OverTheWire CTF Wargames

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

The community-based project OverTheWire offers Capture-The-Flag (CTF) wargames for IT-Security enthusiasts and learners. The wargames all focus on different aspects of IT-security or computer sciences like for example Linux systems, cryptography or serverside web application security. The official website OverTheWire.org lists 13 available wargames as of december 2024, with only one of them being available for offline use. The other 12 games are accessed via either SSH or in the case of the serverside web application security focused wargame “Natas” , via a web browser and other tools. As usual for CTF Games in IT-Security, the goal of each level in the wargames is to obtain the password for entering the next one, in this case for accessing the SSH user. The website offers little guidance to beat the challenges posed by the wargames but being around for much over 10 years, a lot of blog entries and YouTube walkthroughs on the wargames have emerged.

Summary

This documentation will help to get started with solving the OverTheWire wargames.

Requirements

  • Operating system: Any, that can run a SSH Shell.
  • SSH Shell: For example Putty on Windows or Unix based operating systems.
  • Packages: Additional Packages may be required for some wargames.

General Tips

To connect to a SSH wargame you will find the SSH hostname and port on each games own site. If you are connecting with Putty you may find it helpful to save the hostname and port in a session like seen in the picture below, for the wargame Bandit: Putty stored session.png

This is useful because after completing the challenge you may have to close the session and enter again.

Also, save the passwords (captured flags) you have obtained because if you loose the current one you will have to start again! The passwords change from time to time so you probably also won't find them online.

Bandit

Bandit is the easiest wargame and the first one in the suggested order to play them. It is about basic Linux filesystems. You may find it helpful to first read the following manpage if you have never worked with a Linux machine before (highly unlikely i know).

To connect to the Bandit Wargame use the following hostname and port:


Level 0

Login as bandit0 with password bandit0.

Bandit Login2.png

Then try the "ls" command to list all files and directories. To read a file use the "cat" command.

Bandit Level0.png

The password is found in the read file "readme".

Level 1

Login as bandit1 with the password from the level 1.

Try entering the command "ls" and then to read the strangely named file "-" you will find. As you will see, you can't read it by simply typing its name. Use "./" before the filename now.

Bandit Level1.png

Level 2

Login as bandit2 with the password from the level 2.

For this wargame try putting the filename in brackets.


Level 3

Login as bandit3 with the password from the level 3.

Use "ls" to find the directory. You can move to the directory with the cd command.

Try to find the file containing the password

References

Retrieved from "https://wiki.elvis.science/index.php?title=OverTheWire_CTF_Wargames&oldid=17699"