# OverTheWire: (old) - Bandit

[`Bandit`](https://overthewire.org/wargames/bandit/bandit0.html)

## Bandit Level 0

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2Fe68OKzKK0pLhWWHJk2Gf%2Fimage.png?alt=media\&token=ac78a058-407a-48e1-80ff-ae41b0743101)

> ssh username\@hostname
>
> so that the command is: \`ssh <bandit0@bandit.labs.overthewire.org> -p 2220\`

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FremeyvGqz4eYj48vNgKt%2Fimage.png?alt=media\&token=b6dd7513-047d-48a0-afc7-016284e8ceb7)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2F6uBIdWaXNKYxOhk52jw6%2Fimage.png?alt=media\&token=37ef4c92-b215-489a-b4a6-7128d9eb8c9f)

> boJ9jbbUNNfktd78OOpsqOltutMc3MY1

## Bandit Level 0 → Level 1

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FxO6vMIWBdzlJu6Jm6SlO%2Fimage.png?alt=media\&token=ee715904-ea45-49d3-8f7e-f49753380f37)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2Fv1OguiJyTLelmJMWtqsK%2Fimage.png?alt=media\&token=c91fa050-cbb8-4979-b1b9-d879e3bc44f9)

[command](https://unix.stackexchange.com/questions/189251/how-to-read-dash-files)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2F1rAD96riJtbNsxhRlzKA%2Fimage.png?alt=media\&token=2da5fe92-1e5d-441c-953e-9ee1961c9d85)

```
bandit1@bandit:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit1@bandit:~$ cat <-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit1@bandit:~$
```

## Bandit Level 1 → Level 2

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FhJSzGsSYR9o7kt4kxzjj%2Fimage.png?alt=media\&token=1c2892c7-5a7b-499c-8519-b12bc597034d)

```
bandit2@bandit:~$ ls
spaces in this filename
bandit2@bandit:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit2@bandit:~$
```

## Bandit Level 2 → Level 3

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FC4KUZnrJooWlrebt7Etv%2Fimage.png?alt=media\&token=4c74fc39-3b1c-464d-a9d2-26d95a03f319)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2F9ZXMbLou5DE02lGqvjyG%2Fimage.png?alt=media\&token=6153e515-59e2-45a2-b8f4-e5a73cca0e91)

```
bandit3@bandit:~$ ls
inhere
bandit3@bandit:~$ cd inhere/
bandit3@bandit:~/inhere$ ls
bandit3@bandit:~/inhere$ ls -a
.  ..  .hidden
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit3@bandit:~/inhere$
```

## Bandit Level 3 → Level 4

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FlqY6LlVUIByH5Q62bJ3e%2Fimage.png?alt=media\&token=f130a8ff-7c56-47c9-8dc6-2c8d66bcb59f)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FV4dTSakN5XxNVlj9xP9L%2Fimage.png?alt=media\&token=0e741f22-0423-427d-b598-99778eec49e7)

```
bandit4@bandit:~$ ls
inhere
bandit4@bandit:~$ cd inhere/
bandit4@bandit:~/inhere$ ls
-file00  -file01  -file02  -file03  -file04  -file05  -file06  -file07  -file08  -file09
bandit4@bandit:~/inhere$ cat *
cat: invalid option -- 'f'
Try 'cat --help' for more information.
bandit4@bandit:~/inhere$ cat ./*
�/`2ғ�%��rL~5�g��� �������p,k�;��r*��        �.!��C��J     �dx,�e�)�#��5��
                                                                                   ��p��V�_���ׯ�mm������h!TQO�`�4"aל�?��r�l$�?h�9('���!y�e�#�x�O��=�ly���~��A�f����-E�{���m�����ܗMkoReBOKuIDDepwhWk7jZC0RTdopnAYKh
�T�?�i��j��îP�F�l�n��J����{��@�e�0$�in=��_b�5FA�P7sz��gNb
```

koReBOKuIDDepwhWk7jZC0RTdopnAYKh

## Bandit Level 4 → Level 5

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2F7dwAvpCLCmI8t6zdWJ4S%2Fimage.png?alt=media\&token=027f5454-d9ab-4501-9abf-ce3f2262eb5d)

