Penetration Testing and Privilege Escalation with Bandit


The course is part of this learning path

Bandit Intro
3h 8m

This course will walk you through a variety of exercises and techniques as part of a capture the flag (CTF) game called Bandit. This will make sure that you have the necessary skills in Linux in order to excel in penetration testing and privilege escalation.


Hi, throughout this course, we're going to have a lot of exercises, and mainly, we're going to solve a lot of CTFs, Capture the Flags, in order to learn about penetration testing and privileges escalation. But to start with, we're going to take a look at some CTF or Capture the Flag called Bandit. And this is a fairly simple CTF. But this will make sure that we have necessary tools or necessary skills in Kali Linux or in General Linux in order to understand, and in order to progress in penetration testing. So, if you are certain or if you say that, I'm 100% sure that I have every knowledge of Linux, maybe you can skip this section, but I don't recommend that. I recommend fairly just watch this section and take notes as it's necessary. And even better, just do what I'm doing on your own Kali Linux or on your own penetration testing operating system so that you make sure you know what I'm talking about.

So, I'm going to search for Overthewire in Google, okay? Because that's where our CTF is located. So, OverTheWire is a website, is a portal. I don't even know who makes this portal. I don't even know the guy who makes this CTFs, I'm not associated with them. So, I found this Bandit and I solved it, and actually, I didn't even solve it. I'm going to solve it throughout the section, okay?

I just solved the first couple of lectures, and I taught that this is the ideal CTF in order to make sure that we polish our Kali Linux knowledge, okay? So, if you have any issues connecting to this website, maybe you can use a different network or you can use a VPN or proxy, something like that. I generally prefer to isolate this kind of exercises so that you don't have any issues or you don't have any trouble reaching the CTFs that we follow or we do throughout the course, but this is a particular one that is not located in any corporate websites such as Hackthebugs or Tryhackme. This is OverTheWire, this is an indie CTF, but it is ideal for our purpose. So, if you have trouble reaching over here, just make sure that try it with VPN or something like that or, of course, you can always take notes and watch along, and see if you have any missing knowledge throughout this section.

But I really recommend you do these things with me so that you learn it in a better way. So, Wargames, we have a lot of CTFs over here and we're going to start with the first one, which is the Bandit, okay? And, of course, in your own time you can take a look at for the other CTFs over here as well. So, as you can see we have a lot of levels, and we're going to start it from scratch. We're going to start from Level, and it will be fairly easy once we start, so don't just think that it's going to be too easy. Okay? Once we progress, it's going to be harder. So, make sure you follow along. And maybe you can try to solve this on your own, first of all, okay? So, if you're like an advanced penetration tester looking for a CCP certification, maybe you can just come over here and start solving it yourself. If you get stuck at one point, you can just come back and look at over here, but I'm going to solve them one by one, okay? And you're going to see the solution of every possible level at least for right now. So, I haven't sold most of them yet and we're going to solve it together throughout the course.

So, it will just give us a better idea if they're hard or not, or maybe you can find some other tools or other solutions in a better way. Just let me know throughout the Q&A, so that I can I know it in a better way. So, as you can see there are a couple of levels and if you go to Level 0, as you can see, it asks us to connect to the server using SSH, so I believe the first level is fairly easy, we can just connect and it gives us a password as well. So, the password for the level zero is bandit0, okay? And once we go over here, I believe, we're going to hack into or find some information to go over to the next level. So, for the first level we have the bandit and we have the password, bandit0. So, all you got to do, you got to run the SSH command and connect back to the server over here. So, let me come over to my terminal. So, it really doesn't matter if you have Kali or Parrot or any other penetration testing operating system or any other version of Kali Linux as well, just make sure you follow along, okay? You have with your own operating system as well. So, I'm going to try like this, so maybe this will be in a better way so that we can see the explanation. And also we can see the terminal screen over here as well. So, let me try like that, you can have it your own way as well. I believe, I can just make this a little bit smaller so that it can fit in a better way, yep, like that.

