Bandit Wargames
Passwords
bandit0 | bandit0 |
bandit1 | boJ9jbbUNNfktd78OOpsqOltutMc3MY1 |
bandit2 | CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 |
bandit3 | UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK |
bandit4 | pIwrPrtPN36QITSp3EQaw936yaFoFgAB |
bandit5 | koReBOKuIDDepwhWk7jZC0RTdopnAYKh |
bandit6 | DXjZPULLxYr17uwoI01bNLQbtFemEgo7 |
bandit7 | HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs |
bandit8 | cvX2JJa4CFALtqS87jk27qwqGhBM9plV |
bandit9 | UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR |
bandit10 | truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk |
bandit11 | IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR |
bandit12 | 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu |
bandit13 | 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL |
bandit14 | 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e |
bandit15 | BfMYroe26WYalil77FoDi9qh59eK5xNr |
bandit16 | cluFn7wTiGryunymYOu4RcffSxQluehd |
bandit18 | kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd |
bandit19 | IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x |
bandit20 | GbKksEFF4yrVs6il55v6gwY5aVje5f0j |
bandit21 | gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr |
bandit22 | Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI |
bandit23 | jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n |
bandit24 | UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ |
bandit25 | uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG |
bandit26 | 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z |
bandit27 | 3ba3118a22e93127a4ed485be72ef5ea |
bandit28 | 0ef186ac70e04ea33b4c1853d2526fa2 |
bandit29 | bbc96594b4e001778eee9975372716b2 |
bandit30 | 5b90576bedb2cc04c86a9e924ce42faf |
bandit31 | 47e603bb428404d265f59c42920d81e5 |
bandit32 | 56a9bf19c63d650ce78e6ec0354ee45e |
bandit33 | c9c3199ddf4121b10cf581a98d51caee |
In addition to magic bytes, gzip also checks that the file name has the proper file extension
.gz, -gz, .z, -z, _z
also supports: .tgz, .taz, .tar.gz, .tar.Z,
bzip2 requires the .bz2 file extension
tar does not require a file extension
Loop through all files/folders in the current directory and display their name/type
bandit4@bandit:~/inhere$ for x in `find . -type f -print`; do file $x; done
./-file09: data
./-file06: data
./-file01: data
./-file02: data
./-file05: data
./-file03: data
./-file08: data
./-file07: ASCII text
./-file04: data
./-file00: data
Find a files owned by a particular user
find / -user <user> 2>/dev/null
Find the lines of text that only occur once
sort data.txt |uniq -u
Decode base64
base64 -d <file with base64 encoded text>
Decode ROT13
cat data.txt |tr a-zA-Z n-za-mN-ZA-M
Convert Hexdump from ASCII back to Binary
xxd -r <ascii file name> <new binary file name>
Extract files (gzip, bzip2, tar)
gzip -d <file>
bzip2 -d <file>
tar -xvf <file>
Submit Data to a Port using SSL Encryption
echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -quiet -connect localhost:30001
SSH using a specific shell
ssh -t <username>@<server> <shell>
e.g.
ssh -p 2220 -t bandit18@bandit.labs.overthewire.org /bin/sh
useful in this level to avoid the autologout set in the .bashrc file
this is because since we didn't spawn a bash shell (the default) the .bashrc file never gets loaded
Git
git log
show commit logs
git checkout
switch branches or restore working tree files
git branch
show current branch
git branch -a
show all branches
git checkout <branch name>
change to a different branch
git show <commit name>
show the contents of a commit
git reflog
show reference logs
*** there is a .gitignore file which specifies the files that will be ignored and will not be used in any commits or pushes that you try to make to your repository
Last updated