OverTheWireBandit教程(11-20)

已于 2023-07-11 08:25:38 修改
阅读量530 收藏 1
点赞数 1
分类专栏: 网络安全基础 over the wire 文章标签: linux 服务器 运维
于 2023-05-20 23:35:52 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_73248913/article/details/130787116
版权

Bandit Level 11 → Level 12

Level Goal

The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions

Commands you may need to solve this level

grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Helpful Reading Material

 经典的ROT13加密。

JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv

Bandit Level 12 → Level 13

Level Goal

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Commands you may need to solve this level

grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, file

Helpful Reading Material

 16进制文件。

坏事权限不够,算了直接下载来弄。(操作大差不差,要注意有没有目标文件,没有目标文件可不不写目标文件)

mkdir /tmp/himobrine
cp data.txt /tmp/himobrine
cd /tmp/himobrine
xxd -r data.txt >data.bin
file data.bin
mv data.bin data.gz
gzip -d data.gz
file data
mv data data.bz2
bunzip2 -d data.bz2
file data
mv data data.gz
gzip -d data.gz
file data
mv data data.tar
tar xvf data.tar
file data5.bin
mv data5.bin data5.tar
tar xvf data5.tar
file data6
file data6.bin.out
mv data6.bin.out data.tar
tar xvf data.tar
file data8.bin
mv data8.bin data8.gz
gzip -d data8.gz
cat data8

wbWdlBxEir4CaE8LaPhauuOo6pwR

Bandit Level 13 → Level 14

Level Goal

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

Helpful Reading Material

mrDw

 这一关解密工具开始更换,需要明白黑客常用的工具了,以及连接方式,凭证,密钥啥的。

我们可以看到

 .private就是ssh的密钥文件,直接使用就可以

 ssh -p 2220 bandit.labs.overthewire.org -i ./sshkey.private -l bandit14

 找密码,在/etc/bandit_pass有

fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq

Bandit Level 14 → Level 15

Level Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

Helpful Reading Material

 要将14的密码发送到端口30000,建议使用netcat

 nc localhost 30000

jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt

Bandit Level 15 → Level 16

Level Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

Helpful Reading Material

 openssl基础知识,连接30001

openssl s_client -connect localhost:30001 -ign_eof

JQttfApK4SeyHwDlI9SXGR50qlOAil1

Bandit Level 16 → Level 17

Level Goal

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

Helpful Reading Material

 要求31000扫描秒到32000直接nmap

nmap --min-rate 1000 -sV localhost -p 31000-32000

 顶上端口31790,并且查看端口

JQttfApK4SeyHwDlI9SXGR50qclOAil1

把这个数据写进去,再连接(记得改权限600)

VwOSWtCA7lRKkTfbr2IDh6awj9RNZM5e

Bandit Level 17 → Level 18

Level Goal

There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new

NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19

Commands you may need to solve this level

cat, grep, ls, diff 

diff -d passwords.new passwords.old

 hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg

glZreTEH1V3cGKL6g4conYqZqaEj0mte

Bandit Level 18 → Level 19

Level Goal

The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.

Commands you may need to solve this level

ssh, ls, cat

 这一关直接登录的话,会显示一个“Byebye”,然后会话被关闭,原因是.bashrc被改动了,我们可以用带命令的ssh来查看文件。

ssh -p 2220 bandit18@bandit.labs.overthewire.org "cat ./readme"

 

 awhqfNnAbc1naukrpqDYcF95h7HoMTrC

Bandit Level 19 → Level 20

Level Goal

To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.

Helpful Reading Material

 setuid可以查看到用户权限,ls -al列出所有文件及权限,注意到bandit20-do是-rws-r-x---,这个文件有sudo权限,用它来读取Level 20的文件,获得密码

./bandit20-do cat /etc/bandit_pass/bandit20

VxCazJaVykI6W36BkBU0mJTCM8rR95XT

Bandit Level 20 → Level 21

Level Goal

There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).