So, let's start. So, what we got to do, we got to SSH into this website by specifying the username. So, we use SSH like this SSH is the comment and we specify the username which is bandit0 and we can state the host over here which is and we can specify the port by saying -p 2220. And these are all the information that is supplied for us, right? You can see the information in the website as well, so make sure you check it on your own. So, it says that, are you sure you want to continue connecting? And I'm going to just say, yes, right? It asks if we want to continue or not, you can say yes or no, I'm just going to say yes. So, now it actually added this host to our list of known hosts, so I believe we're not going to be specifying yes or no from this point on. Now, I'm going to give the password, which is bandit0, okay? And I'm typing it, but you don't see it. Don't worry, it's for protection. You just type bandit0 and hit 'Enter' and here you go. Now, we are inside of the server. So, let's see what we can do with this thing. And I believe we have to read this specification or read this message over here and I believe this won't work. I'm just going to make it like that, okay? Because it will make much more sense to use it vertically rather than horizontally. So, I'm going to make this like that as well, okay? I'm going to make this vertical as well. Sorry about this, but we have to find an optimum way of working over here, because it's going to take long. I believe we have 33 sections, 33 levels over here.

So, anyway, let's scan over here and see if we have something interesting. Now, we are inside of the bandit0, I can come over here and click on the 'Level - Level 1' and in each level we get a quest, okay? We get some instructions, and it gives us some tips in order to proceed into the next level. So, as you can see it says that the password is actually stored into readme file. So, I can just call cat readme, and I can find the password for the next level. So, it's fairly easy as you can see. And if you're thinking right now, I thought that this course was advanced or some kind of like focused on the privilege escalation and penetration testing, you're right. We're just getting started. Don't worry about it. I'm going to run exit, and I'm going to change this username to bandit1. I'm going to copy this password that we have found in the bandit0, and I'm going to give this password over here. I'm going to just paste the selection and hit 'Enter'.

So, that's how it works. As you can see, now we are inside of the bandit1. Now, we're going to keep on doing this until we reach the end of this level. Okay? End of the level 33, I believe. So, if you go to Level 1 - Level 0, which is the next step, so as you can see, it says that the password for the next level is stored in a file called -. So, if we say ls we can see the -, but can we do chat-space-dash? So, it's a little bit tricky, right? So, it's actually easy if you know how it works. But if you don't know, you're just going to get stuck over here like that. So, if you say cat /- it asks or it waits for a parameter. It thinks that you're going to give some parameter to chat command. It won't work, as you can see. And you have to make it work in order to see the content of the - file, in order to get the password of the next level, right? So, this is how it's going to work.

So, I'm going to just say 'Command C', and I'm going to show you a way in order to solve this, because it's fairly easy. You just have to know the syntax of this, okay? So, if you just run ls -la, you're going to see we don't have any other file, and this is indeed the file that we're supposed to read. So, the file is named -. So, it's an unfortunate name, but we can always go like this ./- like as if we are trying to run this. Okay?

So, as you can see, we managed to get the Level 2 password. Now, I'm going to copy this. And I'm going to come over here and just exit out of this one, and I'm going to run the ssh command. But this time, I'm going to run it as bandit2. It will ask me for a password, and I'm going to give this password that we have found over here. And I'm going to say 'Paste Selection', and here you go. Now, we are inside of bandit2. And, again, it's going to get harder and harder, don't worry. So, if I run ls -la, I will see something like spaces in this, and here you go. It says that this password for the next level is just starting this file. And I believe this is asking for us to do cat one more time, but it's actually asking us if we know how to run this file with spaces, if we know the syntax of this or not. It's really easy again. Most of you know this by now, I believe.

You can just run spaces, and hit 'Tab' in order to autocomplete. But if autocomplete doesn't work, you can write it like this. If you want to give a space, you can just write backwards slash and do your space, and then just write the rest of the file name like that. OKay. So, this is how it goes. So, if I hit 'Enter' over here, I will get the password for the next level as well. So, these are pretty easy as you can see. But again, this is going to get harder. And I believe you will learn something in the section that you haven't learned before. So, I'm going to exit out of this one. I'm going to copy this one, and I'm going to go into the bandit3 over here. So, let's see if this works or not, okay? And make sure you copy this and paste it when the password is asked from us. So, here you go. Now, we are in the bandit3. I believe we can stop here, and continue within the next lecture for the rest of the levels.

About the Author
Learning Paths

Atil is an instructor at Bogazici University, where he graduated back in 2010. He is also co-founder of Academy Club, which provides training, and Pera Games, which operates in the mobile gaming industry.