Overthewire – Bandit 5 -> Bandit 10 (Part 2)
# Information:
CTF Name: Overthewire
CTF Challenge: Bandit
Challenge Category: Linux
Challenge Points: Easy – for absolute beginners
Part 1 of this challenge can be found here.
# Used Tools:
- SSH (to access the challenge)
- Linux Terminal (that is what we have)
# Challenges:
Bandit 5 -> Bandit 6
Main URL: Bandit 5 -> Bandit 6
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
- human-readable
- 1033 bytes in size
- not executable
# Writeup
Step 1
First, we have to use the same command as in the previous challenge, but this time the user is bandit5 and the password is the flag of the previous challenge. The ssh command is:
mregra on Cyber $ ssh [email protected] -p 2220
After putting the flag from the previous challenge as the password we are in!
Step 2
In this one we have to find the file that is human readable, so ASCII, or something like that, that has 1033 bytes in size and that is not executable.
After entering the machine we can see the home directory contents by using the ls command, we are presented with just one folder, inhere, after moving inside it, by using cd inhere, we can see the inhere directory contents once again with ls.
This time, we get the following:
bandit5@bandit:~/inhere $ ls
maybehere00 maybehere03 maybehere06 maybehere09 maybehere12 maybehere15 maybehere18
maybehere01 maybehere04 maybehere07 maybehere10 maybehere13 maybehere16 maybehere19
maybehere02 maybehere05 maybehere08 maybehere11 maybehere14 maybehere17
We can go one directory at a time and then analyze the contents of each directory but that takes alot time! We can, instead, leverage the linux terminal tools that we have at our disposal, in particular the file and find commands.
What we can do is to simply see the file is of the type ASCII, and, if so, if the size is 1033 bytes, and if so, if it is not executable. The final command:
bandit5@bandit:~/inhere $ find . -type f -size 1033c ! -executable
./maybehere07/.file2
Well let’s break the command down. We have the command find . -type f -size 1033c ! -executable. The find command searches in the directory . (in our case, which is the current directory, the ~/inhere). It searches for type f, which is files with size 1033 bytes and that are not executable, the ! negates the -executable.
It seems that the file ./maybehere07/.file2 has the flag because it is the only one, now, what is left to do is simply to cat its contents, as such:
bandit5@bandit:~/inhere $ cat ./maybehere07/.file2
And we get the flag:
Bandit 6 -> Bandit 7
Main URL: Bandit 6 -> Bandit 7
The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
# Writeup
Step 1
As in the previous one we have to use the same command as in the previous challenge, but this time the user is bandit6 and the password is the flag of the previous challenge. The ssh command is:
mregra on Cyber $ ssh [email protected] -p 2220
After putting the flag from the previous challenge as the password we are in!
Step 2
In this one we have to find the file that is owned by user bandit7, owned by group bandit6 and with 33 bytes in size.
After entering the machine we can see the home directory contents by using the ls command, we are presented with nothin, there is no directory or interesting file in the home directory.
We can analyze the contents of the entire machine but that takes alot time! We can, instead, leverage the linux terminal tools that we have at our disposal, in particular the find command.
We can simply use a combination of commands, as such:
bandit6@bandit:~$ find /* -type f -group bandit6 -user bandit7 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
This command is similar to the previous one, but, this time we filter for group and user, and also for size, 33 bytes in this case. Finally the last part of the command 2>/dev/null it is used to redirect the error messages like Permission denied to a different location than the standard output.
So it seems that the file /var/lib/dpkg/info/bandit7.password has the flag because it is the only one, now, what is left to do is simply to cat its contents, as such:
And we get the flag:
Bandit 7 -> Bandit 8
Main URL: Bandit 7 -> Bandit 8
The password for the next level is stored in the file data.txt next to the word millionth
# Writeup
Step 1
Similar to the previous one we have to use the same command as in the previous challenge, but this time the user is bandit2 and the password is the flag of the previous challenge. The ssh command is:
mregra on Cyber $ ssh [email protected] -p 2220
After putting the flag from the previous challenge as the password we are in!
Step 2
In this one we have to find the word millionth in the file data.txt.
After entering the machine we can see the home directory contents by using the ls command, we are presented with the file data.txt.
This challenge turned out to be quite simple, I simply did:
bandit7@bandit:~$ cat data.txt | grep millionth
And we get the flag:
Bandit 8 -> Bandit 9
Main URL: Bandit 8 -> Bandit 9
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
# Writeup
Step 1
As in the previous one we have to use the same command as in the previous challenge, but this time the user is bandit3 and the password is the flag of the previous challenge. The ssh command is:
mregra on Cyber $ ssh [email protected] -p 2220
After putting the flag from the previous challenge as the password we are in!
Step 2
A funny challenge I got to say! Well, after some online search I found that if you use the uniq command you can count the number of occurrences of a line in a file. However, if it is not sorted it will not work. So first, we must sort the file and pipe the content into the uniq command with the -u flag (-u flag for unique occurrence), as such:
bandit8@bandit:~$ sort data.txt | uniq -u
And we get the flag:
Bandit 9 -> Bandit 10
Main URL: Bandit 9 -> Bandit 10
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
# Writeup
Step 1
As in the previous one we have to use the same command as in the previous challenge, but this time the user is bandit4 and the password is the flag of the previous challenge. The ssh command is:
mregra on Cyber $ ssh [email protected] -p 2220
After putting the flag from the previous challenge as the password we are in!
Step 2
Weird challenge! Well, after some online search I found that if you use the strings command on the file and then piped the output int the grep with two equal signs we would get the flag. The final command:
bandit9@bandit:~$ strings data.txt | grep ==
Basically what this command is doing is getting all the strings from data.txt, and after piping that output into the grep command we are listing only the strings that have more than one equal sign, meaning at least 2. Which is what we have in the description.
And we get the flag:
Thank you very much for reading!
Cheers,
MRegra
One Reply to “Overthewire – Bandit 5 -> Bandit 10 (Part 2)”