Bandit Shell
Start course
3h 8m

This course will walk you through a variety of exercises and techniques as part of a capture the flag (CTF) game called Bandit. This will make sure that you have the necessary skills in Linux in order to excel in penetration testing and privilege escalation.


Hi, we are in the latest level of the over the wire challenge bandit over here, so we want to solve this level and end this section. So, we have come across in an uppercase show, so we cannot write anything over here because it doesn't understand what we are writing, and I believe I lost my connection. So, I'm just going to just run this one more time and get the password over here so that I can show you what I mean. I'm just going to copy that one and I'm going to come over here and paste this thing in and here we go. We are in the uppercase shell. So, if you run even the basic commands over here like ls or pwd or anything you want, it won't understand it, okay? So, it changes the thing into the uppercase, so it's how it's configured, right? We cannot do that. So, we need to find a way to change the shell. Of course, in that case we can just run change shell like CHSH, but it doesn't understand that as well. So, as you can see, we cannot run anything. And at this point like we have done before, I had to stop and google it out to understand how we can actually get this thing out of here. So, there are a couple of instructions over here that is supplied for us in order to understand this in a better way, but there are a lot of instructions over here as you can see, and what have I done is to find more about the sh shell. So, apparently in the sh shell, and as you can see this is an sh shell rather than bash shell. So, in the sh shell we have some arguments like the first argument or second argument or even the first argument which is the argument zero. So, if we run something like this like cat passwd.txt, this is the second argument in this case this is the $1. And if we had something like it's not the case for cat but for maybe for another command like two parameters, this is the $1, $2, okay? This is the $2 and the first one is the $1. So, if we want to change the first one which is the sh, we can go into the $0 in order to understand what we can do with the sh shell. So, if you run $1 over here, nothing will happen because we haven't supplied anything. But if we go to $0 it will just get default to the sh shell itself. So far, so good. Now, we just want to change the shell in here. Again, maybe this is not something that you will come across in a real-life scenario, okay?

And if you write shell it will just go back to the uppercase shell. So, again in a real-life penetration test you won't see something like this. But again this is the last section like this last lecture of this section so we have made it this far and I thought why not we solve the last one. And I had to google it out to figure it out. I had to spend so much time to understand this but once we get back into sh shell, we can just change the shell with export shell, okay? To change the shell variable over here, and we can just make it equal to bin/bash. And when we run shell, we have to do this in the $0 of course. So, if you run $0 it will default back to the shell itself and then you can run export shell. It's going to be equal to bin/bash like this. And if you run a $SHELL then you will be presented with a bash shell like that. So, here we go. We escaped the uppercase shell. So, right now I can cat the the etc/bandit_pass and bandit33 which is the last password. So, great, I'm going to copy that one and I'm going to come over here and nano into this cat password.txt, a password.txt. I'm just going to paste the selection and here we are. Right now we can just save this and get out and we can actually exit out of that one or we can just run a ls to see. Yes, here we go. We have the upper shell over here and if you go to level 33 over there, you will see that level 34 doesn't even exist yet. So far, so good. We managed to complete the over the wire bandit challenge, maybe you have found some of the lectures stupid or some of the challenges stupid but even in this case, you have to run this cat etc shells in order to see what kind of shells you have in your system, in order to maybe just take a look at it or in order to gather information. For example, in this case, we could have run a file upper shell and try to understand what can we do with the upper shell. So, again, even though maybe you don't find some of them are real-life examples, they're all there in order to teach us something and I have learned something from this challenge, okay? I hope you have learned at least a thing in this section and be sure that we're going to use this information a lot d uring this course. We're going to use many of the commands that we have seen during the CTF solutions, during the privilege escalations and so much more. We're going to stop here and continue within the next lecture.


About the Author
Learning Paths

Atil is an instructor at Bogazici University, where he graduated back in 2010. He is also co-founder of Academy Club, which provides training, and Pera Games, which operates in the mobile gaming industry.