I had some energy for doing some bandit levels today and I thought it would be nice to share all bandit levels with you. As always, I’m not gonna spoil it for you with passwords, this is just a walkthrough. My coffee is ready, so let’s dig in.
Bandit Level 0
The sole goal of this level is to learn how to connect to another server using ssh. There are four relevant points here. We need the Host name / Site’s IP Address / Domain Name / Server Address, Username, Password and Port Number.
For this level our Host name is: bandit.labs.overthewire.org
Port Number: 2220
Let’s connect to the server and log into the game. The syntax we need is the following: ssh username@hostname -p Port Number
If you’ve done it right, you’ll be asked a password and you just have to type bandit0.
Enjoy your stay!
Bandit Level 0 → 1
For this level you should learn some unix commands, especially the ls and cat commands. For me, as a beginner, the most important command in Unix is –help. So as always, I just type ls –help and it tells me the usage and that ls shows the list information about the files. There is only a file named “readme”. For reading a file we need the “cat” command, which is for ….. cat –help concatenating the files. I love it how every command is kind of an abbreviation. Now you just need to type cat and the name of the file you want to read. Wow! Here is our password. OK, that was easy, let’s jump on the next level.
A quick tip, before passing to level 2: always save the passwords on a sticky note.
Bandit Level 1 → 2
After connecting to this server the same way as we’ve done on bandit 0, we list the files (ls) and see there is a file named “-“. Let’s try to cat the file the way we already know. Nothing happens, it requires an input. So there is probably another way to concatenate a file named “-“. First of all do ctrl + C to get out of that madness. cat –help gives us nothing, sad… OK, let’s google it, because… another wise thought alert, if you have a problem, it means somewhere in the world someone should have had that problem as well and most probably there is a solution for that. I found this.
Problem is solved. We have the password for the next level. Saaaaaavviiiing it and going to the next level.
Bandit Level 2 → 3
Hah! This is fun. We have a file that is literally named “spaces in this filename”. There should be way to help the system to understand that “spaces in this filename” is just a file, not four files.
-Hello Google, how to cat a file that has spaces in the name
-Hello coffee, here are about 20,100,000 results (0.57 seconds)
-You are such a show off, but thanks
So it turned out you need quoting AKA ‘ ‘.
Level 3 was not hard at all either.
Bandit Level 3 → 4
Yey! This one is kind of tricky. After listing the files we find a directory. Here we need a new command named cd (Change the shell working Directory). Awesome, right? We try to list the files and this directory and there is nothing but emptiness. C’mmon you promised, even the name of the directory says “Inhere”. What if the file is hidden? How to list the hidden files? We need a help, no, actually we need THE help. ls -a will list all the files, even the ones, that start with a . AKA the hidden files. .hidden file is found, what are you waiting for?
Bandit Level 4 → 5
What do I see? Again an “Inhere” directory, which has not one, not two but ten files. Sure, I can read all of them and find that desired password, but something inside me tells me: “There should be a way to cat all the files, go and find that way”. Here I found a part of our problem, i.e. how to cat all the files: we need to use “*”. But let’s pay attention that all the files start with a “-“. Bringing all our knowledge together and typing cat ./* we decide that it would have been easier to cat all the files. How do I find the password in this symbol-mixture? I just tried to brute force. No way, there are more letters than I needed. Keeping up with the
Kardashians Google. What if we find out which file contains text and then just read it? That is possible with the file command: file ./* This will tell us that only the file named -file07 contains ASCII text. Let’s just read that one.
I thought it’s supposed to be easier…