Bandit
Bandit Level 0
ssh -p2220 bandit0@bandit.labs.overthewire.org
password of bandit0 - bandit0
Bandit Level 0 - Level 1
bandit0@bandit:~$ cat /home/bandit0/readme
bandit0@bandit:~$ cat /home/bandit0/readme
Congratulations on your first steps into the bandit game!!
Please make sure you have read the rules at https://overthewire.org/rules/
If you are following a course, workshop, walkthrough or other educational activity,
please inform the instructor about the rules as well and encourage them to
contribute to the OverTheWire community so we can keep these games free!
The password you are looking for is: ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5Ifpassword of bandit1 - ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If
Bandit Level 1 - Level 2
bandit1@bandit:~$ cat /home/bandit1/-
bandit1@bandit:~$ cat /home/bandit1/-
263JGJPfgU6LtdEvgfWU1XP5yac29mFxbandit1@bandit:~$ cat ./-
bandit1@bandit:~$ pwd
/home/bandit1
bandit1@bandit:~$ cat ./-
263JGJPfgU6LtdEvgfWU1XP5yac29mFxpassword of bandit2 - 263JGJPfgU6LtdEvgfWU1XP5yac29mFx
Bandit Level 2 - Level 3
bandit2@bandit:~$ cat "spaces in this filename"
bandit2@bandit:~$ pwd
/home/bandit2
bandit2@bandit:~$ cat "spaces in this filename"
MNk8KNH3Usiio41PRUEoDFPqfxLPlSmxpassword of bandit3 - MNk8KNH3Usiio41PRUEoDFPqfxLPlSmx
Bandit Level 3 - Level 4
bandit3@bandit:~$ cat ./inhere/...Hiding-From-You
bandit3@bandit:~$ pwd
/home/bandit3
bandit3@bandit:~$ ls -la
total 24
drwxr-xr-x 3 root root 4096 Sep 19 2024 .
drwxr-xr-x 70 root root 4096 Sep 19 2024 ..
-rw-r--r-- 1 root root 220 Mar 31 2024 .bash_logout
-rw-r--r-- 1 root root 3771 Mar 31 2024 .bashrc
drwxr-xr-x 2 root root 4096 Sep 19 2024 inhere
-rw-r--r-- 1 root root 807 Mar 31 2024 .profile
bandit3@bandit:~$ ls -la inhere/
total 12
drwxr-xr-x 2 root root 4096 Sep 19 2024 .
drwxr-xr-x 3 root root 4096 Sep 19 2024 ..
-rw-r----- 1 bandit4 bandit3 33 Sep 19 2024 ...Hiding-From-You
bandit3@bandit:~$ cat ./inhere/...Hiding-From-You
2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJpassword of bandit4 - 2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJ
Bandit Level 4 - Level 5
bandit4@bandit:~$ find ./inhere/ -type f -exec file {} +
bandit4@bandit:~$ find ./inhere/ -type f -exec file {} +
./inhere/-file08: data
./inhere/-file02: data
./inhere/-file09: data
./inhere/-file01: data
./inhere/-file00: data
./inhere/-file05: data
./inhere/-file07: ASCII text
./inhere/-file03: data
./inhere/-file06: data
./inhere/-file04: data./inhere/-file07: ASCII text
bandit4@bandit:~$ cat ./inhere/-file07
