Bandit Level 0
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
ssh bandit0@bandit.labs.overthewire.org -p 2220
Bandit Level 0 → Level 1
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
cat readme
Bandit Level 1 → Level 2
The password for the next level is stored in a file called - located in the home directory
more ./-
Bandit Level 2 → Level 3
The password for the next level is stored in a file called spaces in this filename located in the home directory
more 'spaces in this filename'
more spaces\ in\ this\ filename
Bandit Level 3 → Level 4
The password for the next level is stored in a hidden file in the inhere directory.
ls -al inhere
cat inhere/.hidden
Bandit Level 4 → Level 5
he password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
cat ./-file07
Bandit Level 5 → Level 6
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
find inhere/ -type f -size 1033c
Bandit Level 6 → Level 7
The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
find / -size 33c -group bandit6 -user bandit7 2>/dev/null
Bandit Level 7 → Level 8
The password for the next level is stored in the file data.txt next to the word millionth
grep millionth data.txt
Bandit Level 8 → Level 9
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
sort data.txt | uniq -u
Bandit Level 9 → Level 10
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
strings data.txt | grep "="
Bandit Level 10 → Level 11
The password for the next level is stored in the file data.txt, which contains base64 encoded data
cat data.txt | base64 -d
Bandit Level 11 → Level 12
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m' | cut -d" " -f4
5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
Bandit Level 12 → Level 13
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
bandit12@melinda:~$ mkdir /tmp/sn0wbl4ck
bandit12@melinda:~$ cp data.txt /tmp/sn0wbl4ck/data.txt
bandit12@melinda:~$ cd /tmp/sn0wbl4ck
bandit12@melinda:/tmp/sn0wbl4ck$ ls
data.txt
bandit12@melinda:/tmp/sn0wbl4ck$ xxd -r data.txt datadump
bandit12@melinda:/tmp/sn0wbl4ck$ file datadump
datadump: gzip compressed data, was "data2.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/sn0wbl4ck$ mv datadump datadump.gz
bandit12@melinda:/tmp/sn0wbl4ck$ gzip -d datadump.gz
bandit12@melinda:/tmp/sn0wbl4ck$ ls
data.txt datadump
bandit12@melinda:/tmp/sn0wbl4ck$ file datadump
datadump: bzip2 compressed data, block size = 900k
bandit12@melinda:/tmp/sn0wbl4ck$ mv datadump datadump.bz2
bandit12@melinda:/tmp/sn0wbl4ck$ bzip2 -d datadump.bz2
bandit12@melinda:/tmp/sn0wbl4ck$ ls
data.txt datadump
bandit12@melinda:/tmp/sn0wbl4ck$ file datadump
datadump: gzip compressed data, was "data4.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/sn0wbl4ck$ mv datadump datadump.gz
bandit12@melinda:/tmp/sn0wbl4ck$ gzip -d datadump.gz
bandit12@melinda:/tmp/sn0wbl4ck$ ls
data.txt datadump
bandit12@melinda:/tmp/sn0wbl4ck$ file datadump
datadump: POSIX tar archive (GNU)
bandit12@melinda:/tmp/sn0wbl4ck$ tar -xvf datadump
data5.bin
bandit12@melinda:/tmp/sn0wbl4ck$ ls
data.txt data5.bin datadump
bandit12@melinda:/tmp/sn0wbl4ck$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@melinda:/tmp/sn0wbl4ck$ tar -xvf data5.bin
data6.bin
bandit12@melinda:/tmp/sn0wbl4ck$ ls
data.txt data5.bin data6.bin datadump
bandit12@melinda:/tmp/sn0wbl4ck$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@melinda:/tmp/sn0wbl4ck$ mv data6.bin data6.bz2
bandit12@melinda:/tmp/sn0wbl4ck$ bzip2 -d data6.bz2
bandit12@melinda:/tmp/sn0wbl4ck$ ls
data.txt data5.bin data6 datadump
bandit12@melinda:/tmp/sn0wbl4ck$ file data6
data6: POSIX tar archive (GNU)
bandit12@melinda:/tmp/sn0wbl4ck$ tar -xvf data6
data8.bin
bandit12@melinda:/tmp/sn0wbl4ck$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compression
bandit12@melinda:/tmp/sn0wbl4ck$ mv data8.bin data8.gz
bandit12@melinda:/tmp/sn0wbl4ck$ gzip -d data8.gz
bandit12@melinda:/tmp/sn0wbl4ck$ file data8
data8: ASCII text
bandit12@melinda:/tmp/sn0wbl4ck$ cat data8
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
Bandit Level 13 → Level 14
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
ssh -i sshkey.private bandit14@127.0.0.1
cat /etc/bandit_pass/bandit14
Bandit Level 14 → Level 15
The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
telnet 127.0.0.1 30000
Bandit Level 15 → Level 16
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
openssl s_client -host 127.0.0.1 -port 30001
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
