Over the wire bandit wargame === bandit 0 --- levelgoal The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption. In this level we need to access to ssh to the victim with host ```bandit.lab.overthewire.org``` account bandit0 with port ```2220```  login sucessul  pass```bandit0``` level 0 -> level 1 --- level goal The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game. we just need ro read a file in read me  pass```NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL``` level 1 -> level 2 --- Level goal The password for the next level is stored in a file called - located in the home directory first , get the password form ```bandit0``` then with user bandit1 we just nedd to cat file -  pass: ```rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi``` level 2 -> level 3 --- Level goal The password for the next level is stored in a file called spaces in this filename located in the home directory with user bandit2 we get password from bandit 1, and we just cat file have ```space```  pass: ```aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG``` level 3 -> level 4 --- Level Goal The password for the next level is stored in a hidden file in the inhere directory. I see a directory  My goal to list all the file hidden in this directory  just read it !😅  pass: ```2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe``` level 4 -> level 5 --- Level goal The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command. in this directory i see a lot of file but don't know what exactly file  we just need to use command ```file``` to check all the type of file  and -file07 have ascii, so we just read it  pass:```lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR``` level 5 - level 6 --- Level goal The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties: human-readable 1033 bytes in size not executable In this directory we see a lot of file  we need to set a command to file that  then we just get password  pass: ```P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU``` level 6 -> level7 --- Level Goal The password for the next level is stored somewhere on the server and has all of the following properties: owned by user bandit7 owned by group bandit6 33 bytes in size I just use the command like that before  But I add ```2>/dev/null/``` to prevent print error to the screen  pass: ```z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S``` level 7 -> level 8 --- Level Goal The password for the next level is stored in the file data.txt next to the word millionth There are a file bandit7 but the size is super big  There is a information that it near the word ```millionth``` -> use command ```grep```  pass: ```TESKZC0XvTetK0S9xNwm25STk5iWrBvP``` bandit 8 -> bandit 9 --- Level Goal The password for the next level is stored in the file data.txt and is the only line of text that occurs only once There is only one file data.txt  i just need to add command ```|sort| uniq -u``` to get password is only one line  pass: ```EN632PlfYiZbn3PhVK3XOGSlNInNE00t``` level 9 -level 10 --- Level Goal The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters. I can use ```^=``` to file a line start with ```=```  But the error happens because ```grep``` don't accept binary file so we need to add ```strings```  pass: ```G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s``` level 10 -> level 11 --- Level Goal The password for the next level is stored in the file data.txt, which contains base64 encoded data File data.txt is stored in home directory, try cat this file, so i see this file was encode base64  so i try to decode this file use pipeline ```base64``` and add the attribute ```-d``` to decode  pass ```6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM``` level 11 -> level 12 --- Level Goal The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions I try to read a file data.txt but it was encrypt with algorithm ROT13  so I search on stack over flow how to decrypt ROT13  so let do it  pass ```JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv``` level 12 -> level 13 --- Level Goal The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!) first of all, we need to creat a directory like description  after that we copy file data.txt to directory that I just have created.  so now we just need to reverse file hexdump to binary by using command ```xxd``` with attribute ```-r```  so i have a file ```binary```, so i ```file``` this file  I add extension ```.gz``` t file and rename it  So I decompress this file  I have a new file ```binary``` continues use command ```find``` this file I have the result  So I continue add extension to this file and dexompress using ```bzip2```  the using ```file``` add extension and repeate again  The result is tar file   So we have pass word.  pass: ```wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw``` Level 13 -level 14 --- Level Goal The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on when connect to the server user bandit 13 I see a private key.  So I use key to connect to the server with user bandit 14 the attribute ```-i``` help me identify a file  And connect suscess  cat a file in description I hace pass word  pass ```fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq``` level 14 - level 15 --- Level Goal The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost. using netcat to connect localhost port 30000, then enter th e password of bandit 14  pass ```jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt``` level 15 - level 16 --- Level Goal The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption. Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command… when I search manual of ncat I see ```-ssl``` it cam conect using ssl  when I seach **SSL** on the internet I see  so I connect to local host port 30001  pass ```JQttfApK4SeyHwDlI9SXGR50qclOAil1``` level 16 -level 17 --- Level Goal The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it. search google how to scan port, use nmap  after try every port I see one port scarify me  private key: ```-----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama +TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT 8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM 77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3 vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY= -----END RSA PRIVATE KEY----- ``` level 17 - level 18 --- Level Goal There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19 first i need to connect to user banfit17 using private key at before level  the I login sucess  when I search goole to find the diffrent line in two file I find ```diff``` comand  in description, pass word store in passwords.new -> pass ```hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg``` level 18 -> level 19 --- Level Goal The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH. when i try to connect to user bandit 18, i login sucess but auto kick me out  when I search on google I see the reason is nomal ssh using ```pseudo-terminal allocation``` so I try to disable this I search on google again in [this site](https://unix.stackexchange.com/questions/509158/ssh-disable-pseudo-terminal-allocation) i see we just ```-T``` to disable ```pseudo-terminal allocation```  pass ```awhqfNnAbc1naukrpqDYcF95h7HoMTrC``` level 19 -level 20 --- Level Goal To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this  level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary. examine this file and find out this is a binary file "executable file"  so I try to executable this file, and relize that can executabe under permission of user ```bandit20```   so let get flag! 😁  pass ```VxCazJaVykI6W36BkBU0mJTCM8rR95XT``` level 20 -> level 21 --- Level Goal There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21). NOTE: Try connecting to your own network daemon to see if it works as you think The question is to get the password we need to compare the password of bandit 20 how to match with password at local host  so we need to creat netcat listen at port 8888( or any port)  to run that command at background using command ```bg```  to check the prosess comand using ```ps```  ```-aux``` to display all prosess in BSD format ```-a``` stands for all prosess ```-x``` stands for all prosess are executing. so now let get flag 😵‍  pass ```NvEJF7oVjkddltPSrdKEFOllh9V1IBc``` level 21 -level 22 --- Level Goal A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. in this level I need to follow instructor  I my goal to find password of bandit 22, so I will cat file  This file excute 2 comand line, the first thing is after we reboot, the econd is so try to see what message contain in file ```.sh```  This is a bash file , the first line is set permisson acccess for file, the second line is pust password to file so we just cat this file  pass ```WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff``` level 22 -> level 23 ---- Level Goal A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints. simlilar level 22 I will see what the lines of code of file ```.sh```  The first line of code is show whoami The second line of code is create checksum The third line of code is get password to the file has name of checksum The finally line is pust password to this file. I find the name of file  the I get password of this file pass ```QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G``` level 23 -> level 24 --- Level Goal ``` A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level! NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around… ``` Similar level 22 -> 23  In the directory /var/spool/bandit24/foo execute command with persmision of user bandit ```bandit24``` pass ```VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar``` level 24 -> level 25 --- Level Goal A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing. Using brute-force for 4-digit pincode, so wtrite a scrip  the I have result  then I netcat to target  The I get Flag  pass ``` p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d``` Level 25 -> level 26 --- Level Goal Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it. use more command to display a large text, so to stop display -> pass ```c7GvcKlw9mC7aUQaPx7nwFstuAIBw1o1```  Level 26 -> level27 --- Level Goal Good job getting a shell! Now hurry and grab the password for bandit27!  pass ```YnQpBuifNMas1hcUFk70ZmqkhUU2EuaS``` Level 27 - Level 28 ---   pass ```AVanL161y9rsbcJIsFHuw35rjaOM19nR``` Level 28 -level 29 ---    pass```tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S``` level 29 -level 30 ---  check all brand  test dev branch  pass ```xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS``` Level 30 -level 31 --- Level Goal There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo. The password for the user bandit30-git is the same as for the user bandit30. Clone the repository and find the password for the next level.  pass```OoffzGDlzhAlerFJ2cAiz1D41JW1Mhmt``` Level 31 - level 32 --- Level Goal There is a git repository at ssh://bandit31-git@localhost/home/bandit31-git/repo. The password for the user bandit31-git is the same as for the user bandit31. Clone the repository and find the password for the next level. I follow an turtual english I create a file then push  So I have flag  pass ```rmCBvG56y58BXzv98yZGdO7ATVL5dW8y ``` level 32 -level 33 --- After all this git stuff its time for another escape. Good luck! Use $0 to escape the shell  The get flag pass```odHo63fHiFqcWWJG9rLiLDtPm45KzUKy``` Level 33 -level 34 --- Done