Bandit is one of the most played wargames, which is suitable for absolute beginners in the field of cybersecurity. Feel free to jump on https://overthewire.org/wargames/bandit/ anytime to start playing. In case you get stuck at any point in the game, you can refer to the guide given below. Although, I’d highly recommend you to try to solve it yourself before having a look at the solutions/flags.
Let’s begin with the challenge.
Bandit Level 0 is just a basic introduction of how you can connect to their game server using ssh. While using the ssh command, I’ve used the
-p flag to specify the port number.
ssh firstname.lastname@example.org -p 2220
The password for entering Level 1 is in a file called
readme. So, to open up the readme file, we can use the
Remember: To switch between the levels, you’ll have to execute the
exit command and then use the
ssh command, like we did for level 0.
Moving on to Level 1, we can find the password for level 2 in a file called
That one was easy, wasn’t it? Okay, so coming to level 2, we have a file called
spaces in this filename. You can simply execute the
cat command for reading files with spaces in their names.
Now that we have our password for level 3, we have moved towards hidden files. There’s a hidden file in a directory named
inhere. Always remember that the names of all the hidden files start off with a
Moving forward to level 4, we have a human-readable file in the
inhere directory, which means that it should inhibit ASCII text.
On level 5, we have a file, again in the inhere directory, which is human-readable, 1033 bytes in size and not executable.
You can use
On level 6, the password is stored in a file, that is owned by user bandit7, group bandit6 and is 33 bytes in size.
For level 7, we have a file with messed up text, but our password for level 8 is stored right next to the word “millionth”. For this level, we can use the
Level 8 has the file data.txt, in which the password is stored for level 9. The challenge here is to get the password, which is the only unique line in this file.
For level 9, we have human readable strings with several “=” signs.
Jumping straight to the tenth level, we have our password for the next level encoded in base64. So, for that we can use the command
So let’s wrap it up for the first part of Bandit. In case of any queries, feel free to drop them in the comments. For the next part, I’ll be solving the next 10 levels and posting them soon, so stay tuned!
Neel Adwani (or neeltron) is your friendly neighborhood techie, a coder, traveler, stargazer and as you all know, a blogger. He has an endless range of interests in a commendable number of fields. He is an introvert, so don’t mess with him. He’s open to suggestions and criticism, though.