Fantm-Attempts

Lessons Learned writing bash scripts that can brute force pins Logging in On a kali vm/ linux machine Type: ssh bandit24@bandit.labs.overthewire.org -p 2220 UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ Completing The Challenge The Goal: A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing. The Solution: create a file in the /tmp folder, fill in the folder with the following: for ((i=1000; i < 10000; i++)); do         echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i" done | nc localhost 30002 In this code i looked up for loops, but i ended up looking up what to do to get a for loop on netcat, someone gave an answer with no context on Stack Overflow and it was the first result. a much better link is http://www.softpanorama.org/Scripting/Shellorama/Control_structures/pipes_i

Lessons Learned understanding more complicated bash scripts and writing bash scripts to take advantage of automated processes Logging in On a kali vm/ linux machine Type: ssh bandit23@bandit.labs.overthewire.org -p 2220 jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n  Completing The Challenge The Goal: A program is running automatically at regular intervals from cron , the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. The Solution: bandit23@bandit:~$ cat /etc/cron.d/cronjob_bandit24 @reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null * * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null bandit23@bandit:~$ cat /usr/bin/cronjob_bandit24.sh #!/bin/bash myname=$(whoami) cd /var/spool/$myname echo "Executing and deleting all scripts in /var/spool/$myname:" for i in * .*; do     if [ "$i" != "." -a "$i" != ".." ];     then         echo "Handling $i"        

Lessons Learned understanding more complicated bash scripts Logging in On a kali vm/ linux machine Type: ssh bandit22@bandit.labs.overthewire.org -p 2220 Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI Completing The Challenge The Goal: A program is running automatically at regular intervals from cron , the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. The Solution: bandit22@bandit:~$ ls /etc/cron cron.d/       cron.hourly/  crontab        cron.daily/   cron.monthly/ cron.weekly/   bandit22@bandit:~$ ls /etc/cron cron.d/       cron.hourly/  crontab        cron.daily/   cron.monthly/ cron.weekly/   bandit22@bandit:~$ ls /etc/cron.d/ cronjob_bandit15_root  cronjob_bandit22  cronjob_bandit24 cronjob_bandit17_root  cronjob_bandit23  cronjob_bandit25_root bandit22@bandit:~$ cat /etc/cron.d/cronjob_bandit23 @reboot bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null * * * * * bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null ba

Lessons Learned reading other peoples bash scripts Logging in On a kali vm/ linux machine Type: ssh bandit21@bandit.labs.overthewire.org -p 2220 gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr Completing The Challenge The Goal: A program is running automatically at regular intervals from cron , the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. The Solution: bandit21@bandit:~$ ls /etc/cron.d/ cronjob_bandit15_root  cronjob_bandit17_root  cronjob_bandit22  cronjob_bandit23  cronjob_bandit24  cronjob_bandit25_root bandit21@bandit:~$ cat /etc/cron.d/cronjob_bandit22 @reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null * * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null bandit21@bandit:~$ cat /usr/bin/cronjob_bandit22.sh #!/bin/bash chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv bandit21@bandit:~$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv Yk