SSH
The login details were provided:
Login: Bandit0
Password: Bandit0
Bandit Level 0
Question:
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
Answer
I used the ( ls -al ) command which it shows everything in the directory.
Then it shows me that there is a text file called readme. After that I used the command ( cat ) which reads and prints the text out in the terminal to show you what is in the file.
Bandit Level 1
Question:
The password for the next level is stored in a file called – located in the home directory
Answer:
The answer was located in the home directory as stated by the question.
All I did was access the home directory and listed everything that is in that folder and I found the file that I was looking for, so I used the command ( cat ./-) to gain access to the file. The reason for the way I accessed the file was because a ( – ) by itself is an argument or option for the command in this case it was a file so I needed to make a normal file. The two ways we can do it is be putting ( ~/ ) before it or the one I used in this case ( ./ ) so it let me access it with with cat.
Bandit Level 2
Question:
The password for the next level is stored in a file called spaces in this filename located in the home directory
Answer
All i did was list what was in the directory and then used the ( cat) command to read what was in the file.
Bandit Level 3
Question:
The password for the next level is stored in a hidden file in the inhere directory.
Answer
I gained access then typed ( ls -al) which lists all files in the directory and then I found the ( inhere ) directory and the did the same thing in listing all the files by running the command ( ls -al ), then I found the hidden file and printed what was in it to the terminal by using the command ( cat ).
Bandit Level 4
Question:
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
Answer
Here as you can see I needed to find the only human-readable file among the many files.
So what I did, was I went into the ( inhere ) directory and typed the command ( file ./* )
which means that it looks for files in this current directory and lists the types of files that they are and the data within each of the files.
Bandit Level 5
Question:
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
- human-readable
- 1033 bytes in size
- not executable
Answer:
Used the find command to solve this one:
- find /home/bandit5/inhere/ – This shows the path of where I am looking
- -type f – Shows I am looking for a file in the directory
- – readable – Shows only the human-readable directories
- ! executable – No executable files shown.
- -size – Size of file in human readable form
- -cat – Outputs the result in text
Bandit Level 6
Question:
The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
Answer
find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null
- Find , this is standard syntax needed to Find something.
- -type f, this is because we are looking for a file.
- -user bandit7, to find files owned by the ‘bandit7‘ user
- -group bandit6, to find files owned by the ‘bandit6‘ group
- -size 33c, to find files of size 33 bytes
There isn’t any other files on the system so we need to access the root directory. I need to search the whole system by running the command ( find / -type f -user bandit 7 -group bandit6 -size 33c) will however, also print a Permission denied error files that we do not have permissions for the file. We can append 2>/dev/null, which will hide all error messages.
Was able to get the password and read the next password.
Bandit Level 6
Question:
The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
Answer
I used the find command to look in the directory for a file and the used the user which is bandit 7 and the group which is bandit6 where the user can access the group because the they have permissions. Used the command 33c which is the size of the file and it is just telling the size is 33 and human-readable and then you have the command at the end that sends the errors to a black hole if you want to put it in that sense. 2> means that anything that is the result of the previous commands should be sent to the this directory path.
Bandit Level 7
Question:
The password for the next level is stored in the file data.txt next to the word millionth
Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
Answer:
In the question we have been given the the file name as well as where the password is situated in this case next to the
(millionth) word.
I started off by using the find command but then I realized it didn’t work as it didn’t print anything out so I thought let me use the sort command instead. so in the sort command I told it to sort the data in the data.txt file and then grep the word millionth so it prints everything associated with the word millionth.
The other method I used was a simple grep command because grep finds words in text or a data pattern etc. I used less commands and still received the exact same result. All the command does is search for the word millionth and printed everything related to it as well as the password.
How to use grep:
- –grep, (word looking for) (file name) ( only works on text files)
- – sort data.txt, This sorts the data inside the txt file.
- | uniq -c, uniq on its own only prints out one of each line when there are several lines the same one after another.
with a -c, it prints out the line, and the number of times that line occurred in a row.
so if you put:- the same thing
- the same thing
- the same thing
- the same thing
- the same thing
- something different
-Through “uniq” it would print out just:
-the same thing
-something different
If you add “-c”: (uniq -c)
You would get:
5 the same thing
1 something different
- | grep 1, Looks for the number among all the data in the file.
- | grep -v 10, This ignores all the numbers that are 10 because the “-v” means does not match/exclude.
Bandit Level 8
Level Goal
Question:
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
Answer:
I am going to explain below each command and what they are doing from the syntax which is the answer: (sort data.txt | uniq -c | grep 1 | grep -v 10)
- sort data.txt |
This is the result of the above command without the pipe as the pipe is only going to work correctly
with the full command.
What is being printed out is just everything in the folder from the top down.
- sort data.txt | uniq -c |
What is being printed out is lines of data but in this case the data has been sorted now and it tells you how many times a specific line has been repeated and printed to the left. which is 10 for some but we could already have the answer because in the question it says a line that occurs only once and I am able to see the line that is repeated only once.
The command uniq means that it will list all the unique lines in that file.
The command -c counts all of the lines and displays how many times the are repeated.
Stands out pretty well.
- sort data.txt | uniq -c | grep 1 |
This specifically looks for all the number 1’s in the data and highlights them.
See how every single 1 is highlighted red.
- sort data.txt | uniq -c | grep 1 | grep -v 10
- The grep -v 10 searches for the data that has been sorted but does not appear 10 times.
- -v means to select a none matching line .
- 10 is just the number to exclude.
Bandit Level 9
Level Goal
Question:
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
Strings
strings data.txt | grep =
- strings data.txt , Finds all the strings in the file but in this case strings in the file data.txt
- | grep = , Finds the = in the result of the before command which is (strings data.txt) so what the pipe will do is find all the = in the strings that are in the data.txt file.
- String can be a sequence of characters. It can be a word, a sentence, a series or numbers or any other combination of characters.
Answer
The ASCII values of the characters P, y, t, h, o, n are 15, 50, 45, 33, 40, 39 respectively. We can represent these ASCII values in 8-bit binary as follows:
Bandit Level 10
Question:
The password for the next level is stored in the file data.txt, which contains base64 encoded data
Base64:
Base64 command with the -d option followed by the Base64 encoded string you want to decode.
Answer:
Decoding base 64:
Use the Base64 command with the -W 0 option (optional, sets the line width to 0, which means no line breaks in the output) and provide the data you want to encode.
Bandit Level 11
Level Goal
Question:
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
Tr command is used in translating, deleting, or squeezing characters in a text stream. It allows you to perform a simple character -level manipulations on input data.
Key functions of ‘tr’ command:
Translate Characters:
Replace specific specific characters in the input text with other characters. E.g. Can change, (a-x or e-z)
Delete Characters:
Can also be used to remove specific characters from the input.You can delete all occurrences of a particular letter or any set of character that you specify.
Squeeze Repeated Characters:
The tr command can squeeze multiple consecutive occurrence of a character into a single occurrence. E.g if you have multiple spaces in a row, you can squeeze them into one space.
The tr command reads the input text from the standard input and writes the transformed results to the standard output.
- tr ‘A-Za-z’ : Makes sure the set of characters to be translate, which includes all uppercase and lowercase letters of the English alphabet.
- ‘N-ZA-Mn-za-m’ : Specifies the set of replacement characters . The uppercase letters are rotated by 13 positions, so A becomes N,B becomes O, C becomes P, and so on. The same applies to lowercase letters.
Answer
Example:
SET1 : This set of characters is the ones you want to translate from.
SET2: The set of characters you want translate to. If there is no SET2 the tr will start to deleting things based on SET1.
- E.g. echo hello | tr el 12
- translates the hello to h12lo