Level 07 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in the file data.txt next to the word millionth”

bandit7@bandit:~$ ls -la
total 4108
drwxr-xr-x  2 root    root       4096 Dec 28  2017 .
drwxr-xr-x 42 root    root       4096 Jul 22 18:42 ..
-rw-r--r--  1 root    root        220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root    root       3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root    root        655 Jun 24  2016 .profile
-rw-r-----  1 bandit8 bandit7 4184396 Dec 28  2017 data.txt
bandit7@bandit:~$ cat data.txt | grep millionth
millionth       cvX2JJa4CFALtqS87jk27qwqGhBM9plV

By piping the contents of data.txt into grep, we are able to search for specific strings, and filter our output, limited to those particular lines in the text.

Level 6 – bandit – overthewire

Level Instructions:

“The password for the next level is stored somewhere on the server and has all of the following properties:

owned by user bandit7
owned by group bandit6
33 bytes in size”

bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Again, using the powerful find command, we can specify the owner, group, and file size of a particular file.  The “2>/dev/null” appended to the end of the command filters and forwards all erroneous returns to /dev/null which can essentially be considered ‘to nowhere’.

Level 05- bandit – overthewire

Level Instructions:

“The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

human-readable
1033 bytes in size
not executable”

bandit5@bandit:~$ ls
inhere
bandit5@bandit:~$ cd inhere
bandit5@bandit:~/inhere$ ls -la
total 88
drwxr-x--- 22 root bandit5 4096 Dec 28  2017 .
drwxr-xr-x  3 root root    4096 Dec 28  2017 ..
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere00
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere01
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere02
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere03
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere04
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere05
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere06
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere07
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere08
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere09
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere10
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere11
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere12
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere13
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere14
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere15
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere16
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere17
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere18
drwxr-x---  2 root bandit5 4096 Dec 28  2017 maybehere19
bandit5@bandit:~/inhere$ find . -type f -size 1033c ! -executable
./maybehere07/.file2
bandit5@bandit:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Increasing in difficulty, this challenge presents 20 directories with many different files residing within each.  Passing the ‘find’ command enables us to search the current directory for files 1033 bytes in size that are not executable.

Level 04 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.”

bandit4@bandit:~$ ls -la
total 24
drwxr-xr-x  3 root root 4096 Dec 28  2017 .
drwxr-xr-x 42 root root 4096 Jul 22 18:42 ..
-rw-r--r--  1 root root  220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root root 3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root root  655 Jun 24  2016 .profile
drwxr-xr-x  2 root root 4096 Dec 28  2017 inhere
bandit4@bandit:~$ cd inhere
bandit4@bandit:~/inhere$ ls -la
total 48
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file00
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file01
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file02
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file03
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file04
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file05
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file06
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file07
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file08
-rw-r----- 1 bandit5 bandit4   33 Dec 28  2017 -file09
drwxr-xr-x 2 root    root    4096 Dec 28  2017 .
drwxr-xr-x 3 root    root    4096 Dec 28  2017 ..
bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@bandit:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

We are presented with 10 different files that the password could be residing within.  The instructions hinted that the password resided within the only human readable file.

Using the command ‘file’ prints additional file information to the terminal. Appending ./* to the end of the file command instructs the file command to print additional information for all files residing withing that current directory.

Level 03 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in a hidden file in the inhere directory.”

bandit3@bandit:~$ ls -la
total 24
drwxr-xr-x  3 root root 4096 Dec 28  2017 .
drwxr-xr-x 42 root root 4096 Jul 22 18:42 ..
-rw-r--r--  1 root root  220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root root 3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root root  655 Jun 24  2016 .profile
drwxr-xr-x  2 root root 4096 Dec 28  2017 inhere
bandit3@bandit:~$ cd inhere
bandit3@bandit:~/inhere$ ls -la
total 12
drwxr-xr-x 2 root    root    4096 Dec 28  2017 .
drwxr-xr-x 3 root    root    4096 Dec 28  2017 ..
-rw-r----- 1 bandit4 bandit3   33 Dec 28  2017 .hidden
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Listing the contents of the home directory reveals a folder named, ‘inhere’.  Because we were instructed the password would be stored within a hidden file, we use the -l & -a switches with command ‘ls’.  The -l switch simply provides a listed format with additional permissions information.  The -a switch reveals all the contents of the directory, including those that are hidden.

Level 02 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in a file called spaces in this filename located in the home directory”

bandit2@bandit:~$ ls
spaces in this filename
bandit2@bandit:~$ cat "spaces in this filename"
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit2@bandit:~$ ssh bandit3@localhost

Within the directory is a file named ‘spaces in this filename’.

Because of the spaces within the file, in order to access it, the file name must be enclosed within quotes.  Sure enough, the password for bandit3 is found inside.

Level 01 – bandit – overthewire

Level Instructions:

“The password for the next level is stored in a file called – located in the home directory”

bandit1@bandit:~$ ls
-
bandit1@bandit:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Upon inspecting the home directory, a file “-” is found within.

Executing a quick ‘cat’ of its contents reveals bandit2’s password.

Over the Wire’s  bandit series has proven to be an invaluable resource for students wanting to become better acquainted with the Linux system and bash terminal.

Bandit tests your familiarity with bash syntax and commands with 34 capture the flag-like challenges, each challenge more difficult than the last.  The challenges are accessed entirely over SSH, allowing users to login via Powershell or CMD on Windows, or by terminal from your favorite Linux distro.

Getting Started…

Using your preferred command or terminal prompt, ssh into Overthewire using username “bandit0” and password “bandit0.” (Both without quotes)

The current address for the series is located at bandit.labs.overthewire.org, port 2220.

ssh bandit0@bandit.labs.overthewire.org -p 2220

The objectives to each challenge can be found here.  In addition to providing level objectives, this link provides greater instruction than I will provide here, as well as, hints guiding users towards particular tools that will prove necessary towards achieving the level objective.

* A Note :

If you are unfamiliar with ssh, you will be prompted with an ECDSA fingerprint key when logging in for each level.  This is normal.  Enter ‘yes’ to accept, which will add the fingerprint to the list of known hosts.

 Level 00 – bandit

Level Instructions

 “The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.”

Once logged in, using the ‘ls’ command prints the contents of the current directory and reveals a README file.  Upon examination of the file, using the ‘cat’ command, the password for bandit1 is revealed.

bandit0@bandit:~$ ls
readme
bandit0@bandit:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
bandit0@bandit:~$ ssh bandit1@localhost      

Now the next level, bandit1, can be accessed by logging in over ssh with the password acquired.  You can follow the template we used above for logging into overthewire with bandit0, or you can simply address the login to ‘localhost’, as shown above.  Each additional level from here forward can be accessed by simply substituting the username for the next subsequent user.