over-the-wire-bandit-solutions-cover

Table of Contents

Levels Password

LevelPassword
00bandit0
01boJ9jbbUNNfktd78OOpsqOltutMc3MY1
02CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
03UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
04pIwrPrtPN36QITSp3EQaw936yaFoFgAB
05koReBOKuIDDepwhWk7jZC0RTdopnAYKh
06DXjZPULLxYr17uwoI01bNLQbtFemEgo7
07HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
08cvX2JJa4CFALtqS87jk27qwqGhBM9plV
09UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
10truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Levels Explanation

Level: 00

Level Goal
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Commands you may need to solve this level
ssh

Helpful Reading Material

Solution Login using Following Command

ssh bandit@bandit.labs.overthewire.org -p 2220

After Successful Login Read Level 00 → 01

Level: 00 → 01

Level Goal
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Commands you may need to solve this level
ls, cd, cat, file, du, find

Helpful Reading Material

  • None
Solution

Use ls to list items, You will see File named readme. simply output it using

cat readme

🔑 Key For next Level

boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Now Move to Next Level…

Level: 01 → 02

Level Goal
The password for the next level is stored in a file called  located in the home directory

Commands you may need to solve this level
ls, cd, cat, file, du, find

Helpful Reading Material

Solution

Use ls to list items, you will see a file named -. To open such special files we use

cat ./-

🔑 Key For next Level

CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Now Move to Next Level…

Level: 02 → 03

Level Goal
The password for the next level is stored in a file called spaces in this filename located in the home directory

Commands you may need to solve this level
ls, cd, cat, file, du, find

Helpful Reading Material

Solution

Use ls , You will find file named spaces in this file .To open Such files (spaces in names) we use following way

cat spaces\ in\ this\ filename

🔑 Key For next Level

UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Now Move to Next Level…

Level: 03 → 04

Level Goal
The password for the next level is stored in a hidden file in the inhere directory.

Commands you may need to solve this level
ls, cd, cat, file, du, find

Helpful Reading Material

  • None

Solution

1st Use ls inhere -a You will find named .hidden in folder inhere Now read hidden file using

cat inhere/.hidden

bandit-level-3-to-4

🔑 Key For next Level

pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Now Move to Next Level…

Level: 04 → 05

Level Goal
The password for the next level is stored in the only human-readable file in the inhere directory.

Tip: if your terminal is messed up, try the “reset” command.

Commands you may need to solve this level
ls, cd, cat, file, du, find

Helpful Reading Material

  • None

Solution

Use ls inhere  to navigate to the folder and use following command to get types to all files (We are Looking for Human Readable ASCII file).

file — *

over-the-wire-bandit-level-4-to-5

🔑 Key For next Level

koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Now Move to Next Level…

Level: 05 → 06

Level Goal

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

Commands you may need to solve this level
ls, cd, cat, file, du, find

Helpful Reading Material

  • None

Solution

Use du with following flags / switches -a and -b inside inhere folder.

-a, --all : write counts for all files, not just directories

-b, –bytes : give bytes

Command will be,

du -a -b

Then, Now Look for file with 1033 bytes of data and password will be inside it. So Type,

cat ./maybehere07/.file2

over-the-wire-bandit-level-5-to-6

🔑 Key For next Level

DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Now Move to Next Level…

Level: 06 → 07

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

Advertisement

  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size

Commands you may need to solve this level
ls, cd, cat, file, du, find, grep

Helpful Reading Material

  • None

Solution

Go to Root by following command "cd /"

now search for file by its size, user and group by following

find . -size 33c -group bandit6 -user bandit7

Among lots to Permission denied error We will Found a file named in bandit7.password in location ./var/lib/dpkg/info/

Output it by simply using

cat ./var/lib/dpkg/info/bandit7.password

over-the-wire-bandit-level-6-to-7

🔑 Key For next Level

HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Now Move to Next Level…

Level: 07 → 08

Level Goal

The password for the next level is stored in the file data.txt next to the word millionth

Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Helpful Reading Material

  • None

Solution

we can get password by using grep search for term millionth, Like this

grep “millionth” data.txt

See Below

over-the-wire-bandit-level-7-to-8

🔑 Key For next Level

cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Now Move to Next Level…

Level: 08 → 09

Level Goal

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Helpful Reading Material

Solution

First sort the data then use uniq -c to get count. (without sorting, we won’t be able to count the repeating terms)

So command will be,

sort data.txt | uniq -c

See Below

over-the-wire-bandit-level-8-to-9

🔑 Key For next Level

UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Now Move to Next Level…

Level: 09 → 10

Level Goal

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Helpful Reading Material

  • None

Solution

we can use strings to show only Human-Readable Data and we can then use grep to search for === (as given that password is preceded by several ‘=’ characters.)

So, Using Following Command

strings data.txt | grep “===”

See Below

over-the-wire-bandit-level-9-to-10

🔑 Key For next Level

truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Now Move to Next Level…

Level: 10 → 11

Level Goal

The password for the next level is stored in the file data.txt, which contains base64 encoded data.

Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Helpful Reading Material

Solution

The Data is encoded with base64 so to decode we can use following command

base64 -d data.txt

See Below

over-the-wire-bandit-level-10-to-11

🔑 Key For next Level

IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

Now Move to Next Level…