OvertheWire Bandit Walkthrough Level 0–11
OvertheWire is an online security platform that offers wargames to help students and security professionals learn and practice security concepts.
The Bandit wargame is meant for novices. It teaches the fundamental command-line skills that are key to succeeding in cybersecurity.
To get started, go to https://overthewire.org/wargames/bandit
Bandit 0
This level is pretty easy considering all you need to do is SSH into the level on port 2220 with the credentials “bandit0:bandit0” and read a file.
To do this, you’ll need an SSH client. If you’re on Linux or Mac, then you can just type this command into the terminal and hit enter.
If you’re on Windows you can use Putty or SolarPutty. If you’ve decided to use Android, then Termux is your friend.
ssh bandit0@bandit.labs.overthewire.org -p 2220You’ll now be dropped into a Linux shell. Your first move should be to see whether there are any interesting files within the current directory. To do this, simply enter the command “ls” into the terminal. ls is used to show the contents of a directory.
The next thing that you wanna do is read the file to see if it has anything interesting. cat is the command used to read files in Linux so go ahead and cat the file.
You now have the password for the next level.
Bandit 1
This level is very similar to the previous level. The only new thing here is that the file you have to read is named “-”.
While this level seems straightforward, simply passing the file’s name “-” to cat doesn't work. To quit cat, press Control+C.
This is because bash or the “Bourne Again Shell” interprets the “-” as a special character. To overcome this, we simply precede the file’s name with “./”. The dot stands for “current directory” whereas the slash separates the directory from the file(s).
There you go, you found the password for level 2.
Bandit 2
The page for this level says that the file you have to read has spaces in its name. While it may seem simple enough to pass the name as it is to cat, this doesn't work. That's because arguments passed to a program in a shell are separated by spaces. To overcome this hurdle, there are two approaches.
The Quotation Mark Approach:
This is the easiest way to complete this level. Simply pass the name of the file enclosed in single or double quotes to cat.
Note that the opening and closing quotes must be same. You can’t start with single quotes and end with double quotes.
The Backslash Approach:
Although this approach isn’t particularly difficult, it isn’t as straightforward. To complete the level this way, you have to precede each space in the filename with a backslash \ .
This is because bash interprets the backslash as an escape character. Escape characters are used when we want the shell to ignore special characters and interpret them as simple text. In this case, putting the backslash before the spaces prevents them from getting interpreted as spaces. Do keep in mind that the backslash itself is also ignored. If you need to enter a backslash as an input, be sure to precede it with another backslash.
Bandit 3
According to the information provided by the level page, the password for the next level is stored in a hidden file within the “inhere” directory.
To get started, login to the level and cd into "inhere".
You should try listing the files within the directory using ls. This doesn't work because the file is hidden. To view hidden files in Linux, we have to supplement the ls command with the -a switch.
Note that the file “.hidden” starts with a dot. In Linux, if a file’s name starts with a dot then by default it is hidden from view. If you were to view the “inhere” directory in a File Manager, the file would be hidden. Now go ahead and cat the file to get the password.
Bandit 4
The page for the level says that the password for the next level is stored in the only human-readable file in the “inhere” directory. It seems quite straightforward to just cat each file until we get the file with the password but this isn't the most efficient way to do it and as hackers we strive for efficiency.
cd into the "inhere" directory and run ls to see all the files in the current directory.
For completing this level, we’ll need to use the file command. The file command tells us about the nature of the contents of a file. Run it against any given file to see what it says about it.
Note that all of the files have similar names except for the last digit. In order to run file against all these files quickly, we replace the last digit with an asterisk (*). This tells the shell to run file on all files beginning with "./-file0".
The seventh file contains ASCII text which is human readable. Simply cat the file and get the password for the next level.
Bandit 5
The password for the next level is stored in a file beneath the “inhere” directory and the file has the following properties.
- human-readable
- 1033 bytes in size
- not executable
After logging into the level and exploring the directory, you will see that there are a lot of sub-directories and files.
