OverTheWire Bandit Level 1 -> Level 2 - Walkthrough

Introduction

In this article, I will give you a walkthrough of the Bandit wargame Level 1->Level 2. In this level, the player is required to fetch the password from a file. Sounds quite simple just like the last level. The catch here is that the file name is '-' which is like a special character. So the player needs to think a bit extra to get the password.

Goal

Get the password for Level 2 from the file named '-' present in the home directory.

Details Provided

Server - bandit.labs.overthewire.org

Port - 2220

Username - bandit1

Password - NH2SXQwcBdpmTEzi3bvBHMM9H66vVXjL

Theory

When we login to bandit1 using SSH, we land up in the home directory which is "/home/bandit1". We further need to locate the file '-' which is present in the home directory. We can use the command ls to check the files present in this directory. As per the knowledge from previous levels, we should be able to get the password by the command "cat -". However, this will not return anything. 

This is because cat command treats '-' as a synonym for stdin. It will expect some input from the user and on entering any character, it will output the same on the console once enter is pressed.

So to get around this, we need to make the cat command understand that this is a filename. We can do this either by entering the complete path "cat /home/bandit1/-" or by entering "./-". For more information on this, you can check this thread on unix stack exchange.

Solution

First we login to bandit1 using SSH and check the home directory with the command pwd and check whether the file '-' is present in the home directory or not using the ls command-:

Since we have got the file, we can use the command "cat ./-" or "cat /home/bandit1/-" to get the password for the next level.

This completes the Level 2 walkthrough. I would encourage you to explore more on the used commands on the internet and post your comments.