Download PuTTY. https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Copy the Host and the Port.
Click on Open
Enter the username- bandit0
Following message will be displayed
* USERNAMES are somegame0, somegame1, ... * Most LEVELS are stored in /somegame/. * PASSWORDS for each level are stored in /etc/somegame_pass/.
Write-access to homedirectories is disabled. It is advised to create a
working directory with a hard-to-guess name in /tmp/. You can use the
command “mktemp -d” in order to generate a random and hard to guess
directory in /tmp/. Read-access to both /tmp/ and /proc/ is disabled
so that users can not snoop on eachother. Files and directories with
easily guessable or short names will be periodically deleted!
Please play nice:
* don't leave orphan processes running * don't leave exploit-files laying around * don't annoy other players * don't post passwords or spoilers * again, DONT POST SPOILERS! This includes writeups of your solution on your blog or website!
–[ Tips ]–
This machine has a 64bit processor and many security-features enabled
by default, although ASLR has been switched off. The following
compiler flags might be interesting:
-m32 compile for 32bit -fno-stack-protector disable ProPolice -Wl,-z,norelro disable relro
In addition, the execstack tool can be used to flag the stack as
executable on ELF binaries.
Finally, network-access is limited for most levels by a local
–[ Tools ]–
For your convenience we have installed a few usefull tools which you can
in the following locations:
* pwndbg (https://github.com/pwndbg/pwndbg) in /usr/local/pwndbg/ * peda (https://github.com/longld/peda.git) in /usr/local/peda/ * gdbinit (https://github.com/gdbinit/Gdbinit) in /usr/local/gdbinit/ * pwntools (https://github.com/Gallopsled/pwntools) * radare2 (http://www.radare.org/) * checksec.sh (http://www.trapkit.de/tools/checksec.html) in /usr/locachecksec.sh