This is my process to solving OverTheWire Bandit Wargame Levels 0-27
#Level 0 - logging into bandit, using the specific port and username
ssh bandit.labs.overthewire.org -p2220 -l bandit0
#Currently bandit0 has an error where it will not accept the password on first try
#Solution to password failing is to on purpose write a wrong password
#(I wrote "bandit()" then on second request type in the right password "bandit0"
bandit()
bandit0
#Level 1- look in commands typing ls
ls
#home directory has a readme file. to read the file type "cat readme"
cat readme
#a code is given " boJ9jbbUNNfktd78OOpsqOltutMc3MY1 ", save code for next part of level
#Level 1
#need to log into level 1 so use the original ssh log in but change "bandit0" to "bandit1"
ssh bandit.labs.overthewire.org -p2220 -l bandit1
#type in code given in bandit0
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
#Now that we are in, lets check home directory like last time to find the next password
ls
#only a dash is showing up so lets see if we can read the dash
cat -
#cat and just a dash does not work. Lets try to find the exact file that - is holding
cat < -
#The file holds the next password which is " CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 "
#Now we need to log into Level 2
#Level 2
ssh bandit.labs.overthewire.org -p2220 -l bandit2
#Next we will use the password given to us " CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9 "
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
#Next we got to find the directory that holds the next password.
#Clue is "spaces in this filename" the "cat < spaces in this filename" will not work but typing in "cat spa "
#then pressing the Tab button will work to find this folder within folders file
#because spaces is probably the only file that starts out with that exact name
cat spaces\ in\ this\ filename
#password gotten is " UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK "
#Level 3
#Now we log into ssh bandit.labs.overthewire.org -p2220 -l bandit3
ssh bandit.labs.overthewire.org -p2220 -l bandit3
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
#Using ls can lead to finding "inhere" file, but "cat inhere" does not work in showing what is inside.
#Need to find the hidden file.
#we can do that by ls. then a file called inhere will show.
#we need to go inside inhere by cd, and then ls -la to look at all the files and their names inside.
#one file name is .hidden and we can cat .hidden
ls
cat inhere
cd inhere
ls -la
cat .hidden
#Password shows up in .hidden, password is " pIwrPrtPN36QITSp3EQaw936yaFoFgAB "
#Level 4
# logging into ssh bandit.labs.overthewire.org -p2220 -l bandit4
ssh bandit.labs.overthewire.org -p2220 -l bandit4
#Enter password " pIwrPrtPN36QITSp3EQaw936yaFoFgAB "
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
#looks at files and find inhere
ls
#next we need to see what is inside inhere
cd inhere
ls
#a bunch of files will appear, but typing in there names will not reveal anything if using cat
#best way to look through the files is to type " ./* " to search through them,
#doing so shows that one file is different than the others and has text
./*
#next lets use ./ with the cat and the file name to read it
cat ./-file07
#It reveals a password inside " koReBOKuIDDepwhWk7jZC0RTdopnAYKh "
#Level 5
#Let's Log in and put the password into lvl 5
ssh bandit.labs.overthewire.org -p2220 -l bandit5
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
#Lets look at whats in the directory
ls
#inhere is still present so let's cd it
cd inhere
#lets see whats inside inhere
ls
#alot of files labelled as " maybehere " but using ./* does not work. using find ./*
#shows the files but only some have different aspects to them but we do not see what meets the requirement of this level.
#to run a specific search on the requirements of this level,
#which is "human-readable, 1033 bytes in size, not executable," we need to run a specific search
#multiple ways to look for the right file with those properties.
#Most of the files are readable text but only one has 1033c.
#You can use a code to find the 1033c either by "find -size 1033"
#or you can look up the exact properties and include cat to read that file at the end
#using " find . -type f -size 1033c -exec cat {} \;"
find . -type f -size 1033c -exec cat {} \;
#password gathered is " DXjZPULLxYr17uwoI01bNLQbtFemEgo7 "
#Level 6
#Lets log in and using the password
ssh bandit.labs.overthewire.org -p2220 -l bandit6
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
#ls does not work at all for finding the folders
# using find / -user bandit7 does bring up some files but Permission is denied
# typing in the exact requirements " find / -user bandit7 -group bandit6 -size 33c "
#brings up more specific areas and permission denied but one section is not denied.
