OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 23-25 LEVELS

This is overthewire series with bandit walkthrough from level 23 – 26. If you haven’t gone through the previous articles on OVERTHEWIRE Bandit then follow the links below!

Overthewire:Bandit walkthrough Series 1-5 Levels

OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 5-12 LEVELS

OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 12-15 LEVELS

OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 16-18 LEVELS

Level 22 – 23

Login into bandit22 with the password we obtained in the article above.

The hint for this level says:

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

So I looked into /etc/cron.d and found cronjob_bandit23

overthewire bandit level 23

There is a script called cronjob_bandit23.sh which is running. When you cat this script, you will find :

It is taking the current user and storing its value in myname variable

It is then storing the value of the md5 hash of the current user profile into the variable called mytarget.

Then it is coping the password from etc/bandit_pass/levelname to /tmp/md5hash generated above.

The script seems pretty obvious so. I individually ran the lines of the script to get the value and password.

overthewire bandit 23

overthewire bandit 23The above screenshot is the password for the level 23.

LEVEL 23 – 24

Login as bandit23 with the password obtained above.

This level is similar to the last level.

The hint says:

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…

You don’t have to create a script or anything.

The password can be easily obtained by the steps we followed in the last level. If you want you can create a script!

overthewire bandit 24

The above code is nothing but the deletion code.The hint says that our script will be deleted once we execute it. This piece of code does that!

overthewire bandit 24

I have used the above strategy to get the password for level 24!

LEVEL 24 -25:

Login as bandit24 with above credentials.

The hint for this level says:

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.

overthewire bandit 25

The above screenshot is the output for the nc command when I connected localhost at 30002 from bandit24 login.

In this particular level we need to create a script that will brute force the pincode for this level.

My script is:

#!/bin/bash
ban24=UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
for i in {1000..10000}
do
b=$(echo $ban24" "$i | nc localhost 30002)

if [[ $b != *"Wrong"* ]]
then
echo "Pin is: $i "
echo "$ban24 $i" |nc localhost 30002
break
fi
echo "trying pin" $i
echo "$b"
done

You will have to wait patiently for million years and then it will give you the *password*.

overthewire bandit 25

The link for level 26 is here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.