Bandit Level 11 → Level 12
Level Goal
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
ssh bandit11@bandit.labs.overthewire.org -p 2220
Password: IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
ls
cat data.txt
copy this string: Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh
Open cyberchef(github) in browser and search rot13. Paste above strings into output, you will get instant password output.
Password for next level: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUuBandit Level 12 → Level 13
Level Goal
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
ssh bandit12@bandit.labs.overthewire.org -p 2220
Password: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
mkdir /tmp/ban12(any name you want)
cp data.txt /tmp/ban12
ls
xxd –r data.txt > data
mv data file.gz
gzip –d file.gz
ls
mv file file.bz2
bzip2 –d file.bz2
ls
mv file file.gz
gzip –d file.gz
ls
mv file file.tar
tar xf file.tar
ls
rm file.tar
ls
rm data.txt
ls
mv data5.bin data.tar
tar xf data.tar
ls
file data6.bin
mv data6.bin data.bz2
bzip2 –d data.bz2
ls
mv data data.tar
ls
tar xf data.tar
ls
file data8.bin
mv data8.bin data.gz
gzip –d data.gz
ls
file data
cat data
Password for next level: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYLBandit Level 13 → Level 14
Level Goal
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
ssh bandit13@bandit.labs.overthewire.org -p 2220
Password: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
ls
ssh –i sshkey.private bandit14@localhost
cat /etc/bandit_pass/bandit14
Password for next level: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3eBandit Level 14 → Level 15
Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
ssh bandit14@bandit.labs.overthewire.org -p 2220
password: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
nc localhost 30000 and press enter
paste your password from previous level: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
password for next level: BfMYroe26WYalil77FoDi9qh59eK5xNrBandit Level 15 → Level 16
Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
ssh bandit15@bandit.labs.overthewire.org -p 2220
Password: BfMYroe26WYalil77FoDi9qh59eK5xNr
cat /etc/bandit_pass/bandit15
copy password: BfMYroe26WYalil77FoDi9qh59eK5xNr
ncat –ssl localhost 30001 and press enter
paste above password: BfMYroe26WYalil77FoDi9qh59eK5xNr
password for next level: cluFn7wTiGryunymYOu4RcffSxQluehd
Bandit Level 16 → Level 17
Level Goal
The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
ssh bandit16@bandit.labs.overthewire.org -p 2220
Password: cluFn7wTiGryunymYOu4RcffSxQluehd
cat /etc/bandit_pass/bandit16
nmap localhost –p 31000-32000
ncat –ssl localhost 31790
Paste password: cluFn7wTiGryunymYOu4RcffSxQluehd
Copy all the contents and exit
vim key, paste the copied content and exit vim
chmod 400 key
ssh –I key bandit17@ bandit.labs.overthewire.org -p 2220
You should be logged inBandit Level 17 → Level 18
Level Goal
There are 2 files in the home directory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new
NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19
You will be logged in from above step
diff passwords.old passwords.new
you will get two passwords. Later one will be our password
password for next level: kfBf3eYk5BPBRzwjqutbbfE887SVc5YdBandit Level 18 → Level 19
Level Goal
The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.
ssh -t bandit18@bandit.labs.overthewire.org -p 2220 /bin/sh
password: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
ls
cat readme
password for next level: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
Bandit Level 19 → Level 20
Level Goal
To gain access to the next level, you should use the setuid binary in the home directory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass) after you have used the setuid binary.
ssh bandit19@bandit.labs.overthewire.org -p 2220
Password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
ls
./bandit20-do id
./bandit20-do cat /etc/bandit_pass/bandit20
Password for next level: GbKksEFF4yrVs6il55v6gwY5aVje5f0jBandit Level 20 → Level 21
Level Goal
There is a setuid binary in the home directory that does the following: it makes a connection to localhost on the port you specify as a command-line argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password to the next level (bandit21).
NOTE: Try connecting to your own network daemon to see if it works as you think
ssh bandit20@bandit.labs.overthewire.org -p 2220
Password: GbKksEFF4yrVs6il55v6gwY5aVje5f0j
We need two terminals so login in both window with above credentials
Terminal 1
After login
cat /etc/bandit_pass/bandit20 |nc -l localhost -p 12345(any unused port)
Terminal 2
Login here too
ls
./suconnect 12345
If password matches then you will get next password in terminal 1.
Password for next level: gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGrBandit Level 21 → Level 22
Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
ssh bandit21@bandit.labs.overthewire.org -p 2220
Password: gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
ls /etc/cron.d
cat /etc/cron.d/cronjob_bandit22
cat /usr/bin/cronjob_bandit22.sh
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Password for next level: Yk7owGAcWjwMVRwrTesJEwB7WVOiILLIThis is it. We will be uploading the remaining task in the next post. Please be updated with us.
Comments