So here we are.

My first attempts into vulnerability testing and it’s even being recorded. Let’s go to OverTheWire’s homepage. First thing I see is a list of their wargames and “Bandit” is listed at the top. Good. It’s the easiest.

Important information for every level:

SSH Information
Host: bandit.labs.overthewire.org
Port: 2220

This is what’s listed on the first Bandit page:

Bandit Level 0

Level Goal

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Commands you may need to solve this level

ssh

Helpful Reading Material


After reading both links given under the title “Helpful Reading Material” (by the way this section IS helpful), I’ve learned how to connect to hosts using SSH. That’s a good sign because the next level is beyond that locked SSH door.

The command ‘man ssh’ will come in handy also! Here’s the unfinished version of the command we need to use:

ssh [options] [username]@[hostname]

Looking at the manual of each command can be daunting at first glance. I’ve definitely froze up looking for what I have needed before but after a longer/closer glance we find that the option ‘-p’ is for a port number.

Ok, what’s next?

Well, we have 4 pieces of info from the page. The port number, host name, username, and password. So we should be able to fill the command in completely at this point.

Let’s try:

ssh -p 2220 bandit0@bandit.labs.overthewire.org

Once I typed the above command in, I get this in response:

This is a OverTheWire game server. More information on http://www.overthewire.org/wargames 

bandit0@bandit.labs.overthewire.org's password: 

Now all that’s left is the password. That’s given; it’s “bandit0”.

WARNING! The cursor will stay stationary and it will look like nothing has been typed but it’s there! It’s just hidden. You know, for safety purposes . . . I guess.

That’s it! If all has been done correctly, the terminal should say this:

bandit0@bandit:~$

And now on to the next level.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: