lcome to OverTheWire!

If you find any problems, please report them to the #wargames channel on

discord or IRC.

--[ Playing the games ]--

This machine might hold several wargames.

If you are playing "somegame", then:

* USERNAMES are somegame0, somegame1, ...

* Most LEVELS are stored in /somegame/.

* PASSWORDS for each level are stored in /etc/somegame_pass/.

Write-access to homedirectories is disabled. It is advised to create a

working directory with a hard-to-guess name in /tmp/. You can use the

command "mktemp -d" in order to generate a random and hard to guess

directory in /tmp/. Read-access to both /tmp/ is disabled and to /proc

restricted so that users cannot snoop on eachother. Files and directories

with easily guessable or short names will be periodically deleted! The /tmp

directory is regularly wiped.

Please play nice:

* don't leave orphan processes running

* don't leave exploit-files laying around

* don't annoy other players

* don't post passwords or spoilers

 * again, DONT POST SPOILERS!

This includes writeups of your solution on your blog or website!

--[ Tips ]--

This machine has a 64bit processor and many security-features enabled

by default, although ASLR has been switched off. The following

compiler flags might be interesting:

-m32 compile for 32bit

-fno-stack-protector disable ProPolice

-Wl,-z,norelro disable relro

In addition, the execstack tool can be used to flag the stack as

executable on ELF binaries.

Finally, network-access is limited for most levels by a local

firewall.

--[ Tools ]--

For your convenience we have installed a few useful tools which you can find

in the following locations:

* gef (https://github.com/hugsy/gef) in /opt/gef/

* pwndbg (https://github.com/pwndbg/pwndbg) in /opt/pwndbg/

* gdbinit (https://github.com/gdbinit/Gdbinit) in /opt/gdbinit/

 * pwntools (https://github.com/Gallopsled/pwntools)

* radare2 (http://www.radare.org/)

--[ More information ]--

For more information regarding individual wargames, visit

http://www.overthewire.org/wargames/

For support, questions or comments, contact us on discord or IRC.

Enjoy your stay!

bandit1@bandit:~$ ^C

bandit1@bandit:~$ login as: bandit1

Pre-authentication banner message from server:

| _ ___

| | |__ __ _ _ __ __| (_) |_

| | '_ \ / _` | '_ \ / _` | | __|

| | |_) | (_| | | | | (_| | | |_

| |_.__/ \__,_|_| |_|\__,_|_|\__|

| This is an OverTheWire game server.

| More information on http://www.overthewire.org/wargames

End of banner message from server

[email protected]'s password:
 ,----.. ,----, .---.

/ / \ ,/ .`| /. ./|

/ . : ,` .' : .--'. ' ;

. / ;. \ ; ; / /__./ \ : |

. ; / ` ; .'___,/ ,' .--'. ' \' .

; | ;\;|| : | /___/ \ | ' '

| : | ; | ' ; |.'; ; ; \ \; :

. | ' ' ' : `----' | | \ ; ` |

' ; \; / | ' : ; . \ .\ ;

For support, questions or comments, contact us on discord or IRC.u can find

bandit1@bandit:~$ cat bandit1

cat: bandit1: No such file or directory

bandit1@bandit:~$ cat ./ -

cat: ./: Is a directory

^C

bandit1@bandit:~$ cat ./-

263JGJPfgU6LtdEvgfWU1XP5yac29mFx

bandit2@bandit:~$ ls

spaces in this filename

bandit2@bandit:~$ cat "spaces in this filename"

MNk8KNH3Usiio41PRUEoDFPqfxLPlSmx
bandit2@bandit:~$

bandit2@bandit:~$ ls

spaces in this filename

bandit2@bandit:~$ cat "spaces in this filename"

MNk8KNH3Usiio41PRUEoDFPqfxLPlSmx

Bandit Level 3 → Level 4

Level Goal

The password for the next level is stored in a hidden file in the inhere directory.

Commands you may need to solve this level

ls , cd , cat , file , du , find

Bandit Level 3 → Level 4 Summary

Goal:

The password for Level 4 is hidden in a file located in the inhere directory.

Key Steps:

Navigate to the inhere directory using cd inhere.

List all files, including hidden ones, using ls -a to reveal files that start with a dot (.).

Find the hidden file containing the password by checking files like ...Hiding-From-You.

View the contents of the file using cat to retrieve the password.

Commands to Use:

ls -a – Lists all files, including hidden ones.

find . -type f -name ".*" – Finds hidden files.

cat <filename> – Displays the contents of the file.

Challenge:

The hidden file is in plain sight but requires using basic file listing and searching commands (ls, find,
cat) to retrieve the password.

Let me know if you need further details! 😊

bandit3@bandit:~/inhere$ cat ...Hiding-From-You

2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJ

bandit3@bandit:~/inhere$

bandit3@bandit:~/inhere$ cat ...Hiding-From-You

2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJ

bandit3@bandit:~/inhere$

Lesson: Using the find Command to Locate Files

Objective:

Learn how to locate files in a directory based on specific properties, such as size, type, and
permissions, using the find command.

Key Concepts:

File Searching:

The find command is used to search for files and directories based on various criteria.

File Properties:
Size: Measured in bytes, kilobytes, etc.

Type: Regular files, directories, etc.

Permissions: Whether a file is executable, readable, or writable.

Excluding Files:

Use ! to negate conditions (e.g., ! -executable excludes executable files).

Commands and Syntax:

Navigate to a Directory:

cd inhere

Find Files Based on Criteria:

find . -type f -size 1033c ! -executable

.: Search in the current directory.

-type f: Search for regular files.

-size 1033c: Look for files exactly 1033 bytes in size (c = bytes).

! -executable: Exclude executable files.

Display File Contents:

cat ./path/to/file

Replace ./path/to/file with the actual file path.

Step-by-Step Practice:

Start in the inhere Directory:

Use cd to navigate.

Search for the File:

Apply the find command with the appropriate criteria.

Read the File:

Use cat to view the content once the correct file is identified.

Lesson Outcome:

By completing this exercise, you'll be able to:

Use the find command to locate files based on size, type, and permissions.

Understand how to exclude files that don't meet specific criteria.

Combine navigation (cd), searching (find), and viewing (cat) commands for efficient file
management.

Real-World Application:
These skills are essential for system administrators, developers, and anyone working with Linux-
based systems, enabling efficient file searches and effective troubleshooting.

To solve Bandit Level 6 → Level 7, you need to find a file that meets the specified criteria:

Owned by user bandit7

Owned by group bandit6

33 bytes in size

Here's a step-by-step guide to help you find the file and retrieve the password:

1. Log in to the Server

If you're not already logged in, use SSH to log into the Bandit server:

ssh [email protected] -p 2220

Password: Use the password obtained from the previous level.

2. Use the find Command

The find command can help you locate files based on user, group, size, and other attributes. To find
a file that is owned by bandit7, belongs to the group bandit6, and has a size of 33 bytes, run the
following command:

find / -user bandit7 -group bandit6 -size 33c 2>/dev/null

Explanation:

/: Start searching from the root directory (you can specify a subdirectory if you know one).

-user bandit7: Find files owned by the user bandit7.

-group bandit6: Find files owned by the group bandit6.

-size 33c: Look for files that are exactly 33 bytes in size (c means bytes).

2>/dev/null: Suppresses error messages (e.g., permission-denied errors).

3. Check the File

Once the correct file is found (e.g., ./path/to/file), use the cat command to view its contents:
cat /path/to/file

This will display the password for the next level.

4. Troubleshooting

If the search command finds no results or gives errors, try searching within a specific directory if you
know where the file might be located.

If you encounter permission errors, ensure you're using the correct user (bandit6).

Example Workflow

Search for the file:

find / -user bandit7 -group bandit6 -size 33c 2>/dev/null

Display the file's content:

cat /path/to/file

Lesson Outcome

By completing this level, you'll gain experience with:

Using find to search for files based on multiple criteria (user, group, file size).

Navigating file systems with command-line tools.

Understanding file ownership and the importance of file permissions.

This skill is essential in tasks like system administration and troubleshooting in Linux environments.
To solve Bandit Level 7 → Level 8, the goal is to find the password stored in the data.txt file next to
the word "millionth."

Step-by-Step Guide:

1. Log in to the Bandit Server

If you're not logged in already, connect using SSH:

ssh [email protected] -p 2220

Password: Use the password obtained from Level 7.

2. Locate the data.txt File

To confirm that data.txt exists and locate it, you can use the ls command to list the contents of the
current directory:

ls

If it's not in the current directory, you can search for it:

find . -name "data.txt"

This will search the entire directory tree for data.txt.

3. Search for the Word "millionth" in data.txt

Once you've confirmed the file exists, you can use the grep command to search for the word
"millionth" inside the file:

exit

This will display the line(s) containing the word "millionth" and the password next to it.

4. Extract the Password

The grep command will give you output similar to:

millionth <password>

Copy the <password> after the word "millionth." This is the password for Level 8.

Additional Tips:

If the output is large or you want to clean it up, you can use grep with flags:

Case-insensitive search: grep -i "millionth" data.txt

Show only the matching part of the line: grep -o "millionth.*" data.txt

Example Workflow

List the contents of the current directory to check if data.txt exists:

ls

Search for "millionth" in data.txt:

grep "millionth" data.txt

Copy the password next to the word "millionth."

Lesson Outcome:

By completing this level, you'll reinforce the following skills:

Using grep to search for specific words in files.

Efficiently finding data inside a file based on patterns.

Understanding basic text manipulation on Linux systems.

This is a common task when working with logs, configuration files, or data files that contain
important information or secrets.

