OverTheWire - Bandit Challenges

To connect use

ssh bandit-level-@bandit.labs.overthewire.org -p 2220

Bandit 0

Command:

ssh bandit0@bandit.labs.overthewire.org -p 2220

Explanation:

For level 0 Connect to the Bandit game server over SSH on port 2220.

Password: `Achived`

Bandit 0➔1

Steps:

ls
cat readme

Explanation:

ls: Lists files in the directory.
cat: Concatenate the contents of ther files.

Password: Achived

Bandit 1➔2

Steps:

ls -la
cat < -

or use cat ./-

Explanation:

ls -llah: Shows all files (including Hidden) and with size in long listing form
Both cat ./- or cat < -: - can be used.

Password: Achived

Bandit 2➔3

Steps:

ls
cat spaces\ in\ this\ filename

Explanation:

Filename has spaces. Escape them using \ to read it with cat.

Password: Achived

Bandit 3➔4

Steps:

ls
cd inhere
ls -llah
cat .hidden-file-name

Explanation:

The flag is inside inhere directory. Access using cd
ls -llah to see hidden files ...Hiding-From-You.
Use cat concatenate

Password: Achived

Bandit 4➔5

Steps:

cd inhere
ls -llah
cat ~/inhere/-file07

Explanation:

Can be accessed using absoluten adderss to the file

Password: Achived

Bandit 5➔6

Steps:

find ~/inhere -type f -size 1033c -print

Explanation:

maybehere07 had the file called .file2
Access using cat

Password: Achived

Bandit 6➔7

Steps:

find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
or 
find / -user bandit7 -group bandit6 -size 33c -print

Explanation:

Search / for ther required file owned by bandit7 and group bandit6, of size 33 bytes with allowed permissions.
Suppress errors with 2>/dev/null. Only shows files with allowed permissions.
File was var/lib/dpkg/bandit.password

Password: Achived

Bandit 7➔8

grep -r millionth .

Explanation:

-r searchs recurssively for the string “millionth” in the current directory.

Password: Achived

Bandit 8➔9

sort Data.txt | uniq -c | sort -nr

Explanation:

sort Data.txt - all lines are arranged in alphabetic order
Uniq -c - Counts each ouccrrnce
sort -nr - arranges in numeric order (accending) and -r to reverse to make it inverted (decending),

Password: Achived

Bandit 9➔10

Steps:

ls -llah
grep -a ==== data.txt

Explanation:

-a - for binary files to be proccessed as a text file. data.txt

Password: Achived

Bandit 10➔11

Steps:

strings data.txt
strings data.txt | base64 -d

Explanation:

-d - to decode base64 encoded contents of data.txt.

Password: Achived

Bandit 11➔12

file data.txt => ASCII TEXT
strings data.txt

Then using rot13.com to get the flag.

Explanation:

ROT13 cipher is a type of Caesar shift. Used for encryption in the past days.

Password: Achived

Bandit 12➔13

mktemp -d => `/tmp/tmp.4C3plgulef`
cd /tmp/tmp.4C3plgulef
cp ~/data.txt ./bot.txt
mv bot.txt data.txt

xxd -r data.txt data1.txt
file data1.txt => `gzip`

cp data1.txt data2.gz
gzip -d data2.gz => `data2`

file data2 => `bzip2`
cp data2 data3.bz2 && ls

bzip2 -d bata3.bz2 => `data3`
file data3 => `gzip`\

cp data3 4data.gz
gzip -d 4data.gz => `4data`
file 4data => `tar`

xxd 4data | head -50
cp 4data 5data.tar

tar -xf 5data.tar => data5.bin
ls -llah
file data5.bin => `tar`

xxd data5.bin | head -50
cp data5.bin 6data.tar
tar -xf 6data.tar => `data6.bin`
ls -llah
file data6.bin => `bzip2`

cp data6.bin 7data.bz2
bzip2 -d 7data.bz2 => 7data
file 7data => `tar`

cp 7data 8data.tar
tar -xf 8data.tar => data8.bin
ls -llah
file data8.bin => `Gzip`
cp data8.bin 9data.gz

gzip -d 9data.gz => 9data
ls && file 9data => `ASCII` `TEXT`

cp 9data final_password

strings final_password

Password: Achived

Bandit 13➔14

After logging in

cat /ect/bandit_pass/bandit14 => `permission_denied`
ls -llah => `SSHkey.private`

ssh -i sshkey.private bandit14.localhost -p 2220


@bandit14~> cat /ect/bandit_pass/bandit14

Password: `Achived`

Bandit 14➔15

nc localhost 30000

Explanation:

nc (netcat) connects to a local TCP service to read the next password.

Password: Achived

Bandit 15➔16

Steps:

openssl s_client -connect localhost:30001

ncat -ssl localhost 30001

Explanation:

TLS-encrypted service - a secure network connection protocol that encrypts data to protect privacy, authentication, and data integrity.

Password: Achived

Bandit 16➔17

nmap localhost -p 31000-32000

Gave 5 open ports

Out of which

-31790
-31518

Gave the Private key

It can be save in a tmp folder

mktemp -d
cd /tmp/tmp.NA9YDpZ0Mz
vim private.key <= `paste_the_private_key`

and the give the key by

ssh -i private.key bandit17@bandit.labs.overthewire.org -p 2220

To get the password.

All The Passwords-

Bandit 0 - Bandit0
Bandit 0->1 - ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If
Bandit 1->2 - 263JGJPfgU6LtdEvgfWU1XP5yac29mFx
Bandit 2->3 - MNk8KNH3Usiio41PRUEoDFPqfxLPlSmx
Bandit 3->4 - 2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJ
Bandit 4->5 - 4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw
Bandit 5->6 - HWasnPhtq9AVKe0dmk45nxy20cvUa6EG
Bandit 6->7 - morbNTDkSW6jIlUc0ymOdMaLnOlFVAaj
Bandit 7->8 - dfwvzFQi4mU0wfNbFOe9RoWskMLg7eEc
Bandit 8->9 - 4CKMh1JI91bUIZZPXDqGanal4xvAg0JM
Bandit 9->10 - FGUW5ilLVJrxX9kMYMmlN4MgbpfMiqey
Bandit 10->11 - dtR173fZKb0RRsDFSGsg2RWnpNVj3qRr
Bandit 11->12 - 7x16WNeHIi5YkIhWsfFIqoognUTyj9Q4i
Bandit 12->13 - FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn
Bandit 13->14 - MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS
Bandit 14->15 - 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
Bandit 15->16 - kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
Bandit 16->17 -

Bandit - OTW

OverTheWire - Bandit Challenges

Bandit 0

Password: Achived

Bandit 0➔1

Bandit 1➔2

Bandit 2➔3

Bandit 3➔4

Bandit 4➔5

Bandit 5➔6

Bandit 6➔7

Bandit 7➔8

Bandit 8➔9

Bandit 9➔10

Bandit 10➔11

Bandit 11➔12

Bandit 12➔13

Bandit 13➔14

Password: Achived

Bandit 14➔15

Bandit 15➔16

Bandit 16➔17

To get the password.

All The Passwords-

Password: `Achived`

Password: `Achived`