feat: OTW checkpoitn

alfredgamulo · Jun 17, 2023 · 25679d8 · 25679d8
1 parent fc90ef8
commit 25679d8
Show file tree

Hide file tree

Showing 9 changed files with 159 additions and 5 deletions.
diff --git a/OverTheWire/Bandit/17.key b/OverTheWire/Bandit/17.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
+imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
+Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
+DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
+JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
+x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
+KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
+J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
+d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
+YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
+vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
++TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
+8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
+SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
+HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
+SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
+R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
+Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
+R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
+L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
+blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
+YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
+77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
+dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
+vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
+-----END RSA PRIVATE KEY-----
diff --git a/OverTheWire/Bandit/24.md b/OverTheWire/Bandit/24.md
@@ -2,7 +2,7 @@
 
 ```
 ssh [email protected] -p 2220
-UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
+VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
 ```
 
 The challenge here is to write a script that loops and calls netcat.
@@ -12,15 +12,15 @@ The challenge here is to write a script that loops and calls netcat.
 
 ```
 #!/bin/bash
-PWD='UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ'
-for n in `seq 1 9999`;
+PWD='VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar'
+for i in {0000..9999};
 do
     echo "$PWD $n" #echo a line into the stdin of nc
 done | nc localhost 30002
 
 ```
 
 > Correct!
-> The password of user bandit25 is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
+> The password of user bandit25 is p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
 >
 > Exiting.
diff --git a/OverTheWire/Bandit/25.md b/OverTheWire/Bandit/25.md
@@ -2,10 +2,16 @@
 
 ```
 ssh [email protected] -p 2220
-uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
+p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
 ```
 
