到hackMD看排版比較好 https://hackmd.io/l4m2suUVRF-XicBfIDxRug#Level4
Level4
Level Goal
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
解答
先進入/inhere目錄
ls顯示出有10個檔案
file ./* 顯示副檔名
cat ./-file07打開檔案
密碼:lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
Level5
Level Goal
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
解答
human-readable
1033 bytes in size
not executable
先進入/inhere目錄
按照題目題示查找檔案
密碼:P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
Level6
Level Goal
The password for the next level is stored somewhere on the server and has all of the following properties:
owned by user bandit7
owned by group bandit6
33 bytes in size
解答
The password for the next level is stored somewhere on the server and has all of the following properties:
owned by user bandit7
owned by group bandit6
33 bytes in size
按照題目設條件
Level7
Level Goal
The password for the next level is stored in the file data.txt next to the word millionth
解答
按照題目條件在 data.txt 查找密碼
Level8
Level Goal
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
解答
先用sort排列後再用uniq -u輸出沒有重複的字串
Level9
Level Goal
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
解答
用strings過濾可閱讀的文字,再用grep找出開頭是=的字串
Level10
Level Goal
The password for the next level is stored in the file data.txt, which contains base64 encoded data
解答
用base64 -d 解碼
Level11
Level Goal
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
解答
用 tr 'A-Za-z' 'N-ZA-Mn-za-m'轉換字元 解密RO13
密碼: JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv
Level12
Level Goal
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
解答
先將檔案移到myname123cp /home/bandit12/data.txt /tmp/myname123
用xxd -r轉換進位
再用file看壓縮類型
分別用gzip -d bzip2 -d tar xvf解壓縮
最後得到密碼:wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw
Level13
Level Goal
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
解答
先將 sshkey.private 中的key複製
到本機端cat > 檔名把key存入後提權chmod 600 檔名
再用ssh -i 檔名 bandit14@bandit.labs.overthewire.org -p 2220用檔案中的key連線
Level14
Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
解答
先從上一題給的路徑/etc/bandit_pass/bandit14 拿到進入localhost的密碼
拿到之後用telnet指令連線到127.0.0.1就可以拿到密碼
Level15
Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
解答
用openssl s_client -connect ip:port連線後輸入lv14的密碼
Level16
Level Goal
The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
解答
用nmap -sV 127.0.0.1 -p 31000-32000搜尋127.0.0.1 port 31000~32000的通訊埠
連線那兩個ssl的通訊埠
連線到正確的通訊埠後輸入上一題的密碼會得到一串金鑰
再用lv13的方式登入下一題
Level17
Level Goal
There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new
NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19
解答
用diff -y 檔案1 檔案2比較兩個檔案不一樣的字串
有 | 標記的是不一樣的
按題目取password.new 中的密碼
Level18
Level Goal
The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.
解答
先試著登入後發現會被踢出
照題目用ssh帶一個指令,打開readmessh bandit18@bandit.labs.overthewire.org -p 2220 cat readme