Overthewire – Bandit 5 -> Bandit 10 (Part 2)

# Information:

CTF Name: Overthewire

CTF Challenge: Bandit

Challenge Category: Linux

Challenge Points: Easy – for absolute beginners

Part 1 of this challenge can be found here.

# Used Tools:

  • SSH (to access the challenge)
  • Linux Terminal (that is what we have)

# Challenges:

Bandit 5 -> Bandit 6

Main URL: Bandit 5 -> Bandit 6

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

# Writeup

Step 1

First, we have to use the same command as in the previous challenge, but this time the user is bandit5 and the password is the flag of the previous challenge. The ssh command is:

 mregra on Cyber $ ssh [email protected] -p 2220

After putting the flag from the previous challenge as the password we are in!

Step 2

In this one we have to find the file that is human readable, so ASCII, or something like that, that has 1033 bytes in size and that is not executable.

After entering the machine we can see the home directory contents by using the ls command, we are presented with just one folder, inhere, after moving inside it, by using cd inhere, we can see the inhere directory contents once again with ls.

This time, we get the following:

 bandit5@bandit:~/inhere $ ls
 maybehere00  maybehere03  maybehere06  maybehere09  maybehere12  maybehere15  maybehere18
 maybehere01  maybehere04  maybehere07  maybehere10  maybehere13  maybehere16  maybehere19
 maybehere02  maybehere05  maybehere08  maybehere11  maybehere14  maybehere17

We can go one directory at a time and then analyze the contents of each directory but that takes alot time! We can, instead, leverage the linux terminal tools that we have at our disposal, in particular the file and find commands.

What we can do is to simply see the file is of the type ASCII, and, if so, if the size is 1033 bytes, and if so, if it is not executable. The final command:

 bandit5@bandit:~/inhere $ find . -type f -size 1033c ! -executable
 ./maybehere07/.file2

Well let’s break the command down. We have the command find . -type f -size 1033c ! -executable. The find command searches in the directory . (in our case, which is the current directory, the ~/inhere). It searches for type f, which is files with size 1033 bytes and that are not executable, the ! negates the -executable.

It seems that the file ./maybehere07/.file2 has the flag because it is the only one, now, what is left to do is simply to cat its contents, as such:

 bandit5@bandit:~/inhere $ cat ./maybehere07/.file2

And we get the flag:

Show flag
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Bandit 6 -> Bandit 7

Main URL: Bandit 6 -> Bandit 7

The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size

# Writeup

Step 1

As in the previous one we have to use the same command as in the previous challenge, but this time the user is bandit6 and the password is the flag of the previous challenge. The ssh command is:

 mregra on Cyber $ ssh [email protected] -p 2220

After putting the flag from the previous challenge as the password we are in!

Step 2

In this one we have to find the file that is owned by user bandit7, owned by group bandit6 and with 33 bytes in size.

After entering the machine we can see the home directory contents by using the ls command, we are presented with nothin, there is no directory or interesting file in the home directory.

We can analyze the contents of the entire machine but that takes alot time! We can, instead, leverage the linux terminal tools that we have at our disposal, in particular the find command.

We can simply use a combination of commands, as such:

 bandit6@bandit:~$ find /* -type f -group bandit6 -user bandit7 -size 33c 2>/dev/null
 /var/lib/dpkg/info/bandit7.password

This command is similar to the previous one, but, this time we filter for group and user, and also for size, 33 bytes in this case. Finally the last part of the command 2>/dev/null it is used to redirect the error messages like Permission denied to a different location than the standard output.

So it seems that the file /var/lib/dpkg/info/bandit7.password has the flag because it is the only one, now, what is left to do is simply to cat its contents, as such:

And we get the flag:

Show flag
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Bandit 7 -> Bandit 8

Main URL: Bandit 7 -> Bandit 8

The password for the next level is stored in the file data.txt next to the word millionth

# Writeup

Step 1

Similar to the previous one we have to use the same command as in the previous challenge, but this time the user is bandit2 and the password is the flag of the previous challenge. The ssh command is:

 mregra on Cyber $ ssh [email protected] -p 2220

After putting the flag from the previous challenge as the password we are in!

Step 2

In this one we have to find the word millionth in the file data.txt.

After entering the machine we can see the home directory contents by using the ls command, we are presented with the file data.txt.

This challenge turned out to be quite simple, I simply did:

 bandit7@bandit:~$ cat data.txt | grep millionth

And we get the flag:

Show flag
cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Bandit 8 -> Bandit 9

Main URL: Bandit 8 -> Bandit 9

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

# Writeup

Step 1

As in the previous one we have to use the same command as in the previous challenge, but this time the user is bandit3 and the password is the flag of the previous challenge. The ssh command is:

 mregra on Cyber $ ssh [email protected] -p 2220

After putting the flag from the previous challenge as the password we are in!

Step 2

A funny challenge I got to say! Well, after some online search I found that if you use the uniq command you can count the number of occurrences of a line in a file. However, if it is not sorted it will not work. So first, we must sort the file and pipe the content into the uniq command with the -u flag (-u flag for unique occurrence), as such:

 bandit8@bandit:~$ sort data.txt | uniq -u

And we get the flag:

Show flag
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Bandit 9 -> Bandit 10

Main URL: Bandit 9 -> Bandit 10

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

# Writeup

Step 1

As in the previous one we have to use the same command as in the previous challenge, but this time the user is bandit4 and the password is the flag of the previous challenge. The ssh command is:

 mregra on Cyber $ ssh [email protected] -p 2220

After putting the flag from the previous challenge as the password we are in!

Step 2

Weird challenge! Well, after some online search I found that if you use the strings command on the file and then piped the output int the grep with two equal signs we would get the flag. The final command:

bandit9@bandit:~$ strings data.txt | grep ==

Basically what this command is doing is getting all the strings from data.txt, and after piping that output into the grep command we are listing only the strings that have more than one equal sign, meaning at least 2. Which is what we have in the description.

And we get the flag:

Show flag
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Thank you very much for reading!

Cheers,

MRegra


Share this post:

Popular posts

One Reply to “Overthewire – Bandit 5 -> Bandit 10 (Part 2)”

Leave a Reply

Your email address will not be published. Required fields are marked *