You will begin by logging in via ssh command through the terminal.
command: ssh -p 2220 firstname.lastname@example.org
-p will allow you to direct the port, bandit0 before the @ is the username, when prompted enter the password bandit0.
Level 0 → Level 1
Now you will find the password for the next level by reading the readme file. For this do
ls to first list all the files in that directory. Then do a
cat command on the readme file to read that particular file. Copy the password and then exit to login for level 2.
Level 1 → Level 2
When you try to cat the file named "-", you will not be able to read it because "-" is a special character. For this you try any of the following:
- cat ./-
- cat /home/bandit/-
- cat < -
Level 2 → Level 3
Similarly, spaces in file names cannot be read. You can try the following for the same:
- cat ‘spaces in this file name’ to read file
- cat spaces\ in\ this\ filename
Level 3 → Level 4
When you do ls, it will display nothing 'cause the file are hidden. To see hidden files you can do either: ls -a or ls -al. Then cat .hidden to read the file.
- ls -a will display all hidden file
- ls -al will display all file with long listing
Level 4 → Level 5
When you do
cd inhere and do a
cat < -file00 it shows you content which are gibberish characters. You can either go through all of the files to find the password or try one of the below:
- file inhere/* ==> this will show you what type of data is in each file, the one with ASCII if the file which holds the password
- find /home/bandit4/inhere/ | xargs file | grep text ==> this will show you the file which is of type text ASCII
Level 5 → Level 6
Here we will make use of find command. You can get more information about how to use the find command by typing find --help or man find on your terminal. We need to find a file that satisfies the following:
- human-readable : for this we will use grep text or -type
- 1033 bytes in size : for this we will use -size
- not executable : for this we will you -executable
You can find the file by simply doing: find -size 1033c
But to check with the all the criteria do:
- find -size 1033c ! -executable | xargs file | grep text
- find -size 1033c ! -executable -type f
Level 6 → Level 7
Command we will use: find / -user bandit7 -group bandit6 -size 33c
- / will search from root directory
- -user will allow you to see who the file is owned by
- -group will allow you to see which group owns the file
- -size to add size criteria
You can add 2>/dev/null after the command to redirects error messages to null so that they do not show on stdout.
Then see through all the result to find the path where file is stored.
Level 7 → Level 8
To find the word and the password nex to it, wedo a grep to find the word 'millionth': grep millionth data.txt
Level 8 → Level 9
We will do a sort first and then a uniq to find the password.
- sort data.txt | uniq -u : gives the only unique one (password will be retrived)
- sort data.txt | uniq -c : gives all unique data with their counts then go through it and find the one with count 1, this will be the password
Level 9 → Level 10
We will be doing: strings data.txt | grep "===*"
Some other ways to do this are:
- strings data.txt | grep '^=='
- strings data.txt | grep ^=
- strings data.txt | grep '^==='
- cat data.txt | strings | grep ^=
* : Will matches the preceding character zero or more times.
^ : Will matches the beginning of the line.
Level 10 → Level 11
base64 -d data.txt is the command used to decode the text to find the password. -d flag will allow to decode the text found in the file.
Level 11 → Level 12
The text in the file is encrypted using ROT13. We will be using the tr command to decrypt it. A is alphabet 1, so alphabet 13 is M.
Command: cat data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
This will tell for [A-Z] it will translate it to [N-Z] and then [A-M]. Same goes for the lowercase letters. This will translate the text in the file and display the password.
Level 12 → Level 13
We will be decompressing files in this level to find the password. You will first need to create a folder to store the extracted file. Then copy the text file to your folder to work on.
- mkdir /tmp/saniya
- cp data.txt /tmp/saniya
Change directory to your folder and do a reverse xxd to change data from hexadump to binary.
- xxd -r data.txt > datar
Next we will check type of file datar with 'file datar'. It will show that it is a gzip compressed file, then we should rename it approproately and decompress by using gzip command with -d flag. We will continue to do this process till we get a normal ASCII file.
- Read type of file it is with 'file'
- Rename the file appropriately with 'mv'
- Decopress the file with appropriate command; tar, bzip2 or gzip
- Repeat this again
Level 13 → Level 14
To use the private key to form a ssh connection to login as bandit14 we will have to use the flag -i, which will allow us to input an identity file and join to the localhost.
Command: ssh -i sshkey.private bandit14@localhost
And then do a cat /etc/bandit_pass/bandit14 to get the password strored in the file. You will have to exit twice to end both ssh connections.
Level 14 → Level 15
We will be using the nc command to connect with port 30000 on the localhost. The netcat command that is similar to a cat command but it is used for networks.
Command used: nc localhost 30000
Then enter the password that you used to login to level 14. It will then display the password for the next level.
Walkthrough for the next levels will be coming up soon. Happy Hacking!
Illustration used in article is done by: Alfrey Davilla