Level 4 -> Level 6

2024. 12. 27. 20:43ยท๐Ÿฆ– Private/bandit

Level 4 -> Level 5

<Level Goal>
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try "reset" command

 

 

Approach

inhere ๋””๋ ‰ํ† ๋ฆฌ์˜ ์‚ฌ๋žŒ๋งŒ ์ฝ์„ ์ˆ˜ ํŒŒ์ผ์— password๊ฐ€ ์žˆ๋‹ค๊ณ  ํ•œ๋‹ค.

์˜ˆ์ƒ๋Œ€๋กœ ํŒŒ์ผ ์ด๋ฆ„๋“ค์ด ์ •์ƒ์ ์ด์ง€๋Š” ์•Š๋‹ค. -๋กœ ์‹œ์ž‘ํ•˜๋‹ˆ ๋ฆฌ๋””๋ ‰์…˜์œผ๋กœ ํ•ด์„๋  ํ™•๋ฅ ์ด ์ปค๋ณด์ธ๋‹ค.

bandit4@bandit:~/inhere$ ls
-file00  -file01  -file02  -file03  -file04  -file05  -file06  -file07  -file08  -file09

 

๊ทธ๋ž˜์„œ ํŒŒ์ผ๋ช…์œผ๋กœ ํ•ด์„ํ•˜๋Š” more ๋ช…๋ น์–ด๋ฅผ ์จ๋ดค๋‹ค. ํ•˜์ง€๋งŒ error ๋ฉ”์‹œ์ง€๊ฐ€ ๋‚ฌ๊ณ , ๋‚ด์šฉ์„ ๋ณด๋‹ˆ ๋ฆฌ๋””๋ ‰์…˜์ด๋‚˜ ์˜ต์…˜์œผ๋กœ ํ•ด์„๋œ ๊ฒƒ์ด ๋ฌธ์ œ์ธ ๋“ฏ ํ•˜๋‹ค.

bandit4@bandit:~/inhere$ more -file00
more: invalid option -- 'i'
Try 'more --help' for more information.

 

๊ทธ๋ž˜์„œ ๋ฆฌ๋””๋ ‰์…˜ ๊ธฐํ˜ธ <๋ฅผ ์‚ฌ์šฉํ•ด์„œ ํŒŒ์ผ ๋‚ด์šฉ์„ ํ‘œ์ค€ ์ž…๋ ฅ์œผ๋กœ ์ „๋‹ฌํ•ด๋ดค๋‹ค. -file00์ด ๋ช…๋ น์–ด ์˜ต์…˜์ด ์•„๋‹ˆ๋ผ ํŒŒ์ผ ์ด๋ฆ„์ด๋ผ๋Š” ๊ฒƒ์„ ์กฐ๊ธˆ ๋” ๋ช…ํ™•ํžˆ ํ•˜๊ธฐ ์œ„ํ•ด์„œ์ด๋‹ค. ๊ทธ๋žฌ๋”๋‹ˆ ๋ญ”๊ฐ€ ์ด์ƒํ•œ ๋ฌธ์ž์—ด์ด ์ถœ๋ ฅ๋˜์—ˆ๋‹ค.

bandit4@bandit:~/inhere$ more < -file00
๏ฟฝp๏ฟฝ๏ฟฝ&๏ฟฝy๏ฟฝ,๏ฟฝ(jo๏ฟฝ.at๏ฟฝ:uf๏ฟฝ^๏ฟฝ๏ฟฝ๏ฟฝ@

 

๊ทธ๋ž˜์„œ ๋ชจ๋“  ํŒŒ์ผ์˜ ๋‚ด์šฉ์„ ์ฝ์–ด๋ณด๊ธฐ๋กœ ํ–ˆ๋‹ค. ์™€์ผ๋“œ์นด๋“œ๋ฅผ ์‚ฌ์šฉํ•ด ๋ชจ๋“  ํŒŒ์ผ์„ ์ฝ์œผ๋ ค ํ–ˆ์œผ๋‚˜ ๋ช…ํ™•ํ•˜์ง€ ์•Š์€ ๋ฆฌ๋””๋ ‰์…˜์ด๋ผ๋Š” ์—๋Ÿฌ๊ฐ€ ๋‚ฌ๋‹ค.

