Bandit is a one of famous wargames. It is targeted for the beginners. It will teach the basics needed to be able to play other wargames.
And what is a Wargame?
Wargame (hacking) ... In hacking, a wargame (or war game) is a cyber-security challenge and mind sport in which the competitors must exploit or defend a vulnerability in a system or application, or gain or prevent access to a computer system.
Now let's see how to play this game..,
First you have to setup a platform to play this game. You can use Linux/Unix or Windows platforms.
If you are using Linux/Unix follow these steps first:
- Open a Terminal
- type ssh <Level Number>@bandit.labs.overthewire.org -p 2220 and then type <the password you have found> Eg: bandit0@bandit.labs.overthewire.org -p 2220
- Once you found the password for the next level, use 'exit' command to disconnect connection to server.
- Reconnect to the server to go the next level.
If you are using Windows follow these steps:
2. Open Putty and set the Host name and Port
3. Once terminal is opened provide username and password
4. After you found the password for the next level restart the Putty and go the next level
Let's begin the War!!! :)
Level 0
Type Username as 'bandit0' & Password as 'bandit0'
then read the password from the file readme on the home directory. The password in the file is for the bandit1 user which is the user for the next level.
bandit0@melinda:~$ ls -lh
readme
bandit0@melinda:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1 <-- Password for the next level
Level 0 -> 1
Type Username as 'bandit1' & Password as 'boJ9jbbUNNfktd78OOpsqOltutMc3MY1'
They told that the password is in a file called “-“. We need to delimit the dash to read it.
bandit1@melissa:~$ ls
-
bandit1@melissa:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 <-- Password for the next level
Type Username as 'bandit2' & Password as 'CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9'
This time we simply need to read a file with spaces in it’s name. Let’s surround the file name in quotes.
bandit2@melissa:~$ ls
spaces in this filename
bandit2@melissa:~$ cat "spaces in this filename"
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK <-- Password for the next level
Type Username as 'bandit3' & Password as 'UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK'
They told that the file we need is in a hidden file in the inhere directory.
bandit3@melissa:~$ ls
inhere
bandit3@melissa:~$ cd inhere
bandit3@melissa:~/inhere$ ls -la
total 12
drwxr-xr-x 2 root root 4096 2012-05-10 23:51 .
drwxr-xr-x 3 root root 4096 2012-05-10 23:51 ..
-rw-r----- 1 bandit4 bandit3 33 2012-05-10 23:51 .hidden
bandit3@melissa:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB <-- Password for the next level
Level 3 -> 4
Type Username as 'bandit4' & Password as 'pIwrPrtPN36QITSp3EQaw936yaFoFgAB'
We are told the password is somewhere in the inhere directory and is the only human readable file in the directory. Let’s see what file types we have.
bandit4@melissa:~$ ls
inhere
bandit4@melissa:~$ cd inhere
bandit4@melissa:~/inhere$ ls -la
total 48
drwxr-xr-x 2 root root 4096 2012-05-10 23:51 .
drwxr-xr-x 3 root root 4096 2012-05-10 23:51 ..
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file00
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file01
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file02
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file03
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file04
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file05
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file06
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file07
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file08
-rw-r----- 1 bandit5 bandit4 33 2012-05-10 23:51 -file09
bandit4@melissa:~/inhere$ file ./-*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
bandit4@melissa:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh <-- Password for the next level
Level 4 -> 5
Type Username as 'bandit5' & Password as 'koReBOKuIDDepwhWk7jZC0RTdopnAYKh'
This is similar to the previous, except we have some more file attributes to look for. As well as more files to look through.
bandit5@melissa:~$ ls
inhere
bandit5@melissa:~$ cd inhere
bandit5@melissa:~/inhere$ ls -la
total 88
drwxr-x--- 22 root bandit5 4096 2012-05-10 23:51 .
drwxr-xr-x 3 root root 4096 2012-05-10 23:51 ..
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere00
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere01
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere02
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere03
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere04
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere05
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere06
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere07
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere08
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere09
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere10
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere11
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere12
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere13
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere14
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere15
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere16
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere17
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere18
drwxr-x--- 2 root bandit5 4096 2012-05-10 23:51 maybehere19
bandit5@melissa:~/inhere$ find ./ -size 1033c
./maybehere07/.file2
bandit5@melissa:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7 <-- Password for the next level
Level 5 -> 6
Type Username as 'bandit6' & Password as 'DXjZPULLxYr17uwoI01bNLQbtFemEgo7'
The file can be anywhere on the server, but we are given it’s attributes. This is a job for find. The command attached to the end gets rid of garbage returns and allows viewing of our password file among several others with the same attributes.
bandit6@melissa:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@melissa:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs <-- Password for the next level