https://tryhackme.com/room/networkservices 3. Enumerating SMB Conduct an nmap scan of your choosing, How many ports are open? running nmap 10.10.197.190 results in PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 02:21:CD:94:98:F5 (Unknown) Show/Hide What ports is SMB running on? 139/445 Show/Hide this is the known default values for SMB Let's get started with Enum4Linux, conduct a full basic enumeration. For starters, what is the workgroup name? WORKGROUP Show/Hide looking at the rest of the info from enum4linux -a 10.10.197.190 ill summarize here ========================== | Target Information | ========================== Target ........... 10.10.197.190 RID Range ........ 500-550,1000-1050 Username ......... '' Password ......... '' Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none =================================================...
Post a Comment
Read more

Bandit 11 Over The Wire

 Lessons Learned using cyberchef for things like rot13 Logging in On a kali vm/ linux machine Type: ssh bandit11@bandit.labs.overthewire.org -p 2220  IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR Completing The Challenge The Goal: The password for the next level is stored in the file data.txt , where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions The Solution: bandit11@bandit:~$ cat data.txt Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh   The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu This is known as rot13 and many free websites exist to solve this issue. CyberChef is a very good site/tool for this and can be downloaded
Post a Comment
Read more