ctp

OverTheWire Level 0 - 5 Walkthrough

Varkey Thomas's photo
Varkey Thomas
·

3 min read

CTFs:

A CTF (short for Capture the Flag Competition) is a gamified computer security competition where players solve information security-related challenge. The main aim of a CTF is to help players learn about the various tools and concepts used in cyber security by providing practical labs where their skills can be tested.

OverTheWire:

OverTheWire is one such CTF site that provides basic challenges for a beginner in order to become accustomed to the methods and techniques needed to proceed within the ctf challenges.

This article will be a walk-through of the levels 0-5 of the CTFs

Level 0:

The pilot level of the CTF is very straightforward. First connect to the server using the ssh command

sh.png

Upon connecting, you will be prompted for the password bandir0pass.png

Once the credentials have been entered, an animation of ASCII text will be displayed on the terminal.

Now that access to the server is granted, the first file containing the password presented inside the present working directory.

bandit0.png

Level 1:

In this level, the instructions say that the password for the next level is stored in a file called - located in the home directory, along with some useful hints as to the method to access such types of files.

Once access is granted to the particular directory of the server, a file with "-" name is present

dashedfile.png

In order to access the file, again the cat command is used

dashfile.png

Level 2:

For this level, the instructions state the password for the next level is stored in a file with spaces in its name.

Within the server, a file is present with such a name

spaces.png

In order to open this file, the cat command is used along with the a "\" character in order for the system to recognize the file.

spaces1.png

Level 3:

The password for this level is stored inside a hidden folder within the "inhere" directory.

hidden.png

Once navigated to the inhere directory, view the hidden file. To do so, we use the following command

ls -a

where the -a flag in order to find files with . format. The result will show something like this

hidden0.png

The contents of the hidden file can be displayed using the cat command again

hidden1.png

Level 4:

As is given in the website, the password to the next level is stored in a human-readable format inside the inhere directory.

When the website is accessed, the inhere directory will be present. inhere.png

Upon navigating the the directory, a number of files will be present within the directory.

inhere0.png

In order to find the password from within the array of files present, we can either do so by manually by using the cat command on each file to display its contents, or we can automate the task.

To complete this level, I have automated the task of checking each file using a for loop

inhere1.png

Level 5:

According to the website, the password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

human-readable
1033 bytes in size
not executable

Once the server is accessed, we can take a look around byte.png

Inside the inhere directory, there are numerous folders in which the file containing the password can be located. However, included in the hints to pass this level is a command called find.

The find command allows us to find files based certain specifications provided which can range from name of the file to file extension to size. Since the size of the file is specified for this level, we can use that to parameter to find the file.

While it is possible to manual comb through each and every file until any one meets the specifications, a faster way to proceed is to simple use the find command with the -size flag

byte0.png

CTF#cybersecurityLinux