jackry.dev

CCC_HW1_FA24

Cornell Cyber NME HW 1 - Fall 2024

Level 0 → 1

To complete any of the bandit challenges you'll need to connect to a remote server using secure shell (SSH), level 0 is meant to teach you how. The two main ways to do this are with a username and password or via key-based authentication. Most of the bandit challenges will have a username corresponding to the level you are working on and a password obtained from the previous level. For level 0 you are given a username, password, and port to use the ssh command. Here are a few ways to use them:

console jackry@dev:~$ ssh bandit0@bandit.labs.overthewire.org -p 2220 jackry@dev:~$ ssh bandit.labs.overthewire.org -l bandit0 -p 2220

You are told that after connecting there will be a file named readme in the home directory (the directory you will be spawned in, denoted ~) containing the password for the next level. Use the following commands to confirm that the file exists and read its contents.

console ~$ ls ~$ cat readme

Save this password and all others, if you lose the password you will have to start over from the beginning. The passwords also occasionally change, so taking notes might be helpful if you ever come back to these challenges.

Level 1 → 2

Use exit to disconnect from bandit0, then connect to the next system using username bandit1 and the password from bandit0. The next password is contained in a file named - in the home directory. You may try to read this file using

console ~$ cat -

but will quickly notice this does not work. You can use ls to confirm that this file exists, so why isn't it working? It turns out that - is a special character. You can read about what it does here. The workaround here is to ensure - is treated as a file name. You can do this with

console ~$ cat ./-

where ./ stands in for the current working directory. You can confirm this with the pwd command to print the current working directory and see that the following command produces the same output.

console ~$ pwd ~$ cat /home/bandit1/-

Level 2 → 3

The next password appears in a file named spaces in this filename. Using ls we can confirm the presence of this file, but if you try to do

console ~$ cat spaces in file name

you will notice that cat tried to read each word as a separate file and found none of them. This is because in Linux spaces are often used to delineate commands and arguments. The workaround here is simple, wrap the filename with single or double quotes.

console ~$ cat 'spaces in this filename' ~$ cat “spaces in this filename”

Level 3 → 4

The password for level 4 is not in your home directory this time, but instead in a subdirectory named inhere. To change directory, you use the cd command like so

console ~$ cd inhere

If you use ls to list the contents of this directory, you will see nothing. As indicated in this level's description, files in Linux can be hidden. To list hidden files you need to use the -a option for ls. After running

console ~$ ls -a

you will see this output.

console . .. ...Hiding-From-You

You might notice that each of these files starts with a period, this is how files are hidden. The . and .. files represent the current and parent directories, these will appear in (nearly) every directory and are useful for traversing directories or calling files as we saw in level 2. Cat the third file to get the password.

Level 4 → 5

After connecting to bandit4 and going into the inhere directory you are greeted with a lot of tiles. You are told one of them is human-readable and contains the password. You could cat each file individually, but if there where 100 files instead of 10 this would get a lot more tedious. This is a perfect time to learn about the file command and wildcards. The file command will give you insight into what type of file you are dealing with. To call this command on multiple files at once you can use the wildcard character *. This will try to match files with the information you give, here are a few examples where a wildcard can be used in this case.

console ~$ file ./-file0* ~$ file ./-f* ~$ file ./*il* ~$ file ./*

In this situation, the last command is functionally the same as the three before it, but in general, just using the wildcard will match everything in the given directory. These commands will all point you to a single file that is ASCII text, containing the password.

Level 5 → 6

You've likely lost a file before, but with Linux, it's easier to find than ever. You are given some information about a file and its general location. How can you find it without traversing every directory? The answer is the find command. Find allows you to look for files based on a variety of optional information. This level gives you a few possible avenues to filter through the files, let's start with a simpler one and use the others if needed. If you are ever unsure how to use a command you can get a summary of the usage or the commands manual with the following commands.

console ~$ find --help ~$ man find

This should lead you to use the -size option for find, with c being used to let the command know it is dealing with bytes. After running

console ~$ find -size 1033c

you will get a single result, perfect!

level 6 → 7

You are given more information to find another file. This time you need to look at the documentation to figure out how to search for a group and owner. The key for this level is that the file is somewhere on the system, not necessarily in the home directory. Use the following command to search starting from the root directory.

console ~$ find / -size 33c -group bandit6 -user bandit7

You will see a lot of output, you could sift through it all or you could look up how to hide the permission messages... Try

console $ find / -size 33c -group bandit6 -user bandit7 2>/dev/null