diff --git a/wargames/bandit/notes.md b/wargames/bandit/notes.md new file mode 100644 index 0000000..aa284b2 --- /dev/null +++ b/wargames/bandit/notes.md @@ -0,0 +1,64 @@ +# Notes + +## Rules + * USERNAMES are somegame0, somegame1, ... + * Most LEVELS are stored in /somegame/. + * PASSWORDS for each level are stored in /etc/somegame_pass/. + +It is advised to create a + working directory with a hard-to-guess name in /tmp/. You can use the + command "mktemp -d" in order to generate a random and hard to guess + directory in /tmp/. Read-access to both /tmp/ and /proc/ is disabled + so that users can not snoop on eachother. + +## /tmp folder +/tmp/lolipopzalondo + +## Passwd +bandit0 = bandit0 +bandit1 = boJ9jbbUNNfktd78OOpsqOltutMc3MY1 +bandit2 = CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 + +bandit3 = UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK +bandit4 = pIwrPrtPN36QITSp3EQaw936yaFoFgAB +bandit5 = koReBOKuIDDepwhWk7jZC0RTdopnAYKh +bandit6 = DXjZPULLxYr17uwoI01bNLQbtFemEgo7 +bandit7 = HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs +bandit8 = cvX2JJa4CFALtqS87jk27qwqGhBM9plV +bandit9 = UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR +bandit10 = truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk +bandit11 = IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR +bandit12 = 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu +bandit13 = 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL +bandit14 = 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e +bandit15 = BfMYroe26WYalil77FoDi9qh59eK5xNr +bandit16 = cluFn7wTiGryunymYOu4RcffSxQluehd +bandit17 = kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd +bandit18 = IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x +bandit19 = IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x +bandit20 = GbKksEFF4yrVs6il55v6gwY5aVje5f0j +bandit21 = +## CMD +5. find . -size 1033c +7. find / -size 33c -type f -group bandit6 -user bandit7 +8. cat data.txt | sort | uniq -u +9. at data.txt | strings | grep ==== +10. base64 -d data.txt +11. alias rot13="tr 'A-Za-z' 'N-ZA-Mn-za-m'" && cat data.txt | rot13 + +12. xxd -r data.txt reverse.tgz + file reverse + mv reverse reverse.gzip + gzip -d reverse.gz + tar -xvf data6.tar + file data8.bin + mv data8.bin data8.gz + gzip -d data8.gz +14. echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000 +15. openssl s_client -crlf -connect localhost:30001 +18. ssh bandit18@bandit.labs.overthewire.org -p 2220 cat readme +19. ./bandit20-do cat /etc/bandit_pass/bandit20 + +## Questions +- tr function +- nc diff --git a/wargames/bandit/ssh_key b/wargames/bandit/ssh_key new file mode 100644 index 0000000..d6c53ba --- /dev/null +++ b/wargames/bandit/ssh_key @@ -0,0 +1,28 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxkkOE83W2cOT7IWhFc9aPaaQmQDdgzuXCv+ppZHa++buSkN+ +gg0tcr7Fw8NLGa5+Uzec2rEg0WmeevB13AIoYp0MZyETq46t+jk9puNwZwIt9XgB +ZufGtZEwWbFWw/vVLNwOXBe4UWStGRWzgPpEeSv5Tb1VjLZIBdGphTIK22Amz6Zb +ThMsiMnyJafEwJ/T8PQO3myS91vUHEuoOMAzoUID4kN0MEZ3+XahyK0HJVq68KsV +ObefXG1vvA3GAJ29kxJaqvRfgYnqZryWN7w3CHjNU4c/2Jkp+n8L0SnxaNA+WYA7 +jiPyTF0is8uzMlYQ4l1Lzh/8/MpvhCQF8r22dwIDAQABAoIBAQC6dWBjhyEOzjeA +J3j/RWmap9M5zfJ/wb2bfidNpwbB8rsJ4sZIDZQ7XuIh4LfygoAQSS+bBw3RXvzE +pvJt3SmU8hIDuLsCjL1VnBY5pY7Bju8g8aR/3FyjyNAqx/TLfzlLYfOu7i9Jet67 +xAh0tONG/u8FB5I3LAI2Vp6OviwvdWeC4nOxCthldpuPKNLA8rmMMVRTKQ+7T2VS +nXmwYckKUcUgzoVSpiNZaS0zUDypdpy2+tRH3MQa5kqN1YKjvF8RC47woOYCktsD +o3FFpGNFec9Taa3Msy+DfQQhHKZFKIL3bJDONtmrVvtYK40/yeU4aZ/HA2DQzwhe +ol1AfiEhAoGBAOnVjosBkm7sblK+n4IEwPxs8sOmhPnTDUy5WGrpSCrXOmsVIBUf +laL3ZGLx3xCIwtCnEucB9DvN2HZkupc/h6hTKUYLqXuyLD8njTrbRhLgbC9QrKrS +M1F2fSTxVqPtZDlDMwjNR04xHA/fKh8bXXyTMqOHNJTHHNhbh3McdURjAoGBANkU +1hqfnw7+aXncJ9bjysr1ZWbqOE5Nd8AFgfwaKuGTTVX2NsUQnCMWdOp+wFak40JH +PKWkJNdBG+ex0H9JNQsTK3X5PBMAS8AfX0GrKeuwKWA6erytVTqjOfLYcdp5+z9s +8DtVCxDuVsM+i4X8UqIGOlvGbtKEVokHPFXP1q/dAoGAcHg5YX7WEehCgCYTzpO+ +xysX8ScM2qS6xuZ3MqUWAxUWkh7NGZvhe0sGy9iOdANzwKw7mUUFViaCMR/t54W1 +GC83sOs3D7n5Mj8x3NdO8xFit7dT9a245TvaoYQ7KgmqpSg/ScKCw4c3eiLava+J +3btnJeSIU+8ZXq9XjPRpKwUCgYA7z6LiOQKxNeXH3qHXcnHok855maUj5fJNpPbY +iDkyZ8ySF8GlcFsky8Yw6fWCqfG3zDrohJ5l9JmEsBh7SadkwsZhvecQcS9t4vby +9/8X4jS0P8ibfcKS4nBP+dT81kkkg5Z5MohXBORA7VWx+ACohcDEkprsQ+w32xeD +qT1EvQKBgQDKm8ws2ByvSUVs9GjTilCajFqLJ0eVYzRPaY6f++Gv/UVfAPV4c+S0 +kAWpXbv5tbkkzbS0eaLPTKgLzavXtQoTtKwrjpolHKIHUz6Wu+n4abfAIRFubOdN +/+aLoRQ0yBDRbdXMsZN/jvY44eM+xRLdRVyMmdPtP8belRi2E2aEzA== +-----END RSA PRIVATE KEY----- + diff --git a/wargames/bandit/ssh_key_17 b/wargames/bandit/ssh_key_17 new file mode 100644 index 0000000..3016f82 --- /dev/null +++ b/wargames/bandit/ssh_key_17 @@ -0,0 +1,28 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ +imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ +Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu +DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW +JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX +x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD +KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl +J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd +d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC +YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A +vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama ++TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT +8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx +SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd +HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt +SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A +R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi +Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg +R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu +L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni +blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU +YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM +77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b +dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3 +vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY= +-----END RSA PRIVATE KEY----- +