diff --git a/README.mdx b/README.mdx index 3b80a85..c7cb41d 100644 --- a/README.mdx +++ b/README.mdx @@ -1,7 +1,4 @@ -# tokens - ```b -level00 level00 flag00 nottoohardhere level01 x24ti5gi3x0ol2eh4esiuxias flag01 abcdefg @@ -9,9 +6,9 @@ level02 f2av5il02puano7naaf6adaaf ``` -# SSH into VM on host +# SSH -```rb +```b $ ifconfig $ ifconfig | grep inet $ ifconfig | grep 'inet ' | awk 'NR==2' @@ -22,7 +19,7 @@ $ ssh level00@$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}') -p 4242 - to begin with -``` +```b $ ls -l $ find / -user level00 $ find / -user level00 2>/dev/null @@ -44,32 +41,21 @@ for i in range(26): print(i, ''.join(chr(a + (ord(c) - a + i) % 26) for c in 'cdiiddwpgswtgt')) ``` -- swicth to user `flag00` - -```sh -$ su flag00 -Password: nottoohardhere -``` - # 00 - token -```j -> x24ti5gi3x0ol2eh4esiuxias +```b +> su flag00 +Password: nottoohardhere +> su level01 +> Password: x24ti5gi3x0ol2eh4esiuxias ``` # 01 -- use token `x24...` from the last level - -``` -$ su level01 -$ Password: x24ti5gi3x0ol2eh4esiuxias -``` - - take a look at legacy folder `/etc/passwd` -``` +```b $ cat /etc/passwd $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}' @@ -78,14 +64,16 @@ $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}' $ john --show <(cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}') ``` -- get and use `john` on host: +- use our own _`do_john`_ script -``` +```b $ chmod +x do_john.sh $ ./do_john.sh +``` -OR +- or download and use _`john`_ +```b $ wget https://download.openwall.net/pub/projects/john/contrib/macosx/john-1.8.0.9-jumbo-macosx_sse4.zip $ tar -xvf john-1.8.0.9-jumbo-macosx_sse4.zip $ cd john-1.8.0.9-jumbo-macosx_sse4 @@ -94,16 +82,27 @@ $ ./john __test $ ./john --show __test ``` -- VM +# 01 - token -``` -$ su flag01 +```b +> su flag01 Password: abcdefg +> su level02 +> Password: f2av5il02puano7naaf6adaaf ``` -# 01 - token -```r -> f2av5il02puano7naaf6adaaf +# 02 + +- new stuff + - `realpath` - get the full absolute filepath + - `scp` - secure copy - `scp username@ip:path _local_` + - `~.pcap` - a Packet Capture to store network packet data captured during network traffic monitoring +```b +> ls -l +----r--r-- 1 flag02 level02 level02.pcap +^ which means a regular file + +> scp -P 4242 level02@192.168.X.X:/home/user/level02/level02.pcap $(pwd) ``` diff --git a/go.js b/go.js index 9e58f25..c03011e 100644 --- a/go.js +++ b/go.js @@ -26,9 +26,10 @@ function get_readme_path(dir) { function get_readme_content() { - let content = fs.readFileSync('/home/runner/work/cfo/cfo/tokens.mdx', 'utf-8') + let content = fs.readFileSync(__dirname + '/tokens.mdx', 'utf-8') const readmes = get_readme_path(__dirname) - console.log(__dirname) + // console.log(__dirname) + // /home/runner/work/cfo/cfo readmes.forEach(path => { content += '\n\n' + fs.readFileSync(path, 'utf-8')// + '\n\n' + content diff --git a/level00/README.mdx b/level00/README.mdx index ecf61f4..54bbc5a 100644 --- a/level00/README.mdx +++ b/level00/README.mdx @@ -1,6 +1,6 @@ -# SSH into VM on host +# SSH -```rb +```b $ ifconfig $ ifconfig | grep inet $ ifconfig | grep 'inet ' | awk 'NR==2' @@ -11,7 +11,7 @@ $ ssh level00@$(ifconfig | grep 'inet ' | awk 'NR==2 {print $2}') -p 4242 - to begin with -``` +```b $ ls -l $ find / -user level00 $ find / -user level00 2>/dev/null @@ -33,15 +33,11 @@ for i in range(26): print(i, ''.join(chr(a + (ord(c) - a + i) % 26) for c in 'cdiiddwpgswtgt')) ``` -- swicth to user `flag00` - -```sh -$ su flag00 -Password: nottoohardhere -``` - # 00 - token -```j -> x24ti5gi3x0ol2eh4esiuxias +```b +> su flag00 +Password: nottoohardhere +> su level01 +> Password: x24ti5gi3x0ol2eh4esiuxias ``` diff --git a/level01/README.mdx b/level01/README.mdx index 3cbfb09..8ab9faa 100644 --- a/level01/README.mdx +++ b/level01/README.mdx @@ -1,15 +1,8 @@ # 01 -- use token `x24...