Over the past couple weeks, I have been digging deeper and deeper into the realm of penetration testing (or as many like to call it… hacking). I have been obsessively doing researching, practicing, and honing my basic level Linux skills, as well as expanding my toolset knowledge.

Just recently my school created an “Information Security Club”. It was mainly focused on teaching, and expanding student knowledge in the Information Security field, as well as introducing many to the hacking culture. The club recently decided to participate in the NCL (National Cyber League) which is an ongoing virtual training ground for collegiate students to develop, practice, and validate their cybersecurity skills using next-generation high-fidelity simulation environments.

The NCL is a CTF (Capture The Flag) based wargame where students (either teams or solo), compete against each other for points by exploiting security vulnerabilities. The NCL is a beginner based CTF that introduces students to the concept of CTF, while teaching and allowing practice of hacking skills.

During the time this club was created, I taught many students the basics of Information Security, as well as the basics of hacking. Though recently, I stumbled across overthewire.org, a wargaming site that allows you to practice your “elite hacking skillz”; and have been overly obsessed with it. I directed many of my students to this site, and asked them to start with “Bandit”. This was aimed to help them learn the basics of Linux and its commands; which we all know is an essential skill in the Pentest Field, and IT itself! Because let’s be honest… not a lot of IT Professionals have Linux skills!

The following solutions below, are to the first 10 levels of “Bandit”. Though I must state, please use the following solutions to learn and compare them with your own answers! If you are stuck on the level, use Google to research the question before you look at the solutions!

So… Let’s begin!

Level 0:

The Zero Level is pretty easy, it’s there to make sure that you can connect to the Bandit Lab. I will be using Linux for the following levels, all of the commands I use (following after the ~# and or ~$) are ran under the terminal. So familiarize yourself with it!

To get to level 0 we need to simply SSH into Bandit with the username: bandit0 and password: bandit0

root@kali:~# ssh bandit0@bandit.labs.overthewire.org

Congrats! You have accessed Bandit and are in the SSH Shell!

Level 0 -> 1:

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH to log into that level and continue the game.

bandit0@melinda:~$ ls
bandit0@melinda:~$ cat readme

Now, from here type exit and SSH back into the next level by running

root@kali:~# ssh bandit1@bandit.labs.overthewire.org

Remember, you must SSH into the next level after getting the password. So just replace the user name before the @ with the next level (Ex: bandit0@bandit.labs... will now be bandit1@bandit.labs..., and for the password, use what you attained from the previous level.

Level 1 -> 2:

The password for the next level is stored in a file called - located in the home directory

bandit1@melinda:~$ ls -a
-  .  ..  .bash_logout  .bashrc  .profile
bandit1@melinda:~$ cat ./-

Level 2 -> 3:

The password for the next level is stored in a file called spaces in this filename located in the home directory

bandit2@melinda:~$ dir
spaces\ in\ this\ filename
bandit1@melinda:~$ cat spaces\ in\ this\ filename

Level 3 -> 4:

The password for the next level is stored in a hidden file in the inhere directory.

bandit3@melinda:~$ ls
bandit3@melinda:~$ cd inhere
bandit3@melinda:~/inhere$ ls -a
.  ..  .hidden
bandit3@melinda:~/inhere$ cat .hidden

Level 4 - >5:

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

bandit4@melinda:~$ ls -a
.  ..  .bash_logout  .bashrc  .profile  inhere
bandit4@melinda:~$ cd inhere
bandit4@melinda:~/inhere$ ls -a
-file00  -file02  -file04  -file06  -file08  .
-file01  -file03  -file05  -file07  -file09  ..
bandit4@melinda:~/inhere$ file ./-*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@melinda:~/inhere$ cat ./-file07

Level 5 -> 6:

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties: - human-readable - 1033 bytes in size - not executable

bandit5@melinda:~$ ls
bandit5@melinda:~$ cd inhere
bandit5@melinda:~/inhere$ ls -a
.            maybehere02  maybehere06  maybehere10  maybehere14  maybehere18
..           maybehere03  maybehere07  maybehere11  maybehere15  maybehere19
maybehere00  maybehere04  maybehere08  maybehere12  maybehere16
maybehere01  maybehere05  maybehere09  maybehere13  maybehere17
bandit5@melinda:~/inhere$ find -type f -size 1033c
bandit5@melinda:~/inhere$ cat ./maybehere07/.file2

Level 6 -> 7:

The password for the next level is stored somewhere on the server and has all of the following properties: - owned by user bandit7 - owned by group bandit6 - 33 bytes in size

bandit6@melinda:~$ find / -user bandit7 -group bandit6 -size 32c 2>/dev/null
bandit6@melinda:~$ cat /var/lib/dpkg/info/bandit7.password

Level 7 -> 8:

The password for the next level is stored in the file data.txt next to the word millionth

bandit7@melinda:~$ ls -a
.  ..  .bash_logout  .bashrc  .profile  data.txt
bandit7@melinda:~$ awk '/^millionth/ {print $2;}' data.txt

Level 8 -> 9:

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

andit8@melinda:~$ ls -a
.  ..  .bash_logout  .bashrc  .profile  data.txt
bandit8@melinda:~$ cat data.txt | sort | uniq -u

Level 9 -> 10:

The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.

bandit9@melinda:~$ ls -a
.  ..  .bash_logout  .bashrc  .profile  data.txt
bandit9@melinda:~$ strings data.txt | grep "="
I========== the6
========== password
========== ism
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Level 10 -> 11

The password for the next level is stored in the file data.txt, which contains base64 encoded data

bandit10@melinda:~$ ls -a
.  ..  .bash_logout  .bashrc  .profile  data.txt
bandit10@melinda:~$ cat data.txt
bandit10@melinda:~$ echo VGhlIHBhc3N3b3JkIGlzIElGdWt3S0dzRlc4TU9xM0lSRnFyeEUxaHhUTkViVVBSCg== | base64 --decode
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

That’s all for now, stay tuned for more “Bandit” Solution!


Leave a Comment