🧠

Search

SearchSearch

Bandit

  • Level 0
    • challenge
      • The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
    • ssh -p 2220 bandit0@bandit.labs.overthewire.org
    • flag: bandit0
  • Level 0 1
    • challenge
      • The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
    • ssh -p 2220 bandit0@bandit.labs.overthewire.org
    • cmds: cat readme
    • flag: NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
  • Level 1 2
    • challenge
      • The password for the next level is stored in a file called - located in the home directory
    • ssh -p 2220 bandit1@bandit.labs.overthewire.org
    • cmds: cat < -
    • flag: rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi
  • Level 2 3
    • challenge
      • The password for the next level is stored in a file called spaces in this filename located in the home directory
    • ssh -p 2220 bandit2@bandit.labs.overthewire.org
    • cmds: cat < “spaces in this filename”
    • flag: aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
  • Level 3 4
    • challenge
      • The password for the next level is stored in a hidden file in the inhere directory.
    • ssh -p 2220 bandit3@bandit.labs.overthewire.org
    • cmds:
      • cd inhere
      • ls -f
      • cat < .hidden
    • flag: 2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
  • Level 4 5
    • challenge
      • The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
    • ssh -p 2220 bandit4@bandit.labs.overthewire.org
    • cmds:
      • cd inhere
      • ls -f
      • file ./* (looking for “ASCII text” which is human-readable rather than data aka binary)
      • cat < -file07
    • flag: lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
  • Level 5 6
    • challenge
      • The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
      • human-readable
      • 1033 bytes in size
      • not executable
    • ssh -p 2220 bandit5@bandit.labs.overthewire.org
    • cmds
      • cd inhere
      • find . -type f ! -executable -size 1033c
      • cat < ./maybehere07/.file2
    • flag: P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
  • Level 6 7
    • challenge
      • The password for the next level is stored somewhere on the server and has all of the following properties:
        • owned by user bandit7
        • owned by group bandit6
        • 33 bytes in size
    • ssh -p 2220 bandit6@bandit.labs.overthewire.org
    • cmds
      • cd /
      • ls
      • find . -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null
      • cat < ./var/lib/dpkg/info/bandit7.password
    • flag: z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
  • Level 7 8
    • challenge
      • The password for the next level is stored in the file data.txt next to the word millionth
    • ssh -p 2220 bandit7@bandit.labs.overthewire.org
    • cmds
      • man grep
      • grep -F “millionth” data.txt
    • flag: TESKZC0XvTetK0S9xNwm25STk5iWrBvP
  • Level 8 9
    • challenge
      • The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
    • ssh -p 2220 bandit8@bandit.labs.overthewire.org
    • cmds
      • sort data.txt | uniq -u
    • flag: EN632PlfYiZbn3PhVK3XOGSlNInNE00t
  • Level 9 10
    • challenge
      • The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
    • ssh -p 2220 bandit9@bandit.labs.overthewire.org
    • cmds
      • strings data.txt | grep ===
    • flag: G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s
  • Level 10 11
    • challenge
      • The password for the next level is stored in the file data.txt, which contains base64 encoded data
    • ssh -p 2220 bandit10@bandit.labs.overthewire.org
    • cmds
      • cat data.txt
      • echo VGhlIHBhc3N3b3JkIGlzIDZ6UGV6aUxkUjJSS05kTllGTmI2blZDS3pwaGxYSEJNCg== | base64 —decode
      • base64 -d data.txt (this is faster)
    • flag: 6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM
  • Level 11 12
    • challenge
      • The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
    • ssh -p 2220 bandit11@bandit.labs.overthewire.org
    • cmds
      • cat data.txt | tr ‘A-Za-z’ ‘N-ZA-Mn-za-m’
      • alias rot13=“tr ‘A-Za-z’ ‘N-ZA-Mn-za-m‘“
      • alias rot5=“tr ‘0-9’ ‘5-90-4‘“
    • flag: JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv
  • Level 12 13
    • challenge
      • The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
    • ssh -p 2220 bandit12@bandit.labs.overthewire.org
    • cmds
      • x
    • flag:
  • Level 13 14
  • Level 14 15
  • Level 15 16
  • Level 16 17
  • Level 17 18
  • Level 18 19
  • Level 19 20
  • Level 20 21
  • Level 21 22
  • Level 22 23
  • Level 23 24
  • Level 24 25
  • Level 25 26
  • Level 26 27
  • Level 27 28
  • Level 28 29
  • Level 29 30
  • Level 30 31
  • Level 31 32
  • Level 32 33
  • Level 33 34

Graph View

Backlinks