Browse Tag

unix

OverTheWire: Bandit Level 2 to Level 3

bandit2_1

The password for the next level is stored in a file called spaces in this filename located in the home directory

After you performed a simple ls command to see the files in the directory, you will notice the “spaces in this filename” file. If you directly cat the file, you will have problems.

The trick is to either use backslash before each space, or embed the entire file name as a string. For instance,

  1. Adding backslash before each space
  2. Adding double quote to embed the file name

Either way works. 

[email protected]:~$ ls
spaces in this filename
[email protected]:~$ cat "spaces in this filename"
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
[email protected]:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
[email protected]:~$

The password to gain access to level 3 is UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

OverTheWire: Bandit Level 1 to Level 2

bandit1_2

The password for the next level is stored in a file called located in the home directory

As the hint has suggested, you need to check the content in the file named – (a dash symbol) to obtain the password to access level 2.

However, if you just simply run the cat command to view print the content in the file named – (a dash symbol), your terminal is just going to get stuck,

bandit1_1

When cat sees – (a dash symbol) as a filename, it treats it as a synonym for stdin. To avoid getting treated as a stdin and have your terminal getting nowhere, you need to provide the full path of the file instead of simply cat the file name.

[email protected]:~$ cat ./-
 CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

The password to gain access to level 2 is CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

OverTheWire: Bandit Level 0 to Level 1

lvl1

Level goal: The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH to log into that level and continue the game.

This level is a simple giveaway too. Simply run ls to view the current directory as instructed by the level’s hint, and then cat the readme file to view its content.

[email protected]:~$ ls
readme
[email protected]:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1

The password to level 1 environment is boJ9jbbUNNfktd78OOpsqOltutMc3MY1

OverTheWire: Bandit Level 0

Definitely, level 0 is a giveaway to get you started with the actual challenges.

Level 0 goal: The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Firstly, you should know how to connect to the bandit.labs.overthewire.org server via secure shell (SSH) protocol. If you are using Kali Linux, you can directly run an SSH command to connect to the server. However, if you are using Windows, there is no SSH client installed by default.

putty

While there are many very good SSH clients in the market that were designed for Windows environment usages, personally, I would prefer PuTTY as it is easy to setup and pretty lightweight.

Once you are done, press “Open” and you should be able to gain access to the bandit0 box.

lvl0

OverTheWire Bandit Write-up

A list of write-ups for OverTheWire Bandit, a simple Capture The Flag (CTF) game aimed at beginners.

The objective of the game is to solve the challenges and find the password to proceed to the next level.

To get started, the player needs to know how to connect to the server using a Secure Shell (SSH), which is essentially the bread and butter of any information security professional. Fine, probably something essential for any IT professionals to know how to use. 

For an absolute beginner who has not used SSH before, it is never too late to get started. It is time to put on a learning hat and try out the OverTheWire Bandit challenges!

OverTheWire Bandit

While the website itself did mention that the challenges were designed for beginners, it is still pretty fun for IT professionals to challenge themselves.

List of Write-ups