Bandit11->Bandit12
Level Goal
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
知识点:
考察ROT13加密解密。
操作:
cat data.txt| tr 'N-ZA-Mn-za-m' 'A-Za-z'
密码:5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
Bandit12->Bandit13
Level Goal
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
知识点:
打包和解包,压缩和解压缩命令。参考https://www.runoob.com/w3cnote/linux-tar-gz.html
操作:
mkdir /tmp/place
cd /tmp/place
xxd -r /home/bandit12/data.txt > data.bin
file data.bin
mv data.bin data.bin.gz
gzip -d data.bin.gz
file data.bin
mv data.bin data.bin.bz2
bzip2 -d data.bin.bz2
file data.bin
mv data.bin data.bin.gz
gzip -d data.bin.gz
file data.bin
mv data.bin data.bin.tar
tar -xf data.bin.tar
... ...等等
最后得到密码
密码:8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
Bandit13->Bandit14
Level Goal
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
知识点:
ssh密钥登录
操作:
ssh -i private_key bandit14@localhost
密码:4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Bandit Level 14 → Level 15
Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
知识点:
telnet协议和命令或者nc工具和命令
操作:
telnet localhost 30000
或者nc localhost 30000
密码:BfMYroe26WYalil77FoDi9qh59eK5xNr
Bandit Level 15 → Level 16
Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
知识点:
openssl命令
操作:
openssl s_client -connect localhost:30001
密码:cluFn7wTiGryunymYOu4RcffSxQluehd