4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQwpassword of bandit5 - 4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw
Bandit Level 5 - Level 6
bandit5@bandit:~$ find ./ -type f -size 1033c -not -executable
bandit5@bandit:~$ find ./ -type f -size 1033c -not -executable
./inhere/maybehere07/.file2
bandit5@bandit:~$ cat ./inhere/maybehere07/.file2
HWasnPhtq9AVKe0dmk45nxy20cvUa6EG
bandit5@bandit:~$ password of bandit6 - HWasnPhtq9AVKe0dmk45nxy20cvUa6EG
Bandit Level 6 - Level 7
bandit6@bandit:~$ find / -type f -size 33c -user bandit7 -group bandit6 2>/dev/null
bandit6@bandit:~$ find / -type f -size 33c -user bandit7 -group bandit6 2>/dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
morbNTDkSW6jIlUc0ymOdMaLnOlFVAajpassword of bandit7 - morbNTDkSW6jIlUc0ymOdMaLnOlFVAaj
Bandit Level 7 - Level 8
bandit7@bandit:~$ cat data.txt | grep millionth
bandit7@bandit:~$ cat data.txt | grep millionth
millionth dfwvzFQi4mU0wfNbFOe9RoWskMLg7eEcpassword of bandit8 - dfwvzFQi4mU0wfNbFOe9RoWskMLg7eEc
Bandit Level 8 - Level 9
bandit8@bandit:~$ cat data.txt | sort | uniq -c
bandit8@bandit:~$ cat data.txt | sort | uniq -c
10 0BKVRLEJQcpNx8wnSPxDLFnFKlQafKK6
10 0eJPctF8gK96ykGBBaKydhJgxSpTlJtz
10 0kJ7XHD4gVtNSZIpqyP1V45sfz9OBLFo
10 0lPOvKhpHZebxji0gdjtGCd5GWiZnNBj
10 0REUhKk0yMqQOwei6NK9ZqIpE5dVlWWM
10 1jfUH1m4XCjr7eWAeleGdaNSxFXRtX0l
10 1VKPEkd0bCtIRwMFVQfY7InulwOFyDsn
10 2u8fvAzvnaFlvQG3iPt4Wc1TFhPcGxhH
10 35l6mr3f6TvlJyDwU6aUgJX07cLhr6t9
10 3FIgajXBiaQAiTMVGo1gxRDSiACNyvvJ
10 3mNA2le0gfURQKNHVIhGkMNLqLwjyyLN
1 4CKMh1JI91bUIZZPXDqGanal4xvAg0JM
10 4P8FsHcdr7d5WKnPtAaXY5SslKICd2gL
10 5EmwMKZHwF6Lwq5jHUaDlfFJBeHbcX0b
10 5hYz0028e1Q2TrtPVz5GZbpMzZNjebhh
10 5I2jWpqjtVp576xXI2TLh1UCyXJtGQ78
10 6Boy6esAjnIxCYn8uI6KZ7VD7zysDM8i
10 7cP8ssLElERHXqOJc9T84bxsmJBjNXk2
10 7qHmEo1FEbzthgyNpKc38YofXjYKZv18
10 8FCtUQlFXsJnNeyiDY5KfE3vRy6sZFEJ
10 8pePxslMzXqA2mi87wFjxd44qDRdrPiW
10 9jfKbKGp40LjMuiiH9cce4bUo9y8nd0j
10 9PqZLdu143n5djN9mL1MCamrmHERuV7k
10 9Tar2wcD3Urge6s2yp18CAE8zX1poUwV
10 A4MixXbxP5t0RE87qkmAdwwPJO3Aw6rO
10 aFStfHbnQdPWqyRHEzhqe91Wch4O8xHJ
10 aMKlTMrptUxxTypCHocCTrqYRkR2gT8h
10 AOz67fZdaabu2QQyatGXK1dXNUIuyuOD
10 BIAd2jxKMFmitEvp0WmsM0oDAwj4WSUa
10 BmwX4bYhJXyImwt4AVHr7wFyLYCn4IIs
10 BooZo7QXA1Tft7d6zbVkgJiGoJzuBTXS
10 ByBO7V0FaYWN1cqIFbNss21xmjf9VNBP
10 CgUjZiluCoMEvzNAge1Nbv3g9tpLQQj2
10 CgvfWFmg5yxx12D2SZvjzaakG0JIyg7B
10 cOk5XehQn4Uoz1z255BqS8y74pthqBeC
10 dPk8jhZUckmUiDsn4fXE28LpV5VTvev7
10 DShzsMw0ejGwWSFIlvAybLwBLKX6qVfF
10 EgKFNgP4k1pMfGdrWRSiDIvSlAC0Tr42
10 EtevhzigGTVT4NbybBWK5DNXnPt2D5AM
10 fmt1Bzwt8Yw0t0cBVine7zuwyS76iJ7N
