02/ done

nuoxoxo · Nov 16, 2024 · e920cb0 · e920cb0
2 parents 0f11319 + 4bd730f
commit e920cb0
Show file tree

Hide file tree

Showing 9 changed files with 102 additions and 69 deletions.
diff --git a/README.mdx b/README.mdx
@@ -1,17 +1,14 @@
-# tokens
-
 ```b
-level00  level00 
 flag00  nottoohardhere 
 level01  x24ti5gi3x0ol2eh4esiuxias
 flag01  abcdefg
 level02  f2av5il02puano7naaf6adaaf
 ```
 
 
-# SSH into VM on host
+# SSH
 
-```rb
+```b
 $ ifconfig
 $ ifconfig | grep inet
 $ ifconfig | grep 'inet ' | awk 'NR==2'
@@ -22,7 +19,7 @@ $ ssh level00@$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}') -p 4242
 
 - to begin with
 
-```
+```b
 $ ls -l
 $ find / -user level00 
 $ find / -user level00 2>/dev/null
@@ -44,32 +41,21 @@ for i in range(26):
     print(i, ''.join(chr(a + (ord(c) - a + i) % 26) for c in 'cdiiddwpgswtgt'))
 ```
 
-- swicth to user `flag00`
-
-```sh
-$ su flag00
-Password: nottoohardhere
-```
-
 # 00 - token
 
-```j
-> x24ti5gi3x0ol2eh4esiuxias
+```b
+> su flag00
+Password: nottoohardhere
+> su level01
+> Password: x24ti5gi3x0ol2eh4esiuxias
 ```
 
 
 # 01
 
-- use token `x24...` from the last level
-
-```
-$ su level01
-$ Password: x24ti5gi3x0ol2eh4esiuxias
-```
-
 - take a look at legacy folder `/etc/passwd`
 
-```
+```b
 $ cat /etc/passwd
 $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}'
 
@@ -78,14 +64,16 @@ $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}'
 $ john --show <(cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}')
 ```
 
-- get and use `john` on host:
+- use our own _`do_john`_ script
 
-```
+```b
 $ chmod +x do_john.sh
 $ ./do_john.sh
+```
 
-OR
+- or download and use _`john`_
 
+```b
 $ wget https://download.openwall.net/pub/projects/john/contrib/macosx/john-1.8.0.9-jumbo-macosx_sse4.zip
 $ tar -xvf john-1.8.0.9-jumbo-macosx_sse4.zip
 $ cd john-1.8.0.9-jumbo-macosx_sse4
@@ -94,16 +82,27 @@ $ ./john __test
 $ ./john --show __test
 ```
 
-- VM
+# 01 - token
 
-```
-$ su flag01
+```b
+> su flag01
 Password: abcdefg
+> su level02
+> Password: f2av5il02puano7naaf6adaaf
 ```
 
-# 01 - token
 
-```r
-> f2av5il02puano7naaf6adaaf
+# 02
+
+- new stuff
+  - `realpath` - get the full absolute filepath
+  - `scp` - secure copy - `scp username@ip:path _local_`
+  - `~.pcap` - a Packet Capture to store network packet data captured during network traffic monitoring
+```b
+> ls -l
+----r--r-- 1 flag02 level02 level02.pcap
+^ which means a regular file
+
+> scp -P 4242 [email protected]:/home/user/level02/level02.pcap $(pwd)
 ```
 
diff --git a/go.js b/go.js
@@ -26,9 +26,10 @@ function get_readme_path(dir) {
 
 function get_readme_content() {
 
-  let content = fs.readFileSync('/home/runner/work/cfo/cfo/tokens.mdx', 'utf-8')
+  let content = fs.readFileSync(__dirname + '/tokens.mdx', 'utf-8')
   const readmes = get_readme_path(__dirname)
-  console.log(__dirname)
+  // console.log(__dirname)
+  // /home/runner/work/cfo/cfo
 
   readmes.forEach(path => {
     content += '\n\n' + fs.readFileSync(path, 'utf-8')// + '\n\n' + content

diff --git a/level00/README.mdx b/level00/README.mdx
@@ -1,6 +1,6 @@
-# SSH into VM on host
+# SSH
 
-```rb
+```b
 $ ifconfig
 $ ifconfig | grep inet
 $ ifconfig | grep 'inet ' | awk 'NR==2'
@@ -11,7 +11,7 @@ $ ssh level00@$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}') -p 4242
 
