Wargame Bandit Answer

-
Wargames bandit
Level 0
  • ·       I have chosen a tool for remote login. Its putty.
  • ·       Enter the host name : “bandit.labs.overthewire.org”, password and user name : bandit0 and password0 in the putty.




Level 0 to 1
·     Then use the ls-a command and check the files of present working directory.

·       Use to cat command to view the readme file and get the password for login to the level1.
·       Password is : boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Level 1 to 2
·       Login to the level 2 by using password from you got previous level “boJ9jbbUNNfktd78OOpsqOltutMc3MY1”
·       Writ the ls command and view the file list of present working directory

·       then write the command cat ./- to view the dash file. And get the password for nextlevel : CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9


Level 2 to 3
·       Use to ls command and get file called ass "spaces in this filename". that has space between two words in the file name so we should use to forward slash between the space to get the password : UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK


Level 3 to 4
  • Use to cd command for change the present working directory from home to in to the inhere directory. then write the ls –a command and get ".hidden" file then use to cat .hidden to find the password. 
  • password: “pIwrPrtPN36QITSp3EQaw936yaFoFgAB”



Level 4 to 5
  • use the file command and find human readable file.
  • normally dash with word or latter has some specific operation in unix but in this case we have dash with filename. we should neutralize this dash so would add this key" ./- " for neutralize.
  • pass word is :  koReBOKuIDDepwhWk7jZC0RTdopnAYKh


level 5 to 6
  • use find command with size key word and get the file.


 password is : DXjZPULLxYr17uwoI01bNLQbtFemEgo7

level 6 to 7
  • this one also like previous one.
  • password is : HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs



level 7 to 8
  • use to grep command for find the "miillionth".


level 8 to 9
·       sort the data and get the unique file and by using cat data.txt | sort | uniq  –u and get the password for next level
“UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR”
Note: there are so many function in uniq command that’s we should use to –u

Level 9 to 10
·       password into the data.txt that be human readable string format that why we should use string command and get password : truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk



Level 10 to 11
·       pass word base on base 64 format also its encrypted that’s why we should use below command

·       The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
Level 11 to 12
·       We need to use tr command for Translate the character and get the password “5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu”



          

Comments

Post a Comment

Popular posts from this blog

Install android studio on the parrot os

-
Image
parrot OS is based on Linux environment so we have to download Linux version of android studio. if you want Linux version android studio just click here . after the download is completed you will get the zip file of the android studio. so you need to unzip it first. then you can see several files within the unzipped folder. figure 1 represents the sample output. Figure 1 then go to bin folder which is stored in the unzipped folder. after opening the bin folder, you can see studio.sh shell script. if you execute that, the android studio will be running on your PC's.  Note:- you have to give execute permission to studio.sh for the current user before you execute studio.sh script. (sudo chmod u+x studio.sh) Figure 2 but we will be doing like this. it's annoying, so now we are going to the terminal command that is helped to us to access android studio by using terminal commands.  move your unzipped file to "/root" from Downloads. then go to "/usr
Read more

How to do simple brute force attack with burp suite

-
Image
What is brute force attack? brute force is a kind of password based attack. normally attacker checks each and every possible combination until reaching the expected output. so an attacker should check the huge amount of data but the normal human cannot do this kind of things. that's why we must move on some predefine tools to do this kind of attacks. work through this is the sample login page. we are going to attack this page and get the login credentials.(note: this is a basic login form it does not have any prevention mechanism for brute force attack.) let's try any value on this form and capture the data packet for analyzing. after analyzed we can say these data packets have username and password, which we entered previously. so we have to forward this data packet to intruder tab (right click and select intruder option). now  go to the intruder and mark the target variables which are carrying username and password. The below figure shows that. Note:
Read more

PoC video of How to Hack Gmail and Bitcoin Wallet using SS7 flaw

-
Image
A long time ago we published a report about how someone can hack WhatsApp with the SS7 by default. The standard SS7 exists for eons now with corrections, but GSM and telecom companies do not bother or trouble to repair their infrastructure against the standard. Now a Cyber ​​Security Company called Positive Technologies has released a video detail as anyone in any Gmail account can hack with a name and a phone number with the standard SS7. After the abduction of the Gmail account of the victim, the investigators then tried to steal a Bitcoin wallet with the same SS7 defect. Positive researchers sent their video to Thomas Fox-Brewster, an investigating reporter for Forbes, as well as details about hacking. What is the SS7 error? The vulnerability is found in the signaling system 7 or SS7, the technology used by telecommunication operators where the high-security message system and telephone calls depend. SS7 is a set of telephone signaling protocols developed in 1975 that make i
Read more