Wargames - Bandit

Some basic cybersecurity

I started work on this but ended up getting busy and not finishing it. I will try to revisit at some point. Here are my current notes:

https://overthewire.org/wargames

Bandit

The command I used for the thumbnail is this:

```echo: & echo:C:^\Users\User^> echo: ^& echo ^^^>Shall we play a game?... ^& echo _ & echo >Shall we play a game?... & echo _```

I want to explore cybersecurity a bit and this looks like a great option. I only want to use man pages if possible. I will try to use my knowledge I have but will reference the "Commands you may need to solve this level". I will reference this as suggested commands.

Need to write what each part is asking for context.

========================

Bandit 0:

========================

SSh into bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0.

---

SSH to using port 2220:

bandit.labs.overthewire.org

Username:

bandit0

Passsword:

bandit0

========================

Bandit0->1

========================

The password is stored on a file called readme in the home directory.

---

Run

```ls

cat readme```

Password:

ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If

Note (if needed later):

```pwd```:

/home/bandit0

========================

Bandit1->2

========================

The password is stored on a file called -

---

```ls -a```

Doesn't return dashed files.

Reviewing the suggested commands:

Known:

ls, cd, cat

Unknown:

file - determines file type

du - estimate file space usage

find - search for files in a directory hierarchy

I think ```find``` is what I want for this. Reviewing [Ubuntu's man page][https://manpages.ubuntu.com/manpages/noble/man1/find.1.html] Skimming the sections there's "unusual filenames". I think this may help me but trying ```find -ls``` still gives me the same files but more details like the groups that own them. I tried a few different commands but I can't find any info on it in the manuals. I [Googled it][https://mayadevbe.me/posts/overthewire/bandit/level2/] and found I need to append ./ to open it but it should be listed? I wasn't able to find any reference to this in the docummentation.

After a bit of headache I realized I didn't read the instructions fully on the last step... "Use this password to log into bandit1 using SSH."

Ya... I'll read more closely

SSH back in with the bandit1/and the previous password. Running ls now shows a single file ```-```

Running cat ```./-``` gets the password:

263JGJPfgU6LtdEvgfWU1XP5yac29mFx

========================

Bandit2->3

========================

The password is on a file called --spaces in this filename--

---

Logging into bandit2 with the password (I'm catching on) need to find a file called ```--spaces in this filename--``` located in the home directory.

```cat ./-./-spaces./ in./ this./ filename./-./-``` does not work

Running the command I learned before ```find -ls``` gives us the following for the filename ```./--spaces\ in\ this\ filename--```

Running ```cat ./--spaces\ in\ this\ filename--``` give us a password:

MNk8KNH3Usiio41PRUEoDFPqfxLPlSmx

========================

Bandit3->4

========================

Stored on a hidden file in the inhere directory.

Logging in, ```ls```, inhere folder is listed.

```cd inhere/```

```ls``` nothing (I guessed)

```la -a```

```...Hiding-From-You``` is shown

```cat ...Hiding-From-You```

Password:

2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJ

========================

Bandit4->5

========================

The password is on the only human-readable file in the inhere directory.

---

``ls``` show inhere file

```cd inhere/``` > ```ls```

There may be an easy way to read all at once but it's easy to brute force.

```cat ./-file00```

Inspect it, press up arrow, backspace, next file name, repeat.

I did notice 03 seamed to be some kind of terminal break? The tip says to type clear to fix. The only readable file is 07 which give the password:

4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw

========================

Bandit5->6

========================

The password is in the inhere directory and is: human-readable, 1033 bytes in size, not executable

---

The first two sound easier to sift so lets start with size. Running ```find -ls``` shows a lot of files in these folders. I am able to spot one of them in ```./maybehere07/.file2```

Running ```cd maybehere07/``` then ```cat ./-file2``` gives us a massive password that is human readable.

I know pipe is a thing so I want to know if I can confirm this. I tried a few different variations that I could think but I don't think I understand pipe well enough to do it. Looking at that site I found earlier and I'm just going to reference their explanation rather then restating it all: [https://mayadevbe.me/posts/overthewire/bandit/level6/]

Password:

