Bandit靶场记录
靶场名称:Bandit
bandit.labs.overthewire.org
Port: 2220
level 0
The goal of this level is for you to log into the game using SSH.
The host to which you need to connect is bandit.labs.overthewire.org, on port 2220.
The username is bandit0 and the password is bandit0.
Once logged in, go to the Level page to find out how to beat Level 1.
很明显这一个等级只是登入bandit,在输入账号密码后就连接上了服务器。
level 0~1
The password for the next level is stored in a file called readme located in the home directory.
Use this password to log into bandit1 using SSH.
Whenever you find a password for a level.
use SSH (on port 2220) to log into that level and continue the game.
通过cd ~指令切换到主菜单
在通过cat指令打开readme文件夹,得到bandit1的密码:boJ9jbbUNNfktd78OOpsqOltutMc3MY1
level 1~2
The password for the next level is stored in a file called - located in the home directory
我以为这个题目还是跟上一级一样是通过cat能够简单得到,
使用之前的步骤并不能把这一级的密码获取出来。在进入靶场提供的参考网址后
Advanced Bash-scripting Guide - Chapter 3 - Special Characters
找到了这一句话
Filenames beginning with "-" may cause problems when coupled with the "-" redirection operator.
使用cat <-指令可以调出这一级的密码
bandit1@bandit:~$ cat <-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
level2~3
The password for the next level is stored in a file called spaces in this filename located in the home directory。
这一级密码储村在spaces in this filename里面这一级的难点在于是文件名有空格
通过引号可以打开文件
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
level3~4
The password for the next level is stored in a hidden file in the inhere directory.
好样的,这一级答案有到了隐藏文件中去了。。。。
通过ls指令看下有什么文件
进入这个文件ls一下,啥都没有
12个文件,好吧一个一个试验。
接连打开. …都没有提示当进入.hidden出现了提示这个文件不是一个文件夹,哪应该用cat指令进入一下试试,
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
11月八日
level4~5
The password for the next level is stored in the only human-readable file in the inhere directory
先进入inhere,ls一下发现用-flle00到file09九个文件
通过file ./*指令看一看文件类型,
./-file00: data./-file01: data./-file02: data./-file03: data./-file04: data./-file05: data
./-file06: data./-file07: ASCII text./-file08: data./-file09: data
-file07: ASCII text.是一个ascll编码的文件,那这个肯定是答案了
587
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
