Bandit Bash - devinziegler/Devin-Tech-Journal GitHub Wiki
Notes for bandit bash:
Command used for printing a file to screen:
cat <file>
What to do with a - named file:
cat ./-
The reason we use the ./ is to tell the computer to look in the current directory This will print the contents of - to the screen
What to do with spaces in the file name:
cat "name with spaces"
The use of quotation marks allows the system to understand that the selected file is one single file instead of multiple files.
Looking for hidden files:
ls -a
This command will show hidden files in a directory. The -a flag stands for all, not just visible.
Locating a human readable file in a directory populated with files:
file ./-file*
List file type of all files
Find a file by size in a tree of directories:
find -readable -size 1033c
Search the whole operating system for a file with known creds.
find / -type f -user bandit7 -group bandit6 -size 33c 2> /dev/null
/ means search whole operating system, type file, user bla bla 2> /dev/null sends all permission denied entry's to fucking mars.
Seach a text document for an entry:
cat <file.txt> | grep <pattern>
concatenate the file, we will use a pipe to allow us to grep for the pattern, in this case it was millionth.
Fine a line in a text file that only occurs once:
cat <file.txt> | sort | uniq -u
Concatenate the file, pipe to sort which sorts the contents by alphabetical order, finally, pipe to uniq -u which displays only the un-repeated line.
Find the password:
strings data.txt | grep =
The strings command will go through a file and display strings. I then pipe this into a grep with the patter = because we are given a hint that the password will be lead with equal signs.
decode a base64 string:
cat <file.txt> | base64 --decode
Concatenate the file, pipe to base64 command with decode flag.
Decode rot 13 string:
cat <file.txt> | tr '[a-z]' '[n-za-m]' | tr '[A-Z]' '[n-za-m]'
Concatenate the file, pipe to tr command. Display lowercase letter n-z and a-m. Pipe this to another tr command and do the same thing with capital letters.
Revert to text:
xxd -r <file_to_revert> <new_file>
-r flag specifies revert
gzip file:
rename with gz extension:
mv <filename> <filename>.gz
bzip2 file:
rename with bz2 extension:
mv <filename> <filename>.bz2
Uncompressing with gzip and bzip2:
gzip -d <filename.gz>
bzip2 -d <filename.bz2>
The -d flag forces decompression.
ssh using private key:
ssh -i <private_key_file> -p 2220 [email protected]
-i specifies that I am using a private key and uses the file sshkey.private as the parameter.
Using Ncat for information transfer
- Password is stored in
/etc/bandit_pass/bandit14
nc <ip_address> <port>
Use nc to establish the connection to the port 30000, the type the password.
Open a secure ssl connection with localhost on port 30001:
openssl s_client -connect localhost:30001
s_client allows me to act like a ssl client, -connect specifies that I will be connecting to my localhost on port 30001
scan ports for services:
nmap -p 31000-32000 -sV localhost
nmap scan with port range and service detection.
Send password to port:
openssl s_client -connect localhost:<ssl_port>
Save this key to desktop
compare a differences between text files:
diff <file1> <file2>
this will do a normal diff output Copy password for later
scp transfer from remote to local:
scp -P 2220 [email protected]:/home/bandit18/readme <directory_to_copy_to>
use level 18 password for this.
Use the script to execute:
./<script> cat /etc/bandit_pass/bandit20
./ Means we will be executing the I just cat the file using the file path.
Create an ncat listiner on a specified port and send current password:
echo <current_password> | nc -l <port>
connect to the port using the script
./<script_name> <port_to_connect_to>