10 fSbQqHX7C5Er4WmMSlQ9jkl05sXYQgJU
10 ft7OpREehafXGOiX8EtyzEqXU8f3KRug
10 GCaJbpW4K28ukFR84YhZFY6e7MvAOwpX
10 GW8cRcKbnz53MAPYECx99O0T8POlPIFk
10 hevU1VzF39ZyhyYkCBgmVrY6DbiRt2t5
10 HloFLs5IpuFLuVJugBxKEipr5QaObJMk
10 iGmmKP7APsDfPxrZjCL7eDpGEWR3ot3q
10 IkJadTScIdBQY9a4KVjBEHyXKubCxSlx
10 JaFwKSH0hiff1XRuxVYCzjjtibV9P3zF
10 JQx6RCcNbAesB2lehrUl821WnJPI5gHW
10 K8GxBwF1vxLQB5PaqlcCGfRniemRScj4
10 kgf5CWCm26sycUzaAJRP7e6hYKVwu7Y4
10 KhRNo5JlbDhxbBqCGIokXqBm54v7Wunm
10 KqpxKPY3yIDdEVewIwuetpV0WvGIsN5U
10 KZJOZECxhLxDhxDbGzdNy8m0uplzvP11
10 L2iewY0lmIRR6arfrwWA3VhttgbJ0NIn
10 mMD5Z4y1rRh07rmVRw2HfgcMegbKH0c0
10 mUNISmDjtb3h6xAt3wGRVTY9U0r2u9bR
10 noa4sUvodI8D733ugvy2OAlttHdjMPWJ
10 o44oO4jbyPqoQQYX16586yC7Os2uz3ks
10 omBfcRI91Zm06GI0RLngq05AMwe8Ndqo
10 PHE4soLmy3nZfNOlX3jB8LYKYZRXuTah
10 pij5cPffIOml4tkDCOwo7M2zyxImYJWm
10 PLsGPuNgYzI8YNu2Y7h4D4vz1nHPSuNl
10 pngaDVKjQWnWHOOUze15L3QpwqKme5M9
10 PRerp5EfTVxJHKuCZDXfAfRyCQSdPjMi
10 prq3SdTnv0vUMlcfcb4yvkl6GAXvtwWE
10 q3dcRUh6vecqwa2ahKdvwWJDon3qA1Xe
10 qEi18Iw0qI0fe3fGMr6tTPpL6SbPMjk3
10 QPVchwY9MCJJ1W6kCWMncGWK2YfcUlFE
10 QQozajTq9wdmrO8AMwcL1i4EG0DA3I3a
10 QWumJVhaTjgcTVU6PILDgf5nPauD4VMm
10 RAM7lFRXtvR3BlgtbRU3dz5UxZYQQ06I
10 RAp5mFyjEBVSRTU203Y4Q1RDSlj7hN1v
10 rENclsy8XIuTnTvJfXagTFpcd78FX8WM
10 rhquEZ5rMuUSRIxtG9DQ6KVOyqPpL0MP
10 RpRE5maDwMQTa8oJt7vVNqff7ElrjLTq
10 s8SnoFuk0jR1CTdQ7pctd67nakJWN2Vc
10 sapgezVFdEYdD3IkqFZGaXcKG4z5P4KR
10 sBDaWzvCbXUiXcP9to4j8o716bXI0inx
10 SCuPKgJN6pAfwgoCy2Ech2U0DTfriL9q
10 Sd14OpeUCugURrfuu47xRwMGB1U6OSzB
10 SeSKZp3f2Lo9JAKP17WmkD2Nnl6I5knE
10 SnF0df244Nioa8VK7fAC8dfc9jQpAx4Y
10 Su9w1lri9UACf53cL1evAMKXVgI0nfqe
10 tgHSfEXcbYCejWXfsWDO4VXXbqtTVcqS
10 tVm8L7CmsGG0cox6GpzlkbQYl0Yavx6i
10 ULGqvJWOAtmPYINByDHwD0r9Mlf5niGK
10 UuNP4xguSOjcTHAzdtHBgm2eNz1Z5133
10 VPlmPWbTDtWppKumxNRUeeXklDk5GpRx
10 w6x5XtaoRWDqMCsYxgZIWuOKVdiGByAu
10 wcX8FCnaWngvBoYa5LrRlDsfRrr3C4kv
10 Wr4hWlUhGCKJpGDCeio8C1pLVt7DZm3X
10 WVQJq1JYFGgtR69JgWxUAKPb0RaKc90J
10 xEkmXBLggW8r1alEgwNX6ZIM6GGCsfmF
10 YbfaJNckJrgh9TvEBScUaEUCRhDJcgIL
10 ylbAYB5vBiEAmViEQOBwITUwjSZkwC7Q
10 ysKmfYcysVfnViisRBcXzgjjXMDgnKKv
10 YZMapJFORxWg84gej4UzQvGYSqBmsPOo
10 Z6SdYkOf5loRVj4uRk6cNiz10RfPnwNy
10 zokSjnkcDj1hdGEBE4feukfCtFmv82ZZbandit8@bandit:~$ cat data.txt | sort | uniq -c | grep -v 10
bandit8@bandit:~$ cat data.txt | sort | uniq -c | grep -v 10
1 4CKMh1JI91bUIZZPXDqGanal4xvAg0JMpassword of bandit9 - 4CKMh1JI91bUIZZPXDqGanal4xvAg0JM
Bandit Level 9 - Level 10
bandit9@bandit:~$ strings data.txt | grep "="
bandit9@bandit:~$ strings data.txt | grep "="
}========== the
p\l=
;c<Q=.dEXU!
