Bandit Writeup
- Level 0
- Level 0 -> Level 1
- Level 1 -> Level 2
- Level 2 -> Level 3
- Level 3 -> Level 4
- Level 4 -> Level 5
- Level 5 -> Level 6
- Level 6 -> Level 7
- Level 7 -> Level 8
- Level 8 -> Level 9
- Level 9 -> Level 10
- Level 10 -> Level 11
- Level 11 -> Level 12
- Level 12 -> Level 13
- Level 13 -> Level 14
- Level 14 -> Level 15
Table of Contents
- Level 0
- The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
Commands you may need to solve this level:
ssh
Helpful Reading Material
Secure Shell (SSH) on Wikipedia
How to use SSH on wikiHow
- Level 0 -> Level 1
- The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
Commands you may need to solve this level:
ls, cd, cat, file, du, find
$ ssh bandit0@bandit.labs.overthewire.org -p 2220
$ ls
$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
- Level 1 -> Level 2
- The password for the next level is stored in a file called - located in the home directory
Commands you may need to solve this level:
ls, cd, cat, file, du, find
Helpful Reading Material
Google Search for “dashed filename”
Advanced Bash-scripting Guide - Chapter 3 - Special Characters
$ ssh bandit1@bandit.labs.overthewire.org -p 2220
$ ls -la
$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
- Level 2 -> Level 3
- The password for the next level is stored in a file called spaces in this filename located in the home directory
Commands you may need to solve this level:
ls, cd, cat, file, du, find
Helpful Reading Material
Google Search for “spaces in filename”
$ ssh bandit2@bandit.labs.overthewire.org -p 2220
$ ls -la
$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
- Level 3 -> Level 4
- The password for the next level is stored in a hidden file in the inhere directory.
Commands you may need to solve this level:
ls, cd, cat, file, du, find
$ ssh bandit3@bandit.labs.overthewire.org -p 2220
$ cd inehere/
$ ls -la
$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
- Level 4 -> Level 5
- The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
Commands you may need to solve this level:
ls, cd, cat, file, du, find
$ ssh bandit4@bandit.labs.overthewire.org -p 2220
$ cd inehere/
$ ls -la
$ file -- *
$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
- Level 5 -> Level 6
- The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
human-readable
1033 bytes in size
not executable
Commands you may need to solve this level:
ls, cd, cat, file, du, find
$ ssh bandit5@bandit.labs.overthewire.org -p 2220
$ cd inhere/
$ ls -laR
$ find -type f -size 1033c
# some others variants can be:
# - $ cat $(find . -size 1033c))
# - $ find . -size 1033c -exec cat {} \;)
$ cat maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7h
- Level 6 -> Level 7
- The password for the next level is stored somewhere on the server and has all of the following properties:
owned by user bandit7
owned by group bandit6
33 bytes in size
Commands you may need to solve this level:
ls, cd, cat, file, du, find, grep
$ ssh bandit6@bandit.labs.overthewire.org -p 2220
$ find / -size 33c -group bandit6 -user bandit7
$ cat ./var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
- Level 7 -> Level 8
- The password for the next level is stored in the file data.txt next to the word millionth
Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
$ ssh bandit7@bandit.labs.overthewire.org -p 2220
$ ls -la
$ cat data.txt | find millionth
cvX2JJa4CFALtqS87jk27qwqGhBM9plV
- Level 8 -> Level 9
- The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
$ ssh bandit8@bandit.labs.overthewire.org -p 2220
$ ls -la
$ sort data.txt | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
- Level 9 -> Level 10
- The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.
Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
$ ssh bandit9@bandit.labs.overthewire.org -p 2220
$ ls -la
$ strings data.txt | grep ==
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
- Level 10 -> Level 11
- The password for the next level is stored in the file data.txt, which contains base64 encoded data
Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
Helpful Reading Material
Base64 on Wikipedia
$ ssh bandit10@bandit.labs.overthewire.org -p 2220
$ ls -la
$ cat data.txt | base64 -d
# $ base64 -d data.txt
IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
- Level 11 -> Level 12
- The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
Helpful Reading Material
Rot13 on Wikipedia
$ ssh bandit11@bandit.labs.overthewire.org -p 2220
$ ls -la
$ cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'
5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
- Level 12 -> Level 13
- The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
Commands you may need to solve this level:
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, file
Helpful Reading Material
Hex dump on Wikipedia
$ ssh bandit12@bandit.labs.overthewire.org -p 2220
$ mkdir /tmp/myfolder
$ cp data.txt /tmp/myfolder
$ cd /tmp/myfolder
$ xxd -r data.txt data.bin
$ zcat data.bin | bzcat | zcat| tar xO | tar xO | bzcat | tar xO | zcat
# Tips: use the command 'file -' at each step to identify what command use next
# -$ zcat data.bin | bzcat | zcat| tar xO | tar xO | bzcat | tar xO | file -)
8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
- Level 13 -> Level 14
- The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
Commands you may need to solve this level:
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material
SSH/OpenSSH/Keys
$ ssh bandit13@bandit.labs.overthewire.org -p 2220
$ ssh bandit14@localhost -i ~/sshkey.private
$ cat /etc/bandit_pass/bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
- Level 14 -> Level 15
- The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
Commands you may need to solve this level:
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material
IP Addresses
IP Address on Wikipedia
Localhost on Wikipedia
Ports
Port (computer networking) on Wikipedia
$ ssh bandit14@bandit.labs.overthewire.org -p 2220
$ telnet localhost 30000
# use the password: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
BfMYroe26WYalil77FoDi9qh59eK5xNr