bandit : aadityagupta400

level 1 password.txt

@@ -0,0 +1,301 @@
+NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL - password level 1
+rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi - password level 2
+aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG - password level 3
+2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe - password level 4
+lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR - password level 5
+P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU - password level 6
+z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S - password level 7
+TESKZC0XvTetK0S9xNwm25STk5iWrBvP - password level 8
+EN632PlfYiZbn3PhVK3XOGSlNInNE00t - password level 9
+G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s - password level 10
+6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM - password level 11
+JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv - password level 12
+wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw - password level 13
+
+Gur cnffjbeq vf WIAOOSFzMjXXBC0KoSKBbJ8puQm5lIEi
+
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAxkkOE83W2cOT7IWhFc9aPaaQmQDdgzuXCv+ppZHa++buSkN+
+gg0tcr7Fw8NLGa5+Uzec2rEg0WmeevB13AIoYp0MZyETq46t+jk9puNwZwIt9XgB
+ZufGtZEwWbFWw/vVLNwOXBe4UWStGRWzgPpEeSv5Tb1VjLZIBdGphTIK22Amz6Zb
+ThMsiMnyJafEwJ/T8PQO3myS91vUHEuoOMAzoUID4kN0MEZ3+XahyK0HJVq68KsV
+ObefXG1vvA3GAJ29kxJaqvRfgYnqZryWN7w3CHjNU4c/2Jkp+n8L0SnxaNA+WYA7
+jiPyTF0is8uzMlYQ4l1Lzh/8/MpvhCQF8r22dwIDAQABAoIBAQC6dWBjhyEOzjeA
+J3j/RWmap9M5zfJ/wb2bfidNpwbB8rsJ4sZIDZQ7XuIh4LfygoAQSS+bBw3RXvzE
+pvJt3SmU8hIDuLsCjL1VnBY5pY7Bju8g8aR/3FyjyNAqx/TLfzlLYfOu7i9Jet67
+xAh0tONG/u8FB5I3LAI2Vp6OviwvdWeC4nOxCthldpuPKNLA8rmMMVRTKQ+7T2VS
+nXmwYckKUcUgzoVSpiNZaS0zUDypdpy2+tRH3MQa5kqN1YKjvF8RC47woOYCktsD
+o3FFpGNFec9Taa3Msy+DfQQhHKZFKIL3bJDONtmrVvtYK40/yeU4aZ/HA2DQzwhe
+ol1AfiEhAoGBAOnVjosBkm7sblK+n4IEwPxs8sOmhPnTDUy5WGrpSCrXOmsVIBUf
+laL3ZGLx3xCIwtCnEucB9DvN2HZkupc/h6hTKUYLqXuyLD8njTrbRhLgbC9QrKrS
+M1F2fSTxVqPtZDlDMwjNR04xHA/fKh8bXXyTMqOHNJTHHNhbh3McdURjAoGBANkU
+1hqfnw7+aXncJ9bjysr1ZWbqOE5Nd8AFgfwaKuGTTVX2NsUQnCMWdOp+wFak40JH
+PKWkJNdBG+ex0H9JNQsTK3X5PBMAS8AfX0GrKeuwKWA6erytVTqjOfLYcdp5+z9s
+8DtVCxDuVsM+i4X8UqIGOlvGbtKEVokHPFXP1q/dAoGAcHg5YX7WEehCgCYTzpO+
+xysX8ScM2qS6xuZ3MqUWAxUWkh7NGZvhe0sGy9iOdANzwKw7mUUFViaCMR/t54W1
+GC83sOs3D7n5Mj8x3NdO8xFit7dT9a245TvaoYQ7KgmqpSg/ScKCw4c3eiLava+J
+3btnJeSIU+8ZXq9XjPRpKwUCgYA7z6LiOQKxNeXH3qHXcnHok855maUj5fJNpPbY
+iDkyZ8ySF8GlcFsky8Yw6fWCqfG3zDrohJ5l9JmEsBh7SadkwsZhvecQcS9t4vby
+9/8X4jS0P8ibfcKS4nBP+dT81kkkg5Z5MohXBORA7VWx+ACohcDEkprsQ+w32xeD
+qT1EvQKBgQDKm8ws2ByvSUVs9GjTilCajFqLJ0eVYzRPaY6f++Gv/UVfAPV4c+S0
+kAWpXbv5tbkkzbS0eaLPTKgLzavXtQoTtKwrjpolHKIHUz6Wu+n4abfAIRFubOdN
+/+aLoRQ0yBDRbdXMsZN/jvY44eM+xRLdRVyMmdPtP8belRi2E2aEzA==
+-----END RSA PRIVATE KEY-----
+
+: private key for level 14
+
+
+fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq - password for level 14
+jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt - password for level 15
+JQttfApK4SeyHwDlI9SXGR50qclOAil1 - password for level 16
+
+
+
+MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
+imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
+Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
+DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
+JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
+x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
+KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
+J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
+d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
+YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
+vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
++TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
+8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
+SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
+HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
+SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
+R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
+Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
+R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
+L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
+blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
+YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
+77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
+dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
+vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
+
+- pvt key for level 17
+
+
+proceeding from level 16 to level 17
+
+i first checked the read and write permissions in level 13 again as i was not able to proceed earlier
+
+for that i used these commands
+ssh -p 2220 [email protected]
+ls -l 
+
+it shows me the following permission for the file sshkey.private : -rw-r-----
+
+the command to get this is chmod 640 , i made a test file to test this
+
+i moved on to level 16 using ssh -p 2220 [email protected]
+i then moved to the directory where i stored the private key , used chmod 640 to set the same permissions , and tried to connect using the command
+ssh -i private.key bandit17@localhost -p 2220 
+but the same error of publickey is showing
+
+after 30 mins i realised my stupid mistake, i was not putting begin rsa key and end rsa key in the private key hence the format was unreadable and i was not able to proceed, 
+finished this level after 2 days
+
+the command to use it was ssh -i private.key [email protected] -p 2200 
+
+used this since i saved the file locally.
+
+i now changed the file under /tmp/zcross_random named private.key , put the correct format , and then used the command : ssh -i private.key bandit17@localhost -p 2220
+it logged me in , succesfully logged in to level 17
+
+
+level 17 to level 18
+
+command used : 
+
+cat passwords.old
+cat passwords.new 
+diff passwords.old passwords.new = shows error 
+man diff
+diff --normal passwords.old password.new = output : 42c42
+< f9wS9ZUDvZoo3PooHgYuuWdawDFvGld2
+---
+> hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg
+
+by this i am assuming that password for level 18 is f9wS9ZUDvZoo3PooHgYuuWdawDFvGld2
+i waas wrong , it is : hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg
+
+
+level 18 to level 19
+
+i was immediately logged out, i googled modified .bashrc to log you out when you log in with SSH , found a stackoveflow link , https://serverfault.com/questions/94503/login-without-running-bash-profile-or-bashrc
+
+i guess i can use -t to force commands 
+
+i used  ssh -t -p 22220 [email protected] cat readm but nothing happened, i then used ssh -p 2220 [email protected] -t cat readme 
+and got the password , this was the response 
+[email protected]'s password:
+awhqfNnAbc1naukrpqDYcF95h7HoMTrC
+Connection to bandit.labs.overthewire.org closed.
+
+
+level 19 to level 20
+
+i checked the wikipedia file but did not understand how to implement anything so i googled suid, still nothing. 
+i used cd /etc/bandit_pass
+opened bandit 20 using cat, but permission was not given and i could not even change the read write permissions.
+
+i went back and saw permission for each file 
+
+and i discovered an executable file , i ran it and got this output :  Run a command as another user.
+  Example: ./bandit20-do id
+
+ran  ./bandit20-do cat /etc/bandit_pass/bandit20 and got 
+VxCazJaVykI6W36BkBU0mJTCM8rR95XT  as password
+
+level 20 to level 21
+
+i did some googling on opening ports and stuff and after various failed attemopt
+i learnt to set up a server , and was still not able to understand how to send the old password to the server , i tried connecting to my own localhost but i couldnt get the password.
+
+i did a bit of googling and learnt about echo command , then used this command 
+
+echo "VxCazJaVykI6W36BkBU0mJTCM8rR95XT" | nc -l -p 6969 
+
+however my system stopped here, did a bit of googling again and learnt about background processes so i used 
+
+
+echo "VxCazJaVykI6W36BkBU0mJTCM8rR95XT" | nc -l -p 6969 &
+
+after this 
+
+./suconnect 6969 
+
+it gave me the password : NvEJF7oVjkddltPSrdKEFOllh9V1IBcq
+
+
+level 21 to level 22
+
+i went to /etc/cron.d  , used  cat cronjob_bandit22 , and got this as output:
+@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
+* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
+
+i didnt knew what to do but i checked out usr/bin/cronjob_bandit22.sh
+
+chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
+cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
+
+this was the output , i think this means that a new folder or file is been created with that weird name and 644 means everyone can read it , and password is been pasted there
+
+
+-bash: cd: /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv: Not a directory
+bandit21@bandit:/$ ls
+bin   dev      etc         home     lib    lib64   lost+found  mnt  proc  run   snap  sys  usr
+boot  drifter  formulaone  krypton  lib32  libx32  media       opt  root  sbin  srv   tmp  var
+bandit21@bandit:/$ cd /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv/
+-bash: cd: /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv/: Not a directory
+bandit21@bandit:/$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
+WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
+
+thus the password is  WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
+
+
+level 22 to level 23 
+
+
+bandit22@bandit:~$ cd /etc/cron.d/
+bandit22@bandit:/etc/cron.d$ ls
+cronjob_bandit15_root  cronjob_bandit22  cronjob_bandit24       e2scrub_all  sysstat
+cronjob_bandit17_root  cronjob_bandit23  cronjob_bandit25_root  otw-tmp-dir
+bandit22@bandit:/etc/cron.d$ cat cronjob_bandit23
+@reboot bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null
+* * * * * bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null
+bandit22@bandit:/etc/cron.d$ cat ../../usr/bin/cronjob_bandit23.sh
+#!/bin/bash
+
+myname=$(whoami)
+mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
+
+echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
+
+cat /etc/bandit_pass/$myname > /tmp/$mytarget
+bandit22@bandit:/etc/cron.d$ cd ../../usr/bin
+
+after several ls and cat commands i learnt about scripts and vatriables and then i put 
+
+bandit22@bandit:/$ echo I am user bandit23 | md5sum | cut -d ' ' -f 1
+8ca319486bfbbc3663ea0fbe81326349
+
+since the script said passwrod file , and this is the new target now , we move to /tmp/weird file name
+
+bandit22@bandit:/$ cd /tmp/8ca319486bfbbc3663ea0fbe81326349
+-bash: cd: /tmp/8ca319486bfbbc3663ea0fbe81326349: Not a directory
+bandit22@bandit:/$ cd /tmp/8ca319486bfbbc3663ea0fbe81326349/
+-bash: cd: /tmp/8ca319486bfbbc3663ea0fbe81326349/: Not a directory
+bandit22@bandit:/$ cat /tmp/8ca319486bfbbc3663ea0fbe81326349
+QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G
+bandit22@bandit:/$
+
+
+password : QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G
+
+level 23 to level 24
+
+ cd /etc/cron.d/
+bandit23@bandit:/etc/cron.d$ ls
+cronjob_bandit15_root  cronjob_bandit23       e2scrub_all
+cronjob_bandit17_root  cronjob_bandit24       otw-tmp-dir
+cronjob_bandit22       cronjob_bandit25_root  sysstat
+bandit23@bandit:/etc/cron.d$ cat cronjob_bandit23
+@reboot bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null
+* * * * * bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null
+bandit23@bandit:/etc/cron.d$ cat ../../usr/bin/cronjob_bandit23.sh
+#!/bin/bash
+
+myname=$(whoami)
+mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
+
+echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
+
+cat /etc/bandit_pass/$myname > /tmp/$mytarget
+bandit23@bandit:/etc/cron.d$ echo I am user bandit24 | md5sum | cut -d ' ' -f 1
+ee4ee1703b083edac9f8183e4ae70293
+bandit23@bandit:/etc/cron.d$ cat /tmp/ee4ee1703b083edac9f8183e4ae70293
+VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
+
+password : VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
+
+
+level 24 to level 25
+
+this level took a ridiculous amount of time as i didnt know how to create a script.
+
+i first did nc localhost 30002 , entered few random numbers trying my luck , didnt get anything.
+
+then i created a test.sh script inside /tmp/zcross_scripts , under that i wrote this : 
+
+for i in {0000..9999}
+do
+        echo VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar $i >> test.txt
+done
+
+
+i opened test.txt using cat test.txt ,tried to copy and then did nc localhost 30002 and then pasted, still i was not able to get any result, it was just a swarm of 
+incorrect pincode, after a while i modified the script, i added these lines 
+
+cat test.txt | nc localhost 30002 > results.txt
+
+
+this showed error
+
+i changed it to 
+
+cat test.txt | nc localhost 30002 >> results.txt
+
+opened cat results.txt and in the final line it was written :
+Correct!
+The password of user bandit25 is p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
+
+Exiting.
+
+password : p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d