Link: https://overthewire.org/wargames/bandit/
The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.
Bandit Level 5 → Level 6: find . -size 1033c
Bandit Level 6 → Level 7:find / -user bandit7 -group bandit6 -size 33c
Bandit Level 7 → Level 8: grep million data.txt
Bandit Level 8 → Level 9: cat data.txt | sort | uniq -u UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
Bandit Level 9 → Level 10:
Strings: view binary file information
strings data.txt | grep ‘=’
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
Bandit Level 10 → Level 11: Decode base64 IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
Bandit Level 11 → Level 12: Rot13 decode 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
Bandit Level 12 → Level 13: Compressed many times
Using : file filename -> know the file type
xxd -r data.out: reverse hexdump
file data.out, mv data.out data.gz
tar -xf -> extract tar
gzip -d -> extract gzip
bzips -d-> extractbzip2
8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
Bandit Level 13 → Level 14:ssh bandit14@localhost -i sshkey.private -p 22
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Bandit Level 14 → Level 15:echo ‘4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e’ | nc 127.0.0.1 30000
BfMYroe26WYalil77FoDi9qh59eK5xNr
Bandit Level 15 → Level 16:openssl s_client -connect localhost:30001 -ign_eof
cluFn7wTiGryunymYOu4RcffSxQluehd
Bandit Level 16 → Level 17:ssh -i privatekey.txt bandit17@localhost
Bandit Level 17 → Level 18:diff passwords.new passwords.old
kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
Bandit Level 18 → Level 19:
Way 1: ssh -T
Way 2:ssh cat readme
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
Bandit Level 19 → Level 20:
setuid (SET User ID upon execution), is a special type of file permission, which allows a temporary user to have permission to execute a file with the owner authority to change the behavior of the executable.
-rws — — both execute authority and SUID are set.
-r-S — — SUID is set, but execution is not.
./bandit20-do cat /etc/bandit_pass/bandit20
GbKksEFF4yrVs6il55v6gwY5aVje5f0j
Bandit Level 20 → Level 21: tmux : ctrl b %
nc -lnvp 3000
./suconnect 3000
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
Bandit Level 21 → Level 22:
- crontab -e: create or edit crontab file
- crontab -l: list file crontab
- crontab -r: delete file crontab
cat cronjob_bandit22
cat /usr/bin/cronjob_bandit22.sh
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
Bandit Level 22 → Level 23:
echo I am user bandit23 | md5sum | cut -d ‘ ‘ -f 1 : để biết $mytarget
cat /tmp/8ca319486bfbbc3663ea0fbe81326349
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
Bandit Level 23 → Level 24:
Create 1 file .sh in /var/spool/bandit24
touch /tmp/quac
#!/bin/bash
cat /etc/bandit_pass/bandit24 > /tmp/quac/ketqua
chmod 777 /tmp/quac
chmod 777 file.sh trong /etc/bandit_pass/bandit24
cat /tmp/quac
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
Bandit Level 24 → Level 25:
tao shell script:
#!/bin/sh
2 a=1
3 while [ $a -lt 10004 ]
4 do
5 echo “UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $a” >> brute_force.out
6 a=`expr $a + 1`
7 done
8 echo ‘Done’
cat brute_force.out | nc localhost 30002
uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
Bandit Level 25 → Level 26:
etc/passwd | grep bandit26 : view shell type
xem file showtext
resize screen -> v
-> :e /etc/bandit_pass/bandit26 để chỉnh sửa -> pass
5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
Bandit Level 26 → Level 27:
set shell for bandit26 :set shell=/bin/bash
->:shell
Bandit Level 26 → Level 27:
/bandit27-do cat /etc/bandit_pass/bandit27
3ba3118a22e93127a4ed485be72ef5ea
Bandit Level 27 → Level 28:
clone repo to /tmp/quac
Read file readme
0ef186ac70e04ea33b4c1853d2526fa2
Bandit Level 28 → Level 29:
-> git log -p: shows the difference in commits
bbc96594b4e001778eee9975372716b2
Bandit Level 29 → Level 30:
git branch : view current branch
git branch -r: view branch remote
git branch -a: view all branch
git checkout my-branch-name: switch local branch
git checkout — track origin/my-branch-name: switch remote branch
git merge my-branch-name:merge branch
->git branch -a
->git checkout remotes/origin/dev->git log -p
password: 5b90576bedb2cc04c86a9e924ce42faf
Bandit Level 30 → Level 31:
git tag
git show tag_name
47e603bb428404d265f59c42920d81e5
Bandit Level 31 → Level 32:
echo ‘…’ > key.txt
git add -f key.txt
git commit -m ‘add key.txt’
git push
56a9bf19c63d650ce78e6ec0354ee45e
Bandit Level 32 → Level 33:
enter a command without letters
cat /etc/bandit_pass/bandit33
c9c3199ddf4121b10cf581a98d51caee