3JprD========== passwordi
qC(=
~fDV3========== is
7=oc
zP=
~de=
3k=fQ
~o=0
69}=
%"=Y
=tZ~07
D9========== FGUW5ilLVJrxX9kMYMmlN4MgbpfMiqey
N=~[!N
zA=?0jpassword of bandit10 - FGUW5ilLVJrxX9kMYMmlN4MgbpfMiqey
Bandit Level 10 - Level 11
bandit10@bandit:~$ base64 --decode data.txt
bandit10@bandit:~$ pwd
/home/bandit10
bandit10@bandit:~$ ls
data.txt
bandit10@bandit:~$ base64 --decode data.txt
The password is dtR173fZKb0RRsDFSGsg2RWnpNVj3qRrpassword of bandit11 - dtR173fZKb0RRsDFSGsg2RWnpNVj3qRr
Bandit Level 11 - Level 12
bandit11@bandit:~$ cat data.txt
bandit11@bandit:~$ pwd
/home/bandit11
bandit11@bandit:~$ ls -la
total 24
drwxr-xr-x 2 root root 4096 Sep 19 2024 .
drwxr-xr-x 70 root root 4096 Sep 19 2024 ..
-rw-r--r-- 1 root root 220 Mar 31 2024 .bash_logout
-rw-r--r-- 1 root root 3771 Mar 31 2024 .bashrc
-rw-r----- 1 bandit12 bandit11 49 Sep 19 2024 data.txt
-rw-r--r-- 1 root root 807 Mar 31 2024 .profile
bandit11@bandit:~$ cat data.txt
Gur cnffjbeq vf 7k16JArUVv5LxVuJfsSVdbbtaHGlw9D4Rotate 13 - Gur cnffjbeq vf 7k16JArUVv5LxVuJfsSVdbbtaHGlw9D4
Using the decode.com page to rotate.
bandit11@bandit:~$ cat data.txt | tr [a-m][n-z] [n-z][a-m] | tr [A-M][N-Z] [N-Z][A-M]
bandit11@bandit:~$ cat data.txt | tr [a-m][n-z] [n-z][a-m] | tr [A-M][N-Z] [N-Z][A-M]
The password is 7x16WNeHIi5YkIhWsfFIqoognUTyj9Q4password of bandit12 - 7x16WNeHIi5YkIhWsfFIqoognUTyj9Q4
Bandit Level 12 - Level 13
A file compressed many times with gzip, bzip2 and tar.
xxd is used to determine what type of file is
bandit12@bandit:~$ pwd
/home/bandit12
bandit12@bandit:~$ ls -la
total 24
drwxr-xr-x 2 root root 4096 Sep 19 2024 .
drwxr-xr-x 70 root root 4096 Sep 19 2024 ..
-rw-r--r-- 1 root root 220 Mar 31 2024 .bash_logout
-rw-r--r-- 1 root root 3771 Mar 31 2024 .bashrc
-rw-r----- 1 bandit13 bandit12 2583 Sep 19 2024 data.txt
-rw-r--r-- 1 root root 807 Mar 31 2024 .profile
bandit12@bandit:~$ mkdir /tmp/solution_level12
bandit12@bandit:~$ xxd -r data.txt > /tmp/solution_level12/data.txt
bandit12@bandit:~$ cd /tmp/solution_level12
bandit12@bandit:/tmp/solution_level12$ pwd
/tmp/solution_level12
bandit12@bandit:/tmp/solution_level12$ ls
data.txt
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17016
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:19 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:19 ..
-rw-rw-r-- 1 bandit12 bandit12 607 Mar 23 02:19 data.txt
bandit12@bandit:/tmp/solution_level12$ file data.txt
data.txt: gzip compressed data, was "data2.bin", last modified: Thu Sep 19 07:08:15 2024, max compression, from Unix, original size modulo 2^32 574
bandit12@bandit:/tmp/solution_level12$ mv data.txt data.gz
bandit12@bandit:/tmp/solution_level12$ gunzip data.gz
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17016
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:20 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:20 ..
