[Write Up] Bandit Wargame Clear Log (Level 0 - 10)

OverTheWire Bandit Wargame Level 0–10: My Step-by-Step Solutions

This is the first review about Over the wire : Bandit wargames.
While I studying python3, I explored various area of IT and became interested in cybersecurity.
Then I found the Bandit wargames and totally got hooked.
Starting today, I'll write down how I cleared each level of the wargames. This will be a way for me to improve both computer skills and English writing skills.
Please let me know if I use any awkward expressions or provide incorrect information.

If you need more details about Bandit wargames, please check this link : http://www.overthewire.org/wargames

---

0. Bandit Level 0

Level Goal
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Commands you may need to solve this level
ssh

Helpful Reading Material
Secure Shell (SSH) on Wikipedia
How to use SSH on wikiHow

How I solved it

The task was to log into the game using SSH, so I started by typing ssh.
Then I entered bandit0@bandit.labs.overthewire.org, which includes the username and server address.
After that, I added the '-p 2220' option. -p specifies the port, and 2220 is the port number provided by the Bandit wargames site.
The password to log in is 'bandit0' provided by the Bandit wargames site.

---

1. Bandit Level 0 → Level 1

Level Goal
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Commands you may need to solve this level
ls , cd , cat , file , du , find

TIP: Create a file for notes and passwords on your local machine!

Passwords for levels are not saved automatically. If you do not save them yourself, you will need to start over from bandit0.

Passwords also occasionally change. It is recommended to take notes on how to solve each challenge. As levels get more challenging, detailed notes are useful to return to where you left off, reference for later problems, or help others after you’ve completed the challenge.

How I solved it

~ means the home directroy. So I knew current directory was home directory.
I entered ls first to check the list of files in the current directory.
I found the readme file, so I typed cat readme to read it.
The password for next level appeared. After I coppying it, I entered exit to logout.
Using the password, I logged into the next level with ssh bandit1@bandit.labs.overthewire.org -p 2220.

---

2. Bandit Level 1 → Level 2

Level Goal
The password for the next level is stored in a file called - located in the home directory

Commands you may need to solve this level
ls , cd , cat , file , du , find

Helpful Reading Material
Google Search for “dashed filename”
Advanced Bash-scripting Guide - Chapter 3 - Special Characters

How I solved it

~ showed me that the current directory was the home directory.
I entered ls to check the list of files in the home directory.
There was a file named -. But if I just typed cat -, I couldn't read the file because - usually means "use standard input" or "use options". My computer couldn't probably didn't recognize that - was the actual file name.
So I use the full path like cat ./- to make it clear that - was a file.
After I got the password for the next level, I logged out and logged into level2.

---

3. Bandit Level 2 → Level 3

Level Goal
The password for the next level is stored in a file called spaces in this filename located in the home directory

Commands you may need to solve this level
ls , cd , cat , file , du , find

Helpful Reading Material
Google Search for “spaces in filename”

How I solved it

~ showed me that the current directory was the home directory.
I entered 'ls' to check the list of files in the home directory, and I found a file named spaces in this filename.
If I had just typed "cat spaces in this filename", my computer probably wouldn't have recognized it as a single file name, because it wouldn't understand that the spaces were part of the name.
So I had to make it clear that "spaces in this filename" was a single filename. I had two options.
First, I could use "". If I typed "" like cat "spaces in this filename", the computer would recognize it correctly.
Or, I could use \ like cat spaces\ in\ this\ filename. That also works.
I usually choose second method because it's more convenient when using Tab. The Tab key has an autocomplete function, so try it!
After I got the password for the next level, I logged out and logged into level3.

---

4. Bandit Level 3 → Level 4

Level Goal
The password for the next level is stored in a hidden file in the inhere directory.

