This repository contains a walkthrough guide to completing the Bandit levels in the OverTheWire wargames.
- Bandit Levels
Level Goal: The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0.
- Commands:
ssh [email protected] -p 2220exit
- Password for Level 0:
bandit0
Level Goal: The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
- Commands:
ssh [email protected] -p 2220cat readmeexit
- File:
readme - Password for Level 1:
NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
Level Goal: The password for the next level is stored in a file called - located in the home directory
- Commands:
ssh [email protected] -p 2220cat ./-exit
- File:
- - Password for Level 2:
rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi
Level Goal: The password for the next level is stored in a file called spaces in this filename located in the home directory
- Commands:
ssh [email protected] -p 2220cat spaces\ in\ this\ filenameexit
- File:
spaces in this filename - Password for Level 3:
aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
Level Goal: The password for the next level is stored in a hidden file in the inhere directory.
- Commands:
ssh [email protected] -p 2220cat inhere/.hiddenexit
- File:
.hidden - Password for Level 4:
2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
Level Goal: The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
- Commands:
ssh [email protected] -p 2220file inhere/*cat inhere/-file07exit
- File:
-file07ASCII text - Password for Level 5:
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
Level Goal: The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
+ human-readable
+ 1033 bytes in size
+ not executable
- Commands:
ssh [email protected] -p 2220find ./* -type f -readable -size 1033c ! -executablecat ./inhere/maybehere07/.file2exit
- File:
./inhere/maybehere07/.file2 - Password for Level 6:
P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
Level Goal: The password for the next level is stored somewhere on the server and has all of the following properties:
+ owned by user bandit7
+ owned by group bandit6
+ 33 bytes in size
- Commands:
ssh [email protected] -p 2220cd /find -group bandit6 -user bandit7 -size 33ccat ./var/lib/dpkg/info/bandit7.passwordexit
- File:
bandit7.password - Password for Level 7:
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
Level Goal: The password for the next level is stored in the file data.txt next to the word millionth
- Commands:
ssh [email protected] -p 2220grep -F millionth data.txtexit
- File:
data.txt - Password for Level 8:
TESKZC0XvTetK0S9xNwm25STk5iWrBvP
Level Goal: The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
- Commands:
ssh [email protected] -p 2220cat data.txt |sort|uniq -uexit
- File:
data.txt - Password for Level 9:
EN632PlfYiZbn3PhVK3XOGSlNInNE00t
Level Goal: The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
- Commands:
ssh [email protected] -p 2220strings data.txt | grep ==exit
- File:
data.txt - Password for Level 10:
G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s
Level Goal: The password for the next level is stored in the file data.txt, which contains base64 encoded data
- Commands:
ssh [email protected] -p 2220base64 -d data.txtexit
- File:
data.txt - Password for Level 11:
6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM
Level Goal: The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
- Commands:
ssh [email protected] -p 2220- ``
exit
- File: ``
- Password for Level : ``
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent