1
00:00:00,720 --> 00:00:08,610
Hi, throughout this course, we're going to have a lot of exercises and mainly we're going to solve

2
00:00:08,640 --> 00:00:16,800
a lot of seats, captured the flags in order to learn about penetration testing and privilege escalation.

3
00:00:17,340 --> 00:00:23,400
But to start with, we're going to take a look at some CTF or capture the fly called Bendit.

4
00:00:23,670 --> 00:00:31,350
And this is a fairly simple CTF, but this will make sure that we have necessary tools or necessary

5
00:00:31,350 --> 00:00:40,110
skills in colonics or in general Linux in order to understand and in order to progress in penetration

6
00:00:40,110 --> 00:00:40,740
testing.

7
00:00:41,220 --> 00:00:49,410
So if you're certain or if you say that, yeah, I'm 100 percent sure that I have every knowledge of

8
00:00:49,410 --> 00:00:54,180
Linux, maybe you can skip this section, but I don't recommend that.

9
00:00:54,180 --> 00:01:00,870
I recommend fairly just watch this section and take notes as it's necessary.

10
00:01:01,020 --> 00:01:10,050
And even better, just do what I'm doing on your own colonics or on your own penetration testing operating

11
00:01:10,050 --> 00:01:14,210
system so that you make sure you know what I'm talking about.

12
00:01:14,670 --> 00:01:22,110
So I'm going to search for over the wire in Google, OK, because that's where our CTF is located.

13
00:01:22,530 --> 00:01:25,970
So Over the Wire is a Web site, is a portal.

14
00:01:26,430 --> 00:01:29,340
I don't even know who makes this portal.

15
00:01:29,340 --> 00:01:33,390
I don't even know the guy who makes this CTS.

16
00:01:33,480 --> 00:01:35,550
I'm not associated with them.

17
00:01:36,000 --> 00:01:42,420
So I found this Bendat that I sold it and actually I didn't even solve it.

18
00:01:42,420 --> 00:01:45,120
I'm going to solve it throughout the section.

19
00:01:45,120 --> 00:01:54,180
OK, I just sold the first couple of lectures and I told that this is the ideal CTF in order to make

20
00:01:54,180 --> 00:01:58,250
sure that we publish our colonics knowledge.

21
00:01:58,620 --> 00:02:08,010
OK, so if you have any issues connecting to this website, maybe you can use a different network or

22
00:02:08,010 --> 00:02:10,850
you can use a VPN or proxy or something like that.

23
00:02:12,090 --> 00:02:21,600
I generally prefer to isolate these kind of exercises so that you don't have any issues or you don't

24
00:02:21,600 --> 00:02:27,690
have any trouble reaching the seats that we follow or we do throughout the course.

25
00:02:27,930 --> 00:02:35,520
But this is a particular one that is not located in any corporate websites such as Hack the Bugs or

26
00:02:35,520 --> 00:02:36,450
Try Hack Me.

27
00:02:36,600 --> 00:02:37,760
This is Over The Wire.

28
00:02:37,770 --> 00:02:43,080
This is an indie CTF, but it is ideal for our purpose.

29
00:02:43,380 --> 00:02:50,880
So if you have trouble reaching over here, just make sure that Tribbitt VPN or something like that,

30
00:02:51,060 --> 00:02:58,430
or of course, you can always take notes and watch along and see if you have any missing and knowledge

31
00:02:58,620 --> 00:02:59,970
throughout the section.

32
00:03:00,150 --> 00:03:07,880
But I really recommend you do this things with me so that you learn it in a better way.

33
00:03:08,340 --> 00:03:14,340
So war games, we have a lot of seats over here and we're going to start with the first one, which

34
00:03:14,340 --> 00:03:16,140
is the Bendat, OK?

35
00:03:16,500 --> 00:03:22,640
And of course, in your own time, you can take a look at for the other seats over here as well.

36
00:03:23,640 --> 00:03:28,710
So as you can see, we have a lot of levels and we're going to start from scratch.

37
00:03:28,920 --> 00:03:33,620
Regans start from level zero and it will be fairly easy once we start.

38
00:03:33,840 --> 00:03:37,620
So don't just think that it's going to be too easy, OK?

39
00:03:37,630 --> 00:03:40,640
Once we progress, it's going to be harder.

40
00:03:41,280 --> 00:03:46,320
So make sure you follow along and maybe you can try to solve this on your own.

41
00:03:46,320 --> 00:03:53,820
First of all, OK, so if you're like an advance penetration test tester looking for OCP certification,

42
00:03:54,060 --> 00:03:57,960
maybe you can just come over here and start solving it yourself.