To solve Bandit Level 7 → Level 8, the goal is to extract the password from the data.txt file,
specifically the part next to the word "millionth".

Here’s a step-by-step guide to help you:

Step 1: Log into the Server

If you're not already logged in, connect to the server via SSH:

ssh [email protected] -p 2220

Password: Use the password obtained from the previous level.

Step 2: Locate the data.txt File

You need to make sure that the file data.txt is in your current directory. You can list the files with:

ls

If data.txt isn't listed, search for it:

find . -name "data.txt"

Step 3: Search for the Word "millionth"

Once you find the data.txt file, use the grep command to search for the word "millionth" inside the
file:

grep "millionth" data.txt

This will display any lines containing the word "millionth" along with the password next to it.
Step 4: Extract the Password

The output should look something like this:

millionth some_password_here

The password for the next level will be the string next to millionth.

Optional: Clean Up Output

If you just want the password without the word "millionth", you can pipe the output to awk or cut to
extract just the second word:

Using awk:

grep "millionth" data.txt | awk '{print $2}'

Using cut:

grep "millionth" data.txt | cut -d ' ' -f 2

Both of these commands will print just the password.

Step 5: Use the Password

Once you have the password, use it to log into Bandit Level 8.

Example Workflow

ls

grep "millionth" data.txt

# output: millionth abcdefgh12345678

The password for the next level is abcdefgh12345678.

Lesson Outcome

By completing this level, you'll reinforce the following skills:

Using grep to search for specific strings in files.

Extracting specific data from text outputs.

Navigating files and manipulating data on the command line.

These are fundamental skills that are often used in system administration, security, and text
processing tasks.

To solve Bandit Level 8 → Level 9, the goal is to extract the password from the data.txt file. The
password is the only line of text that occurs only once in the file.

Here's how to approach this step by step:

Step 1: Log into the Server

If you're not already logged in, connect to the server via SSH:

ssh [email protected] -p 2220

Password: Use the password obtained from Level 8.

Step 2: View the Contents of data.txt

Make sure you're in the correct directory where data.txt is located. You can check by running:

ls

If you see data.txt in the listing, you can proceed. Otherwise, use find to search for it.

Step 3: Identify the Unique Line

The goal is to find the line that appears only once. You can achieve this by sorting the lines and then
using the uniq command to filter out duplicate lines.
First, sort the file:

sort data.txt

Then, use uniq to display only lines that appear once:

sort data.txt | uniq -u

Explanation:

sort data.txt: Sorts the file so that duplicate lines are grouped together.

uniq -u: Filters out duplicate lines and displays only those that occur exactly once.

Step 4: Extract the Password

The command will print the unique line (which is the password) from data.txt. This is the password
for Level 9.

Step 5: Use the Password

Once you have the password, use it to log into Bandit Level 9.

Example Workflow

Sort the contents of data.txt and display only the unique line:

sort data.txt | uniq -u

The output will be something like:

the_unique_password_here

Additional Notes:

Piping and Redirection: This level reinforces the use of piping (|) to connect the output of one
command to the input of another. Here, sort sends its output to uniq, which processes it further.
The sort command is essential here because it organizes the lines so that uniq can easily find the
duplicates and single occurrences.

Lesson Outcome:

By completing this level, you will:

Practice using sort to organize file contents.

Learn to apply uniq to filter duplicate lines and find unique occurrences.

Gain experience with piping and redirection to combine commands efficiently.

These skills are fundamental in text processing and data manipulation tasks on Linux systems.

To solve Bandit Level 9 → Level 10, the goal is to find the password stored in the data.txt file. The
password is one of the human-readable strings, which is preceded by several = characters.

Step-by-Step Guide:

Step 1: Log into the Server

If you're not logged in, connect via SSH:

ssh [email protected] -p 2220

Password: Use the password obtained from Level 9.

Step 2: View the Contents of data.txt

Make sure you're in the correct directory where data.txt is located. If it's not there, use the find
command to locate it.

ls

If the file is not listed, you can find it:

find . -name "data.txt"

Step 3: Identify Human-Readable Strings

The password is a human-readable string. To find human-readable content, you can use the strings
command. This command extracts printable characters from binary files or files with mixed content.

Run the strings command on data.txt to display all readable text:

strings data.txt

This will output a list of readable strings from the file. Among them, look for one that is preceded by
= characters.

Step 4: Extract the Password

Once you've identified the readable string surrounded by = characters, the password for Level 10 will
be displayed.

To filter for strings that start with = characters, you can use grep:

strings data.txt | grep "^=.*"

This command will only display lines that start with = and may help isolate the relevant password.

Step 5: Use the Password

Once you have the password, use it to log into Bandit Level 10.

Example Workflow

Extract readable strings from data.txt:

strings data.txt

Look for a string with preceding = characters.

If needed, filter with grep to isolate strings starting with =:

strings data.txt | grep "^=.*"

Copy the password from the output.

Additional Notes:

strings Command: This command is essential when working with binary or mixed-content files, as it
extracts all sequences of printable characters.

Regular Expression: The grep "^=.*" pattern ensures that only lines starting with = are matched,
narrowing down the results to relevant strings.

Lesson Outcome:

By completing this level, you'll learn:

How to use the strings command to extract human-readable text from files.

The importance of filtering specific content using regular expressions and grep.

The practical use of string searching when dealing with mixed-content files.

These skills are commonly used when dealing with data extraction, reverse engineering, and binary
analysis.

Pass word bandit10: FGUW5ilLVJrxX9kMYMmlN4MgbpfMiqey

In Bandit Level 9 → Level 10, the goal is to find the password for the next level stored in a file named
data.txt. The password is among human-readable strings but is preceded by several = characters.

Breakdown of the Problem

Human-readable strings: These are sequences of printable characters (letters, numbers, symbols)
that you can visually recognize.

Preceded by = characters: This indicates a pattern to look for, where the desired string (password)
starts right after multiple = characters.

Commands to Use

Here’s how the suggested commands can help:

strings: Extracts human-readable strings from binary files.

grep: Searches for patterns in text.

sort: Orders lines alphabetically.

uniq: Removes duplicate lines.

base64: Encodes/decodes base64 data (useful if data is encoded).

tr: Translates or deletes characters.

tar/gzip/bzip2: Handles compressed files.

xxd: Displays file contents in a hexadecimal format.

Solution Steps

Navigate to the file's directory:

cd /path/to/level

Examine the file contents: Start with strings to extract human-readable text from data.txt:

strings data.txt

Filter lines with = characters: Use grep to find lines containing multiple = characters:

strings data.txt | grep '===='

Identify the password: Review the output of the filtered lines. The password will typically be after
the = characters. For example:

======password123

The password here would be password123.

Save or copy the password: Copy the password and use it to log into the next level.

Notes

If data.txt is compressed (e.g., .tar, .gz, .bz2), you’ll need to decompress it first using tools like tar or
gzip:

tar -xf data.txt.tar

gunzip data.txt.gz

By following these steps, you can extract the password and proceed to Level 10. Let me know if
you'd like further clarification!

In Bandit Level 10 → Level 11, your goal is to retrieve the password for the next level, which is stored
in a file named data.txt. The file contains Base64 encoded data.

What is Base64 Encoding?

Base64 is a binary-to-text encoding scheme that represents binary data in an ASCII string format. It's
commonly used to encode data for transmission or storage. When you decode Base64, you get the
original readable or binary data.

Steps to Solve the Level

Navigate to the file's directory:

cd /path/to/level

View the contents of data.txt: Use cat or less to inspect the file and confirm it is Base64 encoded:

cat data.txt

If it looks like a mix of letters, numbers, and slashes, it’s likely Base64. Example:

SGVsbG8gd29ybGQhCg==

Decode the Base64 data: Use the base64 command with the -d option to decode:

base64 -d data.txt

The -d option tells base64 to decode the input.

The output should reveal the readable text, which contains the password.

Copy the password: The decoded output should be the password for the next level. For example:

Hello world!

In this case, "Hello world!" is the password.

Test the result: Use the password to log into the next level.
Commands Used

base64:

Encodes or decodes Base64 data.

base64 -d decodes the data in the file.

cat:

Displays the file contents to confirm it’s Base64 encoded.

Example

Suppose data.txt contains the following:

VGhlIHBhc3N3b3JkIGlzIGZvb2Jhcg==

Use base64 -d to decode:

base64 -d data.txt

Output:

The password is foobar

The password is foobar.

Additional Notes
If the file is compressed (e.g., .gz, .bz2, .tar), decompress it first.

Base64 encoding often adds padding characters (=) at the end of the encoded string. These are
normal and don’t affect decoding.

Let me know if you need further clarification!

In Bandit Level 11 → Level 12, the password is stored in a file called data.txt, but all the letters in the
file have been ROT13-encoded. You need to decode the text to find the password.

What is ROT13?

ROT13 (short for "rotate by 13 places") is a substitution cipher where each letter of the alphabet is
replaced with the letter 13 positions ahead (or behind, since the alphabet has 26 letters).

For example:

A becomes N, and N becomes A.

a becomes n, and n becomes a.

Steps to Solve the Level

Navigate to the file's directory:

cd /path/to/level

Examine the file contents: Use cat to view the content of data.txt:

cat data.txt

Example of ROT13-encoded text:

Gur cnffjbeq vf sbhaq.

Decode the ROT13 text: Use the tr command to translate the characters:
cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'

The tr command translates characters.

A-Za-z specifies the original alphabet.

N-ZA-Mn-za-m specifies the ROT13-rotated alphabet.

Extract the password: The decoded text will reveal the password. For example:

The password is found.

In this case, "found" is the password.

