“Over the Wire” : “Bandit” - Walkthrough (level 0-34)
OverTheWire is a very good place to learn some of the security concepts in the form of enjoyable wargames.
Bandit is the beginner level where you will learn about how to play wargames. This level requires the use of an SSH client to every level to complete it. As I am familiar with using Open SSH but instead you can use other SSH clients like Putty, MobaXTerm, etc.
Bandit Level 0
Bandit Level 0 → Level 1
As per the instruction in this level, we need to login to the remote host using SSH and find the password for bandit1.
Where,
Host: bandit.labs.overthewire.org
Port: 2220
Challenge link: https://overthewire.org/wargames/bandit/bandit0.html
Username: bandit0
Password: bandit0
Logged into bandit0 profile with the following command:
ssh bandit0@bandit.labs.overthewire.org -p 2220
Used ls command to see if I can find anything which will help me to find the password or bandi1, got a “readme” file.
Used the cat command to see the content of the file: cat readme and got the password for bandit1
Password for the next level: boJ9jbbUNNfktd78OOpsqOltutMc3MY1
-----------------------------------------------------------------------------------------------------------------------------------------------
Bandit Level 1 → Level 2
As per the instruction in this level, we need to read the password for the next level that is stored in a file called ‘-’ located in the home directory.
Where,
Host: bandit.labs.overthewire.org
Port: 2220
Challenge link: https://overthewire.org/wargames/bandit/bandit2.html
Username: bandit1
Password: boJ9jbbUNNfktd78OOpsqOltutMc3MY1
Logged into bandit1 profile with the following command:
ssh bandit1@bandit.labs.overthewire.org -p 2220
After referring to help about how to read the ‘-’ file in linux I came across the solution of using “./” before the ‘-’ file name which helps us to read the content. So I tried the following command:
cat ./-
and got the password for the next level(bandit2).
Note: if you directly use cat -, you won't be able to see the content of the dashed file as ‘-’ is mostly used to denote a flag for linux commands for a specific output. You can refer to this blog post by Joseph Gefroh on linux command flags.
-----------------------------------------------------------------------------------------------------------------------------------------------
Bandit Level 2 → Level 3
As per the instruction in this level, we need to find the password for the next level stored in a file called spaces in this filename located in the home directory
Where,
Host: bandit.labs.overthewire.org
Port: 2220
Challenge link: https://overthewire.org/wargames/bandit/bandit2.html
Username: bandit2
Password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
Logged into bandi2 profile with the following command:
ssh bandit2@bandit.labs.overthewire.org -p 2220
After referring to help about how to read the file with spaces in its name in linux, I came across the solution of enclosing the file name between apostrophes in this article. So try the following command:
cat ‘spaces in this filename’
gave us the password for the next level(bandit3).
Password for the next level: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Note: In linux you just do cat ‘<initial of the file name, for us, is ‘s’> + tab it will auto-complete your file name enclosed in single inverted commas.
-----------------------------------------------------------------------------------------------------------------------------------------------
Comments
Post a Comment