| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |
Tags
- kernel
- 시스템해킹
- Pwnable.kr
- 커널
- 포너블
- 리버싱
- 시스템
- Leviathan
- write up
- 알고리즘
- 어셈블리어
- 리눅스 커널
- 시스템 프로그래밍
- pwn.college
- 워게임
- C++
- pwncollege
- css
- 컴퓨터구조
- Bandit
- 시그널
- 프로그래밍
- 리눅스커널
- 시스템프로그래밍
- wargame
- 리눅스
- 하드링크
- multiplexing
- radare2
- C언어
Archives
- Today
- Total
Computer Security
#16 Wargame bandit 13 (Level26 ~ Level28), git clone명령어 본문
Level26 -> Level27
그 전 레벨에서 수고했다 한다. 이제 bandit25에서 bandit26의 shell을 땄는데, 바로 bandit27을 그상태에서 얻어 보라는 뜻이다.
1.ls 를 통해 살펴보니 예전에 풀었던 bandit19 문제와 똑같다.
bandit26@bandit:~$ ls -al
total 36
drwxr-xr-x 3 root root 4096 May 7 2020 .
drwxr-xr-x 41 root root 4096 May 7 2020 ..
-rwsr-x--- 1 bandit27 bandit26 7296 May 7 2020 bandit27-do
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
drwxr-xr-x 2 root root 4096 May 7 2020 .ssh
-rw-r----- 1 bandit26 bandit26 258 May 7 2020 text.txtbandit19 참고하자.
#12 Wargame bandit 9 (Level19 ~ Level21), setuid,nc 명령어
Level19 -> Level20 다음 레벨에 액세스하려면 홈 디렉토리에서 setuid 바이너리를 사용해야 합니다. 인수 없이 실행하여 사용법을 알아보세요. 이 레벨의 비밀번호는 setuid 바이너리를 사용한 후 일반
h2861331.tistory.com
2. ./bandit27-do cat /etc/bandit_pass/bandit27 을 이용해 27의 비밀번호를 알아낸다.
bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
3ba3118a22e93127a4ed485be72ef5ea
3. 위에서 얻은 bandit27 비밀번호: 3ba3118a22e93127a4ed485be72ef5ea 를 통해 bandit27에 접속하면 성공!
For your convenience we have installed a few usefull tools which you can find
in the following locations:
* gef (https://github.com/hugsy/gef) in /usr/local/gef/
* pwndbg (https://github.com/pwndbg/pwndbg) in /usr/local/pwndbg/
* peda (https://github.com/longld/peda.git) in /usr/local/peda/
* gdbinit (https://github.com/gdbinit/Gdbinit) in /usr/local/gdbinit/
* pwntools (https://github.com/Gallopsled/pwntools)
* radare2 (http://www.radare.org/)
* checksec.sh (http://www.trapkit.de/tools/checksec.html) in /usr/local/bin/checksec.sh
--[ More information ]--
For more information regarding individual wargames, visit
http://www.overthewire.org/wargames/
For support, questions or comments, contact us through IRC on
irc.overthewire.org #wargames.
Enjoy your stay!
bandit27@bandit:~$Level27 -> Level28
ssh://bandit27-git@localhost/home/bandit27-git/repo에 git 저장소가 있습니다.
bandit27-git 사용자의 비밀번호는 bandit27 사용자의 비밀번호와 동일합니다.
저장소를 복제하고 다음 레벨의 비밀번호를 찾으십시오.
1. 현재 디렉토리는 bandit27의 권한이 없어서 cd /tmp로 접근한다.
bandit27@bandit:~$ ls -al
total 20
drwxr-xr-x 2 root root 4096 May 7 2020 .
drwxr-xr-x 41 root root 4096 May 7 2020 ..
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
bandit27@bandit:~$ cd /tmp
2. mkdir ./gg 를 이용해 gg라는 디렉토리를 하나 만든다.
bandit27@bandit:/tmp$ mkdir ./gg
bandit27@bandit:/tmp$ cd ./gg
bandit27@bandit:/tmp/gg$ ls -al
total 1992
drwxr-sr-x 2 bandit27 root 4096 Jul 18 12:45 .
drwxrws-wt 1 root root 2031616 Jul 18 12:45 ..
3. git clone 명령어를 이용해 git clone ssh://bandit27-git@localhost/home/bandit27-git/repo 저장소를 복제한다.
bandit27@bandit:/tmp/gg$ git clone ssh://bandit27-git@localhost/home/bandit27-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit27/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit27/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit27-git@localhost's password:
Permission denied, please try again.
bandit27-git@localhost's password:
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
4. repo 디렉토리 안에 있는 README를 읽으면, bandit28의 비밀번호가 나온다.
bandit27@bandit:/tmp/gg$ ls -al
total 1996
drwxr-sr-x 3 bandit27 root 4096 Jul 18 12:46 .
drwxrws-wt 1 root root 2031616 Jul 18 12:46 ..
drwxr-sr-x 3 bandit27 root 4096 Jul 18 12:46 repo
bandit27@bandit:/tmp/gg$ cd repo
bandit27@bandit:/tmp/gg/repo$ ls -al
total 16
drwxr-sr-x 3 bandit27 root 4096 Jul 18 12:46 .
drwxr-sr-x 3 bandit27 root 4096 Jul 18 12:46 ..
drwxr-sr-x 8 bandit27 root 4096 Jul 18 12:46 .git
-rw-r--r-- 1 bandit27 root 68 Jul 18 12:46 README
bandit27@bandit:/tmp/gg/repo$ cat README
The password to the next level is: 0ef186ac70e04ea33b4c1853d2526fa2
5. 위에서 얻은 bandit28: 0ef186ac70e04ea33b4c1853d2526fa2 을 통해 bandit28에 접속하면 성공!
For your convenience we have installed a few usefull tools which you can find
in the following locations:
* gef (https://github.com/hugsy/gef) in /usr/local/gef/
* pwndbg (https://github.com/pwndbg/pwndbg) in /usr/local/pwndbg/
* peda (https://github.com/longld/peda.git) in /usr/local/peda/
* gdbinit (https://github.com/gdbinit/Gdbinit) in /usr/local/gdbinit/
* pwntools (https://github.com/Gallopsled/pwntools)
* radare2 (http://www.radare.org/)
* checksec.sh (http://www.trapkit.de/tools/checksec.html) in /usr/local/bin/checksec.sh
--[ More information ]--
For more information regarding individual wargames, visit
http://www.overthewire.org/wargames/
For support, questions or comments, contact us through IRC on
irc.overthewire.org #wargames.
Enjoy your stay!
bandit28@bandit:~$'Wargame:Bandit' 카테고리의 다른 글
| #18 Wargame bandit 15 (Level30 ~ 33(End)), git show-ref, git 파일 추가 (0) | 2022.07.25 |
|---|---|
| #17 Wargame bandit 14 (Level28 ~ Level30), branch,git log,git show,git checkout 명령어 (0) | 2022.07.24 |
| #15 Wargame bandit 12 (Level24 ~ Level26), 브루트포스공격,more명령어 (0) | 2022.07.22 |
| #14 Wargame bandit 11 (Level23 ~ Level24), touch,bash,cp (0) | 2022.07.21 |
| #13 Wargame bandit 10 (Level21 ~ Level23), tmp (0) | 2022.07.19 |
'Wargame:Bandit' Related Articles
more
Comments