OverTheWire-Bandit (Level 3 -> Level 4) - Walkthrough

Objective : 

The password for the next level is stored in a hidden file in the inhere directory.

Procedures : 

(a) Once logged into the next level, lets list all the files and directories present inside the current directory.

Displaying List Of Directory Contents Present In Current Directory

ls - Used to list the files present in the current directory.

(b) Now we will navigate inside the inhere directory

Changing Directory to inhere Directory

cd - Is used to change the directories.


(c) Now the password is stored in hidden file as mentioned in the objective. In-order to list all hidden files and folders we need to use ls command with -a and -l switches.

Displaying List Of Contents Inside Directory Including Hidden Contents

ls - Is used to display list of files in current directory.

Note : You can also use the manual page for the commands in order to understand their respective switches. 
Syntax : man <command>

(d) Now lets read the content of the hidden file.

Reading Contents Of The Hidden File

cat - Is used to read the contents of the file.

The content displayed is the password for the next level.

Solution : pIwrPrtPN36QITSp3EQaw936yaFoFgAB

(d) Now we will use this password to login to next level using the below command 

ssh bandit4@bandit.labs.overthewire.org -p 2220

bandit4 - Is the username

pIwrPrtPN36QITSp3EQaw936yaFoFgAB - Is the password.

OverTheWire-Bandit (Level 2 -> Level 3) - Walkthrough

Objective : 

The password for the next level is stored in a file called spaces in this filename located in the home directory.

Procedures : 
(a) Once logged into the new level, let us check whether we are inside the home directory or not.If not we will try to figure out the home directory and navigate using the path.

Checking For Home Directory

 pwd - Is used to know the current directory where we are in

/home/bandit2 - Home directory for the user bandit2

(b) Now we will look out for a file called spaces in this filename as mentioned in the objective by listing the files present in the home directory.

Displaying List Of Files Present In Current Directory

ls - Is used to display list of files in current directory.

Note : In-order to avoid the confusion in number of files present inside the directory, I would recommend to use switch -l along with ls command. Here switch -l is used to list all the files along with file properties.

(c) After finding the file, we want to read the contents of the file.

Reading Of File Contents

cat - Is used to read the contents of the file.

Since the name of the file contains white spaces. We would require something different technique to read the contents of the file. Hence used forward slash (\) and then white space.

The content displayed is the password for the next level.

Solution : UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

(d) Now we will use this password to login to next level using the below command 

ssh bandit3@bandit.labs.overthewire.org -p 2220

bandit3 - Is the username

UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK - Is the password.

OverTheWire-Bandit (Level 1 -> Level 2) - Walkthrough

Objective : 

The password for the next level is stored in a file called - located in the home directory.

Procedures : 

(a) Once logged into the new level, let us check whether we are inside the home directory or not.If not we will try to figure out the home directory and navigate using the path.

Checking For Home Directory

 pwd - Is used to know the current directory where we are in

/home/bandit1 - Home directory for the user bandit1

(b) Now we will look out for a file called - as mentioned in the objective by listing the files present in the home directory.

Displaying List Of Files Present In Current Directory

ls - Is used to display list of files in current directory.

(c) After finding the - file, we want to read the contents of the file.

Reading Of File Contents

cat - Is used to read the contents of the file.

Since the name of the file is a special character. We would require something different technique to read the contents of the file. Hence used './-'

The content displayed is the password for the next level.

Solution : CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

(d) Now we will use this password to login to next level using the below command 

ssh bandit2@bandit.labs.overthewire.org -p 2220

bandit2 - Is the username
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 - Is the password.

OverTheWire-Bandit (Level 0 -> Level 1) - Walkthrough

Objective : 

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Procedure : 

(a) After completing level 0 we will first check which directory we are in ? The reason behind checking is to know whether we are in home directory or not.

Checking For Home Directory

 pwd - Is used to know the current directory where we are in

/home/bandit0 - Home directory for the user bandit0

(b) Now we will look out for a file readme as mentioned in the objective by listing the files present in the home directory.

Displaying List Of Files Present In Current Directory

ls - Is used to display list of files in current directory.

