OverTheWire Bandit Challenges Writeups (From Level0 to Level20→21)
The purpose of this blog
This is my first time blogging 😊. And in this blog, I want to share how I have practiced my Linux Command using a website called overthewire.org.
What is overthewire.org?
It is a website that provides challenges that help learning Linux commands and cybersecurity concepts.
The challenges in overthewire.org are divided into many groups such as Bandit, Natas, Leviathan and so on.
In this blog, I am writing writeups for Bandit challenges which are focused on Linux Command.
Prerequisite
Although the Bandit challenges homepage says that Bandit is aimed at absolute beginners, in my opinion, you need to know what Linux is and how to use it a little bit before jumping into the challenges.
You should learn Linux a little bit first before playing Bandits. This YouTube playlist will help you.
You can play this game via Windows, Linux-based or Mac OS computer.
So, here are the key takeaways from this prerequisite section:
- Learn Linux from this first.
- And be patient and take breaks. You will get stuck and that’s okay! 😉
- For better learning experience, try to spend few days on each difficult challenge before looking at the writeups.
Bandit Level 0 😀
Level Goal:
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
Helpful Reading Material:
Prerequisite to solve this challenge:
You need to know these first:
- What is SSH?
- How to connect to other computer using SSH.
You can refer the Helpful Reading Material section of the challenge or just Google it.
Solution:
Step 1: Connect to Bandit0 and enter the password.
And that’s it. You solved level 0.
Bandit Level 0 → Level 1 😄
Level Goal:
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
Commands you may need to solve this level:
ls, cd, cat, file, du, find
Prerequisite to solve this challenge:
You need to know how to use ls and cat command. By now, you should have known how to use ls and cat after learning Linux from Prerequisite section above.
Solution:
And the password for Bandit1 is boJ9jbbUNNfktd78OOpsqOltutMc3MY1
Bandit Level 1 → Level 2 😁
Level Goal:
The password for the next level is stored in a file called - located in the home directory
Commands you may need to solve this level:
ls, cd, cat, file, du, find
Helpful Reading Material:
Google Search for “dashed filename”
Advanced Bash-scripting Guide — Chapter 3 — Special Characters
Prerequisite to solve this challenge:
You need to know how to read dashed filename. You can click on the 1st link in Helpful Reading Material provided by the challenge
Solution:
Bandit Level 2 → Level 3 😆
Level Goal:
The password for the next level is stored in a file called spaces in this filename located in the home directory
Commands you may need to solve this level:
ls, cd, cat, file, du, find
Helpful Reading Material:
Prerequisite to solve this challenge:
You need to know how to open a file that has spaces in its name. Just google as told by the challenge’s Reading Material.
Solution:
Bandit Level 3 → Level 4 😅
Level Goal:
The password for the next level is stored in a hidden file in the inhere directory.
Commands you may need to solve this level:
ls, cd, cat, file, du, find
Prerequisite to solve this challenge:
You need to know these:
- How to change directory(folder) using cd command
- How to list hidden files using ls command
Solution:
-a option in the ls command means list all.
Bandit Level 4 → Level 5 😂
Level Goal:
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
Commands you may need to solve this level:
ls, cd, cat, file, du, find
Prerequisite to solve this challenge:
You need to know:
- file command which is used to show file type
Solution:
Bandit Level 5 → Level 6 🤣
Level Goal:
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
human-readable
1033 bytes in size
not executable
Commands you may need to solve this level:
ls, cd, cat, file, du, find
Prerequisite to solve this challenge:
You need to know how to use find command
Solution:
- -type f = find regular file
- -size 1033c = find file of size 1033 bytes
- -exec file {} \; = execute file command on each found file, to see if it is ASCII text (human readable)
Bandit Level 6 → Level 7 😊
Level Goal:
The password for the next level is stored somewhere on the server and has all of the following properties:owned by user bandit7
owned by group bandit6
33 bytes in size
Commands you may need to solve this level:
ls, cd, cat, file, du, find, grep
Prerequisite to solve this challenge:
You need to know how to use:
- find command
- /dev/null file to discard unwanted error message
- Understand data streams for Linux command/program. Have a look here.
Solution:
- find / = to find stuff from the root directory (/)
- For -type and -size, you already know from the previous level.
- -user bandit7 = to find file owned by user bandit7
- -group bandit6 = to find file owned by group bandit6
- 2>/dev/null = Number 2 represents the error stream which carries error message and we just redirect all error message into /dev/null.
Bandit Level 7 → Level 8 🙃
Level Goal:
The password for the next level is stored in the file data.txt next to the word millionthCommands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
Prerequisite to solve this challenge:
You need to know how to use grep command to search for patterns or words in a file.
Solution:
Bandit Level 8 → Level 9 🤩
Level Goal:
The password for the next level is stored in the file data.txt and is the only line of text that occurs only onceCommands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxdHelpful Reading Material:
Prerequisite to solve this challenge:
You need to know:
- Piping and redirection of data in Linux Command. Read from Helpful Reading Material of the challenge!
- sort command = to sort strings in the file
- uniq command = to output the the string that occurs only once
Solution:
- sort data.txt = It sorts all string in data.txt in alphabetical order.
