Booj thoughts on security
OverTheWire - Bandit
Bandit0
Starting out the very first challenge is just to read a file. For this I used the cat command.
bandit0@melinda:~$ ls
readme
bandit0@melinda:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1Bandit1
bandit1@melinda:~$ ls
-
bandit1@melinda:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
Bandit2
bandit2@melinda:~$ ls
spaces in this filename
bandit2@melinda:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Bandit3
bandit3@melinda:~$ ls
inhere
bandit3@melinda:~$ cd inhere
bandit3@melinda:~/inhere$ ls -a
. .. .hidden
bandit3@melinda:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
Bandit4
bandit4@melinda:~$ cd inhere
bandit4@melinda:~/inhere$ ls
-file00 -file02 -file04 -file06 -file08
-file01 -file03 -file05 -file07 -file09
bandit4@melinda:~/inhere$ cat ./-file00
;▒-▒(▒▒z▒▒У▒▒ޘ▒▒8鑾bandit4@melinda:~/inhere$ cat ./-file01
?▒@c
O8▒L▒c▒Ч7▒zb~▒▒ף▒▒U▒bandit4@melinda:~/inhere$ cat ./-file02
▒g▒f▒4▒6+>"▒▒B▒Vx▒▒d▒▒;de▒Obandit4@melinda:~/inhere$ cat ./-file03
▒:n▒▒▒▒8S▒▒Ѕ[▒/q▒(▒▒@▒▒M▒.▒tbandit4@melinda:~/inhere$ cat ./-file04
▒▒▒▒+▒▒5▒`▒¶R
▒1*6C▒u#Nr▒bandit4@melinda:~/inhere$ cat ./-file05
▒▒hZ▒▒▒P▒邚▒▒▒{#▒TP▒▒6▒]▒▒X:bandit4@melinda:~/inhere$ cat ./-file06
▒▒▒!▒>P▒
d{▒▒▒▒ҏH▒▒▒xX|▒bandit4@melinda:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
Bandit5
bandit5@melinda:~/inhere$ find -type f -size 1033c
./maybehere07/.file2
bandit5@melinda:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
Bandit6
bandit6@melinda:~$ cd ../..
bandit6@melinda:/$ find -type f -group bandit6 -user bandit7 -size 33c 2>/dev/null
./var/lib/dpkg/info/bandit7.password
bandit6@melinda:/$ cat ./var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
Bandit7
bandit7@melinda:~$ ls -l data.txt
-rw-r----- 1 bandit8 bandit7 4184396 Nov 14 2014 data.txt
bandit7@melinda:~$ grep 'millionth' data.txt
millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plV
Bandit8
bandit8@melinda:~$ cat data.txt | sort -g | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
Bandit9
z哞▒▒1cF▒========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
bandit9@melinda:~$ cat data.txt | grep -a ========= --text
Bandit10
bandit10@melinda:~$ cat data.txt | base64 --decode
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
Bandit11
bandit11@melinda:~$ cat data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUuBandit12
bandit12@melinda:/tmp/newtmp$ xxd -r data.txt data.out
bandit12@melinda:/tmp/newtmp$ file data.out
data.out: gzip compressed data, was "data2.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/newtmp$ mv data.out data.gz
bandit12@melinda:/tmp/newtmp$ gzip -d data.gz
bandit12@melinda:/tmp/newtmp$ ls
data data.txt
bandit12@melinda:/tmp/newtmp$ file data
data: bzip2 compressed data, block size = 900k
bandit12@melinda:/tmp/newtmp$ mv data data.bz2
bandit12@melinda:/tmp/newtmp$ bzip2 -d data.bz2
bandit12@melinda:/tmp/newtmp$ file data
data: gzip compressed data, was "data4.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/newtmp$ mv data data.gz
bandit12@melinda:/tmp/newtmp$ gzip -d data.gz
bandit12@melinda:/tmp/newtmp$ file data
data: POSIX tar archive (GNU)
bandit12@melinda:/tmp/newtmp$ tar -xf data
bandit12@melinda:/tmp/newtmp$ ls
data data.txt data5.bin
bandit12@melinda:/tmp/newtmp$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@melinda:/tmp/newtmp$ tar -xf data5.bin
bandit12@melinda:/tmp/newtmp$ ls
data data.txt data5.bin data6.bin
bandit12@melinda:/tmp/newtmp$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@melinda:/tmp/newtmp$ mv data6.bin data6.bin.bz2
bandit12@melinda:/tmp/newtmp$ bzip2 -d data6.bin.bz2
bandit12@melinda:/tmp/newtmp$ file data6.bin
data6.bin: POSIX tar archive (GNU)
bandit12@melinda:/tmp/newtmp$ tar -xf data6.bin
bandit12@melinda:/tmp/newtmp$ ls
data data.txt data5.bin data6.bin data8.bin
bandit12@melinda:/tmp/newtmp$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/newtmp$ mv data8.bin data8.bin.gz
bandit12@melinda:/tmp/newtmp$ gzip2 -d data8.bin.gz
-bash: gzip2: command not found
bandit12@melinda:/tmp/newtmp$ gz2 -d data8.bin.gz
-bash: gz2: command not found
bandit12@melinda:/tmp/newtmp$ gzip -d data8.bin.gz
bandit12@melinda:/tmp/newtmp$ ls
data data.txt data5.bin data6.bin data8.bin
bandit12@melinda:/tmp/newtmp$ file data8.bin
data8.bin: ASCII text
bandit12@melinda:/tmp/newtmp$ cat data8.bin
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
bandit12@melinda:/tmp/newtmp$
Feel free to share!