43
00:03:58,080 --> 00:04:03,960
If you get stuck at one point, you can just come back and look at over here, but I'm going to solve

44
00:04:03,960 --> 00:04:05,820
them one by one, OK?

45
00:04:06,150 --> 00:04:12,570
And you're going to see the solution of every possible level, at least for right now.

46
00:04:13,590 --> 00:04:20,250
So I haven't solved most of them yet and we're going to solve it together throughout the course.

47
00:04:20,460 --> 00:04:28,710
So it will just give us a better idea if they're hard or not, or if they maybe you can find some other

48
00:04:28,710 --> 00:04:32,370
tools or other solutions in a better way.

49
00:04:32,760 --> 00:04:37,500
Just let me know throughout the Q&amp;A so that I can know it in a better way.

50
00:04:38,040 --> 00:04:40,860
So as you can see, there are a couple of levels.

51
00:04:41,100 --> 00:04:51,000
And if you go to level zero, as you can see, it asks us to connect to the server using S.H. So I believe

52
00:04:51,000 --> 00:04:53,280
the first level is fairly easy.

53
00:04:53,520 --> 00:04:57,300
We can just connect and it gives us a password as well.

54
00:04:57,300 --> 00:04:59,670
So the password for the level zero is.

55
00:05:00,100 --> 00:05:00,580
Zero.

56
00:05:01,180 --> 00:05:10,870
OK, and once we go over here, I believe we're going to hack into or find some information to go over

57
00:05:10,870 --> 00:05:11,840
to the next level.

58
00:05:12,370 --> 00:05:17,490
So for the first level, we have demanded zero and we have the password Bendit Zero.

59
00:05:18,100 --> 00:05:24,740
So all you got to do, you get to run the SSA command and connect back to the server over here.

60
00:05:25,240 --> 00:05:27,260
So let me come over to my terminal.

61
00:05:27,580 --> 00:05:34,630
So it really doesn't matter if you have Carly or Parit or any other penetration testing operating system

62
00:05:35,350 --> 00:05:38,100
or any other version of Linux as well.

63
00:05:38,260 --> 00:05:40,500
Just make sure you follow along, OK?

64
00:05:40,660 --> 00:05:43,310
You have with your own operating system as well.

65
00:05:43,690 --> 00:05:45,760
So I'm going to try like this.

66
00:05:45,770 --> 00:05:53,470
So maybe this will be in a better way so that we can see the explanation and also we can see the terminal

67
00:05:53,470 --> 00:05:54,940
screen over here as well.

68
00:05:55,510 --> 00:05:57,130
So let me try like that.

69
00:05:57,490 --> 00:06:00,080
You can have it your own way as well.

70
00:06:02,230 --> 00:06:08,180
I believe I can just make this a little bit smaller so that it can fit in a better rate.

71
00:06:08,230 --> 00:06:08,620
Yep.

72
00:06:08,620 --> 00:06:09,260
Like that.

73
00:06:09,940 --> 00:06:11,870
So let's start.

74
00:06:12,580 --> 00:06:19,630
So what we got to do, we got to assess each into this website by specifying the user name.

75
00:06:19,840 --> 00:06:27,040
So we use SNH like this, cessations the command and we specify the user name, which has been the Dero.

76
00:06:27,190 --> 00:06:33,010
And we can say the host over here, which is Bendit that Lapps that over the wire dot org.

77
00:06:33,280 --> 00:06:38,290
And we can specify the part by saying that SPI 20 to 20.

78
00:06:38,650 --> 00:06:42,310
And these are all the information that is supplied for us.

79
00:06:42,320 --> 00:06:42,610
Right.

80
00:06:42,630 --> 00:06:45,320
You can see the information in the website as well.

81
00:06:45,820 --> 00:06:48,350
So make sure you check it on your own.

82
00:06:48,790 --> 00:06:49,750
So it says that.

83
00:06:49,750 --> 00:06:50,160
Yeah.

84
00:06:50,200 --> 00:06:52,690
Are you sure you want to continue connecting?

85
00:06:52,900 --> 00:06:54,370
I'm going to just say yes.

86
00:06:54,550 --> 00:06:55,000
Right.

87
00:06:55,540 --> 00:06:58,230
It asks if we want to continue or not.

88
00:06:58,240 --> 00:06:59,710
You can say yes or no.

89
00:06:59,980 --> 00:07:02,010
I'm just going to say yes.

