BanditLabs: Level 1-4

Level 0

ssh bandit0@bandit.labs.overthewire.org -p 2220

Flag: ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If

image.png

  • Running the ls command lists a file that is named readme.txt. Catting the file will display the file with the flag.

Level 1

Flag: 263JGJPfgU6LtdEvgfWU1XP5yac29mFx

Flag is in a file named -.

image.png

  • The problem with trying to cat the - file is that - is a special character, which requires extra input to read. ./- means cat the - file which is escaped by / that is located in the cwd.

Level 2

Flag: MNk8KNH3Usiio41PRUEoDFPqfxLPlSmx

Task is to read a file with spaces in the filename

image.png

  • There are two ways to do this
  • The best way is to simply encase the filename in double quotes.
  • The other way is to use . You do cat spaces\ in\ this\ filename without any escape at the end. It has to be backslash

Level 3

Flag: 2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJ

Task is to find the flag in a hidden directory

image.png

  • ls -a is how you find hidden files. This allows you to list all files, including hidden files

Level 4

Flag: 4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw

image.png

  • This one is a bit difficult since you are not allowed to brute force each file
  • The problem is that you have to rely on a wildcard instead of manually looking at the file types for each file
    • the wildcard * will allow you to look at all files without doing each one