Skip to main content

Bandit 12 Over The Wire

Lessons Learned

extracting and decompressing files using the following tools: file, xxd -r, gunzip, bunsip2, and tar -xf

Logging in

On a kali vm/ linux machine
Type:

ssh bandit12@bandit.labs.overthewire.org -p 2220 
5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Completing The Challenge

The Goal:

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

The Solution:

    Revamped:

        I decided to write a bash file that solves the problem.
                mkdir /tmp/a_name/
                mv data.txt /tmp/a_name
                touch solver.sh
                chmod +x solver.sh
                add the following into solver.sh, can be done with nano and copy paste or you can type it out.

file="$1"
name=name
while ! grep -i "password" $file; do
    case $(file --mime-type -b "$file") in
        text/plain) name=name; xxd -r $file > $name; file=$name;;
        application/gzip) name='name.gz';  mv $file $name; gunzip $name; file=name;;
        application/x-bzip2) name='name.bz2'; mv $file $name; bunzip2 $name; file=name;;
        application/x-tar) name='name.tar'; mv $file $name; tar -xf $name -C tarfile; mv ./tarfile/data* name;file=name;;
        *) echo 'IDK'; break ;;
    esac
done         

kali@kali:~/Documents/bandit12$ ./solver.sh data.txt
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

    Old:

bandit12@bandit:~$ mkdir /tmp/fantms123
bandit12@bandit:~$ cp data.txt /tmp/fantms123
bandit12@bandit:~$ mv /tmp/fantms123/data.txt
bandit12@bandit:~$ xxd -r /tmp/fantms123/data.txt
 P�^data2.bin=��BZh91AY&SY�O����ڞOv���}?��}��^����������ߣ��;����▒4��▒h�F�F��4▒LM...
bandit12@bandit:~$  xxd -r /tmp/fantms123/data > /tmp/fantms123/data.bin
bandit12@bandit:~$ file /tmp/fantms123/data.bin
/tmp/fantms123/data.bin: gzip compressed data, was "data2.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix
bandit12@bandit:~$ man gzip
bandit12@bandit:~$ gunzip /tmp/fantms123/data.bin
gzip: /tmp/fantms123/data.bin: unknown suffix -- ignored
bandit12@bandit:~$ mv /tmp/fantms123/data.bin /tmp/fantms123/data.zip
bandit12@bandit:~$ man gunzip
bandit12@bandit:~$ mv /tmp/fantms123/data.zip /tmp/fantms123/data.gz
bandit12@bandit:~$ mv /tmp/fantms123/data.gz /tmp/fantms123/data.bin.gz
bandit12@bandit:~$ gunzip /tmp/fantms123/data.bin.gz
bandit12@bandit:~$ cat /tmp/fantms123/data
data      data.bin  data.tar  data.txt  
bandit12@bandit:~$ cat /tmp/fantms123/data.bin
BZh91AY&SY�O...
bandit12@bandit:~$ file /tmp/fantms123/data.bin
/tmp/fantms123/data.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:~$ man bzip2
bandit12@bandit:~$ mv /tmp/fantms123/data.bin /tmp/fantms123/data2.bin.bz2
bandit12@bandit:~$ bunzip2 /tmp/fantms123/data2.bin.bz2
bandit12@bandit:~$ file /tmp/fantms123/data2.bin
/tmp/fantms123/data2.bin: gzip compressed data, was "data4.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix
bandit12@bandit:~$ mv /tmp/fantms123/data2.bin /tmp/fantms123/data4.bin.gzbandit12@bandit:~$ gunzip /tmp/fantms123/data4.bin.gz
bandit12@bandit:~$ file /tmp/fantms123/data4.bin
/tmp/fantms123/data4.bin: POSIX tar archive (GNU)
bandit12@bandit:~$ man tar
bandit12@bandit:~$ cp /tmp/fantms123/data4.bin /tmp/fantms123/data4.bin.tar
bandit12@bandit:~$ tar -xf /tmp/fantms123/data4.bin.tar -C /tmp/fantms123/test/
bandit12@bandit:~$ ls /tmp/fantms123/test/
data5.bin
bandit12@bandit:~$ cat /tmp/fantms123/test/data5.bin
data6.bin0000644000000000000000000000033613655050006011247 0ustar  rootrootBZh91AY&SY
bandit12@bandit:~$ file /tmp/fantms123/test/data5.bin
/tmp/fantms123/test/data5.bin: POSIX tar archive (GNU)
bandit12@bandit:~$ cp /tmp/fantms123/test/data5.bin /tmp/fantms123/test/data5.bin.tar
bandit12@bandit:~$ tar -xf /tmp/fantms123/test/data5.bin.tar -C /tmp/fantms123/test/
bandit12@bandit:~$ ls /tmp/fantms123/test/
data5.bin  data5.bin.tar  data6.bin
bandit12@bandit:~$ file /tmp/fantms123/test/data6.bin
/tmp/fantms123/test/data6.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:~$ file /tmp/fantms123/test/data6.bin
/tmp/fantms123/test/data6.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:~$ mv /tmp/fantms123/test/data6.bin /tmp/fantms123/test/data6.bin.bz2
bandit12@bandit:~$ bunzip2 /tmp/fantms123/test/data6.bin.bz2
bandit12@bandit:~$ file /tmp/fantms123/test/data6.bin
/tmp/fantms123/test/data6.bin: POSIX tar archive (GNU)
bandit12@bandit:~$ cp /tmp/fantms123/test/data6.bin /tmp/fantms123/test/data6.bin.tar
bandit12@bandit:~$ cat /tmp/fantms123/test/data6.bin.tar
data8.bin0000644000000000000000000000011713655050006011246...
bandit12@bandit:~$ tar -xf /tmp/fantms123/test/data6.bin.tar -C /tmp/fantms123/test/
bandit12@bandit:~$ ls /tmp/fantms123/test/
data5.bin  data5.bin.tar  data6.bin  data6.bin.tar  data8.bin
bandit12@bandit:~$ file /tmp/fantms123/test/data8.bin
/tmp/fantms123/test/data8.bin: gzip compressed data, was "data9.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix
bandit12@bandit:~$ cp /tmp/fantms123/test/data8.bin /tmp/fantms123/test/data8.bin.gz
bandit12@bandit:~$ gunzip /tmp/fantms123/test/data8.bin.gz
gzip: /tmp/fantms123/test/data8.bin already exists; do you wish to overwrite (y or n)? y
bandit12@bandit:~$ cat /tmp/fantms123/test/data8.bin
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
 
