A VM-less introduction to the Linux Command Line: Part One

Glossary of terms:

Requirements

There is some setup involved in this, however it's fairly minimal in what you need.

You will need some way to SSH into the remote system we will be using. There are a few ways to do it, however I will be using PuTTY, you can dowload it here.

Make sure to use the MSI installer, then run it. Once the application is installed, go ahead and open it. We'll get to it in a minute.

This offers a way to SSH into the server, from a windows system. If you're using a Mac it has a built in terminal, which you can open and use for this walkthrough.

What are we learning?

Learning Linux operating systems can be tough. Thankfully there are a lot of awesome resources out there that can teach you, some of my favorites are called wargames, or a Capture The Flag style game. Now, traditionally a wargame is defined as a challenge involving exploiting or defending a computer system and it's vulernabilities. The goal is simple enough, find the password to the next level of the game, log in as that use and repeat until you've completed all the levels.

For this walkthrough, we will be using the OverTheWire.org Bandit game. It offers a CLI that you can access, for the purpose of learning and refreshing your skillset without the need to install a VM and configure it to get started. (I will however be going over that in another blog post, as well as options to automate it even further.)

Let's get started!

Getting in the Door: Level 0

The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1.

This level is fairly self explanatory, we need to login to the server. They even give you the password! I'll start out with instructions for OSX users, however pay attention because it will become very important on the next Level.

ssh bandit0@bandit.labs.overthewire.org -p 2220 

Well, there sure is a lot going on there. What does it all mean? SSH is the Secure Shell, it's what allows *nix and Windows systems to talk remotely. (Although there are indeed several other options, SSH is what we will be using for this. )

ssh 

This tells the OS that you want to use the SSH program, you then pass it the username and the URL to the server you want to access. bandit0@bandit.labs.overthewire.org.

-p 2220 

This tells the SSH program that you want to use port 2220 to make the connection. Because this is the port that they have opened in order to allow you to access. The default port is 22, however they have configured it to use 2220. The -p is called a Flag, which passes a parameter to the application to be used. Pretty cool huh?

Now for Windows users, your PuTTY application should look like this:

If it does, go ahead and click open and Mac Users hit enter on the terminal. It should ask you for a password, which was supplied already. Go ahead and enter it and continue.

Note: You might see a warning asking you if you're sure you want to connect, click or type yes.

Congrats! If you see this, you have passed Level 0:

bandit0@melinda:~$

Looking around: Level 1

The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game.

Well this is interesting, but it doesn't show you anything. The terminal is a pretty barren place, unlike the GUI that you're probably used to. So, how do we find the readme page, and then read it? Actually, how do we even know where we are?

There is no window or mouse that you can use to navigate this server. You have to tell the Operating System what you want, where you want to go and what you want to see. To start, let's just figure out where we are located on the File System.

pwd 

You should see this output:

/home/bandit0

This tells you that you are in the directory /home/bandit0. In *nix OS's / is the root of the system, on Windows it's c:\.After that its in the Home directory, where user Home directories are stored. Bandit0 meaning, Bandit0's home directory. ( this is also represented by ~ )

Okay, cool. We know where we are, but... what's in here? Try running this:

ls 

Hmm, that readme file seems to be there. But what is ls? This command will allow you to list the contents of the current directory. Just like SSH it also accepts flags that change it's behavior. Try this out:

ls -ahl 

You can find out what these flags do by typing 'man ls' and searching through the output. (or use https://linux.die.net/man/1/ls )

You will see 6 lines. The first two '.' and '..' are blue, this indicates that they are directories. They also happen to be special directories.

You will see some files that start with a . like .profile. This is what's called a hidden file, and you can also have hidden directories.

The file we are interested in is readme. Notice anything about it? It has no extension. Weird right? You don't know what kind of file you're working with here. type:

file readme 

**readme: ASCII text**

ACII text is akin to a .txt file. Infact, it is a .txt file. However, linux doesn't use extensions like Windows. What this tells you is that it is a human readable file. Now, I'm going to take a small break to tell you about tab completion, because it will make life much easier. When typing file readme, you can type file re and just hit tab. It will complete the line for you if it can, if not hit it twice and it will list all the matching files for you to choose from.

readme is a pretty clear file name, but how can you read it? There are a few ways but for now, lets use cat. (https://linux.die.net/man/1/cat) it will output the file contents to the terminal for you to read.

cat readme

you will see an alphanumeric string, copy this. It is the password for level 2. Now, we need to access level 2. You can do this by using ssh. (like I showed you.) however we're going to use this command.

ssh bandit1@localhost -p 2220 

why @localhost? well Bandit1 is our next user that we want to log in as. @localhost is the server we are currently on, and I told you what the -p 2220 means already.

Once you hit enter, it will ask you if you want to continue, type 'yes' and then paste the password into the terminal, hit enter again and welcome to level2. (hint: shift + insert key will paste for you.)

A file by any other name, is still a file: Level 2

The password for the next level is stored in a file called - located in the home directory

Welcome, to level2!

So, pretty similar to the first level. However this time the file name is -, what's that about?

