1. Home
  2. Training Library
  3. Programming
  4. Programming Courses
  5. Penetration Testing and Privilege Escalation with Bandit

Bandit Base64

Contents

keyboard_tab

The course is part of this learning path

Start course
Overview
Difficulty
Intermediate
Duration
3h 8m
Students
48
Ratings
5/5
starstarstarstarstar
Description

This course will walk you through a variety of exercises and techniques as part of a capture the flag (CTF) game called Bandit. This will make sure that you have the necessary skills in Linux in order to excel in penetration testing and privilege escalation.

Transcript

Hi. Now within this lecture, we're going to continue our bandit CTF challenges. Now, we are inside of bandit 9 and we're going to make it our way into the level 10 right now. So, as you can see in the tips, we see the password for the next level is again stored within the data.txt and it's preceded by several equal characters. Let's see that by going inside of the... It's already in here, let's just cat that out and see what it contains. Here we go. It contains a lot of gibberish data I believe. It's not human readable in most of the cases, but there are some characters inside of design it says that it's one of the few human readable strings and preceded by the several equal characters. So, all we got to do is just find the characters that's human readable after some equal signs. And we can actually use the same thing as we have done before, right?

We can just call the strings and grab together by piping them, combining them together like this strings data.txt, pipe it to grab and we're going to grab the equal sign. And here we go, I believe here is the thing that we're looking for, right? So, this should be it but I'm going to test this to see if this works or not. I'm going to copy this. And there are some other characters over here but let's see. Let me come over here and nano the password and let's check the length of this. Yeah, here we go. It fits perfectly. So, I believe this is our password, I'm going to save this and I'm going to exit out of this one and try to log into the next one which is bandit 10. And of course we're going to test to see if this password that we have gathered is right or wrong. Here we go. Paste the selection and hit 'Enter'. I'm going to clear this out and I'm going to go into the level 10. So, this is from level 10 to level 11.

And again, this is inside of the data.txt. Right now it contains some base64 encoded data. So, let me see it first. So, this is data and actually this is very small this time, I believe, 69 bytes. So, let me cat this out and see the content, and here we go. We only have one hash over here but it's definitely encoded with something because it's longer than we used to see. And if we just try this to log into the level 11, it won't work because it's encoded. So, base64s is an encoding technique that we use and we can use the same thing to decode it as well, right? So, we have to decode it and see if we can get the actual thing over here. Let me just run base64 --help. So, in order to decode a base64 encrypted text, we can use decode parameter over here or -d or --decode. So, let me just try to run it like this, base64 -d data.txt, and here we go; the password is this. So, it's easily decoded, right?

So, I believe we're going to face off some other harder encryptions during this bandit challenge but I'm going to save it for right now because we gathered our password. And let's go to the bandit 11. I'm going to exit out of this one and let me connect to the bandit 11 over here and hit 'Enter'. So, as you can see, it's taking its time. Here we go, it asks for the password. And once we hit 'Enter', we are inside. Yes, here we go. So, I'm going to open the tips for level 12, we're inside of 11 and we want to go to 12. So, the password for the next level is stored in the data.txt one more time where all lowercase and uppercase letters have been rotated by 13 positions. I don't even know what it means, have been rotated by 13 positions, but I believe we have to just look at ourselves in order to understand this, right? So, let me go over here to ls -la. Here we go, it's a data.txt file, it's simple file, let me cat this.

And here we go. I believe this is our encrypted data so have been rotated by 13 positions and I believe this stands for the ROT encryption, okay? Now I get what it means. So, like base64, there's another encryption algorithm or encryption technique that we use, okay? And it's actually commonly used in this kind of CTFs as well. So, we can use some kind of tools that we see inside of Kali Linux or we can just find an online decryption as well. So, I'm going to show you what I mean. Like go to google.com and just write rotating encryption decoder, okay? Rotation encryption decoder. So, if you don't even know there's something called ROT, okay? ROT13 or ROT something like that, you can still find it.

As you can see, I just googled rotation encryption decoder. So, we just want to decode something that has been rotated 13 times. And 13 is actually kind of a standard number over here, ROT13 is commonly used. So, I'm going to try this over here, okay? So, rotation to use ROT number 13. Yes, here we go. And yes, 13. So, I'm going to say decrypt and let's see if this works or not. Yes, it actually worked. We can see the password is something like this, okay? We can see the password over here but we cannot see the uppercase or lowercase letters in this website. And I believe this is not a good website. By the way, you can see the user interface, it's a little bit strange, like a pirate website or something like that. We can try to save full ask key table or we can try to change the uppercase lowercase options from here, but let me just copy and paste it so you can see it in a better way.

As you can see, we get the password but we don't actually get the uppercase lowercase letters, which is not good for us. We have to get the uppercase lowercase letters as well. So, I believe we have to go for another direction over here which is to find another website. So, this is the first website that I have seen when I did this search, so let me go to ROT1 Cipher. this is the same website I believe, no. Let me just go to another website which is rot13.com or Cryptii or the blob, the blob.org. Yes, this seems promising; let me just come over here. Yes, this is only for encryption I believe, please enter the number to rotate. Yes, this is not what I'm looking for.

So, let me come over here to another website like cryptii.com. So, as you can see, I'm just trying online, okay? We will eventually find something that works. So, let me try to get the thing over here. Let me copy this one more time from there and paste it over here. And here we go. Now we get this, the translation is the password is this. So, here we go. Let me just copy this and let me come over here and nano into my password.txt and save it over there. So, this is a simple algorithm to encrypt the message. And as you can see, it took us some time to find the decryption of it. But right now we know that this website works, box centric.

So, let me try to see if this works or not. Let me try to go into the Bandit12, okay? And let me paste the thing that we have copied and here we go. We are inside of bandit 12. So, let me just close this down and we have actually learned there is something called ROT13. And if you come across in a situation that you need to decrypt the ROT13, now you know what to do. So, here we go. The password for the next level is stored in the file data.txt one more time. But again, this is something interesting which is a hex dump of a file that has been repeatedly compressed. So, let me just do ls -la and let me just cat the data.txt. Yeah we have this hex dump over here if you have never seen this before, it's hexadecimal dump of a file that we are working on, like a binary expression of that file but not in a binary system but in an hexadecimal system. Maybe you know that binary is 1s and 2s, and hexadecimal has 16 characters rather than two characters like 16 numbers rather than two numbers. 01 is binary and 015 is hexadecimal.

So, this is the hexadecimal representation of a file. And again, this is a file that has been repeatedly compressed. So, this is a hard one I believe. In any way, we have to just convert this into a file and then we have to find a way to decompress the file to gather the password, and it's not very hard, okay? You have to know how to create files from hexadecimals that's all. But it's saying that repeatedly compressed so it's what's scaring me, okay? So, I'm going to stop here and do this within the next lecture.

 

About the Author
Students
897
Courses
55
Learning Paths
3

Atil is an instructor at Bogazici University, where he graduated back in 2010. He is also co-founder of Academy Club, which provides training, and Pera Games, which operates in the mobile gaming industry.