Bandit Niveles 0 a 6

OverTheWire. Bandit Niveles 0 - 6

Os presentamos en esta ocasión una fantástica plataforma para aprender sobre seguridad, herramientas y comandos del sistema así como otras habilidades de necesario conocimiento para todos aquellos que nos gusta la seguridad, el Hacking Ético y además aprender jugando.

En OverTheWire puedes encontrar diferentes Wargames con los que jugar, divertirte y aprender, os invitamos a visitar http://overthewire.org/wargames/ y jugar a los múltiples Wargames disponibles. Existe multitud de información, videos y soluciones de los diferentes Wargames y retos aunque siempre aconsejo intentar solucionarlos antes de acudir a obtener las soluciones.

En esta ocasión solo voy a publicar los "Write Ups" así que como he comentado anteriormente, primero trata de resolverlo y como última opción acude a ver una posible solución para resolverlo. Consulta manuales, información etc... para tratar de resolverlos. Vamos allá !!!

Antes de empezar os recomiendo un utilidad muy interesante para facilitar el login mediante ssh. La herramienta se llama sshpass. Para instalarla desde distribuciones linux :  sudo apt-get install sshpass.

Para realizar el login os recomiendo ir guardando las diferentes password en archivos ejem: bandit0, bandit1, etc... para poder lanzar luego el script de login.

Ejemplo de utilización: sshpass -p `cat bandit1` ssh bandit1@bandit.labs.overthewire.org -p 2220

Bandit Level 0

Level Goal

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Commands you may need to solve this level

ssh

Solución Nivel 0

usuario: bandit0

password: bandit0

ssh bandit0@bandit.labs.overthewire.org -p 2220

bandit0@bandit:~$ ls

readme

bandit0@bandit:~$ cat readme

boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Password Acceso Nivel 1 : boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Nota: En el directorio /etc/bandit_pass/ se almacenan las claves de acceso de los diferentes niveles. En alguna que otra ocasión es bueno saber que están disponibles aquí ya que se pueden necesitar para acceder a diferentes servicios.

Bandit Level 1 → Level 2

Level Goal

The password for the next level is stored in a file called - located in the home directory

Commands you may need to solve this level

ls, cd, cat, file, du, find

Helpful Reading Material

• Google Search for “dashed filename”
• Advanced Bash-scripting Guide - Chapter 3 - Special Characters

Solución Nivel 1

bandit1@bandit:~$ ls

-

bandit1@bandit:~$ cat -

hello

hello

hola

hola

^C

bandit1@bandit:~$ cat ./-

CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

bandit1@bandit:~$ 

Password Acceso Nivel 2: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Bandit Level 2 → Level 3

Level Goal

The password for the next level is stored in a file called spaces in this filename located in the home directory

Commands you may need to solve this level

ls, cd, cat, file, du, find

Helpful Reading Material

• Google Search for “spaces in filename”

Solución Nivel 2

bandit2@bandit:~$ ls

spaces in this filename

bandit2@bandit:~$ cat spaces

cat: spaces: No such file or directory

bandit2@bandit:~$ file spaces\ in\ this\ filename 

spaces in this filename: ASCII text

bandit2@bandit:~$  cat spaces\ in\ this\ filename 

UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Parece que hay códigos de escape que no vemos al realizar el ls.

También podemos realizar el cat de la siguiente forma:

bandit2@bandit:~$ cat "spaces in this filename" 

UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Password Acceso Nivel 3: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Bandit Level 3 → Level 4

Level Goal

The password for the next level is stored in a hidden file in the inhere directory.

Commands you may need to solve this level

ls, cd, cat, file, du, find

Solución Nivel 3

bandit3@bandit:~$ ls

inhere

bandit3@bandit:~$ cd inhere

bandit3@bandit:~/inhere$ ls

bandit3@bandit:~/inhere$ ls -la

total 12

drwxr-xr-x 2 root    root    4096 Oct 16 14:00 .

drwxr-xr-x 3 root    root    4096 Oct 16 14:00 ..

-rw-r----- 1 bandit4 bandit3   33 Oct 16 14:00 .hidden

bandit3@bandit:~/inhere$ cat hidden

cat: hidden: No such file or directory

bandit3@bandit:~/inhere$ cat .hidden

pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Password Acceso Nivel 4: pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Bandit Level 4 → Level 5

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Commands you may need to solve this level

ls, cd, cat, file, du, find

Solución Nivel 4

bandit4@bandit:~$ ls

inhere

bandit4@bandit:~$ cd inhere

bandit4@bandit:~/inhere$ ls

-file00  -file01  -file02  -file03  -file04  -file05  -file06  -file07  -file08  -file09

bandit4@bandit:~/inhere$ file ./*

./-file00: data

./-file01: data

./-file02: data

./-file03: data

./-file04: data

./-file05: data

./-file06: data

./-file07: ASCII text

./-file08: data

./-file09: data

bandit4@bandit:~/inhere$ cat -file07

cat: invalid option -- 'f'

Try 'cat --help' for more information.

bandit4@bandit:~/inhere$ cat ./-file07

koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Password Acceso Nivel 5: koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Bandit Level 5 → Level 6