#type in find / -user bandit7 -group bandit6 -size 33c again but add to the end " 2>/dev/null/"
#which redirects back to the point after reading without showing the full out put of the other files, and " cat {} \; "
#to show what is inside without having to type it out in a new line
find / -user bandit7 -group bandit6 -size 33c 2>/dev/null -exec cat {} \;
#The password shown is " HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs "
#Level 7
#Log in and use password
ssh bandit.labs.overthewire.org -p2220 -l bandit7
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
#if using ls a file called data.txt appears.
ls
#using cat data.txt led to a lare list of words and codes inside. none in order,
#but the word "millionth" should be in the txt file and next to it the password.
cat data.txt
#use grep millionth data.txt to find the word "millionth" without manually scrolling through the txt file.
grep millionth data.txt
#password found is " cvX2JJa4CFALtqS87jk27qwqGhBM9plV "
#Level 8
#Log into level 8 and use the password
ssh bandit.labs.overthewire.org -p2220 -l bandit8
cvX2JJa4CFALtqS87jk27qwqGhBM9plV
#just like level 7, use the cat data.txt to see what is in the data.txt file
cat data.txt
#there is no list, just everything is a mess.
#the instructions says that there is only one line of text that occurs once
#we can use a code to find that one text line
# we can use sort data.txt | uniq -u
sort data.txt | uniq -u
#this gives us the next password
#" UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR "
#Level 9
#Log in and use password
ssh bandit.labs.overthewire.org -p2220 -l bandit9
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
#this file is unreadable except for some strings that have "=" in it.
#there is a way to use strings, but I will use grep
#to use grep, you will need to use "-a" which can read text files
#so the overall code would be " grep -a == data.txt "
grep -a == data.txt
#the password shows up a couple of times using "="
#but only one that shows a line of text that could be readable
# " truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk "
#Level 10
#Log in and put in the password
ssh bandit.labs.overthewire.org -p2220 -l bandit10
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
#Using cat data.txt you will get a long code which is something encoded
cat data.txt
#The encode will be
# " VGhlIHBhc3N3b3JkIGlzIElGdWt3S0dzRlc4TU9xM0lSRnFyeEUxaHhUTkViVVBSCg== "
#The instructions say that this encode uses base64 which is a form of encryption
#We need to decode the encryption using " base64 -d data.txt "
base64 -d data.txt
#It worked! The code decrypts to " IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR "
#Level 11
#Log in and use the password
ssh bandit.labs.overthewire.org -p2220 -l bandit11
IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
#This requires a little bit of shifting letters in encryption
#we have to shift the letters over by 13
#best way to figure this out is ROT13 decoder
#I used rot13.com to figure out the cat data.txt it gave
cat data.txt
#code is " Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh "
#rot13.com says that decoded it is
#" The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu "
#Level 12
#log into the level and put the password in
ssh bandit.labs.overthewire.org -p2220 -l bandit12
5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
#cat data.txt is used to read the file and it shows many compressed files
cat data.txt
#the clues say we need to create a directory under /tmp and use mkdir
#first I want to start a reverse file and put it into a bin file
#I am naming the bin file, honeybee.bin though it can be called anything
#this file can be used repeatedly as a source to revert the data.txt file
#honeybee.bin will now serve as anything relating to data.txt info now
xxd -r data.txt honeybee.bin
#next we will use file to also work with honeybee.bin
#to find out what compression method was used on data.txt
file honeybee.bin
#we now find out gzip is how data.txt/honeybee.bin was compressed into a hexdump
#we now need to find a way to decompress a gzip file
#this method will use zcat and bcat to decompress
#zcat will start off compressing and now we will
#set up a way for " file - " to be linked to read honeybee.bin
#as we start compressing and decompressing the multiple compressions
#originally done to data.txt/honeybee.bin's hexdump
#using " | " to keep linking more outputs for bzcat decompressions
zcat honeybee.bin | file -
#the output says bzip2 so we must now add bzcat to the extension list
#to decompress
zcat honeybee.bin | bzcat | file -
#the output says gzip again which means that we must use zcat again
#because the user compressed the original file with gzip again at this point
zcat honeybee.bin | bzcat | zcat | file -
#The output gives us a tar extension of the file locations compression
#for multiple files that are more than 2 to be stored for extraction.
#we will use tar and whatever other extensions zcat gives
#so we can continue to decompress
#we are going to put x0 for the number of times tar has been outputted
#since we only see tar once, we will extract x0
zcat honeybee.bin | bzcat | zcat | tar xO | file -
#we see tar again so add it to the chain
zcat honeybee.bin | bzcat | zcat | tar xO | tar xO | file -
#we see bzip2 again so need to add zcat to decompress
zcat honeybee.bin | bzcat | zcat | tar xO | tar xO | bzcat | tar xO | zcat | file -
# we now see something called " ASCII text "
#since we see text that must mean
#we have reached the honeybee.bin/data.txt to a readable file
#we will now take out " | file - " so we can decompress this chaining
#and read it without
#linking anything else to the chain
zcat honeybee.bin | bzcat | zcat | tar xO | tar xO | bzcat | tar xO | zcat
# the file decompresses and reads
#The password is " 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL "
#Level 13
#instead of looking for a password, we need to look for the ssh key
#to log into the next next level
#to look into this level there needs to be an understanding
#of public and private keys
#as well as key based ssh logins
#so first we need to login and use the password
#then we need to see the ssh private key for this level
ssh bandit.labs.overthewire.org -p2220 -l bandit13
8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
#now we type in the was to see the private key
cat sshkey.private
#we now see the private key which is an encryption code
#we do not need to decrypt the key, but use it to unlock the local host
ssh bandit14@localhost -i sshkey.private
#this lets us use the local host and the private key to
#get to the bandit14 user
#but we still need the password
#the location of the password was already given to us in the instructions
#now we just need to cat it to see if the password is there
cat /etc/bandit_pass/bandit14
#there's the password " 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e "
#now lets use the private key and bandit14's login and ssh key
ssh -i ./sskey.private bandit14@localhost
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
#We're in.
#Level 14
ssh bandit.labs.overthewire.org -p2220 -l bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
#We do not need to log in or use a password since we already logged in
#now we need to know the password for the next level
#this level is saying we need to use port 30000 for localhost
#we can netcat or nc to access it
nc localhost 30000
#we need a password which should be the same password for this lab
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
#we receive a password ' BfMYroe26WYalil77FoDi9qh59eK5xNr '
#Level 15
ssh bandit.labs.overthewire.org -p2220 -l bandit15
BfMYroe26WYalil77FoDi9qh59eK5xNr
#For this level we gotta know some openssl
#using the reading material offered we can see which steps to take next
# https://www.feistyduck.com/library/openssl-cookbook/online/ch-testing-with-openssl.html
#using the connection to ssl code from the website
#we can change the code given to feistyduck's website to instead
#the localhost similar to the last level but with 30001
openssl s_client -connect localhost 30001
#Seeing the code it will give some commands as well as saying no port definited
#lets make try again and make the command more like a port
#adding -quiet to take out alot of the output from the results
openssl s_client -connect localhost:30001 - quiet
#it will then ask for a password
#the password is the same for logging into level
BfMYroe26WYalil77FoDi9qh59eK5xNr
#it gives password for next level cluFn7wTiGryunymYOu4RcffSxQluehd
#Level 16
ssh bandit.labs.overthewire.org -p2220 -l bandit16
cluFn7wTiGryunymYOu4RcffSxQluehd
#we are now building onto what we learned the last 2 levels
#we will be using ranges to look for the password using nmap
nmap localhost -p31000-32000
#it gives us a couple of tcp ports to try
#you can manually test them till you get the right one
#or you can use a script to test them for you
#going to nmap again to narrow it down to see which has service
nmap localhost -p31000-32000 -sV
#there is 2 connections that are showing up
#let's test them
openssl s_client -connect localhost:31790 -quiet
cluFn7wTiGryunymYOu4RcffSxQluehd
#this worked and it gave a private key
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----
#need to echo this into a tmp file to recall it for logging into next lvl
echo "-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----" > /tmp/bandit17.key
#then need to chmod 600 /tmp/bandit17.key because
#the private key is visible and it needs to be only visible for the one user
chmod 600 /tmp/bandit17.key
#now we need to log into next level
#while using the tmp file our private key is at
ssh bandit17@localhost -i /tmp/bandit17.key 
#Level 17
#using the ssh code we did from previous level
#with the private key attached
#allowed us to enter the next level
#without needing to type in another password
ls -la
#ls -la we see there is passwords.new and passwords.old
#the instructions has a new command suggestion on using diff
#so lets try diff for both of them
diff passwords.new passwords.old
#This gives 2 passwords
# kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
#and
# eG69HnVwO1p7cOdfhadHkPv8Vn0ChedC
#Let's test them for the next lesson to see which works
#I'm going to assume the first one worked
#because it logged in saying "Byebye !"
