OverTheWire : Bandit Level 11 – 15 (Bahasa Indonesia)

Level 11 → Level 12

The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions

Pada level ini, dapat digunakan perintah translate tr [set1] [set2] untuk melakukan translasi dari karakter ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ke NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm (shift 13 posisi) . [set1] merupakan bilangan Alphabetical, sehingga kita bisa menyederhanakan dengan perintah [:alpha:]. Adapun [set2] dapat kita sederhanakan menjadi N-ZA-Mn-za-m

bandit11@bandit:~$ tr [:alpha:] N-ZA-Mn-za-m < data.txt
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Level 12 → Level 13

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Pada level ini apabila kita baca isi data.txt akan nampak karakter karakter hexadecimal, yang mana merupakan representatif dari sebuah binary files dalam format hexadecimal, atau disebut dengan istilah hexdump. Hexdump biasanya digunakan dalam proses reverse Engineering.

Langkah pertama yang dilakukan adalah mengembalikan hexdump ini ke file binary aslinya. Namun sebelum itu, sesuai dengan clue yang tertera pada level ini, alangkah baiknya kita membuat temporary directory /tmp/baktistr dengan perintah mkdir /tmp/baktistr dan menyalin file data.txt ke directory tersebut dengan perintah cp data.txt /tmp/baktistr. Setelah itu, kita kembalikan (undump) file hexdump ini ke binary awalnya, dan simpan menjadi file data.bin dengan perintah xxd -r data.txt > data.bin

bandit12@bandit:~$ mkdir /tmp/baktistr
bandit12@bandit:~$ cp data.txt /tmp/baktistr
bandit12@bandit:~$ cd /tmp/baktistr
bandit12@bandit:/tmp/baktistr$ xxd -r data.txt > data.bin
bandit12@bandit:/tmp/baktistr$ ls
data.bin  data.txt

Selanjutnya, kita harus periksa, file data.bin ini dikompress menggunakan cara apa dengan perintah file

bandit12@bandit:/tmp/baktistr$ file data.bin
data.bin: gzip compressed data, was "data2.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix

selanjutnya lakukan rename file sesuai dengan metode kompresi yang digunakan (proper extentions) menggunakan perintah mv.

bandit12@bandit:/tmp/baktistr$ mv data.bin data.gz
bandit12@bandit:/tmp/baktistr$ ls
data.gz  data.txt

Lalu lakukan dekompresi sesuai dengan metode kompresinya, pada kasus ini menggunakan perintah gzip -d.

bandit12@bandit:/tmp/baktistr$ gzip -d data.gz
bandit12@bandit:/tmp/baktistr$ ls
data  data.txt

Ulangi langkah sebelumnya (pengecekan file dengan perintah file, rename ekstensi file dengan perintah mv, dan dekompresi) hingga diperoleh password yang kita cari.

bandit12@bandit:/tmp/baktistr$ file data                                                                                                                                                                                                   
data: bzip2 compressed data, block size = 900k                                                                                                                                                                                             
bandit12@bandit:/tmp/baktistr$ ls                                                                                                                                                                                                          
data  data.txt                                                                                                                                                                                                                             
bandit12@bandit:/tmp/baktistr$ file data                                                                                                                                                                                                   
data: bzip2 compressed data, block size = 900k                                                                                                                                                                                             
bandit12@bandit:/tmp/baktistr$ mv data data.bz2                                                                                                                                                                                            
bandit12@bandit:/tmp/baktistr$ ls                                                                                                                                                                                                          
data.bz2  data.txt                                                                                                                                                                                                                         
bandit12@bandit:/tmp/baktistr$ bzip2 -d data.bz2
bandit12@bandit:/tmp/baktistr$ ls
data  data.txt
bandit12@bandit:/tmp/baktistr$ file data
data: gzip compressed data, was "data4.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix
bandit12@bandit:/tmp/baktistr$ mv data data.gz
bandit12@bandit:/tmp/baktistr$ gzip -d data.gz
bandit12@bandit:/tmp/baktistr$ ls
data  data.txt
bandit12@bandit:/tmp/baktistr$ file data
data: POSIX tar archive (GNU)
bandit12@bandit:/tmp/baktistr$ tar -xvf data
data5.bin
bandit12@bandit:/tmp/baktistr$ ls
data  data5.bin  data.txt
bandit12@bandit:/tmp/baktistr$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/baktistr$ tar -xvf data5.bin
data6.bin
bandit12@bandit:/tmp/baktistr$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/baktistr$ mv data6.bin data6.bz2
bandit12@bandit:/tmp/baktistr$ bzip2 -d data6.bz2
bandit12@bandit:/tmp/baktistr$ ls
data  data5.bin  data6  data.txt
bandit12@bandit:/tmp/baktistr$ file data6
data6: POSIX tar archive (GNU)
bandit12@bandit:/tmp/baktistr$ tar -xvf data6
data8.bin
bandit12@bandit:/tmp/baktistr$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix 
bandit12@bandit:/tmp/baktistr$ mv data8.bin data8.gz
bandit12@bandit:/tmp/baktistr$ gzip -dv data8.gz
data8.gz:        -4.1% -- replaced with data8
bandit12@bandit:/tmp/baktistr$ file data8
bandit12@bandit:/tmp/baktistr$ cat data8
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