-rw-rw-r-- 1 bandit12 bandit12 574 Mar 23 02:19 data
bandit12@bandit:/tmp/solution_level12$ file data
data: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/solution_level12$ mv data data.bz2
bandit12@bandit:/tmp/solution_level12$ bunzip2 data.bz2
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17016
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:21 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:21 ..
-rw-rw-r-- 1 bandit12 bandit12 432 Mar 23 02:19 data
bandit12@bandit:/tmp/solution_level12$ file data
data: gzip compressed data, was "data4.bin", last modified: Thu Sep 19 07:08:15 2024, max compression, from Unix, original size modulo 2^32 20480
bandit12@bandit:/tmp/solution_level12$ mv data data.gz
bandit12@bandit:/tmp/solution_level12$ gunzip data.gz
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17032
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:21 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:21 ..
-rw-rw-r-- 1 bandit12 bandit12 20480 Mar 23 02:19 data
bandit12@bandit:/tmp/solution_level12$ file data
data: POSIX tar archive (GNU)
bandit12@bandit:/tmp/solution_level12$ mv data data.tar
bandit12@bandit:/tmp/solution_level12$ tar -xf data.tar
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17044
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:22 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:22 ..
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.bin
-rw-rw-r-- 1 bandit12 bandit12 20480 Mar 23 02:19 data.tar
bandit12@bandit:/tmp/solution_level12$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/solution_level12$ mv data5.bin data5.tar
bandit12@bandit:/tmp/solution_level12$ la -la
total 17044
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:22 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:22 ..
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.tar
-rw-rw-r-- 1 bandit12 bandit12 20480 Mar 23 02:19 data.tar
bandit12@bandit:/tmp/solution_level12$ tar -xf data5.tar
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17048
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:22 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:22 ..
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.tar
-rw-r--r-- 1 bandit12 bandit12 221 Sep 19 2024 data6.bin
-rw-rw-r-- 1 bandit12 bandit12 20480 Mar 23 02:19 data.tar
bandit12@bandit:/tmp/solution_level12$ file data.tar
data.tar: POSIX tar archive (GNU)
bandit12@bandit:/tmp/solution_level12$ tar -xf data.tar
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17060
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:23 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:23 ..
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.bin
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.tar
-rw-r--r-- 1 bandit12 bandit12 221 Sep 19 2024 data6.bin
-rw-rw-r-- 1 bandit12 bandit12 20480 Mar 23 02:19 data.tar
bandit12@bandit:/tmp/solution_level12$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/solution_level12$ mv data6.bin data6.bz2
bandit12@bandit:/tmp/solution_level12$ bunzip2 data6.bz2
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17068
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:24 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:24 ..
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.bin
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.tar
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data6
-rw-rw-r-- 1 bandit12 bandit12 20480 Mar 23 02:19 data.tar
bandit12@bandit:/tmp/solution_level12$ file data6
data6: POSIX tar archive (GNU)
bandit12@bandit:/tmp/solution_level12$ mv data6 data6.tar
bandit12@bandit:/tmp/solution_level12$ tar -xf data6.tar
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17072
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:24 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:24 ..
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.bin
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.tar
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data6.tar
-rw-r--r-- 1 bandit12 bandit12 79 Sep 19 2024 data8.bin
-rw-rw-r-- 1 bandit12 bandit12 20480 Mar 23 02:19 data.tar
bandit12@bandit:/tmp/solution_level12$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Thu Sep 19 07:08:15 2024, max compression, from Unix, original size modulo 2^32 49
bandit12@bandit:/tmp/solution_level12$ mv data8.bin data8.gz
bandit12@bandit:/tmp/solution_level12$ gunzip data8.gz
bandit12@bandit:/tmp/solution_level12$ ls -la
total 17072
drwxrwxr-x 2 bandit12 bandit12 4096 Mar 23 02:25 .
drwxrwx-wt 1 root root 17412096 Mar 23 02:25 ..
