Makery

I took a hacking lesson on Bandit at PMClab

Daniel Bourdrez, our hacking teacher. © Robin Lambert

A location: the PMClab, fablab of Paris VI university. A person: the IT security student and hacker Daniel Bourdrez. An objective: discover hacking with the serious game “Bandit”. Hang on tight, let’s roll.

Hacking is within anyone’s reach. This is the lesson the serious game Bandit, a war game from the OverTheWire website, wants to give. Just an empty promise? In order to check, Makery went over to the PMClab, the associative fablab of the Pierre and Marie Currie university in Paris where Daniel Bourdrez, 25, hacker, is studying IT security. He deciphers for Makery the first levels of the game. 

Before playing…

Under Mac, open the Terminal application in the Utilities folder; under Linux, Ctrl+Alt+T with most distributions; under Windows, download and install Putty or a virtual machine to switch to Linux or Mac. Then go to the page dedicated to Bandit on OverTheWire and follow the instructions…

The game can start. Well nearly…

Start by not getting stuck on Bandit0…

Before entering the game, you play connecting to the server (screenshot).

This “level” is in fact a preliminary stage that consists of getting connected to the game server.

On PC, you just need to start Putty and enter the address bandit.labs.overthewire.org:

If needed, check the SSH box and specify port 22 in the box on the right. 

Now, shall we move on to level 1?

A window opens and asks you for the login (bandit0) and the password (bandit0 again):

There is nothing displayed when you type the password, it’s normal: a question of security… (screenshot)

The aim is to find the password that frees the next level, located in a text file.

“The website will give you many commands to help you. It will not give you THE command, otherwise it would be too easy. And you look at each command, what it does, what it is for…”

Daniel Bourdrez 

The command “ls” lists the contents of the file, and half of the level is already done (screenshot).

Tip: double-click on the password to copy it, then do a right click to paste it.

To reach Bandit2, play with file names

The password for the next level is in a file called “-”. Yet, this character is usually reserved for what we call a “standard input”. The good hacker apprentice will therefore specify to his computer that he wants to open a file called “-”, and not carry out a standard input; Subtle…

The “ls” command functions but the “cat-” command blocks the terminal (screenshot).

Tip: if the terminal seems blocked, type Ctrl+C to start entering commands again.

For Bandit3, play with spaces

Gee, spaces in the name of the file to open! You must use a little technique…but which one?

As with the previous level, you just need a tip to get the password (screenshot). 

For Bandit4, move on to the hidden files

To access the next level, you need to open…a hidden file! Here, no need for new commands as to speak, but Daniel Bourdrez suggests you consult the “ls” guide…

No file in the inhere folder? (screenshot).

For Bandit5, do not “traumatize the shell”…

A folder that contains ten files…yes but which one holds the password? You could always open them one by one, but “all except one contain raw data that will traumatize the shell”, the user interface of the operating system. To do things properly, you must find the only file that contains text, with a command that has not been used yet.

In a file explorer, how does one find a particular type of file? (screenshot). 

At level 25 (difficult), opt for the “brute force” method

Beware: difficult level. Admittedly, a daemon (small program) can provide you with the code to go on from Bandit24 to Bandit25. But you only activate it in exchange for the code for level 24 (obtained by overcoming level 23…) to which you need to add a PIN (four-digit code).

Without any indication, the only way is to try all the possibilities: it is the “brute force” method. Fortunately, in IT, you don’t need to do this kind of thing by hand, you can write a small program, a script, that does it for you and will try the PIN 0000, 0001, 0002…until it finds the right one.

The solution for this level is found at this address (beware spoiler).

Outside «Bandit», other salvations

On the French side, the root.me website has more than 200 challenges for more confirmed coders, and offers like OverTheWire rankings per challenge and per user. Otherwise, it is always possible to contact the hackerspace closest to you to organize sessions with these hacking games.