MEGANUKE

Bandit an Over The wire wargame (Writeup) Part 1

Over The Wire is a great place to play a wargame and learn how to improve an sharpen your cybersecurity skills. Today we are describing how to play Bandit A cool basic game that will teach us several basic commands and maybe will prove our levels or knowledge.
Over the wire is a great place to play a wargame and learn how to improve an sharpen your cybersecurity skills. Today we are describing how to play Bandit A cool basic game that will teach us several basic commands and maybe will prove our levels or knowledge. Without much to say lets start playing the game.

Level 0:
in order to start level you'll have to learn how to connect to a computer using SSH (Secure Shell). for this particular level we need to use the command "ssh -p 2220 bandit0@bandit.labs.overthewire.org" after connecting we can use ls to list files in the place, we find a file called readme. To read the file we can use the cat command and we find the password for the first level.

Level 1:
For the second level we find a file called "-" which we can't simply cat. In order to read the file we need to use the command "cat ./-" that way we get the password for the second level.

level 2:
This level uses the same logic at the the first two levels, we need to find a way to read the file, in this ocassion the file has spaces in its name. So we need to investigate a way to read files who contain spaces. Doing so we will get the password for the next level.

Level 3
Here we can find a little bit more of job to be done. First we get a directory which we need to get into. After that we need to find a way to show hidden files. If we find the hidden file we can read it and it will get us the password for the next level.

Level 4:
For this level we can start using a little of bash scripting in order to make things faster. Inside a directory we can find several files in which one of them has the passwords, the others are decoys. We can try reading file by file, and altough is a valid an foolproof way, we will lost a lot of time. A better approach is to create a really simple loop to read every single file and only cat the one that contains the password. The command I used here was for f in ./-file0*; do x=$( file $f | awk '{print$2}'); if [[ $x == "ASCII" ]]; then cat $f; fi; done. Cool huh?

Level 5:
Here I spend a lot of time in a rabbit hole just to understand I was looking at the problem from a totally different perspective. It was really easy once I read the tip. Here you just have to find a way to find the correct file. Easy as that.

Level 6:
This one was relatively easy after the last one, with a couple of commands we can get the password for the next file. The command is find / -size 33c -user bandit7 -group bandit6 2>/dev/null Explaining: We look in the whole filesystem for a file of 33 bytes in size, owned by bandit7 in a group called bandit6. Pretty straightforward.

Level 7:
Easy one as well. The password is stored in a large text file containing 98567. Is a large file and it will be terrible to try each password. The tip says the password is located in a line containing the word millionth. So using grep we can get the exact line. the command is cat data.txt | grep "millionth" and we get the password right away.

Level 8:
This one starts to use another pair of commands. sort and uniq. The password is in a file called data.txt which contains tons of repeated lines an only a single occurence of the password. In order to get the single ocurrence we have to take two steps as the uniq command is useless in an unorganized file. First we sort the list to join all matching lines and then we can get the single occurence by using uniq. The specific command will be your job to find ;)

Level 9:
Here it starting to take a few steps in difficulty as we need to start coupling commands. The password here is somewhere in the file called data.txt which is filled with random data. it says the password is prepended with equal signs. So if we use the strings command we can first get the human readable data, and then grep to find lines starting with the equal sign.

Level 10:
This one is really cool. we have a file called "data.txt", but is just gibberish. If we do some research we can tell that string is base64 encoded, so, if decoded we get the password for the next level.

Level 11:
Cool again! This one is also a encoded file, by decoding it you will get the password. It's up to you to find the type of encoding.

Level 12:
This level is a little bit more complicated. You have a file which has been compressed many times. Your job is to find a way to uncompress it. By doing it you will get the password for the next level. You will have to use a couple of new commands such as gunzip, tar, bunzip, etc. Be sure to read the man pages to know how to use them.

Level 13:
Level 13 is easy, you just need to connect to another machine as the user for the next level. The way to do it is by using ssh to connect to the localhost and read the password to the next level. Reading the tips you will know where the password is located and who the user is.

Level 14:
This is a cool level. We need to connect to a specific port using netcat to retrieve the password for the next level. The way to do it is by using echo "password" | nc localhost 30000. This way we will connect with the same machine to the specified port and echo to that port the text you used.

Level 15:
Here we start to use more complicated commands. Here we need to connect through SSL to localhost and send information to it in order to retrieve the next level password. The command used is openssl s_client -connect "host:port" and then send the previous level password. I thought we can pipe an echo command and send the information that way, but that wasn't working. Weird.

Level 16:
This one was a little tricky because I first thought I could only solve it with netcat and specific port with openssl. But the trick was you can't find the port unless you try to connect to it with SSL from the beginning. After changing a little bit the loop and used openssl instead of nc I was able to get the port and the password.

Level 17:
This level was really easy as you just have to use the diff command in order to locate the difference between the two files. Doing that we get the password for the next level.

This is it for the first part of the Writeup. In the next post I will write about the other 17 levels.

MEGANUKE

Published on 4 April 2022

Return to Homepage

You can find me at:

Twitter Youtube Github Soundcloud