Pages

Search

Bandit CTF – Level 8

level 7–>8 bandit7@bandit:~$ ls -la bandit7@bandit:~$ cat data.txt | grep -s millionth password = cvX2XXXXXXXXXXXXXXXXXXXXXXXXXXXX

HTB Delivery

Add the box to the host file. $ sudo nano /etc/hosts $ nmap delivery.htb -A -p- -T4 Open ports: Site inspection: http://delivery.htb http://delivery.htb/#contact-us http://helpdesk.delivery.htb/index.php http://delivery.htb:8065 As you can create a user into Mattermost server we can start here: http://delivery.htb:8065/should_verify_email?email=user%40rffuste.com We should verify the email, but no email is going to be received.So we need to find a new way. If we focus on Helpdesk site, http://helpdesk.delivery.htb/index.php We can create a

HTB Academy

$ sudo nano /etc/hosts $ nmap academy.htb -A -p- -T4 Open ports: 22(tcp) – ssh 80(tcp) – http 33060(tcp) – mysql Access to http://academy.htb $ python ~/tools/dirsearch/dirsearch.py -u http://academy.htb http://academy.htb/admin.php http://academy.htb/register.php After this step, we would be able to log in to this site. Inspecting with Burb Suite the request when we register our user we can observe: What would happen if we change this value when creating a new user? Modify

Bandit CTF – Level 7

level 6–>7 bandit6@bandit:~$ ls -la bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password password = HKBPXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 6

Level 5 –> 6 bandit5@bandit:~$ ls -la bandit5@bandit:~$ cd inhere/bandit5@bandit:~/inhere$ ls -la bandit5@bandit:~/inhere$ find . -type f -readable ! -executable -size 1033c bandit5@bandit:~/inhere$ cat ./maybehere07/.file2 password = DXjZXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 5

level 4 –> 5 bandit4@bandit:~$ ls -la bandit4@bandit:~$ cd inhere/bandit4@bandit:~/inhere$ ls -la bandit4@bandit:~/inhere$ cat ./-file07 password = koReXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 4

level 3 –> 4 bandit3@bandit:~$ ls -la bandit3@bandit:~$ cd inherebandit3@bandit:~/inhere$ ls -la bandit3@bandit:~/inhere$ cat .hidden password = pIwrXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF – Level 3

Level 2 –> 3 bandit2@bandit:~$ ls -la bandit2@bandit:~$ cat ./spaces\ in\ this\ filename password = UmHaXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Bandit CTF

Today I start publishing some of the first solutions to the Bandit CTF.http://overthewire.org/wargames/bandit/ In this first post, I’ll publish the first two levels. level 0 –> 1 $ ssh bandit0@bandit.labs.overthewire.org -2220 pass = bandit0 bandit0@bandit:~$ ls bandit0@bandit:~$ cat readme password = boJ9XXXXXXXXXXXXXXXXXXXXXXXXXXXX level 1 –> 2 bandit1@bandit:~$ ls -la bandit1@bandit:~$ cat ./- password level = CV1DXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Pyenv install and ussage

Install $ sudo apt-get install -y build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python3-openssl git$ curl https://pyenv.run | bash If we are using ZSH then we will now add the proper lines to our .zshrc. $ echo ‘export PYENV_ROOT=»$HOME/.pyenv»‘ >> ~/.zshrc$ echo ‘export PATH=»$PYENV_ROOT/bin:$PATH»‘ >> ~/.zshrc$ echo -e ‘if command -v pyenv 1>/dev/null 2>&1; then\n eval «$(pyenv init -)»\nfi’ >> ~/.zshrc Restart