wargame 1: overthewire bandit

screenshot showing overthewire bandit completion

tl;dr

i built a bash script to automate ssh connections and password management across overthewire wargames. it handles game selection, level persistence, local password storage with sshpass, and rsync-based sync to a remote server for backup. bandit has 34 levels and took me about a week to complete (a few hours actually if i wasn’t wasting most of my time writing this overengineered script and tweaking my configs)

the script

# otw - overthewire wargame manager
# repo: https://github.com/dracuxan/overthewired

key features:

  • game selection: bandit, leviathan, narnia

  • persistent level state:

    ~/.config/overthewire/configs/{game}\_level.conf

  • password storage:

    ~/.config/overthewire/passwords/{game}/level{n}

  • sshpass for password-authenticated ssh (no manual pasting)

  • rsync sync/pull to remote server for backup

  • default level tracking - picks up where you left off

usage:

otw --game bandit --level 0           # start at level 0
otw                                   # continue from saved level
otw --sync                            # sync all passwords to remote

the interview

  • so, overthewire bandit. 34 levels. what made you actually start?

    just ‘cause ig? i had nothing better to do over the weekend (5 side projects are giving me a side-eye as i say this)

  • what was your first impression of level 0 to 10?

    very basic imo. if you know how linux works even a little you should be able to get through these ones

  • when did you realize this was going to take longer than an hour?

    not just an hour it took me more than a week ‘cause of how much of the time i took writing that script and getting that sync working and testing with multiple devices… uff that was a massive waste of time… tho totally worth it (im never using that script again am i?)

  • what level nearly broke you? or which one felt the smartest?

    level 25. not exactly broke me but there was no way for me to solve that one without looking at a poc. it was so fucking unusual level like how does one even come up with shit like that?? the solution wasn’t simple but hmm way to trigger was really weird (not gonna spoil it for anyone trying to have fun)

  • level 33. final flag. what went through your head?

    emptiness really. like it did feel great to finally complete the game and seeing the script work exactly as i intended so it was both satisfying AND empty ig

  • why’d you actually build the script? was it worth it?

    well… the real reason was to actually create a script to store passwords as i progress the game but then i thought my server was sitting around doing nothing so why not give it even more functionality with sync and all? so it just snowballed into this bloat ig

  • what was the dumbest bug in the script?

    wouldn’t you like to know weather boy? it was me. the one who wrote it (tho speaking for real it was when using sync. like when i used it kept creating directories inside directories recursively ‘cause i wrote config wrong. i know dumb)

  • favorite feature you added?

    the sync. i see no reason to elaborate on this one

  • least favorite part of the script?

    sshpass security concerns. i know it’s bad practice but i really didn’t want to deal with ssh-agent and key management. sometimes you just wanna paste a password and move on

  • what would you do differently?

    i would not use the script that i used to solve the game ‘cause it makes the game way too convenient and this is meant for learning so maybe from next games it would be the more suitable time to use it (narnia or leviathan maybe)

  • advice for someone starting bandit today?

    nothing. if you like linux and are not comfortable with cli i see no reason not to play this game ‘cause it has most things u’d need to get comfortable with cli

  • what’s next - leviathan?

    maybe maybe not? (side projects might strangle me if i said yes)

comments