OverTheWire Wargames and More- Practicing Hacking Legally

You might have heard about CTFs but have you heard of Wargames? Probably not. When I started in this field, I did not find any resource to begin with. But my interest in the field and generous help from my peers, I was able to find a way! Here I am sharing my journey from a noob to umm… still a noob :P but with some more experience in the field! :D.

Intro

I was one of those who get excited by the term “HACKING”. Bollywood movies showing red colored “Access Denied” and “Access Granted” screens fascinated me( Haha, yup that was me! ). That’s when it all started. I came across https://null-byte.wonderhowto.com/ while searching for so called Wi-Fi hacking, the black side of hacking. I wasn’t really fascinated with dictionary attacks but monitor mode, handshakes were something new for me.

1. What are Wargames?

I got to know about Capture The Flags(CTFs) from one of my seniors. I was excited to play them but as a newbie in the field, I wanted to practice more instead of competing with professionals in real time. While searching for things similar to CTFs, I stumbled upon Wargames. Wargames are like CTFs but they are neither time bound nor competitive. Moreover, you can practise them whenever you want. After all the hunt, I finally reached https://overthewire.org/wargames/.

overthewire main page

Without having any prior experience of CTFs and little to no knowledge of bash, Wargames seemed pretty interesting. OverTheWire challenges introduced me to the basics of Linux by a game called Bandit.
Before you jump onto Bandit, a word of caution: They don’t have any login page for saving progress of specific users so do save passwords. Else you will end up like me starting all over again every single time.

2. The laziness push

For connecting to OverTheWire levels, I had to SSH(which is basically a secure method to connect to a server(or another PC) in network) everytime, copy the password of the level and then paste it. But laziness came to my rescue and made me learn shell scripting(so ironic!). This helped me connect to SSH levels by just putting the level number as an argument. (This saves a LOT of time). Also, a hint: use regex for taking the password out and login using sshpass or make something even better if you have it in your hacker mind)

dummy password file

3. Let’s start the “How to Start”

In Bandit, if you don’t have any idea of Linux, don’t worry! Bandit contains hints on starting level that provides commands which can be useful for that level.

Start reading manuals of all the commands by using man.

man <command name>

and try to understand what each command does. During my journey in Cyber Security, I realised that once you come to this field, you need to be open to learning and exposing yourself to new tools and techniques. You don’t have to focus on learning the commands, it will come to you gradually as you start using those commands. You will have an idea about the command by reading the manual so that the next time you need that command for any reason, you just have that in your mind.

The Linux Manual Page

4. VIIIIIIMMMM!!

One more thing which you should be aware of while coming to this field is that when you come to Linux(or the well known KALI you might have heard of), you should learn to use terminal very well like the text editor of Linux terminal is way too powerful. I personally prefer Vim for this. Just install Vim in system, start vimtutor and do as it says. It will be difficult at first but once you start getting comfortable and start using it, it is going to help you a lot. Vim keybindings are used a lot in many platforms. From Linux manual pages to VS-code and even Google Colab which is extensively used for training machine learning models, all of them have vim keybindings in them.

vimtutor

Start reading about Linux commands, regular expressions and Python. Python will come to your rescue in furthur games of OverTheWire challenges. The game levels increase gradually so go in the order. Some of the levels will look repetitive but some levels are mind blowing which will make you think in more creative ways. Always make a note of how you solve those levels. That will help you later as it happened in my case that i know i have seen this kind of challenge before but don’t remember how it was done. These cheat sheets you make are going to come in handy when you see similar challenges but forget how you approached it.

Here is an overview of the OverTheWire games I have completed —

1. Bandit: will help you learn about regex matching, permission and using Linux with Git.
2. Leviathan: you will not be so lucky to have hints. Use whatever you have learned in bandit.
3. Natas: Will introduce you to Web Security basics(this is not an advanced one but if you are a beginner it is good)
4. Krypton: Field of Cryptography(very basic but you are going have some idea and henceforth, Python usage increases)
5. Narnia: Beginning of binary exploitation (goes above my head but I am going to give it a try again)

I have done only till this point(Am I disappointed? Naah!). I have learnt a lot from these games and if you are a beginner in this field I would highly recommend OverTheWire challenges.

Happy Learning! :D