OTW Bandit 1-7

in overthewire •  5 years ago 

OTW Bandit 1-7

This is going to be a walkthrough for Overthewires (overthewire.org) Bandit series. The Bandit series is for beginners, so if you decided that you want to become the next super 1337 hacker (maybe after watching Mr Robot, or some old school hacker movie like Hackers) and you don't know anything about computers, hacking etc, well this is a good starting point. Bandit will teach you some basic terminal commands, and just give you a general feel for things. You will need to research things on your own and you will be confused at times, but that's ok, that's how you will learn and get good at this stuff. I will not post the keys you will need to advance to the next level, again, i want you to do this yourself. Just copying the answer and jumping to the next level won't help you learn or accomplish anything. Be sure to read all the info that overthewire provides you with before starting.

Level 1 (ssh, clear, ls, cat)

We will be using the ssh command throughout all of Bandit, it will allow us to connect to a remote computer in order to get our keys. A quick google search will do the trick, the command looks like [email protected] -p 2220, followed by the password. We're in *wink wink*. The key is stored in a file called readme, fair enough, i clear the screen to get rid of all the noise, do a quick ls, and sure enough there's the file, do cat readme and you got your key.

Level 2 (cat)

[email protected] -p 2220 careful, bandit1 this time. Same thing as before, we have a file which we need to read, the catch? It's a special character, and just doing cat - won't work. The simple fix is to do cat ./- The dot slash tells the system to look in the current directory, when you just do cat it's assuming that you're looking in the current folder.

Level 3 (cat)

cat again, but with a twist, again ;) This file has spaces in it, doing cat spaces in this filename obviously won't work, a simple way to do this would be to type cat s and then hitting tab, the terminal will do the rest of the work for you. If there are 2 or more files starting with 's', double tapping tab will list the possible options. Keep in mind, this is why many advanced computer users try making files and folders without any spaces, some programs and applications might hiccup if they encounter something like this.

Level 4 (cd, ls, cat)

Finally cd makes an appearance, and that's what we use to move into the 'inhere' directory before doing ls and going huh, there's nothing in here. Yes there is, as it turns out ls on its own doesn't show much, try doing ls -la and see what happens! A lot more stuff and a lot more info huh? Those two options we added are responsible, 'l' uses a 'long listing format' where it just shows a lot more information about the files/folders, and 'a' stands for all, meaning it shows all files including hidden ones (starting with a '.'), and we end it with cat .hidden

Level 5 (find, grep, cat)

Things are getting a little more interesting. We have a folder, which we cd into, and we're met with a bunch of files, one of them has our key. Of course, we could cat all of them one by one, but what if you had thousands of files like this? Hackers are lazy, and so we will make the computer do the work for us. We will need two commands here, although we could work with only one, but for the sake of knowledge, i will show you both find and grep. Find is cool, this is what you will use when you will be looking for something, and once you truly understand how it works, you'll notice it's much more interesting than the boring GUI search function most computer systems provide you with. So the command we need to run is find . -type f -exec file {} + which searches in the current folder (thus the dot), all ordinary files (type f) and then executes file on every single one of them. File is a nice command, it tells you what kind of file you're looking at, very handy. Running this command will return all the files according to the file types they are, one of them will be ascii, which will contain your key, the rest will be 'data' just garbage... Now we could make this even better if we added | grep ASCII after our command, which would filter out anything that didn't return as 'ASCII', this would be good if we had like a lot of files, it would save us a lot of scrolling.

Level 6 (find, grep)

Same thing as before, but with a few tweaks find . -type f -size 1033c ! -executable -exec file {} + The code is self explanatory really, notice that we have a '!' in front of executable, we're telling the terminal that we DON'T want executable files.

Level 7 (find, grep)

find . -type f -size 33c -group bandit6 -user bandit7 -exec file {} + again, self explanatory. However you will notice that the current directory is empty, so backup cd .. a few times and you will find what you're looking for. By now i think you realized the power of find, have fun!

overthewire bandit linux unix terminal hacking infosec
5 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    1 vote
    0
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!