OverTheWire Wargames: Bandit Levels 0 – 5

Bandit Level 0

Level Goal

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

What is SSH?

The main objective of this level is to learn how to login remotely to another machine via SSH. SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, a secure way to access a remote computer and execute commands over an unsecured network.

SSH connects and logs into the specified destination, which may be specified as either [user@]hostname or a URL of the form ssh://[user@]hostname[:port]. The user must then prove their identity to the remote machine using one of several methods.

NOTE: Use the manual command man to find additional information about a command and how to use it. For example: man ssh will display information on what the command is used for and how to use it along with any possible flags to use with it.

Use SSH to login

To log in via SSH, you need to have the OpenSSH client installed on your local machine. Once you have the client installed, you can use the following command in your terminal:

ssh <username>@<hostname> -p <port number>

First you type the name of the protocol ssh followed by the username and hostname of machine you want to connect to separated by the asperand @. Finally the flag -p stands for port and it will specify which port to connect through. For example, to log in to the bandit0 account on the bandit.labs.overthewire.org server through port 2220, you can use:

ssh bandit0@bandit.labs.overthewire.org -p 2220 or ssh://bandit0@bandit.labs.overthewire.org:2220

You will then be prompted to enter the password for the specified user. In this case, the password for bandit0 is also bandit0.

NOTE: Don’t worry if you don’t see anything while typing the password. The terminal will not display the password. Hit enter as soon as you type it and it will allow you into the server.
Level 0-1 Password:

Bandit0 – bandit0

Bandit level 0 – 1

Level Goal

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Find the readme file and password

Once connected to the machine, navigate through the files to find the password for the next level. To do this, use the command ls which stands for “list directory contents”. It lists information about the files in the current directory. In this case, there is only one file named readme.

To view the contents of a file use the command cat which stands for concatenate followed by the filename. The command is used to concatenate (link) files and print out the standard output. The full command will look like this: cat readme. The terminal should now display the password for level 1-2.

To end the ssh session and return to your machine, use the command exit. The terminal will now display your username and hostname instead of bandit.

Level 1-2 Password:

Bandit1 – NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL

Bandit level 1 – 2

Level Goal

The password for the next level is stored in a file called - located in the home directory

Dashed filename

The name of this level’s file is -. If we try to use the same command cat as the previous level, e.g. cat - we get a different result. Instead of the file’s output, the command will hang until we provide additional input or cancel the action. The reason behind this is that the dash is generally used by commands to specify options and arguments, such as -p for port in the ssh command used previously. The cat command is interpreting the - as standard input (stdin) and not a filename.

NOTE: To cancel a command’s action, press CTRL + C

Dashed filename workaround

To get the desired output we need to prefix the filename with a path. To find the path to the file use the command pwd which stands for print working directory. It will show what file you are currently in. Use the result as the path to the file to see its contents, cat home/bandit1/-.

Another alternative to finding the path to the file would be to simply replace the path with a dot . which represents the current directory in the filesystem. Therefore, cat ./- will also work and output the file’s contents.

Level 2-3 Password:

Bandit2 – rGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi

bandit level 2 – 3

Level Goal

The password for the next level is stored in a file called spaces in this filename located in the home directory

Files with spaces

Something you may have noticed is that Linux doesn’t typically have spaces in its file or directory names. Instead, spaces are replaced by underscores. That doesn’t necessarily mean that spaces are not allowed, it just makes them more difficult to work with. For example, the generic syntax for Linux commands is as follows: 

command [options] argument1 argument2

The arguments are separated by spaces and if you try to use the filename with spaces, it will be treated as separate arguments instead of one. The cat spaces in this filename command does not understand that spaces in this filename is a single argument or file. It will interpret each word as a separate filename.

Cat the “file with spaces”

The workaround for files with spaces is to wrap the entire filename with quotes cat "spaces in this filename" or use a backslash \ to escape each space. The backslash preserves the literal value of the subsequent character cat spaces\ in\ this\ filename.

NOTE: Hitting the TAB key for the filename will also work with spaces and autocomplete the filename with backslashes for you
Level 3-4 Password:

Bandit3 – aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG

Bandit level 3 – 4

Level Goal

The password for the next level is stored in a hidden file in the inhere directory.

There’s hidden files now?

Hidden file names begin with a period and are mainly used for storing configuration files or user settings. They are files you shouldn’t be changing or moving around.

Navigate to the directory

First we need to move into the directory named inhere. To navigate through the file system use the command cd which stands for change directory. The command will change the current directory of the terminal cd inhere.

The ls command is very common and widely used. It lists files and folders within a directory except for hidden files by default. So, when we try to list the contents of the inhere directory, the result comes back blank.

List the hidden files

In order to view the hidden files we need to add an option to the command. The -a or --all option will not ignore entries starting with a period, which are hidden files. The command will look as follows: ls -a. Then cat the file, cat .hidden.

Level 4-5 Password:

Bandit4 – 2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe

Bandit level 4 – 5

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Human-readable file… aliens? 👽

In computing, there are binary data and text based files. All files, whether binary or text, are composed of bytes. The difference between the two is how the bytes are interpreted. Binary files are not human readable and require a special program or hardware that can read and interpret the data inside the file to properly process it. Trying to read the content of these types of files will only result in gibberish: 

4444444444444444144444414444444444444ÿÀ  ¯" ÿÄ                ÿÄ @       !1AQ"aq‘¡± 2BÑðRrÁá#3bñ‚’¢Ó4CSÒÿÄ             ÿÄ          !1Qa"2AÿÚ   ? õˆ˜¦HL Ér*É"ÂLÒ!ˆÑŒ¡ÉÌ:Q?¿Œ ±‰#·
lú×¼k”ª€l~ëýãÜÒ	ˆa¸„À`ѳD’‚H Æ¹CḲ@cÈLRdTŒ"\a q%ÅÜ ˆPE„ƒ¬×î‰r\É·0Äm£´@ EZÀ &m™[!cF.&%®&

Text files contain data that is encoded in a human-readable format and adhere to specific character sets such as ASCII or Unicode.

A way to tell the difference between the two is by looking at a file’s extension. Some examples of binary data file extensions are .jpg, .png, .mp4, .pdf, .doc, .zip, .exe, etc. These file types require programs such as Media Player, Photoshop, and Office to open and process them. Examples of text file extensions are .html, .json, .py, .txt, .rtf, etc. These files can be edited in any text editor program.

Find the type of data in each file

First, cd into the inhere directory and list its contents: ls. There are ten files and the password we are looking for is in the only human-readable file. Therefore, we can use the file command, which performs a series of tests to determine the type of data within a file, to find it file <filename>. We could run the file or cat command ten times for each file, however, this would be very impractical and tedious if there were loads of files.

Since all the files have a similar naming convention with the exception of the number at the end of the file, we can make our life easier with only one command. We can use the * wildcard symbol, which can represent any number of all characters. For example, filename* will match to everything that starts with “filename” and anything after such as “filename01“, “filenamexyz“, “filenameA2” and so on.

Because the file starts with a dash, we need to include the path to the file when running the file command: file ./-file*.

The only human-readable file is the one that contains the ASCII text, -file07. Let’s get the password, cat ./-file07.

Level 5-6 Password:

Bandit5 – lrIWWI6bB37KxfiCQZqUdOIYfr6eEeqR

Leave a Comment

Your email address will not be published. Required fields are marked *