Note : I've just realised that in the welcome message to the server it states not to post solutions. I'm not entirely certain why they wouldn't want this but the game is a couple of years old now and there are seemingly other solutions out there so I'll leave this up here but... SPOILER WARNING :)
My solutions to the linux cli educational game Bandit http://overthewire.org/wargames/bandit. You are encouraged to complete this game for yourself even if you are a unix ninja but I'm putting up my answers here for posterity and discussion.
The first few answers are fairly trivial but this gets progressively harder and I will comment more on the more interesting problems.
http://overthewire.org/wargames/bandit/bandit0.html
Here we use the given password bandit0
http://overthewire.org/wargames/bandit/bandit1.html
cat readmecat is a very useful function for joining files together but with only one argument it will quickly print the contents of a file to stdout (to the terminal).
Here the password for bandit1 is stored in plain text.
boJ9jbbUNNfktd78OOpsqOltutMc3MY1http://overthewire.org/wargames/bandit/bandit2.html
Here is something that I had to be reminded about that files named with -. When you use - in place of a filename in an argument of a function it will use STDIN or STDOUT so in this case writing
cat -will not prodcue the desired effect as it will be reading STDIN, instead we want to explicitly refer to the file using
cat ./-This shows us the password for bandit2
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9http://overthewire.org/wargames/bandit/bandit3.html
Here tab completion will save the day by filling in the desired \ to mark spaces in the filename
cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luKhttp://overthewire.org/wargames/bandit/bandit4.html
While ls will list the files in the current directiory ls -a will list all files including hidden ones.
cd inhere
ls -aThis will expose the .hidden file where the password is stored. File names that begin with a . will be hidden by default.
cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgABhttp://overthewire.org/wargames/bandit/bandit5.html
This one also showed me a feature of ls that I didn't know which will only list human-readable files by using the option -h.
cd inhere
ls -ahand as these files have a - in them we should view the correct file using
cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKhhttp://overthewire.org/wargames/bandit/bandit6.html
I spent a while looking at this one using ls but in the end using the fact that the file was 1033 bytes in size was the quickest way to find the file we were looking for.
Using the command du (disk usage) with its defaults will show the size of the directories and subdirectories. If we use the -a option this will show the individual file sizes and using -b will display those sizes in bytes (rather than as blocks on the disk).
du -abThis produces a list of files with their respective sizes
...
2084 ./inhere/maybehere18/.file2
7040 ./inhere/maybehere18/spaces file3
154 ./inhere/maybehere18/.file3
7334 ./inhere/maybehere18/spaces file1
...I then use a pipe | which sends the output of one command to the input of another to send this list of files to a command called grep which searches for text strings and tell it to search for 1033 (our desired file size).
du -ab | grep 1033
1033 ./inhere/maybehere07/.file2This looks like it might be our file!
cat ./inhere/maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7http://overthewire.org/wargames/bandit/bandit7.html
Now we can use the find function to search the filesystem for files given certain tests that we want to give it.
Here we have 3 specific properties of the file user, group and size.
Using the tests -group and -user we can easily find the file we are looking for.
find / -group bandit6 -user bandit7This will produce some errors for directories that we don't have permission to read and will output only one other file that meets these criteria.
Assuming that the designers haven't put the file somewhere we can't access then it will have to be this one.
We can perform du again to double check that the file has a size of 33 bytes.
du -b /var/lib/dpkg/info/bandit7.password
33
cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzshttp://overthewire.org/wargames/bandit/bandit8.html
I think this is where they meant to introduce grep and as a result of us already using it we can solve this similarly to before.
We use cat to print all of the lines of this file and then pipe the output to grep and look for the word millionth.
cat data.txt | grep millionth
millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plVhttp://overthewire.org/wargames/bandit/bandit9.html
This one is probably not the best solution but it is the first one that I found which first involves using sort to order the list data.txt so that repeated lines are all next to each other.
