Bandit23
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
Read MoreVeni, Vidi, Vici!
Bandit is the easiest of the OverTheWire wargame sets, designed for beginners. It’s designed to teach the basics so as to enable the players to solve the other wargames. Bandit is primarily accessible by ssh shell. The challenges are running at specific URL, viz. bandit.labs.overthewire.org. Users can log into a particular level by using the username: banditX where X is the challenge level and providing the level password obtained from the previous level. Tasks in Bandit involve vim shells, privilege exploits, scripting, etc.
Before going through this walkthrough, I highly recommend you attempt to solve them yourself. Only when you have tried all you can think of, should you refer to this walkthrough. I’ve tried explaining the thinking process behind the solution so that, you could follow the process wherever else you might need to.
Link: http://overthewire.org/wargames/bandit/
Disclaimer: The techniques showed in the blog are for educational purposes only. Do NOT use them on any other system without the owner’s permission.
There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).
Read MoreThe credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
Read More