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.bin
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data5.tar
-rw-r--r-- 1 bandit12 bandit12 10240 Sep 19 2024 data6.tar
-rw-r--r-- 1 bandit12 bandit12 49 Sep 19 2024 data8
-rw-rw-r-- 1 bandit12 bandit12 20480 Mar 23 02:19 data.tar
bandit12@bandit:/tmp/solution_level12$ file data8
data8: ASCII text
bandit12@bandit:/tmp/solution_level12$ cat data8
The password is FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAnpassword of bandit13 - FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn
Bandit Level 13 - Level 14
bandit13@bandit:~$ cat sshkey.private
bandit13@bandit:~$ cat sshkey.private
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxkkOE83W2cOT7IWhFc9aPaaQmQDdgzuXCv+ppZHa++buSkN+
gg0tcr7Fw8NLGa5+Uzec2rEg0WmeevB13AIoYp0MZyETq46t+jk9puNwZwIt9XgB
ZufGtZEwWbFWw/vVLNwOXBe4UWStGRWzgPpEeSv5Tb1VjLZIBdGphTIK22Amz6Zb
ThMsiMnyJafEwJ/T8PQO3myS91vUHEuoOMAzoUID4kN0MEZ3+XahyK0HJVq68KsV
ObefXG1vvA3GAJ29kxJaqvRfgYnqZryWN7w3CHjNU4c/2Jkp+n8L0SnxaNA+WYA7
jiPyTF0is8uzMlYQ4l1Lzh/8/MpvhCQF8r22dwIDAQABAoIBAQC6dWBjhyEOzjeA
J3j/RWmap9M5zfJ/wb2bfidNpwbB8rsJ4sZIDZQ7XuIh4LfygoAQSS+bBw3RXvzE
pvJt3SmU8hIDuLsCjL1VnBY5pY7Bju8g8aR/3FyjyNAqx/TLfzlLYfOu7i9Jet67
xAh0tONG/u8FB5I3LAI2Vp6OviwvdWeC4nOxCthldpuPKNLA8rmMMVRTKQ+7T2VS
nXmwYckKUcUgzoVSpiNZaS0zUDypdpy2+tRH3MQa5kqN1YKjvF8RC47woOYCktsD
o3FFpGNFec9Taa3Msy+DfQQhHKZFKIL3bJDONtmrVvtYK40/yeU4aZ/HA2DQzwhe
ol1AfiEhAoGBAOnVjosBkm7sblK+n4IEwPxs8sOmhPnTDUy5WGrpSCrXOmsVIBUf
laL3ZGLx3xCIwtCnEucB9DvN2HZkupc/h6hTKUYLqXuyLD8njTrbRhLgbC9QrKrS
M1F2fSTxVqPtZDlDMwjNR04xHA/fKh8bXXyTMqOHNJTHHNhbh3McdURjAoGBANkU
1hqfnw7+aXncJ9bjysr1ZWbqOE5Nd8AFgfwaKuGTTVX2NsUQnCMWdOp+wFak40JH
PKWkJNdBG+ex0H9JNQsTK3X5PBMAS8AfX0GrKeuwKWA6erytVTqjOfLYcdp5+z9s
8DtVCxDuVsM+i4X8UqIGOlvGbtKEVokHPFXP1q/dAoGAcHg5YX7WEehCgCYTzpO+
xysX8ScM2qS6xuZ3MqUWAxUWkh7NGZvhe0sGy9iOdANzwKw7mUUFViaCMR/t54W1
GC83sOs3D7n5Mj8x3NdO8xFit7dT9a245TvaoYQ7KgmqpSg/ScKCw4c3eiLava+J
3btnJeSIU+8ZXq9XjPRpKwUCgYA7z6LiOQKxNeXH3qHXcnHok855maUj5fJNpPbY
iDkyZ8ySF8GlcFsky8Yw6fWCqfG3zDrohJ5l9JmEsBh7SadkwsZhvecQcS9t4vby
9/8X4jS0P8ibfcKS4nBP+dT81kkkg5Z5MohXBORA7VWx+ACohcDEkprsQ+w32xeD
qT1EvQKBgQDKm8ws2ByvSUVs9GjTilCajFqLJ0eVYzRPaY6f++Gv/UVfAPV4c+S0
kAWpXbv5tbkkzbS0eaLPTKgLzavXtQoTtKwrjpolHKIHUz6Wu+n4abfAIRFubOdN
/+aLoRQ0yBDRbdXMsZN/jvY44eM+xRLdRVyMmdPtP8belRi2E2aEzA==
-----END RSA PRIVATE KEY-----Using the sshkey.private of bandit14 in the console of bandit13 login as bandit14 to the localhost on port 2220.
