# Bandit Writeup(Level 11-21)

## 1. Level 11

### 1.1. 关卡目标

The password for the next level is stored in the file data.txt,
where all lowercase (a-z) and uppercase (A-Z) letters have been
rotated by 13 positions

## 2. Level 12

### 2.1. 关卡目标

The password for the next level is stored in the file data.txt,
which is a hexdump of a file that has been repeatedly compressed.
For this level it may be useful to create a directory under /tmp in
which you can work using mkdir. For example: mkdir /tmp/myname123.
Then copy the datafile using cp, and rename it using mv (read the
manpages!)

### 2.2. 解决方案

425A68 反查发现是 bzip2

7573746172 反查得到是 tar

425A68 是 bzip2, 上面出现过了

## 3. Level 13

### 3.1. 关卡目标

The password for the next level is stored in
/etc/bandit_pass/bandit14 and can only be read by user
bandit14
. For this level, you don’t get the next password, but you
get a private SSH key that can be used to log into the next level.
Note: localhost is a hostname that refers to the machine
you are working on

## 4. Level 14

### 4.1. 关卡目标

The password for the next level can be retrieved by submitting the
password of the current level to port 30000 on localhost.

## 5. Level 15

### 5.1. 关卡目标

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…

## 6. Level 16

### 6.1. 关卡目标

The credentials for the next level can be retrieved by submitting the
password of the current level to a port on localhost in the range
31000 to 32000
. First find out which of these ports have a server
listening on them. Then find out which of those speak SSL and which
don’t. There is only 1 server that will give the next credentials, the
others will simply send back to you whatever you send to it.

## 7. Level 17

### 7.1. 关卡目标

NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19

## 8. Level 18

### 8.1. 关卡目标

The password for the next level is stored in a file readme in
the homedirectory. Unfortunately, someone has modified .bashrc

## 9. Level 19

### 9.1. 关卡目标

To gain access to the next level, you should use the setuid binary
in the homedirectory. Execute it without arguments to find out how
to use it. The password for this level can be found in the usual
place (/etc/bandit_pass), after you have used the setuid binary.

## 10. Level 20

### 10.1. 关卡目标

There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).

NOTE: Try connecting to your own network daemon to see if it works as you think

### 10.2. 解决方案

[xxx]表示其终端名或正处于的命令名

[[xxx]]表示输入的按键组合或字符

## 11. Level 21

### 11.1. 关卡目标

A program is running automatically at regular intervals from
cron, the time-based job scheduler. Look in /etc/cron.d/ for
the configuration and see what command is being executed.