Saihat's Network Security Blog

Today we're doing a walkthrough of level 13 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's take a look at the level's objectives: https://overthewire.org/wargames/bandit/bandit14.html The Flag for this level is located in the /etc/bandit_pass/bandit14 file, which can only be read by user bandit14 .   Next, let's login to the game server using SSH.  Remember to use the Flag from the previous level as the SSH password. ssh bandit13@bandit.labs.ovethewire.org -p 2220 Let's take a look at what's in our home directory: pwd ls -a The sshkey.private file looks promising.  Let's check the file permissions by using ls with the -la switch. ls -la Since we are user bandit13 , and the sshkey.private file is owned by the bandit13 group, we can use this file to SSH into the localhost (the Bandit game server) as the bandit14 user by using SSH with the -i switch. ssh -i sshkey.private bandit14@localhost yes Now let's check what user we're...

Today we're doing a walkthrough of level 12 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's look at the level's objectives: https://overthewire.org/wargames/bandit/bandit13.html The Flag for this level is located in the data.txt which is a hexdump and has also been repeatedly compressed. Now let's login to the game server using SSH.  Remember to use the Flag from the previous level as the SSH password. ssh bandit12@bandit.labs.overthewire.org -p 2220 Now let's locate the data.txt file. pwd ls -a In this level, we will be manipulating the data.txt  file a lot.  In order to create new files, copy files and rename files, we will have to work inside a directory where we have write privileges.  First, we'll use the mkdir command to create a temporary directory to work in, then we'll navigate to that directory, and finally we'll copy the data.txt file to that directory. mkdir /tmp/tmp12 cd /tmp/tmp12 cp /home/bandit12/data.txt /tmp/tmp12/...

Today we're doing a walkthrough of level 11 of the Bandit CTF wargame, hosted at OverTheWire.org.  First, let's take a look at the level's objectives: https://overthewire.org/wargames/bandit/bandit12.html The Flag is located in the data.txt file where all the lowercase and uppercase letters have been rotated 13 positions. Next, let's login to the game server using SSH.  Remember to use the Flag from the previous level as the SSH password. ssh bandit11@bandit.labs.overthewire.org -p 2220 Now let's locate the data.txt file. pwd ls -a Now to properly access the Flag string we will cat out the data.txt file and pipe out the output to the tr command, which translates character output.  In this case, we're dealing with ROT13 cipher, which means we will have to use the following string to translate the characters from A-Z and a-z to N-Z, wrapping around to A-M, and n-z, wrapping around to a-m. cat data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' Summary Ban...

Today we're doing a walkthrough for level 10 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's take a look at the level's objectives: https://overthewire.org/wargames/bandit/bandit11.html The Flag is located in the data.txt file and is base64 encoded. Next, let's login to the game server with SSH.  Remember to use the Flag from the previous level as the SSH password. ssh bandit10@bandit.labs.overthewire.org -p 2220 Now to locate the data.txt file. pwd ls -a In order to access the Flag string in the data.txt file, we'll need to decode it from base64 using the base64 command with the -d switch. base64 -d data.txt Summary Bandit10 requires us to decode a string from base64 in a file to access the Flag. Finish

Today we're going to do a walkthrough of level 9 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's take a look at the level's objectives: https://overthewire.org/wargames/bandit/bandit10.html  The Flag for this level is located in the data.txt file in a human-readable string preceded by several = characters. Next, let's login to the game server with SSH.  Remember to use the Flag of the previous level as the SSH password. ssh bandit9@bandit.labs.overthewire.org -p 2220 Now to locate the data.txt file: pwd ls -a Because the level objective indicates that there are only a few human readable strings in the data.txt file, we'll use the strings command to extract human-readable strings (ASCII) from the file, and the grep command to output only stings that are preceded by several = characters.  We wrap the = characters in quotes because they're special characters. strings data.txt | grep "====" Summary Bandit9 requires us to sort through ...

