Writeup Bandit OverTheWire

# Writeup Bandit OverTheWire ## Level 0 > ssh bandit0@bandit.labs.overthewire.org -p 2220 > cat readme **NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL** ## Level 1 > ssh bandit1@bandit.labs.overthewire.org -p 2220 > NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL > cat ./- **rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi** ## Level 2 > ssh bandit2@bandit.labs.overthewire.org -p 2220 > rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi > cat "spaces in this filename" **aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG** ## Level 3 > ssh bandit3@bandit.labs.overthewire.org -p 2220 > aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG > cd inhere > ll > cat .hidden **2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe** ## Level 4 > ssh bandit4@bandit.labs.overthewire.org -p 2220 > 2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe > cd inhere > ll > file ./-file07 > cat ./-file07 **lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR** ## Level 5 > ssh bandit5@bandit.labs.overthewire.org -p 2220 > lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR > cd inhere > find -size 1033c > cat ./maybehere07/.file2 **P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU** ## Level 6 > ssh bandit6@bandit.labs.overthewire.org -p 2220 > P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU > find / -user bandit7 -group bandit6 -size 33c > cat /var/lib/dpkg/info/bandit7.password **z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S** ## Level 7 > ssh bandit7@bandit.labs.overthewire.org -p 2220 > z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S > grep -w millionth data.txt **TESKZC0XvTetK0S9xNwm25STk5iWrBvP** ## Level 8 > ssh bandit8@bandit.labs.overthewire.org -p 2220 > TESKZC0XvTetK0S9xNwm25STk5iWrBvP > sort data.txt | uniq -u **EN632PlfYiZbn3PhVK3XOGSlNInNE00t** ## Level 9 > ssh bandit9@bandit.labs.overthewire.org -p 2220 > EN632PlfYiZbn3PhVK3XOGSlNInNE00t > string data.txt | grep = **G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s** ## Level 10 > ssh bandit10@bandit.labs.overthewire.org -p 2220 > G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s > cat data.txt | base64 -d **6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM** ## Level 11 > ssh bandit11@bandit.labs.overthewire.org -p 2220 > 6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM > cat data.txt | tr "A-Za-z" "N-ZA-Mn-za-m" **JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv** ## Level 12 > ssh bandit12@bandit.labs.overthewire.org -p 2220 > JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv > mkdir /tmp/oka > cp data.txt /tmp/oka/data.txt > cd /tmp/oka > cat data.txt | xxd -r > data.dump > file data.dump > mv data.dump data.gz > gunzip data.gz > file data > mv data data.bz > bzip2 -d data.bz > file data > mv data data.gz > gunzip data.gz > file data > mv data data.tar > tar -xf data.tar > file data5.bin > mv data5.bin data5.tar > tar -xf data5.tar > file data6.bin > mv data6.bin data6.bz > bzip2 -d data6.bz > file data6 > mv data6 data6.tar > tar -xf data6.tar > file data8.bin > mv data8.bin data8.gz > gunzip data8.gz > file data8 > cat data8 **wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw** ## Level 13 > ssh bandit13@bandit.labs.overthewire.org -p 2220 > wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw > ls ## Level 14 > ssh bandit14@localhost -i sshkey.private -p 2220 > cat /etc/bandit_pass/bandit14 **fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq** > nc localhost > fGrHPx402xGC7U7rXKDaxiWFTOiF0ENq **jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt** ## Level 15 > ssh bandit15@bandit.labs.overthewire.org -p 2220 > jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt > openssl s_client -connect localhost:30001 > jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt **JQttfApK4SeyHwDlI9SXGR50qclOAil1** ## Level 16 > ssh bandit16@bandit.labs.overthewire.org -p 2220 > JQttfApK4SeyHwDlI9SXGR50qclOAil1 > nmap -sV localhost -p 31000-32000 > openssl s_client -connect localhost:31790 > JQttfApK4SeyHwDlI9SXGR50qclOAil1 > "copy the ssh key" > mkdir /tmp/ssh17 > cd /tmp/ssh17 > nano ssh17.private > "paste the key and save" > chmod 700 ssh17.private ## Level 17 > ssh bandit17@localhost -i ssh17.private -p 2220 > diff passwords.old passwords.new **hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg** ## Level 18 > cat /etc/shells > ssh bandit18@bandit.labs.overthewire.org -p 2220 -t "/bin/sh" > hga5tuuCLF6fFzUpnagiMN8ssu9LFrdg > ls > cat readme **awhqfNnAbc1naukrpqDYcF95h7HoMTrC** ## Level 19 > ssh bandit19@bandit.labs.overthewire.org -p 2220 > awhqfNnAbc1naukrpqDYcF95h7HoMTrC > ls > ./bandit20-do > ./bandit20-do id > id > ./bandit20-do cat /etc/bandit_pass/bandit20 **VxCazJaVykI6W36BkBU0mJTCM8rR95XT** ## Level 20 > ssh bandit20@bandit.labs.overthewire.org -p 2220 > VxCazJaVykI6W36BkBU0mJTCM8rR95XT > ls > ./suconnect > echo "VxCazJaVykI6W36BkBU0mJTCM8rR95XT" | nc -lp 1234 & > ./suconnect 1234 **NvEJF7oVjkddltPSrdKEFOllh9V1IBcq** ## Level 21 > ssh bandit21@bandit.labs.overthewire.org -p 2220 > NvEJF7oVjkddltPSrdKEFOllh9V1IBcq > ls /etc/cron.d/ > cat /etc/cron.d/cronjob_bandit22 > cd /usr/bin > cat cronjob_bandit22.sh > cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv **WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff** ## Level 22 > ssh bandit22@bandit.labs.overthewire.org -p 2220 > WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff > ls /etc/cron.d/ > cat /etc/cron.d/cronjob_bandit23 > cat /usr/bin/cronjob_bandit23.sh > echo I am user bandit23 | md5sum | cut -d ' ' -f 1 > cat /tmp/8ca319486bfbbc3663ea0fbe81326349 **QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G**