OverTheWire: Wargames - Bandit
Hints and commands given in the OverTheWire website was used as a guide to find the password fro the next level.
The screenshots illustrate the commands used to discover the password.
Level Goal
Connect to the OverTheWire game server using SSH using provided credentials and discover password for Level 1. hostname: bandit.labs.overthewire.org username: bandit0 password: bandit0
How To
Use an SSH application and SSH to bandit0@bandit.labs.overthewire.org. Given that the file is in the home directory, use ls command to list the content of the directory.Notice the file named readme, and simply read this filename to find the password for the next level using the command cat readme.
Terminate the SSH session by typing exit and reconnect to the bandit game using thenew username and password for level 1.
Learning/Conclusion
Possibilities are there to receive a few prompts regarding RSA keys, or a warning that someone may be eavesdropping on you. Research and remove keys belonging to the hostname to overcome this issue. Also it covered a few basic commands.
Level Goal
Discover password for the next level stored in a file called - located in the home directory.
How To
Login as bandit1 using the password recovered from level0 and land in the home directory. Given that the file is in the home directory named -, the command cat ./- produces the intended result. The period denotes the current working directory which in this case can be substituted with /home/bandit1.
Terminate the SSH session and login to next level.
Learning/Conclusion
The file cannot be simply read using the command cat - since - in bash is used to redirect to/from stdin or stdout, meaning that whatever is typed after the command will be read standard in and will be repeated standard out. Further researching in Bash/Linux special characters would reveal more.
Level Goal
Discover password for the next level stored in a file called "spaces in this filename" located in the home directory.
How To
Given that the file is in the home directory named again the command cat should produce results. The file can is read using the command cat spaces\ in\ this\ filename in which the backslash preserves the space following it or simply type cat sp and hit Tab for the shell to fill the rest.
Terminate the SSH session and login to next level.
Learning/Conclusion
When using the cat command to read the file, space character cannot be typed directly since linux uses it to separate items. From the file "spaces in this filename" only the first word, that is "spaces" will be taken as the filename. A preceding backslash is used before the space character to recognize it and read it as it is.
Escape characters are powerful when programming and helpful when dealing with weird filenames. Additionally tab completion is extremely powerful which would reduce errors made in spelling filenames and can really be efficient for traversing through file structures.
Level Goal
Discover password for the next level stored in a hidden file in a directory named "inhere".
How To
Try to list all what inhere directory holds with the ls command and it would show it as blank. Go through the manual of for ls command by typing in man ls and notice the argument -a used to list all items. Press q and exit. Then use the command with the argument to list literally all items. This should show three things listed. A period, two periods and .hidden. The period denotes the current directory, two periods references the parent directory and .hidden is the hidden file containing the password for the next level.
Read the file using cat /inhere/.hidden from the home directory to recover the password.
Terminate the SSH session and login to next level.
Learning/Conclusion
A hidden file can be created by adding a period in at the beginning of the filename which will not be visible to a simple ls command. ls command can be used with several arguments to get more information about the items in a directory. The manual can and should be used in order to get a detailed description about commands and their usage.
Level Goal
Discover password for the next level stored in the only human-readable file in the directory named "inhere".
How To
List all the items in the folder and notice the file names beginning with a dash meaning that we should adjust the command. Given that there is only one human-readable file in the directory, using wildcard type in the command file ./* to identify the file with ASCII characters. This should show the only human-readable file as -file07.
Read the password, terminate the SSH session and login to next level.
Learning/Conclusion
A human readable means a human can read it without the need of computer translation. Therefore, human readable content will be in ASCII or similar while non-human readable data will be in binary. To explore the type of data file command can be used with arguments.
Moreover usage of a wildcard often represented by the ‘*’, commonly referred to as ‘splat’ with commands the shell will match any character to any length. Different wildcards are used for different purposes which greatly increases the flexibility and efficiency of searches.
bandit5
bandit6
bandit7
bandit8
bandit9
bandit10
bandit11
bandit12
bandit13
bandit14
bandit15
bandit16
bandit17
bandit18
bandit19
bandit20
bandit21
bandit22
bandit23