With the sshkey.private you will connect as bandit14.
bandit14@bandit:~$ cat /etc/bandit_pass/bandit14
bandit14@bandit:~$ cat /etc/bandit_pass/bandit14
MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvSpassword of bandit14 - MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS
Bandit Level 14 - Level 15
bandit13@bandit:~$ ssh -p2220 -i sshkey.private bandit14@localhost
Note: The key is in bandit13 home directory. Initiate the login process after logging in as bandit13 and use the sshkey.private file.
bandit13@bandit:~$ ssh -p2220 -i sshkey.private bandit14@localhost
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit13/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit13/.ssh/known_hosts).
_ _ _ _
| |__ __ _ _ __ __| (_) |_
| '_ \ / _` | '_ \ / _` | | __|
| |_) | (_| | | | | (_| | | |_
|_.__/ \__,_|_| |_|\__,_|_|\__|
This is an OverTheWire game server.
More information on http://www.overthewire.org/wargames
!!! You are trying to log into this SSH server with a password on port 2220 from localhost.
!!! Connecting from localhost is blocked to conserve resources.
!!! Please log out and log in again.
,----.. ,----, .---.
/ / \ ,/ .`| /. ./|
/ . : ,` .' : .--'. ' ;
. / ;. \ ; ; / /__./ \ : |
. ; / ` ; .'___,/ ,' .--'. ' \' .
; | ; \ ; | | : | /___/ \ | ' '
| : | ; | ' ; |.'; ; ; \ \; :
. | ' ' ' : `----' | | \ ; ` |
' ; \; / | ' : ; . \ .\ ;
\ \ ', / | | ' \ \ ' \ |
; : / ' : | : ' |--"
\ \ .' ; |.' \ \ ;
www. `---` ver '---' he '---" ire.org
Welcome to OverTheWire!
If you find any problems, please report them to the #wargames channel on
discord or IRC.
--[ Playing the games ]--
This machine might hold several wargames.
If you are playing "somegame", then:
* USERNAMES are somegame0, somegame1, ...
* Most LEVELS are stored in /somegame/.
* PASSWORDS for each level are stored in /etc/somegame_pass/.
Write-access to homedirectories is disabled. It is advised to create a
working directory with a hard-to-guess name in /tmp/. You can use the
command "mktemp -d" in order to generate a random and hard to guess
directory in /tmp/. Read-access to both /tmp/ is disabled and to /proc
restricted so that users cannot snoop on eachother. Files and directories
with easily guessable or short names will be periodically deleted! The /tmp
directory is regularly wiped.
Please play nice:
* don't leave orphan processes running
* don't leave exploit-files laying around
* don't annoy other players
* don't post passwords or spoilers
* again, DONT POST SPOILERS!
This includes writeups of your solution on your blog or website!
--[ Tips ]--
This machine has a 64bit processor and many security-features enabled
by default, although ASLR has been switched off. The following
compiler flags might be interesting:
-m32 compile for 32bit
-fno-stack-protector disable ProPolice
-Wl,-z,norelro disable relro
In addition, the execstack tool can be used to flag the stack as
executable on ELF binaries.
Finally, network-access is limited for most levels by a local
firewall.
--[ Tools ]--
For your convenience we have installed a few useful tools which you can find
in the following locations:
* gef (https://github.com/hugsy/gef) in /opt/gef/
* pwndbg (https://github.com/pwndbg/pwndbg) in /opt/pwndbg/
* gdbinit (https://github.com/gdbinit/Gdbinit) in /opt/gdbinit/
* pwntools (https://github.com/Gallopsled/pwntools)
* radare2 (http://www.radare.org/)
--[ More information ]--
For more information regarding individual wargames, visit
http://www.overthewire.org/wargames/
For support, questions or comments, contact us on discord or IRC.
Enjoy your stay!
bandit14@bandit:~$
bandit14@bandit:~$ telnet localhost 30000
bandit14@bandit:~$ telnet localhost 30000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
paste the password of bandit14: MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS
Correct!
8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
Connection closed by foreign host.bandit14@bandit:~$ echo "MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS" | nc localhost 30000
Correct!
8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQopassword of bandit15 - 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
Bandit Level 15 - Level 16
bandit15@bandit:~$ echo "8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo" > /tmp/passbandit15.txt
Create a file with the password of the previous bandit15
bandit15@bandit:~$ openssl s_client localhost:30001 < /tmp/passbandit15.txt