(c) After finding the readme file, we want to read the contents of the file.

Reading Of File Contents

cat - Is used to read the contents of the file.

Solution : boJ9jbbUNNfktd78OOpsqOltutMc3MY1

(d) Now we will use this password to login to next level.

Login To Next Level With Help Of Solution As Password

ssh bandit1@bandit.labs.overthewire.org -p 2220

bandit1 - Is the username

boJ9jbbUNNfktd78OOpsqOltutMc3MY1 - Is the password

Now we are logged in to the next level with user bandit1.

OverTheWire-Bandit (Level 0) - Walkthrough

Now onward I will be posting solutions for the war game called 'OverTheWire-Bandit' consisting of multiple levels with the explanation for the beginners in order to grasp knowledge.So no more talking !!! Happy Hacking 😈😈!!!!

Objective: 
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is  bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Procedure: 

(a)Login into the wargame with the given credentials using ssh.

Walkthrough - Level 0

ssh bandit0@bandit.labs.overthewire.org -p 2220

ssh - Protocol using which we will login.
where username is bandit0 and the password is bandit0
bandit.labs.overthewire.org is the server where we are going to login. It can also be an ip address. Port 22 is the default port for ssh
2220 - Is the customized port for ssh which is open on the server.

Working with various Base Numeric Systems

Nowadays people are more interested in programming languages like assembly language, shell scripting etc for pentesting or maybe automation processes. But unfortunately the people haven't mastered binary language consisting of 0's and 1's in which computer communicates.

In this post we will be talking about conversion of one base to another base numeric system which can be used in shell scripting for various purposes(pentesting, administration, etc.) to achieve their task.

We will be using a utility called 'bc' which is already available in linux for various conversion examples which consists of Decimal,Binary,Octal, Hexadecimal and various base numeric system.

- Decimal also called base 10 number system.
- Binary also called base 2 number system.
- Octal also called base 8 number system.
- Hex or Hexadecimal also called base 16 number system.

Throughout the post I will select only one number '23' which we will use to find out it's respective binary,Octal, Hexadecimal and various other base numeric representation.

Case 01 : Decimal to Binary

As you all know '23' is a decimal. So first let's convert decimal '23' to binary representation.
echo "obase=2;23" | bc

Figure 01 - Conversion from Decimal to Binary

Now let me explain the command to make it simplier for you inorder to understand without memorising.

echo prints the statement on the screen.
obase stands for output base. This is a special variable required by bc command which defines the output base value for a given number.
2 represents the base number system for binary
23 is the decimal number which I want to convert
| is the pipe (form of redirection used in linux)
bc is the utility which converts. (bc - An arbitrary precision calculator language)

Case 02 : Binary to Decimal

In this case we will convert the result obtained from previous case.
echo "ibase=2;10111"|bc

Figure 02 - Conversion from Binary to Decimal

The syntax is almost same for every case. The only difference is the keywords.
Here ibase stands for input base. This is a special variable required by bc command which defines the input base value provided for a given number.

Case 03 : Hexadecimal to Octal

In this case we will be converting the Hexadecimal representation for decimal '23' to octal.
echo "obase=8;ibase=16;17"|bc

Figure 03 - Conversion from Hexadecimal to Octal

Here I want my output in octal representation hence used obase with value '8'. The input value '17' is the hexadecimal (base 16) representation numeric system for the decimal number '23'.

I hope this post helps you out in making things easier to understand and work in a smarter way!

Extra's:

* Decimal - Hexadecimal : 
echo "obase=16;23"|bc

Figure 04 - Conversion from Decimal to Hexadecimal

* Hexadecimal - Decimal : 
echo "ibase=16;17"|bc

Figure 05 - Conversion from Hexadecimal to Decimal

* Binary - Octal : 
echo "obase=8;ibase=2;10111"|bc

Figure 06 - Conversion from Binary to Octal

* Octal - Binary : 
echo "obase=2;ibase=8;27"|bc

Figure 07 - Conversion from Octal to Binary

For your reference you can also use ascii manual page
man ascii

Figure 08 - Ascii Manual Page