What is OverTheWire?
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
What is OverTheWire Bandit?
The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.
To get started with the wargames, you need to use SSH to connect to the OverTheWire bandit servers, you can do this by using SSH clients on both Windows and Linux. The preferred SSH client for Windows is Putty and the preferred client for Linux is OpenSSH.
You can install the OpenSSH client on Linux by running the following command:
sudo apt-get install openssh-client
Alternatively, if you are running an Arch-based distribution you can run the following command with pacman:
sudo pacman -S openssh
After you have an SSH client installed you can connect to the OverTheWire Bandit server by using the following syntax.
ssh username@address -p <port>
Level 0 – 1
We can get started with level 0 by connecting to the server with the following credentials:
We can connect to the server via SSH with the following syntax:
ssh firstname.lastname@example.org -p 2220
After authenticating with the server, we should have access as bandit0. After listing the files in the current working directory, we are greeted with a readme file. We get the password for the next level by displaying the content of the file.
Level 1 – 2
The objective for this level is to display the content of a file called -. After displaying the content of the file with cat, we get the password for the next level.
Level 2 – 3
The objective for this level is to display the content of a file with spaces in the filename. We can use cat to display the content of the file as shown in the screenshot below.
Level 3 – 4
The password for level 4 can be found in the inhere directory. After listing the files in the directory, we are greeted with a dot file called .hidden. We can use cat to display the content of the file to get the next password.
Level 4 – 5
This level involves finding a human-readable file stored in the inhere directory. We can utilize the find command in conjunction with the xargs utility. This will display the files in the directory and their type. In this case, we find that the only human-readable file in the directory is -file07. We can use cat to display the content of the file to get the password for the next level.
Level 5 – 6
This level involves finding a file in the inhere directory with specific parameters:
- Is human-readable
- 1033 bytes in size
- not executable
We can utilize the find command with specific arguments tailored to the specific characteristics of the file we are looking for.
find . -type -f -size 1033c ! -executable
After running the command, we find that the file that matches the search parameters is .file2. We can display the content of the file with cat to get the password for the next level.
Level 6 – 7
Similar to level 5, this level involves finding a file on the server with specific parameters and ownership permissions:
- Owner by user bandit7
- owned by group bandit6
- 33 bytes in size
We can use the find command with the following options and parameters to fine-tune our results.
find / -type f -user bandit7 -group bandit6 -size 33c
After running the command we find the file that we were looking for.