NOTE: Try connecting to your own network daemon to see if it works as you think

Commands you may need to solve this level

ssh, nc, cat, bash, screen, tmux, Unix ‘job control’ (bg, fg, jobs, &, CTRL-Z, …)

 登录到Bandit20,查看文件,找到一个suconnect,注意看题目的描述,告诉了我们怎么弄

 echo "VxCazJaVykI6W36BkBU0mJTCM8rR95XT"|nc -l -p 30088 &
./suconnect 30088

NvEJF7oVjkddltPSrdKEFOllh9V1IBcq

himobrinehacken
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
wargame_bandit level0-25全攻略
陈文青
08-06 9868
前些日子,朋友给我推荐了一个网站,上面可以做跟渗透有关的题。正热衷于此苦于不得其门而入的我很高兴地入坑了。 一开始我做的题是vortex,这个系列的题是跟缓冲区溢出有关的,难度相对较大,做得我苦不堪言。当终于在第四道题上卡死,不知道自己错在哪儿。干脆去别的题目上消遣一下找找手感。 目标转向了,推荐的入门题,bandit。   注:这些题的形式基本相同,通过ssh和给定的用户名密码连接到一个
OverTheWire-Bandit
LJFYYJ的博客
05-18 447
Bandit https://overthewire.org/wargames/bandit/ bandit前33关主要包含以下知识点: 读文件(~:bandit12):文件名有-、有空格;搜索特定大小、人类可读文件;文件字符串排序、base64解密、字符变换;文件解压。 网络连接(bandit13:bandit20):private key ssh登录、ssh登录执行命令;nc连接与监听;ssl加密连接;namp扫描;setuid程序用户提权。 定时任务(bandit21:bandit23):
OverTheWire: Bandit通关指引
weixin_47610939的博客
01-16 1万+
OverTheWire Wargame的Bandit通关指引
Bandit Wargame Level12 Writeup
a_18067的博客
05-21 115
Level Goal The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory...
孩子还是有一颗网安梦——Bandit通关教程:Level 12 → Level 13
My Blogssssssssss~~~
12-14 969
🕵️‍♂️ 专栏🌐 游戏官网:🎮 游戏简介: Bandit游戏专为网络安全初学者设计,通过一系列级别挑战玩家,从Level0开始,逐步学习基础命令行和安全概念。玩家需通过阅读信息、使用命令和解决问题来完成每个级别。在不清楚时建议查阅手册、使用内建命令或搜索引擎,旨在培养初学者的基本技能。📖 博客说明: 本系列博客记录个人通关教程,一起探索网络安全的奇妙世界吧!🚀。
linux练习平台WarGame之bandit通关日志
春日野穹
05-06 3760
前言~ Bandit是一个学习linux命令的闯关游戏平台,比较类似于ctf,通过闯关的模式,不断的学习新的命令,对于程序员亦或者安全爱好者来说都是一个不错的学习平台 传送门 根据给出的提示信息,使用xshell登录或者linux直接远程连接ssh登录 SSH信息 主机:bandit.labs.overthewire.org 端口:2220 开始闯关 Level 0 → Leve...
Wargames学习笔记--Bandit
weixin_42820274的博客
02-08 3537
wargames_bandit
OverTheWire:Bandit通关WriteUp(2019.01.17完)
热门推荐
cynthrial的博客
12-25 1万+
OverTheWire:Bandit通关全攻略WriteUp背景通关过程Level0Level0-Level1Level1-Level2Level2-Level3Level 3 → Level 4Level 4 → Level 5Level 5 → Level 6功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列表创建一个表格设定内...
Bandit Walkthrough
scuisdccch的博客
10-17 1452
