OverTheWire Bandit Walkthrough: Levels 10 to 20 (Quick Guide)
OverTheWire Bandit Walkthrough: Levels 10 to 20 (Quick Guide)
Short and to the point — the commands to get from Level 10 to Level 20.
Passwords reset over time, so run the commands yourself to get the current one.
Server: bandit.labs.overthewire.org · Port: 2220
Level 10 → 11 — Base64
Password is base64 encoded in data.txt.
Level 11 → 12 — ROT13
Letters are rotated 13 positions.
Level 12 → 13 — Hexdump + Repeated Decompression
data.txt is a hexdump of a file compressed many times.
Now repeat this loop until you get the password: check the type, rename to match, decompress.
Keep going (file → rename → decompress) until file says ASCII text, then cat it.
Level 13 → 14 — SSH Private Key
No password — you get a key (sshkey.private).
Level 14 → 15 — Netcat
Send the current password to port 30000.
Level 15 → 16 — SSL/TLS
Send the password to port 30001 over SSL.
Level 16 → 17 — Port Scan + SSL
Find the SSL port in 31000-32000, submit the password, get a key back.
Save the returned private key to a file, then:
Level 17 → 18 — Diff
The password is the changed line between two files.
Level 18 → 19 — Run Command on Login
.bashrc logs you out instantly, so run the command directly over SSH.
Level 19 → 20 — Setuid Binary
Use the bandit20-do binary to run as bandit20.
🎉 You've reached Level 20!
Commands Recap
| Command | Use |
|---|---|
base64 -d | Decode base64 |
tr | Translate/rotate characters (ROT13) |
xxd -r | Reverse a hexdump |
gzip / bzip2 / tar | Decompress files |
nc | Send data to a port |
openssl s_client | Connect over SSL/TLS |
nmap | Scan for open ports |
diff | Compare two files |
chmod 600 | Lock down a key file |
For educational use. OverTheWire wargames are built for safe, legal, hands-on learning.
Tags
Keep Reading