This can then be piped to uniq with the option -c which will count the number of repeated line.
Then we just need to sort it again in reverse order using -r which will list the only line that occurs only once at the end of the sort.
sort data.txt | uniq -c | sort -rThe final line of this output shows the password as it is the only line with 1 occurence according to uniq.
1 UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhRhttp://overthewire.org/wargames/bandit/bandit10.html
Using the strings function will output all of the human-readable strings of data.txt and then we just need to find those beginning with several = symbols using grep.
strings data.txt | grep ===
I========== the6
========== password
========== ism
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLkAnd only one of these looks like the correct password (from the previous formats).
http://overthewire.org/wargames/bandit/bandit11.html
This file is encoded into base 64 and as a result we need to use base64 to decode this into ASCI text.
Use the option -d to decode
base64 -d data.txt
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPRhttp://overthewire.org/wargames/bandit/bandit12.html
I spent a while playing with tr when doing this question.
I've never used tr before and I can see where it would be useful in certain "find and replace" problems.
This probably not the best solution but the basic syntax of tr here is one of tr [set1] [set2] < data.txt.
This means replace all of the characters in set1 pairwise with the characters as defined in set2. I use this to produce the password
tr [a-zA-Z] [n-za-mN-ZA-M] < data.txtHere [set] is a list of all lower case characters a-z and then all upper case characters A-Z.
This is replaced with the same characters but translated 13 characters along so starting from n to z and then a to m.
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUuI feel there must be a more elegant way of doing this...
http://overthewire.org/wargames/bandit/bandit13.html
This one took a short while!
They definitely did compress it a few times.
We start with data.txt and we want to move it and rename it to the /tmp folder that is suggested in the question.
mkdir /tmp/gordon
cp data.txt /tmp/gordon
cd /tmp/gordon
mv data.txt data1.txtWe now have a copy of the original data.txt in a nice temporary directory. We can now see what the file looks like by using file data1.txt and cat data1.txt which outputs
data1.txt: ASCII text
0000000: 1f8b 0808 34da 6554 0203 6461 7461 322e ....4.eT..data2.
0000010: 6269 6e00 013f 02c0 fd42 5a68 3931 4159 bin..?...BZh91AY
0000020: 2653 5982 c194 8a00 0019 ffff dbfb adfb &SY.............
0000030: bbab b7d7 ffea ffcd fff7 bfbf 1feb eff9 ................
This is a hexdump (as we were told in the question) and we will use the command xxd to reverse this with the option -r.
xxd -r data1.txt > data2.txtWe can now look at data2.txt using file
file data2.txt
dataz.txt: gzip compressed data, was "data2.bin", from Unix, last modified: Fri Nov 14 10:32:20 2014, max compressionSo this shows us that we now have a file that is compressed using gzip and we'll need to uncompress this.
There are several subsequent files that are also all compressed using different commands and for brevity I will only show the required commands (sometimes including renaming with mv for appropriate suffix) for this file in particular.
mv data2.txt data2.gz
gzip -d data2.gz
bzip2 -d data2
mv data2.out data2.out.gz
gzip -d data2.out.gz
tar xvf data2.tar
tar xvf data5.bin
bzip2 -d data6.bin
tar xvf data6.bin.out
mv data8.bin data8.gz
gzip -d data8.gz
cat data8
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYLPhew!
http://overthewire.org/wargames/bandit/bandit14.html
ssh [email protected]
exitHere we are logged in as bandit13 and trying to read a file that is accessible only to bandit14 (and presumably root).
There is a file called sshkey.private which we can use to log in as bandit14 and then read the text password for the next problem.
I will use scp to get the key file to my local computer.
scp [email protected]:/home/bandit13/sshkey.private ./This will copy the ssh key to my local folder and I can then use that to log in as bandit14. (If you get a warning about an unprotected key then use chmod 600 sshkey.private)
ssh -i sshkey.private [email protected]From here we can read the required password
cat /etc/bandit_pass/bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3ehttp://overthewire.org/wargames/bandit/bandit15.html
Here we can use telnet to connect to localhost 30000 and then input the previous password.
bandit14@melinda:~$ telnet localhost 30000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr
http://overthewire.org/wargames/bandit/bandit16.html
This is similar to the last problem but we use an ssl handshake to authenticate and encrypt the connection.
We can't connect to an ssl server without using this.
We use the commands openssl and s_client to connect to localhost:30001
openssl s_client -ign_eof -connect localhost:30001...
BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd
...
The question suggests that we use the option -ign_eof with s_client, to find out why below I quote from the man page of openssl
S_CLIENT CONNECTED COMMANDS
If a connection is established with an SSL server, any data received from the server is displayed and any key presses will be sent to the server. When used interactively (which means neither -quiet nor -ign_eof have been given), the session will be renegotiated if the line begins with an R; if the line begins with a Q or if end of file is reached, the connection will be closed down.
Essentially when you are running openssl in an interactive mode (without using -quiet or -ign_eof) a line beginning with B,Q or R will produce unexpected results and errors because they are commands for the server.
http://overthewire.org/wargames/bandit/bandit17.html
In this level we can use a bunch of interesting stuff!
I started by making a directory that I could write to and then using nmap to scan for open ports between 31000 and 32000 on the localhost.
Then using grep (and an expression that means the number 3 and then 4 other numerical digits) we can write this to a text file containing the open ports in the range of interest.
mkdir /tmp/gordon1
nmap localhost -p 31000-32000 | grep -o '3[0-9]\{4\}' > /tmp/gordon1/test.txt
cat /tmp/gordon1/test.txt
31046
31518
31691
31790
31960Now we use the nc utility to probe these ports with a very simple string of text hello.
Here I'm just using a for loop to sequentially input the port of interest into our nc command.
for line in $(cat /tmp/gordon1/test.txt);
do
echo hello | nc -v localhost $line;
doneThe output here shows that two of these ports won't accept non SSL communication so these are the two "servers" of interest.
The relevant ports are 31518 and 31790 and we can use our commands from the previous question to connect to them with openssl and input the password.
openssl s_client -ign_eof -connect localhost:31518
openssl s_client -ign_eof -connect localhost:31790This works on port 31790 and gives us a private key as output.
cluFn7wTiGryunymYOu4RcffSxQluehd
Correct!
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----
These are the credentials that we want to connect to bandit17. Create a temporary file to store them in
touch /tmp/gordon1/sshkey.privatePaste in the details using nano or vi and restrict permissions on the file.
Then connect to the machine as bandit17 using this key.
chmod 600 /tmp/gordon1/sshkey.private
ssh -i /tmp/gordon1/sshkey.private bandit17@localhostWe can also get bandit17s plain text password from the same place as we did in an earlier question.
cat /etc/bandit_pass/bandit17
xLYVMN9WE5zQ5vHacb0sZEVqbrp7nBTnhttp://overthewire.org/wargames/bandit/bandit18.html
Now we use the command diff to compare two files line by line.
Here the only difference in the files will be the next password.
diff passwords.old passwords.new
42c42
< BS8bqB1kqkinKJjuxL6k072Qq9NRwQpR
---
> kfBf3eYk5BPBRzwjqutbbfE887SVc5Ydhttp://overthewire.org/wargames/bandit/bandit19.html
When we ssh into this server we get booted out straight away by the .bashrc file.
This file is a configuration file that is executed on logging into the terminal emulator, in this case logging in via ssh.
Instead of logging into the server interactively we can put a command at the end of the ssh which will execute that command rather than log into a remote shell.
ssh [email protected] cat readme
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5xhttp://overthewire.org/wargames/bandit/bandit20.html
This problem contains a binary executable that bandit19 has permission to use and it will execute a command as bandit20.
