OverTheWire - Bandit (Level 1 - 10)

Getting started

Let's login to the game using SSH. We are provided with the following information:

  • Host: bandit.labs.overthewire.org

  • Port: 2220

  • Username: bandit0

  • Password: bandit0

Using the following command, ssh bandit0@bandit.labs.overthewire.org -p 2220 we are able to login to the machine via SSH.

It will ask for the password. Enter bandit0

You will now be logged in. We can start going through the levels.


Level 0 - 1

Goal: The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Let's use the ls -la command to view whats in the current directory.

We are told the password is in the readme file. We can output the contents using the cat <filename> command. In this case, cat readme.

We have found the password and can now move onto the next level. To move onto the next level, we need to use the new password and change the username to bandit1.


Level 1 - 2

Goal: The password for the next level is stored in a file called - located in the home directory.

The password can be found in a file called - in the home directory. Let's list the files in the home directory using the ls -la command.

Since the filename is - we will need to specify the full path to the file to output the contents.


Level 2 - 3

Goal: The password for the next level is stored in a file called spaces in this filename located in the home directory.

When we list the files in the home directory, we see that the filename has spaces.

If we add a backslash (\) after the words, we will be able to output the contents of the file.


Level 3 - 4

Goal: The password for the next level is stored in a hidden file in the inhere directory.

We have been using the command ls -la. This command lists all files and directories, hidden and visible.

To go into the directory, use the cd <directory> command. In this case, we use cd inhere. When you enter the directory, you wont find anything in there. Use the ls -la command again to view hidden files.

Output the contents using the cat command.


Level 4 - 5

Goal: The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Start by going into the inhere directory.

When you enter and list the files in the directory, you can see there are multiple files with similar names. We can output the content of all files using the command cat ./-file*

Everything is unreadable except a string. That is the password.


Level 5 - 6

Goal: The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable

  • 1033 bytes in size

  • not executable

Start off by entering the inhere directory. We see that there are multiple directories to explore.

We are given some information about the file to find. We can use the find command to find the file giving specific values to the command. Let's run the following command find ./ -type f -size 1033c to find the file.

The password is in the hidden file called .file2, lets output the content.


Level 6 - 7

Goal: The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7

  • owned by group bandit6

  • 33 bytes in size

We are given the information of the file to search for. Lets use the file command again to find this. Using the following command find / -user bandit7 -group bandit6 -size 33c -type f 2> /dev/null will allow us to search every folder for the following file. 2> /dev/null allows us to view the output without the errors.

Lets output the contents of the file.


Level 7 - 8

Goal: The password for the next level is stored in the file data.txt next to the word millionth.

For this challenge, we will have to output the data and pipe (|) the output and use grep to find the specific word. Using the following command cat data.txt | grep millionth, we can find the password.


Level 8 - 9

Goal: The password for the next level is stored in the file data.txt and is the only line of text that occurs only once.

We can find the password for the next challenge by using the following command sort data.txt | uniq -u. This first sorts out the file then we pipe the output to the uniq command which then looks for the unique line where the password appears once.


Level 9 - 10

Goal: The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

Using the following command strings data.txt | grep = will allow us to display printable strings in the file. The grep command then looks for all instances with the = sign