bandit4@bandit:~/inhere$ more < -file*
-bash: -file*: ambiguous redirect

 

๊ทธ๋ž˜์„œ ๊ทธ๋ƒฅ ํŒŒ์ผ ํ•˜๋‚˜ํ•˜๋‚˜ ๋ชจ๋‘ ์ฝ์–ด๋ณด๊ธฐ๋กœ ํ–ˆ๋‹ค. ๊ทธ ์ „์— ์ถœ๋ ฅ๋œ ์ด์ƒํ•œ ๋ฌธ์ž์—ด์„ ์•„์Šคํ‚ค์ฝ”๋“œ ๋ณ€ํ™˜, 16์ง„์ˆ˜ ๋ณ€ํ™˜ํ•ด์„œ ์˜๋ฏธ์žˆ๋Š” ๋ฌธ์ž์—ด์„ ์ฐพ์•„๋‚ด๊ณ ์ž ํ–ˆ๋‹ค(file*์˜ ๋ชจ๋“  ๋ฌธ์žฅ์„ ํ•ฉ์ณ์•ผ ๋‹ต์ด ๋‚˜์˜ฌ ๊ฒƒ์ด๋ผ๊ณ  ์ƒ๊ฐํ•ด์„œ). ํ•˜์ง€๋งŒ ์œ ์˜๋ฏธํ•œ ๊ฒฐ๊ณผ๊ฐ’์ด ๋‚˜์˜ค์ง€ ์•Š์•„, Level Goal์— ์žˆ๋˜ human readable file์— ๋Œ€ํ•ด ๊ฒ€์ƒ‰ํ•ด๋ดค๋‹ค. ๊ทธ๋ฆฌ๊ณ  find ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•ด ์ฝ์„ ์ˆ˜ ์žˆ๋Š” ํŒŒ์ผ์„ ์ฐพ์•„๋ณด๋ผ๋Š” ํžŒํŠธ๋ฅผ ์–ป์—ˆ๋‹ค.

 

 

Solve

file ๋ช…๋ น์–ด๋Š”, ์ง€์ •๋œ ํŒŒ์ผ์˜ ์ข…๋ฅ˜(ํƒ€์ž…)์„ ํ™•์ธํ•˜๋Š” ๋ช…๋ น์–ด์ด๋‹ค. ํ˜„์žฌ ํŒŒ์ผ ์ด๋ฆ„์ด -๋กœ ์‹œ์ž‘ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ์ž˜๋ชป ํ•ด์„๋  ์—ฌ์ง€๊ฐ€ ์žˆ๋‹ค. ๊ทธ๋ž˜์„œ ./๋กœ ํ˜„์žฌ ๋””๋ ‰ํ† ๋ฆฌ์˜ ํŒŒ์ผ์ด๋ผ๋Š” ๊ฒƒ์„ ๋ช…์‹œํ•˜๊ณ  ์™€์ผ๋“œ ์นด๋“œ๋ฅผ ์‚ฌ์šฉํ•ด inhere ๋””๋ ‰ํ† ๋ฆฌ์˜ ๋ชจ๋“  ํŒŒ์ผ๋“ค์˜ ์ข…๋ฅ˜๋ฅผ ํ™•์ธํ–ˆ๋‹ค. 

bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data

 

-file07์ด ์•„์Šคํ‚ค ํ…์ŠคํŠธ๋กœ ์ ํ˜€์žˆ๋‹ค๋Š” ๊ฒƒ์„ ์•Œ๊ฒŒ ๋˜์—ˆ๊ณ , ํ•ด๋‹น ํŒŒ์ผ์„ ์—ด์–ด๋ณด๋‹ˆ password๊ฐ€ ์žˆ์—ˆ๋‹ค. level 4๋„ ํด๋ฆฌ์–ด๋‹ค!

-> ์ธ๊ฐ„์ด ์ฝ์„ ์ˆ˜ ์žˆ๋Š” ํŒŒ์ผ์€ ASCII text๋กœ ์ ํžŒ ํŒŒ์ผ์ธ๊ฐ€๋ณด๋‹ค.

bandit4@bandit:~/inhere$ more < -file07
4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw

Level 5 -> Level 6

<Level Goal>
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties: human-readable, 1033 bytes in size, not executable

 

 

Approach

๋ณต์žกํ•ด๋ณด์ด์ง€๋งŒ ์ƒ๊ฐ๋ณด๋‹ค ๊ฐ„๋‹จํ•˜๋‹ค. inhere ๋””๋ ‰ํ† ๋ฆฌ ์•„๋ž˜์— ์ •๋ง ๋งŽ์€ ํ•˜์œ„ ๋””๋ ‰ํ† ๋ฆฌ๊ฐ€ ์กด์žฌํ•˜๋Š”๋ฐ, ์ด ํ•˜์œ„ ๋””๋ ‰ํ† ๋ฆฌ ์•ˆ์— ๋˜ ํŒŒ์ผ๋“ค์ด ๋“ค์–ด์žˆ๋‹ค. inhere ๋””๋ ‰๋„๋ฆฌ ํ•˜์œ„์— ์กด์žฌํ•˜๋Š” ๋ชจ๋“  ํŒŒ์ผ๋“ค ์ค‘ human-readable(ASCII text) + 1033 bytes + ์‹คํ–‰ ๊ฐ€๋Šฅํ•˜์ง€ ์•Š์€? ์ด ์กฐ๊ฑด์„ ๋งŒ์กฑํ•˜๋Š” ๊ณณ์— password๊ฐ€ ์กด์žฌํ•œ๋‹ค๊ณ  ํ•œ๋‹ค.

 

์•„๋ž˜์™€ ๊ฐ™์€ ๊ตฌ์กฐ๋กœ ๋˜์–ด์žˆ์œผ๋ฉฐ, maybehere[0*] ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ๋ชจ๋‘ ๊ฒ€์ƒ‰ํ•ด๋ณด๋ฉด ๋‹ต์ด ๋‚˜์˜ฌ ๊ฒƒ ๊ฐ™๊ธด ํ•˜๋‹ค.

bandit5@bandit:~/inhere$ ls
maybehere00  maybehere03  maybehere06  maybehere09  maybehere12  maybehere15  maybehere18
maybehere01  maybehere04  maybehere07  maybehere10  maybehere13  maybehere16  maybehere19
maybehere02  maybehere05  maybehere08  maybehere11  maybehere14  maybehere17

bandit5@bandit:~/inhere$ cd maybehere00
bandit5@bandit:~/inhere/maybehere00$ ls
-file1  -file2  -file3  spaces file1  spaces file2  spaces file3

bandit5@bandit:~/inhere/maybehere00$ file ./*
./-file1:       ASCII text, with very long lines (1038)
./-file2:       ASCII text, with very long lines (9387)
./-file3:       OpenPGP Secret Key
./spaces file1: ASCII text, with very long lines (6117)
./spaces file2: ASCII text, with very long lines (6849)
./spaces file3: data

 

ํ•˜์ง€๋งŒ ls ๋ช…๋ น์–ด ์˜ต์…˜ -R(์œ„์น˜ํ•œ ๋””๋ ‰ํ† ๋ฆฌ ํ•˜๋ถ€ ๋””๋ ‰ํ† ๋ฆฌ์˜ ํŒŒ์ผ๊นŒ์ง€ ๋ชจ๋‘ ์ถœ๋ ฅ)์ด ๋– ์˜ฌ๋ž๊ณ , file ๋ช…๋ น์–ด ๋˜๋Š” find ๋ช…๋ น์–ด์—๋„ ์ด๋Ÿฐ ์˜ต์…˜์ด ์žˆ์„ ๊ฒƒ ๊ฐ™๋‹ค๋Š” ์ƒ๊ฐ์ด ๋“ค์—ˆ๋‹ค. ์ด๋Ÿฐ ์˜ต์…˜์ด ์กด์žฌํ•œ๋‹ค๋ฉด inhere ํ•˜์œ„์˜ ๋ชจ๋“  ๋””๋ ‰ํ† ๋ฆฌ์™€ ํŒŒ์ผ์ด ์ถœ๋ ฅ๋˜๋ฏ€๋กœ ํ•˜๋‚˜ํ•˜๋‚˜ ๋ช…๋ น์–ด๋ฅผ ์ž…๋ ฅํ•˜์ง€ ์•Š์•„๋„ ๋œ๋‹ค.

->ํŒŒ์ผ ํƒ€์ž…๊ณผ ํŒŒ์ผ ์‚ฌ์ด์ฆˆ๊ฐ€ ์ฃผ์–ด์กŒ์œผ๋‹ˆ ์ด๊ฒƒ์„ ์ด์šฉํ•ด์„œ ํ•„ํ„ฐ๋ง ํ•˜๋ฉด ๋˜์ง€ ์•Š์„๊นŒ?

 

 

Solve

์ผ๋‹จ find ๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•ด size๊ฐ€ 1033 bytes์ธ ํŒŒ์ผ์„ ์ฐพ๋Š”๊ฒƒ์€ ์„ฑ๊ณตํ–ˆ๋‹ค. find ๊ฒฝ๋กœ๋ฅผ inhere ๋””๋ ‰ํ† ๋ฆฌ ํ•˜์œ„์˜ maybehere* ํ•˜์œ„์˜ ํŒŒ์ผ๊ณผ ๋””๋ ‰ํ† ๋ฆฌ๋กœ ์„ค์ •ํ–ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  1033 ๋’ค์˜ c๋Š” byte ๋‹จ์œ„์ธ ๊ฒƒ์„ ๋ช…์‹œํ•ด์ฃผ๋Š” ๊ฒƒ์ด๋‹ค.

๊ทธ๋Ÿฐ๋ฐ .file2? ์ˆจ๊ฒจ์ง„ ํŒŒ์ผ์ด๋‹ค.

bandit5@bandit:~/inhere$ find ./maybehere* -size 1033c
./maybehere07/.file2

 

๊ทธ๋ž˜์„œ maybehere07 ๋””๋ ‰ํ† ๋ฆฌ์˜ ๋ชจ๋“  ํŒŒ์ผ, ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ์ถœ๋ ฅํ•ด๋ดค๋‹ค. ์™€ ์ˆจ๊ฒจ์ง„ ํŒŒ์ผ์ด ์žˆ๋‹ค.

andit5@bandit:~/inhere/maybehere07$ ls -a
.   -file1  -file2  -file3  spaces file1  spaces file3
..  .file1  .file2  .file3  spaces file2

 

file ๋ช…๋ น์–ด์—์„œ๋Š” ์ˆจ๊ฒจ์ง„ ํŒŒ์ผ์— ๋Œ€ํ•œ ์ •๋ณด๋Š” ์ถœ๋ ฅ๋˜์ง€ ์•Š๋Š”๋‹ค. ์ง„์งœ ํ•˜๋‚˜ํ•˜๋‚˜ ์ฐพ์•˜๋‹ค๋ฉด ๋‹ต์„ ๋ชป ์ฐพ์•˜์„ ๊ฒƒ ๊ฐ™๋‹ค.

