Denton's Blog

A cybersecurity and tech focused blog from a college student

Bandit Writeup - OverTheWire

NOTE: This writeup is going to be broken up into multiple posts; one for each level. Scrolling past the section labeled, My Experience, you will find post links for each level walkthrough as I release them and update this article. Breaking down the overall writeup like this will make it much easier for me to write for each level, easier for people to find specific levels they may need, and avoid an extremely long post.

Over the past year, I kept hearing about this cybersecurity game called, OverTheWire: Wargames. Curious, once I finally had some free time, I sat down to give it a try and see what it was all about. For anyone looking to learn more and/or practice their cybersecurity skills, this is a really fun way of doing that and I’d recommend it. I’ve only played through Bandit so far, which is aimed at beginners, but it gave me a chance to practice commands I already knew, and learn a lot more.

OverTheWire Logo

What is OverTheWire: Wargames?

It’s a collection of cybersecurity practice material called, wargames, which are offered and put together by the OverTheWire community and are meant to help people learn and practice cybersecurity concepts through fun, game-like levels. There are 16 wargames in total, 12 of which can be played through their website, and another 4 which are available for download. Each wargame focuses on a different area of cybersecurity, offering a variety of difficulties and concepts to learn about. All of their games and more information related to each one can be found on their website, https://overthewire.org/wargames/.

My Experience

I started with the wargame, Bandit. It’s suggested as the first one that people should play if they’re wanting to play in order and is recommended for and aimed at absolute beginners. It’s meant to teach the basics that are needed for playing the other wargames, as well as an introduction to user commands and the command line. I started it back on February 18th of this year, and finally beat it May 17th. I sat down to play through it five different times, each time spending anywhere from 30 minutes to 2 hours.

The game isn’t long, but if you’re unfamiliar with any of the concepts or commands, you will spend quite a bit of time reading man pages and trying different things. By no means is that a bad thing though, the whole point of these games are to learn. There were levels I could easily speed through and others where I was searching through a handful of different resources just to better understand a couple of the commands mentioned.

Early on, most of the levels went through pretty basic commands. Some of the levels seemed so tedious in what they were requiring, but they gave opportunities to learn better ways for finding the passwords. As the levels went on, they introduced concepts that I would have never even thought of, and there were quite a few that had taken concepts I was aware of but twisted them in a way that really surprised me.

Level Walkthrough

For each level I’ve tried my best to take notes regarding my process for solving it and anything else I may have learnt. I’m going to do my best to hide any credentials in any screenshots I share in here to follow the rules. NOTE, passwords for levels do occasionally change so if you found a writeup that lists them, they might no longer be the current password. Below you will find my post links for each level walkthrough; I will do my best to post each one as soon as possible and update this regularly, as I release each post.

Level 0 - SSH Login
Level 1 - File Reading
Level 2 - Accessing Unusually Named Files
Level 3 - Spaces In a Filename
Level 4 - Hidden Files