OverTheWire Bandit Level 0 Walkthrough

Introduction

Today we're starting a new series of CTF wargames from the OverTheWire.org website.  The series is called Bandit, and the theme of the series is Linux skills.  The homepage for the series is located here:

https://overthewire.org/wargames/bandit/

In order to access the levels of the game, we will have to use the SSH program from either a Windows command line or a Linux command line.  From either command line, we use the following command to access the game:

ssh LEVELNAME@bandit.labs.overthewire.org -p 2220

Fill in LEVELNAME with the current level of the Bandit game: e.g.  to access Bandit level 0, the command would be:

ssh bandit0@bandit.labs.overthewire.org -p 2220

The system will then ask for a password.  The password for any level of Bandit is the Flag string found in the previous level of the game (except for Bandit level 0, whose password is bandit0).

Starting the Level

Log in to Bandit0 by entering the following command in your command line:

ssh bandit0@bandit.labs.overthewire.org -p 2220


If your system asks you if you are sure you want to connect, type

yes

To continue, then input the password to the level, which is bandit0 (you won't be able to see the password as you type it).

Playing the Game

For each level of Bandit, there is a corresponding webpage on the OverTheWire website which tells us what the objective of the level is (i.e. where to find the Flag string).  For level 0, the webpage is:

https://overthewire.org/wargames/bandit/bandit1.html


So the goal of the level is to access the readme file on the system located in the home directory.  We can find out our Present Working Directory by using the following command:

pwd


We are currently located in the /home/bandit0 directory, so the readme file we're looking for should be in our current directory.  Let's list out the directory's contents by using the following command:

ls


So we can confirm that the readme file is in our current directory.  The last thing to do before we finish the level is access the readme file by using the cat command.

cat readme


The random alpha-numeric string in the readme file is called the Flag in CTF wargames like Bandit.  We will want to save that Flag somewhere, because it will be used as the password for the next level of the Bandit CTF game (Bandit1).

Summary

We used the SSH command to login to level 0 of the Bandit CTF game.  Once logged in, we used the pwd command to locate our current working directory, then the ls command to list the files in the directory.  Finally, we used the cat command to read the file containing the Flag for the level.

Finish






Comments

Post a Comment

Popular posts from this blog

TryHackMe - Windows PrivEsc - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Windows PrivEsc room hosted at https://tryhackme.com/room/w indows10privesc . For this walkthrough, we'll be using two virtual machines (VMs), a Kali Linux VM as our attacking machine, and the deployed Windows 10 client as the the victim machine. Task 1 - Deploy the Vulnerable Windows VM Press the green button here: The Windows machine should come online after a minute or two. The IP address of the machine can be found here: Of course, the actual IP address will probably be a different one from the one in the screenshot.  For the examples, however, we will use the IP address of 10.10.227.113 RDP should be available on port 3389 (it may take a few minutes for the service to start). You can login to the "user" account using the password "password321": xfreerdp /u:user /p:password321 /cert:ignore /v:10.10.227.113 Questions: Deploy the Windows VM and login using the "user" ...
Read more

TryHackMe - Reversing Elf - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Reversing ELF room hosted at https://tryhackme.com/room/ reverselfiles . For this walkthrough, we'll be using one virtual machine (VMs), a Kali Linux VM as our attacking machine. Task 1 - Crackme1 Questions What is the flag? Download the Task 1 Task File Copy it to your working directory Give the file executable permissions Run the file chmod +x crackme1 ./crackme1 Task 2 - Crackme2 Questions What is the super secret password ? Give the file executable permissions Run Ltrace on the file with a test string chmod +x crackme2 ltrace ./crackme2 test ./crackme2 passwordFoundInPreviousStep Task 3 - Crackme3 Questions What is the flag? Give the file executable permissions Run strings on the file Echo the base64 string you found, pipe it into Base64 decode chmod +x crackme3 strings crackme3 echo “ base64stringFoundInPreviousStep ” | base64 -d Task 4 - Crackme4 Questions What is the password ? Give the file execu...
Read more

TryHackMe - Web Enumeration - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Web Enumeration room hosted at https://tryhackme.com/room/ webenumerationv2 . For this walkthrough, we'll be using two virtual machines (VMs), the TryHackMe AttackBox VM as our attacking machine, and the deployed vulnerable Web clients as the the victim machines. Task 1 - Introduction Questions: Let's get started No answer needed Task 2 - Manual Enumeration Questions I gotcha! No answer needed Task 3 - 1. introduction to Gobuster Questions No questions No answer needed Task 4 - 1.1 Gobuster Modes Questions I get the hang of it! No answer needed Task 5 - 1.2 Useful Wordlists Questions No questions No answer needed Task 6 - 1.3 Practical: Gobuster (Deploy #1) Questions Run a directory scan on the host. Other than the standard css, images and js directories, what other directories are available? echo “10.10.164.99 webenum.thm” >> /etc/hosts gobuster dir -t 16 -u http://webenum.thm -w /usr/sha...
Read more