I’ve been doing CTFs and other projects for a little while now but it was just for casual fun and I never really kept much documentation. I want to change that and have decided to start writing some tutorials and writeups in relation to these challenges. For now, I’m going to just continue having fun with the CTFs but for some sites, I’m going to write some tutorials.

This is from Over-the-wire. These are the Bandit challenges I solved so far. It’s a work in progress.


Level 0:

>ls

>cat readme

boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Note: Very basic, the password is in the readme file.


Level 1:

>ls

>cat ./-

CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Note: You can’t cat the “-“ file directly since cat reads “-“ alone as a synonym for stdin.


Level 2:

>ls

>cat “spaces in this filename”

UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Note: If there are spaces in a name, you must put quotes around the filename.


Level 3:

>ls

>cd inhere

>ls -al

>cat .hidden

pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Note: I used -al to list all files, including hidden files


Level 4:

>ls

>cd inhere

>file ./*

>cat ./-file07

koReBOKuIDDepwhWk7jZC0RTdopnAYKh

Note: What files does is show the type of file and ./* uses that command for all files under the current directory.


Level 5

>ls

>cd inhere

>find ./ -type f -size 1033c ! -executable

>cat ./maybehere07/.file2

DXjZPULLxYr17uwoI01bNLQbtFemEgo7

Note: For the find command, “c” stands for bytes and “! -executable” means non-executable files. Also note to add in the “.” In the cat command. It is easy to miss.


Level 6:

> find / -user bandit7 -group bandit6 -size 33c 2>/dev/null

> cat /var/lib/dpkg/info/bandit7.password

HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

Note: This one was a slightly tricky. For the find command, you can find the file without the 2>/dev/null but the output will contain a bunch of errors from searching through files you don’t have permission for that makes the console very messy. “2>” means it’s redirecting and /dev/null is just a backhole used for Linux. So this command redirects all the errors/junk into the blackhole.


Level 7:

>cat data.txt | grep millionth

cvX2JJa4CFALtqS87jk27qwqGhBM9plV

Note: Cat looks at data.txt then grep looks through that file for the word millionth. The “|” transfers the output from the cat command to the grep command.


Level 8:

>sort data.txt | uniq -u

UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

Note: Uniq filters through files and the -u argument only lists out unique lines. You could also use -c to list out the amount of times each line occurs (Which would show the unique line of the password).


Level 9:

>cat data.txt

>strings data.txt | grep “===”

truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Note: The strings command prints out character sets that are at least 4 characters long when it is applied to a specific file.


Level 10:

>base64 -d data.txt

IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

Note: -d stands for decode.


Level 11:

> cat data.txt | tr a-zA-Z n-za-mN-ZA-M

5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Note: tr translates text accordingly. I had to lookup the input for ROT13


Level 12:

>ls

>cp data.txt /tmp/theinformationsecuritycenter

>file data.txt

>xxd -r data.txt wire

>file wire

>mv wire wire.gz

>gzip -d wire.gz

>file wire

>mv wire wire.bz2

>mv wire wire.gz

>gzip -d wire.gz

>file wire

>mv wire wire.tar

>tar -xvf wire.tar

>file data5.bin

>tar -xvf data5.bin

>file data6.bin

>mv data6.bin data7.bz2

>bzip2 -d data7.bz2

>file data7

>tar -xvf data7

>file data8.bin

>mv data8.bin data9.gz

>gzip -d data9.gz

>file data9

>cat data9

8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
Note: I didn’t list them but be sure to type in “ls” and “file <filename>” consistently after each compression/mv to verify that everything is named correctly. I also want to make a note that while I tried to be detailed as possible, there may have been some things that I overlooked.

A note that I want to make is on how valuable man pages are. I can lookup nearly any command just based off man pages.