#but closed because bandit18 has a block on ssh logg ins
#Level 18
ssh bandit.labs.overthewire.org -p2220 -i bandit18
kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
#So we can't log in the usual ssh way into level18
#We need another way to still get to readme without logging in same way
ssh bandit.labs.overthewire.org -p2220 -l bandit18 "cat readme"
#we used the same way to log in but asked it to cat readme before disconnecting
#password is ' IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x '
#Level 19
ssh bandit.labs.overthewire.org -p2220 -l bandit19
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
#ls -la will show a file called bandit20-do
ls -la
#can't use cat
#trying to use ./bandit20-do asks for an id
#so lets see what happens if we add the hint of /etc/bandit_pass
./bandit20-do cat /etc/bandit_pass
#not working so far but bandit_pass needs to aim for 19 or 20
#/etc/bandit_pass/bandit20 works
./bandit20-do cat /etc/bandit_pass/bandit20
#we get a password for next level ' GbKksEFF4yrVs6il55v6gwY5aVje5f0j '
#Level 20
ssh bandit.labs.overthewire.org -p2220 -l bandit20
GbKksEFF4yrVs6il55v6gwY5aVje5f0j
#when ls -la there is suconnect showing
#this would normally require 2 terminals to make it work for a
#listerner and a receiver but it will not work
#instead make a listener and receiver in same terminal
echo "GbKksEFF4yrVs6il55v6gwY5aVje5f0j" | nc -l 1234 &
./suconnect 1234
#it gives us the password ' gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr '
#Level 21
ssh bandit.labs.overthewire.org -p2220 -l bandit21
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
#ls -la to take a look see
ls -la
#I got nothing to look at beside probably prevpass
#the hints suggest looking for cron.d so let's cd into it
cd /etc/cron.d/
#let's cat into it
cat cronjob_bandit22
#it gives us /usr/bin/cronjob_bandit22.sh
#let's cat that
cat /usr/bin/cronjob_bandit22.sh
#it gives us another file /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
#let's cat again
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
#finally it gives us a password ' Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI '
#Level 22
ssh bandit.labs.overthewire.org -p2220 -l bandit22
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
#following last lab, cd into cron.d and cat
cd /etc/cron.d/
#lets ls -la to see what's here
ls -la
#I see a folder for cronjob_bandit23
#let's cat it
cat cronjob_bandit23
#cat gave us a user link to follow
#let's cat it too!
