Overthewire Bandit walkthrough

Overthewire Bandit walkthrough 0 to 16 | | overthewire bandit solutions | overthewire passwords.

In this post, we are learning and practice Linux security and important commands OverTheWire Bandit Organization hosts this war-game.

What is OvertheWire Bandit

OverTheWire offers a collection of wargames that are designed to help you learn practice security concepts in addition to fostering and exercising a particular way of thinking.

Overthewire Bandit Level 0 → Level 1

Goal

The goal of this level is to log into the SSH connection. we need to connect this server host bandit.labs.overthewire.org, on port 2220. and find the next level password is stored in a file called readme located in the user home directory.

ssh [email protected] -p2220
  • username: bandit0
  • password: bandit0
ls -lsa
cat readme

Overthewire Bandit Level 1 → Level 2

Goal

The password of the next level is stored in a file called hyphen ( ) you can located the file bandit1 user home directory

ssh [email protected] -p2220
  • username: bandit1
  • password: boJ9jbbUNNfktd78OOpsqOltutMc3MY1
whoami
ls
cat ./-

Overthewire Bandit Level 2 → Level 3

Goal

The Next level password is stored in the file spaces in this filename located in the home directory.

ssh [email protected] -p2220
  • username: bandit2
  • password: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
ls
cat "spaces in this filename"
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 3 → Level 4

Goal

The Next level password is stored in a hidden file in the inhere directory

ssh [email protected] -p2220
  • username: bandit3
  • password: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
ls
cd inhere/
ls -lsa
cat .hidden
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 4 → Level 5

Goal

The Next level password is stored in the only human-readable file in the inhere directory

ssh [email protected] -p2220
  • username: bandit4
  • password: pIwrPrtPN36QITSp3EQaw936yaFoFgAB
ls
cd inhere/
ls
file ./*
cat ./-file07
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 5 → Level 6

Goal

The next level password is stored in a file somewhere under the inhere directory. the hint is human-readable file size is 1033 bytes

ssh [email protected] -p2220
  • username: bandit5
  • password: koReBOKuIDDepwhWk7jZC0RTdopnAYKh
ls
cd inhere/
ls
pwd
find /home/bandit5/inhere -size 1033c
cat /home/bandit5/inhere/maybehere07/.file2
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 6 → Level 7

Goal

The password for the next level is stored somewhere on the server and file owner is bandit7 and group bandit6 file size is 33 bytes

ssh [email protected] -p2220
  • username: bandit6
  • password: DXjZPULLxYr17uwoI01bNLQbtFemEgo7
ls 
find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null
cat /var/lib/dpkg/info/bandit7.password
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 7 → Level 8

Goal

The next level password is stored in the file data.txt next to the word millionth

ssh [email protected] -p2220
  • username: bandit7
  • password: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
ls
strings data.txt |grep millionth
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 8 → Level 9

Goal

The next level password is stored in the file data.txt and is the only line of text that occurs only once

ssh [email protected] -p2220
  • username: bandit8
  • password: cvX2JJa4CFALtqS87jk27qwqGhBM9plV
ls
strings data |sort |uniq -u
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 9 → Level 10

Goal

The next level password is stored in data.txt human-readable strings format, with start characters ‘=’

ssh [email protected] -p2220
  • username: bandit9
  • password: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
ls
strings data.txt | grep =
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 10 → Level 11

Goal

The next level password is stored in the file data.txt, encoded on base64.

ssh [email protected] -p2220
  • username: bandit10
  • password: truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
ls
cat data.txt | base64 -d
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 11 → Level 12

Goal

The next level password is stored in the file data.txt, and encoded on rot13.

ssh [email protected] -p2220
  • username: bandit11
  • password: IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
ls
cat data.txt | tr a-zA-Z n-za-mN-ZA-M

Online decoding rot13 password

Overthewire Bandit Level 12 → Level 13

Goal

The next level password is stored in data.txt, the file which is a hex dump repeatedly compressed. using the mkdir command create a directory on /tmp location. example: mkdir /tmp/hackNos. Then copy the data file using cp, and rename it using the mv command.

ssh [email protected] -p2220
  • username: bandit12
  • password: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
ls
mkdir /tmp/hacknos
cd /tmp/hackNos
cp ~/data.txt .
ls
file data.txt
xxd -r data.txt output1
file output1
mv output1 output2.gz
gunzip -d ouput.gz
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords
ls
file output2
mv output2 output3.bz2
bzip2 -d output.bz2
file output3
mv output output.gz
gunzip -d output.gz
file output3
mv ouput3 output4.tar
tar -xvf output.tar
file data5.bin
tar -xvf data5.bin
file data6.bin
bzip2 -d output7.bz2
ls
file output7
tar -xvf output7
file data8.bin
mv data8.bin output9.gz
gunzip -d output9.gz
file output9
cat output9
Overthewire Bandit 0 to 16 walkthrough | bandit overthewire | overthewire bandit solutions | overthewire passwords

Overthewire Bandit Level 13 → Level 14

Goal

The password for the next level is stored in /etc/bandit_pass/bandit14 file and only read by bandit14 user. you can connect with ssh connection using the SSH private key on local-host.

ssh [email protected] -p2220
  • username: bandit13
  • password: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
ls
ssh -i sshkey.private [email protected]

Overthewire Bandit Level 14 → Level 15

Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on the localhost.

whoami
cat /etc/bandit_pass/bandit14
nc -v 127.0.0.1 30000

Overthewire Bandit Level 15 → Level 16

Goal

The password of the next level can be retrieved by submitting the current level password on localhost and port 30001 using SSL encryption.

ssh [email protected] -p2220
  • username: bandit15
  • password: BfMYroe26WYalil77FoDi9qh59eK5xNr
openssl s_client -connect 127.0.0.1:30001

Overthewire Bandit Level 16 → Level 17

Goal

The next level password can be retrieved by submitting a current level password. on localhost and port range 31000 to 32000.

First, we scan our localhost using the nmap scan and Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials,

ssh [email protected] -p2220
  • username: bandit16
  • password: cluFn7wTiGryunymY0u4RcffSxQluedhd
nmap -sV -p31000-32000
echo "cluFn7wTiGryunymY0u4RcffSxQluedhd" | openssl s_client -connect localhost:31790 -ign_eof
Reverse Shell Cheat Sheet link

About Rahul Gehlaut

Cyber Security Researcher, CTF Player. Tech Blog Writer.

View all posts by Rahul Gehlaut →

Leave a Reply

Your email address will not be published. Required fields are marked *