Bandit, the beginner Capture The Flag (CTF) game.
Whether you’re familiar with text-based games or have never even thought of playing them (me). This is the perfect CTF for learning Linux.
You’re here to either copy my answers OR learn. Can I ask you to please focus on the learning! It’s okay to peak when you’re so blind it’s crippling you, but please don’t just copy, copy, copy!
Take the time to try, fail and repeat. It’s a massive part of learning. Don’t robe yourself of that.
Okay, lecture over. Let’s CTF!!
Wooow now, one more thing before we go any further. Open something to take notes in, Notion, Text Editor, heck Mircosoft Word. It doesn’t matter. But it’s a great idea to record what you’ve done and how you’ve done it.
Okay. Let’s continue.
Bandit Level 0
Okay, let’s get started and connect to the game. This is done via Secure Socket SHell (SSH).
This tell’s Linux to run the
ssh command, connect to
bandit.labs.overthewire.org via port
2220 and user
$ ssh [email protected] -p2220
enter and you’re in! WhooHoo! Nice job.
Take a moment to read the rules and check out the welcome message.
Bandit Level 0 → Level 1
Okay, now put your game face on, *grunts*.
Let’s take a look at our goal:
- The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
I like to copy/paste the goal into my note-taking app and highlight/bold areas that are important. In this case, we’ve got clear instructions to find the readme file.
Okay, let’s look around the machine, find the file and then read it.
We’ll use the
ls command to view files in the current directory.
cat the file we find.
$ ls readme $ cat readme boJ9jbbUNNfktd78OOpsqOltutMc3MY1
Great! We got it! I know it’s a random bunch of letters and numbers but in this CTF the “flags” will look like this. Other games might be a bit different, but this unreadable nonsense is a good thing!
Don’t forget to copy that flag by highlighting it and pressing
CTRL + SHIFT + C.
Let’s confirm this is correct by cutting connection via
bandit0 user and
ssh into the next level via
We’ll do that by running the command
Now instead of typing or copy/pasting the
ssh credentials, let’s use the
up arrow to find our last command.
Let’s just edit the command to make it more usable moving forward. Remove
[email protected] in the beginning and add
$ ssh bandit.labs.overthewire.org -p2220 -l bandit1
Now paste the flag using
CTRL + SHIFT + V which you can copy from your notes because you’re definitely taking notes, right???
Done! Now it’s time to move on to the next level.
Bandit Level 1 → Level 2
Alrighty, now it’s getting serious.
First things first, let’s read that goal.
- The password for the next level is stored in a file called – located in the home directory
Okay, seems easy, same as last round,
Try it, but you’ll see the issue.
We need to specify the exact file path in order for Linux to understand. We’ll add
./ which tells Linux “hey, I’m in this folder”.
$ ls - $ cat ./- CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
That looks pretty good!
Let’s follow the same process of
up > change user, in this case,
bandit2 > enter flag as password.
Bandit Level 2 → Level 3
Training wheels are coming off!
- The password for the next level is stored in a file called spaces in this filename located in the home directory.
Okay, hm, a bit unusal. This shouldn’t be too difficult… shouldn’t be.
If we try and
cat out to see the file, but type out
spaces in this filename it treats each word as a separate file. How do we fix this?
After a bit of googling… it’s quite easy. Just add a
\ after each word. But to make it easier, hit
TAB after typing the first letter and it’ll do it for you!
$ ls spaces in this filename $ cat spaces\ in\ this\ filename UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
Flag, got, nice.
Get out of this level and move on to the next one!
Bandit Level 3 → Level 4
Let’s go beyond
cat and start chaning directory’s (aka folders)!
So what’s the goal?
- The password for the next level is stored in a hidden file in the inhere directory.
Okay, our clue is the directory is hidden, tuck that away for now.
Let’s view what’s around and move into our directory using
You might notice I’m using
&& to chain commands together, neet little trick I’ve picked up.
$ ls inhere $ cd inhere && ls
Okay, so we should see our file… but it’s hidden, so we can’t.
We need to introduce flags, these are like switches we can use to add features to our programs.
ls displays files, but if we turn on
-a it will also display hidden files. Let’s try it!
$ ls -a . .. .hidden $ cat .hidden pIwrPrtPN36QITSp3EQaw936yaFoFgAB
Nice! We got em.
Exit and move on to the next level!
Bandit Level 4 → Level 5
Hello friend, we meet again.
As always, start with the goal.
- The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
Hmmm, this is new, something known as a human-readable file. Let’s start with the usual poking around and see what we can find.
The only difference is I’ve added the
-l switch for
ls to display results in a list with extra detail. Don’t let the extra detail scare you, just enjoy the ordered list for now.
$ ls inhere $ cd inhere && ls -la drwxr-xr-x 2 root root 4096 May 7 2020 . drwxr-xr-x 3 root root 4096 May 7 2020 .. -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file00 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file01 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file02 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file03 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file04 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file05 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file06 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file07 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file08 -rw-r----- 1 bandit5 bandit4 33 May 7 2020 -file09
Okay, wow, lots of files… what next??
Let’s take a look at a new command to help us out,
We’ll use it in junction with a file path and wildcard to display all results of the files. Let’s see what the heck I’m talking about.
$ file ./* ./-file00: data ./-file01: data ./-file02: data ./-file03: data ./-file04: data ./-file05: data ./-file06: data ./-file07: ASCII text ./-file08: data ./-file09: data
Well well well, what do we have here??
The only ‘human readable’ text I can see is ASCII text… what’s in there? Let’s
cat it out and see.
$ cat ./-file07 koReBOKuIDDepwhWk7jZC0RTdopnAYKh
Would you look at that! We did it!
And that’s it, hope you enjoyed the ride so far.
You’ve got enough skills to keep on going, so exit out and head on to the next level. Enjoy!
If you have any feedback, please send me a message via @mrashleyball.