Featured image of post OverTheWire - Bandit - Level 0
Wargames Infosec OverTheWire Bandit

OverTheWire - Bandit - Level 0

The solution to OverTheWires Bandit, Level 0

Before I had kids, I did a lot of wargames. More recently, while I was working at TRD, I played Bandit with my coworker. This was around July of2021. It was so much fun to have someone to play the game with, and talk about it! We solved each level separately, but then talked about our solutions after the fact.

I would really like to have that experience again.

Anyway, without further adieu, I present to you…..

Level 0!!!!

This should be pretty straight forward. If applicable, I will past instructions and terminal output so it’s easy to follow along w/the challenge.

From [https://overthewire.org/wargames/bandit/bandit0.html]

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

OK, let’s connect via ssh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

❯ ssh bandit0@bandit.labs.overthewire.org -p 2220
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames

bandit0@bandit.labs.overthewire.org's password:

....

--[ Playing the games ]--

  This machine might hold several wargames.
  If you are playing "somegame", then:

    * USERNAMES are somegame0, somegame1, ...
    * Most LEVELS are stored in /somegame/.
    * PASSWORDS for each level are stored in /etc/somegame_pass/.

...

Based on the instructions, it appears we want to look in /etc/bandit_pass/*, however, it’s always smart to look around before we do anything…

1
2
3
4
5
6
7
8

bandit0@bandit:~$ ll
total 24
drwxr-xr-x  2 root    root    4096 Feb 21 22:02 ./
drwxr-xr-x 70 root    root    4096 Feb 21 22:04 ../
-rw-r--r--  1 root    root     220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root    root    3771 Jan  6  2022 .bashrc
-rw-r--r--  1 root    root     807 Jan  6  2022 .profile
-rw-r-----  1 bandit1 bandit0   33 Feb 21 22:02 readme

Well then… what do we have here? A readme?

Our first flag

When we talk about CTF (capture the flag), we are talking about finding a piece of text that acts as the signifier that you have passed a level, wargame, challenge, etc. In this particular challenge, the flag was in readme!

1
2

bandit0@bandit:~$ cat readme
NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
© 2020 - 2023 Benjamin Walters
Built with Hugo
Theme Stack designed by Jimmy