A CTF is the perfect place to learn security skills in a safe environment, knowing you are not going to destroy something valuable or do something illegal.
Moreover, you know that a vulnerability exists, about a particular problem, wether it is XSS, CSRF or many others and that there is a way to find and exploit it.
That’s why it is so loved by security engineer in the making.
The Bandit CTF from OverTheWire is a beginner oriented CTF and today after the challenges 1 to 5 we reviewed last week, we are going to play the challenges 6 to 10.
If you want to go through the 1 to 5 challenges, it is located here.
Let’s dive in the 6 to 10 challenges in a video :
If you want to read the walk-through without the voice over, here are all the writeups (for the 6 to 10 challenges).
ssh email@example.com -p 2220
Use the DXjZPULLxYr17uwoI01bNLQbtFemEgo7 flag as the password.
find / * -size 33c -user bandit7 -group bandit6
Flag : HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
ssh firstname.lastname@example.org -p 2220
Use the HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs flag as the password.
Use a simple grep command (
man grep) to get the lines that have the word “millionth” next to it.
grep millionth data.txt
Flag : cvX2JJa4CFALtqS87jk27qwqGhBM9plV
ssh email@example.com -p 2220
Use the cvX2JJa4CFALtqS87jk27qwqGhBM9plV flag as the password.
One uses pipe to chain actions on the file (man sort and man uniq to understand these command and what’s possible with them).
cat data.txt | sort | uniq -u
Flag : UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
ssh firstname.lastname@example.org -p 2220
Use the UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR flag as the password.
Simple cat let see the flag
strings is a bash command which prints the strings that are human readable.
One prints all the human readable strings.
One chains it to a grep command that prints only the strings which have at least 2 “=” character.
-o allows to print only the matching lines
-w allows to print only the regular expression matching lines
strings data.txt | grep ="=.*".* -oh
Flag : truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
ssh email@example.com -p 2220
Use the truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk flag as the password.
The file is a simple base64. You just have to decode it (man base64)
base64 -d data.txt
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
Flag : IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
If you have any question, feel free to ask and I’ll do my best to answer it and help you grow.
If you like this content, push the like button, that helps spread the message. 👍🏼
If you think it can be useful to anyone in your network, share it. 📨