OverTheWire - Bandit Walkthrough - Levels 0-9 :: thanoskoutr

OverTheWire’s wargames are offered to help learn and practice security concepts in the form of fun-filled games.

The Bandit wargame is aimed at absolute beginners and will teach them the basics needed to be able to play other wargames. All the challenges are focused on the Linux systems and their commands. It aims to get the player familiar with the Linux terminal and introduce some basic security concepts.

It consists of a total of 33 Levels. At each level, you have to find the password for the next level to continue playing. Each Level is a user that you connect as, using SSH in the bandit.labs.overthewire.org server.

In this post, we will present the solutions for Levels 0-9 of the Bandit wargame.

See the solutions for the next Levels 10-19

NOTE: These walkthroughs are written and published to help other members of the community that are stuck at some Level. It is strongly advised to first try the challenges yourself until you can progress no more, and only then come back here to see the solution.

Level 0

Level Goal

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

The goal of this level is to log into the game using SSH. You can use SSH from a computer using any operating system:

Windows
macOS
Linux

Solution

It is best to use a Linux distribution, to practice the things you learn in each challenge but it is not required. There are many guides on how to use SSH on Windows. For Linux and macOS users, you can simply use the ssh utility that is available from your terminal.

The host which we need to connect is bandit.labs.overthewire.org and the port is 2220. We can use the -p flag to define the port we want to connect to. The username is bandit0 and the password is also bandit0.

ssh -p 2220 bandit0@bandit.labs.overthewire.org

Password: bandit0

We can find a readme file in our home directory. If we cat it we can see the password for the next level:

bandit0@bandit:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Level 1

Level Goal

The password for the next level is stored in a file called - located in the home directory

Solution

ssh -p 2220 bandit1@bandit.labs.overthewire.org

Run cat with redirection in order to read from the - file as stdin:

bandit1@bandit:~$ cat < -
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Level 2

Level Goal

The password for the next level is stored in a file called spaces in this filename located in the home directory

Solution

ssh -p 2220 bandit2@bandit.labs.overthewire.org

Run cat to the spaces in this filename file using backslashes to escape spaces:

bandit2@bandit:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Level 3

Level Goal

The password for the next level is stored in a hidden file in the inhere directory.

Solution

ssh -p 2220 bandit3@bandit.labs.overthewire.org

Run ls -a in order to listen all files in the ~/inhere directory:

bandit3@bandit:~$ ls -a inhere/
.  ..  .hidden

Run cat to see the contents of the hidden file in ~/inhere/.hidden:

bandit3@bandit:~$ cat inhere/.hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Level 4

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the reset command.

Solution

ssh -p 2220 bandit4@bandit.labs.overthewire.org

Run cat on -file07 starting with -- in order to escape the filename that starts with a dash:

bandit4@bandit:~$ cd inhere/
bandit4@bandit:~/inhere$ cat -- -file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Alternatively, you can run cat with the full path of the file without caring about the dash:

bandit4@bandit:~$ cat ~/inhere/-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Level 5

Level Goal

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

human-readable

1033 bytes in size

not executable

Solution

ssh -p 2220 bandit5@bandit.labs.overthewire.org

We use find to find all files with a size of 1033 bytes:

bandit5@bandit:~$ find ~/inhere -size 1033c
/home/bandit5/inhere/maybehere07/.file2

And we run cat on the found file:

bandit5@bandit:~$ cat /home/bandit5/inhere/maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Level 6

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

owned by user bandit7

owned by group bandit6

33 bytes in size

Solution

ssh -p 2220 bandit6@bandit.labs.overthewire.org

We use find to find all files with these properties and we use grep to filter out all the files that we don’t have permissions:

bandit6@bandit:~$ find / -size 33c -user bandit7 -group bandit6 2>&1 | grep -v 'Permission denied'
find: ‘/proc/16190/task/16190/fd/6’: No such file or directory
find: ‘/proc/16190/task/16190/fdinfo/6’: No such file or directory
find: ‘/proc/16190/fd/5’: No such file or directory
find: ‘/proc/16190/fdinfo/5’: No such file or directory
/var/lib/dpkg/info/bandit7.password

And we run cat on the found file:

bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Level 7

Level Goal

The password for the next level is stored in the file data.txt next to the word millionth.

Solution

ssh -p 2220 bandit7@bandit.labs.overthewire.org

So we use grep in order to find the password:

bandit7@bandit:~$ grep millionth data.txt
millionth	cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Level 8

Level Goal

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once.

Solution

ssh -p 2220 bandit8@bandit.labs.overthewire.org

We need to sort the lines using sort and to find the only line that is not a duplicate using uniq:

bandit8@bandit:~$ sort data.txt | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Level 9

Level Goal

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

Solution

ssh -p 2220 bandit9@bandit.labs.overthewire.org

We use strings in order to strip out all the binary code and leave only the text, and then we grep with the equal characters:

bandit9@bandit:~$ strings data.txt | grep ==
========== the*2i"4
========== password
Z)========== is
&========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk