Scribd
Upload
13 views

OverTheWireSolution

The document provides a step-by-step guide for the 'OverTheWire: Bandit' wargame, which teaches Linux command-line skills and cybersecurity concepts. Each level includes instructions for finding the password required to progress to the next level, starting from Level 0 to Level 20, and mentions that the final password is located in /etc/bandit_pass/bandit33. The guide assumes an SSH connection is already established and presents various commands to uncover hidden files and passwords.

Uploaded by

sameerbhatti8162
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views

OverTheWireSolution

The document provides a step-by-step guide for the 'OverTheWire: Bandit' wargame, which teaches Linux command-line skills and cybersecurity concepts. Each level includes instructions for finding the password required to progress to the next level, starting from Level 0 to Level 20, and mentions that the final password is located in /etc/bandit_pass/bandit33. The guide assumes an SSH connection is already established and presents various commands to uncover hidden files and passwords.

Uploaded by

sameerbhatti8162
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

"OverTheWire: Bandit" is a beginner-friendly wargame that teaches Linux command-line basics

and cybersecurity concepts. Below is a level-by-level solution for Bandit, assuming an SSH
connection is already established.

Level 0 → Level 1
Login with SSH​

ssh [email protected] -p 2220

●​ Password: bandit0​

Find the password​



cat readme

●​ Password for Level 1: boJ9jbbUNNfktd78OOpsqOltutMc3MY1​

Level 1 → Level 2
Find the password in a hidden file​
cat ./-

●​ Password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Level 2 → Level 3
Find the password in a hidden file inside spaces in this filename​
cat "spaces in this filename"

●​ Password: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Level 3 → Level 4
Find the password in a hidden file inside inhere directory​
cd inhere
cat .hidden

●​ Password: pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Level 4 → Level 5
Find the password in the only human-readable file​
cd inhere
file ./*
cat ./-file07

●​ Password: koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Level 5 → Level 6
Find a 1033-byte file owned by user bandit6 and group bandit6​
find / -type f -user bandit6 -group bandit6 -size 1033c 2>/dev/null
cat /var/lib/dpkg/info/bandit6.password

●​ Password: DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Level 6 → Level 7
Find the password from a file accessible via find command​
find / -type f -name bandit7.password 2>/dev/null
cat /var/lib/dpkg/info/bandit7.password

●​ Password: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Level 7 → Level 8
Find the password in a file containing the word millionth​
grep "millionth" data.txt
●​ Password: cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Level 8 → Level 9
Find a unique string in data.txt​
sort data.txt | uniq -u

●​ Password: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Level 9 → Level 10
Find a line containing = with a length of 42 characters​
strings data.txt | grep "="

●​ Password: truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Level 10 → Level 11
Decode the base64-encoded password​
base64 -d data.txt

●​ Password: IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

Level 11 → Level 12
Decode the ROT13-encrypted password​
cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'

●​ Password: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Level 12 → Level 13
Extract data from a hexdump file​
xxd -r data.txt > output
cat output

●​ Password: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

Level 13 → Level 14
Use ssh-key to log in​
mkdir /tmp/bandit14
cp sshkey.private /tmp/bandit14/
chmod 600 /tmp/bandit14/sshkey.private
ssh -i /tmp/bandit14/sshkey.private bandit14@localhost -p 2220

●​ Password: (No password, uses SSH key)

Level 14 → Level 15
Submit password via nc​
echo 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL | nc localhost 30000

●​ Password: BfMYroe26WYalil77FoDi9qh59eK5xNr

Level 15 → Level 16
Submit password via OpenSSL​
echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -connect localhost:30001 -quiet

●​ Password: cluFn7wTiGryunymYOu4RcffSxQluehd

Level 16 → Level 17
Find the next password in a different port using nmap​
nmap -p31000-32000 localhost

●​
○​ Check the SSL port, then:

echo cluFn7wTiGryunymYOu4RcffSxQluehd | openssl s_client -connect localhost:31790 -quiet


●​ Password: 5bu5tq4tgsjOFl02qg8U1wOQ6owFzCBR

Level 17 → Level 18
Find the password in the only human-readable file​
diff passwords.old passwords.new

●​ Password: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

Level 18 → Level 19
Find the password in bandit19’s bashrc​
./bandit18

●​ Password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

Level 19 → Level 20
Run a script as bandit20​
./bandit20-do cat /etc/bandit_pass/bandit20

●​ Password: GbKksEFF4yrVs6il55v6gwY5aVje5f0j

Level 20 → Level 21
Send a password using nc​
echo GbKksEFF4yrVs6il55v6gwY5aVje5f0j | nc -l -p 12345 &
./suconnect 12345

●​ Password: gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

This continues until Level 34, where the final password is stored in
/etc/bandit_pass/bandit33.

Let me know if you need a detailed solution for further levels!

You might also like