90
00:07:02,740 --> 00:07:10,750
So now it's it's it actually edits this host to our list of known hosts.

91
00:07:10,760 --> 00:07:17,240
So I believe we're not going to be specifying yes or no from this point on.

92
00:07:17,860 --> 00:07:21,940
Now I'm going to give the password, which has been the Diro, OK?

93
00:07:22,300 --> 00:07:23,740
And I'm typing it.

94
00:07:23,740 --> 00:07:24,700
But you don't see it.

95
00:07:24,700 --> 00:07:26,710
Don't worry, it's for protection.

96
00:07:26,710 --> 00:07:30,760
You just type Bendit zero and hit enter and here you go.

97
00:07:30,780 --> 00:07:36,430
Now we are inside of the server, so let's see what we can do with this thing.

98
00:07:37,090 --> 00:07:42,790
And I believe we have to read this specification or read this message over here.

99
00:07:43,000 --> 00:07:44,380
And I believe this won't work.

100
00:07:44,380 --> 00:07:50,920
I'm just going to make it like that, OK, because it will make much more sense to use it vertically

101
00:07:50,920 --> 00:07:52,480
rather than horizontally.

102
00:07:52,750 --> 00:07:55,730
So I'm going to make this like that as well.

103
00:07:56,140 --> 00:07:58,700
OK, I'm going to make this vertical as well.

104
00:07:59,050 --> 00:08:06,880
Sorry about this, but we have to find an optimum way of working over here because it's going to take

105
00:08:06,880 --> 00:08:07,290
long.

106
00:08:07,300 --> 00:08:12,020
I believe we have 233 sections or two, three levels over here.

107
00:08:12,370 --> 00:08:17,970
So anyway, let's scan over here and see if we have something interesting.

108
00:08:18,700 --> 00:08:21,360
Now we are inside of the bend at zero.

109
00:08:21,490 --> 00:08:25,720
I can come over here and click on the level zero to level one.

110
00:08:26,110 --> 00:08:35,170
And in each level we get a request, OK, we get some instructions and it gives us some tips in order

111
00:08:35,170 --> 00:08:37,620
to proceed into the next level.

112
00:08:38,170 --> 00:08:45,430
So as you can see, it says that the password is actually start into README file.

113
00:08:45,640 --> 00:08:52,270
So I can just call, can't read me and I can't find the password for the next level.

114
00:08:52,750 --> 00:08:54,670
So it's fairly easy, as you can see.

115
00:08:54,670 --> 00:09:01,930
And if you're thinking right now, yeah, I thought that this class was advanced or some kind of like

116
00:09:02,080 --> 00:09:05,320
focused on the privileged escalation and penetration testing.

117
00:09:05,560 --> 00:09:06,400
You're right.

118
00:09:06,400 --> 00:09:07,620
We're just getting started.

119
00:09:07,630 --> 00:09:08,710
Don't worry about it.

120
00:09:09,130 --> 00:09:15,100
I'm going to run exit and I'm going to change this username to Bendit one.

121
00:09:15,420 --> 00:09:19,810
I'm going to copy this password that we have found in the Bandit zero.

122
00:09:20,060 --> 00:09:23,140
I'm going to give this password over here.

123
00:09:23,140 --> 00:09:26,080
I'm going to just paste this election and hit enter.

124
00:09:26,800 --> 00:09:28,270
So that's how it works.

125
00:09:28,270 --> 00:09:31,870
As you can see now, we are inside of the Bendit one.

126
00:09:32,260 --> 00:09:36,730
Now, we're going to keep on doing this until we reach the end of this level.

127
00:09:36,760 --> 00:09:40,590
OK, and of the level thirty three, I believe.

128
00:09:40,900 --> 00:09:46,120
So if you go to level one to level zero, which is the next step.

129
00:09:46,330 --> 00:09:52,390
So as you can see, it says that the password for the next level is stored in a file called Dasch.

130
00:09:52,960 --> 00:09:56,710
So if we say unless we can see the dash.

131
00:09:57,250 --> 00:09:59,500
But can we.

132
00:09:59,570 --> 00:10:05,930
Do chat space dash, so it's a little bit tricky, right?

133
00:10:05,950 --> 00:10:14,390
So it's actually easy if you know how it works, but if you don't know, you're just going to get stuck,

134
00:10:14,480 --> 00:10:16,050
stuck over here like that.

135
00:10:16,640 --> 00:10:22,580
So if you say cat slash dash, it asks or it waits for a parameter.

136
00:10:22,580 --> 00:10:28,820
It thinks that you're going to give some parameter to chat command and it won't work, as you can see.