 - to begin with
 
-```
+```b
 $ ls -l
 $ find / -user level00 
 $ find / -user level00 2>/dev/null
@@ -33,15 +33,11 @@ for i in range(26):
     print(i, ''.join(chr(a + (ord(c) - a + i) % 26) for c in 'cdiiddwpgswtgt'))
 ```
 
-- swicth to user `flag00`
-
-```sh
-$ su flag00
-Password: nottoohardhere
-```
-
 # 00 - token
 
-```j
-> x24ti5gi3x0ol2eh4esiuxias
+```b
+> su flag00
+Password: nottoohardhere
+> su level01
+> Password: x24ti5gi3x0ol2eh4esiuxias
 ```
diff --git a/level01/README.mdx b/level01/README.mdx
@@ -1,15 +1,8 @@
 # 01
 
-- use token `x24...` from the last level
-
-```
-$ su level01
-$ Password: x24ti5gi3x0ol2eh4esiuxias
-```
-
 - take a look at legacy folder `/etc/passwd`
 
-```
+```b
 $ cat /etc/passwd
 $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}'
 
@@ -18,14 +11,16 @@ $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}'
 $ john --show <(cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}')
 ```
 
-- get and use `john` on host:
+- use our own _`do_john`_ script
 
-```
+```b
 $ chmod +x do_john.sh
 $ ./do_john.sh
+```
 
-OR
+- or download and use _`john`_
 
+```b
 $ wget https://download.openwall.net/pub/projects/john/contrib/macosx/john-1.8.0.9-jumbo-macosx_sse4.zip
 $ tar -xvf john-1.8.0.9-jumbo-macosx_sse4.zip
 $ cd john-1.8.0.9-jumbo-macosx_sse4
@@ -34,15 +29,11 @@ $ ./john __test
 $ ./john --show __test
 ```
 
-- VM
-
-```
-$ su flag01
-Password: abcdefg
-```
-
 # 01 - token
 
-```r
-> f2av5il02puano7naaf6adaaf
+```b
+> su flag01
+Password: abcdefg
+> su level02
+> Password: f2av5il02puano7naaf6adaaf
 ```
diff --git a/level02/README.mdx b/level02/README.mdx
@@ -0,0 +1,13 @@
+# 02
+
+- new stuff
+  - `realpath` - get the full absolute filepath
+  - `scp` - secure copy - `scp username@ip:path _local_`
+  - `~.pcap` - a Packet Capture to store network packet data captured during network traffic monitoring
+```b
+> ls -l
+----r--r-- 1 flag02 level02 level02.pcap
+^ which means a regular file
+
+> scp -P 4242 [email protected]:/home/user/level02/level02.pcap $(pwd)
+```
diff --git a/level02/__tcpstream b/level02/__tcpstream
@@ -0,0 +1,22 @@
+    000000D6  00 0d 0a 50 61 73 73 77  6f 72 64 3a 20            ...Passw ord: 
+000000B9  66                                                 f
+000000BA  74                                                 t
+000000BB  5f                                                 _
+000000BC  77                                                 w
+000000BD  61                                                 a
+000000BE  6e                                                 n
+000000BF  64                                                 d
+000000C0  72                                                 r
+000000C1  7f                                                 .
+000000C2  7f                                                 .
+000000C3  7f                                                 .
+000000C4  4e                                                 N
+000000C5  44                                                 D
+000000C6  52                                                 R
+000000C7  65                                                 e
+000000C8  6c                                                 l
+000000C9  7f                                                 .
+000000CA  4c                                                 L
+000000CB  30                                                 0
+000000CC  4c                                                 L
+000000CD  0d                                                 .
diff --git a/level02/decode.py b/level02/decode.py
@@ -0,0 +1,14 @@
+infile = [[n[-2], n[-1]] for n in [_.split() for _ in open(0).read().split('\n') if len(_.split()) == 3]]
+res = ''
+for i, line in enumerate(infile):
+    print('line/', line, 'i/', i)
+    l, r = line
+    if l == '7f':
+        res = res[:-1]
+    elif r != '.':
+        res += r
+    else:
+        assert(l == '0d')
+print('res/', res)
+
+
diff --git a/level02/level02.pcap b/level02/level02.pcap
diff --git a/tokens.mdx b/tokens.mdx
@@ -1,7 +1,4 @@
-# tokens
-
 ```b
-level00  level00 
 flag00  nottoohardhere 
 level01  x24ti5gi3x0ol2eh4esiuxias
 flag01  abcdefg