Level 17:
Bandit Level 17 → Level 18
Level Goal
There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new
NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19
Commands you may need to solve this level
cat, grep, ls, diff
diff: 두 파일의 차이점을 알아내는 명령어
level 18:
Bandit Level 18 → Level 19
Level Goal
The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.
Commands you may need to solve this level
ssh, ls, cat
접속하면 바로 Byebye ! 로 접속이 closed 된다.
bashrc는 bash쉘을 실행할 때 바로 실행되는 명령어들을 저장
bashrc에서 바로 ssh를 끊어서 자동으로 closed가 되는데, readme 파일이 있는 것을 ssh접속할 때 바로 명령어를 입력해서 알게되었고, cat readme를 확인해보니 다음 레벨의 패스워드가 나왔다.
Level 19:
Bandit Level 19 → Level 20
Level Goal
To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.
Helpful Reading Material
setuid가 설정된 파일로 그 파일의 소유주의 권한으로 실행가능한 실행파일이였다.
Level 20:
Bandit Level 20 → Level 21
Level Goal
There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).
NOTE: Try connecting to your own network daemon to see if it works as you think
Commands you may need to solve this level
ssh, nc, cat, bash, screen, tmux, Unix ‘job control’ (bg, fg, jobs, &, CTRL-Z, …)
nc로 아무 포트에 리스닝을 시켜놓고 다른 터미널에서 1234포트로 setuid가 설정된 파일을 실행하고 패스워드 입력시 다음 레벨의 패스워드를 뱉어준다.
Level 21:
Bandit Level 21 → Level 22
Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
Commands you may need to solve this level
cron, crontab, crontab(5) (use “man 5 crontab” to access this)
Level 22:
Bandit Level 22 → Level 23
Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
Commands you may need to solve this level
cron, crontab, crontab(5) (use “man 5 crontab” to access this)
Level 23:
Bandit Level 23 → Level 24
Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…
Commands you may need to solve this level
chmod, cron, crontab, crontab(5) (use “man 5 crontab” to access this)
/var/spool/bandit24/foo에서 매분마다 . ..을 제외하고 bandit23소유인 파일을 60초동안 실행하고 삭제한다고 한다.
그래서 bandit24의 패스워드를 저장해두는 스크립트를 짜서 /var/spool/bandit24/foo에 복사해서 패스워드를 받아옴
Level 24:
Bandit Level 24 → Level 25
Level Goal
A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
You do not need to create new connections each time
만든 후 nc을 이용해서 nc localhost 30002 < pin.txt 로 0부터 9999까지의 수중에 secret number를 찾아낸다.
Level 25:
Bandit Level 25 → Level 26
Level Goal
Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it.
NOTE: if you’re a Windows user and typically use Powershell to ssh into bandit: Powershell is known to cause issues with the intended solution to this level. You should use command prompt instead.
Commands you may need to solve this level
ssh, cat, more, vi, ls, id, pwd
그냥 인증서가 있어서 그 인증서로 26레벨에 접속하려고 하는데, 바로 꺼짐
/bin/bash가 아니라서 쉘을 못 만들어내는 중인듯
showtext로 보면 exec more 명령어가 수행되는데 터미널 창을 줄이고 more이 실행되게 하고 v를 누르면 vi 편집기로 들어가고 :r /비밀번호 경로 하면 위에 패스워드가 뜸
기본 쉘 변경 후 :sh로 쉘로 접속
vi에서 :!명령어 가능
Level 26:
Bandit Level 26 → Level 27
Level Goal
Good job getting a shell! Now hurry and grab the password for bandit27!
Commands you may need to solve this level
ls
Level 27:
Bandit Level 27 → Level 28
Level Goal
There is a git repository at ssh://bandit27-git@localhost/home/bandit27-git/repo via the port 2220. The password for the user bandit27-git is the same as for the user bandit27.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
Level 28:
Bandit Level 28 → Level 29
Level Goal
There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo via the port 2220. The password for the user bandit28-git is the same as for the user bandit28.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
git log -p README.md 하면 commit으로 적용되기 전 내용들도 알 수 있음.
Level 29 :
Bandit Level 29 → Level 30
Level Goal
There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo via the port 2220. The password for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
| branch : 여러 개발자들이 동시에 다양한 작업을 할 수 있게 만들어 주는 기능 서로 독립적이기 때문에 영향을 주지 않는다. 서로 영향을 주지 않기 때문에 동시에 여러 작업을 할 수 있고 초기 브랜치는 master이다. |
git branch -r로 다른 브랜치의 작업환경을 확인하고 git checkout으로 다른 브랜치로 넘어가서 readme를 확인하면 된다.
git checkout origin/dev 으로 하고 readme를 확인하였다.
Level 30:
계속 같은 문제임.
commit의 id값을 tag로 별명을 준 듯 secret으로 설정되어있던데 show로 commit 내용 확인
Level 31:
key.txt파일을 git add -> git commit -> git push까지 하면 비밀번호를 응답해줬다.
.gitignore에서 *.txt가 되있어서 git add할 때 강제로 -f 주는 옵션을 사용했다.
Level 32:
시작부터 이런 페이지로 시작한다.
$0을 쓰면 쉘 스크립트의 이름이 출력되야하는데 없어서 그냥 가능하다는데 잘 모르겠다.
$0을 써서 쉘을 사용가능하게 만들고 passwd를 cat해서 찾는다. 다음 게임이 없어서 생략함.
'정보보안아카데미' 카테고리의 다른 글
| #30)XSS(Cross Site Script) (0) | 2025.09.30 |
|---|---|
| #29)BeeBox (0) | 2025.09.29 |
| #실습과제2 (1) | 2025.09.18 |
| #27 Wargame (0) | 2025.09.17 |
| #26 (0) | 2025.09.12 |