Save the password: Copy the password and use it to log into the next level.

Explanation of the tr Command

tr 'A-Za-z' 'N-ZA-Mn-za-m':

Maps uppercase letters (A-Z) to their ROT13 equivalents (N-ZA-M).

Maps lowercase letters (a-z) to their ROT13 equivalents (n-za-m).

Example

If data.txt contains:

Gur cnffjbeq vf pelcgb!

Run the command:

cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'

Output:

The password is cypher!

The password is cypher!.

Additional Notes

ROT13 only affects letters (a-z, A-Z) and leaves other characters (numbers, symbols, whitespace)
unchanged.

You can also use Python or other programming languages to decode ROT13, but tr is the simplest
approach.

Let me know if you'd like further clarification!

In Bandit Level 12 → Level 13, the password is stored in a file named data.txt, which contains a
hexdump of a file that has been repeatedly compressed. You need to reverse the process (decode
the hexdump and decompress the data) to retrieve the password.

Key Concepts

Hexdump: A hexadecimal representation of binary data. To retrieve the original binary file, the
hexdump must be reversed.

Use xxd -r to convert the hexdump back into a binary file.

Repeated Compression: The file has been compressed multiple times using various compression
methods. You'll need to identify the compression type and decompress it step by step.

Temporary Directory: It's good practice to work in a temporary directory to avoid clutter and
accidental overwrites. Use mktemp -d to create a secure temporary directory.
Step-by-Step Solution

Create a temporary directory:

mkdir /tmp/mytempdir

cd /tmp/mytempdir

Or, use:

cd "$(mktemp -d)"

Copy data.txt to the temporary directory:

cp /path/to/data.txt .

Convert the hexdump back into a binary file:

xxd -r data.txt data.bin

xxd -r reverses the hexdump (data.txt) into binary format (data.bin).

Determine the file type: Use the file command to identify the type of compression:

file data.bin

Example output:
data.bin: gzip compressed data

Decompress the file: Based on the file type, use the appropriate decompression command. Repeat
this step until all compression layers are removed.

If gzip:

mv data.bin data.gz

gunzip data.gz

If bzip2:

mv data.bin data.bz2

bunzip2 data.bz2

If tar:

mv data.bin data.tar

tar -xf data.tar

Repeat steps 4 and 5: After each decompression, use file to check the new file type and decompress
it again as needed.

Extract the password: Eventually, you’ll reach a human-readable file that contains the password. Use
cat or strings to read the file:
cat final_file

Example Walkthrough

Hexdump Conversion: Convert the hexdump in data.txt:

xxd -r data.txt data.bin

Check File Type:

file data.bin

Output:

data.bin: gzip compressed data

Decompress Gzip:

mv data.bin data.gz

gunzip data.gz

Check Again:
file data

Output:

data: bzip2 compressed data

Decompress Bzip2:

mv data data.bz2

bunzip2 data.bz2

Repeat Until Decompressed: Continue decompressing until the file is readable.

Extract Password: Read the final file:

cat final_file

The file contains the password for the next level.

Tips

Work Incrementally: After each decompression step, use file to confirm the file type before
proceeding.

Secure Directory: Always work in a temporary directory to avoid clutter.

Learn the Tools:

file: Identifies file types.

xxd -r: Reverses hexdump.

gunzip, bunzip2, tar -xf: Decompression commands.

Let me know if you need further guidance!

In Bandit Level 14 → Level 15, the goal is to retrieve the password for the next level by submitting
the password of the current level to port 30000 on localhost.

Key Concepts

Localhost:

Refers to the local machine you’re working on.

IP address 127.0.0.1 is commonly used for localhost.

Port:

A communication endpoint on a computer.

Port 30000 is specified in this level for sending the password.

Tools for Communication:

nc (Netcat): A versatile networking utility for reading and writing to network connections.

telnet: Another tool for communication over TCP/IP.

openssl s_client: Used for secure communication but is not necessary for this level since it's not
encrypted.

Steps to Solve

Log in to Bandit Level 14: If not already logged in:

ssh [email protected] -p 2220

Enter the password for Bandit Level 14.

Use nc to Submit the Password: Use nc to connect to port 30000 on localhost:

echo "your_password" | nc localhost 30000

Replace "your_password" with the password for Bandit Level 14.

echo sends the password as input.

nc localhost 30000 connects to the specified port.

Retrieve the Response:

The response will display the password for the next level.

Alternative: Use telnet:

telnet localhost 30000

Type the password manually when prompted.

Press Enter to send it.

Alternative: Using a File: You can store the password in a file and send it:

echo "your_password" > password.txt

nc localhost 30000 < password.txt

Save the Password for the Next Level: Copy the password displayed in the response.

Example

Assume the password for Bandit Level 14 is abc123.

Run the command:

echo "abc123" | nc localhost 30000

Output:

Correct! The password for the next level is xyz456

Save xyz456 as the password for Bandit Level 15.

