This content originally appeared on DEV Community and was authored by Sriram Bharath
Hey friends 👋,
Today I started the OverTheWire Bandit challenges — a playground where you learn real Linux + security skills by solving tiny puzzles.
It felt like a game where each level teaches you one new “hacker move.” Here’s my journey from Level 0 to Level 4, explained like I’d tell a friend.
🔑 Level 0 — Meeting SSH for the First Time
At first, I had no idea what SSH was. After running man ssh, I learned:
SSH (Secure Shell) lets you control another computer securely from far away.
To connect to Bandit, I used:
ssh -p 2220 bandit0@bandit.labs.overthewire.org
# password: bandit0
This dropped me into another computer like stepping into a remote terminal. Boom 🎉, Level 0 cleared.
📖 Level 1 — The Dreaded “Dash” File
I logged into bandit1 and ran:
ls
It showed a file, but its name started with a dash (-). That’s tricky, because most commands treat anything starting with - as an option.
For example, cat -n means “cat with line numbers.” So if you just type cat -, the command thinks it’s a flag, not a filename.
💡 Solution: explicitly tell Linux “this is a file in the current directory”:
cat ./-
That way, ./ points to this directory and avoids confusion.
🎉 Password revealed ✅.
📝 Level 2 — Spaces in Filenames (oof)
This one made me suffer. The file literally had spaces in its name:
--spaces in this filename--
Spaces confuse the shell, because it thinks each word is a separate argument. I tried a bunch of tricks, but what worked was:
cat -- "--spaces in this filename--"
Here’s why it works:
-
--tells the command: stop parsing options, everything after this is just a filename. - Quoting the name
"..."ensures spaces are treated as part of one filename, not multiple.
Lesson learned: avoid spaces in filenames if you can. Use - or _ instead.
👀 Level 3 — Hidden, But Not Really
At first glance, the folder looked empty:
ls
But I knew better. Linux hides files starting with a dot (.). To see them, you need:
ls -a
And boom, I spotted a sneaky file:
...Hiding-From-You
I opened it with:
cat "...Hiding-From-You"
and there was the password 🎉.
⚡ Quick tip:
-
ls→ shows only normal files. -
ls -a→ shows all files, including hidden ones.
🗂️ Level 4 — Too Many Files, Which One?
Inside inhere/, I found multiple files. Instead of opening each one, I asked Linux:
file -- ./*
This command checks every file and tells you what type it is (text, binary, etc.).
Breakdown:
-
file→ tells the type of a file. -
--→ again, stop treating things as options. -
./*→ means “all files in the current folder.”
One of them was marked as plain text. I cat’d it and got the password 🚀.
🎯 Quick Recap (Levels 0–4)
-
SSH → secure remote access (
ssh -p 2220 user@host). - Files starting with
-→ use./-or--. - Filenames with spaces → wrap in quotes, use
--. -
Hidden files →
ls -a(or-A). - Too many files? →
file -- ./*finds the right one.
🏁 Wrapping Up
These first few levels taught me something super important: it’s not about memorising commands, it’s about learning how the shell thinks.
Every tricky filename, every hidden file, every “why won’t this work?!” moment is preparing me to think like both a hacker and a problem solver.
This is just the beginning — and I can already see how much fun this journey will be.
Can’t wait to dive into the next levels and share what I learn! 🚀
“Stay curious, keep exploring, and remember: with great power comes great responsibility.” 🕷️
— Sriram Bharath (Gh0stSh3ll) 👻
This content originally appeared on DEV Community and was authored by Sriram Bharath
Sriram Bharath | Sciencx (2025-08-21T07:40:50+00:00) 🕹️ My First Steps in OverTheWire Bandit (Levels 0–5) 🎮. Retrieved from https://www.scien.cx/2025/08/21/%f0%9f%95%b9%ef%b8%8f-my-first-steps-in-overthewire-bandit-levels-0-5-%f0%9f%8e%ae/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.