About Me
Avatar
Part time CTF Player learn every day!!
🌠 I Love Hoshimachi Suisei!! 🌠
🌠 I Love Hoshimachi Suisei!! 🌠

OverTheWire Bandit Level 0 → 1 tutorial!!

overthewire bandit walkthrough ctf linux beginner
Published on 11 Jan 2023

Login

If you’re not already logged in from Level 0, connect as bandit0:

ssh bandit0@bandit.labs.overthewire.org -p 2220
# password: bandit0

Why? We must start as bandit0 to retrieve the password for bandit1.

Task

Task

The password for the next level is stored in a file named readme located in the home directory of bandit0. Use that password to SSH into bandit1.

A little bit of Theory

  • Home directory: when you log in, you land in your home (shown as ~).
  • Listing files: ls -la shows all files, including hidden ones and details (owner, perms, size).
  • Reading a file: cat <file> prints the file to standard output.
  • Absolute vs relative paths: readme and ./readme both refer to the file in the current directory.

Solution

  1. Confirm you are in the home directory

    pwd

    Why? It should print something like /home/bandit0. That’s where the readme file lives.

  2. List all files to spot readme

    ls -la

    Why? Ensures the file exists and lets you see permissions/owner.

  3. Print the password from readme

    cat readme

    Why? cat outputs the file content directly; the output is the password for bandit1.

readme output

  1. Copy the password (careful: no extra spaces or newline when pasting).

  2. Exit and log into the next level (bandit1)

    exit
ssh bandit1@bandit.labs.overthewire.org -p 2220
# paste the password you just found when prompted

    Why? Each Bandit level is a distinct user; you use the found password to access the next account.

Password

This is the password shown in my run; if it doesn’t match yours, copy the one from your own terminal output.

ZjLjTmM6FvvyRnrb2rfNWOZOTa6ip5If

Troubleshooting

  • Permission denied → Re-check that you typed/pasted the password exactly (no trailing spaces).
  • No such file or directory for readme → Make sure you’re in the right directory (pwd), then run ls -la again.
  • Connection issues → Ensure -p 2220 is present and your network/firewall allows outbound SSH.

Congrats 🎉 You’ve retrieved the password from readme and can now play as bandit1.

Thanks for reading!

Until next time — Otsumachi!! 💖☄️✨

Cinema

related posts

all tags

GOT-overwrite aboutme aead ai alphanumeric-shellcode apt argc0 argon2 aslr assembly asymmetric atoi automation backbox bandit base64 bash beginner behemoth binary binary-exploitation binary-to-ascii blackarch blind blind-sqli blogging blue-team bruteforce buffer-overflow buffer-overwrite c caesar canary capabilities checksec command-injection commonmark cookie cron crypto cryptography ctf cutter cyberchef cybersecurity defenders detection dev directory-traversal dnf docs drifter ecc education elf env envp exploitation finale forensics format-string formulaone frequency frequency-analysis gcc gdb getchar gfm ghidra github-pages governance gpg guide hashing hkdf http jekyll jmpbuf kali kasiski kdf kernel keylength kramdown krypton lab ld_preload leviathan lfi lfsr linux linux-syscall llmops log-poisoning ltrace manpage markdown maze memcpy mitigations mitmproxy mlops narnia natas networking newline-injection nonce nop-sled nx object-injection obsidian openssl osint overflow overthewire package-manager pacman parrot path path-hijacking pathname php pie pkc pki pointer-trick pqc priv-esc privilege-escalation provable-security pwn pwntools pyshark python race-condition radare2 rag randomness recon red-team redirect relro requests ret2env ret2libc reverse-engineering reversing ricing roadmap rop rot13 rsa scapy security seed seo serialization session setjmp-longjmp setuid shell shellcode smoke soc sockets sprintf sql-injection srop stack-canary stack-overflow strace strcmp strcpy streamcipher strings strncpy strtoul substitution suid suisei symlink symmetric terminal test threat-intel time-based tls troubleshooting tshark type-juggling ubuntu udp utumno vigenere virtualbox virtualization vmware vortex walkthrough web windows wireshark writing wsl x86
dash theme for Jekyll by bitbrain made with