OverTheWire: Bandit 0-5
I think TryHackMe and HackTheBox are great resources for hacking and provide a nice platform for cyber security students to learn many things within a lab environment. That said, those resources also come with a price $$$ so I set out to find a free resource that every person interested in cyber security can try without paying a cent thanks to the good ole staff at OverTheWire!
This first set of challenges or “wargames” is called Bandit and I believe it is good introduction to some cyber security challenges as well as it helps to hone your Linux skills. Here is my walkthrough of each level. If you would like to jump to specific level then each level with be accompanied with the username and password. I will be appending consecutive levels as I have to time to post. Enjoy!
Bandit 0
http://overthewire.org/wargames/bandit/bandit0.html
In their website they give us the username and password for bandit0 and we have to find the password for bandit1
Username: bandit0 Password: bandit0
Bandit 1
http://overthewire.org/wargames/bandit/bandit1.html
Nothing too difficult here, ssh into bandit0@bandit.labs.overthewire.org on port 2220. Type ls
and it shows a readme file. Let’s read what’s inside it with cat command.
bandit0@bandit:~$ ls
readme
bandit0@bandit:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
That’s our password. Easy!
Username: bandit1 Password: boJ9jbbUNNfktd78OOpsqOltutMc3MY1
Bandit 2
http://overthewire.org/wargames/bandit/bandit2.html
This level states the next password is saved in a file named - Type ls
and it shows the file named -. Here we cannot simply type: cat -
. It will fail. In order to read files that start with a dash, you have to redirect them to stdin with the < operator. By the way stdin: Stands for “standard input.”
bandit1@bandit:~$ ls -l
total 4
-rw-r----- 1 bandit2 bandit1 33 May 7 2020 -
bandit1@bandit:~$ cat <-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
The goal of stdin is to work with input. This can also be redirected. For example, instead of typing the input from the keyboard, it can also be loaded from a file.
For example: In this command, cat will take its input directly from the hello.txt file.
bandit1@bandit:~$ cat < hello.txt
Hello World!
Another solution is to use ./filename
.
bandit1@bandit:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
Username: bandit2 Password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
Helpful Reading Material
Bandit 3
http://overthewire.org/wargames/bandit/bandit3.html
The password for the next level is stored in a file called spaces in this filename.
If we were to cat spaces in the filename
then the shell doesn’t know how to handle the spaces so it would interpret this as:
bandit2@bandit:~$ cat spaces in this filename
cat: spaces: No such file or directory
cat: in: No such file or directory
cat: this: No such file or directory
cat: filename: No such file or directory
As you can see it tries to treat each word as a separate file. In order to read files with spaces in the name you have to surround the file name in quotation marks like so:
bandit2@bandit:~$ cat "spaces in this filename"
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Another solution is to use an escape character such as \
which reads the command as a continuation. You can think of this as removing or ignoring the special meaning of certain characters or words to the shell. In the example below we’re using the backslash escape character to remove or ignore the spaces.
bandit2@bandit:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Username: bandit3 Password: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Bandit 4
http://overthewire.org/wargames/bandit/bandit4.html
The password is stored in a hidden file in the inhere directory. I ran ls
to see what files and directories there are and then I ran cd
to move into the inhere folder.
All hidden files and folders in Linux are stored with a dot in front of their name. If we take a look at the man page for ls
which we can do by running man ls
we see that the -a
parameter specifies ls
to list all files.
...
-a, --all
do not ignore entries starting with .
...
So we can run ls -a
to see all of the files including the hidden ones.
bandit3@bandit:~/inhere$ ls -a
. .. .hidden
The hidden file is named .hidden and after running cat .hidden
we get the password like so:
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
Username: bandit4 Password: pIwrPrtPN36QITSp3EQaw936yaFoFgAB
Bandit 5
http://overthewire.org/wargames/bandit/bandit5.html
The password for the next level is stored in the only human-readable file in the inhere directory.
So we cd
into the inhere directory and ls -al
to give us a long listing -l
and list all files -a
parameters.
bandit4@bandit:~/inhere$ ls -al
total 48
drwxr-xr-x 2 root root 4096 May 7 2020 .
drwxr-xr-x 3 root root 4096 May 7 2020 ..
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file00
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file01
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file02
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file03
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file04
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file05
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file06
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file07
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file08
-rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file09
Okay so as you might imagine we could cat
each file until we finally got the output we desired but programatically there’s a better way. But first let me introduce you to the file
command. This nifty little guy tells us what type of file we’re dealing with if we pass it the file name. Let’s test this:
bandit4@bandit:~/inhere$ file ./-file00
./-file00: data
Okay so this file is considered a data file type. Now that we know how to determine file types we just need to run this command on each file name one by one right? True we could but again there’s a better way. Let’s pass a wildcard to the file
command and see what happens this time. A wildcard matches any character zero or more times and is usually referenced by using the * (asterisk) character.
bandit4@bandit:~/inhere$ file ./-file0*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
So using the wildcard on the last character of the filename began matching on every file in the directory. Now you can see an odd ball sticks out amongst the rest of the files. The filename -file07
is the only file with type ASCII text. Let’s cat
that file and see what we get:
bandit4@bandit:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
Username: bandit5 Password: koReBOKuIDDepwhWk7jZC0RTdopnAYKh