Quantcast

Description :-

The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.

Level 0 :-

The goal of this level is to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org. The username is bandit0 and the password is bandit0 and boom 😀
Password :- boJ9jbbUNNfktd78OOpsqOltutMc3MY1

wargame-bandit-0

Wargame-Bandit Level 0

Level 1 :-

The password for the next level is stored in a file called readme located in the home directory.  😉
Password :- CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

wargame-bandit-1

Wargame-Bandit Level 1

Level 2 :-

The password for the next level is stored in a file called spaces in this filename located in the home directory. 🙂
Password :- UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

wargame-bandit-2

Wargame-Bandit Level 2

Level 3 :-

The password for the next level is stored in a hidden file in the inhere directory. 🙂
Password :- pIwrPrtPN36QITSp3EQaw936yaFoFgAB

wargame-bandit-3

Wargame-Bandit Level 3

Level 4 :-

The password for the next level is stored in the only human-readable file in the inhere directory. Let’s see what file types we have. 🙂
Password :- koReBOKuIDDepwhWk7jZC0RTdopnAYKh

wargame-bandit-4

Wargame-Bandit Level 4

Level 5 :-

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties: – human-readable – 1033 bytes in size – not executable. 🙂
Password :- DXjZPULLxYr17uwoI01bNLQbtFemEgo7

wargame-bandit-5

Wargame-Bandit Level 5

Level 6 :-

The password for the next level is stored somewhere on the server and has all of the following properties: – owned by user bandit7 – owned by group bandit6 – 33 bytes in size. 🙂
Password : HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

wargame-bandit-6

Wargame-Bandit Level 6

Level 7 :-

The password for the next level is stored in the file data.txt next to the word millionth. 🙂
Password : cvX2JJa4CFALtqS87jk27qwqGhBM9plV

wargame-bandit-7

Wargame-Bandit Level 7

Level 8 :-

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once. 🙂
Password : UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

wargame-bandit-8

Wargame-Bandit Level 8

Level 9 :-

The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters. 🙂
Password : truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

wargame-bandit-9

Wargame-Bandit Level 9

Level 10 :-

The password for the next level is stored in the file data.txt, which contains base64 encoded data. 🙂
Password : IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

wargame-bandit-10

Wargame-Bandit Level 10

Level 11 :-

The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions. 🙂
Password : 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

wargame-bandit-11

Wargame-Bandit Level 11

Level 12 :-

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level, it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!). 🙂
Password : 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

wargame-bandit-12-1

Wargame-Bandit Level 12 – 1

wargame-bandit-12-2

Wargame-Bandit Level 12 – 2

wargame-bandit-12-3

Wargame-Bandit Level 12 – 3

Level 13 :-

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on. 🙂
Password : 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

wargame-bandit-13-1

Wargame-Bandit Level 13 – 1

wargame-bandit-13-2

Wargame-Bandit Level 13 – 2

Level 14 :-

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost. 🙂
Password : BfMYroe26WYalil77FoDi9qh59eK5xNr

wargame-bandit-14

Wargame-Bandit Level 14

Level 15 :-

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command… 🙂

Password : cluFn7wTiGryunymYOu4RcffSxQluehd

wargame-bandit-15

Wargame-Bandit Level 15

Level 16 :-

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it. 🙂
Password : cluFn7wTiGryunymYOu4RcffSxQluehd

wargame-bandit-16-1

Wargame-Bandit Level 16 – 1

wargame-bandit-16-2

Wargame-Bandit Level 16 – 2

Level 17 :-

There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new.

NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19. 🙂

Password : kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

wargame-bandit-17-1

Wargame-Bandit Level 17 – 1

wargame-bandit-17-2

Wargame-Bandit Level 17 – 2

Level 18 :-

The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH. 🙂
Password : IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

wargame-bandit-18

Wargame-Bandit Level 18

Level 19 :-

To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used to setuid binary. 🙂
Password : GbKksEFF4yrVs6il55v6gwY5aVje5f0j

wargame-bandit-19

Wargame-Bandit Level 19

Level 20 :-

There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).

NOTE: To beat this level, you need to login twice: once to run the setuid command, and once to start a network daemon to which the setuid will connect.

NOTE 2: Try connecting to your own network daemon to see if it works as you think. 🙂

Password : gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

wargame-bandit-20

Wargame-Bandit Level 20

Level 21 :-

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. 🙂
Password : Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

wargame-bandit-21

Wargame-Bandit Level 21

Level 22 :-

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints. 🙂

Password : jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n

wargame-bandit-22

Wargame-Bandit Level 22

Level 23 :-

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around… 🙂

Password : UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

wargame-bandit-23

Wargame-Bandit Level 23

Level 24 :-

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing. 🙂
Password : uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG

Code :

#!/bin/bash

for i in {0000..9999}
do
echo "$i *************"
echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i" | ncat 127.0.0.1 30002
done
wargame-bandit-24-1

Wargame-Bandit Level 24-1

wargame-bandit-24-2

Wargame-Bandit Level 24-2

Level 25 :-

Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it. 🙂
Password : 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z

wargame-bandit-25-1

Wargame-Bandit Level 25-1

wargame-bandit-25-2

Wargame-Bandit Level 25-2

wargame-bandit-25-3

Wargame-Bandit Level 25-3

wargame-bandit-25-4

Wargame-Bandit Level 25-4

Level 26 :-

At this moment, level 26 does not exist yet. 🙁

Categories: Tutorial

Choudhary Muhammad Osama

This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.