Over the Wire - Bandit Wargame Solutions Level 1-6

Wargame in hacking is a security challenge in which one must exploit a vulnerability in a system or application or gain access to a computer system. These wargames are intended to increase your knowledge about security measures and counter measures.

One of the most famous wargaming site is called overthewire.org. In this site "Bandit" is the recommended game to start if you are new to site. In this game, password for the next level is hidden in the previous level. You goal is to find that hidden password.

You should already be familiar with basic Linux commands before attempting this wargame. It doesn't matter you don't know much more on Linux, by doing this wargame you can gain fair knowledge on Linux commands. And most importantly you have to use a bit of your own intuition to figure out how to make it from one level to the next.



If you are using Linux/Unix platform;

  • Open a Terminal.
  • type ssh levelNumber@bandit.labs.overthewire.org -p 2220 and then type the password you have found                                                       Eg: bandit0@bandit.labs.overthewire.org -p 2220
  • Once you have found the password for the next level use 'exit' command to disconnect connection to server.
  • Reconnect to the server to go the next level.



If you are using Windows;



  • Click Open.
  • Once terminal is opened type username and password.
  • After you have found the password for the next level restart the Putty and go the next level.


I'm using Putty to play the game. I digress, use my posted solutions to learn and understand the levels or compare with your own solutions. Enjoy!

Level 0:

Type username as 'bandit0' and password as 'bandit0'.
Then find the password for the next level by typing below commands.

bandit0@bandit:~$ ls
readme
bandit0@bandit:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1       <- Password for next level         
bandit0@bandit:~$

New things we learn from this level:
  • ls - lists current directory contents of files and directories.
  • cat - display the content of text files (and to combine several files to one file).


Level 0 -> Level 1
Type username as 'bandit1' and password as 'boJ9jbbUNNfktd78OOpsqOltutMc3MY1'.
Then find the password for the next level.

bandit1@bandit:~$ ls
-
bandit1@bandit:~$ cat < -
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit1@bandit:~$

New things we learn from this level:
  • How to read files with dashed filename? use redirection operator to get input from stdin.
References: 



Level 1 -> Level 2

 bandit2@bandit:~$ ls
spaces in this filename
bandit2@bandit:~$ cat "spaces in this filename"
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit2@bandit:~$

New things we learn from this level:
  • How to read file which has spaces in the file name? type the file name inside double quotations mark.


Level 2 -> Level 3

 bandit3@bandit:~$ ls
inhere
bandit3@bandit:~$ cd inhere
bandit3@bandit:~/inhere$ ls -al
total 12
drwxr-xr-x 2 root    root    4096 Jun 15 11:41 .
drwxr-xr-x 4 bandit3 bandit3 4096 Jul 25 12:12 ..
-rw-r----- 1 bandit4 bandit3   33 Jun 15 11:41 .hidden
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit3@bandit:~/inhere$

New things we learn from this level:
  • Files name starts with dot(.) are the hidden files.
  • cd - to change the directory/folder (to go inside a directory)
  • ls -al - list files and directories in long format including hidden files
  • How to view hidden file content? use dot(.) in front of the file name 


Level 3 -> Level 4

bandit4@bandit:~$ ls
inhere
bandit4@bandit:~$ cd inhere
bandit4@bandit:~/inhere$ ls -al
total 48
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file00
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file01
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file02
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file03
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file04
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file05
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file06
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file07
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file08
-rw-r----- 1 bandit5 bandit4   33 Jun 15 11:41 -file09
drwxr-xr-x 2 root    root    4096 Jun 15 11:41 .
drwxr-xr-x 4 bandit4 bandit4 4096 Jul 25 12:52 ..
bandit4@bandit:~/inhere$ file ./-*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@bandit:~/inhere$ cat < -file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
bandit4@bandit:~/inhere$

New things we learn from this level:
  • file - determines the file type of a file. It reports the file type in human readable format (e.g. ‘ASCII text’)
  • use of * - list any file starting with '-'
Level 4 -> Level 5

 bandit5@bandit:~/inhere$ ls -al
total 88
drwxr-x--- 22 root    bandit5 4096 Jun 15 11:41 .
drwxr-xr-x  4 bandit5 bandit5 4096 Jul 25 12:32 ..
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere00
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere01
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere02
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere03
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere04
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere05
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere06
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere07
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere08
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere09
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere10
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere11
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere12
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere13
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere14
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere15
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere16
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere17
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere18
drwxr-x---  2 root    bandit5 4096 Jun 15 11:41 maybehere19
bandit5@bandit:~/inhere$ find ./ -size 1033c
./maybehere07/.file2
bandit5@bandit:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

New things we learn from this level:
  • find - use to search for files  Syntax: find location comparison-criteria search-term
References: 




Comments

Post a Comment

Popular posts from this blog

Introduction to Encryption

Image
What is Encryption? Encryption is like sending secret messages between parties; if someone tries to pry without the proper keys, they won't be able to understand the message. In other words, it is the process of locking up information using cryptography (Cryptography is both the practice and the study of hiding information.) Definition:  ‘ The Process of converting plain text into cipher text, something that appears to be random and meaningless ’ is called as the encryption. Process of converting cipher text back into original text is called as decryption . Terminology Original message is called as plain text/clear text.   Encrypted message is called as cipher text/encrypted text.  A Key which is a secret like a password which is used to encrypt and decrypt information.  Ciphers are the specific algorithms which are used to encrypt and decrypt data. A cipher is series of well-defined steps that can be followed as a procedure to encrypt and decrypt m
Read more

Cross-Site Request Forgery protection in web applications via Double Submit Cookies Patterns

Image
Double submission of cookies is another well-known method to block CSRF. Similar to using unique tokens, random tokens are assigned to both a cookie and a request parameter. In double-submitted cookie pattern, two cookies (for the session and for the CSRF token) are stored in the browser. This pattern is also called as Stateless CSRF Defense since the server site does not have to save this value in any way, thus avoiding server side state. In our previous method, we stored CSRF token values on the server side (text file). But here we don't do it. When a user authenticates to a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user's machine separate from the session id. The site then requires that every transaction request include this random value as a hidden form value (or other request parameter). A cross origin attacker cannot read any data sent from the server or modify cookie values, per the same-origin
Read more

How to do a Phishing attack on Facebook?

Image
This is a Step by step tutorial to make an undetectable Facebook phishing site. Step 1: Download page source Go to https://www.facebook.com Right click on the blank area -> Click Save As When dialog box appears select ‘Webpage, complete’ as Save as type -> Click Save Step 2: Edit “Facebook - Log In or Sign Up.html” file and rename it. Open ‘Facebook - Log In or Sign Up.html’ file with notepad or Dreamweaver. Remove all the ajax codes. (You can download HTML file which removed all ajax codes form here https://github.com/nimeshikaranasinghe/Facebook-Phisihing.git   ) Search for login action (Press Ctrl + F -> type ‘ action= ’ -> Click Find Next) Replace the highlighted part (as in the following screenshot) with getDetails.php Save the file as index.html Step 3: Create getDetails.php Open a notepad. Type the following code <?php             $username = $_POS
Read more