The Terminal

 Publ .

 Mins 12 (2377 words).

 Edit .

The Terminal

The first 10 levels of the game intend to get you going with the main tool of a Linux system, the terminal. The terminal is a powerful tool. It may be fair to say that getting used to it can be a steep process.

Beware that once the flow of doing our tasks in it kicks in, you will realize that the rewards of learning this tool can be pretty much unlimited. The console is the biggest point of leverage when trying to do any sort of task on a Linux box.

There is no magic bullet to become proficient at it, you have to learn by doing. Have always present that the man pages, the arguments -h and --help and a search engine are your best friends.

Index

LEVEL 0

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Commands you may need to solve this level:
ssh

Helpful Reading Material:
Secure Shell (SSH) on Wikipedia
How to use SSH on wikiHow

To start the game you must use an SSH client to login into the server. SSH is a network protocol used mostly by system administrators. It serves as a secure way to remotely access computers over unsecured networks.

Assuming a Linux machine with its default ssh client, you have to indicate the port, username and hostname. The command is:

$ ssh -p 2220 bandit0@bandit.labs.overthewire.org

The shell may warn you about the authenticity of the host. You type in yes to continue connecting then, when prompted, enter the password and press return:

This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit0@bandit.labs.overthewire.org's password:

Before proceeding to the next level, read the welcoming message, rules and recommendations.

LEVEL 0 -> LEVEL 1

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Commands you may need to solve this level
ls, cd, cat, file, du, find

After a login shell, your default location is the home directory of the user bandit0. The first step is closely inspecting the man pages of the recommended commands.

Issuing ls lists the files in the directory and confirms that the readme file is located in the user’s home. Passing the file to cat utility concatenates its contents.

$ cat readme
NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL

To logout you either issue the exit command or the keyboard shortcut Crtl+D.

LEVEL 1 -> LEVEL 2

The password for the next level is stored in a file called - located in the home directory
Commands you may need to solve this level
ls, cd, cat, file, du, find

Helpful Reading Material
Web Search for “dashed filename”
Advanced Bash-scripting Guide - Chapter 3 - Special Characters

Listing with ls confirms that the file is present in the user’s home. Logically, issuing cat - is the next logical step. But the shell ends up in a loop in which it just repeats everything you type.

The reason for this behavior is clearly stated in the Advanced Bash-scripting Guide. The default behavior of the program cat is to read from a file and output its contents to standard output. When you enter cat -, the program literally reads from the file -.

The problem is that the dash is a special character. When interpreted by the shell it represents standard input. Given the fact that standard input is the keyboard itself, cat concatenates the string buffer entered in between return presses, sending it immediately to standard output, the terminal.

Foreground processes can be terminated by sending Ctr+C or Crr+D. Both are special control characters described in the reading materials above. The former interrupts it while the latter finishes the task in an orderly manner by signaling EOF (end-of-file).

Giving the cat command a referenced path forces the shell to avoid interpreting the dash operator and displays the contents of the file. You can do this in several ways:

A single dot to refer to the current directory:

$ cat ./-

Referencing /home with the tilde ~:

$ cat ~/-

Full path of the file:

$ cat /home/bandit1/-

Any of them will output:

rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi

LEVEL 2 -> LEVEL 3

The password for the next level is stored in a file called spaces in this filename located in the home directory

Commands you may need to solve this level
ls, cd, cat, file, du, find

Logically, you may issue the following command:

$ cat spaces in this filename

But the cat utility will attempt at concatenating a file named spaces, then a file named in, then a file named this and so on and so forth. The cause of this behavior is that the space character is also a special character. As such, it is interpreted by the shell. It normally indicates the end of a string, or a command.

To make the program display the contents of the file you can use quotes, either single or doubles. However, is important to bear in mind that they are interpreted differently in bash. Single quotes preserves the literal value of each character within them, while some characters are subject to expansion when enclosed within double quotes.

$ cat 'spaces in this filename'
BZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
$ cat "spaces in this filename"
BZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG

You may also escape the blank character with a backslash. This special placeholder ‘' indicates the shell that the character following it must not be interpreted, losing its special significance and preserving its literal meaning:

$ cat spaces\ in\ this\ filename 
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

Finally, tab-autocompletion can serve as another possible solution by letting the shell complete the string for you. To use this feature, first enter the first letters of a command, file or directory name. Then, press tab and the shell will automatically offer all possible words available for completion. By typing cat then tab twice all files and directories present will be on display. Type in ’s’ then tab and tab-autocompletion will do the rest. This is one of the most helpful features of the shell.

LEVEL 3 -> LEVEL 4

The password for the next level is stored in a hidden file in the inhere directory.

Commands you may need to solve this level
ls, cd, cat, file, du, find

After inspecting the contents in /home by issuing ls. You place your prompt inside the inhere/ directory using the change directory command cd.

ls
inhere
cd inhere/

Once in the directory re-issuing ls shows no output. In order to display all files, you should pass an option or argument to the ls program. The manpages read that the option -a or --all can be used to ‘do not ignore files starting with .’. To quit manpages yoy press q.

ls -a
. .. .hidden

Files whose names start with dot are hidden, they are commonly used to store settings and/or system preferences. Dot and dot-dot are both special system files present in every folder. They are placeholders that point to the current directory and parent directory respectively. These special files form part of the Linux file hierarchy structure. To shed some light on its meaning, you may observe that issuing the command cd .. sends your prompt to its parent directory.