Tips

Tools Comparison:
nc: Simple and widely used for such tasks.

telnet: Can be used if nc is unavailable but is less common today.

openssl s_client: More secure but unnecessary here as the connection is not encrypted.

If Connection Fails: Ensure you are on the correct server (localhost) and using the right port (30000).

Let me know if you need further clarification!

In Bandit Level 15 → Level 16, the password for the next level is retrieved by sending the current
level's password to port 30001 on localhost using SSL/TLS encryption.

Key Concepts

SSL/TLS Encryption:

Secure protocols for encrypted communication.

Port 30001 expects data to be sent securely using SSL/TLS.

OpenSSL s_client:

A tool for connecting to SSL/TLS services and testing encrypted connections.

Localhost:

Refers to the machine you're working on, typically 127.0.0.1.

Steps to Solve

Log in to Bandit Level 15: If not already logged in:

ssh [email protected] -p 2220

Enter the password for Bandit Level 15.

Use OpenSSL s_client to Connect: Connect to port 30001 using SSL/TLS:

openssl s_client -connect localhost:30001

-connect localhost:30001 specifies the target host and port.

You may see output similar to:

CONNECTED(00000003)

depth=0 ...

---

Send the Password:

Once connected, paste the password for Bandit Level 15 and press Enter.

The server should respond with the password for the next level.

Automate the Submission: You can automate the process using echo and a pipe:

echo "your_password" | openssl s_client -connect localhost:30001

Replace "your_password" with the password for Bandit Level 15.

Retrieve the Password for the Next Level:

Look for the response in the output, which should contain the password for Level 16.

Example

Assume the password for Bandit Level 15 is abc123.

Run the command:

echo "abc123" | openssl s_client -connect localhost:30001

Output:

Correct! The password for the next level is xyz456

Save xyz456 as the password for Bandit Level 16.

Tips

Troubleshooting:
If you encounter messages like DONE, RENEGOTIATING, or KEYUPDATE, refer to the CONNECTED
COMMANDS section in the OpenSSL man page. Use commands like QUIT to properly terminate the
session if needed.

Check your syntax if the connection fails.

Alternative Tools:

While openssl s_client is the most straightforward, tools like ncat or socat can also handle SSL/TLS
connections.

Read the Output Carefully:

OpenSSL outputs diagnostic information. Focus on the server’s response, which contains the
password.

Let me know if you'd like further clarification or assistance!

In Bandit Level 16 → Level 17, the goal is to retrieve the credentials for the next level by submitting
the password for the current level to the correct SSL/TLS-enabled server on a port between 31000
and 32000.

Key Concepts

Port Scanning:

A technique to identify which ports have servers listening.

Tools like nmap or netstat can help with this.

SSL/TLS Detection:

Use tools like openssl s_client to check if a server speaks SSL/TLS.

Port Range:

Focus only on ports 31000-32000.

Server Responses:

Only one server provides the next level's credentials.

Other servers echo back your input.

Steps to Solve

Log in to Bandit Level 16: If not already logged in:

ssh [email protected] -p 2220

Enter the password for Bandit Level 16.

Scan the Ports: Use nmap to find open ports in the range 31000-32000:

nmap -p 31000-32000 localhost

Look for ports marked as open.

Check for SSL/TLS: For each open port, use openssl s_client to check if the server uses SSL/TLS:

openssl s_client -connect localhost:<port>

Replace <port> with the open port number.

If SSL/TLS is supported, you will see SSL handshake details.

Non-SSL servers will fail or hang.

Send the Password to the SSL Server: For the identified SSL/TLS server:

echo "your_password" | openssl s_client -connect localhost:<port>

Replace <port> with the correct SSL-enabled port.

Replace "your_password" with the password for Bandit Level 16.

Retrieve the Credentials:

The correct server will respond with the credentials for Bandit Level 17.

Save these credentials for the next login.

Example

Scan ports:

nmap -p 31000-32000 localhost

Output (example):

PORT STATE SERVICE

31046/tcp open unknown

31518/tcp open unknown

32003/tcp open unknown

Check for SSL/TLS:

openssl s_client -connect localhost:31046

Output:

CONNECTED(00000003)

depth=0 ...

---

Send the password:

echo "abc123" | openssl s_client -connect localhost:31046

Output:

Correct! The credentials for the next level are:

username: bandit17

password: xyz456

Tips

Port Scanning Alternatives:

Use netstat or ss:

netstat -tuln | grep 31

ss -tuln | grep 31

Multiple Open Ports:

Ensure you test all open ports in the range to find the correct SSL/TLS server.

Dealing with Errors:

If OpenSSL reports RENEGOTIATING, try resending the password or restarting the connection.

Let me know if you have questions or need further clarification!

In Bandit Level 17 → Level 18, the task is to find the password for the next level by identifying the
line that has been changed between two files: passwords.old and passwords.new.

Key Concepts

diff:

A command-line tool that compares two files line by line and highlights differences.

File Comparison:

passwords.old: Contains the previous set of passwords.

passwords.new: Contains the updated passwords, including the one for the next level.
Steps to Solve

Log in to Bandit Level 17: If not already logged in:

ssh [email protected] -p 2220

Enter the password for Bandit Level 17.

Check the Files: List the contents of the home directory:

ls

Confirm the presence of passwords.old and passwords.new.

Use diff to Find Changes: Compare the two files using diff:

diff passwords.old passwords.new

The output will indicate the line(s) that differ.

For example:

42c42

< oldpassword

---

> newpassword

42c42: Indicates a change at line 42.

The password for the next level is newpassword.

Extract the Password:

The password for the next level is the new line in passwords.new.

Save the Password: Copy the password for use in the next level.

Example

Compare files:

diff passwords.old passwords.new

Output:

5c5

< abc123

---

> xyz456

The password for Bandit Level 18 is xyz456.

Alternative Approach

Using grep: Find lines in passwords.new that are not in passwords.old:

grep -Fvxf passwords.old passwords.new

-F: Matches fixed strings.

-v: Outputs lines not matched.

-x: Matches entire lines.

-f passwords.old: Uses passwords.old as a pattern file.

Output:

xyz456

Tips

Avoiding Errors:

Ensure both files are in the home directory.

If diff or grep gives unexpected results, double-check file contents with cat.

Byebye Issue:

If you see "Byebye!" when logging into Bandit 18, it's related to Bandit Level 19, not this level.

Let me know if you need further clarification!

In Bandit Level 18 → Level 19, the challenge is to retrieve the password from a file named readme in
the home directory, despite being logged out automatically due to a modified .bashrc file.
Key Concepts

.bashrc File:

A configuration script executed whenever a new interactive shell session starts.

Here, it is modified to log you out as soon as you log in.

Bypassing .bashrc Execution:

SSH provides options to run commands directly on the remote system without starting an interactive
shell, bypassing .bashrc.

Steps to Solve

Log in Using SSH and Run a Command: Use the ssh command to directly read the readme file
without starting an interactive session:

ssh [email protected] -p 2220 cat readme

The cat readme command is executed immediately after logging in.

This avoids triggering the .bashrc file.

Retrieve the Password:

The password for the next level will be displayed in the terminal.

Alternative Approach: If you need to explore the directory:

ssh [email protected] -p 2220 "ls -l"

This lists files in the home directory without logging in interactively.

Copy the Password: Save the displayed password for use in the next level.

Example

Command:

ssh [email protected] -p 2220 cat readme

Output:

abcdefghijklmnopqrst

The password for Bandit Level 19 is abcdefghijklmnopqrst.

Tips

Avoid Logging in Interactively:

Don’t attempt to log in normally using ssh bandit18@.... It will immediately log you out.

Debugging:

If cat readme fails, ensure the file exists with:

ssh [email protected] -p 2220 "ls -a"

Look for any hidden files or issues in the home directory.

Let me know if you have further questions!

In Bandit Level 19 → Level 20, the task is to use a setuid binary in the home directory to gain access
to the password for the next level. This involves executing the binary in a way that allows you to
access the password located in /etc/bandit_pass.

Key Concepts

Setuid (Set User ID):

A special permission that allows a user to execute a program with the privileges of the owner of the
file (usually root).

When a binary has the setuid bit set, it runs with the permissions of the file's owner, rather than the
user who runs it.

Setuid Binary:

The binary file in the home directory is likely designed to allow you to elevate your privileges
temporarily, enabling you to read the password file located at /etc/bandit_pass.

Steps to Solve

Log in to Bandit Level 19: If you are not already logged in, connect using SSH:

ssh [email protected] -p 2220

Enter the password for Bandit Level 19.

Locate the Setuid Binary: List the files in the home directory to find the setuid binary:

ls -l
You should see a file with the setuid bit set, indicated by an s in the permissions (e.g., -rwsr-xr-x).

Execute the Setuid Binary: Run the binary without any arguments to understand how it works:

./setuid_binary_name

This will likely provide information on how to use the binary, possibly giving you instructions or
output that reveals how to access the password.

Read the Password File: Once you have used the setuid binary correctly, it should grant you the
necessary privileges to access the password for the next level from /etc/bandit_pass.

Use cat to view the contents:

cat /etc/bandit_pass

The password for Bandit Level 20 will be displayed.

Save the Password: Copy the password for Bandit Level 20 and use it to log into the next level.

Example

After logging in, you find the setuid binary:

ls -l

-rwsr-xr-x 1 bandit19 bandit19 12345 Jan 1 00:00 setuid_binary

Run the binary:

./setuid_binary

The binary might print instructions or the password directly.

Access /etc/bandit_pass:

cat /etc/bandit_pass

The password for Bandit Level 20 is displayed.

