Booj thoughts on security

OverTheWire - Bandit

Bandit0

Starting out the very first challenge is just to read a file. For this I used the cat command.

bandit0@melinda:~$ ls
readme
bandit0@melinda:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Bandit1

bandit1@melinda:~$ ls
-
bandit1@melinda:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Bandit2

bandit2@melinda:~$ ls
spaces in this filename
bandit2@melinda:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Bandit3

bandit3@melinda:~$ ls
inhere
bandit3@melinda:~$ cd inhere
bandit3@melinda:~/inhere$ ls -a
.  ..  .hidden
bandit3@melinda:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Bandit4

bandit4@melinda:~$ cd inhere
bandit4@melinda:~/inhere$ ls
-file00  -file02  -file04  -file06  -file08
-file01  -file03  -file05  -file07  -file09
bandit4@melinda:~/inhere$ cat ./-file00
;▒-▒(▒▒z▒▒У▒▒ޘ▒▒8鑾bandit4@melinda:~/inhere$ cat ./-file01
?▒@c
    O8▒L▒c▒Ч7▒zb~▒▒ף▒▒U▒bandit4@melinda:~/inhere$ cat ./-file02
▒g▒f▒4▒6+>"▒▒B▒Vx▒▒d▒▒;de▒Obandit4@melinda:~/inhere$ cat ./-file03
▒:n▒▒▒▒8S▒▒Ѕ[▒/q▒(▒▒@▒▒M▒.▒tbandit4@melinda:~/inhere$ cat ./-file04
▒▒▒▒+▒▒5▒`▒¶R
▒1*6C▒u#Nr▒bandit4@melinda:~/inhere$ cat ./-file05
▒▒hZ▒▒▒P▒邚▒▒▒{#▒TP▒▒6▒]▒▒X:bandit4@melinda:~/inhere$ cat ./-file06
▒▒▒!▒>P▒
d{▒▒▒▒ҏH▒▒▒xX|▒bandit4@melinda:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Bandit5

bandit5@melinda:~/inhere$ find -type f -size 1033c
./maybehere07/.file2
bandit5@melinda:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Bandit6

bandit6@melinda:~$ cd ../..
bandit6@melinda:/$ find -type f -group bandit6 -user bandit7 -size 33c  2>/dev/null
./var/lib/dpkg/info/bandit7.password
bandit6@melinda:/$ cat ./var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Bandit7

bandit7@melinda:~$ ls -l data.txt
-rw-r----- 1 bandit8 bandit7 4184396 Nov 14  2014 data.txt
bandit7@melinda:~$ grep 'millionth' data.txt
millionth       cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Bandit8

bandit8@melinda:~$ cat data.txt | sort -g | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Bandit9

z哞▒▒1cF▒========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
bandit9@melinda:~$ cat data.txt | grep -a ========= --text

Bandit10

bandit10@melinda:~$ cat data.txt | base64 --decode
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

Bandit11

bandit11@melinda:~$ cat data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Bandit12

bandit12@melinda:/tmp/newtmp$ xxd -r data.txt data.out
bandit12@melinda:/tmp/newtmp$ file data.out
data.out: gzip compressed data, was "data2.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/newtmp$ mv data.out data.gz
bandit12@melinda:/tmp/newtmp$ gzip -d data.gz
bandit12@melinda:/tmp/newtmp$ ls
data  data.txt
bandit12@melinda:/tmp/newtmp$ file data
data: bzip2 compressed data, block size = 900k
bandit12@melinda:/tmp/newtmp$ mv data data.bz2
bandit12@melinda:/tmp/newtmp$ bzip2 -d data.bz2
bandit12@melinda:/tmp/newtmp$ file data
data: gzip compressed data, was "data4.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/newtmp$ mv data data.gz
bandit12@melinda:/tmp/newtmp$ gzip -d data.gz
bandit12@melinda:/tmp/newtmp$ file data
data: POSIX tar archive (GNU)
bandit12@melinda:/tmp/newtmp$ tar -xf data
bandit12@melinda:/tmp/newtmp$ ls
data  data.txt  data5.bin
bandit12@melinda:/tmp/newtmp$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@melinda:/tmp/newtmp$ tar -xf data5.bin
bandit12@melinda:/tmp/newtmp$ ls
data  data.txt  data5.bin  data6.bin
bandit12@melinda:/tmp/newtmp$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@melinda:/tmp/newtmp$ mv data6.bin data6.bin.bz2
bandit12@melinda:/tmp/newtmp$ bzip2 -d data6.bin.bz2
bandit12@melinda:/tmp/newtmp$ file data6.bin
data6.bin: POSIX tar archive (GNU)
bandit12@melinda:/tmp/newtmp$ tar -xf data6.bin
bandit12@melinda:/tmp/newtmp$ ls
data  data.txt  data5.bin  data6.bin  data8.bin
bandit12@melinda:/tmp/newtmp$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/newtmp$ mv data8.bin data8.bin.gz
bandit12@melinda:/tmp/newtmp$ gzip2 -d data8.bin.gz
-bash: gzip2: command not found
bandit12@melinda:/tmp/newtmp$ gz2 -d data8.bin.gz
-bash: gz2: command not found
bandit12@melinda:/tmp/newtmp$ gzip -d data8.bin.gz
bandit12@melinda:/tmp/newtmp$ ls
data  data.txt  data5.bin  data6.bin  data8.bin
bandit12@melinda:/tmp/newtmp$ file data8.bin
data8.bin: ASCII text
bandit12@melinda:/tmp/newtmp$ cat data8.bin
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
bandit12@melinda:/tmp/newtmp$
comments powered by Disqus