Play with wargame — Bandit 0–10

Bandit image from google

OverTheWire is truly a cool staff, which offer several challenges for you to practice server-side exploitation.

OverTheWire: Wargames

Regrettably, I never free myself to finish those series carefully and record them somewhere. This time, I won’t let it go. Consider that I am pretty an novice, content below will seem kinda of redundant. Anyway, here we go.

Level 0

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0

Of course this one is indeed a Check-in

Using ssh -p 2220 bandit0@bandit.labs.overthewire.orgto finish it

Level 1

The password for the next level is stored in a file called - located in the home directory

You can see that the password file is there, safe and sound

files in bandit1

However, this specialized filename seems meaningful and you cannot simply cat it. Let’s find out why through the manual.

The cat utility reads files sequentially, writing them to the standard output. The file operands are processed in command-line order. If file is a single dash (`-`) or absent, cat reads from the standard input. If file is a UNIX domain socket, cat connects to it and then reads it until EOF. This complements the UNIX domain binding capability available is inetd(8).

Well, that make sense if you know commands like cat | ./someprog which allows you to transfer standard input to a program.

Anyway, just use cat ./- to pass it

Level 2

The password for the next level is stored in a file called spaces in this filename located in the home directory

I just think of what this challenge want to tell us. Perhaps it just want us know that some specific characters like space need a / in commands

Thanks for current shell’s automatic completion

Level 3

The password for the next level is stored in a hidden file in the inhere directory.

There will always be some special hidden file in Unix system, starting with .

Using ls -a and we can get it

Level 4

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

The introduction is weird and when you open the folder you can see 10 files like below.

reset instruction is really cool which can reactive the shell. But clear is much suitable for me.

Learn some basic shell script can help to solve this

for((i=0;i<10;i++));do cat './-file'$i; echo '\n'; done

Level 5

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
- human-readable
- 1033 bytes in size
- not executable

Well this challenge will be truly tedious if done by hand. we should figure out some clever solution.

Considering those three clues offered, we finally get commands like

find ./ -size 1033c and /myabehere07/.file2 is our target

Level 6

The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size

Seems another find and parameters game. Read the manual of find carefully and we can try with instruction like

find / -size 33c -readble -group bandit6 -user bandit7

The answer is located in /var/lib/dpkg/info/bandit7.password

Level 7

The password for the next level is stored in the file data.txt next to the word millionth

Starting from this challenge. The hint becomes to

grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Seems we have to deal with string tricks and some compression staffs.

We try cat data.txt | grep millionth and succeed.

Level 8

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

The very direct feeling is to delete lines that are duplicated.

This challenge held up me for a while. For I haven’t carefully read the description of uniq

Filter adjacent  matching  lines  from INPUT (or standard input), writing to OUTPUT (or standard output).

That is to say if two identical lines are split by other lines. This instruction won’t do much

The answer should be

sort data.txt | uniq -u

Level 9

The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.

Begin with several ‘=’? This definitely refer to the regex expression.

Try with cat data.txt | grep -a "==="

Here -a for processing this binary file

Level 10

The password for the next level is stored in the file data.txt, which contains base64 encoded data

That was simple. Though I usually encode/decode base64 using python scripts.

base64 -d ./data.txt