Skip to main content

OverTheWire Bandit: Level 0-14

Bandit

Levels

Please use Ctrl+F to find your desired Level.


Level 0
Bandit Level 0
Level Goal
The goal of this level is for you to log into the game using SSH. The host to which you need to
connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the
password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
Commands you may need to solve this level
2/31
ssh
kali@kali:~$ ssh bandit0@172.9.9.176 -p 2220
password: bandit0

Level 0 -> Level 1
Level Goal
The password for the next level is stored in a file called readme located in the home directory.
Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use
SSH (on port 2220) to log into that level and continue the game.
Commands you may need to solve this level
ls, cd, cat, file, du, find

Password for next level: boJ9jbbUNNfktd78OOpsqOltutMc3MY1


Level 1 -> Level 2
Level Goal
The password for the next level is stored in a file called - located in the home directory
Commands you may need to solve this level
ls, cd, cat, file, du, find
kali@kali:~$ ssh bandit1@bandit.labs.overthewire.org -p 2220
Password: boJ9jbbUNNfktd78OOpsqOltutMc3MY1
When we ls into this level we find a file called “-”
we cant #cat -
What we can do instead is
Password for next level: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9


Level 2 -> Level 3
Level Goal
The password for the next level is stored in a file called spaces in this filename located in the
home directory
kali@kali:~$ ssh bandit2@bandit.labs.overthewire.org -p 2220
Password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
When we ls into this level, we find a file called “spaces in this filename”
To cat past this, we use
bandit2@bandit:~$ cat 'spaces in this filename'
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK


Level 3 -> Level 4
Level Goal
The password for the next level is stored in a hidden file in the inhere directory.
bandit3@bandit:~$ ls
inhere
bandit3@bandit:~$ cd inhere/
bandit3@bandit:~/inhere$ ls
bandit3@bandit:~/inhere$ ls -a
. .. .hidden
bandit3@bandit:~/inhere$ cat ./.hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
The password for the next level: pIwrPrtPN36QITSp3EQaw936yaFoFgAB


Level 4 -> Level 5
Level Goal
4/31
The password for the next level is stored in the only human-readable file in the inhere directory.
Tip: if your terminal is messed up, try the “reset” command.
To find what type of file a file is we can use the “file" command. We can do this for each file for
run it for all the files using * (all)
bandit4@bandit:~$ ls
inhere
bandit4@bandit:~$ cd inhere/
bandit4@bandit:~/inhere$ ls
-file00 -file02 -file04 -file06 -file08
-file01 -file03 -file05 -file07 -file09
bandit4@bandit:~/inhere$ file ./-file*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@bandit:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh


Level 5 -> Level 6
Level Goal
The password for the next level is stored in a file somewhere under the inhere directory and has
all of the following properties:
human-readable
1033 bytes in size
not executable
bandit5@bandit:~$ ls
inhere
bandit5@bandit:~$ cd inhere/
bandit5@bandit:~/inhere$ ls
maybehere00 maybehere04 maybehere08 maybehere12 maybehere16
maybehere01 maybehere05 maybehere09 maybehere13 maybehere17
maybehere02 maybehere06 maybehere10 maybehere14 maybehere18
5/31
maybehere03 maybehere07 maybehere11 maybehere15 maybehere19
bandit5@bandit:~/inhere$ find . -size 1033c
./maybehere07/.file2
bandit5@bandit:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7


Level 6 -> Level 7
Level Goal
The password for the next level is stored somewhere on the server and has all of the following
properties:
owned by user bandit7
owned by group bandit6
33 bytes in size
bandit6@bandit:~$ find . -user bandit7 -group bandit6 -size 33c
bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c
find: ‘/root’: Permission denied
find: ‘/home/bandit28-git’: Permission denied
find: ‘/home/bandit30-git’: Permission denied
find: ‘/home/bandit5/inhere’: Permission denied
find: ‘/home/bandit27-git’: Permission denied
find: ‘/home/bandit29-git’: Permission denied
find: ‘/home/bandit31-git’: Permission denied
find: ‘/lost+found’: Permission denied
find: ‘/etc/ssl/private’: Permission denied
find: ‘/etc/polkit-1/localauthority’: Permission denied
find: ‘/etc/lvm/archive’: Permission denied
find: ‘/etc/lvm/backup’: Permission denied
find: ‘/sys/fs/pstore’: Permission denied
find: ‘/proc/tty/driver’: Permission denied
find: ‘/proc/5397/task/5397/fd/6’: No such file or directory
find: ‘/proc/5397/task/5397/fdinfo/6’: No such file or directory
find: ‘/proc/5397/fd/5’: No such file or directory
find: ‘/proc/5397/fdinfo/5’: No such file or directory
find: ‘/cgroup2/csessions’: Permission denied
find: ‘/boot/lost+found’: Permission denied
find: ‘/tmp’: Permission denied
find: ‘/run/lvm’: Permission denied
find: ‘/run/screen/S-bandit29’: Permission denied
find: ‘/run/screen/S-bandit26’: Permission denied
find: ‘/run/screen/S-bandit18’: Permission denied
find: ‘/run/screen/S-bandit13’: Permission denied
find: ‘/run/screen/S-bandit16’: Permission denied
find: ‘/run/screen/S-bandit31’: Permission denied
6/31
find: ‘/run/screen/S-bandit8’: Permission denied
find: ‘/run/screen/S-bandit14’: Permission denied
find: ‘/run/screen/S-bandit19’: Permission denied
find: ‘/run/screen/S-bandit21’: Permission denied
find: ‘/run/screen/S-bandit12’: Permission denied
find: ‘/run/screen/S-bandit5’: Permission denied
find: ‘/run/screen/S-bandit22’: Permission denied
find: ‘/run/screen/S-bandit24’: Permission denied
find: ‘/run/screen/S-bandit25’: Permission denied
find: ‘/run/screen/S-bandit0’: Permission denied
find: ‘/run/screen/S-bandit20’: Permission denied
find: ‘/run/screen/S-bandit23’: Permission denied
find: ‘/run/shm’: Permission denied
find: ‘/run/lock/lvm’: Permission denied
find: ‘/var/spool/bandit24’: Permission denied
find: ‘/var/spool/cron/crontabs’: Permission denied
find: ‘/var/spool/rsyslog’: Permission denied
find: ‘/var/tmp’: Permission denied
find: ‘/var/lib/apt/lists/partial’: Permission denied
find: ‘/var/lib/polkit-1’: Permission denied
/var/lib/dpkg/info/bandit7.password
find: ‘/var/log’: Permission denied
find: ‘/var/cache/apt/archives/partial’: Permission denied
find: ‘/var/cache/ldconfig’: Permission denied
We can see that /var/lib/dpkg/info/bandit7.password is available with the same arguments
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs


Level 7 -> Level 8
Level Goal
The password for the next level is stored in the file data.txt next to the word millionth
bandit7@bandit:~$ ls
data.txt
bandit7@bandit:~$ cat data.txt | grep millionth
millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plV


Level 8 -> Level 9
Level Goal
The password for the next level is stored in the file data.txt and is the only line of text that
occurs only once
bandit8@bandit:~$ ls
data.txt
bandit8@bandit:~$ cat data.txt | sort | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR


Level 9 -> Level 10
Level Goal
The password for the next level is stored in the file data.txt in one of the few human-readable
strings, preceded by several ‘=’ characters.
We cant use the cat command here.
We have to use the strings command. It extracts strings of printable characters from files so
that other commands can use the strings without having to contend with non-printable
characters.
bandit9@bandit:~$ ls
data.txt
bandit9@bandit:~$ cat data.txt | grep =
Binary file (standard input) matches
bandit9@bandit:~$ strings data.txt | grep =
========== the*2i"4
=:G e
========== password
<I=zsGi
Z)========== is
A=|t&E
Zdb=
c^ LAh=3G
*SF=s
&========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
S=A.H&^
Password: truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk


Level 10 -> Level 11
Level Goal
The password for the next level is stored in the file data.txt, which contains base64 encoded
data
We can use “base64 -d” to decode the base64 string
bandit10@bandit:~$ ls
data.txt
bandit10@bandit:~$ cat data.txt
VGhlIHBhc3N3b3JkIGlzIElGdWt3S0dzRlc4TU9xM0lSRnFyeEUxaHhUTkViVVBSCg==
bandit10@bandit:~$ cat data.txt | base64 -d
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR


Level 11 -> Level 12
Level Goal
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and
uppercase (A-Z) letters have been rotated by 13 positions
This is a rot13 cipher.
We need to use the tr command. tr is an abbreviation of translate or transliterate, indicating its
operation of replacing or removing specific characters in its input data set.
bandit11@bandit:~$ ls
data.txt
bandit11@bandit:~$ cat data.txt | tr a-zA-Z n-za-mN-ZA-M
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu


Level 12 -> Level 13
Level Goal
The password for the next level is stored in the file data.txt, which is a hexdump of a file that
has been repeatedly compressed. For this level it may be useful to create a directory under /tmp
in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the
datafile using cp, and rename it using mv
9/31
bandit12@bandit:~$ mkdir /tmp/azid123
bandit12@bandit:~$ ls
data.txt
bandit12@bandit:~$ cp data.txt /tmp/azid123
bandit12@bandit:~$ cd /tmp/azid123
bandit12@bandit:/tmp/azid123$ ls
data.txt
The xxd command is used in Linux to make the hexdump of a file. It is also used to reverse this
process. Let’s use it to retrieve the original file. We are going to use the ‘r’ parameter to revert
the process and provide it with a filename where it should store its output.
bandit12@bandit:/tmp/azid123$ xxd -r data.txt data2
bandit12@bandit:/tmp/azid123$ file data2
data2: gzip compressed data, was "data2.bin", last modified: Thu May 7 18:14:30 2020, max
compression, from Unix
it is a gzip file. We cant extract it yet because it has to have the .gz extension. So, we first
rename the file and then unizip it.
bandit12@bandit:/tmp/azid123$ mv data2 data2.gz
bandit12@bandit:/tmp/azid123$ gzip -d data2.gz
bandit12@bandit:/tmp/azid123$ ls
data2 data.txt
We use the similar process till we can get a readable file
bandit12@bandit:/tmp/azid123$ file data2
data2: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/azid123$ mv data2 data2.bz2
bandit12@bandit:/tmp/azid123$ bzip2 -d data2.bz2
bandit12@bandit:/tmp/azid123$ ls
data2 data.txt
bandit12@bandit:/tmp/azid123$ file data2
data2: gzip compressed data, was "data4.bin", last modified: Thu May 7 18:14:30 2020, max
compression, from Unix
bandit12@bandit:/tmp/azid123$ mv data2 data2.gz
bandit12@bandit:/tmp/azid123$ ls
data2.gz data.txt
bandit12@bandit:/tmp/azid123$ gzip -d data2.gz
bandit12@bandit:/tmp/azid123$ ls
data2 data.txt
bandit12@bandit:/tmp/azid123$ file data2
data2: POSIX tar archive (GNU)
bandit12@bandit:/tmp/azid123$ tar -xvf data2
data5.bin
bandit12@bandit:/tmp/azid123$ ls
data2 data5.bin data.txt
10/31
bandit12@bandit:/tmp/azid123$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/azid123$ tar -xvf data5.bin
data6.bin
bandit12@bandit:/tmp/azid123$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/azid123$ mv data6.bin data6.bz2
bandit12@bandit:/tmp/azid123$ bzip2 -d data6.bz2
bandit12@bandit:/tmp/azid123$ ls
data2 data5.bin data6 data.txt
bandit12@bandit:/tmp/azid123$ file data6
data6: POSIX tar archive (GNU)
bandit12@bandit:/tmp/azid123$ tar -xvf data6
data8.bin
bandit12@bandit:/tmp/azid123$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Thu May 7 18:14:30 2020,
max compression, from Unix
bandit12@bandit:/tmp/azid123$ mv data8.bin data8.gz
bandit12@bandit:/tmp/azid123$ gzip -d data8.gz
bandit12@bandit:/tmp/azid123$ ls
data2 data5.bin data6 data8 data.txt
bandit12@bandit:/tmp/azid123$ file data8
data8: ASCII text
bandit12@bandit:/tmp/azid123$ cat data8
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
The password: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL


Level 13 -> Level 14
Level Goal
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by
user bandit14. For this level, you don’t get the next password, but you get a private SSH key
that can be used to log into the next level. Note: localhost is a hostname that refers to the
machine you are working on
bandit13@bandit:~$ ls
sshkey.private
bandit13@bandit:~$ ssh bandit14@localhost -i sshkey.private

Comments

Most Viewed Content:

Final Year Project

I'm in the final semester of my degree and my project is something I've been thinking about for a while. I want to solve a problem, so I formed a team and now the project we are planning on creating is "DDoS Detection". We want to create an app which detects DDoS attacks and stop them live. I haven't really started doing much, but first thing I want to do is get datasets. I will search online for datasets on DDoS attacks. My mentor mentioned that I could create a virtual network in VirtualBox and simulate different types of attacks with some programs I can find online. That sounds pretty interesting and I'm going to do some research and find out if thats something I can do.   2 of my teammates are also helping me write code, we plan on using Python and a machine learning library, mostly Keras, to train the model and learn patterns. Lets see how it goes.

I gave my first talk at a Security Conference

Last month I gave a fun little talk called "Plenty of Phish in the Sea" in my local security conference. It was a fun presentation on how I phished my friends in high school.  I used to make music back in high school and sent a phishing link to 3 of my best friends to my "Soundcloud" and asked them to sign in through their email. I had created a fake domain that copied the Soundcloud login page but the form to submit username and password had a php script that sent the credentials to a txt file I had on the server.  My friends had weird passwords of course, one guy had his girlfriends name, another had his favourite sport mentioned, and another friend literally had his whole phone number as his password.  I made jokes about it and kept the whole tone of the presentation humorous.   This talk wasn't very technical, but it was my first time and this was an actual experience. Hopefully, next time my talk is a technical one, where I teach the audience something I le...

I got a Job as a Security Engineer!

Long time since I wrote a blog post, but things happened. I graduated from University with a degree in Information Science. I interned in 3 different companies since getting certified in CEH and CCNA. I also did huge projects in the final year of college. I had around 200 applications over 2 months and 7 interviews. After being rejected and ghosted numerous times I got a few interviews. 5 of which didn't go so well. Either I wasn't qualified or they didn't think I had enough experience. Fortunately,  the last 2 interviews went extremely well and I got a job offer from BOTH companies! Company 1 is a big Networking company where I where the job was being a part of the Incident Response team and Company 2 is mid-size education software provider. Company 2 had 1 other security person, and I would be person 2, which would have been a great opportunity to learn and grow with. I took a few days and talked to a bunch of people in my family and even posted on Reddit to get advice on...