Fantm-Attempts

Lessons Learned using nmap to scan for available ports and services, then using openssl s_client to connect and give info to the port that can listen openssl, this is a method to look for open ports using certain technology that could be vulnerable. Logging in On a kali vm/ linux machine Type: ssh bandit16@bandit.labs.overthewire.org -p 2220 cluFn7wTiGryunymYOu4RcffSxQluehd Completing The Challenge The Goal: The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000 . First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it. The Solution: bandit16@bandit:~$ nmap -p31000-32000 localhost Not shown: 996 closed ports PORT      STATE SERVICE 31046/tcp open  unknown 31518/tcp open...

Lessons learned using openssl for encrypted connections Logging in On a kali vm/ linux machine Type: ssh bandit15@bandit.labs.overthewire.org -p 2220 BfMYroe26WYalil77FoDi9qh59eK5xNr Completing The Challenge The Goal: The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption. Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command… The Solution: bandit15@bandit:~$ openssl s_client -crlf -connect localhost:30001 -servername localhost ... BfMYroe26WYalil77FoDi9qh59eK5xNr Correct! cluFn7wTiGryunymYOu4RcffSxQluehd Thoughts following the recommendation on the page lead me to feistyduck openssl-cookbook ch-testing-with-openssl, which is a webpage etc. there it showed me how to connect to a server. at that point i wanted to make it more complicated by fig...

Lessons Learned: Using nc to set up port connections Logging in On a kali vm/ linux machine Type: ssh bandit14@bandit.labs.overthewire.org -p 2220 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e Completing The Challenge The Goal: The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost . The Solution: bandit14@bandit:~$ nc localhost 30000 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e Correct! BfMYroe26WYalil77FoDi9qh59eK5xNr   Hint :  Make sure you log in directly, this cant be solved through the private key login.

Lessons Learned using ssh -i filename user@localhost which is the private key ssh connection Logging in On a kali vm/ linux machine Type: ssh bandit13@bandit.labs.overthewire.org -p 2220 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL Completing The Challenge The Goal: The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14 . For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on The Solution: ssh -i sshkey.private bandit14@localhost the above command is use because we already have the private key. private keys should be used very carefully. Since we are already on the machine that hosts Bandit Over The Wire, we don't need to call the correct name, localhost will means the machine talks to itself. I don't know why, but specifying a port here caused issues. My assumption is the profiles is listeni...