OverTheWire Bandit Levels 0-5

“The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.”

Enter OverTheWire Bandit

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

ssh -p 2220 bandit0@bandit.labs.overthewire.org

Level 0

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

bandit0@bandit:~$ ls
readme
bandit0@bandit:~$ cat readme
<PASSWORD>
bandit0@bandit:~$ ssh bandit1@localhost
bandit1@localhost's password:

Level 1

The password for the next level is stored in a file called - located in the home directory

bandit1@bandit:~$ ls
-
bandit1@bandit:~$ cat ./-
<PASSWORD>
bandit1@bandit:~$ ssh bandit2@localhost
bandit2@localhost's password:

Level 2

The password for the next level is stored in a file called spaces in this filename located in the home directory

bandit2@bandit:~$ ls
spaces in this filename
bandit2@bandit:~$ cat ./"spaces in this filename"
<PASSWORD>
bandit2@bandit:~$ ssh bandit3@localhost
bandit3@localhost's password:

Level 3

The password for the next level is stored in a hidden file in the inhere directory.

bandit3@bandit:~$ cd inhere/
bandit3@bandit:~/inhere$ ls -a
.  ..  .hidden
bandit3@bandit:~/inhere$ cat .hidden
<PASSWORD>
bandit3@bandit:~/inhere$ ssh bandit4@localhost
bandit4@localhost's password:

Level 4

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

bandit4@bandit:~$ ls
inhere
bandit4@bandit:~$ cd inhere/
bandit4@bandit:~/inhere$ ls
-file00  -file02  -file04  -file06  -file08
-file01  -file03  -file05  -file07  -file09
bandit4@bandit:~/inhere$ for i in $(ls); do file ./"$i"; done
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@bandit:~/inhere$ cat ./"-file07"
<PASSWORD>
bandit4@bandit:~/inhere$ ssh bandit5@localhost
bandit5@localhost's password:

Level 5

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

• human-readable
• 1033 bytes in size
• not executable

bandit5@bandit:~$ ls
inhere
bandit5@bandit:~$ find inhere/ -type f -size 1033c -readable ! -executable
inhere/maybehere07/.file2
bandit5@bandit:~$ cat inhere/maybehere07/.file2
<PASSWORD>
bandit5@bandit:~$ ssh bandit6@localhost
bandit6@localhost's password:

Continue to OverTheWire Bandit Levels 6-10