我在overthewire的wargame中bandit的通关记录。题目的地址是http://www.overthewire.org/wargamesBandit walkthroughlevel 0使用 ssh 命令远程登录到网站所提供的服务器,就可以完成ssh bandit0@bandit.labs.overthewire.org或ssh -l bandit0 bandit.labs.overt
Bandit11-15)
weixin_44681749的博客
09-18 549
Bandit11->Bandit12 知识点: 考察ROT13加密解密。 参考https://blog.csdn.net/apersonlikep/article/details/89332063?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522159992915119724839855779%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fall.%2522.
selinux的安全策略可以影响ntp的方式
ALex_zry的博客
05-18 227
默认情况下,NTP使用UDP端口123进行通信,SELinux 策略需要允许NTP守护进程访问该端口。例如,可以创建一个策略,只允许受信任的NTP服务器与本地系统通信。:SELinux 提供了详细的日志和审计功能,可以帮助管理员监控和分析NTP守护进程的行为,以及检测任何潜在的安全问题。:SELinux 还可以限制NTP守护进程可以执行的操作,例如,是否可以打开套接字、是否可以读取或写入特定的设备等。:如果SELinux策略设置得太严格,可能会与NTP的正常操作发生冲突,导致NTP无法正常同步时间。
linux---进程通信
m0_74979625的博客
05-17 553
提示:以下是本篇文章正文内容,下面案例可供参考。
Linux】Centos7安装Redis
m0_72166275的博客
05-17 319
Reid 官网下载 Redis 7.2。
linux中查找某个文件或文件夹
DN金猿的博客
05-18 249
locate命令将会在整个系统中搜索文件和文件夹,并通过正则表达式匹配以"/folder_name"结尾的路径。这将会在指定的路径(/path/to/search)中递归地列出所有文件和文件夹,并使用grep命令匹配以"/folder_name"结尾的行。该命令将会在指定的路径(/path/to/search)中查找名称为"folder_name"的文件夹。此方法与第2种方法类似,但使用了find命令来递归搜索文件夹,并使用grep命令来匹配以"/folder_name"结尾的行。
linux查看硬盘信息
beck_li的博客
05-17 163
1、 查看挂接的分区状态 6 2、查看硬盘和分区分布 6 3、查看硬盘和分区的详细信息 6 4、查看挂接的分区状态 6 5、查看硬盘使用情况 6 6、硬盘检测命令smartctl 6
Linux|如何在 awk 中使用流控制语句
冷冻工厂
05-21 249
对于上面的形式,如果条件 1 为 true,则执行 actions1 并退出 if 语句,否则评估条件 2,如果为 true,则执行 actions2 并退出 if 语句。当您从 Awk 系列一开始回顾我们迄今为止介绍的所有 Awk 示例时,您会注意到各个示例中的所有命令都是按顺序执行的,即一个接一个。这里,该方法简单地定义为使用计数器来控制循环执行,首先需要初始化计数器,然后根据测试条件运行它,如果为真,则执行操作,最后递增计数器。条件是一个 Awk 表达式,操作是条件为真时执行的 Awk 命令行。
Linux 上 Qt 一些常见报错解决办法~
逐天实验室 ( SCLB )
05-15 138
Linux 上 Qt 一些常见报错解决办法
LinuxLinux下centos更换国内yum源
最新发布
青竹雾色间.的博客
05-21 243
通过执行以上步骤,你就已经成功地将 CentOS 7.6 中的国外 YUM 源更改为国内源。
Kimsuky黑客利用Linux新后门攻击韩国
2401_84205765的博客
05-21 325
朝鲜黑客组织Kimsuki一直在使用一种名为Gomir的新型Linux恶意软件,它是GoBear后门软件的一个版本,通过木马化的软件安装程序提供。金苏基是一名与朝鲜军事情报机构侦察总局(Reconnaissance General Bureau,简称RGB)有关的国家支持的威胁行动者。
Linux】高级IO
lzb_kkk的博客
05-18 859
任何IO过程中都包含两个步骤第一是等待第二是拷贝而且在实际的应用场景中等待消耗的时间往往都远远高于拷贝的时间.让IO更高效最核心的办法就是让等待的时间尽量少。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

himobrinehacken

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值