[`human-readable file`](https://unix.stackexchange.com/questions/313442/find-human-readable-files)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2F6SMeYc2U43BSSifsDJFF%2Fimage.png?alt=media\&token=87795ee4-1fd6-4371-b76e-09486de89fe8)

`DXjZPULLxYr17uwoI01bNLQbtFemEgo7`

## Bandit Level 5 → Level 6

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FgZRVDWcHXgouSwLPCEH7%2Fimage.png?alt=media\&token=2f68733d-d1c9-4cf6-8fb3-5f156ba45c40)

> `find / -user bandit7 -group bandit6 -size 33c`

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FJUSVqFKdfdZ11DjHjy3i%2Fimage.png?alt=media\&token=5b68d97b-5e04-478b-8662-0f3fa84241da)

> `find / -user bandit7 -group bandit6 -size 33c 2>&1 | grep -F -v Permission`

[`2>&1 meaning`](https://stackoverflow.com/questions/818255/in-the-shell-what-does-21-mean)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FeZm0FFJDLv8EsCCMIDPv%2Fimage.png?alt=media\&token=16d9c08b-9d8f-4af0-93f5-0526bfb1a0e2)

```
bandit6@bandit:/home$ find / -user bandit7 -group bandit6 -size 33c 2>&1 | grep -F -v Permission | grep -F -v directory
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:/home$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
bandit6@bandit:/home$
```

## Bandit Level 7 → Level 8

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FDQscyJUojVlqze6UEvij%2Fimage.png?alt=media\&token=b1ac6c6e-c8cd-4e01-8867-d1a22eb36134)

```
bandit7@bandit:~$ cat data.txt | grep millionth
millionth       cvX2JJa4CFALtqS87jk27qwqGhBM9plV
bandit7@bandit:~$
```

## Bandit Level 8 → Level 9

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FOEs7glxP0CIzRrjeUph0%2Fimage.png?alt=media\&token=52a5b4e7-ccaf-46c5-9bd2-74d6a72cc6a1)

```
bandit8@bandit:~$ cat data.txt |sort |uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
```

## Bandit Level 9 → Level 10

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FZJ0APFAXfQYoxbJXcW25%2Fimage.png?alt=media\&token=90f23d8f-4088-411e-8d34-6a992a99cf5f)

```
bandit9@bandit:~$ strings data.txt  | grep =
========== the*2i"4
=:G e
========== password
<I=zsGi
Z)========== is
A=|t&E
Zdb=
c^ LAh=3G
*SF=s
&========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
S=A.H&^
bandit9@bandit:~$
```

## Bandit Level 10 → Level 11

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FAy53T2NzJe9CnyZ6QZRV%2Fimage.png?alt=media\&token=092fb10b-ada4-4c23-a688-14dcd5926848)

```
bandit10@bandit:~$ cat data.txt | base64 -d
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
bandit10@bandit:~$
```

## Bandit Level 11 → Level 12

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FlVmo3lVqx7YBop1fk2ia%2Fimage.png?alt=media\&token=b17457cb-cbad-4449-bd86-eb01524c2b3b)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FcyF14XPbbcWBZBVhBlH1%2Fimage.png?alt=media\&token=1b6bf156-bc9d-4249-aacd-23bf2109e2f2)

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FBtdIDFPLE4q9s9dqbNVG%2Fimage.png?alt=media\&token=ea16401c-b755-4395-a960-2caf5c38fcac)

```
bandit11@bandit:~$ cat data.txt | tr 'a-zA-Z' 'n-za-mN-ZA-N'
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
bandit11@bandit:~$
```

## Bandit Level 12 → Level 13

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FJkhxQEv7RU9g7JGOQUOH%2Fimage.png?alt=media\&token=1188fe40-40d5-4b0e-9054-699d02e07609)

In this challenge, you just have to know decompress a file with gzip, bzip2 and xxd . Knowing how to know file extention by `file command`

![](https://2201636059-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSfoQhbocJNOvMrmTVxh9%2Fuploads%2FpMESLOtYnO8N54HraXZR%2Fimage.png?alt=media\&token=a429547b-f59e-4b9d-813d-b6bd3a02402a)

> 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL