📁 OverTheWire Bandit Level 1: Your First Challenge - Reading Files

Welcome to Level 1—your first real challenge in OverTheWire Bandit. If you completed Level 0, you know how to connect via SSH. Now it's time to actually find something.

Level 1 is straightforward, but it teaches fundamental skills you'll use in every level: listing files and reading their contents. This is where you start thinking like a penetration tester—looking for information that shouldn't be visible, finding passwords in unexpected places.

By the end of this walkthrough, you'll understand:

• How to list files in a directory (ls)
• How to read file contents (cat)
• Basic file system navigation
• The thinking process behind finding hidden information

Let's dive in.

---

🎯 The Objective

After logging into bandit0, your goal is to find the password for Level 1. Each level contains the password for the next level—your job is to find it.

What Level 1 teaches:

• Basic file operations (ls, cat, cd)
• File system navigation
• Reading file contents
• The concept of "flags" in CTF challenges

The challenge: Find the password hidden somewhere in the file system. The hint on the OverTheWire website will guide you, but let's walk through the process step by step.

---

🔍 Understanding the Challenge

When you connect to bandit0, you're dropped into a Linux environment. Your first task is always the same: figure out where you are and what's around you.

In penetration testing, this is called enumeration—gathering information about your environment. You start broad (what's in this directory?) and narrow down (where's the password?).

---

📋 Step-by-Step Walkthrough

Step 1: Connect to Level 0

First, make sure you're connected to bandit0:

sshpass -p `cat bandit0` ssh bandit0@bandit.labs.overthewire.org -p 2220

Or if you don't have sshpass set up yet:

ssh bandit0@bandit.labs.overthewire.org -p 2220

Password: bandit0

Step 2: Check Where You Are

Once connected, check your current location:

pwd

This shows your present working directory. You'll probably see something like /home/bandit0.

What pwd does:

• Prints your current directory path
• Helps you understand your location in the file system
• Essential for navigation

Step 3: List Files in the Current Directory

Now, let's see what's in this directory:

ls

What ls does:

• Lists files and directories in the current location
• Shows you what's available to explore
• Your first tool for enumeration

You should see a file called readme. That's your target.

Wait, the writeup mentioned data.txt? OverTheWire sometimes updates their challenges. The file might be named readme, data.txt, or something similar. The concept is the same—there's a file containing the password.

Step 4: Read the File Contents

Now let's read that file to find the password:

cat readme

What cat does:

• Concatenates and displays file contents
• Shows you everything in a file
• One of the most common Linux commands

The output will be a long string of characters—that's your password for Level 1!

Example output:

NH2SXQwcBdpmTEzi3bvBHMMQHHzvWUNU

(That's not the real password—just an example of what it looks like.)

Step 5: Save the Password

Copy that password and save it to a file on your local machine (not on the remote server). This is the same process you learned in Level 0:

On Linux/macOS:

echo "NH2SXQwcBdpmTEzi3bvBHMMQHHzvWUNU" > bandit1

On Windows (PowerShell):

"NH2SXQwcBdpmTEzi3bvBHMMQHHzvWUNU" | Out-File -FilePath bandit1 -NoNewline

Replace the example password with the actual password you found.

Step 6: Connect to Level 1

Now use that password to connect to Level 1:

sshpass -p `cat bandit1` ssh bandit1@bandit.labs.overthewire.org -p 2220

Notice the changes:

• Username changed from bandit0 to bandit1
• Password file changed from bandit0 to bandit1
• The pattern continues for each level

---

🧠 Understanding the Commands

Let's break down what you just learned:

ls - List Files

Basic usage:

ls

Common options:

• ls -l — Long format (shows permissions, owner, size, date)
• ls -a — Show all files including hidden ones (files starting with .)
• ls -la — Combine both (most useful)
• ls -lh — Human-readable file sizes

Example:

ls -la

Output:

total 24
drwxr-xr-x  2 bandit0 bandit0 4096 Jan 16 12:00 .
drwxr-xr-x  3 root    root    4096 Jan 16 11:00 ..
-rw-r--r--  1 bandit0 bandit0   33 Jan 16 12:00 readme

What this tells you:

• File permissions (-rw-r--r--)
• Owner (bandit0)
• File size (33 bytes)
• Last modified date
• File name (readme)

cat - Read File Contents

Basic usage:

cat filename

What it does:

• Displays entire file contents
• Works with text files
• Can concatenate multiple files: cat file1 file2

Alternatives:

• less filename — View file with pagination (press q to quit, space for next page)
• head filename — Show first 10 lines
• tail filename — Show last 10 lines
• more filename — Similar to less but simpler

When to use what:

• cat — Small files, quick viewing
• less — Large files, need to scroll
• head — Just want to see the beginning
• tail — Just want to see the end

cd - Change Directory

Basic usage:

cd directoryname

Common shortcuts:

• cd ~ — Go to home directory
• cd .. — Go up one directory level
• cd - — Go to previous directory
• cd / — Go to root directory

Example:

cd /tmp
pwd
# Output: /tmp

file - Determine File Type

Usage:

file filename

What it does:

• Tells you what type of file it is
• Useful when you're not sure if something is text, binary, executable, etc.

Example:

file readme
# Output: readme: ASCII text

du - Disk Usage

Usage:

du filename

What it does:

• Shows disk space used by a file or directory
• Useful for finding large files

Example:

du -h readme
# Output: 4.0K    readme

The -h flag makes it human-readable (shows KB, MB, GB instead of bytes).

find - Search for Files

Usage:

find . -name "filename"

What it does:

• Searches for files matching criteria
• Very powerful tool (we'll use it more in later levels)

Example:

find . -name "readme"
# Output: ./readme

---

💡 The Thinking Process

Let's talk about how to approach this challenge, not just what commands to run:

1. Start with Enumeration

Always begin by understanding your environment:

• Where am I? (pwd)
• What's here? (ls)
• What can I access?

2. Look for Obvious Targets

In Level 1, there's a file right in front of you. But as levels get harder, files might be:

• Hidden (starting with .)
• In subdirectories
• Named something unexpected
• Protected by permissions

3. Read Everything

If you find a file, read it. Even if it seems irrelevant, it might contain:

• Hints
• Credentials
• File paths
• Clues to the next step

4. Document Your Findings

Keep notes:

• What files did you find?
• What did they contain?
• What commands worked?
• What didn't work?

---

🔒 Real-World Context

Why does this matter in penetration testing?

In real security assessments, you'll often find:

• Configuration files with hardcoded passwords
• Log files containing sensitive information
• Backup files with credentials
• Documentation revealing system details

The skill you're learning here—finding and reading files—is fundamental to:

• Information gathering — Learning about target systems
• Credential discovery — Finding passwords and keys
• Configuration analysis — Understanding how systems are set up
• Evidence collection — Documenting findings

Example scenario: During a penetration test, you might find a .env file containing database credentials, or a config.php file with API keys. The process is the same: enumerate, find files, read contents, extract valuable information.

---

🚨 Common Mistakes

Mistake 1: Not Reading the Hint

OverTheWire provides hints for each level. Read them! They're designed to guide you without giving away the answer.

Mistake 2: Overthinking It

Level 1 is simple: there's a file, read it. Don't overcomplicate things. Start simple, then get more complex if needed.

Mistake 3: Not Saving Passwords

Always save passwords to files as you go. You'll need them later, and retyping long random strings is error-prone.

Mistake 4: Case Sensitivity

Linux is case-sensitive. readme and Readme are different files. Pay attention to exact spelling and capitalization.

Mistake 5: Not Understanding Output

When you run cat, the output is the password. Don't look for something else—that long string of characters IS the flag.

---

🎯 What You Learned

After completing Level 1, you should understand:

1. File enumeration — How to discover what files exist
2. File reading — How to view file contents
3. Basic navigation — How to move around the file system
4. Password extraction — How to identify and save flags/passwords
5. Workflow — The process of finding information and using it

---

🔗 What's Next?

Level 2 will introduce a new concept—files with special characters in their names. The password will still be in a file, but the filename will be trickier to work with.

Before moving on, make sure you:

• ✅ Successfully found the Level 1 password
• ✅ Connected to Level 1 using that password
• ✅ Understand ls and cat commands
• ✅ Know how to save passwords for future use

---

📚 Key Commands Reference

Here's a quick reference for the commands you learned:

Command	Purpose	Example
pwd	Show current directory	pwd
ls	List files	ls -la
cat	Read file	cat filename
cd	Change directory	cd /tmp
file	Check file type	file filename
du	Show file size	du -h filename
find	Search for files	find . -name "file"

---

💻 Practice Exercise

Try these on your own:

1. List all files including hidden ones in your home directory
2. Read a file and count how many lines it has
3. Find files larger than 1MB in /tmp
4. Check file types of several different files

These exercises will reinforce what you learned and prepare you for harder levels.

---

Questions about Level 1 or Linux file operations? Reach out directly:

• Email: m1k3@msquarellc.net
• Phone: (559) 670-3159
• Schedule: Book a free consultation

---

M Square LLC
Cybersecurity | Penetration Testing | No-Nonsense Advice