In this post, we covered various concepts in Linux such as encoding and decoding, file compression,SSH,etc. This was part of OverTheWire Bandit CTF Level 10-Level19.

Levels 10 till 19 cover concepts such as ROT13, Base64 and hexadecimal encoding and decoding, file compression and decompression, SSH operations and how to handle SSH login when it’s prevented in the .bashrc file.

Level by Level Breakdown:

Here’s my journey through the next set of challenges:

Level 11: Decoding the Secret Message

  • The Goal: The password for this level is hidden in a file called data.txt, but it’s encoded in Base64.
  • My Approach: This one was a quick win. I used the base64 -d command to decode the text and reveal the password.

Level 12: A Little Bit of Rotation

  • The Goal: This time, the password was encrypted using a simple ROT13 cipher, where each letter is shifted 13 places forward in the alphabet.
  • My Approach: The tr command was perfect for this. I used it to translate the characters back to their original form, giving me the password.

Level 13: The Never-Ending Compression

  • The Goal: This was a fun one! The password was in a file that had been compressed over and over again.
  • My Approach: I had to work in stages. First, I used xxd -r to reverse a hex dump. Then, I used a loop of file to identify the compression type (gzip, bzip2, tar) and the corresponding decompression tool (gzip -d, bzip2 -d, tar -xf) until I finally got to the plain text password.

Level 14: The Key to the Kingdom

  • The Goal: I was given a private SSH key and needed to use it to log into the next level on localhost.
  • My Approach: The ssh command has an -i option that lets you specify a private key file. I used that to log in and grab the password.

Level 15: Knock, Knock… Who’s There?

  • The Goal: I had to send the current password to port 30000 on localhost.
  • My Approach: I used echo to pipe the password to nc (netcat), which sent it to the correct port and gave me the next password in return.

Level 16: An Encrypted Conversation

  • The Goal: This was similar to the last level, but this time I had to connect to port 30001 using SSL encryption.
  • My Approach: The openssl s_client command was the tool for the job. I used it to create an SSL-encrypted connection and send the password.

Level 17: Port Scanning for Treasure

  • The Goal: I had to find the right port in a range from 31000 to 32000 that was listening, using SSL, and would give me the credentials for the next level.
  • My Approach: I used nmap to scan the port range and find the one that was open and running an SSL service. Once I found it, I used openssl s_client again to connect and get a private key. I then used that key with ssh to log in and find the password.

Level 18: Spot the Difference

  • The Goal: The password was the only line that had changed between two files: passwords.old and passwords.new.
  • My Approach: The diff command is made for this. I used it to compare the two files, and it showed me the one line that was different, which was the password.

Level 19: The Quick Escape

  • The Goal: When I tried to log in to this level, I was immediately kicked out.
  • My Approach: I figured out that the .bashrc file was logging me out as soon as I logged in. To get around this, I used the -t option with ssh to force a pseudo-terminal, which gave me just enough time to run a command and read the password from the readme file.

Technical Commands Used:

Here are the commands I used in this walkthrough:

  • ls
  • cat
  • base64 -d
  • man
  • tr
  • mkdir
  • cp
  • mv
  • xxd -r
  • file
  • gzip -d
  • bzip2 -d
  • tar -xf
  • ssh -i
  • nc
  • echo
  • openssl s_client
  • nmap -sV -p
  • chmod 600
  • diff
  • ssh -t

Video Walkthrough

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles