WarGame - HackMD

# WarGame ###### tags: `linux` https://overthewire.org/wargames/bandit/bandit0.html [TOC] ## [Level 0](https://overthewire.org/wargames/bandit/bandit0.html) >Description The goal of this level is for you to log into the game using SSH Target: **bandit.labs.overthewire.org** on port: 2220 User:bandit0 password:bandit0 [SSH tutorial](https://www.wikihow.com/Use-SSH) ``` ssh bandit0@bandit.labs.overthewire.org -p 2220 ``` ![](https://i.imgur.com/qnOW8vm.png) Extra: Disconnect SSH way ``` exit ``` ## [Level 0->1](https://overthewire.org/wargames/bandit/bandit1.html) >Description: The password for the next level is stored in a file called **readme** located in the home directory. ``` ls-la ``` ![](https://i.imgur.com/iFYkf9E.png) ``` cat readme ``` ![](https://i.imgur.com/HrgyDCr.png) password: NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL ``` ssh bandit1@bandit.labs.overthewire.org -p 2220 ``` login success !!! ![](https://i.imgur.com/pGYP7kc.png) Oh yeah, we got the password and loin successfully. We can go ahead and beat the next level I'm so happy XDD ## [Level 1->2]() >Description The password for the next level is stored in a file called - located in the home directory [Dashed Filename](/8vgxvFLzQmanpw6QLrdj6A) ``` bandit1@bandit:~$ cat < - rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi ``` or ``` bandit1@bandit:~$ cat ./- rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi ``` ![](https://i.imgur.com/PVm8mMv.png) Ok, we get the password. haha Now, we try to login in with SSH ``` ssh bandit2@bandit.labs.overthewire.org -p 2220 ``` ![](https://i.imgur.com/gQRAmHk.png) Login success ## Level 2->3 >Description >The password for the next level is stored in a file called **spaces in this filename** located in the home directory Note [Reference space with filename in Linux](/n9rp10KmTmy23EWoNcyVVA) ``` bandit2@bandit:~$ cat spaces\ in\ this\ filename aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG ``` It's very easy. We just use the escape characters or quotation marks can handle such file. ``` ssh bandit3@bandit.labs.overthewire.org -p 2220 ``` ![](https://i.imgur.com/1NhIPXS.png) ## Level 3->4 >Level goal: The password for the next level is stored in a hidden file in the **inhere** directory. ``` bandit3@bandit:~$ ls inhere ``` ``` bandit3@bandit:~$ cd inhere/ ``` ``` bandit3@bandit:~/inhere$ ls -la total 12 drwxr-xr-x 2 root root 4096 Sep 1 06:30 . drwxr-xr-x 3 root root 4096 Sep 1 06:30 .. -rw-r----- 1 bandit4 bandit3 33 Sep 1 06:30 .hidden bandit3@bandit:~/inhere$ cat .hidden 2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe ``` Ok, we got the next level password again. ``` ssh bandit4@bandit.labs.overthewire.org -p 2220 ``` ![](https://i.imgur.com/wJKMhKQ.png) ## Level 4 -> 5 >Level goal The password for the next level is stored in the only human-readable file in the **inhere** directory. Tip: if your terminal is messed up, try the “reset” command. ``` bandit4@bandit:~/inhere$ cat -- -file07 lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR ``` ``` ssh bandit5@bandit.labs.overthewire.org -p 2220 ``` ![](https://i.imgur.com/3D4DIOf.png) ## Level 5->6 >The password for the next level is stored in a file somewhere under the **inhere** directory and has all of the following properties: - human-readable - 1033 bytes in size - not executable ![](https://i.imgur.com/0LEF0vm.png) 真是謝瞜~ maybe 你X [Search for files based on file size](https://linuxconfig.org/how-to-use-find-command-to-search-for-files-based-on-file-size) ``` bandit5@bandit:~/inhere$ find -size 1033c ./maybehere07/.file2 ``` Haha ``` bandit5@bandit:~/inhere/maybehere07$ cat .file2 P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU ``` Find one by one, NO way XD ``` ssh bandit6@bandit.labs.overthewire.org -p 2220 ``` ![](https://i.imgur.com/BcnbEqP.png) ## [Level 6 -> 7](https://overthewire.org/wargames/bandit/bandit7.html) >Level goal The password for the next level is stored **somewhere on the server** and has all of the following properties: - owned by user bandit7 - owned by group bandit6 - 33 bytes in size [Linux / Unix Find All The Files Owned By a Particular User / Group](https://www.cyberciti.biz/faq/how-do-i-find-all-the-files-owned-by-a-particular-user-or-group/) ``` bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c ``` Another solve way ``` bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null ``` ``` /var/lib/dpkg/info/bandit7.password ``` Remover denied message ``` bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null /var/lib/dpkg/info/bandit7.password ``` 2>/dev/null https://www.zhihu.com/question/53295083 file descriptor stdin, stdout, stderr shell redirection duplicate file descriptor ![](https://i.imgur.com/G1NGkNv.png) ![](https://i.imgur.com/75VYwC5.png) dev/null ![](https://i.imgur.com/XREpZHZ.png) ``` bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S ``` SSH login ``` ssh bandit7@bandit.labs.overthewire.org -p 2220 ``` ## Bandit Level 7 → Level 8 Level Goal The password for the next level is stored in the file **data.txt** next to the word **millionth** [Grep](https://blog.gtwang.org/linux/linux-grep-command-tutorial-examples/) ``` bandit7@bandit:~$ grep -i "millionth" data.txt millionth TESKZC0XvTetK0S9xNwm25STk5iWrBvP ``` ![](https://i.imgur.com/OGiKFzS.png)