- by x32x01 ||
OverTheWire Bandit Walkthrough (Levels 0-25) via SSH 🧠🐧
Bandit is one of the best beginner-friendly Linux wargames out there 🎮. You’ll learn SSH, Linux commands, file handling, and basic security concepts step by step-one level at a time.
To play Bandit, you must connect with an SSH client:
http://overthewire.org/wargames/bandit/
If your setup requires port 2220:
✅ What you learn here: ls, cat, quoting, hidden files
Use the file command to identify which file is plain text:
Once you find the readable one, print it:
✅ Key skills: file types + quick loops
Then read the result:
✅ Key skills: find filters
Then read the file it finds.
✅ Key skills: ownership filters + error redirection
✅ Key skills: text filtering + pipelines
✅ Key skills: common encoding/decoding
Depending on output, you’ll use:
✅ Key skills: xxd + file + iterative unpacking
If it “hangs” or shows heartbeat/read block messages, try:
✅ Key skills: key auth + local services + SSL client
A common tool to inspect open ports:
Then test the promising port(s) with:
✅ Key skills: diff + session tricks + setuid
Then read the referenced script in /usr/bin/ and follow what it does.
For Level 24, you create a simple script that cron will run. Example structure:
✅ Key skills: reading cron config + understanding scripts
For safety, this guide won’t provide a ready-to-run brute-force script. But the learning idea is:
Bandit is one of the best beginner-friendly Linux wargames out there 🎮. You’ll learn SSH, Linux commands, file handling, and basic security concepts step by step-one level at a time.
To play Bandit, you must connect with an SSH client:
- Host:
bandit.labs.overthewire.org - SSH Port:
22(some older guides mention 2220)
http://overthewire.org/wargames/bandit/
How to Connect to Bandit with SSH 🔐
Use this command: Code:
ssh bandit0@bandit.labs.overthewire.org -p 22 Code:
ssh bandit0@bandit.labs.overthewire.org -p 2220Bandit Levels 0-4: Basic Linux File Skills 📁✨
These early levels teach core Linux file handling fast:Read the “readme” file (Level 0 → 1)
List files and read the one that contains the password: Code:
ls
cat readmeRead a file named “-” (Level 1 → 2)
Files starting with a dash can confuse commands. Use ./ or --: Code:
ls
cat ./-
# or
cat -- -Read a file with spaces in its name (Level 2 → 3)
Wrap the filename in quotes: Code:
cat "spaces in this filename"Find hidden files in a directory (Level 3 → 4)
Hidden files start with a dot .: Code:
ls
cd inhere
ls -la
cat .hiddenBandit Level 4 → 5: Find the Human-Readable File 🔎📄
This level contains multiple files-most are binary, but one has readable text.Use the file command to identify which file is plain text:
Code:
cd inhere
for x in {0..9}; do file ./-file0$x; done Code:
cat ./-file07Bandit Level 5 → 6: Use find to Locate a File by Properties 🧠⚡
You’re looking for a file that is:- human-readable
- exactly 1033 bytes
- not executable
Code:
cd inhere
find -type f -size 1033c ! -executable Code:
cat ./maybehere07/.file2Bandit Level 6 → 7: Find by Owner, Group, and Size 🧾👤
This level requires finding a file with these traits:- owned by user bandit7
- owned by group bandit6
- size 33 bytes
Code:
find / -user bandit7 -group bandit6 -size 33c 2>/dev/null✅ Key skills: ownership filters + error redirection
Bandit Levels 7-10: grep, sort, uniq, strings 🧰🔥
Level 7 → 8: “millionth”
Search for a word inside a large file: Code:
grep millionth data.txtLevel 8 → 9: The unique line
Find the only line that appears once: Code:
sort data.txt | uniq -uLevel 9 → 10: Human-readable strings starting with “=”
Extract readable strings from binary-ish data: Code:
strings data.txt | grep '^='Bandit Levels 10-12: Base64 + ROT13 Decoding 🔄🔓
Level 10 → 11: Base64 decode
Code:
base64 --decode data.txtLevel 11 → 12: ROT13 decrypt
Code:
cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'Bandit Level 12 → 13: Multi-Layer Compression 🗜️📦
This level is a famous one 😄: the file is a hexdump of something that’s been compressed multiple times.1) Work in /tmp
Code:
mkdir -p /tmp/bandit-work
cp data.txt /tmp/bandit-work/
cd /tmp/bandit-work2) Reverse the hexdump
Code:
xxd -r data.txt > data.bin3) Detect file type, then unpack layer by layer
Code:
file data.bin- gunzip for gzip
- bzip2 -d for bzip2
- tar -xf for tar archives
✅ Key skills: xxd + file + iterative unpacking
Bandit Level 13 → 16: SSH Keys + netcat + SSL 🔐🌐
Level 13 → 14: Login using a private SSH key
Code:
ssh -i sshkey.private bandit14@localhostLevel 14 → 15: Send password to a local port
Code:
nc localhost 30000Level 15 → 16: Use SSL to connect to a service
Code:
openssl s_client -connect localhost:30001 Code:
openssl s_client -ign_eof -connect localhost:30001Bandit Level 16 → 17: Discover Which Ports Are Listening 🛰️🧠
The idea: check ports on localhost, find the one that actually returns credentials.A common tool to inspect open ports:
Code:
nmap -p 31000-32000 localhost- nc for non-SSL
- openssl s_client for SSL
Bandit Levels 17-21: diff, restricted shells, setuid basics 🧷⚙️
Level 17 → 18: Compare two files to find the changed line
Code:
diff passwords.new passwords.oldLevel 18 → 19: Prevent auto-logout behavior
Some levels mess with shell startup. One workaround is disabling pseudo-tty allocation: Code:
ssh -T bandit18@localhostLevel 19 → 20: Use a setuid binary to run commands as another user
Code:
./bandit20-do id
./bandit20-do cat /etc/bandit_pass/bandit20Bandit Levels 21-24: Cron Jobs (Scheduled Tasks) 🕒🤖
Cron runs scripts automatically. You usually start here: Code:
ls /etc/cron.d/
cat /etc/cron.d/cronjob_bandit22For Level 24, you create a simple script that cron will run. Example structure:
Bash:
#!/bin/bash
echo "cron test" > /tmp/cron_test_outputBandit Level 24 → 25: Brute Force Concept (Safe, High-Level) 🔢⚠️
This level introduces the concept of trying a 4-digit PIN across all combinations.For safety, this guide won’t provide a ready-to-run brute-force script. But the learning idea is:
- generate 0000 → 9999 combinations
- send attempts to the service
- detect the one response that differs from “wrong pin”
Quick Command Cheat Sheet 🧾✅
- SSH:
ssh,ssh -i,ssh -T - Files:
ls,cat,file - Search:
find,grep - Text:
sort,uniq,strings,tr - Decode:
base64,xxd - Archives:
gzip,bzip2,tar - Network:
nc,openssl s_client - Compare:
diff - Cron:
/etc/cron.d/, scripts in/usr/bin/
Last edited:
