OverTheWire Bandit Walkthrough: Levels 0 to 10 (Beginner-Friendly Guide)
OverTheWire Bandit Walkthrough: Levels 0 to 10 (Beginner-Friendly Guide)
If you want to learn Linux and the command line the fun way, OverTheWire Bandit is the best place to start. It's a free "wargame" that teaches the basics of working in a terminal by turning each lesson into a small puzzle.
In this walkthrough, we'll go from Level 0 all the way to Level 10, one step at a time. Every command is explained in plain English, so even if you've never opened a terminal before, you'll be able to follow along.
Note on passwords: OverTheWire resets passwords from time to time, so this guide shows you the commands and the thinking behind each level instead of pasting passwords that quickly go out of date. Run the commands yourself and you'll always get the current, correct password.
What You'll Need
- A terminal with an SSH client (built into Linux and macOS; on Windows use PowerShell, Windows Terminal, or PuTTY).
- An internet connection.
- A little patience and curiosity. That's it.
The server details are the same throughout:
- Host:
bandit.labs.overthewire.org - Port:
2220
Level 0 — Logging In
Goal: Connect to the Bandit server using SSH.
The username is bandit0 and the password is also bandit0.
When prompted, type the password bandit0 (you won't see the characters as you type — that's normal). Accept the host fingerprint by typing yes if asked.
What you learned: ssh (Secure Shell) lets you log into a remote computer. The -p flag sets the port number.
Level 0 → Level 1 — Reading a Simple File
Goal: The password is in a file called readme in your home directory.
What you learned: ls lists the files in the current folder, and cat prints a file's contents to the screen. The password is right there in the output.
Level 1 → Level 2 — A File Named -
Goal: The password is in a file called - (just a dash).
This is tricky, because most commands treat a lone - as a special symbol (it usually means "read from input") rather than a filename.
What you learned: Adding ./ in front tells the terminal "this is a file in the current directory," so cat reads the file instead of waiting for input.
Level 2 → Level 3 — Spaces in the Filename
Goal: The password is in a file called spaces in this filename.
Spaces normally separate commands from filenames, so we have to wrap the name in quotes.
You could also "escape" each space with a backslash: cat spaces\ in\ this\ filename.
What you learned: Quotes (or backslashes) let you work with filenames that contain spaces.
Level 3 → Level 4 — Hidden Files
Goal: The password is in a hidden file inside the inhere directory.
In Linux, files starting with a dot (.) are hidden and won't show with a plain ls.
The -a flag reveals hidden files. You'll see one with a dotted name (for example, ...Hiding-From-You). Read it:
What you learned: cd changes directories, and ls -a shows hidden files. (If the hidden filename is different when you try it, just cat whatever hidden file ls -a reveals.)
Level 4 → Level 5 — Find the Human-Readable File
Goal: Inside inhere, only one file is human-readable text. The rest are gibberish.
The file command tells you the type of each file. Look for the one labelled ASCII text, then read it:
(Replace -file07 with whichever file file reported as ASCII text.)
What you learned: file identifies what kind of data a file holds, so you don't waste time reading binary junk.
Level 5 → Level 6 — Searching by File Properties
Goal: The password file is somewhere inside inhere and has three clues: it's human-readable, exactly 1033 bytes, and not executable.
That prints the path to the matching file. Then read it:
What you learned: find searches for files by their properties. Here, -type f means regular file, -size 1033c means exactly 1033 bytes (c = bytes), and ! -executable means "not executable."
Level 6 → Level 7 — Searching the Whole System
Goal: The password is somewhere on the entire server. Clues: owned by user bandit7, owned by group bandit6, and 33 bytes in size.
Then read the file it points to with cat.
What you learned: You can search from the root of the system (/). The 2>/dev/null part hides the flood of "permission denied" error messages so you only see the useful result.
Level 7 → Level 8 — Searching Inside a File
Goal: The password is in data.txt, right next to the word millionth.
What you learned: grep searches inside files for a word or pattern and prints the matching lines. It's one of the most-used tools in Linux.
Level 8 → Level 9 — Finding the Unique Line
Goal: The password is in data.txt. It's the only line that appears exactly once — every other line is repeated.
What you learned: The | (pipe) sends the output of one command into another. sort groups identical lines together (which uniq needs), and uniq -u prints only the lines that are unique.
Level 9 → Level 10 — Pulling Text Out of Binary Data
Goal: The password is in data.txt. The file is mostly non-readable binary, but the password is human-readable and comes right after several = characters.
What you learned: strings pulls out the readable text from a binary file, and piping it into grep "==" filters down to the lines containing the = markers — one of which holds your password.
You now have the password for Level 10. Log in to confirm:
🎉 Congratulations — you've reached Level 10!
Quick Recap: Commands You Learned
| Command | What it does |
|---|---|
ssh | Log into a remote server |
ls / ls -a | List files / include hidden files |
cat | Print a file's contents |
cd | Change directory |
file | Identify a file's type |
find | Search for files by name, size, owner, etc. |
grep | Search for text inside files |
sort | Order lines in a file |
uniq | Filter repeated or unique lines |
strings | Extract readable text from binary files |
| ` | ` (pipe) |
These commands are the everyday toolkit of anyone who works in Linux or security. By Level 10 you've already used most of the essentials.
Tips for Success
- Type the commands yourself instead of copy-pasting. The muscle memory is the whole point.
- Read the level description on the OverTheWire site before each level — it always tells you exactly what you're looking for.
- Use
man <command>(for example,man find) to read the manual for any command and discover its options. - Don't get stuck for too long. It's fine to look up a hint, then make sure you understand why it works.
What's Next?
From Level 10 onward, Bandit introduces encoding (base64), compression, networking tools, and more. Keep going — each level builds naturally on the last, and before long you'll be comfortable in any terminal.
If you found this walkthrough helpful, bookmark it and share it with anyone else starting their Linux or cybersecurity journey. Happy hacking — the ethical kind. 🐧
This guide is for educational purposes. OverTheWire wargames are designed for legal, hands-on learning in a safe environment.
Tags
Keep Reading