Completing OvertheWire: Bandit (part. 1)

After just finishing the fairly challenging cyber war game, I have decided to share some of the more interesting lessons and tricks learned from it. The first thing you are given in the game is an SSH port that leads you to the game server. The Host: bandit.labs.overthewire.org is located on port 2220, which you must access from terminal. I did this using a VM and an Ubuntu OS. The server leads you to the picture below to let you know you have gained access and then the fun begins!

The first levels were standard but necessary for laying out the tools needed to complete the more complex tasks. The “ls” command was very useful because it showed the files present within the server which we could decide what was necessary to accomplish the task. The “cat” command also was a consistent command which we learned different variations on how to release the password with it.

Toward levels 3 and 4 the command “ls -a” came into effect as there were hidden files in the directory. All hidden files and folders in Linux are stored with a dot in front of their name. This game even had a binary level where only one of them had a human readable text. To access this password the “find” command was necessary and revealed the files they showed an ASCII text.

I found it interesting that not only could the “find” command literally find a file but it also reveals the -size -type and -executable options as well. By accessing the manual command page for “find” we revealed how to manipulate the file path to insure we could gain access to the password by creating parameters that had no choice but to find what we were looking for.

find -type f -size 1033c ! -executable