Skip to main content

Bandit Wargame – Documentation



Basically wargames are providing the basic knowledge on the security concepts. It is a game that contain many tricks to break the borders to gain the access especially passwords (commands are mostly on the Linux CLI). You can find many wargames through the Internet and they are very interest and fun full too. “Bandit” is also a wargame which is for the beginners. You all can access that through the link given bellow. And this article is an document for this game. I have used Ubuntu as the operating system.

Bandit – Clickhere.

Level 0:

Case study → Clickhere

Here we have need to connect the host through the SSH (secure socket shell) server. The informations are provided as follows.

Host name: bandit.labs.overthewire.org

Port No: 2220

User name: bandit0

Password: bandti0

There are many ways to connect through the SSH server.



Method 1:

Download and run the “PuTTY SSH client”. (https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe)






Method 2:

By using terminal (ctrl+alt+T). [ssh bandit.labs.overthewire.org -p 2220 -l bandit0]

-p → for the port no

-l → for the user name 



Note:

1.When typing the password in terminal that will not be appear. Just type it and press enter.

2. This documentation is using the “Method 2” which is mentioned above


Level 0-1:

Case study → Clickhere.

1. Make sure that we are in the home directory. [pwd]

2. List the files inside that directory. [ls]

3. Read the file “readme”. [cat readme]


Level 1-2:


Case study → Clickhere.

Username : bandit1

Password: boJ9jbbUNNfktd78OOpsqOltutMc3MY1

1. Make sure that we are in the home directory. [pwd]

2. List the files/directories inside that location. [ls]

3. Read the file “-”.

Here [cat -] will not work, because the “-”filename can not be read directly by the [cat] command. Therefore we have need to say the shell to execute this file, that can be done in 2 ways.

[cat ./-] → [./] execute the file in the present directory

[cat /home/bandit1/-] → giving the absolute path for the file to execute




Level 2-3:


Case study → Clickhere.

Username: bandit2

Password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

1. Make sure that we are in the home directory. [pwd]

2. List the files/directories inside that location. [ls]

3. Read the file “spaces in this filename”.

Here if we type the file name after [cat] command as like this [cat spaces in this filename], we will get some errors because of it space characters.




To avoid that

[cat spaces\ in\ this\ filename] → [\] this is considered as escape sequence. Don’t consider the inbetween space

[cat “spaces in this filename”] → by providing the name as a one string by using quotations

Level 3-4:


Username: bandit3

Password: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

1. List the files/directories inside that location. [ls]

2. List the hidden files inside the “inhere” directory. [ls -al inhere/]

-a → show hidden files

-l → list the files and directories inside the given path with permissions + links + owner + groups + size + time + name

3. Read the hidden file. [cat inhere/.hidden]


Level 4-5:


Username: bandit4

Password: pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Here we can find the solution by 2 methods.


Method 1:

By opening and see the content in the file name.

1. List the files/directories inside that location. [ls]

2. Move inside the “inhere” directory. [cd inhere/]

3. List the files/directories inside that location. [ls]

4. Read each file contents. [cat ./-file00]

It will take long step to encounter this stage, because there are 10 files needs to read.




Method 2:

By using [xarg] we can find the correct file and open that file.

1. List the files/directories inside that location. [ls]

2. Move inside the “inhere” directory. [cd inhere/]

3. List the files/directories inside that location. [ls]

4. Find the file which is contain human readable text (ASCII).

[find ./ |xargs file| grep text] or [find /home/bandit4/inhere/ |xargs file| grep text]

[xargs] → helps to execute find function for many files

[grep] → pick the file which is contain text characters.

[|] → redirects the output of the first as the input of the second.


Level 5-6:
Case study → Click here. (http://overthewire.org/wargames/bandit/bandit6.html)
Username: bandit5
Password: koReBOKuIDDepwhWk7jZC0RTdopnAYKh

1. Move inside the “inhere” directory. [cd inhere/]
2. List the files/directories + sub-folders + hidden files inside that location. [ls -alR]
-R → display the sub folders and files
pic_12.png

Here the file is want to be a human readable, size 1033 bytes and it can’t be executable. We can checks these conditions in many ways.

Method 1:
By using [ls] we can find the filename
[ls -alR | grep -b 1033] – check the file which is matching to the size of 1033.
-b → byte offset
Here we cannot see the parent directory of the file but when looking the access permission we can make sure that file is executable or not.

[ls -alR | grep -B10 1033] – it will print the matching file with some file which are inside the same directory
-B → there should be a number value after this. [-B10 1033] – print 10 lines contain this matching byte size 1033.
pic_13.png

Method 2:
By using the [find] command
[find /home/bandit5 -size 1033c -readable -type f] – it will display the file name with absolute path for the matching files
pic_14.png
[-size 1033c] → file size is 1033 byte . Type [man find] and you can be able to see the attributes that can be use for the find commands.
Pic_15.png

To read the file we can use [cat] command.

Level 6-7:
Case study → Click here. (http://overthewire.org/wargames/bandit/bandit7.html
Username: bandit6
Password: DXjZPULLxYr17uwoI01bNLQbtFemEgo7
©IT Today

Comments

Post a Comment

Popular posts from this blog

What is Google Hacking?

As an ethical hacker we have need to follow some general steps to be a good ethical hacker. Such that steps/stages can be listed as follows. But these steps are not a defined one. We can change them according to our needs. 1    . Reconnaissance – Gathering the information which are having the security vulnerability. 2   . Scanning - Examine/explore a target machine/network for the vulnerability that can be make use to go inside. 3    .Gaining Access – After scanning process make use of the vulnerability and attempt to move inside to the system to exploit. 4    . Maintaining Access – After moved into the machine/network hacker needs to make some backdoor to gain the access again. 5    . Clearing Tracks (unethical) – Clearing the traces of all the activities what they done in their hacking process. 6    . Reporting – End of the ethical hacking process in order to make some notes on the findings, things done in the hacking...
Post a Comment
Read more

Introduction to OAuth

What is OAuth? OAuth is a protocol that allows distinct parties to share information and resources in a secure and reliable manner. OAuth needs to consider the 2 concept to provide the informations in secure and reliable manner. They are authentication and authorization. Authentication -> Validating the person/system who need the information Authorization -> After authentication what action can be performed by the person/system. By maintaining this 2 concept OAuth is providing federated identity and delegated identity. Federated identity -> User can use his/her one application account to login another application. [Example: If a user having Facebook account then he can login Instagram with the same login as Facebook] Delegated identity -> One service can access another service resources. [Example: When creating a Facebook account with eMail address that will suggest the contacts in the eMail to add as friends] Without OAuth With OAuth User ...
Post a Comment
Read more

1st Program in Maven @ Ubuntu

Maven What is Maven? It is a Build tool – building a code in a development environment Project management tool – it helps to generate reports, helps in the dependency management, etc. Maven as a Build tool. Why we are using Maven? To reduce the common problems and activities which are needed, when we are developing applications. 1. Multiple jars – Program may contain one/many frameworks and frameworks are need to include it all the required “jar”. “jar” are need to available in compile time, need to bundle them in the distribution. (We can miss something/ we don’t know what is jar?) 2. Dependencies and versions – a jar can depend on another jar, so we have need to make sure that all my dependencies are closed and make sure that I have supplied all the dependencies. Dependencies could differ bases on the versions. 3. Project structure – Proper structure for the application. (E.g. Directories, libraries , etc.) 4. Building, publis...
Post a Comment
Read more