One of the first online wargames I ever played was the Bandit wargame by OverTheWire. It’s a fun exercise for anyone who wants to become more comfortable at the command line.
I’m a big fan of games like this one. People who want to learn the command line lose interest for a number of reasons, but challenges like this can help those who need a challenge feed their curiosity.
There are more “modern” capture-the-flag challenges out there (as in, they require you to create an account) for those who want to tackle different skills. But knowing the command line is still essential, and Bandit has been popular for a long time for a good reason. It’s not only approachable, but it rewards the player fairly quickly. It’s fun capturing flags!
Here’s a short video on the first five levels of the Over The Wire Bandit challenge:
The first level (Level 0) demonstrates how to use two essential linux commands: ssh and cat. The ssh command is used to log into a remote server via the ssh protocol, and the cat command is used to read the file called “readme.”
kali@kali:~$ ssh -l bandit0 bandit.labs.overthewire.org -p 2220
kali@kali:~$ cat readme
Level 1 teaches an essential skill: how to use Google to solve a problem! The file that we need to read is called “-” and that dashed filename isn’t easy to parse using cat. Instead, we need to use cat with the entire filename:
bandit1@bandit:~$ cat ./-
Level 2 features a file called “spaces in this filename” and asks us to parse that file. In my video above, I show two different ways to solve this: either encapsulate the filename within quotation marks, or use tab to autocomplete the filename with proper syntax:
bandit2@bandit:~$ cat "spaces in this filename" or bandit2@bandit:~$ cat spaces\ in\ this\ filename
For Level 3, the password is stored in a hidden file in the “inhere” directory. To solve this level, we need to add the “-la” option to the “ls” command:
bandit3@bandit:~/inhere$ ls -la
In Bandit Level 4, we’re told the password for the next level is found in the only file that contains human-readable text. One way to discover what type of data is held in various files is by using the file command. We can combine this with the “*” wildcard to iterate our file command across several files within a directory:
bandit4@bandit:~$ file ./-file0*
The above commands are just one way to solve these challenges. There are always solutions that may use slightly different syntax to achieve the same result. The important thing is that you know how to use these commands going forward, as they will help you navigate the bash shell and learn the basics of the command line.