Over the wire - Bandit
Here I document the challenges provided by over the wire.org for Linux learning
Important notes
File transversal
./ represents the current directory
../ represents the parent directory
/ is pathname of the root directory
using 2>/dev/null to remove error messages output (cleaning output)
Level 4
Here the directories included numerous files of unreadable format, task was to find and read the only human readable file. Theres a dash in file name which renders it essential to call the file using "./-file07" to include the full path.

Level 5 (find)
Using Find for finding files
1. Finding by file size
b – 512-byte blocks (this is the default if no suffix is used)
c – bytes
w – two-byte words
k – Kilobytes
M – Megabytes
G – Gigabytes
# find command to search for files greater than 10MB but smaller than 20MB:
find . -size +10M -size -20M
# find files in /etc directory greater than 5MB and print its file size
2. Finding by file name
find ./directory_name -name sample.txt OR *.txt
3. finding empty directories
find ./directory_name -empty
4. Search for text within files
find ./ type f -name "*.txt" -exec grep 'TEXT_OF_INTEREST' {} \;
This command print lines which have ‘Geek’ in them and ‘-type f’ specifies the input type is a file.
5. Search non executable files
find ./ -type f ! -executable

Bandit 6
Remember to use 2>/dev/null to remove error outputs
Specifying 2>/dev/null will filter out the errors so that they will not be output to your console. In more detail: 2 represents the error descriptor, which is where errors are written to. By default they are printed out on the console. /dev/null is the standard Linux device where you send output that you want ignored.

Bandit 7 SSH password: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
Bandit 7

Bandit 8
Password: cvX2JJa4CFALtqS87jk27qwqGhBM9plV
Learnings
1.sort Command
used to sort a file, arranging the records in a particular order. By default, the sort command sorts file assuming the contents are ASCII.
Using options in the sort command can also be used to sort numerically. It supports sorting alphabetically, in reverse order, by number, by month, and can also remove duplicates.
Blank space is default field separator
-r reverse order; -n numerical order; -k to sort certain columns (-k 2 will sort second column); -u will remove duplicates; -M sorts by month (jan, feb)

Bandit 9
Password: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

Bandit 10
password : truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Bandit 11
>> cat data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
# convert A-Z to N-Z shift down by 13 spaces
Bandit 12
Password : 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
Given a hexdump compressed file, isolate the ASCII password
First create a working directory

Remember to use file command at every stage to identify type of zip
xxd -r data.txt
: Reverse the hexdump : gzip compressed data, was "data2.bin", last modified: Thu May 7 18:14:30 2020, max compression, from Unixzcat reversed_hexdump
> outfile : bzip2 compressed data 900k
Zcat is a command line utility for viewing the contents of a compressed file without literally uncompressing it. It expands a compressed file to standard output allowing you to have a look at its contents. In addition, zcat is identical to running gunzip -c command.
tried to bzip2 -d : unable to guess original name
zcat again : POSIX tar archive (GNU)
tar -xvf : got data5.bin, another POSIX tar archive (GNU)
tar -xvf again : got data6.bin (bzip2 compressed data)
bzip2 -d failed, cant get original name, using data6.bin.out
file to find out data6.bin.out is a POSIC tar archive again ...
tar -xvf to get data8.bin
zcat data8.bin to get password!
Bandit 13 (Entry to 14 - 16 from here, network transversal)
8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
private ssh key given, use ssh bandit14@localhost - i sshkey.private
Bandit 14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Bandit 15 (SSL and TLS)
https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html
Password : BfMYroe26WYalil77FoDi9qh59eK5xNr
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
Learnings (man openssl for manual help)
to connect to SSL server : openssl s_client localhost:30001
s_client -help for more info
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards
required by them.
The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for
o Creation and management of private keys, public keys and parameters
o Public key cryptographic operations
o Creation of X.509 certificates, CSRs and CRLs
o Calculation of Message Digests
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
o Handling of S/MIME signed or encrypted mail
o Time Stamp requests, generation and verification
Theory:
echo "YOUR TEXT HERE" | openssl s_client -connect host:port -ign_eof
to send string and get the response from the server

Bandit 16 (ssh to bandit 17 using private key)
cluFn7wTiGryunymYOu4RcffSxQluehd
nmap enumeration : out of four ports from 31000 to 32000, only 31790/tcp does not merely echo (ssl/unknown)
Save the private key into editor file
chmod 600
ssh to bandit 17 using private key

Bandit 17 (using diff to compare file differences)
Pass for Bandit 18 SSH : kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

Bandit 18
The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.
Last updated