bandit5@bandit:~/inhere/maybehere07$ file ./*
./-file1:       ASCII text, with very long lines (3662)
./-file2:       ASCII text, with very long lines (2487)
./-file3:       data
./spaces file1: ASCII text, with very long lines (4129)
./spaces file2: ASCII text, with very long lines (9063)
./spaces file3: data

 

์ˆจ๊ฒจ์ง„ ํŒŒ์ผ์ธ .file2๋ฅผ cat ๋ช…๋ น์–ด๋กœ ์ฝ์–ด๋ณด๋ฉด password๊ฐ€ ๋‚˜์˜จ๋‹ค. level 5 ํด๋ฆฌ์–ด๋‹ค!

bandit5@bandit:~/inhere/maybehere07$ cat .file2
HWasnPhtq9AVKe0dmk45nxy20cvUa6EG

 

 

More

01. not execytable?

password๊ฐ€ ๋“ค์–ด์žˆ๋Š” ํŒŒ์ผ์˜ ์กฐ๊ฑด ์ค‘ 'not executable' ์ด๋Ÿฐ๊ฒŒ ์žˆ์—ˆ๋‹ค. ์ด๊ฑด ๋ฌด์Šจ ์˜๋ฏธ์ธ์ง€ ์•Œ์•„๋ดค๋‹ค. 

ls -l ๋ช…๋ น์–ด๋Š” ์ˆจ๊ฒจ์ง„ ํŒŒ์ผ์— ๋Œ€ํ•œ ์ •๋ณด๋Š” ์ถœ๋ ฅํ•˜์ง€ ์•Š์œผ๋‹ˆ ls -al ๋ช…๋ น์–ด๋ฅผ ํ†ตํ•ด ํŒŒ์ผ๋“ค์„ ์‚ดํŽด๋ณด์•˜๋‹ค. .file2๋ฅผ ์‚ดํŽด๋ณด๋ฉด ์ฝ๊ธฐ ๊ถŒํ•œ r๊ณผ ์“ฐ๊ธฐ ๊ถŒํ•œ w๋งŒ ์žˆ๋Š” ์ƒํƒœ์ด๋‹ค.  'not executable'์€ x ๊ถŒํ•œ์ด ์—†๋Š” ๊ฒƒ์„ ์˜๋ฏธํ•˜์ง€ ์•Š์•˜๋‚˜...? ์‹ถ๋‹ค.

bandit5@bandit:~/inhere/maybehere07$ ls -al
total 56
drwxr-x---  2 root bandit5 4096 Sep 19 07:08 .
drwxr-x--- 22 root bandit5 4096 Sep 19 07:08 ..
-rwxr-x---  1 root bandit5 3663 Sep 19 07:08 -file1
-rwxr-x---  1 root bandit5 3065 Sep 19 07:08 .file1
-rw-r-----  1 root bandit5 2488 Sep 19 07:08 -file2
-rw-r-----  1 root bandit5 1033 Sep 19 07:08 .file2
-rwxr-x---  1 root bandit5 3362 Sep 19 07:08 -file3
-rwxr-x---  1 root bandit5 1997 Sep 19 07:08 .file3
-rwxr-x---  1 root bandit5 4130 Sep 19 07:08 spaces file1
-rw-r-----  1 root bandit5 9064 Sep 19 07:08 spaces file2
-rwxr-x---  1 root bandit5 1022 Sep 19 07:08 spaces file3

 

 

02. find์˜ ์ง€์ •๋œ ๊ฒฝ๋กœ ๋ฒ”์œ„

(find ๋ช…๋ น์–ด ์ •๋ฆฌ๋œ ์‚ฌ์ดํŠธ: https://coding-factory.tistory.com/804)

