Overthewire Bandit Walkthrough 1–5

This is a writeup of the Overthewire game Bandit. Overthewire is a free platform that teaches you different skill sets needed in security in a capture-the-flag setup. They have multiple war games categorized based on levels of difficulty that focus on more in-depth concepts in Linux. Today, I am reviewing the first suggested war game, Bandit. Finding the password for the next level is the objective of the game. Let’s get started on the first five levels.

Level 0

The first challenge is figuring out how to connect to the secure shell on port 2220. SSH is a Linux command that provides a secure connection over an insecure network. They provide the username to use and a port to connect to. Port 2220 is a UDP protocol used to exchange data between two hosts. That command would usually look like the following:

‘ssh bandit0 bandit.labs.overthewire.org -p 2220’

However, that did not work for me. I needed to add the flag ‘-l’ behind SSH to let the local host know to redirect to the given remote host and port. Therefore, my command looked like this:

‘ssh -l bandit0 bandit.labs.overthewire.org -p 2220’

Level 1

To get to level 1, we find the password stored in a file called readme in the home directory. We can use the command ‘LS’ to let out files in the current directory. However, I typically use ‘ls-al’ as a start because the flag ‘-al’ includes any hidden files.

Next, use the command CAT to read what is on the README file.

Use the command logout to disconnect from this session.

Level 2

To get the password for level 2, you get into a file named ‘-‘. The challenge is that a dash can be used and interpreted differently in the terminal. To read a file that includes this in the name, you have to escape it. You can accomplish this by attaching ‘./‘ before it. The command looks like this:

Cat ./-

Make sure you copy and store that password somewhere for the next level.

Level 3

The password is in a file that includes spaces. Using spaces in filenames is frowned upon because it can be interpreted as different arguments. For example, the command cat this file would be read as ‘cat’ ‘this’ file’ instead of ‘cat’ ‘this file’ and throw an error. There are two ways you can read into a file with spaces included in the name to avoid this error.

1. Cat “spaces in the name”
2. Cat spaces\ in\ this\ filename

Level 4

The password for level 4 is in a hidden directory. We already know how to list hidden files snd directories using the ‘ls-al’ command. Anything hidden in the current directory will appear. Something not mentioned before is the ‘-l’ extension. This extension lists the files in long format, including information like the index number, owner name, group name, size, and permissions. Even though this is irrelevant for this level, it is a good practice to pick up and capture all information upfront.

Below are the commands used to get the password for level 5.

Ls-al

CD inhere

Cat ./hidden

Level 5

The level 5 password is a human-readble file in a hidden directory. A human-readable file means humans can read it and does not require any computer translation. Once we list the files, we can see that they have a naming convention that begins with a dash. This means to read into the file, we have to preface it with ‘./‘, or the terminal will read anything behind the dash as a switch. When we look into the first file, we can see that the information is incomprehensible to the human eye. However, once we move through the files, we find that -file007 contains the password to level 5.