0%

OverTheWire: bandit notes

网址:https://overthewire.org/wargames/bandit/

目前就34个关卡,大部分比较容易,有几个需要一些搜索.

不写整体的writeup了,只写其中做的几个笔记

find

find / -type f -user xxx -group yyy -size 33c ! -executable 2>/dev/null -exec cat {} \;

cut/awk

cat data.txt | grep millionth | cut -f 2

cat data.txt | grep millionth | awk '{print $2}'

sort

cat data.txt | sort | uniq -c | sort -nr | tail -n 1 | awk '{print $2}'

strings

cat data.txt | strings | grep =

tr for rot13

cat data.txt | strings | tr "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" "NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm"

xxd

xxd -r data.txt: reverse hexdump output to bin

zips

gzip -d data -c > data1
bzip2 -d data1
tar xvf data1.out

openssl

openssl s_client -connect localhost:30001

ssh using other tty

ssh -p 2220 -t bandit18@bandit.labs.overthewire.org /bin/sh

vi shell

1
2
:set shell=/bin/bash
:shell

git

git log -p -2
git diff commitid1 commitid2

switch to other branch

git remote show ==> shows the origin

git remote show origin ==> shows remote branches

git checkout dev ==> switch to dev branch

git show --name-only secret ==> shows the content of tag secret

git show-ref --tags -d ==> lists tags with their commits, the -d in order to dereference the annotated tag object (which have their own commit SHA1) and display the actual tagged commit.

git show --name-only <aTag> ==> list the tag and associated commit

bash

$0 ==> the shell name or script name

upload successful