This is a walkthrough to the bandit wargame made by OverTheWire. It can be found on their website at https://overthewire.org/wargames/bandit
Part 1
Goals: Connect to bandit.labs.overthewire.org via SSH on port 2220
Given information: Username is bandit0 and password is bandit0
Step 1
First, ping the target machine to test the connection. This is done with the command “ping [address goes here]”. In this case, the command is “ping bandit.labs.overthewire.org”. When you see that the target machine pings you back, press ctrl-c to end the ping.
Step 2
We should map the target machine to see its information. This is done with a useful command on Kali linux called nmap. Nmap can take a lot of parameters, but for this example we will be using “-sC -sV -n”. The full command is as follows: “nmap -sC -sV -n -p [port] bandit.labs.overthewire.org”. This might take a while depending on your system. Just wait for it to finish so you can see the results. It should look something like this:
It will give you a whole lot more info than you want, but stick with me here, it is simpler than it looks. You can see now that it shows port 2220 is open. This is the port we will be connecting to.
Step 3
Now we will attempt to connect to the target machine. This is really simple because we were given the username and the password, but it won’t be so easy in the future. We are connecting through ssh, so the command will be “ssh [user]@bandit.labs.overthewire.org -p [port to connect to]” this will then prompt you to make sure it is a safe connection(type yes) and then ask you for the password.
We already know the password, and can input it easily in the blank. Note that when typing passwords in Kali Linux the characters will not show up onscreen.
We are now logged in as user bandit0 and can move on with the next level, which is combined with this one.
Part 2
Goals: find the password for the next level and log in as the next user
Given information: Password is in the readme file
Step 1
Since we are already in the system, we just have to find the readme file. We can list the items in the current directory by using the command “ls”.
We can see that the file is there for the taking, we just need to read it.
Step 2
Reading files can be done by utilizing the “cat [file]” command.
We can see the password there. If we copy it we can move on to the next level.
Step 3
We use the exit command to exit our connection with the machine, then use the up arrow to find our last used command: the one for connection. Then we can simply modify the bandit0 user to bandit1, and hit enter.
This will give us the entry page again. Paste the password in when it asks you, and you have completed the level.
This wargame can be found on https://overthewire.org/wargames/bandit
Check them out for more wargames and the rest of the levels.
Very nice.
it was hard for me to read, but awesome job!
i dont really understand but you did great!!
Haha Drew I literally have no idea what this is about but it looks like you really know your stuff. Keep sharing! 🙂