OverTheWire Bandit

https://overthewire.org/wargames/bandit/
This site is great for learning the Linux command line.
Here is a walkthrough of the challenge questions. 

Level 0

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

The majority of these challenges will require an ssh connection to the target host. Gaining access to the machine with the provided credentials is all we have to do.
"The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game."


We can see the readme file if we use the ls command to list the contents of the current directory.
cat is the command used to print files output to the terminal.
copy and paste this flag into the password promt when connecting to level 2

Level 1

"The password for the next level is stored in a file called spaces in this filename located in the home directory"


using the flag from the last challenge we can ssh into user bandit1 and list out the contents of the present directory. In order to cat the contents of the file with an obscure name like "-", we can specify the full path.. the -l flag outputs in list format and adds some columns of data.

Level 2

"The password for the next level is stored in a file called spaces in this filename located in the home directory. "

The terminal doesn't handle random spaces well, it thinks you finish the pathname as soon as it sees a space. It is best to avoid naming this way although no problem. With a backslash before any space the path will work fine. 

also to be more efficient we can use the tab autocomplete.. 
start typing the first letters of the path then press tab.

Level 3

"The password for the next level is stored in a hidden file in the inhere directory."

If we ls the contents of the current directory after logging into bandit3, we can see the inhere directory. We could change directories with cd command, but I chose to use ls and specify the path instead. I also added the -a tag to ls in order to list hidden files. 
Now that we found the .hidden file we can cat it out from our current directory as well if we specify the path.

Level 4

"The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command."

Change to the inhere directory and list the contents. 9 files, ASCII text files are what we are looking for. These will be human readable. the file command can be used against all the files in this directory if we use the *. So -file07 contains ASCII text and cat it out for the password.

Level 5

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
  • human-readable
  • 1033 bytes in size
  • not executable
This challenge expects us to filter out for these specific file types. The find command will do the job. The -size flag paired with letter (c) for bytes after the number is used. the -executable flag can be used with the not operator (!) . and for human readable, while there are multiple ways to do this, its not necessary to find the file and not many easy options within find command. it is verified as ASCII text with the file command though.

Level 6

The password for the next level is stored somewhere on the server and has all of the following properties:
  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size
This one is interesting because not only do we need to specify the given parameters in the find command. -user -group -size.. but we should also filter out all of the access denied files in the printout with 2>/dev/null because we will get alot of files otherwise since we are searching the whole server.

Level 7

The password for the next level is stored in the file data.txt next to the word millionth


The password is stored in a file in the current directory so we dont have to find it, but if we can see that it is a big text file when we cat it out, or for example pic i used the head command to list the first -20 lines (first 10 if not specified). 
So we don't want to look through this whole big file. We need to grep through the file for the word millionth.
Grep will print out the whole line of text not just the one word. 
You should pipe the output of the cat command into grep to get the desired result.

Level 8

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once


For this challenge the file is in the current directory and we need to use the uniq command to filter for the line that occurs once. Uniq however only works when the list is already sorted, so we will pipe the output of a sorted list into the input of uniq. the -u tag will list only the unique occurrences

Level 9

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

This file contains a mix of data and we can filter for printable text that's 4 characters or more long by using the strings command, and pipe that into a grep input looking for lines containing '===' 

Level 10

The password for the next level is stored in the file data.txt, which contains base64 encoded data

base64 data is always a multiple of 4 and will have some == for padding to make it a multiple of 4 if not. It only contains certain allowable characters for base64. when we cat the file we can see it is base 64 and use the base64 -d command to decrypt to human readable file with the password. 

Level 11

The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions

A rot13 encoded string can be decoded with a tool downloaded with the command apt install hxtools and this tool set includes more than just rot13, but that is all we will be using for now. We could also use an online tool but i want to use the command line.

The overthewire server does not let you download these tools so i opened up a new terminal page that wasn't connected to the server and downloaded them to my kali machine, copied the text file over to my machine and decoded it with rot13 there.

Level 12

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

To start this one off we make a temp directory in the tmp and copy over the file name it hexdump.. We verify it is a hexdump with head command.
This challenge contains a few different encryption and compression methods. we can get a good understanding of what were dealing with by peering through the contents of the file and also using the file command to list out some information on it. From there we just keep decrypting and de-compressing the file down until we get a standard text file with the password.

Level 13

Level 14

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

I tried a couple different methods for retrieving the password. We need to connect to the specified port on the local host. I did this first with the telnet command. Then the same works with netcat as well.

Level 15

Level 16

Level 17

There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new

NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19

To enter bandit17 we have to save the RSA private key we got from the last task and use it with the -i tag when we ssh into the 17 user. 
ls shows the two files passwords.new and passwords.old
The diff command compares files line by line and gives us the changed line between the 2 files. easy money.

Level 18

The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.

Level 19

Leave a Comment

Your email address will not be published. Required fields are marked *