Saturday, 7 Mar 2026

Bandit Wargame Walkthrough: Linux Terminal Solutions Levels 0-13

Getting Started with Bandit Wargame

Bandit wargame is a brilliant puzzle game that tests your Linux terminal skills through progressively challenging levels. After struggling through my own Linux journey—complete with rage quits and config file nightmares—I discovered how Bandit accelerates practical command-line proficiency. Each level requires solving puzzles using authentic Linux commands to uncover passwords for subsequent levels. This hands-on approach builds real troubleshooting skills while reinforcing core concepts like file navigation, permissions, and data processing. I analyzed gameplay from levels 0-13 to create this actionable guide.

Essential SSH Setup and Level 0-2 Solutions

Establishing SSH Connection

Bandit starts with SSH authentication. Use this command structure:
ssh -p 2220 banditX@bandit.labs.overthewire.org
Replace X with your current level number (0 for initial access). When prompted, enter "bandit0" as the starting password.

Level-by-Level Breakdown

  • Level 0: Connect via SSH using the command above. No file interaction needed.
  • Level 1: After login, run ls to see the "readme" file. Retrieve the password with cat readme.
  • Level 2: Handle hyphenated filenames with cat ./- to access the password file. This demonstrates Linux filename escaping techniques.

File Navigation and Advanced Filtering (Levels 3-7)

Working with Special Files

Level 3 introduces spaces in filenames. Use quotes:
cat "spaces in this filename"
For Level 4's hidden file, combine commands:
ls -a (reveals hidden files) then cat .hidden

Permission-Based Challenges

Level 5 requires identifying human-readable files among binaries. Use:
file ./* to check file types
Level 6 demands filtering by size:
find . -size 1033c
Level 7 combines ownership and size parameters:
find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
The 2>/dev/null suppresses permission errors—a crucial troubleshooting tactic.

Data Processing and Compression Techniques (Levels 8-12)

Text Manipulation Commands

  • Level 8: Find unique lines with:
    sort data.txt | uniq -u
    Sorting before uniq is essential as uniq only processes adjacent lines.
  • Level 9: Extract human-readable strings using:
    strings data.txt | grep "==="
  • Level 10: Decode base64 with:
    base64 -d data.txt
  • Level 11: Rot13 decoding via:
    tr 'A-Za-z' 'N-ZA-Mn-za-m' < data.txt

Handling Hex Dumps and Compression

Level 12 is notoriously complex due to layered compression:

  1. Reverse hex dump: xxd -r data.txt > data.bin
  2. Identify file type: file data.bin
  3. Iteratively decompress based on output:
    • Rename to match type (e.g., .gz for gzip)
    • Use gzip -d, bzip2 -d, or tar xvf accordingly
      Key insight: The file command is indispensable for determining decompression methods.

SSH Key Authentication (Level 13)

Private Key Utilization

Bandit 13 provides a private SSH key instead of a password:

  1. Locate the key: cat ssh.private
  2. Connect to Level 14 with:
    ssh -i ssh.private bandit14@localhost -p 2220
    If permission errors occur, adjust key permissions with:
    chmod 600 ssh.private

Practical Toolkit and Resources

Actionable Linux Command Cheatsheet

CommandFunctionUse Case Example
find -sizeFilter files by sizefind . -size 1033c
grep -CContext searchgrep -C 3 "pattern" file
xxd -rReverse hex dumpxxd -r data.txt > output
fileIdentify file typefile mystery.bin

Recommended Learning Resources

  • Brilliant.org: Their Linux command-line courses reinforce pattern recognition through interactive problems (ideal for Bandit preparation).
  • OverTheWire Community: Join forums to discuss level-specific roadblocks.
  • Linux Man Pages: Access in-terminal documentation with man [command].

Final Insights and Engagement

Bandit teaches that persistent troubleshooting outweighs memorization—each "failure" builds critical debugging intuition. After analyzing these levels, I believe the real win isn't just reaching Level 14 but internalizing how SSH tunneling, file permissions, and data pipelines interconnect in real sysadmin work.

Which Bandit level challenged you most? Share your breakthrough moment in the comments—I respond personally to every question!

PopWave
Youtube
blog