Scribd Logo
Upload

Welcome to Scribd!

  • Overthewire 0-20

    Uploaded by

    Dinda Siregar
    33 views6 pages
    The document summarizes the steps taken to solve each level of an OverTheWire Bandit security challenge. It details the commands used, passwords found, and methods for accessing subsequent levels. These include using SSH, finding passwords in files, decoding encoded data, and utilizing tools like tar, gzip and openssl. The passwords and techniques become increasingly complex as the levels progress.

    Original Description:

    Original Title

    overthewire 0-20

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes the steps taken to solve each level of an OverTheWire Bandit security challenge. It details the commands used, passwords found, and methods for accessing subsequent levels. These include using SSH, finding passwords in files, decoding encoded data, and utilizing tools like tar, gzip and openssl. The passwords and techniques become increasingly complex as the levels progress.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    33 views6 pages

    Overthewire 0-20

    Uploaded by

    Dinda Siregar
    The document summarizes the steps taken to solve each level of an OverTheWire Bandit security challenge. It details the commands used, passwords found, and methods for accessing subsequent levels. These include using SSH, finding passwords in files, decoding encoded data, and utilizing tools like tar, gzip and openssl. The passwords and techniques become increasingly complex as the levels progress.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 6

    Maaf telat ngumpul,

    Level 0:

    ssh bandit0@bandit.labs.overthewire.org -p 2220

    pass: bandit0

    Level 1

    cat readme

    Pass: boJ9jbbUNNfktd78OOpsqOltutMc3MY1

    Level 2

    cat < -

    pass: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

    Level 3

    ssh bandit2@bandit.labs.overthewire.org -p 2220

    cat spaces\ in\ this\ filename

    pass: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
    Level 4

    “ls -al

    cat .hidden”

    pass pIwrPrtPN36QITSp3EQaw936yaFoFgAB

    Level 5

    bandit4@bandit.labs.overthewire.org -p 2220

    lihat tipe file yang ada pada dir inhere dengan command ‘file inhere\*’

    ascii text di -file07

    pass: koReBOKuIDDepwhWk7jZC0RTdopnAYKh

    Level 6

    bandit5@bandit.labs.overthewire.org -p 2220

    find inhere –readable -size 1033c ! - executable

    pass: DXjZPULLxYr17uwoI01bNLQbtFemEgo7

    Level 7

    bandit6@bandit.labs.overthewire.org -p 2220

    clue = somewhere on the server

    cd .. till pwd == /pwd

    command ‘find . -user bandit7 -group bandit6 -size 33c’

    ada ./var/lib/dpkg/info/bandit7.password

    pass: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

    Level 8

    Mencetak semua yang bisa dibaca pada data.txt dan mengambil baris yang mengandung
    string millionth

    Command: strings data.txt | grep "millionth"

    Pass: cvX2JJa4CFALtqS87jk27qwqGhBM9plV
    Level 9

    Clue: line of text that occurs only once  unique

    Use uniq -u command but file has to be sorted first

     Strings data.txt | sort | uniq -u’

    Pass: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

    Level 10

    bandit9@bandit.labs.overthewire.org -p 2220

    clue: preceded by several ‘=’

    using grep, cari line yang mengandung ‘=’

     strings data.txt | grep '==*'

    pass = truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

    Level 11

    bandit10@bandit.labs.overthewire.org -p 2220

    cat data.txt | base64 --decode

    pass: IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

    Level 12

    bandit11@bandit.labs.overthewire.org -p 2220

    gunakan tar untuk mengganti …

    cat data.txt | tr '[a-mn-z]' '[n-za-m]' | tr '[A-MN-Z]' '[N-ZA-M]'

    pass: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

    Level 13

    bandit12@bandit.labs.overthewire.org -p 2220

    xxd -r > data0

    file data0  gzip compressed data


    mv data0 data0.gz

    gzip -d data0.gz

    file data0  bzip2 compressed data

    mv data0 data0.bz2

    bzip2 -d data0.bz2

    file data0  gzip compressed data

    mv data0 data0.gz

    gzip -d data0.gz

    file data0  POSIX tar archive (GNU)

    tar -xvf data0  menghasilkan data5.bin

    file data5.bin  POSIX tar archive (GNU)

    tar -xvf data5.bin  menghasilkan data6.bin

    file data6.bin  bzip2 compressed data

    bzip2 -d data6.bin  mengasilkan data6.bin.out

    file data6.bin.out  POSIX tar archive (GNU)

    tar -xvf data6.bin.out  menghasilkan data8.bin

    file data8.bin  gzip compressed data, was "data9.bin"

    gzip -d data8.bin

    cat data8.bin

    pass: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

    Level 14

    bandit13@bandit.labs.overthewire.org -p 2220

    note: localhost is a hostname …//

    ssh -i sshkey.private bandit14@localhost


    Level 15

    Find current lvl (14) pass:

    Cd /etc/bandit_pass

    Cat bandit14

    Pass: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

    Connect to port 3000 on localhost:

    echo "4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e" | nc localhost 30000

    Pass: BfMYroe26WYalil77FoDi9qh59eK5xNr

    Level 16

    openssl s_client -connect localhost:30001

    BfMYroe26WYalil77FoDi9qh59eK5xNr

    pass: cluFn7wTiGryunymYOu4RcffSxQluehd

    Level 17

    bandit16@bandit.labs.overthewire.org -p 2220

    Find which ports have a server listening to them: nmap -p31000-32000 localhost

    openssl s_client -connect localhost:31790  coba satu-satu port yang ada di list

    dapet rsa priv key  simpen:

    mkdir /tmp/trybandit17

    cd /tmp/trybandit17

    touch private.key

    vim private.key  i  copas RSA  esc :wq

    chmod 400 private.key

    Level 18

    bandit17@bandit.labs.overthewire.org -p 2220
    ssh -i private.key bandit17@localhost

    diff passwords.new passwords.old

    result:

    < kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

    ---

    > w0Yfolrc5bwjS4qw5mq1nnQi6mF03bii

    Pass: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

    Level 19

    bandit18@bandit.labs.overthewire.org -p 2220

    Can’t login using bash shell

     use another shell, cat /etc/shell


     use sh shell

    pass: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

    Level 20

    bandit19@bandit.labs.overthewire.org -p 2220

    ./bandit20-do cat /etc/bandit_pass/bandit20

    Pass: GbKksEFF4yrVs6il55v6gwY5aVje5f0j

    You might also like