Ahhhh yes. One thing I really enjoyed about bandit was the quick progression, and practical nature of the challenges. It was pretty straight forward to bang through levels, and there were some fun techniques I learnd by doing them.

I also really enjoyed that I could do 3 or 4, then come back several days later, and pick it back up.

Sometimes with longer or more difficult challenges, I found myself getting discouraged because I could only spend 15-20 minutes on it at a time. You know, full time job, kids, etc.

:)

Challenge

1
2
3
4
5

ssh bandit3@bandit.labs.overthewire.org -p 2220

bandit3@bandit:~$ ls -l
total 4
drwxr-xr-x 2 root root 4096 Feb 21 22:03 inhere

Uh oh… this one is owned by the user root, and group root… BUT… if you look at the permissions, you can see that everyone has read, and execute!

There’s a pretty reasonable explanation here as well: Linux File Permission

Since we have read, and execute permissions, let’s go check what’s in directory.

1
2
3

bandit3@bandit:~$ cd inhere/
bandit3@bandit:~/inhere$ ls -l
total 0

uwotm8?

1
2
3
4
5
6

bandit3@bandit:~/inhere$ ls -la
total 12
drwxr-xr-x 2 root    root    4096 Feb 21 22:03 .
drwxr-xr-x 3 root    root    4096 Feb 21 22:03 ..
-rw-r----- 1 bandit4 bandit3   33 Feb 21 22:03 .hidden
bandit3@bandit:~/inhere$ cat .hidden

Explanation

Paying attention to directory, and file permissions will be a huge help in the *nix world. In this case, we were able to go in, and even read/execute files/scripts that may have been in there. We just needed to find the hidden file.

Files that start with a period (.something) are hidden in *nix.

The a switch tells ls to show hidden files.