WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates.

What, Why and How

• “What the Hack” is a challenge based hackathon format
• Challenges describe high-level tasks and goals to be accomplished
• Challenges are not step-by-step labs
• Attendees work in teams of 3 to 5 people to solve the challenges
• Attendees “learn from” and “share with” each other
• By having to “figure it out”, attendee knowledge retention is greater
• Proctors provide guidance, but not answers to the teams
• Emcees provide lectures & demos to setup challenges & review solutions
• What the Hack can be hosted in-person or virtually via MS Teams

How to Add Your Hack
We welcome all new hacks! The process for doing this is:

• Fork this repo into your own github account
• Create a new branch for your work
• Add a new top level folder using the next number in sequence, eg:
  • 011-BigNewHack
• Within this folder, create two folders, each with two folders with in that looks like this:
  • Host
    • Guides
    • Solutions
  • Student
    • Guides
    • Resources
• The content of each folder should be:
  • Student/Guides: The Student’s Guide
  • Student/Resources: Any template or “starter” files that students may need in challenges
  • Host/Guides: The Proctor’s Guide lives here as well as any Lecture slide decks
  • Host/Solutions: Specific files that the proctors might need that have solutions in them.
• Once your branch and repo have all your content and it formatted correctly, follow the instructions on this page to submit a pull request back to the main repository:
  • https://help.github.com/articles/creating-a-pull-request-from-a-fork/

The post WhatTheHack – A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates appeared first on Tech Chronicles.

What is OverTheWire?

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

Link: https://overthewire.org

What is OverTheWire Bandit?

The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.

Getting Started

To get started with the wargames, you need to use SSH to connect to the OverTheWire bandit servers, you can do this by using SSH clients on both Windows and Linux. The preferred SSH client for Windows is Putty and the preferred client for Linux is OpenSSH.

You can install the OpenSSH client on Linux by running the following command:

sudo apt-get install openssh-client

Alternatively, if you are running an Arch-based distribution you can run the following command with pacman:

sudo pacman -S openssh

After you have an SSH client installed you can connect to the OverTheWire Bandit server by using the following syntax.

ssh username@address -p <port>

Level 0 – 1

We can get started with level 0 by connecting to the server with the following credentials:

Username: bandit0

Password: bandit0

We can connect to the server via SSH with the following syntax:

ssh bandit0@bandit.labs.overthewire.org -p 2220

After authenticating with the server, we should have access as bandit0. After listing the files in the current working directory, we are greeted with a readme file. We get the password for the next level by displaying the content of the file.

Level 1 – 2

The objective for this level is to display the content of a file called -. After displaying the content of the file with cat, we get the password for the next level.

Level 2 – 3

The objective for this level is to display the content of a file with spaces in the filename. We can use cat to display the content of the file as shown in the screenshot below.

Level 3 – 4

The password for level 4 can be found in the inhere directory. After listing the files in the directory, we are greeted with a dot file called .hidden. We can use cat to display the content of the file to get the next password.

Level 4 – 5

This level involves finding a human-readable file stored in the inhere directory. We can utilize the find command in conjunction with the xargs utility. This will display the files in the directory and their type. In this case, we find that the only human-readable file in the directory is -file07. We can use cat to display the content of the file to get the password for the next level.

Level 5 – 6

This level involves finding a file in the inhere directory with specific parameters:

• Is human-readable
• 1033 bytes in size
• not executable

We can utilize the find command with specific arguments tailored to the specific characteristics of the file we are looking for.

find . -type -f -size 1033c ! -executable

After running the command, we find that the file that matches the search parameters is .file2. We can display the content of the file with cat to get the password for the next level.

Level 6 – 7

Similar to level 5, this level involves finding a file on the server with specific parameters and ownership permissions:

• Owner by user bandit7
• owned by group bandit6
• 33 bytes in size

We can use the find command with the following options and parameters to fine-tune our results.

find / -type f -user bandit7 -group bandit6 -size 33c

After running the command we find the file that we were looking for.

The post OverTheWire Bandit Walkthrough – Level 0 – 6 appeared first on Tech Chronicles.