The following post is a walkthrough for Overthewire bandit challenge.The bandit challenge of overthewire is based on linux commands. These challenges will guide you on how to deal with different files in a linux environment. Bandit contains 26 levels and this article is a series of 1 – 5 levels.

> Level 0 -1:

ssh -p 2220

using password: bandit0

Making connection to ssh server of bandit level 0 over the port 2220:

This level is the easiest. A simple ‘ls’ will list out ‘readme’ file in the directory and cat will open to file to read.

> Level 1- 2:

ssh -p 2220

Login to this level via the hash key you found in the readme file in level 0.

ls -la will list out different files and directories in bandit1 directory. The file here is ‘-‘ which contains the password for the next level.Though it took me awhile to figure that out, I was overlooking this part.

‘-‘ is actually a file which contains the password. So the command that works here is cat ./-


>Level 2-3:

ssh -p 2220

Logging into level 2 using the password I found above:

The file name is spaced and this is how you access a file name with spaces.

cat spaces\ in\  this\ filename

>level 3- 4:

ssh -p 2220

Logging into level 3 with the password obtained above:

ls -a will list the directory and you will find a inhere directory there, go to inhere directory and use ls -a again to show the hidden file and then use cat command to show what’s in the file. cat ./.hidden

>level 4-5:

ssh -p 2220

Logging into level 4 with the above password.

The password file is again in the inhere directory and there are 10 different files there. The hint is given in over the wire that the file which contains the password is human readable. Now we have to see what is the type of these files and to know that we can use file . ./* command and the following is the output. Now ASCII files are human readable. So there you go!

we have completed 5 levels for now. The next will be continued in the next article.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: