So here we are.
My first attempts into vulnerability testing and it’s even being recorded. Let’s go to OverTheWire’s homepage. First thing I see is a list of their wargames and “Bandit” is listed at the top. Good. It’s the easiest.
Important information for every level:
This is what’s listed on the first Bandit page:
Bandit Level 0
The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.
Commands you may need to solve this level
Helpful Reading Material
After reading both links given under the title “Helpful Reading Material” (by the way this section IS helpful), I’ve learned how to connect to hosts using SSH. That’s a good sign because the next level is beyond that locked SSH door.
The command ‘man ssh’ will come in handy also! Here’s the unfinished version of the command we need to use:
ssh [options] [username]@[hostname]
Looking at the manual of each command can be daunting at first glance. I’ve definitely froze up looking for what I have needed before but after a longer/closer glance we find that the option ‘-p’ is for a port number.
Ok, what’s next?
Well, we have 4 pieces of info from the page. The port number, host name, username, and password. So we should be able to fill the command in completely at this point.
ssh -p 2220 firstname.lastname@example.org
Once I typed the above command in, I get this in response:
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
Now all that’s left is the password. That’s given; it’s “bandit0”.
WARNING! The cursor will stay stationary and it will look like nothing has been typed but it’s there! It’s just hidden. You know, for safety purposes . . . I guess.
That’s it! If all has been done correctly, the terminal should say this:
And now on to the next level.