Skip to main content

Posts

Showing posts from July, 2020

OverTheWire Bandit: Level 25-33

Please Ctrl+F to find your desired Level. Levels Levels 0-14 Levels 14-25 Levels 25-33 Level 25 -> Level 26 Level Goal Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not / bin/bash, but something else. Find out what it is, how it works and how to break out of it. bandit25@bandit:~$ ls bandit26.sshkey bandit25@bandit:~$ ssh bandit26@localhost -i bandit26.sshkey Enjoy your stay! _ _ _ _ ___ __ | | | (_) | |__ \ / / | |__ __ _ _ __ __| |_| |_ ) / /_ | '_ \ / _` | '_ \ / _` | | __| / / '_ \ | |_) | (_| | | | | (_| | | |_ / /| (_) | |_.__/ \__,_|_| |_|\__,_|_|\__|____\___/ Connection to localhost closed. bandit25@bandit:~$ cat /etc/passwd | grep bandit26 bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext bandit25@bandit:~$ cat /usr/bin/showtext #!/bin/sh export TERM=linux more ~/text.txt exit 0 Now try and connect with the ssh but press V to bring up vi You can do this by making size of terminal very small, so t

OverTheWire Bandit: Level 14-25

Please Ctrl+F to find your desired level. Levels Levels 0-14 Levels 14-25 Levels 25-33 Level 14 -> Level 15 Level Goal 11/31 The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost. bandit14@bandit:~$ cat /etc/bandit_pass/bandit14 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e This is the current level password. Now, to find the password of the next level. bandit14@bandit:~$ telnet localhost 30000 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e Correct! BfMYroe26WYalil77FoDi9qh59eK5xNr Connection closed by foreign host. The password for the next level is BfMYroe26WYalil77FoDi9qh59eK5xNr We can ssh bandit15@localhost Level 15 -> Level 16 Level Goal The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption. Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and r

OverTheWire Bandit: Level 0-14

Bandit Levels Levels 0-14 Levels 14-25 Levels 25-33 Please use Ctrl+F to find your desired Level. Level 0 Bandit Level 0 Level Goal The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1. Commands you may need to solve this level 2/31 ssh kali@kali:~$ ssh bandit0@172.9.9.176 -p 2220 password: bandit0 Level 0 -> Level 1 Level Goal The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game. Commands you may need to solve this level ls, cd, cat, file, du, find Password for next level: boJ9jbbUNNfktd78OOpsqOltutMc3MY1 Level 1 -> Level 2 Level Goal The password for the next le

Practical Ethical Hacking on Udemy, Course Review and Thoughts

During my preparation for the CEH, I used one resource that was very useful, Practical Ethical Hacking by Heath Adams on Udemy . This was such a good course. While studying for the CEH, I watched only the first few modules which covered the basics which I needed. Watching how the tools worked and how people use it was very useful in learning the methodology and the workings of the tool. After I passed the CEH, I decided to complete the Practical Ethical Hacking course because I really enjoyed it and learnt a lot while doing it. So I continued doing it and it is one of the best resources I have used to learn. The course covers the following: Networking Linux Python Information Gathering Reconnaissance Scanning & Enumeration Exploitation Post Exploitation Web App Penetration Wireless Penetration Exploit Development(Buffer Overflows) Active Directory There was a small refresher on Networking, I didn't have a problem with that as I already knew everything from studying for the CCNA