` from the last level - -``` -$ su level01 -$ Password: x24ti5gi3x0ol2eh4esiuxias -``` - - take a look at legacy folder `/etc/passwd` -``` +```b $ cat /etc/passwd $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}' @@ -18,14 +11,16 @@ $ cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}' $ john --show <(cat /etc/passwd | grep -i flag01 | awk -F: '{print $2}') ``` -- get and use `john` on host: +- use our own _`do_john`_ script -``` +```b $ chmod +x do_john.sh $ ./do_john.sh +``` -OR +- or download and use _`john`_ +```b $ wget https://download.openwall.net/pub/projects/john/contrib/macosx/john-1.8.0.9-jumbo-macosx_sse4.zip $ tar -xvf john-1.8.0.9-jumbo-macosx_sse4.zip $ cd john-1.8.0.9-jumbo-macosx_sse4 @@ -34,15 +29,11 @@ $ ./john __test $ ./john --show __test ``` -- VM - -``` -$ su flag01 -Password: abcdefg -``` - # 01 - token -```r -> f2av5il02puano7naaf6adaaf +```b +> su flag01 +Password: abcdefg +> su level02 +> Password: f2av5il02puano7naaf6adaaf ``` diff --git a/level02/README.mdx b/level02/README.mdx new file mode 100644 index 0000000..2460b3e --- /dev/null +++ b/level02/README.mdx @@ -0,0 +1,13 @@ +# 02 + +- new stuff + - `realpath` - get the full absolute filepath + - `scp` - secure copy - `scp username@ip:path _local_` + - `~.pcap` - a Packet Capture to store network packet data captured during network traffic monitoring +```b +> ls -l +----r--r-- 1 flag02 level02 level02.pcap +^ which means a regular file + +> scp -P 4242 level02@192.168.X.X:/home/user/level02/level02.pcap $(pwd) +``` diff --git a/level02/__tcpstream b/level02/__tcpstream new file mode 100644 index 0000000..1f5ee04 --- /dev/null +++ b/level02/__tcpstream @@ -0,0 +1,22 @@ + 000000D6 00 0d 0a 50 61 73 73 77 6f 72 64 3a 20 ...Passw ord: +000000B9 66 f +000000BA 74 t +000000BB 5f _ +000000BC 77 w +000000BD 61 a +000000BE 6e n +000000BF 64 d +000000C0 72 r +000000C1 7f . +000000C2 7f . +000000C3 7f . +000000C4 4e N +000000C5 44 D +000000C6 52 R +000000C7 65 e +000000C8 6c l +000000C9 7f . +000000CA 4c L +000000CB 30 0 +000000CC 4c L +000000CD 0d . diff --git a/level02/decode.py b/level02/decode.py new file mode 100644 index 0000000..f132a30 --- /dev/null +++ b/level02/decode.py @@ -0,0 +1,14 @@ +infile = [[n[-2], n[-1]] for n in [_.split() for _ in open(0).read().split('\n') if len(_.split()) == 3]] +res = '' +for i, line in enumerate(infile): + print('line/', line, 'i/', i) + l, r = line + if l == '7f': + res = res[:-1] + elif r != '.': + res += r + else: + assert(l == '0d') +print('res/', res) + + diff --git a/level02/level02.pcap b/level02/level02.pcap new file mode 100755 index 0000000..25683c2 Binary files /dev/null and b/level02/level02.pcap differ diff --git a/tokens.mdx b/tokens.mdx index 246b81e..6968d02 100644 --- a/tokens.mdx +++ b/tokens.mdx @@ -1,7 +1,4 @@ -# tokens - ```b -level00 level00 flag00 nottoohardhere level01 x24ti5gi3x0ol2eh4esiuxias flag01 abcdefg