Level 13 → Level 14

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on

pada level ini, tidak terdapat password yang perlu dicari untuk level selanjutnya, namun langsung diberikan sebuah sshkey yang digunakan untuk login sebagai bandit14 menggunakan perintah ssh [user]@[host] -i [sshkey]. Pada kasus ini, sesuai dengan clue pada level goal diatas, [host] menggunakan localhost.

bandit13@bandit:~$ ls                                                                                                                                                                                                                      
sshkey.private                                                                                                                                                                                                                             
bandit13@bandit:~$ cat sshkey.private                                                                                                                                                                                                      
-----BEGIN RSA PRIVATE KEY-----                                                                                                                                                                                                            
MIIEpAIBAAKCAQEAxkkOE83W2cOT7IWhFc9aPaaQmQDdgzuXCv+ppZHa++buSkN+                                                                                                                                                                           
gg0tcr7Fw8NLGa5+Uzec2rEg0WmeevB13AIoYp0MZyETq46t+jk9puNwZwIt9XgB                                                                                                                                                                           
ZufGtZEwWbFWw/vVLNwOXBe4UWStGRWzgPpEeSv5Tb1VjLZIBdGphTIK22Amz6Zb                                                                                                                                                                           
ThMsiMnyJafEwJ/T8PQO3myS91vUHEuoOMAzoUID4kN0MEZ3+XahyK0HJVq68KsV                                                                                                                                                                           
ObefXG1vvA3GAJ29kxJaqvRfgYnqZryWN7w3CHjNU4c/2Jkp+n8L0SnxaNA+WYA7                                                                                                                                                                           
jiPyTF0is8uzMlYQ4l1Lzh/8/MpvhCQF8r22dwIDAQABAoIBAQC6dWBjhyEOzjeA                                                                                                                                                                           
J3j/RWmap9M5zfJ/wb2bfidNpwbB8rsJ4sZIDZQ7XuIh4LfygoAQSS+bBw3RXvzE                                                                                                                                                                           
pvJt3SmU8hIDuLsCjL1VnBY5pY7Bju8g8aR/3FyjyNAqx/TLfzlLYfOu7i9Jet67                                                                                                                                                                           
xAh0tONG/u8FB5I3LAI2Vp6OviwvdWeC4nOxCthldpuPKNLA8rmMMVRTKQ+7T2VS                                                                                                                                                                           
nXmwYckKUcUgzoVSpiNZaS0zUDypdpy2+tRH3MQa5kqN1YKjvF8RC47woOYCktsD                                                                                                                                                                           
o3FFpGNFec9Taa3Msy+DfQQhHKZFKIL3bJDONtmrVvtYK40/yeU4aZ/HA2DQzwhe                                                                                                                                                                           
ol1AfiEhAoGBAOnVjosBkm7sblK+n4IEwPxs8sOmhPnTDUy5WGrpSCrXOmsVIBUf                                                                                                                                                                           
laL3ZGLx3xCIwtCnEucB9DvN2HZkupc/h6hTKUYLqXuyLD8njTrbRhLgbC9QrKrS                                                                                                                                                                           
M1F2fSTxVqPtZDlDMwjNR04xHA/fKh8bXXyTMqOHNJTHHNhbh3McdURjAoGBANkU                                                                                                                                                                           
1hqfnw7+aXncJ9bjysr1ZWbqOE5Nd8AFgfwaKuGTTVX2NsUQnCMWdOp+wFak40JH                                                                                                                                                                           
PKWkJNdBG+ex0H9JNQsTK3X5PBMAS8AfX0GrKeuwKWA6erytVTqjOfLYcdp5+z9s                                                                                                                                                                           
8DtVCxDuVsM+i4X8UqIGOlvGbtKEVokHPFXP1q/dAoGAcHg5YX7WEehCgCYTzpO+                                                                                                                                                                           
xysX8ScM2qS6xuZ3MqUWAxUWkh7NGZvhe0sGy9iOdANzwKw7mUUFViaCMR/t54W1                                                                                                                                                                           
GC83sOs3D7n5Mj8x3NdO8xFit7dT9a245TvaoYQ7KgmqpSg/ScKCw4c3eiLava+J                                                                                                                                                                           
3btnJeSIU+8ZXq9XjPRpKwUCgYA7z6LiOQKxNeXH3qHXcnHok855maUj5fJNpPbY                                                                                                                                                                           
iDkyZ8ySF8GlcFsky8Yw6fWCqfG3zDrohJ5l9JmEsBh7SadkwsZhvecQcS9t4vby                                                                                                                                                                           
9/8X4jS0P8ibfcKS4nBP+dT81kkkg5Z5MohXBORA7VWx+ACohcDEkprsQ+w32xeD                                                                                                                                                                           
qT1EvQKBgQDKm8ws2ByvSUVs9GjTilCajFqLJ0eVYzRPaY6f++Gv/UVfAPV4c+S0                                                                                                                                                                           
kAWpXbv5tbkkzbS0eaLPTKgLzavXtQoTtKwrjpolHKIHUz6Wu+n4abfAIRFubOdN                                                                                                                                                                           
/+aLoRQ0yBDRbdXMsZN/jvY44eM+xRLdRVyMmdPtP8belRi2E2aEzA==                                                                                                                                                                                   
-----END RSA PRIVATE KEY-----                                                                                                                                                                                                              
bandit13@bandit:~$ ssh bandit14@localhost -i sshkey.private                                                                                                                                                                                
Could not create directory '/home/bandit13/.ssh'.                                                                                                                                                                                          
The authenticity of host 'localhost (127.0.0.1)' can't be established.                                                                                                                                                                     
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.                                                                                                                                                               
Are you sure you want to continue connecting (yes/no)? yes
bandit14@bandit:~$ whoami
bandit14

