Bandit Level 0 -> Level 1
Level Goal
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
For this level we will only be using two commands: ls and cat. The ls command stands for list and it lists files and directories within the filesystem.
As a result, the command line returns a file named readme. The next step is to use the cat command. Cat stands for concatenate. It reads the file’s data and outputs its content to the terminal.
Voila! Now we have our first flag. This will be used as the password for bandit level 1 – level 2.
Bandit Level 1 -> Level 2
Level Goal
The password for the next level is stored in a file called - located in the home directory
After listing the contents of the directory with ls we find a file named “-“. If we try to cat the file, the command will just hang. This is because UNIX command options usually start with a dash ( – ). The command might think that you are going to follow up with a command option. To escape use CTRL+C.
To fix this problem all we need to do is “hide” the dash from the command by adding ./ in front of the file name so that the command can search for it in the current working directory.
Now we can use the flag as the password for the next level.
Bandit Level 2 -> Level 3
Level Goal
The password for the next level is stored in a file called spaces in this filename located in the home directory
In this case there is a file named, spaces in this filename, in the home directory. if we try to cat the file, we will only get a No such file or directory error.
To view the contents of the file all we need to do is either add quotes (” “), or a backslash ( \ ) to replace each space.
To make our job easier with Tab / Bash completion to auto-complete the filename so that we don’t have to manually type the entire thing: cat spaces<TAB> or cat "spaces<TAB>.
Bandit Level 3 -> Level 4
Level Goal
The password for the next level is stored in a hidden file in the inhere directory.
Once we cd into the inhere directory, if we try to use ls, we come back empty handed. That doesn’t necessarily mean that the directory itself is empty. In this case we know there is a hidden file somewhere inside, we just need to know how to look for it.
On the UNIX operating systems hidden files start with a dot ( . ). These files are used to execute scripts or store configurations about some services on your host computer. In order to find them, we just add the -a option to the ls command. The-a flag stands for “all”, and to not ignore files that start with a dot.
Now all we have to do is cat the file, and we can obtain our flag for the next level!
To get more information about the ls command and the different options use man ls or ls --help.
Bandit Level 4 -> Level 5
Level Goal
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.
In this level we will begin to combine knowledge and commands from the previous levels. This one is asking us to find a human-readable file. What the heck does that mean? By default, the ls command displays file size in number of bytes. Human readable just means the translation from bytes into KB, MB, GB and etc. To get a human readable output, the-h option can be used.
To begin, once we move into the inhere/ directory with cd and list its content with ls, we find ten different files.
We know we have to find only file that has content in Human Readable format. This can be checked using a new command. The file command returns the type of data that is within the file. We could run the file command with each individual file, but that would be very time consuming and inefficient in the long run if we run into larger quantities of files to go through. For now we can add the * wildcard to the command to search all the files for us.
As a result, File07 is the only file that contains human-readable data. It is the only file containing ASCII text. All we have left to do now is cat it.
Now we have finally reached the end of level 5!