OverTheWire Bandit

⚠️ DO NOT COMMIT PASSWORDS ⚠️

This repository contains my progress through the OverTheWire Bandit wargame. All passwords and flags are stored locally in bandit-flags.txt and are NOT committed to version control.

Overview

OverTheWire Bandit is a wargame designed to teach Linux command-line skills and basic security concepts. The game consists of 33 levels, each requiring you to find a password to access the next level.

Repository Structure

• bandit-flags.txt - Local file containing passwords (DO NOT COMMIT)
• evidence/ - Screenshots and proof of completion
• sessions/ - Session logs and notes (DO NOT COMMIT)
• README.md - This file

Progress

• Level 0 → 1 — SSH + cat readme (learned: remote login & basic file read) — evidence: evidence/level0-1.png
• Level 1 → 2 — Special filename - trick: cat ./- (learned: stdin vs filename) — evidence: evidence/level1-2.png
• Level 2 → 3 — Used ls -la and file to locate readable file (learned: hidden files & file types) — evidence: evidence/level2-3.png
• Level 3 → 4 — Used find and file to inspect candidates, then cat the human-readable file — evidence: evidence/level3-4.png
• Level 4 → 5 — Searched inhere/ for human-readable file of specific size using find + file (learned: handling weird filenames) — evidence: evidence/level4-5.png
• Level 5 → 6 — Inspected nested dirs in inhere/ and used file/cat on the text file found — evidence: evidence/level5-6.png
• Level 6 → 7 — Used find to match file properties (size/ownership) and printed the matching file — evidence: evidence/level6-7.png
• Level 7 → 8 — Located file using ownership/group filters and find then cat to read contents — evidence: evidence/level7-8.png
• Level 8 → 9 — Used find to search by owner/group/size and then displayed the 33-byte file — evidence: evidence/level8-9.png
• Level 9 → 10 — Extracted printable strings from binary (strings data.txt) and grepped for == patterns — evidence: evidence/level9-10.png
• Level 10 → 11 — Cleaned and decoded Base64 (tr -cd ... | base64 -d) then inspected decoded output — evidence: evidence/level10-11.png
• Level 11 → 12 — (placeholder) Completed level — used relevant file/strings/find commands per hint — evidence: evidence/level11-12.png

How to Use

1. Connect to each level using SSH: ssh [email protected] -p 2220
2. Find the password for the current level
3. Add the password to bandit-flags.txt (LOCAL ONLY)
4. Take a screenshot and save it in evidence/
5. Update this README with your progress

Important Notes

• NEVER commit passwords or flags to version control
• All sensitive information is in .gitignore
• This repository is for tracking progress and learning, not for sharing solutions