OverTheWire Bandit Walkthrough: Levels 20 to 34 (Final Quick Guide)
OverTheWire Bandit Walkthrough: Levels 20 to 34 (Final Quick Guide)
The final stretch — commands to get from Level 20 all the way to the end (Level 34).
Passwords reset over time, so run the commands yourself to get the current one.
Server: bandit.labs.overthewire.org · Port: 2220
Level 20 → 21 — Setuid + Netcat Listener
Open a listener serving the current password, then connect to it with suconnect. (Use two terminals, or background the first.)
Level 21 → 22 — Cron Job
A cron writes the password to a file in /tmp.
Level 22 → 23 — Cron + md5sum Filename
The cron names the file from a username hash. Recreate it.
Level 23 → 24 — Cron Runs Your Script
A cron runs (and deletes) any script in /var/spool/bandit24/foo/ as bandit24.
Level 24 → 25 — Brute-Force a PIN
Port 30002 wants the password + a 4-digit PIN (0000–9999).
Level 25 → 26 — Escape a more Shell via Vim
bandit26's shell is more. Use the key to log in, shrink the window so more pauses, press v to open vim, then drop to a shell.
Level 26 → 27 — Setuid Binary
From that shell, use bandit27-do.
Level 27 → 28 — Git Clone
Level 28 → 29 — Git History
Password is hidden in an older commit.
Level 29 → 30 — Git Branches
Level 30 → 31 — Git Tags
Level 31 → 32 — Git Push
Push key.txt containing May I come in? (force past .gitignore).
Level 32 → 33 — Uppercase Shell
Input is forced to UPPERCASE. Use $0 to spawn a normal shell.
Level 33 → 34 — The End
🎉 There is no Level 34 — you've completed Bandit!
Commands Recap
| Command | Use |
|---|---|
nc -lp / suconnect | Listen on a port / connect to it |
cron.d + .sh | Read scheduled job scripts |
md5sum | Recreate a hashed filename |
for ... nc | Brute-force a PIN |
vim :shell | Escape a restricted shell |
bandit27-do | Run as another user (setuid) |
git clone / log / branch / tag / push | Pull secrets from a repo |
$0 | Spawn a fresh shell |
For educational use. OverTheWire wargames are built for safe, legal, hands-on learning.
Tags
Keep Reading