< Back
Feb 15, 2018

Bandit 0

Bandit Level 0

Level Goal

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

Commands you may need to solve this level



$ ssh -p 2220 bandit0@bandit.labs.overthewire.org
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit0@bandit.labs.overthewire.org's password: bandit0


You probably know that you can use the command line to run tasks on your own computer. You can start up web servers and search through filesystems and all sorts of stuff. But what if you want to run tasks on other computers? What if, for example, you've got a VPS running at DigitalOcean? You certainly can't go to DigitalOcean's headquarters and start typing away on their computers.

This is what SSH is for. It lets you run the same commands that you can run on your own command line, on a different computer.

SSH is a way to log into someone else's computer on the command line. When you open a terminal, you're logging in as username@computer_name. When you log in to a different computer, over a protocol called SSH, you're logging in as other_username@other_computer.

Split it on the @ symbol. The first half indicates who you're logging as, while the second half indicates where you're logging in to.

$ ssh other_username@other_computer

There's a third part here that's hidden: the port number. Ports are basically like the doors into someone else's computer. If you're trying to get into some other computer, you can't just go barreling through a wall or drop in through the roof. It just doesn't work like that.

By default, SSH uses port 22. That's, like, the dedicated SSH port. In the same way, HTTP requests default to coming through port 80, and HTTPS requests come through port 443. Everything has to arrive at the computer through a port.

Fortunately, if you want to get into the computer through a different port, the ssh command lets you choose which one you want to go by. You can use the -p option. So the above command is equivalent to:

$ ssh -p 22 someone_else@someone_elses_computer

You can't, however, just start trying to ssh via whichever port you want. Carrying on with the house metaphor, if the homeowner is expecting guests to come in via door 22, they're not going to bother unlocking door, say, 1234. So if you come knocking at door 1234, nothing's going to happen.

For whatever reason, OverTheWire doesn't want you knocking at port 22, and they probably won't authenticate you if you try. Yep, just tried, and it won't. I suppose that's why they've told you to log in via port 2220.