Tips

Investigating Setuid: If you're unsure about the setuid binary, you can inspect it with file or strings to
get more details:

file setuid_binary_name

strings setuid_binary_name
Permissions: If you're not able to run the binary, check if the setuid bit is properly set by looking at
the file permissions with ls -l.

Let me know if you need more help with this or any other level!

Here's a summary of the key commands used in the OverTheWire Bandit practice so far, categorized
by their functionality:

1. File and Directory Navigation

ls: Lists files and directories in the current directory.

Example: ls -l (long listing with permissions, ownership, etc.)

cd: Changes the current directory.

Example: cd /home/bandit (navigate to the specified directory)

pwd: Prints the current working directory.

Example: pwd (shows the full path of the current directory)

cat: Concatenates and displays the contents of a file.

Example: cat file.txt (shows the contents of file.txt)

more/less: Views the contents of a file one screen at a time.

Example: less file.txt (scroll through the contents of file.txt)

file: Determines the file type.

Example: file file.txt (shows the type of file.txt)

2. File Permission and Ownership

chmod: Changes file permissions.

Example: chmod 755 file.txt (gives read, write, and execute permissions to the owner, and
read/execute permissions to others)

chown: Changes file ownership.

Example: chown user:user file.txt (changes ownership of file.txt to user)

3. File Manipulation

cp: Copies files or directories.

Example: cp source.txt destination.txt (copies source.txt to destination.txt)

mv: Moves or renames files or directories.

Example: mv oldname.txt newname.txt (renames oldname.txt to newname.txt)

rm: Removes files or directories.

Example: rm file.txt (deletes file.txt)

touch: Creates an empty file or updates the timestamp of an existing file.

Example: touch newfile.txt (creates newfile.txt)

4. Text Manipulation

grep: Searches for a pattern in a file or input.

Example: grep 'password' file.txt (searches for the word "password" in file.txt)

sort: Sorts lines in a file or input.

Example: sort file.txt (sorts the lines in file.txt)

uniq: Removes duplicate lines from input.

Example: sort file.txt | uniq (sorts file.txt and removes duplicates)

tr: Translates or deletes characters.

Example: echo 'hello' | tr 'a-z' 'A-Z' (converts lowercase letters to uppercase)

5. Compression and Archiving

tar: Archives or extracts files.

Example: tar -czf archive.tar.gz folder (creates a compressed tarball of folder)

gzip: Compresses or decompresses files using the Gzip format.

Example: gzip file.txt (compresses file.txt to file.txt.gz)

bzip2: Compresses or decompresses files using the Bzip2 format.

Example: bzip2 file.txt (compresses file.txt to file.txt.bz2)

xz: Compresses or decompresses files using the XZ format.

Example: xz file.txt (compresses file.txt to file.txt.xz)

6. Networking Tools

nc (Netcat): A network utility for reading from and writing to network connections.

Example: nc localhost 30000 (connects to localhost on port 30000)

telnet: A tool to communicate with remote servers via the Telnet protocol.

Example: telnet localhost 30000 (connects to localhost on port 30000)

nmap: Scans and maps network ports and services.

Example: nmap 127.0.0.1 (scans the local machine)

ss: A tool to investigate sockets and network connections.

Example: ss -tuln (shows listening sockets)

7. Base64 Encoding and Decoding

base64: Encodes and decodes data using Base64 encoding.

Example: base64 file.txt (encodes the contents of file.txt into Base64)

Example: echo 'base64_string' | base64 -d (decodes a Base64 string)

8. Hexdump and Binary Data

xxd: Creates a hex dump of a binary file.

Example: xxd file.bin (displays the hex dump of file.bin)

hexdump: Dumps the hexadecimal representation of a file.

Example: hexdump -C file.bin (shows a hexadecimal view of file.bin)

9. Environment Variables and System Info

env: Displays environment variables.

Example: env (lists all environment variables)

export: Sets environment variables.

Example: export VAR=value (sets the variable VAR to value)

id: Displays user and group ID information.

Example: id (shows your user and group information)

10. System Commands

whoami: Displays the current logged-in user.

Example: whoami (shows the current user)

ps: Displays the running processes.

Example: ps aux (shows all running processes)

top: Displays real-time system information.

Example: top (shows processes in real-time)

11. Process Management

kill: Terminates a process.

Example: kill <PID> (kills the process with the specified PID)

nohup: Runs a command immune to hangups (e.g., when the terminal is closed).

Example: nohup command & (runs command in the background)

Additional Tools for Specific Tasks

SSL/TLS Tools:

openssl s_client: Used to interact with SSL/TLS services.

Example: openssl s_client -connect localhost:30001 (connects to an SSL/TLS service on port 30001)

This list encompasses most of the key commands used in the OverTheWire Bandit challenges so far.
Understanding and practicing these commands will help you perform various system administration
tasks, troubleshoot, and interact with network services efficiently.

Moses