Introduction
This is part one of our OverTheWire Bandit spoiler-free series, covering the first ten levels. If you’re interested in cybersecurity but not sure how to start with Bandit, this is written especially for you, and it’s what I wish I had back when I first started out.
When I was working through these levels, I was frequently frustrated. Sometimes the level solution felt contrived and dependent on obscure options of commands that you’d never use again. Sometimes I wish the listed commands had accompanying usage, to make for a nicer learning experience. I hope, by writing this little companion guide, I can help those who feel the same.
In this guide, I assume you’re familiar with the basics of using the terminal (navigating with cd, reading files with cat, etc.). If you’re not, I recommend reading through this guide by DigitalOcean to get started.
Is Bandit suitable for me?
Bandit contains 33 levels on the following topics:
- filesystems, such as finding files and dealing with hexdumps
- shell basics
- simple scripting
- networking (
ssh,telnet, etc.) - common command line utility programs (
strings,git, etc.)
If you could use a refresher on the above subjects, definitely attempt Bandit.
Otherwise, if you have lived in the terminal for years and are interested in OverTheWire wargames, I’d suggest you skip Bandit and instead pick:
- Natas, if you’re after web security challenges
- Leviathan, for a challenge more along the lines of Bandit, with general command line work and some reverse engineering
SSH Tips
In the course of Bandit, you’ll be logging into their SSH server over thirty times. Instead of typing this every time (like I did years ago…):
ssh bandit0@bandit.labs.overthewire.org -p 2220With some extra config, you can shorten the comand to:
ssh bandit0@banditAnd here’s the config for it:
Host bandit
HostName bandit.labs.overthewire.org
Port 2220It’s usually stored in ~/.ssh/config.
Level 0
Goal: log into level0 on bandit.labs.overthewire.org.
Hint: how to use SSH
ssh <username>@<ip address or hostname>And if the SSH service isn’t listening on the conventional port 22, then you’d need to append -p <port>.
Level 0 → Level 1
Goal: read the readme file in the home directory.
Level 1 → Level 2
Goal: read the - file in the home directory.
Hint: how to refer to files with special characters in the name
In bash, - represents the standard input. So if you execute cat -, cat will obediently listen for your input. What you need is to specify the full path of the file. Just putting the file name in quotes is not enough.
If you’re curious about standard input (and output & error), see this article.
Level 2 → Level 3
Goal: read the file named “spaces in this filename”.
Hint: how to refer to files with spaces in the name
One easy way is to hit the tab key and have your autocompletion insert backslashes right before the spaces. Another way is to use double quotes around the whole filename.
Level 3 → Level 4
Goal: read the hidden file in the directory inhere.
Level 4 → Level 5
Goal: read the only human-readable file in the directory inhere.
Hint: the file command
The file command tells you the type of file you’re specifying, which is very useful when you’re dealing with unfamiliar files from unknown sources. Try file <some jpg> and file <some js file> to see what the outputs look like.
For example, when examining a text file with file notes.txt, the output is ./notes.txt: ASCII text.
Hint (what am I looking for?)
You’re looking for the file that is actually ASCII text and not data.
Hint (is there a way to do it in one line?) (spoiler)
file ./*.
For reference, the . refers to the current directory, and the * (the wildcard) matches any character. For example, rm * removes all files in the current directory (except hidden files, i.e. files that start with .).
Level 5 → Level 6
Goal: find a file within numerous directories that is:
- human-readable
- 1033 bytes in size
- not executable
Definitely look up all the options available for ls and du with man ls and man du. Given that we’re provided with a very specific size (1033), it’d be easy to first list every file size then search directly for that number with grep!
Hint (du shows me wrong sizes)
Try using -b with it. It shows the sizes in bytes instead.
Level 6 → Level 7
Goal: find the file somewhere on the server that is:
- owned by user
bandit7 - owned by group
bandit6 - 33 bytes in size
Whenever you need to find files that fulfill certain requirements such as ownership and permissions, find is a robust choice. I recommend you look up find with man find and learn about all its options.
Hint (how to find by group)
find -group <group>
Hint (how to find by user)
find -user <user>
Hint (where do I look for the file?)
You can start with /.
Level 7 → Level 8
Goal: find the line containing the word “millionth” (without the quotes of course) in the data.txt file.
If you’re not familiar with grep yet, this is the level for you to learn about it! Use grep whenever you need to find some text within some files.
For example, suppose you’ve just finished writing a feature in your web app and want to make sure that you didn’t leave any of the console.log lines in. You can simply run cat * | grep console. It prints out all the files in the current directory and shows you all the lines that contain “console”.
Level 8 → Level 9
Goal: find the only unique line in the data.txt file.
If you’re not familiar with piping and redirecting, definitely read the linked article in the official level page. This concept is crucial for any kind of command line work. And for this level, I’d recommend you read up on sort and uniq on the man page!
Hint (how does sort work?)
sort takes in a file either through the argument or the standard input and rearranges all lines in the file in order. For example, in this file called file.txt we have
elixir
haskell
1
2
rubyWhen we execute sort file.txt, it outputs
1
2
elixir
haskell
rubyHint (how does uniq work?)
uniq takes in a file and outputs unique lines, omiting duplicates. For example, in this file called birds we have
myna
myna
humming bird
humming bird
humming bird
dodoWhen we execute uniq birds, it outputs
myna
humming bird
dodoYou will find the -c option very useful, as it reports the number of times a line has occurred. uniq -c birds outputs
2 myna
3 humming bird
1 dodoWith this knowledge, you’re ready to solve this level!
Level 9 → Level 10
Goal: find the password in one of the only human-readable lines in the data.txt file, preceded by several = characters.
When we examine the file with head data.txt, we can see that most of the file is binary data and not human-readable. Whenever you need to find human-readable strings in binary data, strings is your best friend. It’s very useful in reverse engineering, CTF games, and exploit development.
Hint (strings outputs too many lines!)
Try the -n option, which only outputs strings of a minimum length that you specifiy. You can also try combining strings with grep, since we know that the password is preceded by many = characters.
Conclusion
We’ll be covering levels 10 to 19 in the next article. Hope you’ve enjoyed Bandit so far!
If you like my approach to CTF guides, maybe you’d like my fun & interactive cybersec courses too :)