I really enjoyed bandit, as there were many commands that I just don't get to use with any kind of day to day regularity. Most of my training has been self directed as they don't teach Linux in physics or computer science; you are expected to know it or learn it yourself.
For example, the level 11 the password was encrypted using rot13. Fortunately I had heard of that protocol years ago and all that remained really was to write a one liner to decode the file, which for fun I turned that into a script called rot13.sh that takes a file as argument 1 and generates a new file given by argument 2. Careful, you can clobber things because it doesn't really check to make sure of anything at all.
#!/bin/bash
# ultimate secret encryption protocol rot13
set -e
if [ -z "$2" ]; then
cat $1 | tr 'A-Za-z' 'N-ZA-Mn-za-m'
else
cat "$1" | tr 'A-Za-z' 'N-ZA-Mn-za-m' > "$2"
fi
Learning things on your own is fun and rewarding, but sometimes it is nice to have direction. To that end becoming involved with an organization dedicated to providing IT has been extremely helpful for me. I have taken advantage of as much of their training program as possible. But even then, sometimes basic things get skipped over, like the command: file.
File target
will tell you what kind of file the target is: a bin(ary), ASCII text, gzip or what have you because you can't necessarily tell by the extension. The extensions are meant to be helpful indicators but they are by no means enforced. This was a fairly important command for level 12. Because the file had been compressed multiple times you needed to use the file command to determine how which compression tool to use next, and when you were done compressing. The file command looks at various properties of the file itself in an attempt to determine the information. You can consult the man pages (of course!) for more information on the specifics there, as I recall there are magic cookies waiting if you do.
Lastly, level 13 gives you someone's private key. Ouch! If you have that it is probably better than the password itself assuming that the other person uses ssh to move around. You just have to copy the key into your .ssh directory, chmod 700, then ssh -i ~/.ssh/privatekey user@destination.org.
Keys are a great thing, and if you haven't set your own private key up, try it just for fun. It's just a file so it doesn't take up any room really, but you want to keep it protected if you are ever going to use it. There are lots of good instructions out there about how to:
ssh-keygen -b 4096
what it does, and so on. Some of my favorite additional commands once you are up and running are
ssh-agent bash
and
ssh-add -t 3600
to add an hour of no password prompting, particularly if I am running ssh for-loops for things. Probably at some point there will be something more robust than this, but by setting your bit level nice and high you are presumably making it hard for people to eavesdrop. And yes, the encryption offered by RSA keys rivals my super secret encryption protocol rot13 even.
No comments:
Post a Comment