Today we're doing a walkthrough of level 8 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's take a look at the level's objectives: https://overthewire.org/wargames/bandit/bandit9.html The Flag for the level is located in the data.txt file as the only string that occurs exactly once in the file. Next, let's SSH in the game server to start the level.  Remember to use the Flag from the previous level as the SSH password. ssh bandit8@bandit.labs.overthewire.org -p 2220 And now to locate the data.txt file. pwd ls -a To find the Flag string, we'll use the sort and uniq commands with a pipe | to extract the string we want.  The sort command will put all the identical strings in the file together, then the uniq command with the -u switch will output only strings that occur exactly once in the file.  The reason we use the sort command before the uniq command is that the uniq command will not work properly unless the duplicate strings in the file ...

Today we're doing a walkthrough of level 7 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's take a look at the level's objectives: https://overthewire.org/wargames/bandit/bandit8.html This level is asking us to look for the Flag in the data.txt file, next to the word millionth. Let's SSH into the game server to start the level.  Remember to use the Flag from the previous level as the SSH password. ssh bandit7@bandit.labs.overthewire.org -p 2220 First, let's get our bearings and look for the data.txt file. pwd ls -a The data.txt file is likely to be full of info, but we can combine two commands, the cat and grep commands, by using a pipe | .  First, the cat command will output the contents of the data.txt file, but the output will be modified by the grep command, which only outputs strings in the data.txt file which match the string we specify (which is millionth ).  Since the Flag is located beside the word millionth, we should also recei...

Today we're doing a walkthrough of level 6 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's take a look at the objectives for the level: https://overthewire.org/wargames/bandit/bandit7.html The level is asking us to locate a file somewhere on the server and has the following properties: owned by the user bandit7 owned by the group bandit6 33 bytes in size With that in mind, let's use SSH to login to the game server.  Don't forget to use the Flag from the previous level as the SSH password. ssh bandit6@bandit.labs.overthewire.org -p 2220 Now let's check what directory we start out in: pwd The basic concept of this level is similar to the previous one, but at a larger scale.  We can use the find command to locate the file we're looking for.  We can use the / option to search the entire server, the  -size switch to look for a file that is 33 bytes large, the -user switch to look for a file that is owned by bandit7 , and the -group switch to f...

Today we're doing a walkthrough for level 5 of the Bandit CTF wargame hosted on OverTheWire.org.  First, let's take a look at the objectives for the level: https://overthewire.org/wargames/bandit/bandit6.html So the Flag will be located in a file within the inhere directory and has the following qualities: human readable 1033 bytes in size not executable Let's SSH into the server to start the level: ssh bandit5@bandit.labs.overthewire.org -p 2220 Now let's look for the inhere directory.  In the previous level, it was a hidden directory, so we'll use ls -a to locate it. pwd ls -a Now we take a look in the inhere directory: cd inhere ls -a Quite a few files.  let's use the find command to locate the file we're looking for.  We'll use the -size switch to locate files that fit the size requirement of 1033 bytes.  When using the -size switch, bytes are indicated by the c suffix. find ./ -size 1033c Only one file matches our size criteria, so we'll cat...

Today we're doing a walkthrough of level 4 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's take a look at the level's objectives: https://overthewire.org/wargames/bandit/bandit5.html Looks like the Flag for the level is located in a "human readable" file located in the inhere directory.  Let's login to the game server using SSH: ssh bandit4@bandit.labs.overthewire.org -p 2220 We use the Flag from the last level as the SSH password for this level.  After we're logged in, we look for the inhere directory, change directories and cat out the inhere directory's contents: pwd ls -a cd inhere ls -a Looks like there are ten files here.  To find out whether a file is "human readable" or not, we can use the file command on each one.  The file command tells use what type of file the specified file is.  We also prepend the filepath with ./ because the filenames begin with a special character: file ./-file09 file ./-file08 file ./-...