Created
December 15, 2018 19:05
-
-
Save vxgmichel/401f6fd7ead9067c3c9ee89e570e3884 to your computer and use it in GitHub Desktop.
Solving Bandit from OverTheWire
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| SERVER=bandit.labs.overthewire.org | |
| PORT=2220 | |
| BASEUSER="bandit" | |
| PASSWORD="bandit0" | |
| COMMANDS[0]='cat readme' | |
| COMMANDS[1]='cat ./-' | |
| COMMANDS[2]='cat "spaces in this filename"' | |
| COMMANDS[3]='cat inhere/.hidden' | |
| COMMANDS[4]='cat inhere/-file07' | |
| COMMANDS[5]='echo $(find inhere/ -type f -size 1033c | xargs cat)' | |
| COMMANDS[6]='find / -user bandit7 -group bandit6 -size 33c | xargs cat' | |
| COMMANDS[7]='cat data.txt | grep "millionth" | xargs -n1 | tail -n1' | |
| COMMANDS[8]='cat data.txt | sort | uniq -u' | |
| COMMANDS[9]='strings data.txt | grep "==" | tail -n1 | xargs -n1 | tail -n1' | |
| for i in ${!COMMANDS[*]} | |
| do | |
| USER="$BASEUSER$i" | |
| COMMAND=${COMMANDS[$i]} | |
| echo "[ $i ] >>> sshpass -p $PASSWORD ssh -p $PORT $USER@$SERVER" | |
| echo "[ $i ] >>> $COMMAND" | |
| PASSWORD=$(sshpass -p $PASSWORD ssh -p $PORT $USER@$SERVER "$COMMAND" \ | |
| 2>/dev/null) | |
| echo "[ $i ] <<< $PASSWORD" | |
| done | |
| ((i++)) | |
| USER="$BASEUSER$i" | |
| sshpass -p $PASSWORD ssh -p $PORT $USER@$SERVER |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment