Open in app

Sign in

Write

Sign in

OverTheWire: [Bandit]

Level 1–17

Aayan Tiwari
6 min readOct 6, 2023

This game was designed in a CTF format to help learn the basics of Linux. Completing this wargame will also prepare for advanced levels of wargames. Bandit teaches the basics of most Linux commands in a fun and challenging way. To play this war-game, go to the Bandit website by clicking here.

SSH

username: bandit0

password: bandit0

Bandit 0

“ls” command was executed to check for any valuable files. The result indicated the presence of a file called “readme.” The command “cat readme” was ran and the password was found.

Bandit 1

The next password was stored in a file named “-.” After logging into the account and using the “ls” command, the presence of file was observed. Subsequently, “cat ./-” command was executed to access its contents.

Bandit 2

The password for the next user was stored in a file called spaces in this filename. “ cat “spaces in this filename” was ran and the next password was received.

Bandit 3

The password was stored in a hidden file in the inhere directory. I ran “ls” to see what files and directories there are and then I ran “cd” to move into the inhere folder. Then ls was ran but no directories or file were present so ‘ls -la’ was ran to see if there were any hidden files. It was found that a file named .hidden was present and ‘cat .hidden’ showed us the password.

Bandit 4

The file was human readable and as we know after running file ./* showed us the content present in all the files. ASCII text was the only readable file so the password was found then.

Bandit 5

As per the file characteristics, find command was executed with the type being f (file) and size as 1033 bytes as well as not executable. The file found was .file2 and the password was found in it.

Bandit 6

The file was owned by bandit7 and group was bandit6 with the file size being 33 bytes. Redirecting the error to /dev/null, the file was at /var/lib/dpkg/info and the name was bandit7.password

Bandit 7

File named ‘data.txt’ was found with multiple lines but as the password was next to the word millionth, millionth was selected by grep after printing the content with cat, the password was found.

Bandit 8

Data being unique in data.txt, sort data.txt | uniq -u was used so that only unique data will print out.

Bandit 9

The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.

According to the hint, the file contains both strings and binary data which can make it difficult to read. so the character = was selected after running strings on that file.

Bandit 10

The data.txt contains 1 line that was encoded in base64. In order to decode the file, base64 -d data.txt was ran.

Bandit 11

The data.txt file contains 1 line that had been encrypted with the ROT13 algorithm. In order to decrypt it, a procedure was followed by the individual to replace every letter by the letter 13 positions ahead. To decrypt the line, the following command was executed:

cat data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'

Bandit 12

data.txt was a hexdump of a file that has been repeatedly compressed. The hexdump was reversed using xxd and data1 was set as output. data1 was gzip compressed so gzip was used to decompress and similarly studying the file type decompression was carried out which ultimately led to ASCII text.

Bandit 13

The password for the next level was stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level.

Bandit 14

The password for the next level could be obtained by submitting the password of the current level to port 30000 on localhost.

According to the hint, it was necessary to connect to port 30000 on localhost, and a string containing the current password had to be sent. To accomplish this, a connection was established by running the command “nc localhost 30000,” and once the connection was established, the password for bandit14 was pasted.

Bandit 15

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Bandit 16

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption. Nmap was used to find the running port and openssl was ran to connect to that port. Pasting the password of bandit16 gave us private key to SSH server.

Giving permission 600 using chmod which means owner can write and read the file but everyone else cannot.

Using the private key to login, we are logged in as bandit17.

Bandit 17

The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new ‘diff passwords.new passwords.old’ helped us find the lines changed in both files.

To be continued….

Overthewire
Bandit
Bandit Walkthrough
Ctf
Linux

--

--

Aayan Tiwari

Written by Aayan Tiwari

31 Followers

Cybersec student at Coventry University

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams