Skip to content

Latest commit

 

History

History
189 lines (97 loc) · 8.41 KB

README.md

File metadata and controls

189 lines (97 loc) · 8.41 KB

Homework1

OverTheWire: Wargames - Bandit

Hints and commands given in the OverTheWire website was used as a guide to find the password fro the next level.

The screenshots illustrate the commands used to discover the password.

bandit0

Level Goal

Connect to the OverTheWire game server using SSH using provided credentials and discover password for Level 1. hostname: bandit.labs.overthewire.org username: bandit0 password: bandit0

How To

Use an SSH application and SSH to [email protected]. Given that the file is in the home directory, use ls command to list the content of the directory.Notice the file named readme, and simply read this filename to find the password for the next level using the command cat readme.

Terminate the SSH session by typing exit and reconnect to the bandit game using thenew username and password for level 1.

Learning/Conclusion

Possibilities are there to receive a few prompts regarding RSA keys, or a warning that someone may be eavesdropping on you. Research and remove keys belonging to the hostname to overcome this issue. Also it covered a few basic commands.

bandit0

bandit1

Level Goal

Discover password for the next level stored in a file called - located in the home directory.

How To

Login as bandit1 using the password recovered from level0 and land in the home directory. Given that the file is in the home directory named -, the command cat ./- produces the intended result. The period denotes the current working directory which in this case can be substituted with /home/bandit1.

Terminate the SSH session and login to next level.

Learning/Conclusion

The file cannot be simply read using the command cat - since - in bash is used to redirect to/from stdin or stdout, meaning that whatever is typed after the command will be read standard in and will be repeated standard out. Further researching in Bash/Linux special characters would reveal more.

bandit1

bandit2

Level Goal

Discover password for the next level stored in a file called "spaces in this filename" located in the home directory.

How To

Given that the file is in the home directory named again the command cat should produce results. The file can is read using the command cat spaces\ in\ this\ filename in which the backslash preserves the space following it or simply type cat sp and hit Tab for the shell to fill the rest.

Terminate the SSH session and login to next level.

Learning/Conclusion

When using the cat command to read the file, space character cannot be typed directly since linux uses it to separate items. From the file "spaces in this filename" only the first word, that is "spaces" will be taken as the filename. A preceding backslash is used before the space character to recognize it and read it as it is.

Escape characters are powerful when programming and helpful when dealing with weird filenames. Additionally tab completion is extremely powerful which would reduce errors made in spelling filenames and can really be efficient for traversing through file structures.

bandit2

bandit3

Level Goal

Discover password for the next level stored in a hidden file in a directory named "inhere".

How To

Try to list all what inhere directory holds with the ls command and it would show it as blank. Go through the manual of for ls command by typing in man ls and notice the argument -a used to list all items. Press q and exit. Then use the command with the argument to list literally all items. This should show three things listed. A period, two periods and .hidden. The period denotes the current directory, two periods references the parent directory and .hidden is the hidden file containing the password for the next level.

Read the file using cat /inhere/.hidden from the home directory to recover the password.

Terminate the SSH session and login to next level.

Learning/Conclusion

A hidden file can be created by adding a period in at the beginning of the filename which will not be visible to a simple ls command. ls command can be used with several arguments to get more information about the items in a directory. The manual can and should be used in order to get a detailed description about commands and their usage.

bandit3

bandit4

Level Goal

Discover password for the next level stored in the only human-readable file in the directory named "inhere".

How To

List all the items in the folder and notice the file names beginning with a dash meaning that we should adjust the command. Given that there is only one human-readable file in the directory, using wildcard type in the command file ./* to identify the file with ASCII characters. This should show the only human-readable file as -file07.

Read the password, terminate the SSH session and login to next level.

Learning/Conclusion

A human readable means a human can read it without the need of computer translation. Therefore, human readable content will be in ASCII or similar while non-human readable data will be in binary. To explore the type of data file command can be used with arguments.

Moreover usage of a wildcard often represented by the ‘*’, commonly referred to as ‘splat’ with commands the shell will match any character to any length. Different wildcards are used for different purposes which greatly increases the flexibility and efficiency of searches.

bandit4

bandit5

bandit5

bandit6

bandit6

bandit7

bandit7

bandit8

bandit8

bandit9

bandit9

bandit10

bandit10

bandit11

bandit11

bandit12

bandit12

bandit13

bandit13-1

bandit13-2

bandit14

bandit14

bandit15

bandit15

bandit16

bandit16

bandit17

bandit17

bandit18

bandit18

bandit19

bandit19

bandit20

bandit20

bandit21

bandit21

bandit22

bandit22

bandit23

bandit23