Level 14 → Level 15

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

Pada level ini, kita perlu untuk mengirim password bandit14 yang terdapat pada direktori /etc/bandit_pass/bandit14 ke localhost pada port 30000. Salah satu cara yang bisa digunakan adalah dengan menggunakan perintah netcat (nc)

bandit14@bandit:~$ nc localhost 30000 < /etc/bandit_pass/bandit14
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr

Level 15 → Level 16

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…

Seperti pada level sebelumnya, namun dengan menggunakan koneksi SSL sehingga perintah nc tidak lagi bisa digunakan. Pada level ini, dapat digunakan perintah ncat --ssl dan masukan password untuk level 15

bandit15@bandit:~$ ncat --ssl -v localhost 30001
Ncat: Version 7.40 ( https://nmap.org/ncat )
Ncat: Subject: CN=localhost
Ncat: Issuer: CN=localhost
Ncat: SHA-1 fingerprint: BD63 1B80 D4F3 B6F2 2E20 1F00 7AC5 344B DC90 490D
Ncat: Certificate verification failed (self signed certificate).
Ncat: SSL connection to 127.0.0.1:30001.
Ncat: SHA-1 fingerprint: BD63 1B80 D4F3 B6F2 2E20 1F00 7AC5 344B DC90 490D
BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd

Demikian terima kasih, writeup selanjutnya : OverTheWire : Bandit Level 16 – 20 (Bahasa Indonesia)

One thought on “OverTheWire : Bandit Level 11 – 15 (Bahasa Indonesia)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.