Over the Wire’s bandit series has proven to be an invaluable resource for students wanting to become better acquainted with the Linux system and bash terminal.
Bandit tests your familiarity with bash syntax and commands with 34 capture the flag-like challenges, each challenge more difficult than the last. The challenges are accessed entirely over SSH, allowing users to login via Powershell or CMD on Windows, or by terminal from your favorite Linux distro.
Using your preferred command or terminal prompt, ssh into Overthewire using username “bandit0” and password “bandit0.” (Both without quotes)
The current address for the series is located at bandit.labs.overthewire.org, port 2220.
ssh firstname.lastname@example.org -p 2220
The objectives to each challenge can be found here. In addition to providing level objectives, this link provides greater instruction than I will provide here, as well as, hints guiding users towards particular tools that will prove necessary towards achieving the level objective.
* A Note :
If you are unfamiliar with ssh, you will be prompted with an ECDSA fingerprint key when logging in for each level. This is normal. Enter ‘yes’ to accept, which will add the fingerprint to the list of known hosts.
Level 00 – bandit
“The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.”
Once logged in, using the ‘ls’ command prints the contents of the current directory and reveals a README file. Upon examination of the file, using the ‘cat’ command, the password for bandit1 is revealed.
bandit0@bandit:~$ ls readme bandit0@bandit:~$ cat readme boJ9jbbUNNfktd78OOpsqOltutMc3MY1 bandit0@bandit:~$ ssh bandit1@localhost
Now the next level, bandit1, can be accessed by logging in over ssh with the password acquired. You can follow the template we used above for logging into overthewire with bandit0, or you can simply address the login to ‘localhost’, as shown above. Each additional level from here forward can be accessed by simply substituting the username for the next subsequent user.