Bandit Level 12 → Level 13
Level Goal
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, file
Helpful Reading Material
비밀번호는 data.txt에 있고 hexdump가 되어있다. 또한 그 파일은 압축되어 있다.
/tmp아래 폴더를 만들고 cp 하여 덤프파일을 바꾸고 압축을 풀어라
즉 data.txt 파일은 특정
비밀번호 파일 ------[압축] ---> 압축파일 -------> [hexdump] ------->data.txt 처리가 된 것
내가 할 것은 data.txt ------[hex 리버싱] ---->data.zip(? 확장자는 달라질수 있음) -------[압축풀기] ----> password.txt
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 02:25 ./
drwxrwx-wt 198 root root 405504 Nov 15 02:26 ../
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ pwd
/tmp/patrache123
HexDump는 데이터를 16진수(Hexadecimal) 형식으로 출력하는 것을 의미 이는 주로 컴퓨터 시스템에서 메모리 또는 파일의 내용을 표시할 때 사용됨.
bandit12@bandit:/tmp/patrache123$ xxd --help
Usage:
xxd [options] [infile [outfile]]
or
xxd -r [-s [-]offset] [-c cols] [-ps] [infile [outfile]]
Options:
-a toggle autoskip: A single '*' replaces nul-lines. Default off.
-b binary digit dump (incompatible with -ps,-i,-r). Default hex.
-C capitalize variable names in C include file style (-i).
-c cols format <cols> octets per line. Default 16 (-i: 12, -ps: 30).
-E show characters in EBCDIC. Default ASCII.
-e little-endian dump (incompatible with -ps,-i,-r).
-g bytes number of octets per group in normal output. Default 2 (-e: 4).
-h print this summary.
-i output in C include file style.
-l len stop after <len> octets.
-o off add <off> to the displayed file position.
-ps output in postscript plain hexdump style.
-r reverse operation: convert (or patch) hexdump into binary.xxd -r: 헥스 파일은 바이너리로 변환한다.
bandit12@bandit:/tmp/patrache123$ bandit12@bandit:/tmp/patrache123$ xxd -r data.txt >> a
bandit12@bandit:/tmp/patrache123$ ll
total 412
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 03:45 ./
drwxrwx-wt 225 root root 405504 Nov 15 03:45 ../
-rw-rw-r-- 1 bandit12 bandit12 606 Nov 15 03:45 a
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ file a
a: gzip compressed data, was "data2.bin", last modified: Thu Oct 5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 573
hex -> bin(바이너리)로 변환
file a: gzip으로 압축되어있다.
mv a a.gz로 확장자 변경 후 gzip -d a.gz 해보자
bandit12@bandit:/tmp/patrache123$ bandit12@bandit:/tmp/patrache123$ mv a a.gz
bandit12@bandit:/tmp/patrache123$ ll
total 412
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 03:47 ./
drwxrwx-wt 225 root root 405504 Nov 15 03:47 ../
-rw-rw-r-- 1 bandit12 bandit12 606 Nov 15 03:45 a.gz
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ gzip -d a.gz
bandit12@bandit:/tmp/patrache123$ ll
total 412
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 03:47 ./
drwxrwx-wt 225 root root 405504 Nov 15 03:47 ../
-rw-rw-r-- 1 bandit12 bandit12 573 Nov 15 03:45 a
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ file a
a: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/patrache123$
???????????????
that has been repeatedly compressed.
나는 힌트의 저 문장이 hexdump와 압축이라서 repeatedly인줄 알았는데 정말 압축이 여러번 되어있다.....
bzip의 확장자를 찾아보니 bz2라고한다 mv a a.bz2로 변경하고 압축을 풀어보자
bandit12@bandit:/tmp/patrache123$ mv a a.bz2
bandit12@bandit:/tmp/patrache123$ bzip
Command 'bzip' not found, but there are 20 similar ones.
bandit12@bandit:/tmp/patrache123$ bzip2
bzip2: I won't write compressed data to a terminal.
bzip2: For help, type: `bzip2 --help'.
bandit12@bandit:/tmp/patrache123$ bzip2 --help
bzip2, a block-sorting file compressor. Version 1.0.8, 13-Jul-2019.
usage: bzip2 [flags and input files in any order]
-h --help print this message
-d --decompress force decompression
-z --compress force compression
-k --keep keep (don't delete) input files
-f --force overwrite existing output files
-t --test test compressed file integrity
-c --stdout output to standard out
-q --quiet suppress noncritical error messages
-v --verbose be verbose (a 2nd -v gives more)
-L --license display software version & license
-V --version display software version & license
-s --small use less memory (at most 2500k)
-1 .. -9 set block size to 100k .. 900k
--fast alias for -1
--best alias for -9
If invoked as `bzip2', default action is to compress.
as `bunzip2', default action is to decompress.
as `bzcat', default action is to decompress to stdout.
