This is the other half and continuation of the previous level, where we find our first flag!
Level Instructions
The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.
Level Solution
First we have to login via SSH using the previous level’s user bandit0 (using their password bandit0 which was already provided in the instructions).
1. Connecting
1
2
3
4
ssh bandit0@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit0@bandit.labs.overthewire.org's password:
Just type the password
bandit0when prompted, and hitENTER. You won’t see a cursor. That’s normal.
2. Searching
1
2
3
4
5
6
7
8
bandit0@bandit:~$ ls -la
total 24
drwxr-xr-x 2 root root 4096 May 7 20:14 .
drwxr-xr-x 41 root root 4096 May 7 20:14 ..
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
-rw-r----- 1 bandit1 bandit0 33 May 7 20:14 readme
The command
ls -lanot only lists files in the current directory, but all of them, including hidden ones. I.e. files whose name starts with a period, such as .profile above. Just so we don’t miss anything hidden in plain sight.
The file readme above is the only one that’s not standard, so let’s see what’s inside:
1
2
bandit0@bandit:~$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
That’s the “flag” we want to “capture” and the password we need for the next level, i.e. to login with user bandit1.
3. Exiting
1
2
3
bandit0@bandit:~$ exit
logout
Connection to bandit.labs.overthewire.org closed.
Level Flag
boJ9jbbUNNfktd78OOpsqOltutMc3MY1