137
00:10:30,200 --> 00:10:37,940
And you have to make it work in order to see the content of the dash file in order to get the password

138
00:10:37,940 --> 00:10:39,070
of the next level.

139
00:10:39,200 --> 00:10:39,600
Right.

140
00:10:39,860 --> 00:10:41,900
So this is how it's going to work.

141
00:10:42,350 --> 00:10:49,700
So I'm going to just say currency and I'm going to show you a way in order to solve this, because it's

142
00:10:49,700 --> 00:10:50,510
fairly easy.

143
00:10:50,520 --> 00:10:53,760
You just have to know the syntax syntax of this.

144
00:10:53,780 --> 00:11:00,830
OK, so if you just run, unless I play, you're going to see we don't have any other file.

145
00:11:00,950 --> 00:11:05,090
And this is indeed the file that we're supposed to read.

146
00:11:05,570 --> 00:11:08,030
So the file is named Desh.

147
00:11:08,510 --> 00:11:18,740
So it's an unfortunate name, but we can always go like this, that slash and dash like as if we are

148
00:11:18,740 --> 00:11:20,270
trying to run this.

149
00:11:20,450 --> 00:11:23,680
OK, so dot, slash, dash.

150
00:11:24,350 --> 00:11:28,860
So as you can see, we managed to get the level to password.

151
00:11:29,250 --> 00:11:36,650
Now I'm going to copy this and I'm going to come over here and just exit out of this one and I'm going

152
00:11:36,650 --> 00:11:38,420
to run this as a comment.

153
00:11:38,420 --> 00:11:40,160
But this time I'm going to run.

154
00:11:40,160 --> 00:11:41,360
It has been the two.

155
00:11:41,700 --> 00:11:48,380
It will ask me for a password and I'm going to give this password that we have found over here and I'm

156
00:11:48,380 --> 00:11:49,780
going to say paste selection.

157
00:11:50,150 --> 00:11:51,340
And here you go.

158
00:11:51,350 --> 00:11:53,630
Now we are inside of Benedito.

159
00:11:54,180 --> 00:11:56,760
And again, it's going to get harder and harder.

160
00:11:56,780 --> 00:11:57,380
Don't worry.

161
00:11:57,950 --> 00:12:03,640
So if I run the SLA, I will see something like spaces in this.

162
00:12:04,220 --> 00:12:05,140
And here you go.

163
00:12:05,150 --> 00:12:11,140
It says that this password for the next level is just starting this file.

164
00:12:11,480 --> 00:12:15,920
And I believe this is asking for to do it one more time.

165
00:12:16,160 --> 00:12:25,220
But it's actually asking us if we know how to run this file with spaces.

166
00:12:25,220 --> 00:12:29,830
Have to if we know the syntax of this or not is fairly easy.

167
00:12:29,840 --> 00:12:32,360
Again, most of you know this by now.

168
00:12:32,360 --> 00:12:36,140
I believe you can just run spaces and he'd tap in order.

169
00:12:36,150 --> 00:12:37,070
Total, complete.

170
00:12:37,190 --> 00:12:40,280
But if autocomplete doesn't work, you can write it like this.

171
00:12:40,280 --> 00:12:48,860
If you want to give us space, you can just write back backwards and do your space and then just write

172
00:12:48,860 --> 00:12:51,750
the rest of the file name like that.

173
00:12:52,310 --> 00:12:54,610
OK, so this is how it goes.

174
00:12:54,980 --> 00:12:59,800
So if I hit enter over here, I will get the password for the next level as well.

175
00:13:00,230 --> 00:13:03,470
So these are pretty easy, as you can see.

176
00:13:03,920 --> 00:13:10,790
But again, this is going to get harder and I believe you will learn something in the section that you

177
00:13:10,790 --> 00:13:11,960
haven't learned before.

178
00:13:12,680 --> 00:13:14,780
So I'm going to exit out of this one.

179
00:13:14,780 --> 00:13:20,840
I'm going to cope with this one and I'm going to go into the and the tree over here.

180
00:13:21,320 --> 00:13:24,410
So let's see if this works or not, OK?

181
00:13:24,860 --> 00:13:30,260
And make sure you copy and paste it when the password is asked from us.

182
00:13:31,640 --> 00:13:32,870
So here you go.

183
00:13:32,870 --> 00:13:34,730
Now we are in the band, the three.

184
00:13:34,730 --> 00:13:40,640
I believe we can stop here and continue within the next lecture for the rest of the levels.