The other file present in this folder is the one with the password.

cat .hidden
2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe

LEVEL 4 -> LEVEL 5

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Commands you may need to solve this level
ls, cd, cat, file, du, find

If you follow the prompt given on the level goal, you may first inspect the home directory. By listing the contents of the /inhere folder you may observe that it contains 10 files of which only one contains the password for the next level. Bruteforcing (running cat on each file) is a valid solution, but it is more elegant to let the shell to do the heavy lifting for us.

The first clue is that our file is human-readable. This is a broad concept. You can use the file utility to check the file type of each of them. file inspects the data contents of files to determine its type. To check all at the same time you can use the star wildcard. The Asterisk is an special character that “expands” to match all characters.

Thus, to output the type of all files on the /inhere folder.

$ file inhere/*
inhere/-file00: data
inhere/-file01: data
inhere/-file02: data
inhere/-file03: data
inhere/-file04: data
inhere/-file05: data
inhere/-file06: data
inhere/-file07: ASCII text
inhere/-file08: data
inhere/-file09: data

Judging by the type of each of these files, the most likely to store the password for the next level is -file07.

$ cat /inhere/-file07
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR

EXTRA:

Keep in mind that if you place the prompt into the folder and then try to do file -file07 or cat -file07 the command will fail. This is because the shell reads the string after the dash as an option, giving you an error. You may either escape the character or give the commands a relative/absolute path to avoid the undesired behavior.

$ cat ./-file07
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR

LEVEL 5 -> LEVEL 6

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

Commands you may need to solve this level
ls, cd, cat, file, du, find

An inspection reveals that there is lot going on in the inhere/ folder. It is populated with twenty folders of which each of them appears to have several files. Inspecting them one by one is very time-consuming. The suggested command find can perform recursive searches. Its syntax is:

$ find [directory to search] [-options] [expression]

As per the manpages, all arguments are optional when running find. Calling the program with no arguments will output all files and directories below the current location.

First let’s look for files that are not executable. To do this, you pass the operator ! which stands for NOT or negation followed by the flag -executable. All non-executable files in the current directory and all its subdirectories are now on display:

$ find ! -executable
./inhere/maybehere03/.file2
./inhere/maybehere03/-file2
./inhere/maybehere03/spaces file2...
...
[lots of output]
...
./.bashrc
./.profile
./.bash\_logout

Not of much help, there are yet to many files to check. Let’s look for files that are also 1033 bytes in size. man find describes the argument -size, to which several suffixes can be added according to the units you like to use. The suffix c specifies that the size is given in bytes. The one file that matches the criteria is:

$ find ! -executable -size 1033c
./inhere/maybehere07/.file2
$ cat ./inhere/maybehere07/.file2
P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU

LEVEL 6 -> LEVEL 7

The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size

Commands you may need to solve this level
ls, cd, cat, file, du, find, grep

In the previous level, find was issued with no location argument limiting the search to the folder where the prompt is positioned. Now the search scope becomes larger. To lookup in the whole file system, you must point find to the root directory. “Slash” is the highest point on the system’s file hierarchy tree.

$ find / -user bandit7 -group bandit6 -size 33c

Most of the output consist of error messages issued by find. They are due the user’s lack of permission access to system folders and files. But there is a line in the output pointing to a file accessible by our user:

/var/lib/dpkg/info/bandit7.password 
$ cat /var/lib/dpkg/info/bandit7.password 
z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S

LEVEL 7 -> LEVEL 8

The password for the next level is stored in the file data.txt next to the word millionth

Commands you may need to solve this level
man, grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

The solution is to use grep. An utility that matches patterns within a file. By adding the option -w, the output consists of the full lines in which the word matches.

$ grep -w millionth data.txt
millionth	TESKZC0XvTetK0S9xNwm25STk5iWrBvP

LEVEL 8 -> LEVEL 9

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

The file data.txt contains too many lines to visually inspect.

Using the program uniq, whose purpose is to report or omit repeated lines the output is not what you may expect. The problem is that uniq does not detect repeated lines unless they are adjacent. This means the input of uniq should be already sorted.

sort produces a sorted output file. You could either create a file in the /tmp folder as an intermediate step, or use piping.

Piping is a form of redirection used with the purpose of sending the output of one command as input of another for further processing. When two commands are connected through a pipe, the first command sends its output to the pipe instead of sending it to the terminal screen. At least practically, you can pipe as many commands as you wish. The syntax for piping is:

$ command1 | command2 | command3 | ..... | command-n

This tool allows us to execute a program on command1 then send the output of this program as input for command2, whose output becomes the input of command3, and so on and so forth.

$ sort data.txt | uniq -u
EN632PlfYiZbn3PhVK3XOGSlNInNE00t