Adds Karthiks Bandit Assignment

Karthik.txt

@@ -0,0 +1,307 @@
+Git Assignment MDG b26
+sudo ssh [email protected] -p 2220
+password
+cat readme
+p1 :  NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
+
+sudo ssh [email protected] -p 2220
+cat ./-
+rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi
+
+sudo ssh [email protected] -p 2220
+cat “spaces in this filename”
+aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
+
+sudo ssh [email protected] -p 2220
+ls
+cd inhere
+ls -a
+cat .hidden
+2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
+
+sudo ssh [email protected] -p 2220
+ls
+cd inhere
+ls
+file ./*
+cat ascii text data
+lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
+
+
+cd inhere
+ls -l
+du —bytes -a | sort -rh
+P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
+
+
+find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
+cat /var/lib/dpkg/info/bandit7.password
+bandit8
+z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
+
+man grep
+grep -w "millionth" data.txt
+pswd: TESKZC0XvTetK0S9xNwm25STk5iWrBvP
+
+
+
+sort data.txt | uniq -c
+EN632PlfYiZbn3PhVK3XOGSlNInNE00t
+
+
+sudo ssh [email protected] -p 2220
+ls
+grep “=“ data.txt
+strings data.txt
+strings data.txt | grep “==“
+G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s
+
+sudo ssh [email protected] -p 2220
+ls
+cat data.txt
+base64 —help
+base64 -d data.txt
+6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM
+
+sudo ssh [email protected] -p 2220
+ls
+cat data.txt
+copy rotated text
+tr 'A-Za-z' 'N-ZA-Mn-za-m' <<< "WIAOOSFzMjXXBC0KoSKBbJ8puQm5lIEi"
+JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv
+
+mkdir /tmp/mykt
+cp data.txt /tmp/mykt
+file data.txt
+cd /tmp/mykt
+xxd -r data.txt -> data
+file data
+xxd -r data
+mv data data.gz
+gzip -d data.gz
+file data
+mv data data.bzip2
+file data.bzip2
+mv data.bzip2.out data.bzip2.gz
+gzip -b data.bzip2.gz
+file data.bzip2
+tar —help
+mv data.bzip2 data.tar
+tar -x -f data.tar
+file data5.bin
+rm data.tar
+mv data5.bin data.tar
+tar -x -f data.tar
+file data6.bin
+mv data6.bin data.bz2	
+bzip2 -d data.bz2
+file data
+mv data data.tar
+tar -x -f data.tar
+file data8.bin
+mv data8.bin data.gz
+gzip -d data.gz
+ls
+file data
+cat data
+wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw
+
+
+ssh -i sshkey.private [email protected] -p  2220
+
+ls -la
+cd ..
+cd ..
+cd ..
+cd etc
+cd bandit_pass
+ls
+cat bandit14
+np localhost 30000
+fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq
+jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt
+
+ssh [email protected] -p 2220
+openssl s_client localhost:30001
+JQttfApK4SeyHwDlI9SXGR50qclOAil1
+
+ssh [email protected] -p 2220
+nmap -sO -p31000-32000 localhost
+nmap localhost -p31000-32000 
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
+imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
+Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
+DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
+JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
+x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
+KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
+J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
+d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
+YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
+vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
++TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
+8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
+SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
+HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
+SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
+R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
+Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
+R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
+L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
+blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
+YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
+77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
+dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
+vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
+-----END RSA PRIVATE KEY-----
+mkdir /tmp
+cd tmp
+touch sshkey.private
+nano sshkey.private
+paste the password
+ssh -i sshkey.private [email protected] -p 2220
+diff --normal password.old password.new
+hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg
+
+sudo ssh [email protected] -p 2220 "cat readme"
+awhqfNnAbc1naukrpqDYcF95h7HoMTrC
+
+sudo ssh [email protected] -p 2220
+ls -la
+drwxr-xr-x  2 root     root      4096 Feb 21 22:03 .
+drwxr-xr-x 70 root     root      4096 Feb 21 22:04 ..
