in ,

OverTheWire Bandit – Level 0 – 6

The OverTheWire Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.

Link: https://overthewire.org/wargames/bandit/

This wargame is focused on Linux essentials and is a great way to learn and practice your Linux skills.

Note for beginners

This game, like most other games, is organized in levels. You start at Level 0 and try to “beat” or “finish” it. Finishing a level results in information on how to start the next level. The pages on this website for “Level <X>” contain information on how to start level X from the previous level. E.g. The page for Level 1 has information on how to gain access from Level 0 to Level 1. All levels in this game have a page on this website, and they are all linked to from the side menu on the left of this page.

You will encounter many situations in which you have no idea what you are supposed to do. Don’t panic! Don’t give up! The purpose of this game is for you to learn the basics. Part of learning the basics, is reading a lot of new information.

There are several things you can try when you are unsure how to continue:

  • First, if you know a command, but don’t know how to use it, try the manual (man page) by entering “man <command>” (without the quotes). e.g. if you know about the “ls” command, type: man ls. The “man” command also has a manual, try it. Press q to quit the man command.
  • Second, if there is no man page, the command might be a shell built-in. In that case use the “help <X>” command. E.g. help cd
  • Also, your favorite search-engine is your friend. Learn how to use it! I recommend Google

Level 0 – 1

Level Goal

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Commands you may need to solve this level

ls, cd, cat, file, du, find

 

We can get started by logging in to the server via SSH with the following command:

ssh [email protected] -p 2220

After logging in, we can list the content of the current directory, where we discover a readme file. We can use the cat utility to print out the content of the file.

 

The readme file contains the password for the next level.

 

Level 1 – 2

Level Goal

The password for the next level is stored in a file called located in the home directory

Commands you may need to solve this level

ls, cd, cat, file, du, find

Helpful Reading Material

We can now log in with the password found in the previous level. After loggin in, we discover that there is a file called “-“. We can use the cat utility to display the content of the file by running the following command:

We can now log in to the next level.

 

Level 2 – 3

Level Goal

The password for the next level is stored in a file called spaces in this filename located in the home directory

Commands you may need to solve this level

ls, cd, cat, file, du, find

Helpful Reading Material

After logging in, we can list out the content of the current working directory. We discover that we have a file with spaces in the file name. We can use the cat utility to print out the content of the file by running the following command:

We can now log in to the next level.

 

Level 3 – 4

Level Goal

The password for the next level is stored in a hidden file in the inhere directory.

Commands you may need to solve this level

ls, cd, cat, file, du, find

 

After logging in, we can list out the content of the current working directory. We discover that we have a directory titled “inhere”. We can move in to the directory and list out the content of the directory.

This reveals a .dot file, we can use the cat utility to display the content of the file by running the following command:

 

Level 4 – 5

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Commands you may need to solve this level

ls, cd, cat, file, du, find

After logging in, we can list out the content of the current working directory. We discover that we have a directory titled “inhere”. We can move in to the directory and list out the content of the directory.

We discover that we have 9 files, as per the goal of this level, the password is stored in a human-readable file. In order to find the file with this particular attribute, we can use the find utility and the grep utility to identify ASCII strings:

We can now use the cat utility to display the content of “-file07”.

 

Level 5 – 6

Level Goal

The password for the next level is stored in a file somewhere under the inhere directory and has all the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

Commands you may need to solve this level

ls, cd, cat, file, du, find

 

As per the level goals, we are required to find a file with a particular set of attributes, we can utilize the find utility to locate the desired file:

This reveals that the file that matches the parameters is “.file2” found under the “maybehere07” directory.

 

Cybertalk – EP8 – Better Bug Bounty Hunting & Reverse Engineering

Cybertalk – EP9 – AI In Cyber Security, Bug Bounties & Reverse Engineering