Overthewire : Bandit — Level 0 Through 5 - CyberSec Nerds

Overthewire : Bandit — Level 0 Through 5

Today, we will play a wargame from OverTheWire called Bandit that has a collection of 34 levels. Absolute beginners are the target audience. It teaches the basics of most Linux commands in a fun and challenging way. To play this war-game, go to their website by clicking here.

In this and upcoming related articles, I will be providing the complete walkthrough of all 34 levels in the Bandit wargame.

Objective

To find that password file which will give us access to the next level.

Note: I have written this article to help the readers to get help if they have stuck at some level in the Bandit wargame. However, we strongly recommend that you only read this tutorial in case you couldn’t find any way to move on in this game. Otherwise, try to solve the challenges on your own, it will surely improve your skills.

Level 0

This is a pretty simple level. It teaches us to connect to a host using SSH. This is going to teach players the usage of SSH command.

From reading the instruction page, we are provided with these information about the level:

Host to connect: bandit.labs.overthewire.org
Port: 2220
Username: bandit0
Password: bandit0

We used the above details to login using ssh as shown in the given image.

This level doesn’t require anything else other than logging in. Time to move on to the next level!

Level 0 ➜ Level 1

The goal of this level is to find the password for the next level which is stored in a file called readme located in the home directory.

Now, from the bandit0 shell, we need to find the password for logging as the next user. To find that, we are going to list files in the directory. Our target is to find a file named readme. After finding that file, we need to read the password stored inside that file.

We use the ls command to list the files in the current directory. We found the readme file. Now to read the password we will use the cat command. After that, we are going to use this password to login into the next level i.e. Level 1 using SSH.

Level 1 ➜ Level 2

From the instruction page and information from previous level, these are the details we have got to login for Level 1:

Host to connect: bandit.labs.overthewire.org
Port: 2220
Username: bandit1
Password: boJ9jbbUNNfktd78OOpsqOltutMc3MY1

We are informed that the password for the next level is stored inside a file named -(hyphen). So, to find it we use the ls command. Now comes the part where we have to read the file. As the file is named -(hyphen) we won’t be able to read it simply by cat command. As cat command considers -(hyphen) as stdin/Stout. If we directly use cat command, it won’t be able to understand that hyphen is a file name.

So what we need is to prefix the filename with the path ./, This will help us to read the password stored as shown in the given figure. Since we found the password for the user bandit2. We will use it to get an SSH connection as bandit2 in the next level.

Level 2 ➜ Level 3

From the instruction page and information from previous level, these are the details we have got to login for Level 2:

Host to connect: bandit.labs.overthewire.org
Port: 2220
Username: bandit2
Password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

It is said that the password for next level is stored inside a file named spaces in this filename. So, to find it we use the ls command. Now comes the part where we have to read the file. As there are spaces inside this filename, we won’t be able to read it simply by cat command. As cat command reads files name only until space as it considers space as null ‘/0’. 

What we can do now is to precede every spaces in the filename with \ symbol which will make the space to be treated like normal character [not a special character]. Now we have found the password for the user bandit3. We will use it to get an SSH connection in the next level.

Level 3 ➜ Level 4

From the instruction page and information from previous level, these are the details we have got to login for Level 3:

Host to connect: bandit.labs.overthewire.org
Port: 2220
Username: bandit3
Password: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

It is said that the password for the next level is stored in a file inside a directory named inhere. Now, after traversing inside inhere directory we run ls command but can’t find any file.  Now it might be the case that the file is hidden.

So, we run ls command with -al parameter. It lists all files including the hidden one. And we found the .hidden file. In Linux, the file with a dot(.) in front of the name of the file makes it hidden. Now we would simply use the cat command to read the password stored in the file. Since we found the password for the user bandit4. We will use it to get an SSH connection in the next level.

Level 4 ➜ Level 5

From the instruction page and information from previous level, these are the details we have got to login for Level 4:

Host to connect: bandit.labs.overthewire.org
Port: 2220
Username: bandit4
Password: pIwrPrtPN36QITSp3EQaw936yaFoFgAB

It is said that the password for the next level is stored inside a human-readable file. So, to find it we use the ls command. Now, after traversing inside inhere directory we run ls command again. This gives us a bunch of files as shown in the image. We will use the file command to get the information about the files.

From files command, we now know that the file07 contains ASCII text. It is mostly readable text. So, let’s read it using cat command. This gives us the password for the next level. We will use it to get an SSH connection as bandit5.

Level 5 ➜ Level 6

From the instruction page and information from previous level, these are the details we have got to login for Level 4:

Host to connect: bandit.labs.overthewire.org
Port: 2220
Username: bandit5
Password: koReBOKuIDDepwhWk7jZC0RTdopnAYKh 

It is said that the password for the next level is stored inside a directory named inhere.  Now, after traversing inside inhere directory we run ls command again. This gives us a bunch of files as shown in the image. The properties of the file that we need to find are: human-readable, 1033 bytes in size and not executable.

We will use find command to search for the file with the given properties. You may have a look at its manual that contains a myriad of parameters. We will use -size parameter to match the bytes of the file, -executable and -type as shown in the figure below.

We now know that the password file is ./maybehere07/.file2. So, let’s read it using cat command. This gives us the password for the next level. We will use it to get an SSH connection as bandit6.

You can find the next article (from Level 6 to 12) in the follow-up series of OverTheWire Bandit CTF Walkthrough here. See you guys there.

Kiran Dawadi

Founder of cybersecnerds.com. Electronics Engineer by profession, Security Engineer by passion. I am a Linux Enthusiast and highly interested in the offensive side of the CyberSec industry. You will find me reading InfoSec blogs most of the time.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments