Skip to main content

OverTheWire | Bandit | Level 00

· 4 min read

Summary:

A write-up providing help with the Bandit wargame on the OverTheWire website, consisting of a series of 32 levels, followed by an additional challenge using an 'uppercase shell' trick at Level 33, that covers various Linux and shell scripting topics. The challenges range from basic navigation to more advanced topics like SSH authentication, file permissions, and Git usage.

Wargame Name: Bandit | Difficulty: Easy | OS: Linux

The aim of this walkthrough is to provide help with the Bandit wargame on the OverTheWire website. Please note that no flags or passwords are directly provided here. Only one of the many ways to solve the challenges.

The wargame is available under Bandit wargame.

High-Level Summary:

  • Levels 1-5 | Basic Linux navigation and command-line skills
  • Level 6 | Password guessing (hint: look for passwords in plain text)
  • Level 7 | Stealing files using cp and understanding file permissions
  • Level 8 | Understanding directory permissions and file ownership
  • Level 9 | Using ssh-keygen to generate public keys and SSH into a server
  • Level 10-12 | More password guessing and using SSH key authentication
  • Level 13 | Stealing files from another user's home directory
  • Level 14 | Understanding the /etc/passwd file and extracting passwords
  • Level 15-16 | Using sudo to gain root privileges and understand permissions
  • Level 17 | Stealing a password using SSH key authentication
  • Level 18 | Creating a new SSH key pair for authentication
  • Level 19-20 | Understanding user ID (UID) and group ID (GID)
  • Level 21 | Using crontab to schedule tasks at specific times
  • Level 22-23 | Understanding cron jobs, shell variables, and environment variables
  • Level 24 | Stealing a password from another user's crontab file
  • Level 25-26 | Understanding SSH public key authentication and stealing passwords
  • Level 27 | Using netcat to establish a connection between two servers
  • Level 28-29 | Understanding the /etc/hosts file and using DNS lookups
  • Level 29 | Stealing a password from another user's git repository
  • Level 30 | Stealing a password from another user's git repository
  • Level 31 | Creating a new SSH key pair for authentication
  • Level 32 | Using git to push changes to a remote repository

Note: Throughout this tutorial/walkthrough the words password and flag are used interchangeably.

Quick intro and start config

Basic idea: finish level x to get level x+1. The general connection via ssh can look like this, where x stands for the current level:

ssh [email protected] -p 2220
SSH connection
Hostbandit.labs.overthewire.org
Port2220