“Over the Wire” : “Bandit” - Walkthrough (level 0-34)

 

OverTheWire is a very good place to learn some of the security concepts in the form of enjoyable wargames.

Bandit is the beginner level where you will learn about how to play wargames. This level requires the use of an SSH client to every level to complete it. As I am familiar with using Open SSH but instead you can use other SSH clients like Putty, MobaXTerm, etc.

Bandit Level 0

Bandit Level 0 → Level 1

As per the instruction in this level, we need to login to the remote host using SSH and find the password for bandit1. 

Where, 

Host: bandit.labs.overthewire.org 

Port: 2220

Challenge link: https://overthewire.org/wargames/bandit/bandit0.html

Username: bandit0

Password: bandit0

1. Logged into bandit0 profile with the following command:

 ssh bandit0@bandit.labs.overthewire.org -p 2220

2. Used ls command to see if I can find anything which will help me to find the password or bandi1, got a “readme” file.

3. Used the cat command to see the content of the file: cat readme and got the password for bandit1

                 

                               Password for the next level: boJ9jbbUNNfktd78OOpsqOltutMc3MY1

-----------------------------------------------------------------------------------------------------------------------------------------------

Bandit Level 1 → Level 2

As per the instruction in this level, we need to read the password for the next level that is stored in a file called ‘-’ located in the home directory.

Where, 

Host: bandit.labs.overthewire.org 

Port: 2220

Challenge link: https://overthewire.org/wargames/bandit/bandit2.html

Username: bandit1

Password: boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Logged into bandit1 profile with the following command:

 ssh bandit1@bandit.labs.overthewire.org -p 2220

After referring to help about how to read the ‘-’ file in linux I came across the solution of using “./” before the ‘-’ file name which helps us to read the content. So I tried the following command:

cat ./- 

and got the password for the next level(bandit2).

                              Password for the next level: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Note: if you directly use cat -, you won't be able to see the content of the dashed file as ‘-’ is mostly used to denote a flag for linux commands for a specific output. You can refer to this blog post by Joseph Gefroh on linux command flags. 

-----------------------------------------------------------------------------------------------------------------------------------------------

Bandit Level 2 → Level 3

As per the instruction in this level, we need to find the password for the next level stored in a file called spaces in this filename located in the home directory

Where, 

Host: bandit.labs.overthewire.org 

Port: 2220

Challenge link: https://overthewire.org/wargames/bandit/bandit2.html

Username: bandit2

Password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Logged into bandi2 profile with the following command:

 ssh bandit2@bandit.labs.overthewire.org -p 2220

After referring to help about how to read the file with spaces in its name in linux, I came across the solution of enclosing the file name between apostrophes in this article. So try the following command: 

cat ‘spaces in this filename’

gave us the password for the next level(bandit3).

        Password for the next level: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Note: In linux you just do cat ‘<initial of the file name, for us, is ‘s’> + tab it will auto-complete your file name enclosed in single inverted commas.

-----------------------------------------------------------------------------------------------------------------------------------------------