Bandit is an online security challenge that teaches Linux basics through a series of increasingly difficult levels. The early stages focus on simple file navigation, while later levels cover scripting and encryption. Completing Bandit helps develop essential system administration and cybersecurity skills in a safe, guided environment.
Spoiler Alert: It's recommended that you try to play through this game on your own first. Figuring out the game mechanics and solving the puzzles yourself tends to be much more engaging and rewarding than simply following guides or walkthroughs.
Level 0
Level 0 is about logging into the game via SSH.
Open your SSH terminal and input the followings:
ssh bandit0@bandit.labs.overthewire.org -p 2220
This command allows you to connect you to the server with the port 2220 with the username bandit0.
When you get prompted to enter the password, enter the password bandit0
. On most SSH terminals, you will not see the cursor move or any characters input when you type your password.
When you see Enjoy your stay!
on the last line of the message, it means that you have successfully logged into the game.
Level 0 → Level 1
To proceed to Level 1, we need to find an account password. It is stored in a file called readme
in the home directory.
Input the followings:
ls
ls
means list directory contents.
bandit0@bandit:~$ ls
readme
You will see the output shown above. This means that there is a file called readme
in the home directory.
Next, we need to open the file called readme
. Input the followings:
cat readme
cat
means concatenate files and print on the standard output. It basically means to output the contents of the file to the terminal interface.
You will see a string of random letters, this is the account password for the next level. The password changes over time, at the time of writing, it is NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL
.
Now type exit
to logout of this instance. Input the followings:
exit
Level 1 → Level 2
Like the last level, we need to find an account password. It is stored in a file called -
in the home directory.
Reconnect to the server with the username bandit1
.
ssh bandit1@bandit.labs.overthewire.org -p 2220
When prompted to enter the password, paste the password we got earlier from the readme
file.
This time, the password is stored in a file named -
. Input ls
to list all the files.
ls
bandit1@bandit:~$ ls
-
When opening a dashed filename we need to specify the full location of the file. Input the followings:
cat ./-
The content of this file is the password for the next level. At the time of writing, it is rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi
.
Type exit
to logout.
Level 2 → Level 3
SSH into the server using the username bandit2
and the password we got from the previous level. In this level, the password is stored in a file called spaces in this filename
in the home directory.
If you had experience with Linux before, you'll notice that files in Linux usually do not contain spaces in their name. People typically use underscore to represent a space. To open a file with spaces in the filename, we can wrap it in quotes, enter the following:
cat "spaces in this filename"
And you will get the password: aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
.
Level 3 → Level 4
SSH into the server with username bandit3
and the password found in the last level. In this level, the password is stored in a hidden file in a directory called inhere
. First, we need to move to the inhere
directory. Input the followings:
cd inhere/
Use the ls
command to find the file. Since we know the file is hidden we need to use the -a
flag to view hidden files. Input the followings:
ls -a
The output shows that there is a file called .hidden
to view the file we can use the cat
command.
cat .hidden
We found the password! (2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
)
Logout of the current session with exit
.
Level 4 → Level 5
SSH into the server with username bandit4
and the password found in the last level. In this level, the password is stored in a human-readable file in a directory called inhere
. First, we need to move to the inhere
directory. Input the followings:
cd inhere/
View files that are in the directory using the ls
command:
ls
To find files with content in a human-readable format, we can use the file
command. This command will tell us the type of data contained in a file, which allows us to identify the files that have a readable format. Input the followings:
file ./*
Here, the *
means that we are searching all files in this directory. Click here to learn more about file globbing in Linux.
You will see the output like this:
bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
We can see that -file07
is ASCII text, which is human readable.
Use the cat
command to view the contents of the file:
cat ./-file07
We have found the password for the next level! (lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
) Logout of the current session.
Level 5 → Level 6
SSH into the server with username bandit5
and the password found in the last level. In this level, the password is stored in a human-readable, 1033 bytes in size and not executable file in a directory called inhere
. First, we need to move to the inhere
directory. Input the followings:
cd inhere/
View files that are in the directory using the ls
command:
ls
The terminal will output all the files in this directory:
bandit5@bandit:~/inhere$ ls
maybehere00 maybehere03 maybehere06 maybehere09 maybehere12 maybehere15 maybehere18
maybehere01 maybehere04 maybehere07 maybehere10 maybehere13 maybehere16 maybehere19
maybehere02 maybehere05 maybehere08 maybehere11 maybehere14 maybehere17
To search for the specific file that meets the criteria given in the question, we can utilize the find
command. The find
command allows us to search for files based on the properties or characteristics we specify. Type this:
find . -type f -size 1033c -not -executable -exec file {} + | grep ASCII
Command breakdown:
.