Level Goal

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

• human-readable
• 1033 bytes in size
• not executable

Commands you may need to solve this level

ls, cd, cat, file, du, find

Solución Nivel 5

bandit5@bandit:~/inhere$ find \! -executable -size 1033c

./maybehere07/.file2

bandit5@bandit:~/inhere$ 

bandit5@bandit:~/inhere$ cat ./maybehere07/.file2

Password Acceso Nivel 6: DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Bandit Level 6 → Level 7

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

• owned by user bandit7
• owned by group bandit6
• 33 bytes in size

Commands you may need to solve this level

ls, cd, cat, file, du, find, grep

Solución Nivel 6

bandit6@bandit:/home$ ls

bandit0   bandit13  bandit18  bandit22  bandit27      bandit29-git  bandit31-git  bandit6

bandit1   bandit14  bandit19  bandit23  bandit27-git  bandit3       bandit32      bandit7

bandit10  bandit15  bandit2   bandit24  bandit28      bandit30      bandit33      bandit8

bandit11  bandit16  bandit20  bandit25  bandit28-git  bandit30-git  bandit4       bandit9

bandit12  bandit17  bandit21  bandit26  bandit29      bandit31      bandit5

bandit6@bandit:/home$ cd ..

bandit6@bandit:/$ ls

bin      dev   initrd.img      lib32   lost+found  opt         root  share  tmp  vmlinuz

boot     etc   initrd.img.old  lib64   media       proc        run   srv    usr  vmlinuz.old

cgroup2  home  lib             libx32  mnt         README.txt  sbin  sys    var

bandit6@bandit:/$ find -user bandit7 -group bandit6 -size 33c

find: ‘./run/lvm’: Permission denied

find: ‘./run/screen/S-bandit20’: Permission denied

find: ‘./run/screen/S-bandit2’: Permission denied

find: ‘./run/screen/S-bandit17’: Permission denied

find: ‘./run/screen/S-bandit15’: Permission denied

find: ‘./run/screen/S-bandit14’: Permission denied

find: ‘./run/screen/S-bandit9’: Permission denied

find: ‘./run/screen/S-bandit8’: Permission denied

find: ‘./run/screen/S-bandit31’: Permission denied

find: ‘./run/screen/S-bandit30’: Permission denied

find: ‘./run/screen/S-bandit21’: Permission denied

find: ‘./run/screen/S-bandit26’: Permission denied

find: ‘./run/screen/S-bandit3’: Permission denied

find: ‘./run/screen/S-bandit5’: Permission denied

find: ‘./run/screen/S-bandit25’: Permission denied

find: ‘./run/screen/S-bandit4’: Permission denied

find: ‘./run/screen/S-bandit1’: Permission denied

find: ‘./run/screen/S-bandit0’: Permission denied

find: ‘./run/screen/S-bandit13’: Permission denied

find: ‘./run/screen/S-bandit27’: Permission denied

find: ‘./run/screen/S-bandit22’: Permission denied

find: ‘./run/screen/S-bandit12’: Permission denied

find: ‘./run/screen/S-bandit23’: Permission denied

find: ‘./run/screen/S-bandit19’: Permission denied

find: ‘./run/screen/S-bandit16’: Permission denied

find: ‘./run/screen/S-bandit24’: Permission denied

find: ‘./run/shm’: Permission denied

find: ‘./run/lock/lvm’: Permission denied

find: ‘./var/spool/rsyslog’: Permission denied

find: ‘./var/spool/cron/crontabs’: Permission denied

find: ‘./var/log’: Permission denied

find: ‘./var/tmp’: Permission denied

find: ‘./var/cache/ldconfig’: Permission denied

find: ‘./var/cache/apt/archives/partial’: Permission denied

./var/lib/dpkg/info/bandit7.password

find: ‘./var/lib/apt/lists/partial’: Permission denied

find: ‘./var/lib/polkit-1’: Permission denied

find: ‘./cgroup2/csessions’: Permission denied

find: ‘./home/bandit28-git’: Permission denied

find: ‘./home/bandit30-git’: Permission denied

find: ‘./home/bandit31-git’: Permission denied

find: ‘./home/bandit5/inhere’: Permission denied

find: ‘./home/bandit27-git’: Permission denied

find: ‘./home/bandit29-git’: Permission denied

find: ‘./tmp’: Permission denied

find: ‘./lost+found’: Permission denied

find: ‘./root’: Permission denied

find: ‘./etc/ssl/private’: Permission denied

find: ‘./etc/lvm/backup’: Permission denied

find: ‘./etc/lvm/archive’: Permission denied

find: ‘./etc/polkit-1/localauthority’: Permission denied

find: ‘./sys/fs/pstore’: Permission denied

find: ‘./proc/tty/driver’: Permission denied

find: ‘./proc/4541/task/4541/fd/6’: No such file or directory

find: ‘./proc/4541/task/4541/fdinfo/6’: No such file or directory

find: ‘./proc/4541/fd/5’: No such file or directory

find: ‘./proc/4541/fdinfo/5’: No such file or directory

find: ‘./boot/lost+found’: Permission denied

bandit6@bandit:/$ cat ./var/lib/dpkg/info/bandit7.password

HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Password Acceso Nivel 7: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Acceder a Niveles 7 - 12