First, list the files:

ls 

You see -, right? let's figure out what kind of file we're dealing with here.

file - 

Hmm nothing is returning. Try hitting enter and you see the ASCII output. But why did you have to do it that way? Well, the reason is that - is a special character, so we have to preface it remember that . I was talking about earlier? Well, now we get to use it.

We want to use:

file ./- 

Why? Well, ./ is what is called a relative path, which will prefix the file name and tell file, that you want to use that relative location to the file.

/home/bandit1/- 

This would be the absolute path, and would also work. However ./ is a bit of a shortcut, and makes typing easier. The same will ring true for any command that you want to use that file.

cat ./- 

Repeat the login from level one, only use bandit2 and enter the password in the same fashion.

The tumultuous attempts at reading Spaces: Level 3

The password for the next level is stored in a file called 'spaces in this filename' located in the home directory

By this point you might be noticing a pattern.

  1. Log in
  2. ls command

This will continue to be the protocol for most levels, so at this point we can assume that you'll do it each time you log in.

So, now you see something a bit odd, they were quite literal in the name of the file. 'spaces in this filename'. Spaces are special characters as well, however they can exist in a file name. While not best practice it's probably something you will see at some point ( This is true in windows as well. ) So how can you view the contents of this file? You can use ' to wrap the file name. Or, tab completion like I showed you.

What's the deal here? Well \ is a very specific type of character, called the escape character. It tells the CLI that you want the next character to not be interpreted as a special character and instead as a string. So a space is just a space, and it won't break the command by passing a character to the file that would be considered invalid.

Repeat the login from level one, only use bandit3 and enter the password in the same fashion.

The Secret Rooms: Level 4

The password for the next level is stored in a hidden file in the inhere directory. 

So by now, things are moving a bit quicker. This level will be a little more of the same, however now there will be a directory named 'inhere'. What do we do now? well, remember the relative path that we talked about in level 2? That comes in handy here. There are two ways we can do this, one is to go into the directory and then output the file. The other is to output the file from here.

Let's do the first, because it introduces a new command. cd or change directory. (https://linux.die.net/man/1/cd) It's honestly not that interesting, it just sets the current working location to whatever path you pass it.

cd ./inhere

Puts us into the inhere directory. Pretty cool, so ls the directory. It's empty? Remember the hidden files we talked about that start with '.'? Take a second to review the ls man page. There is a flag that will show it.

ls -a

Well the file name isn't tough, .hidden. You can cat the file and get the password and the move to level 5.

Now, the second way involves relative path again. Instead of going into that directory we can pass the realtive path to the cat command and access it from the bandit3 directory. try:

cat ./inhere/.hidden

Repeat the login with the password that it output.

Searching through the rubble: Level 5

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

This is the same as the prior level, however this time there are multiple files that we need to search and the catch is that some of them are not human-readable. We could search through each file, using the file command and the cat to read the ones we can. However, the goal is to be as efficient as possible here, right?

Enter the find command: https://linux.die.net/man/1/find

This is an extremely flexible command that allows you to search the filesystem. It can be a bit finicky, but the flags are there to use:

find ./inhere/* -type f -exec file {} \;

Well you can see the file as the ASCII text one. But what does this command do? It's quite a bit more intimidating than what we have seen before! Well here we are telling the find command a few things:

  1. look in: ./inhere/* directory
  2. -type f means, only look at files.
  3. -exec find {} \; means for each file execute the find command and output to the terminal.

Pretty cool, right? Now you know ./inhere/-file07 has your password, go ahead grab it using cat, and login to bandit 5!

The expedition goes deeper: Level 6

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

human-readable
1033 bytes in size
not executable

Looks like another use for our new find command, right? But this time there are more requirements. Again, read the man pages and see if you can find the answer.

find ./inhere/* -type f -size 1033c -readable 

Looks pretty familiar right? Only a few new options.

  1. look in: ./inhere/*
  2. -type f means, only look at files.
  3. -size 1033c, means the file must be 1033 bytes
  4. -readable, the file is human-readable.

But, what if we could both find the file and read it at the same time? There are a few was to do this, but I am going to explain somehting new, called the pipe.

The pipe or | will allow you to pass the results of one command into another. It's easier to show you first so try this:

find ./inhere/* -type f -size 1033c -readable | xargs cat

Hmm, it out put the file! But what is this new addition 'xargs'? Well, xargs takes the output of the find command and pipes it to cat, if you remove it, you just get the file name. Because cat only knows that you wan to output the result of find, it doesn't understand that the output is what you want to cat. so xargs will take that input and build a cat call with what's passed to it!

Think of the pipe as a way to hand off the results of a command to another. Much like a factory line.

Pretty cool! Read more here: https://linux.die.net/man/1/xargs

Now, some commands will need xargs and some won't. It can be finicky, but through tweaking you will be able to see which ones do and dont.

From here, you can log into the next level. However, for right now. This is where I will be ending this Part One of the walk through. I will tackle levels 7-12 in Part Two!

Takeaway

Hopefully you walked away learning something. Feel free to try the next few levels, the grow increasingly more complex as it goes on. It can be quite challenging at times.