Bandit0

Level Goal

The goal of this level is for you to log into the game using SSH.
The host to which you need to connect is bandit.labs.overthewire.org, on port 2220.
The username is bandit0 and the password is bandit0.

Commands useful to solve the level

• ssh

Helpful Reading Material

• Secure Shell

Where to start?

We know that we need to use ssh to log into the game and already know that there is only one command that may be useful to solve the challenge. After reading about what is the secure shell on wikipedia, let's dive right into it and look into the ssh man page

Part 1 : Host Specification

Our first job is to find out how to specify the host that we're trying to connect to.

Hint

Look in the ssh man page, in the DESCRIPTION section, right after the SYNOPSIS there should be, near the beginning, the name of an item that could already be found in the SYNOPSIS section

Solution

The argument we are looking for is the one name destination this argument is the host we are trying to connect to.
For now, our command looks like : ssh bandit.labs.overthewire.org

Part 2 : Port Specification

After running this command, we can see the following prompt in the terminal :

                      This is an OverTheWire game server. 
            More information on http://www.overthewire.org/wargames

!!! You are trying to log into this SSH server on port 22, which is not intended.

shelltief@bandit.labs.overthewire.org: Permission denied (publickey).

So we need to use the port that was specified in the challenge rules

Hint

Try to look again in the SYNOPSIS and DESCRIPTION sections of the ssh man page and see if you can manage to find how to specify a port to connect to the remote host

Solution

Using the -p option allows us to specify a port to connect to. Our updated command ends up looking like this :

ssh -p 2220 bandit.labs.overthewire.org

:bulb: It is a good practice to put all option arguments before any non-option argument

Part 3 : Username Specification

Now that we specified the port to connect to, we can see the following prompt :

                         _                     _ _ _   
                        | |__   __ _ _ __   __| (_) |_ 
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_ 
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server. 
            More information on http://www.overthewire.org/wargames

!!! You are trying to log into this SSH server on port 2220 with a username
!!! that does not match the bandit game.

Charystag@bandit.labs.overthewire.org's password: 

and when we try to input the provided password : bandit0, we get the following response :

Permission denied, please try again.
Charystag@bandit.labs.overthewire.org's password: 

The important information is : with a username that does not match the bandit game. This tells us that we'll need to specify our username to successfully connect to level bandit0

Hint

Once again, you have to look into the sections SYNOPSIS and DESCRIPTION of the ssh man page.
The argument you are looking for is now one that allows you to log in as a given user on a remote machine.

Solution

Using the -l option allows us to specify the user that we want to log into on the remote machine.
Our full command looks like : ssh -p 2220 -l bandit0 bandit.labs.overthewire.org. Once we get the login prompt, we can now enter the password and successfully login to the first level.

Full Solution

The full command is :

ssh -p 2220 -l bandit0 bandit.labs.overthewire.org

Once we get the login prompt, we can then enter the password bandit0 to successfully complete the bandit0 challenge.

You can now solve the first level