+-rwsr-x---  1 bandit20 bandit19 14876 Feb 21 22:03 bandit20-do
+-rw-r--r--  1 root     root       220 Jan  6  2022 .bash_logout
+-rw-r--r--  1 root     root      3771 Jan  6  2022 .bashrc
+-rw-r--r--  1 root     root       807 Jan  6  2022 .profile
+# here we can see that bandit20-do is owned by bandit20 but bandit19 can see it, 
+we can retrieve the password from this for the next level
+./bandit20-do
+./bandit20-do id
+uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) 
+groups=11019(bandit19)
+# uid - userid, gid-groupid, euid-effective user id (for us, our effective userid 
+is of bandit20)-for the moment we are bandit20
+./bandit20-do cat /etc/bandit_pass/bandit20
+VxCazJaVykI6W36BkBU0mJTCM8rR95XT
+
+open 2 terminal for bandit20, create a netcat listener on one terminal and 
+connect using suconnect script provided in the level
+on sending the password of bandit20 from netcat terminal you will re-receive the 
+password of bandit21
+T1 : nc -l 2000
+T2 : ./suconnect 2000
+T1 : bandit20 pass
+T2 : Receives bandit20 pass, sends nect password to T1 again
+T1 : NvEJF7oVjkddltPSrdKEFOllh9V1IBcq
+
+
+man 5 crontab
+man crontab
+man cron
+ls
+ls -la
+cd /etc
+cd cron.d
+ls -la
+cat cronjob_bandit22 
+copied the path in cronjob command
+ls /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
+cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
+WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
+
+ls
+cd /etc/cron.d
+cat cronjob_bandit23
+cat /usr/bin/cronjob_bandit23.sh
+CRONJOB_BANDIT23.SH STARTS
+#!/bin/bash
+
+myname=$(whoami)
+mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
+
+echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
+
+cat /etc/bandit_pass/$myname > /tmp/$mytarget
+CRONJOB_BANDIT23.SH ENDS
+
+bandit22@bandit:/etc/cron.d$ whoami
+bandit22
+bandit22@bandit:/etc/cron.d$ myname = whoami
+'myname: command not found
+bandit22@bandit:/etc/cron.d$ myname = $whoami
+myname: command not found
+bandit22@bandit:/etc/cron.d$ myname = $(whoami)
+myname: command not found
+bandit22@bandit:/etc/cron.d$ myname=$(whoami)
+bandit22@bandit:/etc/cron.d$ echo mynam
+mynam
+bandit22@bandit:/etc/cron.d$ echo myname
+myname
+bandit22@bandit:/etc/cron.d$ echo $myname
+bandit22
+bandit22@bandit:/etc/cron.d$ echo I am user $myname | md5sum | cut -d ' ' -f 1
+8169b67bd894ddbb4412f91573b38db3
+bandit22@bandit:/etc/cron.d$ echo I am user bandit22 | md5sum | cut -d ' ' -f 1
+8169b67bd894ddbb4412f91573b38db3
+bandit22@bandit:/etc/cron.d$ echo I am user bandit23 | md5sum | cut -d ' ' -f 1
+8ca319486bfbbc3663ea0fbe81326349
+bandit22@bandit:/etc/cron.d$ myname=bandit23
+bandit22@bandit:/etc/cron.d$ mytarget=I am user $myname | md5sum | cut -d ' ' -f 
+1
+am: command not found
+d41d8cd98f00b204e9800998ecf8427e
+bandit22@bandit:/etc/cron.d$ mytarget=$(echo I am user $myname | md5sum | cut -d 
+' ' -f 1)
+bandit22@bandit:/etc/cron.d$ echo mytarget
+mytarget
+bandit22@bandit:/etc/cron.d$ echo myname
+myname
+bandit22@bandit:/etc/cron.d$ echo $mytarget 
+8ca319486bfbbc3663ea0fbe81326349
+bandit22@bandit:/etc/cron.d$ echo "Copying passwordfile /etc/bandit_pass/$myname 
+to /tmp/$mytarget"
+Copying passwordfile /etc/bandit_pass/bandit23 to 
+/tmp/8ca319486bfbbc3663ea0fbe81326349
+bandit22@bandit:/etc/cron.d$ cat /tmp/8ca319486bfbbc3663ea0fbe81326349
+QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G
+
+ls
+cd /etc/cron.d
+cat cronjob_bandit24
+cat /usr/bin/cronjob_bandit24.sh
+myname=bandit24
+cd /var/spool/$myname/foo
+mkdir /tmp/mykt2
+chmod 777 /tmp/mykt2
+nano dahs.sh
+#!/usr/bin/bash
+
+cat /etc/bandit_pass/bandit24 > /tmp/mykt2/brobandit24.txt
+
+save the script
+chmod -x dahs.sh #making this script executable (i guess)
+after 1 min
+cat /tmp/mykt2/brobandit24.txt
+VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
+
+p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
+mkdir /tmp/mykt3
+cp /etc/bandit_pass/bandit24 /tmp/mykt3
+cd /tmp/mykt3
+nano script.sh
+chmod +x script.sh
+Put the following code in the file
+#!/usr/bin/bash
+
+for i in {000..9999}
+do
+        echo "VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar $i"
+done
+nc localhost 30002 | ./script.sh
+The password of user bandit25 is p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
+
+
+
+