You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.md 1.6 KiB

3 years ago
3 years ago
3 years ago
1234567891011121314151617181920212223242526272829303132333435363738394041
  1. # wargames
  2. Notes on [wargames](https://overthewire.org/wargames).
  3. ## Notes
  4. ### Bandit
  5. - `xxd` for binary files. Use `-r` flag for reverse (hex to binary).
  6. - `base64` for base64 files. Use `-d` flag for decode.
  7. - `alias rot13="tr '[A-Za-z]' '[N-ZA-Mn-za-m]'"` alias for rot13 substitution cipher.
  8. - `zcat` for expanding compressed files.
  9. - `ssh-keygen -e -f <file>` for generating a public/private key using a given public/private key.
  10. - `telnet` for connecting to local via TELNET protocol.
  11. - https://en.wikipedia.org/wiki/Transport_Layer_Security
  12. - https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html
  13. - `openssl s_client -connect sitilge.id.lv` for connecting to a server.
  14. - `nmap -p 31000-32000 localhost --script ssl-enum-ciphers` for scanning ports 31000 to 32000 and checking if they speak SSL.
  15. - `ssh -T` for disabling pseudo-terminal allocation.
  16. - `nc` for arbitrary TCP and UDP connections and listens.
  17. - It is much faster to write differenct combinations to file and then read from `nc` than calling `nc` in each iteration.
  18. ````
  19. #!/bin/sh
  20. for i in 0 1 2 3 4 5 6 7 8 9; do
  21. for j in 0 1 2 3 4 5 6 7 8 9; do
  22. for k in 0 1 2 3 4 5 6 7 8 9; do
  23. for l in 0 1 2 3 4 5 6 7 8 9; do
  24. combination=${i}${j}${k}${l}
  25. echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ ${combination}"
  26. done
  27. done
  28. done
  29. done
  30. ````
  31. ### Natas
  32. - Natas 13 -> Natas 14 is pretty nice. Play around with `xxd` and `./Natas/natas13.*` to get more comfortable with hexdumps. Note: the first 4 bytes of `natas13.jpg` are `.jpg` file signatures.
  33. - Natas 15 -> Natas 16 requires blind injection.