<find ๋ช…๋ น์–ด์˜ ๋™์ž‘ ์›๋ฆฌ>
1) ./maybehere*๋กœ ์ง€์ •๋œ ๊ฒฝ๋กœ๊ฐ€ ๋””๋ ‰ํ† ๋ฆฌ์ด๋ฉด, ๊ทธ ๋””๋ ‰ํ† ๋ฆฌ์˜ ๋ชจ๋“  ํ•˜์œ„ ํŒŒ์ผ๊ณผ ํ•˜์œ„ ๋””๋ ‰ํ† ๋ฆฌ๊นŒ์ง€ ํฌํ•จํ•˜์—ฌ ํƒ์ƒ‰ํ•œ๋‹ค.
2) ./maybehere*๋กœ ์ง€์ •๋œ ๊ฒฝ๋กœ๊ฐ€ ํŒŒ์ผ์ด๋ฉด, ํ•ด๋‹น ํŒŒ์ผ๋งŒ ํ™•์ธํ•œ๋‹ค.

 

์œ„์™€ ๊ฐ™์€ ์ด์œ ๋กœ ./maybehere*๊ณผ ./์˜ ์ถœ๋ ฅ ๊ฒฐ๊ณผ๊ฐ€ ๋™์ผํ•˜๋‹ค. ์ง€์ •๋œ ๊ฒฝ๋กœ์˜ ๋ชจ๋“  ํ•˜์œ„ ๋””๋ ‰ํ† ๋ฆฌ์™€ ํ•˜์œ„ ํŒŒ์ผ์„ ํฌํ•จํ•˜์—ฌ ๊ฒ€์ƒ‰ํ•˜๊ธฐ ๋•Œ๋ฌธ์ด๋‹ค.

andit5@bandit:~/inhere$ find ./maybehere* -size 1033c
./maybehere07/.file2

bandit5@bandit:~/inhere$ find ./ -size 1033c
./maybehere07/.file2

'๐Ÿฆ– Private > bandit' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

Level 2 -> Level 4  (1) 2024.12.27
Level 0 -> Level 2  (0) 2024.12.26
Level 0-SSH  (2) 2024.12.25
'๐Ÿฆ– Private/bandit' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€
  • Level 2 -> Level 4
  • Level 0 -> Level 2
  • Level 0-SSH
SONOTREE
SONOTREE
@-@
  • SONOTREE
    SONOTRI
    SONOTREE
  • ์ „์ฒด
    ์˜ค๋Š˜
    ์–ด์ œ
    • ๋ถ„๋ฅ˜ ์ „์ฒด๋ณด๊ธฐ (87)
      • ๐ŸŒฒ Dreamhack (36) N
        • System Hacking (8)
        • Embedded Hacking (8) N
        • Reverse Engineering (11)
        • Web Hacking (4)
        • Digital Forensics (2)
        • CTF Wriet-Up (3)
      • ๐Ÿฉธ Language (8)
        • C Language (2)
        • Java Language (6)
      • ๐Ÿฆ– Private (9)
        • ๊ฐ€๋ช…์ •๋ณด (0)
        • LinuxMaster (1)
        • webhacking.kr (3)
        • bandit (4)
        • GoN Club Study (1)
      • ๐Ÿ  Public (13)
        • Development (2)
        • web (8)
        • forensic (0)
        • elif (3)
  • ๋ธ”๋กœ๊ทธ ๋ฉ”๋‰ด

    • ํ™ˆ
    • ํƒœ๊ทธ
    • ๋ฐฉ๋ช…๋ก
  • ๋งํฌ

  • ๊ณต์ง€์‚ฌํ•ญ

  • ์ธ๊ธฐ ๊ธ€

  • ํƒœ๊ทธ

  • ์ตœ๊ทผ ๋Œ“๊ธ€

  • ์ตœ๊ทผ ๊ธ€

  • hELLOยท Designed By์ •์ƒ์šฐ.v4.10.3
SONOTREE
Level 4 -> Level 6
์ƒ๋‹จ์œผ๋กœ

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”