GiongfNef
  • 📧Readme
  • 💰Bug Bounty
    • Business Logic: Bypass 2FA to ATO
    • 1 Click Account Take Over
  • 🥑CVE
    • CVE-2024-40492: Stored XSS to ATO
    • CVE-2023-5311
  • ☕Writeup CTF
    • Crypto
      • dvCTF 2022
      • Crew CTF 2022
      • ångstromCTF 2022
      • picoCTF 2022 + wscCTF 2022
      • Securinets CTF Quals 2022
      • NsuCrypto
      • KMA chall 2022
      • SEETF 2022
      • just CTF 2022
      • zer0pts CTF 2022
    • Web
      • ASCIS 2022 - warm up
      • RISEC CTF + UMass CTF 2022
      • LIT 2022
      • UIUCTF 2022
      • nullcon CTF2022
      • 🎃Hack The Boo 2022
    • Writeup Intigriti challenge-0923
  • 🍄Linh tinh ký sự
    • 📚Books
    • note linh tinh
      • 🐞Bug logic Shopee: Giảm 5-10% khi mua sản phẩm ?
      • 💎Financial Aid Application for Coursera
  • 🫖Wargame && Others
    • 🍀OverTheWire: Bandit
      • 🌱OverTheWire: Bandit 2022 (new)
      • 🍃OverTheWire: (old) - Bandit
      • Writeup EVABSv5.apk (12levels)
    • 📲Android
      • 📲Writeup EVABSv5.apk (Solution 12 levels)
      • 🎮Writeup droids PicoCTF - (Solution 5 levels)
    • 🌵Rootme
      • 🏝️Web - Server
      • 📟App - System
        • 🎰ELF x86 - Format string bug basic 1
        • 🐰ELF x86 - Stack buffer overflow basic 1
        • 🦊ELF x86 - Stack buffer overflow basic 2
        • 🐻ELF x86 - Stack buffer overflow basic 3
        • 🐼ELF x86 - Stack buffer overflow basic 4
        • 🐧ELF x86 - Stack buffer overflow basic 6
    • 🏆Pentest
    • 🖇️Blockchain
Powered by GitBook
On this page
  • Bandit Level 0
  • Bandit Level 0 → Level 1
  • Bandit Level 1 → Level 2
  • Bandit Level 2 → Level 3
  • Bandit Level 3 → Level 4
  • Bandit Level 4 → Level 5
  • Bandit Level 5 → Level 6
  • Bandit Level 7 → Level 8
  • Bandit Level 8 → Level 9
  • Bandit Level 9 → Level 10
  • Bandit Level 10 → Level 11
  • Bandit Level 11 → Level 12
  • Bandit Level 12 → Level 13
Edit on GitHub
  1. Wargame && Others
  2. OverTheWire: Bandit

OverTheWire: (old) - Bandit

Note : A JOURNEY TO GAIN KNOWLEDGE

PreviousOverTheWire: BanditNextWriteup EVABSv5.apk (12levels)

Last updated 2 years ago

Bandit Level 0

ssh username@hostname

so that the command is: `ssh bandit0@bandit.labs.overthewire.org -p 2220`

boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Bandit Level 0 → Level 1

bandit1@bandit:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit1@bandit:~$ cat <-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit1@bandit:~$

Bandit Level 1 → Level 2

bandit2@bandit:~$ ls
spaces in this filename
bandit2@bandit:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit2@bandit:~$

Bandit Level 2 → Level 3

bandit3@bandit:~$ ls
inhere
bandit3@bandit:~$ cd inhere/
bandit3@bandit:~/inhere$ ls
bandit3@bandit:~/inhere$ ls -a
.  ..  .hidden
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit3@bandit:~/inhere$

Bandit Level 3 → Level 4

bandit4@bandit:~$ ls
inhere
bandit4@bandit:~$ cd inhere/
bandit4@bandit:~/inhere$ ls
-file00  -file01  -file02  -file03  -file04  -file05  -file06  -file07  -file08  -file09
bandit4@bandit:~/inhere$ cat *
cat: invalid option -- 'f'
Try 'cat --help' for more information.
bandit4@bandit:~/inhere$ cat ./*
�/`2ғ�%��rL~5�g��� �������p,k�;��r*��        �.!��C��J     �dx,�e�)�#��5��
                                                                                   ��p��V�_���ׯ�mm������h!TQO�`�4"aל�?��r�l$�?h�9('���!y�e�#�x�O��=�ly���~��A�f����-E�{���m�����ܗMkoReBOKuIDDepwhWk7jZC0RTdopnAYKh
�T�?�i��j��îP�F�l�n��J����{��@�e�0$�in=��_b�5FA�P7sz��gNb

koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Bandit Level 4 → Level 5

DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Bandit Level 5 → Level 6

find / -user bandit7 -group bandit6 -size 33c

find / -user bandit7 -group bandit6 -size 33c 2>&1 | grep -F -v Permission

bandit6@bandit:/home$ find / -user bandit7 -group bandit6 -size 33c 2>&1 | grep -F -v Permission | grep -F -v directory
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:/home$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
bandit6@bandit:/home$

Bandit Level 7 → Level 8

bandit7@bandit:~$ cat data.txt | grep millionth
millionth       cvX2JJa4CFALtqS87jk27qwqGhBM9plV
bandit7@bandit:~$

Bandit Level 8 → Level 9

bandit8@bandit:~$ cat data.txt |sort |uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Bandit Level 9 → Level 10

bandit9@bandit:~$ strings data.txt  | grep =
========== the*2i"4
=:G e
========== password
<I=zsGi
Z)========== is
A=|t&E
Zdb=
c^ LAh=3G
*SF=s
&========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
S=A.H&^
bandit9@bandit:~$

Bandit Level 10 → Level 11

bandit10@bandit:~$ cat data.txt | base64 -d
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
bandit10@bandit:~$

Bandit Level 11 → Level 12

bandit11@bandit:~$ cat data.txt | tr 'a-zA-Z' 'n-za-mN-ZA-N'
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
bandit11@bandit:~$

Bandit Level 12 → Level 13

In this challenge, you just have to know decompress a file with gzip, bzip2 and xxd . Knowing how to know file extention by file command

8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

🫖
🍀
🍃
command
human-readable file
2>&1 meaning
Bandit