J67tSefFKYcCAUUQmclCbDzpijgUE2VZeC2LHFikNP3IuTbERBw6CpeLRqDJskyUvZwpeP6helUWai750jaGVNpGJ94gorbwQLPwHfDwb2XLLzrC4jfmn8JLXT0jeVkIW4VfCqUSeHyKNsozJ2gYgZLInRFlWqxcKG6DR9CIRGAWUKeIBRUN8sxvxdNGvc8jhbg3RIeGq05WlkPxGNPCwxYCcu1hCGqdtfGbqGeyVaYIEDfetHS1siBU1IpM113A2Ysswv79cJ6S2ikv1MpWg8gpWLFaCUCJnyhcLAes1FeQ1e5VqxcxeO11DCxA57thoQ13UnxCBqttGVrez1jmDD22AEVOAASfzbEcXNcmZOBwdbx49AzLyiOmrS2XGZfDKlRVoF09LzUA8XqMPO9B10fSQitGs0Npgy6PQANJNGOVIQoCU4yi4f5lw77KV3f9IGlx2FtChC3F5vyW2fO4YFbp0983sBWScC9UbRhJF1HYCJfRlZ6uuNgcsZJ2I63H7zBPr3t64qEAXABSJcwtiTm68pUuppbApPsA5KjJtC1ih1O3w4kdjnLY2CdLFUZTse9zHzwuoKZNeKL0kkhOqFLDfCetfXlaff3PNmX6q9zw8rfwe1vQSwLOesguhdmArICSQ0Mk86JJQaA79wqt9Eig2BzrSd2Fy5JbxWU7W3zJPnPXA3hCA3lvpe1vlPRIYuU9nnTWhTLlYOlRwuBEoswyFB9QaWOufgNGL85eOJahzeXMLBh8suJlLiz7C4stadra5mdONGv40VzehCM2r6xeQG0JfctB1qX7BBlzB5nJI1g79iK6QBZ655vdMsevMOMj9187wQlWKIRCq8KEfRhs9kii4aJ2l6xsBNxDlaa7Ec3CAfBrumMlIUT4uAHAOKpkoIMGzmmTWsVR1oF48cV8JsOUb92wI7XCz2Ljm8KuTO1RWxJuL3s2K1srWijpnDM4XlQ2PUlvXxRBrBYQF4AFYtLiPSKraimoTST7sxeCrP5OXUpCdFresPVRs7aDQZJz4JOMFdVKP6M4NAu4LomPMGQU84q7YlzIVCkFnGt0nIGBeO7VfwIf6tJbqSWjbiVt7oge2CadpHvPyZRo8QpZJYsJLdvbI8l3Fc2onq6aJi6xDEyle8MQPyWqsIgmDmLA0pDbJYarVgKXyy73QQuvOHk5Fz7ks0KfMaQz94Y3CVemLfPSHpCRTcmOO76suMpIFG0bUDaxGkfw9RCshPGmcNfU4wedjyPlK7Tv0CJVvKpOOy18UW5X9iZ65su5jP5K0mhJTQD71yw7E36FeLi9mf5cS21K8vGWlbt5ggzeUlFkDLV9wIwGK4Ga4zCTfvI2OuCX9mQjzqtMZ59piS6flG9D8zrrwSuxgQ0qTZuWeA660o3nKZuO5M3K1HXfHKFYd33wCdxgLdzaI1KayFO9siDyQY9d5v3mc6lXqFuZOIDmeWQZulZO4OBAYIQ477QRf6mEcSWGve7V4DdGneHg40s93UyhYBthWGfz6bj5nJQNWtgnTbEGyYaHuoaTdw2VAdfxAwWLaiNkzlivEEHKHOjU1hfnwL62REdahU9GyWau8LsZ8jq31TBWxfkhghpLHaKVeFCfStsayhBX4TuHjuVhX6Acl8GIBirk5rQcNUoLupRlqMnnCXDPDiAhLtpTaXO3EYTSU1aUcG9hTG1B0tyBBvw7yQQr349olyczqqgyYpkgd6Lzkc2BlkpjjrNzdUgCZmCZwEA4Ftj4JSb0LZRlt2MbeFMnw33AFoAY3XoSARLuPzlLqE6yTiliGCVUAbVhJkDmP0oSybURITNnCwTvYbbdeXbYbo9BVXMRafxBqZNo4V2lfQdy4WUTgBmhCq0bLyqn7lb8B2E8UuNnVloj4ahn5RrmPfNhRN59X6Ux4nN1ndGj6AOVrJS8BqGMuLKPFIGohyxmylEnTNHbZxg841cLnI57KLQA20DLryXx2qar0X9KvZwoK3Mfm8ydUYlfeAqlzpcfq3rxJAkeV4uIyQMu5ItfXslTTo3pRbbdF8NazwFDEIDzBBBHnA04RW2gdo4FyYKbUHZG2HI8Fc3BQjVLuTJlGH7pfXfubKqza6Q2NJrZ6yGlk1NA2v4XGiAbpl1nonni2u8WnTpNqagMnxbr3fZa1HW0XByt61c1SKMcwKo1PaoPeSvbXOx9ttOCSwoshNSq6GfyWPNUc3iHD3HEIeIfSnJ4G62i0RsLTNxpYfnMk5PjWL7KN83swOBBwYSubE2EWb2nphWADWZo6aeOnoxTcP6Rfl79rCq9P28xiNnV83QG8MVDnEpih2YXQZ5yP66TfoIv3Jth5kRWApANFg6trS6UPHsvEIRBUjknjqdLzuGUo86C76a1nXvTXKXiXOFKkpmdd1OZ2Km9ModpTFjLcNePOQYkrvpufMJFtBgyEfWSs52rzbpzTqZST7vmLPEI0iD2PuCCBHwx1P14n1HPfwNdvDezkllurmVodiE

========================

Bandit6->7

========================

---

Google Sites

Report abuse