This makes it difficult to simply use file to complete the level. For completing this level, we'll also need to use the find command. As the name implies, it is used to find files. The command needed to find the password is
find inhere/ -type f -size 1033c
How this works:
- The
findcommand looks for files in and below the "inhere" directory. - The
-type fargument tells find to only look for human-readable files. - The
-size 1033cargument tells find to only show files that are 1033 bytes in size.
Bandit 6
In this level, we’re gonna be looking for a file stored somewhere on the system that has the following properties.
- owned by the user bandit7
- owned by the group bandit6
- 33 bytes in size
Like the previous level, we’re gonna be using the find command to complete this level. The command used to find the password containing file is
find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null
How this works:
- The
findcommand looks for files in and below the root directory (/). The root directory is the uppermost directory in Linux filesystems. All sub-directories and files lie below the root directory. - The
-type fargument tells find to look for human-readable files. - The
-user bandit7argument tells find to look for files owned by the user "bandit7". - The
-group bandit6argument tells find to look for files owned by the group "bandit6". This includes all users in the "bandit6" group. - The
size 33ctells find to only look for files that are 33 bytes in size. - The 2>/dev/null prevents errors from being printed.
Note: All the commands and concepts you’ve learned so far will come in handy anytime you deal with a Linux system. So, practice using them.
Bandit 7
In this level, the file containing the password is already given to us. All we have to do is extract the password from it. Upon running cat on the file, you'll get something like this
According to the level information, the password is stored next to the word millionth. To get the password we’ll have to use grep. grep is a command line utility used to search for particular expressions (or simply text) within text files. To use grep, we need to pass two arguments. The text we're searching for and the file we're searching in.
There you go, we just found the password for level 8.
Bandit 8
The password for the next level is in “data.txt” and it is the only line of text that occurs once. To get the password from this file, we’ll need to use sort and uniq. sort is a command used to sort the contents of a text file, line by line. We need to sort this file to be able to extract the password. uniq is a command used for filtering the repeated lines in a file.
We should be able to just use uniq to complete this level but this approach doesn't work. We need to sort the file before passing it to uniq.
To get the password, run this command
cat data.txt | sort | uniq -u
How this works:
- We start by running
caton data.txt to get its contents. Thecatcommand is followed by the pipe ( | ) character. This is a special character that tells bash to pass the output of the command before it to the command after the pipe. In this way, we can process data through multiple programs using a single-line command. - The output of
cat data.txtis passed tosortwhich sorts it and makes it easier foruniqto extract the password. - After the output is sorted, it is piped into
uniq -u. By defaultuniqonly filters the repeated lines which are adjacent to each other. By using the-uargument, we telluniqto remove all duplicates whether they are adjacent or not.
Bandit 9
The password for level 10 is stored in “data.txt” next to a couple of “=” characters. When we try to run grep to get the password, we get this output
This is because the file data.txt contains binary data which is why grep treats it as a binary file. Binary data is not human readable. To overcome this, we'll use strings. strings filters out the human-readable text "strings" from binary files. We'll pipe the output of strings to grep to get the password
strings data.txt | grep =
The password for the next level is on the second last line.
Bandit 10
Just like the last few levels, the password for the next level is stored in data.txt but the contents are Base64 encoded. Encoding is generally used to convert data into a format which can be easily transported between computers or programs. It is also used for data processing purposes such as file conversion. Running cat on the file, we get
To decode the data stored in the file, we’ll be using the base64command with the -d or the --decode parameter which tells base64 to decode the data.
Bandit 11
The password for level 12 is stored in “data.txt” and its alphabetical characters have been rotated by 13 positions. It is encrypted by a substitution cipher known as ROT13. Encryption is a process by which information is encoded into a form called ciphertext. Ideally, encryption prevents unauthorized access to information but ROT13 can be easily decrypted or deciphered. This is because we can simply replace each character by the letter 13 places ahead of it.
For this level, there are two ways to get the password.
Using an online decoder:
We can use Google or any other search engine to look for a ROT13 decoder. I like using rot13.com. Simply copy the text from data.txt and paste it into the rot13 decoder.
After completing these challenges, you should have a decent grip on the Linux command line and the thinking skills required to complete more challenges.
If you have any queries, feel free to contact me via email or hit me up on Twitter.
E-mail: salmanahmed69890@gmail.com
Twitter: @porcupine690
