Recap
Bandit had us go through a number of machines that we SSH’d into. We needed to find a password file, or in some cases an SSH private key, to login to the next level.
We went through 26 levels (0-25) and learnt a bunch about some fairly standard Linux commands, as well as nifty tools that’ll help us in the future.
Commands used
- ssh [[email protected]]host [command]
- used to connect to each machine
- -p to specify a non-standard port to connect to
- -i to specify an identity (SSH private key) file
- [command] at end runs as soon as connection is made
- ls [directory]
- used to list files in a directory
- -l to list more details
- -a to show ALL files (including hidden)
- cat file
- output a file’s contents to the screen
- echo string
- outputs the provided string
- file file
- used to get various types of information on a file
- find [root search directory]
- used to find files
- -executable to find executable files
- -size to find specific sized files (1033c is bytes)
- -user to specify the user the file belongs to
- -group to specify the group the file belongs to
- ! to negate an option
- grep string file
- used to find text in a file
- uniq file
- used to output unique lines in a file
- -u to only output lines that occur once
- best used with sort
- sort file
- by default, sorts lines in a file in alphanumeric order
- strings file
- finds ASCII strings in a file
- base64 string
- converts a string to base64 encoding
- -r to decode a base64 string
- tr pattern1 pattern2
- translates a string based on patterns
- mkdir [path/]name
- creates a directory
- cp source-file dest-file
- copies a file
- mv source-file dest-file
- moves a file
- xxd file
- creates a hexdump of a file
- -r attempts to reconstruct file from hexdump
- gunzip file
- decompress .gz files
- bunzip2 file
- decompress .bz2 files
- tar -f file
- used to archive and unarchive files
- -x to unarchive
- -f to specify file to unarchive
- scp [[[email protected]]host:]source-filepath [[[email protected]]host:]dest-filepath
- copy a remote file using SSH
- -P to specify a nonstandard port
- nc address port
- connect to/open a port
- -l to create a listening port
- you can pipe an echo to output something to whoever connects
- openssl s_client [-connect host:port]
- used to connect to an SSL port
- -ign_eof to keep connection open after input finished
- -quiet to remove extraneous output
- nmap address/range
- scans an address or address range for available hosts, open ports, etc.
- -p to specify port, ports, port range.
- -A to get a crapload of information. Runs scripts, service discovery, traceroutes, etc.
- diff file1 file2
- compares two files and outputs differences
- whoami
- outputs the user the command is run as
- chmod [permissions] file/directory
- changes the permissions of a file or directory
- can use octal or specify bits with u, g, o (user, group, other) and +/– with r, w, x (read, write, execute
- e.g. chmod u+x test.sh will add execute permission to the user on test.sh
- sleep time
- waits the specified amount of time in seconds
Concepts learned
- using quotes, backslashes, and relative/full paths to open files with special characters in the filename
- wildcarding with *
- chaining commands with &&
- piping command output with |
- running commands in the background with &
- redirecting output to files with >
- appending output to files with >>
- redirecting errors with 2>
- using setuid to run programs as a different user
- reading /etc/cron.d to see what period tasks are running
- using command substitution with
- creating and editing text files with vi
- changing permissions to allow other users to read, write, and execute to files/directories
- basic BASH scripting
-
1234for ((i=x;idodone
Creates a counter loop starting at x and ending before y, increasing i by 1 each loop - using variables with $<variable>
-
- brute-forcing
- why it sucks
- why you sometimes need to slow down your brute-forcing
- finding user information in /etc/passwd
- keeping a connection open that uses more
- breaking out of more using a text editor, then using that text editor to read other files