blog banner

Solving OverTheWire Wargames – Bandit | Levels 0-10

Bandit is one of the most played wargames, which is suitable for absolute beginners in the field of cybersecurity. Feel free to jump on https://overthewire.org/wargames/bandit/ anytime to start playing. In case you get stuck at any point in the game, you can refer to the guide given below. Although, I’d highly recommend you to try to solve it yourself before having a look at the solutions/flags.

Let’s begin with the challenge.

Bandit Level 0 is just a basic introduction of how you can connect to their game server using ssh. While using the ssh command, I’ve used the -p flag to specify the port number.

ssh bandit0@bandit.labs.overthewire.org -p 2220

The password for entering Level 1 is in a file called readme. So, to open up the readme file, we can use the cat command.

Remember: To switch between the levels, you’ll have to execute the exit command and then use the ssh command, like we did for level 0.

Moving on to Level 1, we can find the password for level 2 in a file called -.

That one was easy, wasn’t it? Okay, so coming to level 2, we have a file called spaces in this filename. You can simply execute the cat command for reading files with spaces in their names.

Now that we have our password for level 3, we have moved towards hidden files. There’s a hidden file in a directory named inhere. Always remember that the names of all the hidden files start off with a ..

Moving forward to level 4, we have a human-readable file in the inhere directory, which means that it should inhibit ASCII text.

On level 5, we have a file, again in the inhere directory, which is human-readable, 1033 bytes in size and not executable.

You can use -readable, -executable and -size, respectively.

On level 6, the password is stored in a file, that is owned by user bandit7, group bandit6 and is 33 bytes in size.

For level 7, we have a file with messed up text, but our password for level 8 is stored right next to the word “millionth”. For this level, we can use the grep command.

Level 8 has the file data.txt, in which the password is stored for level 9. The challenge here is to get the password, which is the only unique line in this file.

For level 9, we have human readable strings with several “=” signs.

Jumping straight to the tenth level, we have our password for the next level encoded in base64. So, for that we can use the command base64.

So let’s wrap it up for the first part of Bandit. In case of any queries, feel free to drop them in the comments. For the next part, I’ll be solving the next 10 levels and posting them soon, so stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked *