Finishing my first cybersecurity challenge

I have completed my first “CTF”, or kind of; it was for beginners, but fun!

Yesterday I started (and finished) the very first wargame offered by OverTheWire, named Bandit.

The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. If you notice something essential is missing or have ideas for new levels, please let us know!

I found the link to this website on a Hacker News discussion about hacking satellites.

The levels go from 0 to 34. I just wanted to start the first one, but then was curious about the next one, and the next one… and finally did all of the levels in a few hours. Despite the website asking to not share info about how to get to the next level, answers can be found online. I did have to look for them for challenges 26 and 33.

Of the few things that has helped me, I retained the following advices for future challenges:

  • keep a big file for taking notes (I used Obsidian);
  • manpages, manpages, manpages;
  • mktemp -d to create a temporary directory;
  • use openssl to connect to TCP TLS servers;
  • use nmap to scan ports; and
  • more is not a secure shell.

I really enjoyed this challenge. The website recommends to switch to one of these other wargames after this one:

  • Leviathan (SSH intrusion, similar to Bandit but without help);
  • Natas (HTTP intrusion);
  • Krypton (cryptography challenges).

I think I will try the Leviathan challenge next. Having no help could be a real challenge but it is closer to real penetration testing. Another thing I would like to do is reverse-engineering of binary files and proprietary transmission protocols.

Stay tuned!