시작
안녕하세요 :D
보안에 막 뛰어든 뉴비 해커입니다.
지금부터 리눅스(Linux) 라는 운영체제를 CTF 문제를 통해 쉽게 익히도록 도와주는
overthewire 의 Bandit 수준을 풀어보도록 하겠습니다.
접속 방법
overthewire 홈페이지(http://overthewire.org/wargames/)
접속 후 Bandit 탭으로 가보면 Level 들이 있는 것을 확인할 수 있습니다.
이제, Level 0 으로 가보겠습니다.
Level Goal
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
첫 번째 과제는 SSH를 사용하여 워게임 서버에 접속하는 것입니다.
도메인은 bandit.labs.overthewire.org, 포트번호는 2220
계정은 bandit0, 비밀번호는 bandit0 이라고 주어졌습니다.
이를 이용해 서버에 접속해봅시다.
ssh 명령어의 문법은 다음과 같습니다.
ssh [user_name]@[domain] -p[port_number]
root@goorm:/# ssh bandit0@bandit.labs.overthewire.org -p2220
접속에 성공했다면
Linux bandit 4.18.12 x86_64 GNU/Linux
,----.. ,----, .---.
/ / \ ,/ .`| /. ./|
/ . : ,` .' : .--'. ' ;
. / ;. \ ; ; / /__./ \ : |
. ; / ` ; .'___,/ ,' .--'. ' \' .
; | ; \ ; | | : | /___/ \ | ' '
| : | ; | ' ; |.'; ; ; \ \; :
. | ' ' ' : `----' | | \ ; ` |
' ; \; / | ' : ; . \ .\ ;
\ \ ', / | | ' \ \ ' \ |
; : / ' : | : ' |--"
\ \ .' ; |.' \ \ ;
www. `---` ver '---' he '---" ire.org
Welcome to OverTheWire!
If you find any problems, please report them to Steven or morla on
irc.overthewire.org.
--[ Playing the games ]--
This machine might hold several wargames.
If you are playing "somegame", then:
* USERNAMES are somegame0, somegame1, ...
* Most LEVELS are stored in /somegame/.
* PASSWORDS for each level are stored in /etc/somegame_pass/.
Write-access to homedirectories is disabled. It is advised to create a
working directory with a hard-to-guess name in /tmp/. You can use the
command "mktemp -d" in order to generate a random and hard to guess
directory in /tmp/. Read-access to both /tmp/ and /proc/ is disabled
so that users can not snoop on eachother. Files and directories with
easily guessable or short names will be periodically deleted!
Please play nice:
* don't leave orphan processes running
* don't leave exploit-files laying around
* don't annoy other players
* don't post passwords or spoilers
* again, DONT POST SPOILERS!
This includes writeups of your solution on your blog or website!
--[ Tips ]--
This machine has a 64bit processor and many security-features enabled
by default, although ASLR has been switched off. The following
compiler flags might be interesting:
-m32 compile for 32bit
-fno-stack-protector disable ProPolice
-Wl,-z,norelro disable relro
In addition, the execstack tool can be used to flag the stack as
executable on ELF binaries.
Finally, network-access is limited for most levels by a local
firewall.
--[ Tools ]--
For your convenience we have installed a few usefull tools which you can find
in the following locations:
* pwndbg (https://github.com/pwndbg/pwndbg) in /usr/local/pwndbg/
* peda (https://github.com/longld/peda.git) in /usr/local/peda/
* gdbinit (https://github.com/gdbinit/Gdbinit) in /usr/local/gdbinit/
* pwntools (https://github.com/Gallopsled/pwntools)
* radare2 (http://www.radare.org/)
* checksec.sh (http://www.trapkit.de/tools/checksec.html) in /usr/local/bin/checksec.sh
--[ More information ]--
For more information regarding individual wargames, visit
http://www.overthewire.org/wargames/
For support, questions or comments, contact us through IRC on
irc.overthewire.org #wargames.
Enjoy your stay!
와 같은 화면이 출력됩니다.
우리는 이 서버에서 다양한 리눅스 명령어들을 배워갈 예정입니다 :D
마무리
Bandit Level 0의 과제는 SSH를 이용해 워게임 서버에 접속하는 것이었습니다.
이를 통해 ssh 명령어의 사용법을 익혔고 본격적으로 문제들을 해결할 준비를 마쳤습니다.
그럼, Level 0 → Level 1 에서 다시 만나요 !
'CTF_Write_UP > overthewire' 카테고리의 다른 글
| Overthewire : Bandit Level 4 → Level 5 (0) | 2019.04.11 |
|---|---|
| Overthewire : Bandit Level 3 → Level 4 (0) | 2019.04.11 |
| Overthewire : Bandit Level 2 → Level 3 (0) | 2019.04.11 |
| Overthewire : Bandit Level 1 → Level 2 (0) | 2019.04.11 |
| Overthewire : Bandit Level 0 → Level 1 (1) | 2019.04.11 |