Find solution for Bandit war-game as a beginner level 0 - level 11

-



Image result for bandit

This blogpost contains the solutions of how I solved the challenges of the OverTheWire Bandit category. The purpose of this wargame is to solve the current level’s problem to find the password for the next level. I had used the basic shell commands in this.  cd, cat, file, du, find,grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd like that.


level 0 :

 Using putty give level 0 password as bandit0














and using hint found the level 1 password

bandit0 ->ls -> cat readme -> exit
level1 pw is :boJ9jbbUNNfktd78OOpsqOltutMc3MY1

level 1:

Using level 1 password loging to level 1













Using hints found level 2 password

bandit 1 -> ls -> cat ./-  -> exit
level2 pw is :CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

level 2:

Login to level 2 and go through the given hints.














Using hint can found a file ,the file call spaces in this filename. In that file there is level 3 password.

bandit2 -> ls  ->  cat "spaces in this filename" -> exit
level3 pw is :UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

level 3:

Login level 3 and going through the given hints. Using hint can found a hidden file. Using cat operator open the file and found level 4 password.

  












bandit3  ->  ls  -> cd inhere ->  ls -la  ->  cat .hidden
level4 pw is :UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

level 4:

login level 4 and We are told the password is somewhere in the inhere directory and is the only human readable file in the directory. Let’s see what file types we have.





















bandit4 -> ls -> cd inhere -> ls -la -> file ./* -> cat ./-file07
level5 pw is :koReBOKuIDDepwhWk7jZC0RTdopnAYKh


level 5:


login in to level5 and go through in the hints. this also similar to previous one.
















bandit5  -> ls -> cd inhere -> ls -la -> find ./-size 1033 ->cat ./maybehere07/.file2 -> exit
level6 pw is :DXjZPULLxYr17uwoI01bNLQbtFemEgo7


level 6:

login to the level 6 and searching level 7 password the file size is 33 byte, that file is in anywhere .

 












bandit6 -> first go ti the root using (find / -size 33c) 
            -> and find group and other (find / -size 33c -user bandit7 -group bandit6) 
             and after re direct the unusable files (2</dev/null) 
             we could found the correct fiele and open the file (cat /var/lib/dpkg/info/bandit7.password
            ) and got the password

level7 pw is :HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs


level 7:

login in to the level7 next level password stored in data.txt file next word is millionth therefore we should filter that word using grep operator.














bandit7  -> ls -> cat data.txt |grep millionth
level 8 pw is :cvX2JJa4CFALtqS87jk27qwqGhBM9plV


level 8 :


login in to level 8 and it also next level password stored in data.txt file but it is unique therefore we use uniq keyword.

bandit7 ->  cat data.txt | sort | uniq -u
level9 pw is :UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR


level 9 :

lpgin in to level 9 and it also next level password stored in data.txt file but it is start from "=" it can read for few people.





















bandit9 -> ld -> data.txt -> strings data.txt | grep '='
level10 pw is : truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk


level 10 :

login in to level10 and it also has data.txt file but it contains base64 encoded data.
















bandit10  -> ls ->data.txt -> base63 -d data.txt -> exit
level11 pw is :IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR


TO BE CONTINUED......

Comments

Post a Comment

Popular posts from this blog

How to hack windows 2000 using nessus.....

-
Image
What is nessus? Nessus  is a propriety vulnerability scanner developed by tenable network. It is free of charge for personal use in a non-enterprise environment. We use kali Os to hacking windows server, to testing vulnerabilities . ·          In Linux we have to search both Os are in the same network. And search the ip address of each systems.              ·          To windows :Open the terminal and type “ipconfig”                                     ·          To Linux : Open terminal and type      “ifconfig”                                   ·          Ten now we have both ip addresses. Using ping command can check the connection between        each        other.                                     Ex: ping 192.168.55.99 ·          Then both are connected we can start the nessus and can find the vulnerabilities. ·                                        Using “service ness
Read more

Crypt-analysis

-
Image
                                The goal of cryptanalysis is to find some weakness or insecurity in a cryptographic scheme, thus permitting its subversion or evasion.   It is a common misconception that every encryption method can be broken.   In connection with his WWII work at  Bell Labs proved that the  one-time pad  cipher is unbreakable, provided the key material is truly  random , never reused, kept secret from all possible attackers, and of equal or greater length than the message.    Most ciphers, apart from the one-time pad, can be broken with enough computational effort by  brute force attack , but the amount of effort needed may be  exponentially  dependent on the key size, as compared to the effort needed to make use of the cipher. In such cases, effective security could be achieved if it is proven that the effort required is beyond the ability of any adversary. This means it must be shown that no efficient method can be found to break the cipher.  
Read more

OpenID Connect Introduction

-
Image
What is OpenID Connect?? OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol, which allows clients to verify the identity of an end user based on the authentication performed by an authorization server or identity provider (IdP), as well as to obtain basic profile information about the end user in an interoperable and REST-like manner. OpenID Connect specifies a RESTful HTTP API, using JSON as a data format.  OpenID Connect is an increasingly common authentication protocol: when an app prompts you to authenticate using your Facebook or Google+ credentials, the app is probably using OpenID Connect. OpenID Connect allows a range of clients, including web-based, mobile, and JavaScript clients, to request and receive information about authenticating  sessions and end-users. OIDC main purpose is to authenticate user one login and allow access to multiple services which is also known a s SSO (Single Sign-On). OneLogin provides a custom connector optio
Read more