Over The Wire’s Bandit is a Linux Capture The Flag that tests your hacking skills. In this video, we walk through Bandit levels 10 to 14. These are some of the more difficult levels, but our clear and concise explanations will help you get through them. By the end of this video, you’ll be one step closer to becoming a master hacker!
#bandit – #levels10to14 – #overthewire
– – – – – – – – – –
Writeup – https://mrash.co/bandit-level-10-14/
Bandit – https://overthewire.org/wargames/bandit
Website – https://mrash.co
Newsletter – https://mrash.co/newsletters
Twitter – https://go.mrash.co/tw
– – – – – – – – – –
00:00 – Intro
00:14 – Level 10
02:08 – Level 11
03:43 – Level 12
06:32 – Level 13
15:18 – Level 14
18:09 – Outro
– – – – – – – – – –
Music – https://go.mrash.co/music
All of my opinions in this video are my own, I was not paid to make this video. Whenever there is a link in any of my videos, if there is an affiliate program available, it’s safe to assume that you are clicking on an affiliate link. Please check my website for any associated bonus I may be offering, for supporting me or ask in the comments below.
– – – – – – – – – –
Hi, welcome back to the channel. We are going to be doing bandit level five through two nine. If you haven’t seen, the last video link will be in the description card will be on the screen. Go check that out up on the screen. We’ve got the level itself off and we’ve got a VM running Kali or Kali.
And we’ve got the last flag from previous room. So I’ve just switched over our bandit user over to bandit four and logged in with password CTRL + L. Clear the screen, see what level five entails for us. So we’ve got level goal. The password for this next level is stored in the only human readable file in the in here directory.
Tfue terminal is messed up. Try the reset command. I believe CTRL l and Reset do the same thing. Well, they might not. I’m not really sure.
Commands we’re going to need Lscd cat file find. So cool. Let’s dig into our level here. Same with our LS. So we’ve got our in here directory, so let’s CD over into it.
All right, so it looks like we’ve got a few files here, so let’s run LSL, which will give us a list out and see if we can find anything interesting. It seems that all of our files, zero through 910 in total, all the same permissions, looks like the same byte size. Now, we could go one by one. Let’s just try that. If we just cat out this first file and we get this jargon so this is the problem, right?
Yeah, we don’t even need to use fine, right? We can just cat out each file and we can go one by one. Or we could just use a wild card, like an asterisk, and just cut everything out. But I think we need to specify that we want to cut out everything here. So that’s just going to list out all the directories of each of the file.
So this is the flag which has come through from one of the files. I don’t even know which file it is. I think it’s seven, but yeah, that’s one way to do it. And that’s sort of makes me think that there’s just multiple ways. I’m pretty sure this is not how I’ve solved this level before.
I’m going off memory, but I’m guessing. I think this is seven, eight and nine. Let’s just try. So it’s actually good that I did that because I was going to copy this whole thing, but this first Nt is not part of the flag. So cool.
I’m going to copy that. Going to run the exit command and up arrow. And we’ll just go over to following user, checking that password. So now we are on to level six. Level six.
The password for the next level is stored in a file somewhere under the in here directory and has all of the following properties. Human readable, 133 bytes in size, not executable. This is definitely what we’re going to need to use that fine command. So let’s just LS Gary here. If you do ampersand, we can combine, that will change into the directory.
Once it’s in there, it will list everything out. So I guess this is now. The trick is how do we go through all of these files? If we list out the contents of just the first one there, we’ve got File, File, File Spaces, File Spaces, and File. So it’s going to take a long time to go through these directories one by one.
So they’ve given us some information on how we can do that. So I’m going to search. Once I’ve gone, man find, I’m going to hit the forward slash and I’m going to type in no pattern found on that. Just try size. Cool.
So we can use the size switch and specify the bytes we want to use. So it’s something that we’ve got here is the 103 bytes. So we need to find a file that matches that cool. So we can just try running Find, specifying that we want to do it in this current folder. And we can just use the size flag for the Find command and just specify the size 133 found with the C…
source