blog
blog copied to clipboard
mylamour
overthewire.org Writeup Or Not
睡醒突然想起上次要做没有做这个。每一关得到下一关的密码。 简单的就不记录了。还剩下3题没做。 记录下,去锻炼下身体。
grep -rnw "./*"
grep -P '^='
-P perl regex
echo 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh | python -c "import sys; print(sys.stdin.read().encode(\"rot13\"))"
0-1 boJ9jbbUNNfktd78OOpsqOltutMc3MY1
1-2 CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
2-3 UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
3-4 pIwrPrtPN36QITSp3EQaw936yaFoFgAB
4-5 koReBOKuIDDepwhWk7jZC0RTdopnAYKh
5-6 DXjZPULLxYr17uwoI01bNLQbtFemEgo7
find -type f -size 1033c -not -executable -exec cat {} \;
6-7 HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
find / -user bandit7 -group bandit6 -size 33c
7-8 cvX2JJa4CFALtqS87jk27qwqGhBM9plV
8-9 UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
9-10 truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
10-11 IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
11-12 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
12-13 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
xxd -r data.txt 然后就是一直file 和 decompress了
13-14 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
ssh -i ssh.private bandit14@localhost cat /etc/bandit_pass/bandit14
14-15 BfMYroe26WYalil77FoDi9qh59eK5xNr
echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
15-16 cluFn7wTiGryunymYOu4RcffSxQluehd
echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -connect localhost:30001 -quiet
16-17 xLYVMN9WE5zQ5vHacb0sZEVqbrp7nBTn
nmap -v 127.0.0.1 -p 30001-32000
echo cluFn7wTiGryunymYOu4RcffSxQluehd | openssl s_client -connect localhost:31790 -quiet
17-18 kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
ssh -p2220 [email protected] 'cat readme'
18-19 IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
./bandit20-do cat /etc/bandit_pass/bandit20
19-20 GbKksEFF4yrVs6il55v6gwY5aVje5f0j
echo GbKksEFF4yrVs6il55v6gwY5aVje5f0j | nc -l 2333 ./suconnect
20-21 gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
21-22 Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
cat /cat /usr/bin/cronjob_bandit23.sh
echo I am user bandit23 | md5sum | cut -d ' ' -f 1
#得到 8ca319486bfbbc3663ea0fbe81326349
cat /tmp/8ca319486bfbbc3663ea0fbe81326349
22-23 jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
23-24 为什么自定义的脚本没有起作用?
写个自定义脚本放到/var/spool/banit24下面,脚本会被自动执行,既然以banit24用户执行,所以可以读到密码