- uniq -u = uniq alone will output all string once which means that even if the strings have redundancy right below/above it, it will output it once only. Therefore, the output from only uniq command will show a lot of strings. If -u is applied, it will find the strings that have no redundancy.
Bandit Level 9 → Level 10 🥳
Level Goal:
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
Prerequisite to solve this challenge:
You need to know:
- strings command in order to output all the strings in a file.
- grep command to search for ‘=’ sign.
Solution:
Bandit Level 10 → Level 11 😏
Level Goal:
The password for the next level is stored in the file data.txt, which contains base64 encoded dataCommands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxdHelpful Reading Material:
Base64 on Wikipedia
Prerequisite to solve this challenge:
You need to know:
- What is Base64? (Read from wikipedia or search youtube)
- base64 command
Solution:
Bandit Level 11 → Level 12 🤪
Level Goal:
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
Helpful Reading Material:
Prerequisite to solve this challenge:
You need to know:
- What is ROT13?
- tr command to do ROT13 encryption/decryption?
Solution:
Bandit Level 12 → Level 13 🤨
Level Goal:
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, file
Helpful Reading Material:
Prerequisite to solve this challenge:
You need to know:
- What is a hexdump?
- What is compression?
- What is archive file in Linux?
- mkdir command to make a new directory
- cp command to copy a file to another directory.
- xxd command to convert hexdump back to normal file
- gzip command to decompress .gz file
- bzip2 command to decompress bzip file
- tar command to extract archive file
- mv command to change file to its proper file extension in order to do compression.
Solution:
repeat compression and changing file extension until file gives ASCII as output like below:
Bandit Level 13 → Level 14 🧐
Level Goal:
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
Commands you may need to solve this level:
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material:
Prerequisite to solve this challenge:
You need to know:
- what SSH keys is and how it works. This may help.
- how to connect to SSH server using ssh key
Solution:
You will be logged in as user bandit14
Bandit Level 14 → Level 15 🤓
Level Goal:
The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
Commands you may need to solve this level:
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material:
How the Internet works in 5 minutes (YouTube) (Not completely accurate, but good enough for beginners)
Prerequisite to solve this challenge:
You need to know:
- nc command to start a TCP connection
Solution:
Bandit Level 15 → Level 16 😎
Level Goal:
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
Commands you may need to solve this level:
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material:
Prerequisite to solve this challenge:
You need to know:
- What is SSL/TLS?
- opensll s_client command
Solution:
Scroll down and paste in bandit15’s password:
Bandit Level 16 → Level 17 🤩
Level Goal:
The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
Commands you may need to solve this level:
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material:
Prerequisite to solve this challenge:
You need to know:
- What is a port scanner? What is it used for?
- nmap command
Solution:
- nmap -sV = port scan and determine the name of found services and their version.
- -p 31000–32000 = port range from 31000 to 32000
- Connect to service on port 31790 using openssl command like previous level
- Once connected, paste in bandit16’s password
- You’ll get an SSH private key:
- Create a temporary folder using mkdir command
- Create a file using nano command and paste the private key in it
- Change the privatekey file permission to read only to avoid too open error when connect to bandit17 using SSH:
- Once logged in as bandit17, cat the password
- Answer is : xLYVMN9WE5zQ5vHacb0sZEVqbrp7nBTn
Bandit Level 17 → Level 18 😢
Level Goal:
There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new
NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19
Commands you may need to solve this level:
cat, grep, ls, diff
Prerequisite to solve this challenge:
- diff command
Solution:
Can you guess which one is the answer?
Bandit Level 18 → Level 19 🤗
Level Goal:
The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.
Commands you may need to solve this level:
ssh, ls, cat
Prerequisite to solve this challenge:
You need to know how to write command at the same time with ssh.
Solution:
- run: ssh bandit18@bandit.labs.overthewire.org -p 2220 ls
- You will get a readme file and kicked out right away:
- run: ssh bandit18@bandit.labs.overthewire.org -p 2220 cat readme
- You will get the password.
Bandit Level 19 → Level 20 🤔
Level Goal:
To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.
Helpful Reading Material:
Prerequisite to solve this challenge:
You need to know:
- What is effective user? (It is basically the current user)
- whoami command to check effective user
Solution:
- Execute the given binary file in order to become bandit20 user and read the password:
Bandit Level 20 → Level 21 🤭
Level Goal:
There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).
NOTE: Try connecting to your own network daemon to see if it works as you think
Commands you may need to solve this level:
ssh, nc, cat, bash, screen, tmux, Unix ‘job control’ (bg, fg, jobs, &, CTRL-Z, …)
Prerequisite to solve this challenge:
You need to know:
- nc command to set up a TCP server
- tmux to open multiple screen of the same user. This might be helpful.
Solution:
- run tmux
- Once you press enter, you’ll see a green bar at the buttom (you are having one window now, create another using ctrl+b then press c):
- You can navigate between those 2 windows using ctrl+b then press a number
- On one screen, make a TCP server:
- On another screen, execute suconnect file and give the port number (ex: 41815) as the argument:
- You’ll see a connection message at the server screen like below:
- At the server side, send the password of the last level back to the client:
- And you’ll get reply back as a new password.