OverTheWire Bandit - Solutions
Server Information
Host | ssh://bandit.labs.overthewire.org |
---|---|
Port | 2220 |
Level 0
(127.0.0.1) ssh bandit0@bandit.labs.overthewire.org -p 2220
π΄ββ οΈ bandit0
Level 0 β¨ 1
cat readme
π΄ββ οΈ boJ9jbbUNNfktd78OOpsqOltutMc3MY1
Level 1 β¨ 2
cat ./-
π΄ββ οΈ CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
Level 2 β¨ 3
cat "spaces in this filename"
π΄ββ οΈ UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Level 3 β¨ 4
cat inhere/.hidden
π΄ββ οΈ pIwrPrtPN36QITSp3EQaw936yaFoFgAB
Level 4 β¨ 5
file ./inhere/* cat ./inhere/-file07
π΄ββ οΈ koReBOKuIDDepwhWk7jZC0RTdopnAYKh
Level 5 β¨ 6
find inhere/ -type f -readable ! -executable -size 1033c cat inhere/maybehere07/.file2
π΄ββ οΈ DXjZPULLxYr17uwoI01bNLQbtFemEgo7
Level 6 β¨ 7
find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null cat /var/lib/dpkg/info/bandit7.password
π΄ββ οΈ HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
Level 7 β¨ 8
cat data.txt | grep millionth
π΄ββ οΈ cvX2JJa4CFALtqS87jk27qwqGhBM9plV
Level 8 β¨ 9
cat data.txt | sort | uniq -c | grep -v 10
π΄ββ οΈ UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
Level 9 β¨ 10
strings data.txt | grep -e [=]
π΄ββ οΈ truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
Level 10 β¨ 11
base64 -d data.txt
π΄ββ οΈ IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
Level 11 β¨ 12
cat data.txt | tr [A-Za-z] [N-ZA-Mn-za-m]
π΄ββ οΈ 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
Level 12 β¨ 13
mkdir /tmp/yourname123 cp ~/data.txt . xxd -r data.txt > data.gz gzip -d data.gz && mv data data.bz2 bzip2 -d data.bz2 && mv data data.gz gzip -d data.gz tar -xf data tar -xf data5.bin && mv data6.bin data.bz2 bzip2 -d data.bz2 tar -xf data && mv data8.bin data.gz gzip -d data.gz cat data
π΄ββ οΈ 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
Level 13 β¨ 14
(127.0.0.1) scp -P2220 bandit13@bandit.labs.overthewire.org:~/sshkey.private . (127.0.0.1) chmod 400 sshkey.private (127.0.0.1) ssh bandit14@bandit.labs.overthewire.org -p 2220 -i sshkey.private cat /etc/bandit_pass/bandit14
π΄ββ οΈ 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Level 14 β¨ 15
echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
π΄ββ οΈ BfMYroe26WYalil77FoDi9qh59eK5xNr
Level 15 β¨ 16
echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -connect 127.0.0.1:30001 -quiet
π΄ββ οΈ cluFn7wTiGryunymYOu4RcffSxQluehd
Level 16 β¨ 17
nmap -sV --script ssl* localhost -p31000-32000 echo cluFn7wTiGryunymYOu4RcffSxQluehd | openssl s_client -connect 127.0.0.1:31790 -quiet
π΄ββ οΈ SSH Private Key
Level 17 β¨ 18
(127.0.0.1) chmod 400 sshkey.private (127.0.0.1) ssh bandit17@bandit.labs.overthewire.org -p 2220 -i sshkey.private diff passwords.old passwords.new
π΄ββ οΈ kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
Level 18 β¨ 19
(127.0.0.1) ssh bandit18@bandit.labs.overthewire.org -p 2220 ls -l (127.0.0.1) ssh bandit18@bandit.labs.overthewire.org -p 2220 cat readme
π΄ββ οΈ IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
Level 19 β¨ 20
./bandit20-do cat /etc/bandit_pass/bandit20
π΄ββ οΈ GbKksEFF4yrVs6il55v6gwY5aVje5f0j
Level 20 β¨ 21
nmap localhost (session-1) echo "GbKksEFF4yrVs6il55v6gwY5aVje5f0j" | nc -lp 2021 (session-2) ./suconnect 2021
π΄ββ οΈ gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
Level 21 β¨ 22
cat /etc/cron.d/cronjob_bandit22 bash /usr/bin/cronjob_bandit22.sh cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
π΄ββ οΈ Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
Level 22 β¨ 23
cat /etc/cron.d/cronjob_bandit23 cat /usr/bin/cronjob_bandit23.sh echo I am user bandit23 | md5sum | cut -d' ' -f1 cat /tmp/8ca319486bfbbc3663ea0fbe81326349
π΄ββ οΈ jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
Level 23 β¨ 24
cat /etc/cron.d/cronjob_bandit24 cat /usr/bin/cronjob_bandit24.sh mkdir /tmp/yourname123 chmod 777 /tmp/yourname123 cd /tmp/yourname123 touch script password chmod 777 * echo "#!/usr/bin/env bash \n cat /etc/bandit_pass/bandit24 > /tmp/yourname123/password" > script cp script /var/spool/bandit24/ cat password
π΄ββ οΈ UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
Level 24 β¨ 25
mkdir /tmp/yourname123 cd /tmp/yourname123 echo "#!/usr/bin/env bash for i in 0 1 2 3 4 5 6 7 8 9; do for j in 0 1 2 3 4 5 6 7 8 9; do for k in 0 1 2 3 4 5 6 7 8 9; do for l in 0 1 2 3 4 5 6 7 8 9; do echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i$j$k$l" >> keys done done done done" > script bash script cat keys | nc localhost 30002
π΄ββ οΈ uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
Level 25 β¨ 26
(127.0.0.1) scp -P 2220 bandit25@bandit.labs.overthewire.org:~/bandit26.sshkey .
π΄ββ οΈ SSH Private Key
Level 26 β¨ 27
(127.0.0.1) ssh bandit25@bandit.labs.overthewire.org -p 2220 bandit26.sshkey (minimize the terminal and press `v`) :set shell=/bin/bash :!shell ./bandit27-do cat /etc/bandit_pass/bandit27
π΄ββ οΈ 3ba3118a22e93127a4ed485be72ef5ea
Level 27 β¨ 28
cd /tmp/yourname git clone ssh://bandit27-git@localhost/home/bandit27-git/repo cat repo/README
π΄ββ οΈ 0ef186ac70e04ea33b4c1853d2526fa2
Level 28 β¨ 29
cd /tmp/yourname git clone ssh://bandit28-git@localhost/home/bandit28-git/repo cd repo git checkout c086 cat README.md
π΄ββ οΈ bbc96594b4e001778eee9975372716b2
Level 29 β¨ 30
cd /tmp/yourname git clone ssh://bandit29-git@localhost/home/bandit29-git/repo cd repo git fetch origin dev:dev git checkout dev cat README.md
π΄ββ οΈ 5b90576bedb2cc04c86a9e924ce42faf
Level 30 β¨ 31
cd /tmp/yourname git clone ssh://bandit30-git@localhost/home/bandit30-git/repo cd repo git tag git show secret
π΄ββ οΈ 47e603bb428404d265f59c42920d81e5
Level 31 β¨ 32
cd /tmp/yourname git clone ssh://bandit31-git@localhost/home/bandit31-git/repo cd repo echo "May I come in?" > key.txt rm .gitignore git add . git commit -m "request for Level 32 password" git push origin master
π΄ββ οΈ 56a9bf19c63d650ce78e6ec0354ee45e
Level 32 β¨ 33
$0 /bin/bash cat /etc/bandit_pass/bandit33
π΄ββ οΈ c9c3199ddf4121b10cf581a98d51caee