OvertheWire
Bandit Level 0
Level Goal
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
Solution
Use command ssh bandit0@bandit.labs.overthewire.org -p 2220 to log into the game.
Bandit Level 0 → Level 1
Level Goal
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
Solution
Use command ls to displays a list of the names of all files in the current working directory. Then use command cat to display the content of the readme file.
The password is boJ9jbbUNNfktd78OOpsqOltutMc3MY1. After the password for the next level is found, use the command ssh bandit1@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 1 → Level 2
Level Goal
The password for the next level is stored in a file called - located in the home directory.
Solution
Use command ls to displays a list of the names of all files in the current working directory. To open this type of file, we need to specify the full location of the file such as ./- .Use command cat ./- to see the content of the file.
The password is CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9. After the password for the next level is found, use the command ssh bandit2@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 2 → Level 3
Level Goal
The password for the next level is stored in a file called spaces in this filename located in the home directory.
Solution
Use command cat 'spaces in this filename' to read the file as there are spaces in the filename. Use the command cat 'file name' to read a file with spaces in the filename.
The password is UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK.After the password for the next level is found, use the command ssh bandit3@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 3 → Level 4
Level Goal
The password for the next level is stored in a hidden file in the inhere directory.
Solution
Use command cd inhere to change directory to inhere since the hidden file is in inhere directory. When we use only ls to list the files and folders, nothing is shown. Use the -a switch for ls to list all files, including hidden ones. In the contents, there is a file called .hidden. Use command cat .hidden to display the password for the next level.
After the password for the next level is found, use the command ssh bandit4@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 4 → Level 5
Level Goal
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
Solution
Use command cd inhere to change directory to inhere since the human-readable file in the inhere directory. Then, use command ls to list the files and folders. There are 10 files in the inhere directory. Use command file ./-* to display all the file types. As you can see in the picture, -file07 is ASCII text so the password for the next level is in -file07. Use command cat ./-file07 to display the password for the next level.
After the password for the next level is found, use the command ssh bandit5@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 5 → Level 6
Level Goal
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
human-readable
1033 bytes in size
not executable
Solution
Use command cd inhere to change directory to inhere since the password for the next level is stored in a file somewhere under the inhere directory. Then, use the command find . -size 1033c to list the files that are 1033 bytes in size. There is only one file that is 1033 bytes so that is that file that contains the password. Use command cat ./maybehere07/.file2 to display the password for the next level.
After the password for the next level is found, use the command ssh bandit6@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 6 → Level 7
Level Goal
The password for the next level is stored somewhere on the server and has all of the following properties:
owned by user bandit7
owned by group bandit6
33 bytes in size
Solution
Use command find / -user bandit7 -group bandit6 -size 33c 2>/dev/null.
find / = to search the whole system
-user bandit7 = to specify file is owned by user bandit7
-group bandit6 = to specify file belongs to group bandit6
-size 33c = to specify size of the fie is 33 bytes
2>/dev/null = to remove permission denied messages
There is only one file shown which is /var/lib/dpkg/info/bandit7.password . Use cat /var/lib/dpkg/info/bandit7.password command to read the password to the next level.
Bandit Level 7 → Level 8
Level Goal
The password for the next level is stored in the file data.txt next to the word millionth.
Solution
Use command grep 'millionth' data.txt to search the line that contains millionth in data.txt. The password for the next level shown. Then, use the command ssh bandit8@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 8 → Level 9
Level Goal
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once.
Solution
Use command sort data.txt | uniq -u.
sort data.txt = displays the contents of the file however it sorts the file lexicographically by lines (it reorders them alphabetically so that matching ones are together).
| = a pipe that redirects the output from one command into another.
uniq -u = The uniq command reports or omits repeated lines and by passing it the -u argument we tell it to report only unique lines.
The password for the next level shown. Then, use the command ssh bandit9@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 9 → Level 10
Level Goal
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
Solution
Use command strings data.txt | grep “=”
strings =
makes it possible to view the human-readable characters within any file
grep “=” = print each line that matches the pattern
So, the password for the next level is truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk.
Then, use the command ssh bandit10@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 10 → Level 11
Level Goal
The password for the next level is stored in the file data.txt, which contains base64 encoded data.
Solution
Since the file data.txt contains base64 encoded data, we need to decode the file to see the password. Use command base64 -d data.txt. Then, the password is shown. Use the command ssh bandit11@bandit.labs.overthewire.org -p 2220 to log into the next level and continue the game.
Bandit Level 11 → Level 12
Level Goal
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions.
Solution
Since all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions, we need to decode the lower
case and uppercase by rotating the letters back to 13 positions. Use command cat data.txt | tr “A-Za-z” “N-ZA-Mn-za-m”.
case and uppercase by rotating the letters back to 13 positions. Use command cat data.txt | tr “A-Za-z” “N-ZA-Mn-za-m”.
cat data.txt = to display the content of data.txt file
tr “A-Za-z” “N-ZA-Mn-za-m” = tr treat quote arguments as ranges. So “A-Za-z” means "all upper case characters from 'A' to 'Z' inclusive and all lower case 'a' to 'z' inclusive". The second argument is a bit more complicated,“N-ZA-Mn-za-m” means "upper case characters from 'N' to 'Z' inclusive, upper case characters from 'A' to 'M' inclusive, lower-case characters from 'n' to 'z', inclusive and lower-case characters from 'a' to 'm', inclusive".
tr transliterates all input 'a' characters to 'n', 'b' to 'm', 'c' to 'o', etc, up to 'n' characters output as 'z'. 'o' characters in input get output as 'a', 'p' to 'b', 'q' to 'c' and so forth. 'z' characters in input get output as 'l'. Then, Use the command ssh bandit12@bandit.labs.overthewire.org -p 2220 and the password shown to log into the next level and continue the game.