Are you new to Linux? Would you like to learn Linux commands and basic shell navigation? Or maybe you know Linux commands, and are confident with the Command Line, and want to brush up on your skills?
Regardless of your skill level, the game Bandit is a great way to practice. It is a fun ‘scavenger hunt’ of sorts where you use a terminal to search for a specific password that is used to log in to each sequential level.
The game can be found on the OverTheWire site where their homepage houses many similar and challenging cyber games that were created to teach Linux Fundamentals and problem-solving skills that could benefit you along your cyber journey.
I have enjoyed this game several times and I always find it fun to brush up on my skills. I have, from time to time, gotten stuck on certain levels and returned to various walk-throughs. Unfortunately when I have returned to some of my favorite tutorials, I have noticed they are no longer available. Throughout this page, I will be going over the solutions for Bandit Levels, in an effort to preserve any needed tutorials or explanations.
This introductory level provides you with the login credentials required to access the OverTheWire server where the game is stored.
“The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.”
We are given four crucial pieces of information:
- Domain: bandit.labs.overthewire.org
- Port: 2220
- Username: bandit0
- Password: bandit0
For each sequential level, the username relates to the corresponding level. (ie. bandit1 is the username for Level 1.) To access the Bandit server, you need to use the terminal and SSH in with the following syntax:
- ssh bandit0@bandit.labs.overthewire.org -p 2220
When prompted for a password, enter: bandit0
You should now be able to see all files from level 0. Keep in mind, you are searching for the password to Level 1. Run the ‘ls’ command to see what files are listed. You should see a file titled, ‘readme’. To display the contents of this file, you can run the ‘cat’ command. Use the command with the following syntax: ‘cat readme’. The password should be displayed like this: NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
Now that we have the password we can exit out of the active SSH session and we can re-enter using the next username and the newly found password.
Similar to the last syntax, we SSH in with the new username:
- ssh bandit1@bandit.labs.overthewire.org -p 2220
- Password: NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
After successfully logging in, we can list files with the ‘ls’ command. We see that there is a file with the name ‘-‘.
Linux doesn’t love filenames that start with dashes because command options usually start with a dash. If you try to type a filename that starts with a dash, the command line might think you’re trying to type a command option.
To successfully run a command in this case, you will need to specify the filepath. For the immediate/local filepath you will need to call upon the file using ./[filename] so running the ‘file’ command, will look like this: file ./-
Running that command will tell you what kind of file the ‘-‘ file is. It should say it is an ASCII Text file. This means you can display the contents of said file by using the ‘cat’ command. Run the following command: cat ./-
Displaying the output of the file should give us the password: rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi
SSH in using the bandit2 username and the newfound password.
- ssh bandit2@bandit.labs.overthewire.org -p 2220
- Password: rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi
Running the command ‘ls’ to list files shows us one file titled, ‘spaces in this filename’. Checking to see what kind of file it is, we must run the following: file “spaces in this filename” This reveals its an ASCII Text file. To properly display the contents of the file, we need to run the command ‘cat’. But running ‘cat’ on: spaces in this filename, gives us an error. To ensure that Linux is not interpreting multiple words as multiple files, we need to enclose the filename in quotations.
- cat “spaces in this filename”
- cat spaces\ in\ this\ filename
Either of these syntaxes should properly cat the file, revealing the password to be: aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
SSH in using the bandit3 username and the newfound password.
- ssh bandit3@bandit.labs.overthewire.org -p 2220
- Password: aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
Running ‘ls’ shows you a directory titled, ‘inhere’. Run ‘cd inhere’ to Change Directory to the specified directory. Then list the files using the ‘ls’ command. No results will be returned to the ‘ls’ command. Now if we add the command option ‘-a’ to ls, altogether: ‘ls -a’, we should see a file titled: ‘.hidden’.
In Linux, when naming files, you can create ‘hidden’ files by adding a period to the beginning of the filename. Using a GUI, with default settings, you would not be able to see the file. Via terminal, all it takes is for us to list files with the option -a enabled. This displays hidden files.
Run the command ‘cat .hidden’ to reveal the following password: 2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
SSH in using the bandit4 username and the newfound password.
- ssh bandit4@bandit.labs.overthewire.org -p 2220
- Password: 2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
Running ‘ls’ shows a directory titled ‘inhere’. If we descend into that directory and we run ‘ls’ again, we see 10 files with similar titles.
Now you can take the time to cat each individual file (keep in mind that dashed files prevent normal catting) by typing ‘cat ./-file##’ to each numbered file.
Or if we look back at the commands that were provided we can see ‘file’. If we run the file command with a wildcard after it (*) we can see what each type of file is. Try running: file ./-file*
This shows us that -file07 is the only ASCII text file. Cat the file and it gives us the next password: lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
SSH in using the bandit4 username and the newfound password.
- ssh bandit5@bandit.labs.overthewire.org -p 2220
- Password: lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
Once in, if we run ls and look around we notice a similar directory to the last level. Descend into the directory and we see there are SEVERAL directories. If we refer back to the commands that are mentioned on the Overthewire page, we see that ‘find’ is mentioned. Also we can see that the password we are looking for is:
- human-readable
- 1033 bytes in size
- not executable
We can search for a file that is 1033 bytes in size by entering the following command: find -size 1033c
Running this command shows us that there is a single file that meets the size criteria for the password we are looking for. Cat the specified file, and we get password: P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
- ssh bandit6@bandit.labs.overthewire.org -p 2220
- Password: P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
Running ls shows us no files. However the Overthewire page tells us the following details about the password:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
If we run the find command with the parameters included (yes all of them) we will end up with the following command:
find / -user bandit7 -group bandit6 -size 33c
If you only specify the size, like the previous level, there are too many results to discern the actual answer. However if you run the command above, you will see all the results say ‘Permission Denied’ EXCEPT for one single file. This file is titled, ‘bandit7.password’ and it is located in /var/lib/dpkg/info/
Cat the file in /var/lib/dpkg/info/bandit7.password, and you get the following password: z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
To Be Continued…
Greyson's Tech Blog 