Over the wire: Bandit walkthrough
Level 0:
Log into the system using the provided username, hostname and port
Username:bandit0
Hostname: bandit.labs.overthewire.org
port: 2220
password: bandit0
ssh bandit0@bandit.labs.overthewire.org -p 2220
Level 0–1 :
check the list of files in the pwd directory, you see a readme file, read the file using cat, that’s your password for level1
ls -la
cat reamde
ssh bandit1@bandit.labs.overthewire.org -p 2220
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
Level 1–2 :
check the list of files in the pwd directory, you see a — file, read the file using cat, it’s read using the command cat <-
there’s the password, next level.
ssh bandit2@bandit.labs.overthewire.org -p 2220
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
Level 2–3 :
check the list of files in the pwd directory, you see a file named “spaces in the filename”, read the file using cat, since there are spaces in the name of file, write the name inside double quote.
ls -la
cat “spaces in this filename”
ssh bandit3@bandit.labs.overthewire.org -p 2220
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Level 3–4 :
check the list of files in the pwd directory, you see a inhere directory, go inside it with “cd inhere”, search for files with “ls”, can’t find anything? search for hidden files using “ls -a”.
ls
cd inhere/
ls -a
cat .hidden
ssh bandit4@bandit.labs.overthewire.org -p 2220
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
Level 4–5:
ls
cd inhere/
ls -la
ssh bandit5@bandit.labs.overthewire.org -p 2220
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
Level 5–6 :
check inside inhere, lots of directories, confused? find the file using the properties of the file that is known.
- human-readable
- 1033 bytes in size
- not executable
See find man page if confused, Here’s the man page.
find -type f -size 1033c ! -executable
Log onto the next one now
ssh bandit6@bandit.labs.overthewire.org -p 2220
P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
Level 6–7 :
now here it starts to get a bit complicated, there is no direct files or any directories in bandit06 directory. To find the file we gotta use the hint:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
we can use find like last time to find a file with conditions again visit Here’s the man page if you have any questions.
Now we will be using the command
find / -user bandit7 -group bandit6 -size 33c
it’s easy to understand,
find searches the file
/ location to search the file in
-user bandit7 which user owns the file
-group bandit6 which group owns the file
-size 33c the size of file
doing this, a lot of file shows up but all of them except for one shows permission denied, so that’s the file
abnow all we need to do is get inside /var/lib/dpkg/info/, and see what’s inside the bandit7.password file
cd /var/lib/dpkg/info/
cat bandit7.password
that’s the password for bandit7, hop onto it.
[there’s a better option to do this step, without having to see all those error messages, google it, it’s by adding something like 2>/dev/null at the end of find code]
ssh bandit7@bandit.labs.overthewire.org -p 2220
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
Level 7–8 :
This one’s quiite easy as well. there is a data.txt file in our pwd directory, read it and there is overflow of data, check the hints,
The password for the next level is stored in the file data.txt next to the word millionth
the passowrd is next to word millionth aka in the same line.
So using cat, grep and pipelining, check their respective man and documentation pages if help needed.
cat data.txt | grep millionth
Now log into next bandit level
ssh bandit8@bandit.labs.overthewire.org -p 2220
TESKZC0XvTetK0S9xNwm25STk5iWrBvP
Level 8–9 :
This one’s quiite easy as well. there is a data.txt file in our pwd directory, read it and there is overflow of data, check the hints,
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
there are many lines in the file but most of them are in random order and are duplicated/repeated. Let’s sort the data, and only find the line which is unique in the file.
So using sort, pipelining and uniq . Check this article for better understanding about this more.
sort data.txt | uniq -u
Now log into next bandit level
ssh bandit9@bandit.labs.overthewire.org -p 2220
EN632PlfYiZbn3PhVK3XOGSlNInNE00t
Level 9–10 :
This one’s not so easy . There is a data.txt file in our pwd directory, read it and there is overflow of data(mostly unreadable ones), check the hints,
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
there are many lines in the file and the password must be followed by =.
So using grep, strings, and pipelining .
cat data.txt | strings | grep “=”
Now log into next bandit level
ssh bandit10@bandit.labs.overthewire.org -p 2220
G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s
Level 10–11 :
This one’s easy as well. In the owd, we find data.txt and as per our hint:
The password for the next level is stored in the file data.txt, which contains base64 encoded data
Let’s just decode it using base64 -d.
So using cat, base64 and pipelining .
cat data.txt | base64 -d
Now log into next bandit level
ssh bandit11@bandit.labs.overthewire.org -p 2220
6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM
Level 11–12 :
This one’s easy as well. In the pwd, we find data.txt and as per our hint:
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
It’s encoded using rot13 algorithm, it’s easy to decode.
cat data.txt | tr ‘a-zA-Z’ ‘n-za-mN-ZA-N’
ssh bandit12@bandit.labs.overthewire.org -p 2220
JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv
Level 12–13 :
This one’s not so easy a. In the pwd, we find data.txt which is a hex dump and as per our hint:
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv.
First let’s make a folder inside /tmp, and copy the file there
mkdir /tmp/new
cp data.txt /tmp/new
Let’s decipher the hex dump with following commands.
xxd -r data.txt > test
cat test
file test
The following file has been decoded and now it turns out to be binary file, and it was decompressed by using gzip so let’s unzip it, first we wil add .gz extension to file then unzip it with the following commands.
mv test test.gz
gunzip test.gz
ls
cat test
file test
We used mv to rename the file and add an extension., then we gunzip the zipped file,
we hvae the file test, as it was before being compressed by gzip.
Keep on decompressing, checking filetype until you get a human readable file.
after some while, i got a file which was in ASCII format.
ssh bandit14@bandit.labs.overthewire.org -p 2220
wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw
Level 13–14 :
This one’s require knowledge related to ssh, but it’s easy, maybe the one of the easiest:
ssh -i sshkey.private bandit14@bandit.labs.overthewire.org -p 2220
Level 14–15 :
Now, let’s access local host port 30000 using netcat and submit this password.
And we got our next password
ssh bandit15@bandit.labs.overthewire.org -p 2220
jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt
Level 15–16 :
Now, let’s access local host port 30000 using netcat and submit this password.
And we got our next password
ssh bandit16@bandit.labs.overthewire.org -p 2220
JQttfApK4SeyHwDlI9SXGR50qclOAil1
Level 16–17:
Manually checming them:
In a certain port among them, appeared a familar part of output:
Enter the password, and it generates RSA key for next time, it will be saved as sshkey.rpivate in your pwd
ssh -i sshkey.private bandit17@bandit.labs.overthewire.org -p 2220
Level 17–18:
ssh bandit18@bandit.labs.overthewire.org -p 2220
hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg
Level 18–19:
ssh bandit19@bandit.labs.overthewire.org -p 2220
awhqfNnAbc1naukrpqDYcF95h7HoMTrC
Bandit 19–20:
ssh bandit20@bandit.labs.overthewire.org -p 2220
VxCazJaVykI6W36BkBU0mJTCM8rR95XT
Bandit 20–21:
