OverTheWire - Bandit - Level 0 -> Level 5
Description
Hello l33ts, I hope you are doing well. We are going to start Bandit series from OverTheWire. The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. The goal in this games is to retrieve a string, that’s going to be the password for the next game. Whenever you find a password for a level, use it to log into that level with SSH.
Level 0 -> Level 1
GOAL
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
SOLUTION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
$ ssh bandit0@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit0@bandit.labs.overthewire.org's password:
Linux bandit.otw.local 5.4.8 x86_64 GNU/Linux
,----.. ,----, .---.
/ / \ ,/ .`| /. ./|
/ . : ,` .' : .--'. ' ;
. / ;. \ ; ; / /__./ \ : |
. ; / ` ; .'___,/ ,' .--'. ' \' .
; | ; \ ; | | : | /___/ \ | ' '
| : | ; | ' ; |.'; ; ; \ \; :
. | ' ' ' : `----' | | \ ; ` |
' ; \; / | ' : ; . \ .\ ;
\ \ ', / | | ' \ \ ' \ |
; : / ' : | : ' |--"
\ \ .' ; |.' \ \ ;
www. `---` ver '---' he '---" ire.org
Welcome to OverTheWire!
If you find any problems, please report them to Steven or morla on
irc.overthewire.org.
--[ Playing the games ]--
Enjoy your stay!
bandit0@bandit:~$
We list the content of the current directory, we find a file called readme, we read it and we get the password.
1
2
3
4
5
6
7
8
9
10
11
bandit0@bandit:~$ ls -al
total 24
drwxr-xr-x 2 root root 4096 May 7 2020 .
drwxr-xr-x 41 root root 4096 May 7 2020 ..
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
-rw-r----- 1 bandit1 bandit0 33 May 7 2020 readme
bandit0@bandit:~$ cat readme
boJ9jbbUNNfktd78OOpsqOlxxxxxxxxx
bandit0@bandit:~$
Level 1 -> Level 2
GOAL
The password for the next level is stored in a file called - located in the home directory
SOLUTION
1
2
3
4
5
6
7
8
9
$ ssh bandit1@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit1@bandit.labs.overthewire.org's password:
bandit1@bandit:~$ ls
-
bandit1@bandit:~$ cat -
We can’t read it the normal way. We search for this problem, and find we can read it using cat ./-
1
2
3
bandit1@bandit:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHzxxxxxxxxx
bandit1@bandit:~$
Level 2 -> Level 3
GOAL
The password for the next level is stored in a file called spaces in this filename located in the home directory
SOLUTION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ ssh bandit2@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit2@bandit.labs.overthewire.org's password:
bandit2@bandit:~$ ls -al
total 24
drwxr-xr-x 2 root root 4096 May 7 2020 .
drwxr-xr-x 41 root root 4096 May 7 2020 ..
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
-rw-r----- 1 bandit3 bandit2 33 May 7 2020 spaces in this filename
bandit2@bandit:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5xxx
bandit2@bandit:~$
Level 3 -> Level 4
GOAL
The password for the next level is stored in a hidden file in the inhere directory.
SOLUTION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
$ ssh bandit3@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit3@bandit.labs.overthewire.org's password:
bandit3@bandit:~$ cd inhere/
bandit3@bandit:~/inhere$ ls
bandit3@bandit:~/inhere$ ls -al
total 12
drwxr-xr-x 2 root root 4096 May 7 2020 .
drwxr-xr-x 3 root root 4096 May 7 2020 ..
-rw-r----- 1 bandit4 bandit3 33 May 7 2020 .hidden
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFxxx
bandit3@bandit:~/inhere$
Level 4 -> Level 5
GOAL
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
SOLUTION
1
2
3
4
5
6
7
8
9
10
11
$ ssh bandit4@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit4@bandit.labs.overthewire.org's password:
bandit4@bandit:~$ ls
inhere
bandit4@bandit:~$ cd inhere/
bandit4@bandit:~/inhere$ ls
-file00 -file01 -file02 -file03 -file04 -file05 -file06 -file07 -file08 -file09
bandit4@bandit:~/inhere$ cat ./-file00
/`2ғ%rL~5gbandit4@bandit:~/inhere$
We get some weird data when we try to read the file, let’s list the type of every file with the command file
1
2
3
4
5
6
7
8
9
10
11
12
13
14
bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@bandit:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAxxx
bandit4@bandit:~/inhere$
Thank you for taking the time to read my writeup, I hope you have learned something with this, if you have any questions or comments, please feel free to reach out to me. See you in the next hack :) .