In this post, we covered various concepts in Linux such as encoding and decoding, file compression,SSH,etc. This was part of OverTheWire Bandit CTF Level 10-Level19.
Levels 10 till 19 cover concepts such as ROT13, Base64 and hexadecimal encoding and decoding, file compression and decompression, SSH operations and how to handle SSH login when it’s prevented in the .bashrc file.
Level by Level Breakdown:
Here’s my journey through the next set of challenges:
Level 11: Decoding the Secret Message
- The Goal: The password for this level is hidden in a file called
data.txt
, but it’s encoded in Base64. - My Approach: This one was a quick win. I used the
base64 -d
command to decode the text and reveal the password.
Level 12: A Little Bit of Rotation
- The Goal: This time, the password was encrypted using a simple ROT13 cipher, where each letter is shifted 13 places forward in the alphabet.
- My Approach: The
tr
command was perfect for this. I used it to translate the characters back to their original form, giving me the password.
Level 13: The Never-Ending Compression
- The Goal: This was a fun one! The password was in a file that had been compressed over and over again.
- My Approach: I had to work in stages. First, I used
xxd -r
to reverse a hex dump. Then, I used a loop offile
to identify the compression type (gzip, bzip2, tar) and the corresponding decompression tool (gzip -d
,bzip2 -d
,tar -xf
) until I finally got to the plain text password.
Level 14: The Key to the Kingdom
- The Goal: I was given a private SSH key and needed to use it to log into the next level on
localhost
. - My Approach: The
ssh
command has an-i
option that lets you specify a private key file. I used that to log in and grab the password.
Level 15: Knock, Knock… Who’s There?
- The Goal: I had to send the current password to port 30000 on
localhost
. - My Approach: I used
echo
to pipe the password tonc
(netcat), which sent it to the correct port and gave me the next password in return.
Level 16: An Encrypted Conversation
- The Goal: This was similar to the last level, but this time I had to connect to port 30001 using SSL encryption.
- My Approach: The
openssl s_client
command was the tool for the job. I used it to create an SSL-encrypted connection and send the password.
Level 17: Port Scanning for Treasure
- The Goal: I had to find the right port in a range from 31000 to 32000 that was listening, using SSL, and would give me the credentials for the next level.
- My Approach: I used
nmap
to scan the port range and find the one that was open and running an SSL service. Once I found it, I usedopenssl s_client
again to connect and get a private key. I then used that key withssh
to log in and find the password.
Level 18: Spot the Difference
- The Goal: The password was the only line that had changed between two files:
passwords.old
andpasswords.new
. - My Approach: The
diff
command is made for this. I used it to compare the two files, and it showed me the one line that was different, which was the password.
Level 19: The Quick Escape
- The Goal: When I tried to log in to this level, I was immediately kicked out.
- My Approach: I figured out that the
.bashrc
file was logging me out as soon as I logged in. To get around this, I used the-t
option withssh
to force a pseudo-terminal, which gave me just enough time to run a command and read the password from thereadme
file.
Technical Commands Used:
Here are the commands I used in this walkthrough:
ls
cat
base64 -d
man
tr
mkdir
cp
mv
xxd -r
file
gzip -d
bzip2 -d
tar -xf
ssh -i
nc
echo
openssl s_client
nmap -sV -p
chmod 600
diff
ssh -t
Video Walkthrough
Show Comments