This time the first IT-Security related article. In this first part of the OverTheWire Bandit Walkthrough, I will help you get through the challenges.
The OverTheWire Bandit exercises are geared towards beginners and it’s a great to start your journey into penetration testing or ethical hacking (this will be one of the few times you hear me mentioning “ethical hacking”, I really don’t like the term, let’s use the term white hat hacking instead…).
The prerequisites for this exercise are that you got an installed version of Linux or a terminal simulator like putty.
Let’s head over the OverTheWire and get started.
I will use Linux Mint for those exercises. Please remember to write down the passwords for each level, in case you want to continue later, otherwise, you have to start from the beginning again.
Level 0
SSH into Bandit 0 via terminal
ssh bandit.labs.overthewire.org -l bandit0
Confirm the warning with yes and enter the password
bandit0
That’s it, first challenge done. Now you know how to connect to a server via SSH.
Level 0 – Level 1
The password is stored in a file named readme in the home directory.
ls
The readme file is there
cat readme
You can read the password to the next level.
exit
Level 1 – Level 2
ssh bandit.labs.overthewire.org -l bandit1
Enter password
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
The password for the next level is stored in a file called – located in the home directory.
cat -
won’t work for dashed filenames. We have to use this command instead:
cat /home/bandit1/-
Password
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
exit
Level 2 – Level 3
Log in to level 2
ssh bandit.labs.overthewire.org -l bandit2
The password for the next level is stored in a file called spaces in this filename located in the home directory.
Same as with the dashed filename, we need to include the path to cat.
cat /home/bandit2/spaces\ in\ this\ filename
The password for level 3 is revealed
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
exit
Level 3 – Level 4
Log in to Bandit3.
The password for the next level is stored in a hidden file in the inhere directory.
ls
Shows us nothing. We need to use
ls -A
instead to reveal the file .hidden
cat ~/inhere/.hidden
reveals the password to level 4.
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
Level 4 – Level 5
Log in to Level 4 using the credentials from the last step.
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
So there are multiple ways to do that, one approach would have been to use
cat ~/inhere/-file*
Which would return a lot of garbage but also the password.
There’s a little hint, it says “…the only human-readable file..” so we should be able to somehow find the human-readable file. We can find it using
find /home/bandit4/inhere/ | xargs file | grep text
This will show us the only human readable file in this folder including ASCII Text, which is -file07.
cat ~/inhere/-file07
reveals the password to Level 5
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
Level 5 – Level 6
Connect to Bandit5
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties: – human-readable – 1033 bytes in size – not executable
So this time we got more variables to the equation. The file is human readable, 1033 bytes in size and not executable.
Also, it is stored in one of many folders inside of ~/inhere/
If we just use the find command of our last exercise, we will now get many human-readable files returned, so we need to be more specific in our search.
For this task we can use:
find /home/bandit5/inhere/ -type f -size 1033c
The size-suffix c means bytes. In this case, we get the correct file displayed. If there would be more files with exactly the same size of 1033, we could utilize the command from the exercise before like this
find /home/bandit5/inhere/ -type f -size 1033c |xargs file | grep text
So we could sort out only human-readable text files as well.
The file we are searching for hides here:
/home/bandit5/inhere/maybehere07/.file2
A cat reveals the password to Level 6
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
To be continued…..