Compressing tools need correct file extension in order to work
gunzip: .gz
bunzip: .bz2
tar: .tar
Labels:

Comments

Post a Comment

Popular posts from this blog

Snort Challenge - The Basics

Rules Ive Used # This file intentionally does not come with signatures.  Put your local # additions here. # alert icmp any any <> any any (msg: "IP ID 35369 Found"; id:35369; sid: 1000001; rev:1) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:S;  sid: 1000001; rev:1;) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:P,A;  sid: 1000001; rev:1;) # log ip any any <> any any (msg: "SAME-IP IN IP"; sameip; sid:1000001; rev:1;)#This was not used in the first snort, they only wanted the next 2 rules, which showed less dups log udp any any <> any any (msg: "SAME-IP IN TCP"; sameip; sid:1000001; rev:1;) log tcp any any <> any any (msg: "SAME-IP IN UDP"; sameip; sid:1000002; rev:1;)  Snort Params: Some Sniffer mode parameters are explained in the table below; Parameter Description -v Verbose. Display the TCP/IP output in the console. -d Display the packet data (payload). -e Display...
Post a Comment
Read more

Network Services

Network Services https://tryhackme.com/room/networkservices 3. Enumerating SMB Conduct an nmap scan of your choosing, How many ports are open? running nmap 10.10.197.190 results in PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 02:21:CD:94:98:F5 (Unknown) Show/Hide What ports is SMB running on? 139/445 Show/Hide this is the known default values for SMB Let's get started with Enum4Linux, conduct a full basic enumeration. For starters, what is the workgroup name? WORKGROUP Show/Hide looking at the rest of the info from enum4linux -a 10.10.197.190 ill summarize here ========================== | Target Information | ========================== Target ........... 10.10.197.190 RID Range ........ 500-550,1000-1050 Username ......... '' Password ......... '' Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none =================================================...
Post a Comment
Read more

Bandit 11 Over The Wire

 Lessons Learned using cyberchef for things like rot13 Logging in On a kali vm/ linux machine Type: ssh bandit11@bandit.labs.overthewire.org -p 2220  IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR Completing The Challenge The Goal: The password for the next level is stored in the file data.txt , where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions The Solution: bandit11@bandit:~$ cat data.txt Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh   The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu This is known as rot13 and many free websites exist to solve this issue. CyberChef is a very good site/tool for this and can be downloaded
Post a Comment
Read more