OverTheWire : Bandit Challenge
What is it exactly ?
The Bandit wargame from OverTheWire is designed as a hands-on, practical learning environment for individuals who are new to cybersecurity and want to enhance their command line, Linux, and hacking skills. Here's an elaboration on the key aspects:
- Target Audience: Absolute Beginners: The game is specifically tailored for individuals who are just starting their journey in cybersecurity. It assumes little to no prior knowledge of command line usage or Linux systems.
-
Connection via SSH: SSH (Secure Shell): Users connect to the game servers using SSH, a secure protocol for accessing remote systems. This helps simulate real-world scenarios where administrators and hackers often manage systems remotely.
Command Line Skills Improvement: Hands-On Learning: Users are provided with a series of levels, each presenting a different challenge or puzzle. To progress, participants need to solve these challenges using command line instructions. This hands-on approach allows users to immediately apply and reinforce their knowledge.
-
Linux Skills Enhancement: Focused on Linux: The challenges in Bandit are set up on Linux servers. Participants learn and apply Linux commands and concepts, which are fundamental for anyone working in the field of cybersecurity, as Linux is widely used in server environments.
-
Progressive Learning: Sequential Levels: The challenges are organized into levels of increasing difficulty. Participants start with basic tasks and gradually move on to more complex scenarios. This progressive structure allows for a smooth learning curve, ensuring that users build upon their skills as they advance through the game.
If you get stuck somewhere , Below is a Walkthrough for the Challenge
Level 0
$ssh [email protected] -p 2220
bandit0
Level 1
$ssh [email protected] -p 2220
NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
$cat ./-
Level 3
$ssh [email protected] -p 2220
aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
$ls -al
$cat .hidden
Level 4
$ssh [email protected] -p 2220
2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
$file ./-file0*
$cat ./-file07
Level 5
$ssh [email protected] -p 2220
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
$find -type f -size 1033c ! -executable
$cat ./maybehere07/.file2
Level 6
$ssh [email protected] -p 2220
P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
$find -type f -size 33c -group bandit6 -user bandit7
$cat ./var/lib/dpkg/info/bandit7.password
Level 7
$ssh [email protected] -p 2220
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
$cat data.txt | grep "millionth"
Level 8
$ssh [email protected] -p 2220
TESKZC0XvTetK0S9xNwm25STk5iWrBvP
$cat data.txt | sort | uniq -u -c
Level 9
$ssh [email protected] -p 2220
EN632PlfYiZbn3PhVK3XOGSlNInNE00t
$strings data.txt | grep ===*
Level 10
$ssh [email protected] -p 2220
G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s
$cat data.txt | base64 -d
Level 11
$ssh [email protected] -p 2220
6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM
//use ROT13 decryter on google
Level 12
$ssh [email protected] -p 2220
JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv
$xxd -r f1 > f2
$mv f2 f2.gz
$gzip -d f2.gz
$mv f2 f3.bz2
$bzip2 -d f3.bz2
$mv f3 f4.gz
$gzip -d f4.gz
$mv f4 f4.tar
$tar -xf f4.tar
$mv data5.bin f5.tar
$tar -xf f5.tar
$mv data6.bin f6.bz2
$bzip2 -d f6.bz2
$mv f6 f6.tar
$tar -xf f6.tar
$mv data8.bin f7.gz
$gzip -d f7.gz
$cat f7
Level 13
$ssh [email protected] -p 2220
wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw
$ssh -i sshkey.private bandit14@localhost -p 2220
$cat /etc/bandit_pass/bandit14
Level 14
$ssh [email protected] -p 2220
fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq
$nc localhost 30000
fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq
Level 15
$ssh [email protected] -p 2220
jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt
$openssl s_client localhost:30001
Level 16
$ssh [email protected] -p 2220
JQttfApK4SeyHwDlI9SXGR50qclOAil1
$nmap localhost -p 31000-32000
$openssl s_client localhost:31790 //tried all open ports from the nmap scan
// entered current level passwd and in response got ssh private key
$mkdir /tmp/barry
$touch pass
$vim pass
// pasted the rsa_key
$chmod 600 pass
$ssh -i pass bandit17@localhost -p 2220
$cat /etc/bandit_pass/bandit17
Level 17
$ssh [email protected] -p 2220
VwOSWtCA7lRKkTfbr2IDh6awj9RNZM5e
$diff passwords.old passwords.new
Level 18
$ssh [email protected] -p 2220
hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg
//upon login got kicked out
$ssh [email protected] -p 2220 "cat readme"
Level 19
$ssh [email protected] -p 2220
awhqfNnAbc1naukrpqDYcF95h7HoMTrC
$./bandit20-do cat /etc/bandit_pass/bandit20
Level 20
$ssh [email protected] -p 2220
VxCazJaVykI6W36BkBU0mJTCM8rR95XT
$echo "VxCazJaVykI6W36BkBU0mJTCM8rR95XT" | nc -lvp 1234
// open new terminal
$./suconnect 1234
Level 21
$ssh [email protected] -p 2220
NvEJF7oVjkddltPSrdKEFOllh9V1IBcq
$cd /etc/cron.d/
$cat cronjob_bandit22
$cat /usr/bin/cronjob_bandit22.sh
$cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Level 22
$ssh [email protected] -p 2220
WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
$cd /etc/cron.d
$cat cronjob_bandit23
$cat /usr/bin/cronjob_bandit23.sh
$echo I am user bandit23 | md5sum | cut -d ' ' -f 1
$cat /tmp/8ca319486bfbbc3663ea0fbe81326349
Level 23
$ssh [email protected] -p 2220
QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G
$cat /usr/bin/cronjob_bandit24.sh
$mkdir /tmp/john
$chmod 777 /tmp/john
nano s.sh
#!/bin/bash
cat /etc/bandit_pass/bandit24 > /tmp/john/pass.txt
$chmod +x s.sh
$cat /tmp/john/pass.txt
Level 24
$ssh [email protected] -p 2220
VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
$mkdir /tmp/john
$cd /tmp/john
$nano hammer.sh
#!/bin/bash
for i in {9999..000}
do
echo "VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar $i"
done
$chmod +x hammer.sh
$./hammer.sh > brute.txt
$cat brute.txt | nc localhost 30002
Level 25
$ssh [email protected] -p 2220
p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
we used the ssh key that we find on the home dir
and try to ssh into bandit26 while also making the terminal smaller in the size
so the we can buffer the output usind " More"
then we used "v" to open vim editor
then , :r cat /etc/bandit_pass/bandit26
and voila xD
Level 26
$ssh [email protected] -p 2220
c7GvcKlw9mC7aUQaPx7nwFstuAIBw1o1
making the terminal smaller in the size
so the we can buffer the output usind " More"
then we used "v" to open vim editor
then , :set shell=/bin/bash
then , :shell and we get a bash shell
$ ./bandit27-do cat /etc/bandit_pass/bandit27
and voila
Level 27
$ssh [email protected] -p 2220
YnQpBuifNMas1hcUFk70ZmqkhUU2EuaS
$git clone ssh://bandit27-git@localhost:2220/home/bandit27-git/repo
$cd repo
$cat README
Level 28
$ssh [email protected] -p 2220
AVanL161y9rsbcJIsFHuw35rjaOM19nR
$cd repo
$git log
$git show [the second last hash from the log output]
Level 29
$ssh [email protected] -p 2220
tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
after cloning the repo
change branch
$git branch -a // to list available branches
$git checkout dev
$git log
$git show [first hash from log]
Level 30
$ssh [email protected] -p 2220
xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
after cloning repo
$cd .git
$cat packed-refs
$git show [the second hash in the packedref o/p ]
Level 31
$ssh [email protected] -p 2220
OoffzGDlzhAlerFJ2cAiz1D41JW1Mhmt
after cloning the repo
$echo "May I come in?" >key.txt
$git add key.txt -f
$git commit -m "yeah"
$git push
Level 32
$ssh [email protected] -p 2220
rmCBvG56y58BXzv98yZGdO7ATVL5dW8y
$0
$cat /etc/bandit_pass/bandit33
Level 33
$ssh [email protected] -p 2220
odHo63fHiFqcWWJG9rLiLDtPm45KzUKy
Level 34
GG WP