OverTheWire : Bandit Challenge
What is it exactly ?
The Bandit wargame from OverTheWire is designed as a hands-on, practical learning environment for individuals who are new to cybersecurity and want to enhance their command line, Linux, and hacking skills. Here's an elaboration on the key aspects:
- Target Audience: Absolute Beginners: The game is specifically tailored for individuals who are just starting their journey in cybersecurity. It assumes little to no prior knowledge of command line usage or Linux systems.
-
Connection via SSH: SSH (Secure Shell): Users connect to the game servers using SSH, a secure protocol for accessing remote systems. This helps simulate real-world scenarios where administrators and hackers often manage systems remotely.
Command Line Skills Improvement: Hands-On Learning: Users are provided with a series of levels, each presenting a different challenge or puzzle. To progress, participants need to solve these challenges using command line instructions. This hands-on approach allows users to immediately apply and reinforce their knowledge.
-
Linux Skills Enhancement: Focused on Linux: The challenges in Bandit are set up on Linux servers. Participants learn and apply Linux commands and concepts, which are fundamental for anyone working in the field of cybersecurity, as Linux is widely used in server environments.
-
Progressive Learning: Sequential Levels: The challenges are organized into levels of increasing difficulty. Participants start with basic tasks and gradually move on to more complex scenarios. This progressive structure allows for a smooth learning curve, ensuring that users build upon their skills as they advance through the game.
If you get stuck somewhere , Below is a Walkthrough for the Challenge
Level 0
$ssh bandit0@bandit.labs.overthewire.org -p 2220
bandit0
Level 1
$ssh bandit1@bandit.labs.overthewire.org -p 2220
NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
$cat ./-
Level 3
$ssh bandit3@bandit.labs.overthewire.org -p 2220
aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
$ls -al
$cat .hidden
Level 4
$ssh bandit4@bandit.labs.overthewire.org -p 2220
2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
$file ./-file0*
$cat ./-file07
Level 5
$ssh bandit5@bandit.labs.overthewire.org -p 2220
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
$find -type f -size 1033c ! -executable
$cat ./maybehere07/.file2
Level 6
$ssh bandit6@bandit.labs.overthewire.org -p 2220
P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
$find -type f -size 33c -group bandit6 -user bandit7
$cat ./var/lib/dpkg/info/bandit7.password
Level 7
$ssh bandit7@bandit.labs.overthewire.org -p 2220
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
$cat data.txt | grep "millionth"
Level 8
$ssh bandit8@bandit.labs.overthewire.org -p 2220
TESKZC0XvTetK0S9xNwm25STk5iWrBvP
$cat data.txt | sort | uniq -u -c
Level 9
$ssh bandit9@bandit.labs.overthewire.org -p 2220
EN632PlfYiZbn3PhVK3XOGSlNInNE00t
$strings data.txt | grep ===*
Level 10
$ssh bandit10@bandit.labs.overthewire.org -p 2220
G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s
$cat data.txt | base64 -d
Level 11
$ssh bandit11@bandit.labs.overthewire.org -p 2220
6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM
//use ROT13 decryter on google
Level 12
$ssh bandit12@bandit.labs.overthewire.org -p 2220
JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv
$xxd -r f1 > f2
$mv f2 f2.gz
$gzip -d f2.gz
$mv f2 f3.bz2
$bzip2 -d f3.bz2
$mv f3 f4.gz
$gzip -d f4.gz
$mv f4 f4.tar
$tar -xf f4.tar
$mv data5.bin f5.tar
$tar -xf f5.tar
$mv data6.bin f6.bz2
$bzip2 -d f6.bz2
$mv f6 f6.tar
$tar -xf f6.tar
$mv data8.bin f7.gz
$gzip -d f7.gz
$cat f7
Level 13
$ssh bandit13@bandit.labs.overthewire.org -p 2220
wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw
$ssh -i sshkey.private bandit14@localhost -p 2220
$cat /etc/bandit_pass/bandit14
Level 14
$ssh bandit14@bandit.labs.overthewire.org -p 2220
fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq
$nc localhost 30000
fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq
Level 15
$ssh bandit15@bandit.labs.overthewire.org -p 2220
jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt
$openssl s_client localhost:30001
Level 16
$ssh bandit16@bandit.labs.overthewire.org -p 2220
JQttfApK4SeyHwDlI9SXGR50qclOAil1
$nmap localhost -p 31000-32000
$openssl s_client localhost:31790 //tried all open ports from the nmap scan
// entered current level passwd and in response got ssh private key
$mkdir /tmp/barry
$touch pass
$vim pass
// pasted the rsa_key
$chmod 600 pass
$ssh -i pass bandit17@localhost -p 2220
$cat /etc/bandit_pass/bandit17
Level 17
$ssh bandit17@bandit.labs.overthewire.org -p 2220
VwOSWtCA7lRKkTfbr2IDh6awj9RNZM5e
$diff passwords.old passwords.new
Level 18
$ssh bandit18@bandit.labs.overthewire.org -p 2220
hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg
//upon login got kicked out
$ssh bandit18@bandit.labs.overthewire.org -p 2220 "cat readme"
Level 19
$ssh bandit19@bandit.labs.overthewire.org -p 2220
awhqfNnAbc1naukrpqDYcF95h7HoMTrC
$./bandit20-do cat /etc/bandit_pass/bandit20
Level 20
$ssh bandit20@bandit.labs.overthewire.org -p 2220
VxCazJaVykI6W36BkBU0mJTCM8rR95XT
$echo "VxCazJaVykI6W36BkBU0mJTCM8rR95XT" | nc -lvp 1234
// open new terminal
$./suconnect 1234
Level 21
$ssh bandit21@bandit.labs.overthewire.org -p 2220
NvEJF7oVjkddltPSrdKEFOllh9V1IBcq
$cd /etc/cron.d/
$cat cronjob_bandit22
$cat /usr/bin/cronjob_bandit22.sh
$cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Level 22
$ssh bandit22@bandit.labs.overthewire.org -p 2220
WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
$cd /etc/cron.d
$cat cronjob_bandit23
$cat /usr/bin/cronjob_bandit23.sh
$echo I am user bandit23 | md5sum | cut -d ' ' -f 1
$cat /tmp/8ca319486bfbbc3663ea0fbe81326349
Level 23
$ssh bandit23@bandit.labs.overthewire.org -p 2220
QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G
$cat /usr/bin/cronjob_bandit24.sh
$mkdir /tmp/john
$chmod 777 /tmp/john
nano s.sh
#!/bin/bash
cat /etc/bandit_pass/bandit24 > /tmp/john/pass.txt
$chmod +x s.sh
$cat /tmp/john/pass.txt
Level 24
$ssh bandit24@bandit.labs.overthewire.org -p 2220
VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
$mkdir /tmp/john
$cd /tmp/john
$nano hammer.sh
#!/bin/bash
for i in {9999..000}
do
echo "VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar $i"
done
$chmod +x hammer.sh
$./hammer.sh > brute.txt
$cat brute.txt | nc localhost 30002
Level 25
$ssh bandit25@bandit.labs.overthewire.org -p 2220
p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
we used the ssh key that we find on the home dir
and try to ssh into bandit26 while also making the terminal smaller in the size
so the we can buffer the output usind " More"
then we used "v" to open vim editor
then , :r cat /etc/bandit_pass/bandit26
and voila xD
Level 26
$ssh bandit26@bandit.labs.overthewire.org -p 2220
c7GvcKlw9mC7aUQaPx7nwFstuAIBw1o1
making the terminal smaller in the size
so the we can buffer the output usind " More"
then we used "v" to open vim editor
then , :set shell=/bin/bash
then , :shell and we get a bash shell
$ ./bandit27-do cat /etc/bandit_pass/bandit27
and voila
Level 27
$ssh bandit27@bandit.labs.overthewire.org -p 2220
YnQpBuifNMas1hcUFk70ZmqkhUU2EuaS
$git clone ssh://bandit27-git@localhost:2220/home/bandit27-git/repo
$cd repo
$cat README
Level 28
$ssh bandit28@bandit.labs.overthewire.org -p 2220
AVanL161y9rsbcJIsFHuw35rjaOM19nR
$cd repo
$git log
$git show [the second last hash from the log output]
Level 29
$ssh bandit29@bandit.labs.overthewire.org -p 2220
tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
after cloning the repo
change branch
$git branch -a // to list available branches
$git checkout dev
$git log
$git show [first hash from log]
Level 30
$ssh bandit30@bandit.labs.overthewire.org -p 2220
xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
after cloning repo
$cd .git
$cat packed-refs
$git show [the second hash in the packedref o/p ]
Level 31
$ssh bandit31@bandit.labs.overthewire.org -p 2220
OoffzGDlzhAlerFJ2cAiz1D41JW1Mhmt
after cloning the repo
$echo "May I come in?" >key.txt
$git add key.txt -f
$git commit -m "yeah"
$git push
Level 32
$ssh bandit32@bandit.labs.overthewire.org -p 2220
rmCBvG56y58BXzv98yZGdO7ATVL5dW8y
$0
$cat /etc/bandit_pass/bandit33
Level 33
$ssh bandit33@bandit.labs.overthewire.org -p 2220
odHo63fHiFqcWWJG9rLiLDtPm45KzUKy
Level 34
GG WP