介绍一个练习Linux的网站OverTheWire以及Level0解题过程
网站地址:https://overthewire.org/wargames/bandit/
OverTheWire是一个wargame网站,其中Bandit部分适合学习各种Linux指令,与大多数其他类似网站一样,根据难度组织不同的级别, 将从 0 级开始,并尝试 “完成”它。 完成一个级别会获得有关如何开始下一个级别的信息。
级别0: Bandit Level 0
级别目标:Level Goal
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
此级别的目标是使用 SSH 目标服务器,需要连接的主机是bandit.labs.overthewire.org,端口为2220。用户名是bandit0,密码是bandit0。 登录后,前往 Level 1 页面了解如何完成Level 1。
Commands you may need to solve this level
Ssh
可以使用的命令:
Ssh
解题过程:
级别0很简单,无需赘言,就是在考察ssh客户端工具命令选项的使用,默认情况下ssh使用端口22,但此题要求为2220端口,因此需要明确指定该端口。
┌──(root💀kali)-[~] └─# ssh -p 2220 bandit0@bandit.labs.overthewire.org 255 ⨯ The authenticity of host '[bandit.labs.overthewire.org]:2220 ([176.9.9.172]:2220)' can't be established. ED25519 key fingerprint is SHA256:xOMImN4lodtNUxc+8pieveXo7KEdBMztFjgmIcfdVmk. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[bandit.labs.overthewire.org]:2220' (ED25519) to the list of known hosts. This is a OverTheWire game server. More information on http://www.overthewire.org/wargames bandit0@bandit.labs.overthewire.org's password: Linux bandit.otw.local 5.4.8 x86_64 GNU/Linux ,----.. ,----, .---. / / \ ,/ .`| /. ./| / . : ,` .' : .--'. ' ; . / ;. \ ; ; / /__./ \ : | . ; / ` ; .'___,/ ,' .--'. ' \' . ; | ; \ ; | | : | /___/ \ | ' ' | : | ; | ' ; |.'; ; ; \ \; : . | ' ' ' : `----' | | \ ; ` | ' ; \; / | ' : ; . \ .\ ; \ \ ', / | | ' \ \ ' \ | ; : / ' : | : ' |--" \ \ .' ; |.' \ \ ; www. `---` ver '---' he '---" ire.org Welcome to OverTheWire! If you find any problems, please report them to Steven or morla on irc.overthewire.org. --[ Playing the games ]-- This machine might hold several wargames. If you are playing "somegame", then: * USERNAMES are somegame0, somegame1, ... * Most LEVELS are stored in /somegame/. * PASSWORDS for each level are stored in /etc/somegame_pass/. Write-access to homedirectories is disabled. It is advised to create a working directory with a hard-to-guess name in /tmp/. You can use the command "mktemp -d" in order to generate a random and hard to guess directory in /tmp/. Read-access to both /tmp/ and /proc/ is disabled so that users can not snoop on eachother. Files and directories with easily guessable or short names will be periodically deleted! Please play nice: * don't leave orphan processes running * don't leave exploit-files laying around * don't annoy other players * don't post passwords or spoilers * again, DONT POST SPOILERS! This includes writeups of your solution on your blog or website! --[ Tips ]-- This machine has a 64bit processor and many security-features enabled by default, although ASLR has been switched off. The following compiler flags might be interesting: -m32 compile for 32bit -fno-stack-protector disable ProPolice -Wl,-z,norelro disable relro In addition, the execstack tool can be used to flag the stack as executable on ELF binaries. Finally, network-access is limited for most levels by a local firewall. --[ Tools ]-- For your convenience we have installed a few usefull tools which you can find in the following locations: * gef (https://github.com/hugsy/gef) in /usr/local/gef/ * pwndbg (https://github.com/pwndbg/pwndbg) in /usr/local/pwndbg/ * peda (https://github.com/longld/peda.git) in /usr/local/peda/ * gdbinit (https://github.com/gdbinit/Gdbinit) in /usr/local/gdbinit/ * pwntools (https://github.com/Gallopsled/pwntools) * radare2 (http://www.radare.org/) * checksec.sh (http://www.trapkit.de/tools/checksec.html) in /usr/local/bin/checksec.sh --[ More information ]-- For more information regarding individual wargames, visit http://www.overthewire.org/wargames/ For support, questions or comments, contact us through IRC on irc.overthewire.org #wargames. Enjoy your stay! bandit0@bandit:~$