Bandit:Level 1 - Level 10

Level1

bandit1@bandit:~$ ls -al
total 24
-rw-r-----  1 bandit2 bandit1   33 Apr 23 18:04 -
drwxr-xr-x  2 root    root    4096 Apr 23 18:04 .
drwxr-xr-x 70 root    root    4096 Apr 23 18:05 ..
-rw-r--r--  1 root    root     220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root    root    3771 Jan  6  2022 .bashrc
-rw-r--r--  1 root    root     807 Jan  6  2022 .profile
bandit1@bandit:~$ cat -
^C
bandit1@bandit:~$ cat ./-
rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi

 

Level2

bandit2@bandit:~$ ls
spaces in this filename
bandit2@bandit:~$ cat "spaces in this filename"
aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
bandit2@bandit:~$ cat spaces\ in\ this\ filename
aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG

 

Level3

- ls 명령어 옵션

-a : hidden 파일 볼 수 있음

-R : 하위 디렉터리 출력

-l : 상세정보 출력

bandit3@bandit:~$ ls -alR
.:
total 24
drwxr-xr-x  3 root root 4096 Apr 23 18:04 .
drwxr-xr-x 70 root root 4096 Apr 23 18:05 ..
-rw-r--r--  1 root root  220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root root 3771 Jan  6  2022 .bashrc
drwxr-xr-x  2 root root 4096 Apr 23 18:04 inhere
-rw-r--r--  1 root root  807 Jan  6  2022 .profile

./inhere:
total 12
drwxr-xr-x 2 root    root    4096 Apr 23 18:04 .
drwxr-xr-x 3 root    root    4096 Apr 23 18:04 ..
-rw-r----- 1 bandit4 bandit3   33 Apr 23 18:04 .hidden
bandit3@bandit:~$ cat ./inhere/.hidden
2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe

 

Level4

- file 명령어

파일의 종류 확인

bandit4@bandit:~$ cd inhere
bandit4@bandit:~/inhere$ ls -al
total 48
drwxr-xr-x 2 root    root    4096 Apr 23 18:04 .
drwxr-xr-x 3 root    root    4096 Apr 23 18:04 ..
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file00
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file01
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file02
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file03
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file04
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file05
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file06
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file07
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file08
-rw-r----- 1 bandit5 bandit4   33 Apr 23 18:04 -file09
bandit4@bandit:~/inhere$ cat ./-file00
�Ű��Bη���b<Q�Ƞ�+V�iO�1�[5{�bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: Non-ISO extended-ASCII text, with no line terminators
bandit4@bandit:~/inhere$ cat ./-file07
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR

 

Level5

- Hint

1033 bytes in size

 

- find 명령어 표현식

-size : 파일 크기를 사용하여 파일 검색

b(블록단위), c(byte), k(kbyte), w(2byte word)

 

ex) find . -size 1033c

현재 디렉터리에서 1033 byte 파일 검색

ex) find . -size +1033c

현재 디렉터리에서 1033 byte  보다 큰 파일 검색

ex) find . -size -1033c

현재 디렉터리에서 1033 byte  보다 작은 파일 검색

bandit5@bandit:~$ ls
inhere
bandit5@bandit:~$ cd inhere
bandit5@bandit:~/inhere$ ls -alR
.:
total 88
drwxr-x--- 22 root bandit5 4096 Apr 23 18:04 .
drwxr-xr-x  3 root root    4096 Apr 23 18:04 ..
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere00
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere01
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere02
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere03
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere04
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere05
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere06
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere07
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere08
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere09
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere10
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere11
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere12
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere13
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere14
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere15
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere16
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere17
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere18
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 maybehere19

./maybehere00:
total 72
.
.
.

./maybehere19:
total 76
drwxr-x---  2 root bandit5 4096 Apr 23 18:04 .
drwxr-x--- 22 root bandit5 4096 Apr 23 18:04 ..
-rwxr-x---  1 root bandit5 6302 Apr 23 18:04 -file1
-rwxr-x---  1 root bandit5 7209 Apr 23 18:04 .file1
-rw-r-----  1 root bandit5 5594 Apr 23 18:04 -file2
-rw-r-----  1 root bandit5 4740 Apr 23 18:04 .file2
-rwxr-x---  1 root bandit5 7965 Apr 23 18:04 -file3
-rwxr-x---  1 root bandit5  494 Apr 23 18:04 .file3
-rwxr-x---  1 root bandit5 7186 Apr 23 18:04 spaces file1
-rw-r-----  1 root bandit5 8785 Apr 23 18:04 spaces file2
-rwxr-x---  1 root bandit5 2307 Apr 23 18:04 spaces file3

bandit5@bandit:~/inhere$ find ./* -size 1033c
./maybehere07/.file2
bandit5@bandit:~/inhere$ cat ./maybehere07/.file2
P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU

 

Level6

- Hint

• owned by user bandit7
• owned by group bandit6
• 33 bytes in size

 

- find 명령어 표현식

-user : 해당 유저에 속한 파일 검색

-group : 해당 그룹에 속한 파일 검색

 

 

- file descriptor

프로세스에서 특정 파일에 접근할 때 사용하는 추상적인 값

0 : standard input, 표준 입력

1 : standard output, 표준 출력

2 : standard error, 표준 에러

 

- /dev/null

출력 값을 표시하지 않도록 하며, null 장치라고도 부름

 

ex) 2>/dev/null

표준 에러를 /dev/null로 보내 출력하지 않음

 

bandit6@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 Apr 23 18:04 .
drwxr-xr-x 70 root root 4096 Apr 23 18:05 ..
-rw-r--r--  1 root root  220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root root 3771 Jan  6  2022 .bashrc
-rw-r--r--  1 root root  807 Jan  6  2022 .profile
bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c
find: ‘/var/log’: Permission denied
find: ‘/var/crash’: Permission denied
.
.
.
find: ‘/sys/fs/bpf’: Permission denied

bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S

 

Level7

- Hint

The password for the next level is stored in the file data.txt next to the word millionth

 

- | (pipe)

한 명령어의 표준 출력을 다른 명령어의 표준 입력으로 연결

 

- grep 명령어

파일 내 지정한 문자열이나 정규 표현식을 포함한 행을 출력해줌

 

bandit7@bandit:~$ ls -al
total 4108
drwxr-xr-x  2 root    root       4096 Apr 23 18:04 .
drwxr-xr-x 70 root    root       4096 Apr 23 18:05 ..
-rw-r--r--  1 root    root        220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root    root       3771 Jan  6  2022 .bashrc
-rw-r-----  1 bandit8 bandit7 4184396 Apr 23 18:04 data.txt
-rw-r--r--  1 root    root        807 Jan  6  2022 .profile

bandit7@bandit:~$ cat data.txt | grep "millionth"
millionth       TESKZC0XvTetK0S9xNwm25STk5iWrBvP

 

Level8

- Hint

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

 

- sort 명령어

파일의 내용 정렬

 

- uniq 명령어

중복된 내용의 행이 연속으로 있으면 하나만 남기고 삭제

분산된 중복은 찾아내지 못하기 때문에, 정렬하여 순차적으로 만든 뒤 적용해야 함

-u 옵션 : 중복 라인이 없는 것만 보여줌

 

bandit8@bandit:~$ ls
data.txt
bandit8@bandit:~$ cat data.txt | sort | uniq -u
EN632PlfYiZbn3PhVK3XOGSlNInNE00t
bandit8@bandit:~$ sort data.txt | uniq -u
EN632PlfYiZbn3PhVK3XOGSlNInNE00t

 

Level9

- Hint

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

 

- grep 명령어 옵션

-a, --text : 파일을 바이너리 파일로 인식하여 오류 날 때, ASCII text로 인식해줌

 

- strings

특정 파일에서 문자열만 추출

 

bandit9@bandit:~$ ls
data.txt
bandit9@bandit:~$ cat data.txt | grep '==='
grep: (standard input): binary file matches
bandit9@bandit:~$ cat data.txt | grep '===' -a
ep�f��x��PJ�e��]s��42��,h��GT\���A�P&����hI! ��lD��L��x�K}�v�JjP�գ���V���{z��7wzP����9Ū%�CIyb�q��i��&&�/C��q (�R���R���S�Q~�AD�7��F5Ď��!G8K��u�_��0�&ÓT���MK@��4==========�C��;aG��|B��u#Cudf
�?� ��?l�eM��q��딕B�YBn�KI�ao���        �=�ys_?^�J���========== password�#��J\▒9�Þ�a���q.������zf�4���i▒l�v�՗▒��Lt|���V8���q쎢��?��诃�Hf��:�n&��4
                                 �W���Ժ��ݭ4�v�8��4mm��*�W�ll�6�����▒˻��m"���;=��2��I�Q��_�1BV�L��d6�T�6+ʝw�n���M�iԁ�
�#;��8����=Td��w����i�m��vq����&▒���N=��4�?{���%>-XUZg�5Nզ      o|ubv�hZ�h��j`�d��苺1�6�❨▒�����Yp���}]@�6a@��(�9],0��/"�j.��!����0�҂�z�3W�J"�[�j��#"q��Ա7
                                                                    d�پ/
                                                                        3Ы�=/A�S��▒��vԕ���k�▒;5�(ãp�"]��.�������
                           �Q.dPY/z���M��ȱK~3����K<�����3N;��Y��J���hl���F���w8�5�o�X���<g1�========== is�c▒{�
��J�'Pc�����k�i���       ��
                  N��[�a-�@#=�-����ڀ��M`^��f    F��JW���8��],����c0����"��N.a�����f���f�S��ӭ�
        �Ѥ|����+#��{����@_)�#T�TT�QA�3Y�ⱄg�w�f!(IG���I��M_�K��Fz�E��R�(#3���o��!��7�M�$�漸T%��{�޾���[D")l4z�z'~��6�l�D#�s�O�ݠ��)��r3���M<��h��ǥwϖ��7���
                                                                  �3 ��8E�T$h_Y�HÁ��=M��m�9xu��z�鱍T�vL�
                   ��8`;▒c�2���\▒���[D#
ɝ��c    �7�{��qî�Ņ�^�)A6�\����UYKPT�fXqk{~���   ܥ`�0%�Q�Xde����5�朁��O�5�3��J�d�ݜ���0�*D���f��C�4��U��▒t��*�����R�+�د"�\�
�H]+�D���~��"��9��1t��*�b�`�K�ʫ���L��V�$
                                     �٨M���t�o��<�.��"�g˘JH)���l&���=������*����R-�C�========== G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s
bandit9@bandit:~$ strings data.txt | grep '=='
4========== the#
========== password
========== is
========== G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s

 

Level10

- Hint

The password for the next level is stored in the file data.txt, which contains base64 encoded data

 

- base64 옵션

-d, --decode : 디코드

 

bandit10@bandit:~$ cat data.txt
VGhlIHBhc3N3b3JkIGlzIDZ6UGV6aUxkUjJSS05kTllGTmI2blZDS3pwaGxYSEJNCg==
bandit10@bandit:~$ cat data.txt | base64 --decode
The password is 6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM