Bandit Lv 21~33 (fin)

May 30, 2026 @ 03:53 PM

by Jii

Bandit: https://overthewire.org/wargames/bandit/ ↗

Level 0~20 note can be found here.

Level 21

Good to know: cron

if you check cronjob_bandit22 located at /etc/cron.d, you’ll see that it’s running /usr/bin/cronjob_bandit22.sh at every minute.

Level 22

Same as Level 21.

Refer to the script crontab is trying to run and check the code.

Level 23

Good to know: shell script, vi, nano, chmod

Check cronjob_bandit24 located at /etc/cron.d. It runs every script in /var/spool/bandit24/foo and deletes it every minute.

We need to write a script that prints the password of bandit24 and move it to /var/spool/bandit24/foo so that the script can be ran as bandit24 user not bandit23.

Level 24

Good to know: bruteforce

First write a script that generates a string from 0000 ~ 9999 with bandit24’s password (e.g. <password> 0000 to <password> 9999)

Use the generated file above and pipe it with nc localhost 30002.

Level 25

Good to know: more, vi, vim

If you check /etc/passwd, you’ll see what user is using what as a default shell.

In the case of bandit25, it’s simply running a file called text.txt instead of a bin/bash.

When you ssh into bandit25, keep your terminal very small as in height, so that more command is executing.

When executed, press v to get into Vim. Then from Vim, you can open /etc/pass_bandit/bandit26 to check the password.

Level 26

Repeat level 25.

Once you’re in Vim, use the following command to set default shell, :set shell=/bin/shell and rut the shell, :shell

Level 27

Good to know: git

Configure the custom Host and Port in ~/.ssh/config.

Clone the git repository and the password is in README.

Level 28

Check git logs and there’s an old commit with the message fix info leak.

Checkout previous commit and you’ll be able to recover README with password.

Level 29

Password is never pushed in production. We need to check staging or dev branch.

Switch it to dev branch and password is is README.

Level 30

Inspect git tag to reveal the password.

Level 31

Good to know: .gitignore

Follow the procedure in README and commit a file.

Level 32

Below command runs sh

sh -c 'echo $0'

Level 33 - Cleared

bandit33@bandit:~$ cat README.txt 
Congratulations on solving the last level of this game!

At this moment, there are no more levels to play in this game. However, we are constantly working
on new levels and will most likely expand this game with more levels soon.
Keep an eye out for an announcement on our usual communication channels!
In the meantime, you could play some of our other wargames.

If you have an idea for an awesome new level, please let us know!