If no file names are given, bzip2 compresses or decompresses
from standard input to standard output. You can combine
short flags, so `-v -4' means the same as -v4 or -4v, &c.
bandit12@bandit:/tmp/patrache123$ bzip2 -d a.bz2
bandit12@bandit:/tmp/patrache123$ ll
total 412
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 03:50 ./
drwxrwx-wt 225 root root 405504 Nov 15 03:50 ../
-rw-rw-r-- 1 bandit12 bandit12 431 Nov 15 03:45 a
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ file
Usage: file [-bcCdEhikLlNnprsSvzZ0] [--apple] [--extension] [--mime-encoding]
[--mime-type] [-e <testname>] [-F <separator>] [-f <namefile>]
[-m <magicfiles>] [-P <parameter=value>] [--exclude-quiet]
<file> ...
file -C [-m <magicfiles>]
file [--help]
bandit12@bandit:/tmp/patrache123$ file a
a: gzip compressed data, was "data4.bin", last modified: Thu Oct 5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 20480
bandit12@bandit:/tmp/patrache123$
아잇.... 또 gzip으로 압축되어있다...... a를 다시 a.gz로 변경후 압축풀자
total 428
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 03:52 ./
drwxrwx-wt 227 root root 405504 Nov 15 03:52 ../
-rw-rw-r-- 1 bandit12 bandit12 20480 Nov 15 03:45 a
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ file a
a: POSIX tar archive (GNU)
bandit12@bandit:/tmp/patrache123$ cat a
data5.bin0000644000000000000000000002400014507452550011247 0ustar rootrootdata6.bin0000644000000000000000000000033114507452550011251 0J═!�1����&�═2i6��I�P2═���@═�@4═��k�╗╗ʀ@��8M|�V1@��P����2[j.�v'�1�s���T╗TI��V�*�A�^O
�⛝╗���5P�����a��'1�U^Gl~BH��rE8P�╝╚��bandit12@bandit:/tmp/patrache123$
실화인가... 이번엔 tar다....
bandit12@bandit:/tmp/patrache123$ tar -xvf a.tar
data5.bin
bandit12@bandit:/tmp/patrache123$ ll
total 440
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 03:57 ./
drwxrwx-wt 230 root root 405504 Nov 15 03:57 ../
-rw-rw-r-- 1 bandit12 bandit12 20480 Nov 15 03:45 a.tar
-rw-r--r-- 1 bandit12 bandit12 10240 Oct 5 06:19 data5.bin
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ file data
data: cannot open `data' (No such file or directory)
bandit12@bandit:/tmp/patrache123$ file data.5
data.5: cannot open `data.5' (No such file or directory)
bandit12@bandit:/tmp/patrache123$ file data.5
data.5: cannot open `data.5' (No such file or directory)
bandit12@bandit:/tmp/patrache123$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/patrache123$ ^C
bandit12@bandit:/tmp/patrache123$또 tar 계속 반복하자
bandit12@bandit:/tmp/patrache123$ tar -xvf data5.tar
data6.bin
bandit12@bandit:/tmp/patrache123$ ll
total 444
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 03:59 ./
drwxrwx-wt 230 root root 405504 Nov 15 03:59 ../
-rw-rw-r-- 1 bandit12 bandit12 20480 Nov 15 03:45 a.tar
-rw-r--r-- 1 bandit12 bandit12 10240 Oct 5 06:19 data5.tar
-rw-r--r-- 1 bandit12 bandit12 217 Oct 5 06:19 data6.bin
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900kbzip....
bandit12@bandit:/tmp/patrache123$ bzip2 -d data.bz2
bandit12@bandit:/tmp/patrache123$ ll
total 452
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 04:00 ./
drwxrwx-wt 231 root root 405504 Nov 15 04:00 ../
-rw-rw-r-- 1 bandit12 bandit12 20480 Nov 15 03:45 a.tar
-rw-r--r-- 1 bandit12 bandit12 10240 Oct 5 06:19 data
-rw-r--r-- 1 bandit12 bandit12 10240 Oct 5 06:19 data5.tar
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ file data
data: POSIX tar archive (GNU)tar
bandit12@bandit:/tmp/patrache123$ mv data a.tar
bandit12@bandit:/tmp/patrache123$ ll
total 432
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 04:01 ./
drwxrwx-wt 234 root root 405504 Nov 15 04:01 ../
-rw-r--r-- 1 bandit12 bandit12 10240 Oct 5 06:19 a.tar
-rw-r--r-- 1 bandit12 bandit12 10240 Oct 5 06:19 data5.tar
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ tar -xvf a.tar
data8.bin
bandit12@bandit:/tmp/patrache123$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Thu Oct 5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 49
bandit12@bandit:/tmp/patrache123$ ^Cgzip....
bandit12@bandit:/tmp/patrache123$ ll
total 436
drwxrwxr-x 2 bandit12 bandit12 4096 Nov 15 04:03 ./
drwxrwx-wt 235 root root 405504 Nov 15 04:03 ../
-rw-r--r-- 1 bandit12 bandit12 49 Oct 5 06:19 a
-rw-r--r-- 1 bandit12 bandit12 10240 Oct 5 06:19 a.tar
-rw-r--r-- 1 bandit12 bandit12 10240 Oct 5 06:19 data5.tar
-rw-r----- 1 bandit12 bandit12 2582 Nov 15 02:25 data.txt
bandit12@bandit:/tmp/patrache123$ file a
a: ASCII text
bandit12@bandit:/tmp/patrache123$ cat a
The password is wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw
bandit12@bandit:/tmp/patrache123$마침내.....
이렇게 다른 형태의 압축형태를 한번에 풀 수 있나....?
'WarGame > Bandit WarGame' 카테고리의 다른 글
| Bandit WarGame Level 14 -> Level 15(telnet) (0) | 2023.11.17 |
|---|---|
| Bandit WarGame Level 13 -> Level 14 (ssh -i) (0) | 2023.11.17 |
| Bandit WarGame Level 11 -> Level 12(tr, 문자치환) (1) | 2023.11.15 |
| Bandit WarGame Level 10 -> Level 11(base64) (2) | 2023.11.15 |
| Bandit WarGame Level 9 -> Level 10(strings, 사람이 읽을 수 있는 글자만) (1) | 2023.11.15 |