DEV Community

Cover image for OverTheWire :- Bandit (Level 0–10) [CTF]
Shubham Patel
Shubham Patel

Posted on • Edited on

4 3

OverTheWire :- Bandit (Level 0–10) [CTF]

#linux #showdev #devops #c

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

LEVEL 0 → LEVEL 1

Level Goal

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Use ssh to login the server with the following information.

Username: bandit0
Password: bandit0
Host: bandit.labs.overthewire.org
Port: 2220

$ ssh bandit0@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit0@bandit.labs.overthewire.org's password:
bandit0

To find Password for next level 

bandit0@bandit:~$ ls
readme
bandit0@bandit:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1

LEVEL 1 → LEVEL 2

Level Goal

The password for the next level is stored in a file called — located in the home directory

$ ssh bandit1@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit1@bandit.labs.overthewire.org's password:
boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Password 

bandit1@bandit:~$ ls
-
bandit1@bandit:~$ cat < -
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

LEVEL 2 → LEVEL 3

Level Goal

The password for the next level is stored in a file called spaces in this filename located in the home directory

$ ssh bandit2@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit2@bandit.labs.overthewire.org's password:
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Solution 

bandit2@bandit:~$ ls
spaces in this filename
bandit2@bandit:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

LELVEL 3→ LEVEL 4

Level Goal

The password for the next level is stored in a hidden file in the inhere directory.

$ ssh bandit3@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit3@bandit.labs.overthewire.org's password:
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Solution 

bandit3@bandit:~$ ls
inhere
bandit3@bandit:~$ cd inhere
bandit3@bandit:~/inhere$ ls -al
total 12
drwxr-xr-x 2 root    root    4096 May  7 20:14 .
drwxr-xr-x 3 root    root    4096 May  7 20:14 ..
-rw-r----- 1 bandit4 bandit3   33 May  7 20:14 .hidden
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

LEVEL 4 →LEVEL 5

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

$ ssh bandit4@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit4@bandit.labs.overthewire.org's password:
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Solution 

bandit4@bandit:~$ ls
inhere
bandit4@bandit:~$ cd inhere
bandit4@bandit:~/inhere$ ls
-file00  -file02  -file04  -file06  -file08
-file01  -file03  -file05  -file07  -file09bandit4@bandit:~/inhere$ file ./-file*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: databandit4@bandit:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

LEVEL 5 → LEVEL 6

Level Goal

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

  1. human-readable
  2. 1033 bytes in size
  3. not executable

$ ssh bandit5@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit5@bandit.labs.overthewire.org's password:
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Solution 

bandit5@bandit:~$ ls
inhere
bandit5@bandit:~$ ls inhere
maybehere00  maybehere04  maybehere08  maybehere12  maybehere16
maybehere01  maybehere05  maybehere09  maybehere13  maybehere17
maybehere02  maybehere06  maybehere10  maybehere14  maybehere18
maybehere03  maybehere07  maybehere11  maybehere15  maybehere19bandit5@bandit:~$ find -type f -size 1033c
./inhere/maybehere07/.file2bandit5@bandit:~$ cat ./inhere/maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

LEVEL 6 → LEVEL 7

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

  1. owned by user bandit7
  2. owned by group bandit6
  3. 33 bytes in size

$ ssh bandit6@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit6@bandit.labs.overthewire.org's password:
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Solution 

bandit6@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 May  7 20:14 .
drwxr-xr-x 41 root root 4096 May  7 20:14 ..
-rw-r--r--  1 root root  220 May 15  2017 .bash_logout
-rw-r--r--  1 root root 3526 May 15  2017 .bashrc
-rw-r--r--  1 root root  675 May 15  2017 .profilebandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c -type f 2>/dev/null
/var/lib/dpkg/info/bandit7.passwordbandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

LEVEL 7 → LEVEL 8

Level Goal

The password for the next level is stored in the file data.txt next to the word millionth.

$ ssh bandit7@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit7@bandit.labs.overthewire.org's password:
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Solution 

bandit7@bandit:~$ ls
data.txt
bandit7@bandit:~$ cat data.txt | grep millionth
millionth       cvX2JJa4CFALtqS87jk27qwqGhBM9plV

LEVEL 8 → LEVEL 9

Level Goal

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

$ ssh bandit8@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit8@bandit.labs.overthewire.org's password:
cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Solution 

bandit8@bandit:~$ ls
data.txtbandit8@bandit:~$ cat data.txt | sort | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

LEVEL 9→ LEVEL 10

Level Goal

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

$ ssh bandit9@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit9@bandit.labs.overthewire.org's password:
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Solution 

bandit9@bandit:~$ ls
data.txtbandit9@bandit:~$ strings data.txt | grep "="
========== the*2i"4
=:G e
========== password
<I=zsGi
Z)========== is
A=|t&E
Zdb=
c^ LAh=3G
*SF=s
&========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
S=A.H&^

Thank You For Reading.

profile
Datadog
 Promoted

Image of Datadog

Master Mobile Monitoring for iOS Apps

Monitor your app’s health with real-time insights into crash-free rates, start times, and more. Optimize performance and prevent user churn by addressing critical issues like app hangs, and ANRs. Learn how to keep your iOS app running smoothly across all devices by downloading this eBook.

Get The eBook

Top comments (0)

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Read next

zkck profile image

Two Years in the Vault: 4 Best Practices 🔒

Zak Cook -

hassan_aftab profile image

Why Rootless Containers Matter: A Security Perspective

Hassan Aftab -

kelvinhey profile image

How to Install Anytype on Linux

Kelvin Hey -

miguelneto profile image

The Hare Programming Language

Miguel Neto -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay