OverTheWire Bandit Level 12 Walkthrough

Today we're doing a walkthrough of level 12 of the Bandit CTF wargame hosted at OverTheWire.org.  First, let's look at the level's objectives:

https://overthewire.org/wargames/bandit/bandit13.html


The Flag for this level is located in the data.txt which is a hexdump and has also been repeatedly compressed.

Now let's login to the game server using SSH.  Remember to use the Flag from the previous level as the SSH password.

ssh bandit12@bandit.labs.overthewire.org -p 2220


Now let's locate the data.txt file.

pwd
ls -a


In this level, we will be manipulating the data.txt file a lot.  In order to create new files, copy files and rename files, we will have to work inside a directory where we have write privileges.  First, we'll use the mkdir command to create a temporary directory to work in, then we'll navigate to that directory, and finally we'll copy the data.txt file to that directory.

mkdir /tmp/tmp12
cd /tmp/tmp12
cp /home/bandit12/data.txt /tmp/tmp12/data.txt


Next, we'll cat out the data.txt file to see if we can get any clues.

cat data.txt


The data.txt file was previously named data2.bin, so let's rename it back to that.  Then we'll use the xxd command to revert the file back to its previous state, then use the file command to see what kind of compression we're dealing with.

mv data.txt data2.bin
xxd -r data2.bin data2.bin
file data2.bin


The following commands will be a cycle of decompressing the file over and over again until the ASCII version of the file is revealed.

mv data2.bin data2.gz
gzip -d data2.gz
mv data2 data2.bz2
dzip2 -d data.bz2
mv data2 data.gz
gzip -d data.gz
mv data data.tar
tar -xvf data.tar
mv data5.bin data5.tar
tar -xvf data5.tar


mv data6.bin data6.gz
bzip2 -d data6.bz2
mv data6 data6.tar
tar -xvf data6.tar
mv data8.bin data8.gz
gzip -d data8.gz
file data8


The final step is to cat out the data8 file to receive the Flag.

cat data8


Summary

Bandit12 requires us to revert a hashdumped file, then go through a series of decompression cycles in order to access a ASCII file and receive the level's Flag.

Finish







Comments

Post a Comment

Popular posts from this blog

TryHackMe - Windows PrivEsc - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Windows PrivEsc room hosted at https://tryhackme.com/room/w indows10privesc . For this walkthrough, we'll be using two virtual machines (VMs), a Kali Linux VM as our attacking machine, and the deployed Windows 10 client as the the victim machine. Task 1 - Deploy the Vulnerable Windows VM Press the green button here: The Windows machine should come online after a minute or two. The IP address of the machine can be found here: Of course, the actual IP address will probably be a different one from the one in the screenshot.  For the examples, however, we will use the IP address of 10.10.227.113 RDP should be available on port 3389 (it may take a few minutes for the service to start). You can login to the "user" account using the password "password321": xfreerdp /u:user /p:password321 /cert:ignore /v:10.10.227.113 Questions: Deploy the Windows VM and login using the "user" ...
Read more

TryHackMe - Reversing Elf - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Reversing ELF room hosted at https://tryhackme.com/room/ reverselfiles . For this walkthrough, we'll be using one virtual machine (VMs), a Kali Linux VM as our attacking machine. Task 1 - Crackme1 Questions What is the flag? Download the Task 1 Task File Copy it to your working directory Give the file executable permissions Run the file chmod +x crackme1 ./crackme1 Task 2 - Crackme2 Questions What is the super secret password ? Give the file executable permissions Run Ltrace on the file with a test string chmod +x crackme2 ltrace ./crackme2 test ./crackme2 passwordFoundInPreviousStep Task 3 - Crackme3 Questions What is the flag? Give the file executable permissions Run strings on the file Echo the base64 string you found, pipe it into Base64 decode chmod +x crackme3 strings crackme3 echo “ base64stringFoundInPreviousStep ” | base64 -d Task 4 - Crackme4 Questions What is the password ? Give the file execu...
Read more

TryHackMe - XSS - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the XSS room hosted at https://tryhackme.com/room/ xss . For this walkthrough, we'll be using two virtual machines (VMs), the TryHackMe AttackBox VM as our attacking machine, and the deployed XSS vulnerable web client as the the victim machine. Task 1 - Introduction Questions: Read the introduction. No answer needed Task 2 - Deploy your XSS Playground Questions Deploy the machine and navigate to http://<ip> No answer needed Task 3 - Stored XSS Questions The machine you deployed earlier will guide you though exploiting some cool vulnerabilities, stored XSS has to offer. There are hints for answering these questions on the machine. No answer needed Add a comment and see if you can insert some of your own HTML. Doing so will reveal the answer to this question. Register for the web-app with the following parameters Username: test Password: test Click the Register button  Click the “hamburger menu” button Click the ...
Read more