OverTheWire — Bandit Wargames: All-Level Walkthroughs

12 min readOct 3, 2023

About OverTheWire.Org Bandit Wargames

This game was designed in a CTF (capture the flag) format to help you learn the basics of Linux and do so while having fun. Completing this wargame will also prepare you for advanced levels of wargames. There are a total of 34 levels in bandit as of date. More may be added in the future. Start from level 0. To move to the next higher level, find the key/flag (information/file/password) you get from solving the current level.

Structure of the Walkthrough

Each level is broken into 3 sections. The Level Goal, How to Complete, and Lesson Learnt.
The Level Goal section sets the objective of the level.
The How to Complete provides a detailed walkthrough to achieve the goal.
The Lesson Learnt section provides a reference to commands used to solve the level and will enable further learning.

Level 0: Enter the Game

Level Goal
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

How to Complete
To connect from your Linux station using SSH, use the command below:

ssh -p 2220 bandit0@bandit.labs.overthewire.org

Once you log in, you will be greeted with a welcome banner with some basic rules and tips on how to play the game.

Level 0 →Level 1

Level Goal
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

How To Complete
When you ssh into a Linux machine, you will normally be placed in your home directory. To confirm type in the command pwd to see your current (present) working directory. Use the command ls to list out your directory. You will find a file named readme. To read the content of the file type in cat readme. The content of the file will be displayed, which is the password for the next level.

Level 2 → Level 3

Level Goal
The password for the next level is stored in a file called spaces in this filename located in the home directory.

How To Complete
Similar to previous levels, the key for the next level is available in a file in the home directory. The name of the file is ‘spaces in this filename’. When you try to cat out the filename as is, since there are spaces in the name of the file, the command assumes each word separated by space to be a separate file. To complete this task, include the name of the file inside single quotes (i.e. ‘spaces in this filename’) as per the screenshot below.

Level 3 → Level 4

Level Goal
The password for the next level is stored in a hidden file in the Inhere directory.

How To Complete
To begin this level, login to the bandit server with the username bandit3 and password received from the previous level.

Navigate to the inhere directory using cd. On listing the file & directories using just ‘ls’, we find that there doesn’t seem to be anything in it. To list out all files including hidden ones, use the -a switch for ‘ls’. A file named ‘.hidden’ is listed in the contents. Cat out the file to get the key for the next level.

Level 4 → Level 5

Level Goal
The password for the next level is stored in the only human-readable file inthe inhere directory. Tip: if your terminal is messed up, try the “reset” command.

How To Complete
To begin this level, login to the bandit server with the username bandit4 and password received from the previous level.

Navigate to the directory inhere found in the home folder using cd. ‘ls’ reveals a list of 10 files all beginning with ‘-file0’ and ending with numbers 0–9. You could cat out each file individually to find the file containing human readable content, or you could use a wild card * in place of the numbers 0–9. The key to the next level can be found in -file07.

Level 5 → Level 6

Level Goal
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
• human-readable
• 1033 bytes in size
• not executable

How To Complete
To begin this level, login to the bandit server with the username bandit5 and password received from the previous level.

Navigate to the inhere directory within the home directory. On listing content, you will find 20 directories, each with a couple of files. The level goal specifies that the file size is 1033 bytes. To search for a file of that size, use the command du with the switch ‘-ab’ to display all files and sizes in byte, and pipe the output to grep to search for 1033. This produces a single-line output with the path to the file containing the key to the next level.

Level 6 → Level 7

Level Goal
The password for the next level is stored somewhere on the server and has all of the following properties:
• owned by user bandit7
• owned by group bandit6
• 33 bytes in size

How To Complete
To begin this level, log into the bandit server with the username bandit6 and password received from the previous level.

No files will be found in the home directory. The clue is the user and group ownership info provided. To find a file using group and/or user info, use the find command with the test switches for users and/or groups. If this command is run as is, there will be a lot of error outputs due to insufficient permission to access. Redirect the error outputs to a temporary file which could be created in the tmp folder. This gives a single-line output with the name and path of the file of interest. List out the file in list format, to see if the file size is indeed 33 bytes. Cat the file to get the key to level 7.

Level 7 → Level 8

Level Goal
The password for the next level is stored in the file data.txt next to the word millionth.

How To Complete
To begin this level, login to the bandit server with the username bandit7 and password received from the previous level.

A file named data.txt can be found in the home directory. If you check out the file, it contains 98567 lines of data, each beginning with a word followed by a text with 33 characters. To find a single line that contains the word millionth and the key for level 8, cat out the file and pipe the output to grep for the word millionth.

Level 8 → Level 9

Level Goal
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

How To Complete
To begin this level, log into the bandit server with the username bandit8 and password received from the previous level.

A file named data.txt could be found in the home directory. If you check out the file, it contains 1001 lines of data. The level goal specifies that the line of interest occurs only once, which means that there are repeated data. To identify the unique line, cat out the file; pipe it to the sort command to sort the output; and pipe the sorted output to the uniq command with the -u switch. The result will be a single line of text, which is the key for level 9.

Level 9 → Level 10

Level Goal
The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.

How To Complete
To begin this level, login to the bandit server with the username bandit9 and password received from the previous level.

A file named data.txt could be found in the home directory. Use the command strings to extract only human-readable output and pipe the result into grep to search for a sequential occurrence of the ‘=’ character.

Level 10 → Level 11

Level Goal
The password for the next level is stored in the file data.txt, which contains base64 encoded data

How To Complete
To begin this level, login to the bandit server with the username bandit10 and password received from the previous level.

A file named data.txt could be found in the home directory. If you cat out the file, you will find the base64 encoded data. To decode use the base64 command with the -d switch. The output reveals the key for level 11.

Level 11 → Level 12

Level Goal
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions.

How To Complete
To begin this level, login to the bandit server with the username bandit11 and password received from the previous level.

A file named data.txt could be found in the home directory. If you cut out the file, you will find a string of characters that makes no sense. The level goal provides the clue that the text has been transformed using the rot-13 cipher, a substitution cipher that rotates the characters by 13 positions. To reverse this, we can use the ‘tr’ command by providing the original set and key set which would be rotated by 13 positions. For example, A, B, C, D.. becomes N, O, P, Q….. Cat out the original text and pipe it into ‘tr’ with the translation set. The result will provide the key to the next level.

Level 12 → Level 13

Level Goal
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level, it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

How To Complete
To begin this level, login to the bandit server with the username bandit12 and password received from the previous level.

A file named data.txt could be found in the home directory. Since the file requires multiple modifications, create a new directory in the /tmp/ and copy data.txt over. Once copied navigate to the new directory. Cat output of the file shows a hex dump. Hex dump can be reversed using the command xxd with the ‘-r’ switch. Pipe the output of xxd into a new file data01. To check the file type of the output data01, use the ‘file’ command. It should inform that the file is a gzip compressed archive. To extract the content, use gunzip and pipe to data02. Check the file type extracted file data02 using the ‘file’ command. This time, it should show that the file is a bzip2 archive. To extract the content, use bunzip2 and pipe to data03. On checking the file type of data03, you should find that it is another gzip archive. On extraction of the content of data03, you should get data04, which is a Posix tar archive. To extract the contents from data04, use the ‘tar’ command with the ‘-xf’ switch. A new file data5.bin extracted from data04 should be present in the directory. Repeat the above process a couple more times, until you find a file that is of file type ASCII text. The content of this file contains the key for level 13.

Level 13 → Level 14

Level Goal
The password for the next level is stored in/etc/bandit_pass/bandit14 and can only be read by userbandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on.

How To Complete
To begin this level, login to the bandit server with the username bandit13 and password received from the previous level.

Once logged in, searching the home directory, you should find an ssh private key named sshkey. private. To log into level 14, you will need to use this SSH key. To connect to level 14, use the ssh command with the ‘-i’ switch and specify the private key as a parameter. The username will be bandit14 and the server to connect to will be localhost. You should be able to log into level 14 without being asked for a password. Once logged in, the password for the current level should be available in file bandit14 located at /etc/bandit_pass/ directory as mentioned in the login banner.

Level 14 → Level 15

Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

How To Complete
To begin this level, login to the bandit server with the username bandit14 and password received from the previous level.

The password of the current level is available in the file /etc/bandit_pass/bandit14. Cat out this file and pipe its content to the port 30000 on the localhost using the ‘nc’ or ‘netcat’ command. The server should respond with the password for the next level.

Level 15 → Level 16

Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption. Helpful note: Getting “HEART BEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…

How To Complete
To begin this level, login to the bandit server with the username bandit15 and password received from the previous level.

The password of the current level is available in the file /etc/bandit_pass/bandit15. To complete this, we need to establish an SSL connection to the local server at port 30001. We also need to pipe the password of the current level to this connection. To do this, use the command as follows:

cat /etc/bandit_pass/bandit15 | openssl s_client -connect -ign_eof localhost:30001

Level 16 → Level 17

Level Goal
The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First, find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

How To Complete
To begin this level, log into the bandit server with the username bandit16 and password received from the previous level.

Once logged in, use Nmap to search for open ports on the local host. You will find 2 ports that are open to connect. As before, the password for the current level is available at /etc/bandit_pass/bandit16. Cat the password out to an SSL connection to the listed ports using the OpenSSL command with the -quiet option. One of the ports will respond with a private key, which is the key for the next level.