OverTheWire wargames

Personal solutions for overthewire wargames
study
Author

Hyoungchul Kim

Published

June 9, 2025

In this post, I write down my solutions for the OverTheWire wargames.

Bandit

0

Just get used to the concept of ssh. ssh is secure shell which allows secured access to the remote machine from the local computer.

ssh bandit0@bandit.labs.overthewire.org -p 2220

# You will be asked to type in the password.

0 to 1

# print out the file
cat readme

exit
 
ssh bandit1@bandit.labs.overthewire.org -p 2220

# You will be asked to type in the password.

1 to 2

# Special character - . Need to specify the full location of the file. 
cat ./-

2 to 3

# enclose the filenames using double quote, or use \ before white space.

3 to 4

# list all files using -a argument
ls inhere/ -a

4 to 5

# find ASCII text files
# -exec file {} + executes the file command to get info on the content
find inhere -type f -exec file {} + | grep ASCII

5 to 6

find inhere -type f -size 1033c ! -executable -exec file {} + | grep ASCII

6 to 7

# since we don't know where the file is, we will search from the root directory
find / -user bandit7 -group bandit6 -size 33c -type f 2>/dev/null -exec cat {} \;

7 to 8

grep -w "millionth" data.txt

8 to 9

sort data.txt | uniq -u data.txt

9 to 10

strings data.txt | grep "=="

10 to 11

cat data.txt | base64 -d

11 to 12

cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'

12 to 13

ls
head data.txt
mkdir /tmp/random_dir
cd /tmp/random_dir
cp ~/data.txt .
mv data.txt data
xxd -r data > binary
file binary
mv binary binary.gz
gunzip binary.gz
bunzip2 binary
mv binary.out binary.gz
gunzip binary.gz
tar -xf binary

# do similar procedure multiple times
FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn

13 to 14

ssh -i sshkey.private -p 2220 bandit14@localhost # This will log you in as user bandit14 and allow you to see the password.

14 to 15

netcat localhost 30000
# Then submit the password of the current level.

15 to 16

openssl s_client -connect localhost:30001
# Then submit the password of the current level.

16 to 17

# I feel this part is bit too complicated and not useful for me. So I just provide the link to someone else's solution
# https://medium.com/@rushi.padhiyar098/overthewire-bandit-level-16-and-level-17-walkthrough-by-cyph3r-ryx-95c1ccdbb76b

17 to 18

diff passwords.new passwords.old

18 to 19

# check shell other than bash
cat /etc/shells

# use it to login
ssh bandit18@bandit.labs.overthewire.org -p 2220 -t "/bin/sh"

cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8

19 to 20

./bandit20-do

./bandit20-do ls /etc/bandit_pass

./bandit20-do cat /etc/bandit_pass/bandit20

20 to 21

# I feel this part is not useful for me. So I just provide the link to someone else's solution
EeoULMCra2q0dSkYj561DX7s1CpBuOBt