: Search the current working directory only-type f
: Look for files only (Exclude Directories)-size 1033c
: Look for files that are exactly 1033 bytes in size (Find usesc
to represent bytes)-not -executable
: Find only non executable files-exec file {} +
: Execute thefile
command on all the results returns by find{}
is an placeholder for the location where the names of the files found by find is going to be substituted. The “+
” sign is used to terminate the statement
grep
: Grep is an command that is used to find patterns in string, here we are using it to sort out the ASCII files, which we know that are human-readableThe
|
(pipe) operator is used to use the output of one command and use it as an input for another command
The output looks like this:
./maybehere07/.file2: ASCII text, with very long lines (1000)
Now, use the cat
command to see the contents of the file:
cat ./maybehere07/.file2
We now know the password for the next level! (P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
) Logout of the current session.
Level 6 → Level 7
SSH into the server with username bandit6
and the password found in the last level. In this level, the password is stored somewhere on the server and is
owned by user bandit7
owned by group bandit6
33 bytes in size
We will have to search the entire server for this file, since we already know the properties of the file, we can use find
to search for it:
find / -type f -user bandit7 -group bandit6 -size 33c
(You will see errors: Permission denied
)
Command breakdown:
/
: Search the entire server (/ is the root directory on Linux similar to the C:/ directory on Windows)-type f
: Search only for files-user bandit7
: Search for files which are owned by user bandit7-group bandit6
: Search for files that belongs to the group bandit6-size 33c
: Look for files that are exactly 33 bytes in size
As mentioned above, you will see a lot of errors, this is because we do not have the permission to search the entire server. By using /dev/null
, we can filter out these error messages. NULL is a special device on Linux which destroys all that data that is send to it. On Linux, error messages are stored in STDERR, we need to specify the STDERR (2) redirection to NULL. (learn more about /dev/null here) Your command will look like this:
find / -type f -user bandit7 -group bandit6 -size 33c 2> /dev/null
Output shows that the password is in:
/var/lib/dpkg/info/bandit7.password
Use the cat
command to view its contents:
cat /var/lib/dpkg/info/bandit7.password
We now know the password for the next level! (z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
) Logout of the current session.
Level 7 → Level 8
SSH into the server with username bandit7
and the password found in the last level. In this level, the password is stored in the file data.txt
next to the word millionth.
Use ls
to list out the files in the home directory.
ls
Use the head
command to preview the contents of the file:
head -n 10 data.txt
You will see this:
bandit7@bandit:~$ head -n 10 data.txt
gallop hu3ZhCrGRvfaO5jsY6ttvApzVCA2Hjvs
Aurelia's ikl4F3cK5m6Cl6HAxva6zUAVJhI2Cvc6
stoicism JiW9ts44udf20bJHe8H5dS1c99Muwz42
embodies vWheZcAsQHZNnerI3ViW8wqOKIx0kbgR
Plato dW2U8E5FfuAvNLdGDupP8GAxr922ZV0x
cultivation A90E75jvWbEKrijFxM4GxqHEw8c8U2Bf
stable omR4PHolFwbI0IEJsanveA21yWvFy8a7
bedspread VlBFxuEDi3phEpljbKbahRJvJxfh3k9M
oppressing hQTiEm5XF3cUQSEiBjh7sekemLOKBrcJ
darnedest 9O2zdCLKVoW5u34P9T7EKTZXcMRE6xh5
The -n
flag allows us to specify how many lines to print from start of the file. Similarly, we can use the tail
command to look at the last n
lines of a file.
We are looking for the password which we know is stored next to the word millionth in the file, we can use the grep
command.
grep millionth data.txt
We have found the password! (TESKZC0XvTetK0S9xNwm25STk5iWrBvP
) Logout of the current session.
Level 8 → Level 9
SSH into the server with username bandit8
and the password found in the last level. In this level, the password is stored in the file data.txt and is the only line of text that occurs only once.
Use ls
to view the files in the current working directory.
We already know that the file contains repeating lines. To print only the unique lines, we can use the uniq
command with the -u
flag. However, the uniq
command expects the repeating (similar) lines to be adjacent to each other. To ensure this, we first need to sort the data in the file using the sort
command. Once the data is sorted, we can then use the uniq -u
command to output only the unique lines. We can combine all these commands into a single one-liner using the |
(pipe) operator:
cat data.txt | sort | uniq -u
(Click here to learn more about sort and uniq)
We have found the password! (EN632PlfYiZbn3PhVK3XOGSlNInNE00t
) Logout of the current session.
You are now at level 9!