Skip to main content

Bandit 21 Over The Wire

Lessons Learned

reading other peoples bash scripts

Logging in

On a kali vm/ linux machine

Type:

ssh bandit21@bandit.labs.overthewire.org -p 2220
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

Completing The Challenge

The Goal:

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

The Solution:

bandit21@bandit:~$ ls /etc/cron.d/

cronjob_bandit15_root  cronjob_bandit17_root  cronjob_bandit22  cronjob_bandit23  cronjob_bandit24  cronjob_bandit25_root

bandit21@bandit:~$ cat /etc/cron.d/cronjob_bandit22

@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

bandit21@bandit:~$ cat /usr/bin/cronjob_bandit22.sh

#!/bin/bash

chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

bandit21@bandit:~$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

I am very happy to say this was all done on a phone. Using juicessh and the blogger app.

So, I really wanted to see a method for crontab to just tell me what was running, but i couldn't find that. I then decided to go with next best thing, which was:

We're trying to get access to bandit22 

There is a bandit22 file in cron.d 

I should follow that and see what I find.

If you cat the file that outputs to null you'll see it creates a file that everyone can read, and copies the bandit22 password to it. All that's left is to read that file. 






Labels:

Comments

Post a Comment

Popular posts from this blog

Snort Challenge - The Basics

Rules Ive Used # This file intentionally does not come with signatures.  Put your local # additions here. # alert icmp any any <> any any (msg: "IP ID 35369 Found"; id:35369; sid: 1000001; rev:1) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:S;  sid: 1000001; rev:1;) # log tcp any any <> any any (msg: "ALL SYN FLAGS"; flags:P,A;  sid: 1000001; rev:1;) # log ip any any <> any any (msg: "SAME-IP IN IP"; sameip; sid:1000001; rev:1;)#This was not used in the first snort, they only wanted the next 2 rules, which showed less dups log udp any any <> any any (msg: "SAME-IP IN TCP"; sameip; sid:1000001; rev:1;) log tcp any any <> any any (msg: "SAME-IP IN UDP"; sameip; sid:1000002; rev:1;)  Snort Params: Some Sniffer mode parameters are explained in the table below; Parameter Description -v Verbose. Display the TCP/IP output in the console. -d Display the packet data (payload). -e Display
Post a Comment
Read more

Bandit 20 Over The Wire

Lessons Learned using nc to create a steady connection, also on background and foreground processes Logging in On a kali vm/ linux machine Type: ssh bandit20@bandit.labs.overthewire.org -p 2220 GbKksEFF4yrVs6il55v6gwY5aVje5f0j Completing The Challenge The Goal: There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21). The Solution: bandit20@bandit:~$ nc -l -p 2000 ^Z [1]+  Stopped                 nc -l -p 2000 bandit20@bandit:~$ ./suconnect 2000 ^Z [2]+  Stopped                 ./suconnect 2000 bandit20@bandit:~$ fg 1 nc -l -p 2000 GbKksEFF4yrVs6il55v6gwY5aVje5f0j ^Z [1]+  Stopped                 nc -l -p 2000 bandit20@bandit:~$ fg 2 ./suconnect 2000 Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j
Post a Comment
Read more

Bandit 11 Over The Wire

 Lessons Learned using cyberchef for things like rot13 Logging in On a kali vm/ linux machine Type: ssh bandit11@bandit.labs.overthewire.org -p 2220  IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR Completing The Challenge The Goal: The password for the next level is stored in the file data.txt , where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions The Solution: bandit11@bandit:~$ cat data.txt Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh   The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu This is known as rot13 and many free websites exist to solve this issue. CyberChef is a very good site/tool for this and can be downloaded
Post a Comment
Read more