Over The Wire: Bandit 0-5

Every craftsman’s gotta practice his craft and the fine folks at Over the Wire have provided Bandit for us to do develop our skills.

In the #bandit tag I’ll be posting my walkthrough of the various levels.

Level 0->1

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

sshpass -p bandit0 ssh bandit0@bandit.labs.overthewire.org -p 2220
copy

Upon shell entry, using ls to list contents reveals the file we’re looking for. cat reveals the flag for next level.

bandit0@bandit:~$ ls
readme
bandit0@bandit:~$ cat readme
NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
bandit0@bandit:~$
copy

NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL

Level 1->2

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

sshpass -p NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL ssh bandit1@bandit.labs.overthewire.org -p 2220
copy

The file - is in the home directory. Because of its filename, it can’t be viewed simply by typing cat because the command is expecting an option as a result of the - filename. But, being more specific, we reveal the flag.

bandit1@bandit:~$ ls
-
bandit1@bandit:~$cat -
^C
bandit1@bandit:~$ cat ./-
rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi
bandit1@bandit:~$
copy

rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi

Level 2->3

The password for the next level is stored in a file called spaces in this filename located in the home directory.

sshpass -p rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi ssh bandit2@bandit.labs.overthewire.org -p 2220
copy

Since linux reads each word seperate by a space as a command or option, we need to tell linux that all the words are a single filename. We need to enclose the filename in a quote.

bandit2@bandit:~$ ls
spaces in the filename
bandit2@bandit:~$ cat 'spaces in the filename'
aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
bandit2@bandit:~$
copy

aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG

Level 3->4

The password for the next level is stored in a hidden file in the inhere directory.

sshpass -p aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG ssh bandit3@bandit.labs.overthewire.org -p 2220
copy

We use the -a option to list the hidden files within a directory.

bandit3@bandit:~/inhere$ ls
bandit3@bandit:~/inhere$ ls -a
. .. .hidden
bandit3@bandit:~/inhere$ cat .hidden
2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
bandit3@bandit:~/inhere$
copy

2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe

Level 4->5

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

sshpass -p 2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe ssh bandit4@bandit.labs.overthewire.org -p 2220
copy

Since everything in linux is a text file containing data of some sort we can use the file command reveal just what kind of data.

bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@bandit:~/inhere$ cat ./-file07
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
bandit4@bandit:~/inhere$ 
copy

lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR