Skip to main content

OverTheWire | Bandit | Levels 01-09

· 6 min read

Summary:

A write-up providing help with the Bandit wargame on the OverTheWire website, consisting of a series of 32 levels, followed by an additional challenge using an 'uppercase shell' trick at Level 33, that covers various Linux and shell scripting topics. The challenges range from basic navigation to more advanced topics like SSH authentication, file permissions, and Git usage.

Wargame Name: Bandit | Difficulty: Easy | OS: Linux

The aim of this walkthrough is to provide help with the Bandit wargame on the OverTheWire website. Please note that no flags or passwords are directly provided here. Only one of the many ways to solve the challenges.

The wargame is available under Bandit wargame.

High-Level Summary:

  • Levels 1-5 | Basic Linux navigation and command-line skills
  • Level 6 | Password guessing (hint: look for passwords in plain text)
  • Level 7 | Stealing files using cp and understanding file permissions
  • Level 8 | Understanding directory permissions and file ownership

Note: Throughout this tutorial/walkthrough the words password and flag are used interchangeably.

Quick intro and start config

Basic idea: finish level x to get level x+1. The general connection via ssh can look like this, where x stands for the current level:

ssh [email protected] -p 2220
SSH connection
Hostbandit.labs.overthewire.org
Port2220

Level 0

Level Goal: The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Solution: After we log in with the provided password, we are greeted with a welcome message providing us with the general game rules and other tips.

# connect to the lab
ssh [email protected] -p 2220

Level 00 -> Level 01

Level Goal: The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Solution: Copy the flag and exit the shell. Use the flag as a password to log into the next level with the appropriate username, bandit1.

# print the file to std out
cat readme
...
# exit the shell
exit

Level 01 -> Level 02

Level Goal: The password for the next level is stored in a file called - located in the home directory.

Solution: Use the dot (.) to specify that the file is located in the current directory.

# print the file to std out
cat ./-

Level 02 -> Level 03

Level Goal: The password for the next level is stored in a file called spaces in this filename located in the home directory.

Solution: Surround the file name with " or ' in order to enable spaces.

# print the file to std out
cat "spaces in this filename"

Level 03 -> Level 04

Level Goal: The password for the next level is stored in a hidden file in the inhere directory.

Solution: List out the files in the current directory. Use the -a option to include hidden files.

# list the files in the current directory (hidden files included)
ls -hla
...
# change directory
cd inhere/
# list the files in the current directory (hidden files included)
ls -hla
...
# print contents of the hidden file to std out
cat .hidden
...
# copy the flag - flag format: (flag)[0-9a-zA-Z]{32}

Level 04 -> Level 05

Level Goal: The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Solution: From now on, we will use ll command instead of using ls -alF command as before. There is an alias already defined for it in the ~/.bashrc file.

# alias for ll is defined in ~/.bashrc
...
alias ll='ls -alF'
...

Again, here is the complete terminal interaction:

# list files
ll
...
# change current directory
cd inhere/
# list files
ll
...
# check the file type for ever file in the directory
file ./-file0*
...
# print the content of the only ASCII text file in the directory
cat ./-file07
# grab the flag
...

Level 05 -> Level 06

Level Goal: The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

Solution: We use the find command to restrict our search.

# only searching in the current directory
find . -size 1033c -type f \! -executable

Level 06 -> Level 07

Level Goal: The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size

Solution: Just like before, we use the find command to restrict our search. Additionally, we discard the error messages by redirecting them to /dev/null.

# searching the entire file system
find / -user bandit7 -group bandit6 -size 33c 2>/dev/null

Level 07 -> Level 08

Level Goal: The password for the next level is stored in the file data.txt next to the word millionth.

Solution: Use the grep command to search the file.

# Use pipes to redirect outputs to program inputs.
cat data.txt | grep millionth

Level 08 -> Level 09

Level Goal: The password for the next level is stored in the file data.txt and is the only line of text that occurs only once.

Solution: Here we first sort the output and then omit the duplicates with the uniq command.

# Use pipes to chain multiple commands one after the other.
cat data.txt | sort | uniq -u