 Need to manually select the shell
 
+`/etc/passwd` has shell info
 
+`more` can change the shell with `:set shell /bin/bash` then `:shell`
 
+```
+bandit26@bandit:~$ cat /etc/bandit_pass/bandit26
+c7GvcKlw9mC7aUQaPx7nwFstuAIBw1o1
+```
diff --git a/OverTheWire/Bandit/26.key b/OverTheWire/Bandit/26.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEApis2AuoooEqeYWamtwX2k5z9uU1Afl2F8VyXQqbv/LTrIwdW
+pTfaeRHXzr0Y0a5Oe3GB/+W2+PReif+bPZlzTY1XFwpk+DiHk1kmL0moEW8HJuT9
+/5XbnpjSzn0eEAfFax2OcopjrzVqdBJQerkj0puv3UXY07AskgkyD5XepwGAlJOG
+xZsMq1oZqQ0W29aBtfykuGie2bxroRjuAPrYM4o3MMmtlNE5fC4G9Ihq0eq73MDi
+1ze6d2jIGce873qxn308BA2qhRPJNEbnPev5gI+5tU+UxebW8KLbk0EhoXB953Ix
+3lgOIrT9Y6skRjsMSFmC6WN/O7ovu8QzGqxdywIDAQABAoIBAAaXoETtVT9GtpHW
+qLaKHgYtLEO1tOFOhInWyolyZgL4inuRRva3CIvVEWK6TcnDyIlNL4MfcerehwGi
+il4fQFvLR7E6UFcopvhJiSJHIcvPQ9FfNFR3dYcNOQ/IFvE73bEqMwSISPwiel6w
+e1DjF3C7jHaS1s9PJfWFN982aublL/yLbJP+ou3ifdljS7QzjWZA8NRiMwmBGPIh
+Yq8weR3jIVQl3ndEYxO7Cr/wXXebZwlP6CPZb67rBy0jg+366mxQbDZIwZYEaUME
+zY5izFclr/kKj4s7NTRkC76Yx+rTNP5+BX+JT+rgz5aoQq8ghMw43NYwxjXym/MX
+c8X8g0ECgYEA1crBUAR1gSkM+5mGjjoFLJKrFP+IhUHFh25qGI4Dcxxh1f3M53le
+wF1rkp5SJnHRFm9IW3gM1JoF0PQxI5aXHRGHphwPeKnsQ/xQBRWCeYpqTme9amJV
+tD3aDHkpIhYxkNxqol5gDCAt6tdFSxqPaNfdfsfaAOXiKGrQESUjIBcCgYEAxvmI
+2ROJsBXaiM4Iyg9hUpjZIn8TW2UlH76pojFG6/KBd1NcnW3fu0ZUU790wAu7QbbU
+i7pieeqCqSYcZsmkhnOvbdx54A6NNCR2btc+si6pDOe1jdsGdXISDRHFb9QxjZCj
+6xzWMNvb5n1yUb9w9nfN1PZzATfUsOV+Fy8CbG0CgYEAifkTLwfhqZyLk2huTSWm
+pzB0ltWfDpj22MNqVzR3h3d+sHLeJVjPzIe9396rF8KGdNsWsGlWpnJMZKDjgZsz
+JQBmMc6UMYRARVP1dIKANN4eY0FSHfEebHcqXLho0mXOUTXe37DWfZza5V9Oify3
+JquBd8uUptW1Ue41H4t/ErsCgYEArc5FYtF1QXIlfcDz3oUGz16itUZpgzlb71nd
+1cbTm8EupCwWR5I1j+IEQU+JTUQyI1nwWcnKwZI+5kBbKNJUu/mLsRyY/UXYxEZh
+ibrNklm94373kV1US/0DlZUDcQba7jz9Yp/C3dT/RlwoIw5mP3UxQCizFspNKOSe
+euPeaxUCgYEAntklXwBbokgdDup/u/3ms5Lb/bm22zDOCg2HrlWQCqKEkWkAO6R5
+/Wwyqhp/wTl8VXjxWo+W+DmewGdPHGQQ5fFdqgpuQpGUq24YZS8m66v5ANBwd76t
+IZdtF5HXs2S5CADTwniUS5mX1HO9l5gUkk+h0cH5JnPtsMCnAUM+BRY=
+-----END RSA PRIVATE KEY-----
diff --git a/OverTheWire/Bandit/26.md b/OverTheWire/Bandit/26.md
@@ -0,0 +1,13 @@
+# Bandit Level 26
+
+```
+ssh [email protected] -p 2220
+c7GvcKlw9mC7aUQaPx7nwFstuAIBw1o1
+```
+
+`more` can change the shell with `:set shell /bin/bash` then `:shell`
+
+```
+bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
+YnQpBuifNMas1hcUFk70ZmqkhUU2EuaS
+```
diff --git a/OverTheWire/Bandit/27.md b/OverTheWire/Bandit/27.md
@@ -0,0 +1,18 @@
+# Bandit Level 27
+
+```
+ssh [email protected] -p 2220
+YnQpBuifNMas1hcUFk70ZmqkhUU2EuaS
+```
+
+```
+bandit27@bandit:~$ git clone ssh://bandit27-git@localhost:2220/home/bandit27-git/repo /tmp/derp
+bandit27@bandit:/tmp/derp$ ls -alh
+total 1.2M
+drwxrwxr-x  3 bandit27 bandit27 4.0K Jun 17 04:05 .
+drwxrwx-wt 20 root     root     1.2M Jun 17 04:05 ..
+drwxrwxr-x  8 bandit27 bandit27 4.0K Jun 17 04:05 .git
+-rw-rw-r--  1 bandit27 bandit27   68 Jun 17 04:05 README
+bandit27@bandit:/tmp/derp$ cat README
+The password to the next level is: AVanL161y9rsbcJIsFHuw35rjaOM19nR
+```
diff --git a/OverTheWire/Bandit/28.md b/OverTheWire/Bandit/28.md
@@ -0,0 +1,19 @@
+# Bandit Level 28
+
+```
+ssh [email protected] -p 2220
+AVanL161y9rsbcJIsFHuw35rjaOM19nR
+```
+
+```
+bandit28@bandit:~$ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo /tmp/derp
+bandit28@bandit:/tmp/derp$ git checkout abcff758fa6343a0d002a1c0add1ad8c71b88534
+bandit28@bandit:/tmp/derp$ cat README.md
+# Bandit Notes
+Some notes for level29 of bandit.
+
+## credentials
+
+- username: bandit29
+- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
+```
diff --git a/OverTheWire/Bandit/29.md b/OverTheWire/Bandit/29.md
@@ -0,0 +1,32 @@
+# Bandit Level 29
+
+```
+ssh [email protected] -p 2220
+tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
+```
+
+```
+bandit28@bandit:~$ git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo /tmp/derp
+bandit28@bandit:/tmp/derp$ cat README.md
+# Bandit Notes
+Some notes for bandit30 of bandit.
+
+## credentials
+
+- username: bandit30
+- password: <no passwords in production!>
+
+bandit29@bandit:/tmp/derp$ git checkout dev
+Branch 'dev' set up to track remote branch 'dev' from 'origin'.
+Switched to a new branch 'dev'
+bandit29@bandit:/tmp/derp$ ls
+code  README.md
+bandit29@bandit:/tmp/derp$ cat README.md
+# Bandit Notes
+Some notes for bandit30 of bandit.
+
+## credentials
+
+- username: bandit30
+- password: xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
+```
diff --git a/OverTheWire/Bandit/30.md b/OverTheWire/Bandit/30.md
@@ -0,0 +1,12 @@
+# Bandit Level 30
+
+```
+ssh [email protected] -p 2220
+xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
+```
+
+```
+bandit28@bandit:~$ git clone ssh://bandit30-git@localhost:2220/home/bandit30-git/repo /tmp/derp
+bandit28@bandit:/tmp/derp$ cat README.md
+just an epmty file... muahaha
+```