Commands you may need to solve this level
ls , cd , cat , file , du , find

How I solved it

I started by entering ls to find the inhere directory.
After I found the inhere directory, I typed cd inhere to enter in.
Then I used ls -a. The -a option means "all", so it helps to show hidden files.
I found the ...Hiding-From-You file, and opened it using the cat command.
I got the password for the next level, so I logged into level 4.

---

5. Bandit Level 4 → Level 5

Level Goal
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Commands you may need to solve this level
ls , cd , cat , file , du , find

How I solved it

I started by typing ls to find the inhere directory.
After I entered the inhere directory, I tried the ls command again to check the files in the current directory.
There were eight files, and I wanted to check all of them conveniently, so I used the file command to determine what kind of data each file contained.
I also used the ./* as the argument. ./ refers to the current directory, and the * means "all files".
As a result, I found that -file07 contained ASCII text.
I got the password using the cat command, then I logged into level 5.

---

6. Bandit Level 5 → Level 6

Level Goal
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

human-readable
1033 bytes in size
not executable

Commands you may need to solve this level
ls , cd , cat , file , du , find

How I solved it

I started by entering ls to find the inhere directory, and then moved into it.
Next, I typed ls again to see what was inside. There were nineteen subdirectories.
Should I check each directory one by one? No way!
So I used the find command, which helps locate files based on certain criteria.
I entered -type f to search only for regular files.
Then I added -size 1033c, where c stands for bytes.
Finally, I included ! -excutable. The ! negates the condition, meaning the file should not be executable. Then I pressed the Enter key.
Only one file matched all the conditions. I read that file using cat and found password for the next level.

---

7. Bandit Level 6 → Level 7

Level Goal
The password for the next level is stored somewhere on the server and has all of the following properties:

owned by user bandit7
owned by group bandit6
33 bytes in size

Commands you may need to solve this level
ls , cd , cat , file , du , find , grep

How I solved it

First of all, I moved into root directory using cd /, because I didn't know where the password file was.
Then I used the find command, which helps locate files based on specific criteria.
I added -user bandit7 and -group bandit6 to search for files owned by user bandit7 and group bandit6.
Next, I included -size 33c, wherecstands for bytes. Then I pressed theEnterkey.
I got the result, however, there were too many lines to read.
So I added2> /dev/nullwhich dicards error massage automatically.
Only one file poped up. I read the file usingcat` and found password for the next level.

---

8. Bandit Level 7 → Level 8

Level Goal
The password for the next level is stored in the file data.txt next to the word millionth

Commands you may need to solve this level
man, grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

How I solved it

First, I typed the ls command to find the data.txt file, and then tried to read it using cat.
There were too much text in the file, so I a needed more efficient method.
I knew two options to solve this problem : using the vi command or the grep command.
If you enter vi data.txt, the data.txt file will be opened in the visual editor program. And then you can use the / command to search for a word - in this case, millionth.
But I prefer using the grep command, whcih helps locate a specific word.
So I entered cat data.txt | grep millionth. The | sympol is called a pipe - it sends the result to the next command.
As a result, the word millionth and the password popped up. I copied it and then logged into level 8.

---

9. Bandit Level 8 → Level 9

Level Goal
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Helpful Reading Material
Piping and Redirection

How I solved it

I first found the data.txt file using the ls command. Then, I tried to read it using cat, but it contained too many lines to easily find the password.
So I used sort data.txt to sort the lines alphabetically, but it was still too difficult to locate the password.
That's why I used the uniq command with the -u option, conbined with the |(pipe) symbol. This combination helps extract the only line of text that appears exactly once.
As a result, I got the password for the next level.

---

10. Bandit Level 9 → Level 10

Level Goal
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

How I solved it

First, I found the data.txt file using the ls command. Then, I tried to read it using cat, but it was unreadable because it contained not only text but also binary data.
So I used the strings command in combination with grep. The strings command extracts only human-readable text from binary files.
As a result, I found the password for the level 10.

---

I’m continuing with higher levels, and I’ll post my solutions step by step.
If you find this helpful or want to follow along, feel free to leave a comment!