Bandit 00 - Getting Started

From Daelphinux
Jump to: navigation, search

Introduction

Bandit 0 is really an introduction to the very basics of Linux. The Overthewire folx also add suggested commands in each of their challenges. We will go over each of these through our journey, and why they are used. By the end you should have a fairly good grasp of the hacker mentality, and how to use the Linux operating system.

If you are here from my Homelab Tutorials series, this will also prepare you to get ready to test new vulnerable machines after the course is complete.

Connecting

To connect to the Bandit0 level you need to use the username `bandit0` and password `bandit0`. The rest of the passwords are unlocked throughout the series. While this walkthrough will show you how to solve the levels, I will not be giving you the passwords.

From your Terminal type the command:

ssh bandit0@bandit.labs.overthewire.org -p 2220

The Process

The Home Directory
Your primary directory on a Linux system is referred to as your "Home" directory. It will be found at the location "/home/<username>/". Generally, on a Linux system by default you will be in your home directory when you login to a terminal shell.

For the first challenge the lab it tells us up front that the password will be found in the "readme" file. This is located in your home directory. At this point we know we need to access the contents of the readme file to get the password. But how?!

Recommended Commands

ls, cd, cat, file, du, find are the commands that we are given. Let us take a look at this and see how each one works.

ls

The ls command is used to list the contents of a directory. This command has a number of switches, including:

  • -a | Lists all files in a directory, including hidden ones.
  • -l | Gives a long Listing of all of the files in a directory. This will give you sizes, dates modified and access, and permissions.
  • -h | Makes sizes listed human readable.

These switches can be combined to run the command ls -lah which will give us a long listing of all files in our current directory with human readable sizes.

cd

The cd command is used to change directories. This is accomplished by using the cd command with name of the destination directory. So if you wanted to change to the /opt/ directory you would run cd /opt/. There are a number of operators that can be used with this command as shortcuts to move around the file system. These include:

  • ~ | This represents the current user's home directory. (You can also run the command "cd" by itself to move to a home directory).
  • .. | This represents the next directory up in the directory hierarchy
    • If you are in "/opt/application" and you use this you will end up in "/opt/".
  • - | This represents the last directory you were in.
    • If you were to cd to "/opt/application" from the "/home/user" directory and you ran cd - you would end up in the "/home/user" directory.

cat

The cat command is known to concatenate two files together. That, however, just happens to be a function of it sequentially listing the contents of files to standard out (this will show them in your terminal). You can use the cat <filename> command to list the contents of the file to the terminal. For instance, if you wanted to read the contents of the "readme" file you would run cat readme in your terminal.

file

The file command is used to determine what type of file you are looking at. This will help us determine what files are human readable, and which are binary files (We will talk more about binary files later on).

du

The du command will show you the space used by files in the directory. The default gives you the filesizes in bytes, but much like with ls we can use the -h switch to accomplish the same result (showing files with human readable sizes). To list the sizes in human readable form in your current directory run the command du -h.

Regular Expressions
Regular Expressions, or Regex, are a method of finding files that match a set of characteristics. We are using one element of Regex with the * character. It will match any character or characters in place of itself. For instance: the match "tex" will not match a filename "text", however "tex*" will match on "text","textual", or "textile".

find

The find command will help find a file in a directory, or set of directories, and all of their subdirectories recursively. By default it will search the directory you are currently in. A different starting directory for the search can be specified. This means that if you are in the /home/ directory, and you have 3 subdirectories, it will find the file in any of the three sub directories. We can use the iname switche with the find command: This will search files for filenames that match your search string. You can use the `*` as a greedy match. For instance if we run the command find -iname read* we will find the "readme" file we need.

The Solution

With the commands above it is clear that to view the contents of the file we should use the cat command.

cat readme will output the contents of the file including the password for Bandit1. I strongly recommend setting up a spreadsheet, notepad file, or otherwise to save these.

I save them in a CSV file with the following schema:

username,password

bandit0,bandit0

bandit1,x

Next > (Bandit 01)

Quiz

For users following the Homelab Tutorials series, I am writing a series of Quizzes to serve as knowledge checks. These are optional, but if you are following along, you might as well test yourself.

1 The ls command will change your current directory.

False
True

2 Fill in the Blank:

was the command that would get use the password from the readme file.

3 Regular expressions: (Select all correct options)

Find files based on characteristics of their filenames.
Are not used in Linux, they are only used on Windows.
Can use the * character as a greedy match.
Are never used.