logo

Practical Computing Advice and Tutorials

Sun: 26 May 2019


Site Content

Programming
&
Development


Technical Knowhow


Command Line Interface


Security

OverTheWire | Bandit

Bandit – Levels 10 to 19

Level 10 → Level 11

To get the key for the next level, you'll need to decode the data.txt. The OTW website tells us that it's base64 encoded data and a quick look at the man base64 pages shows us the way to go.

Level 11 → Level 12

The data.txt file contains the key for the next level, but it's been encrypted with a simple letter substitution cipher called Rot13 (A.K.A: ROT-13). Although you can't run the rot13 command on the OTW server, you can run it on your own Linux box or you can use the on-line Encryptor & Decryptor at decode.org or, simply use pen and paper.

Level 12 → Level 13

We know, from the OTW website, that the data.txt file is a hexdump of a file that has been repeatedly compressed and that the key is in there. We need to reverse all of the operations in order to retrieve the key for the next level. There are a couple of ways we can go.

One way would be to do as OTW suggests and use mkdir to create a directory in /tmp, then copy the data.txt file to there, from where we can get to work on it.

Another way would be to simply output the data.txt file to our terminal screen using more, then do a screen scrape of the output, save it to a local file and work on it from there.

Either way, we'll need to get the original hexdump data back, before we can use the decompression tools to get at the actual data files. So, the only real advantage of creating a local file, is that we'll have some control over the tools that we can use for the decompression.

To keep within the spirit of the game, it would be better to do the work using the OTW server. You'll be using some of the commands that have gone before (you did take notes, right?) as well as a selection of decompression tools.

Level 13 → Level 14

Take note of what the OTW website is saying about where the password is stored, for the next level: The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. So, we can only read that file once we're logged into the bandit14 account. To login without the password, we're going to have to grab the sshkey.private file and figure out how to use it. A read of the man ssh pages shows us the way to go.

Level 14 → Level 15

Now that we're here, we can go right ahead and grab the key (password) from the /etc/bandit_pass/bandit14 file and use it to retrieve the key for the next level. The OTW website tells us to submit that key to port 30000 on localhost.

Level 15 → Level 16

As always, the OTW website tells us what we must do and a quick look at the help page (openssl s_client -h) shows us that we need to use the -connect option.

I'm not too sure what the Helpful note: that's posted on the OTW website, is about. Maybe someone could leave a comment on my Forum, to explain.

Level 16 → Level 17

This level requires a some recon work to find out which ports are open to connections. I used my old favourite, Netcat (nc), but you may want to try a different approach.

Level 17 → Level 18

This one is a simple task of finding the difference between the passwords.old file and the passwords.new file.

Level 18 → Level 19

This is a tricky one: when you login, the connection immediately terminates, but we know, from the OTW website, that the key for the next level is in a readme file, so how do we get at that?

I'll admit, I had no clue about how this could be done, but I have found out: There is an option, a switch, that can be used with the ssh command that will force pseudo-terminal allocation, on the host machine. The upshot of that is, using this switch means that you can then tag a command, any command, onto the end of the ssh command, which will then be executed before the connection is terminated. Bingo!

That's it for now, but I'll be covering the next 10 levels just as soon as I have time. Please consider leaving some Feedback as it'll keep me motivated to know that others find this of interest.
Thanks for reading.