Bandit Summary

Recap Bandit had us go through a number of machines that we SSH’d into. We needed to find a password file, or in some cases an SSH private key, to login to the next level. We went through 26 levels (0-25) and learnt a bunch about some fairly standard Linux...

Bandit Level 25

Level Goal Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it. Solution Password: uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG 1 $ ssh...

Bandit Level 24

Level Goal A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called...

Bandit Level 23

Level Goal A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. NOTE: This level requires you to create your own first shell-script. This is...

Bandit Level 22

Level Goal A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. Solution Password: Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI 1 $ ssh...

Bandit Level 21

Level Goal A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. Solution Password: gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr 1 $ ssh...