My notes on overthewire.org/wargames/bandit.
Each level requires privilege escalation in order to escalate to the next level, often by accessing a password in one way or another.
Solving Level 0 involved SSH'ing into the host, bandit.labs.overthewire.org, on port 2220, as the user bandit0, using the password bandit0.
> ssh [email protected] -p 2220
> bandit0Escalating to Level 1 involved investigating the current directory and surrounding files, and printing the contents of the readme file, which contained the password to the next level.
> pwd
> ls
> cat readme
NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjLEscalating to Level 2 involved printing the contents of a file with an unorthodox filename. To be distinguished, this filename required the relative filepath, ./, to be included. Otherwise, the command cat - would be treated as if it is awaiting standard input.
> cat ./-
rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgziEscalating to Level 3 involved printing the contents of a file that had spaces in its filename. Single quotes were used to distinguish the filename.
> cat 'spaces in this filename'
aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiGEscalating Level 4 involved printing the contents of a hidden file. To do this, we used the -a flag with ls which will display all files.
> cd inhere/
> ls -a
> cat .hidden
2EW7BBsr6aMMoJ2HjW067dm8EgX26xNeEscalating Level 5 involved finding a human-readable file in a directory, and printing its contents. This file also had an unorthodox filename, which needed extra syntax in order to print.
> cd inhere/
> find . -type f | file -f -
> cat ./-file07
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqREscalating to Level 6 involved finding a file with the following properties: human-readable, 1033 bytes in size, and not executable.
> cd inhere/
> find . -size 1033c
> cd maybehere07/
> cat ./.file02
P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJUEscalating to Level 7 involved finding a file with the following properties: owned by user bandit7, owned by group bandit6, and 33 bytes in size. Searching for this file displays many warnings, which can be 'thrown to the void' by using 2>/dev/null, thus revealing the true location of the next password.
> find / -group bandit6 -size 33c -user bandit7 -type f 2>/dev/null
> cat /var/lib/dpkg/info/bandit7.password
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99SEscalating to Level 8 involved finding the password in a file, next to the word 'millionth'.
> cat data.txt | grep millionth
TESKZC0XvTetK0S9xNwm25STk5iWrBvPEscalating to Level 9 involved finding the password in a file, which was the only line of text occuring only once. This was done by filtering for the unique line after sorting them, by using uniq with the -u flag.
> sort data.txt | uniq -u
EN632PlfYiZbn3PhVK3XOGSlNInNE00tEscalating to Level 10 involved printing the password, which was a human-readable string preceded by several '=', from a file of mainly unreadable symbols. This was done by printing readable characters using strings, and greping the strings preceded by '='.
> strings data.txt | grep ===
G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6sEscalating to Level 11 involved decoding and printing the password from data.txt, which contained base64 encoded data. The data can be decoded with the base64 command with the -d flag.
> base64 -d data.txt
6zPeziLdR2RKNdNYFNb6nVCKzphlXHBMEscalating to Level 12 involved decoding and printing the contents of a file, wherein its letters had been rotated 13 positions (ROT13). In order to rotate the letters back to normal, the contents of data.txt was passed through the tr command, revealing the translated text.
> cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'
JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRvEscalating to Level 13 involved ..