cat /usr/bin/cronjob_bandit23.sh
#its gives us some instructions to echo copy and how to type it up
#on the line
# ( echo I am user $(whoami) | md5sum | cut -d ' ' -f 1 )
#edit whoami to 'bandit23'
echo I am user bandit23 | md5sum | cut -d ' ' -f 1
#it gave us a password ' 8ca319486bfbbc3663ea0fbe81326349 '
#we should use it for the tmp/mytarget it was suggesting
#lets cat that tmp file
cat /tmp/8ca319486bfbbc3663ea0fbe81326349
#we got a password ' jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n '
#lets see if we can use it for the next level
#Level 23
ssh bandit.labs.overthewire.org -p2220 -l bandit23
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
#if we ls we do not have anything out of the norm when first logging in
#let's see if what we did last level can help start us out
#we should see if we can cd into cron.d
cd /etc/cron.d/
#now we can ls -la and see there is a cronjob_bandit24
#let's try to cat it
cat cronjob_bandit24
cat /usr/bin/cronjob_bandit24.sh
#it gave us an echo saying this
# " echo "Executing and deleting all scripts in /var/spool/$myname:"
#and also gave a script
#lets see if we can make a tmp file and use the /var/spool/#myname
mkdir /tmp/noclosie
#cd into file and lets try to vim
cd /tmp/noclosie
vim derp.sh
#we are going to make a cat for the password to show up in the script
#when we run it later because the script earlier is going to close before
#the password shows, so this is our storage
cat /etc/bandit_pass/bandit24 >> /tmp/herpaderp/pass
#need to chmod 777 to make file readable and writeable
chmod 777 derp.sh
#copying the password to the file
cp derp.sh /var/spool/bandit24
#we will need to ls to get the file to read run and show in the 'pass' file
ls
ls
#we see the pass file, lets cat it
cat pass
#password shows up ' UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ '
#Level 24
ssh bandit.labs.overthewire.org -p2220 -l bandit24
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
#nc the local host 30002 and see what it says
nc localhost 30002
#"I am the pincode checker for user bandit25.
#Please enter the password for user bandit24
#and the secret pincode on a single line, separated by a space."
#we already have the password
#we need to brute force to get that pincode
#going to make a vim file then use a script
vim basher.sh
#!/bin/bash
pass="UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ"
for i in {1000..10000}
do {
if
echo $pass $i| nc localhost 30002 | grep Wrong > /dev/null
then
echo $i
else
echo $pass $i| nc localhost 30002
exit
fi
}
done
#now let's run the script
./basher.sh
#lets add chmod +x to make the script executable
chmod +x basher.sh
#Zzzzzzzzzzz I'll get back to you on this
#Not too long, probably 30ish mins wait.
#the pin stopped at ' 2476 '
#This is what the results say
#I am the pincode checker for user bandit25.
#Please enter the password for user bandit24
#and the secret pincode on a single line, separated by a space.
#Correct!
#The password of user bandit25 is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
Exiting.
# So the password is ' uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG '
#Level 25
ssh bandit.labs.overthewire.org -p2220 -l bandit25
uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
#if we ls or ls -la we will see a sshkey saying "bandit26.sshkey "
#let's use it to log in. Weeeee
ssh -i ./bandit26.sshkey [email protected] -p2220
#When to log in, it automatically logs you out. Fun times.
#maybe we can just cat it before kicking us out
#when we are kicked out, we are sent back to user bandit25
#lets cat /etc/pssqd | grep bandit26
cat /etc/passwd | grep bandit26
#it will show a file saying /usr/bin/showtext
#let's cat it
cat /usr/bin/showtext
#it says it wants to show more text
#we can manually shrink the size of the terminal to as small as we can get it
#then log in using the we tried earlier
ssh -i ./bandit26.sshkey [email protected] -p2220
#it will now let us in but we need to make a vim
#press v
v
#takes us into vim shell type in
#type :r (to run console) and then /etc/bandit_pass/bandit26 to get the level 26 password
:r /etc/bandit_pass/bandit26
#and there is our password ' 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z '
#that was crazy
#Level 26 - 27
#now let's log into bandit 27 with the password
#heh. there is no lvl 27
#but if you stick around in bandit26 and type :shell
#you will eventually find the real bandit26 insides and there is a readme
#the read me congratulates you and says
#Congratulations on solving the last level of this game!
#At this moment, there are no more levels to play in this game. However, we #are constantly working
#on new levels and will most likely expand this game with more levels soon.
#Keep an eye out for an announcement on our usual communication channels!
#In the meantime, you could play some of our other wargames.
#If you have an idea for an awesome new level, please let us know!
#That's it! We are finished!
#A final note on bandit26
#if you have the password and the ssh, AND shrink the terminal size
#you can easily log in with
#' ssh -i ./bandit26.sshkey [email protected] -p2220 '
# pw: 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
#and not have to do anything extra to get easier access to the vim
#after pressing " v "
#they may fix this in the future but this is the easiest way
#to access bandit26