The binary is called bandit20-do and can be executed using ./bandit20-do to see what the syntax is.
We can then use
./bandit20-do cat /etc/bandit_pass/bandit20
GbKksEFF4yrVs6il55v6gwY5aVje5f0jhttp://overthewire.org/wargames/bandit/bandit21.html
In this problem we want to open and listen to a local port using nc and the option -l to listen to this port.
We also want to pass the password for this level to this port
cat /etc/bandit_pass/bandit20 | nc -l localhost 8040nc is now listening on port 8040.
We now want to run the binary mentioned in the question that will connect to a port on localhost and then read a line of text from it.
The binary suconnect will read this line of text and if it matches the password it will then send the next password back to the port that our nc process is listening to.
This next command is to be run on a different ssh shell.
./suconnect 8040
Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j
Password matches, sending next passwordThen back in the original terminal the nc command will terminate hopefully with
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGrhttp://overthewire.org/wargames/bandit/bandit22.html
As they suggest we can first move to /etc/cron.d and then look at what is there.
cd /etc/cron.d
ls
behemoth4_cleanup cronjob_bandit24_root natas-stats php5 sysstat
cron-apt leviathan5_cleanup natas25_cleanup semtex0-32 vortex0
cronjob_bandit22 manpage3_resetpw_job natas25_cleanup~ semtex0-64 vortex20
cronjob_bandit23 melinda-stats natas26_cleanup semtex0-ppc
cronjob_bandit24 natas-session-toucher natas27_cleanup semtex5The interesting ones here are the ones called cronjob_bandit* and here we are looking for bandit22s password.
Lets have a look at this file and then the subsequent script cronjob_bandit22.sh
cat cronjob_bandit22
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
cat /usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Lets see if we can read the temporary file
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLIhttp://overthewire.org/wargames/bandit/bandit23.html
As in the last question we can look at the cron task /etc/cron.d/cronjob_bandit23 and then look at the resulting script file.
cat /usr/bin/cronjob_bandit23.sh
#!/bin/bash
myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytargetThis script file defines two variables myname which calls the function whoami which outputs the current user name.
The second is mytarget which takes the string I am user $myname and then calculates the md5sum and removes anything after the first space.
After these variables are calculated the script then takes the password for that user and writes it to /tmp/$mytarget which is a file named by the md5sum calculated earlier.
The solution is fairly easy after reading what the script does we first need to find out what the $mytarget variable would be with bandit23.
echo I am user bandit23 | md5sum | cut -d ' ' -f 1
8ca319486bfbbc3663ea0fbe81326349Now we can find the password by looking for this file in the /tmp directory
cat /tmp/8ca319486bfbbc3663ea0fbe81326349
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0nhttp://overthewire.org/wargames/bandit/bandit24.html
Here we want to write a shell script in a similar style to the one in the previous question. First lets see what the cronjob looks like
cat /usr/bin/cronjob_bandit24.sh
#!/bin/bash
myname=$(whoami)
cd /var/spool/$myname
echo "Executing and deleting all scripts in /var/spool/$myname:"
for i in * .*;
do
if [ "$i" != "." -a "$i" != ".." ];
then
echo "Handling $i"
timeout -s 9 60 "./$i"
rm -f "./$i"
fi
doneThis cron task will run any executable file in /var/spool/bandit24 and then delete it.
Our job here is to write a script that will be run by bandit24 to write the password to a file accessible by bandit23.
We should start by making a temporary directory to write our files to (and make it universally accessible and create our script.
mkdir -p /tmp/gordon24
chmod -R 777 /tmp/gordon24
cd /tmp/gordon24
vim passme.shScript file
#!/bin/bash
myname=$(whoami)
cat /etc/bandit_pass/$myname > /tmp/gordon24/pass24We need to make this script executable and then we should copy it to the target directory of the cronjob and wait.
chmod 777 passme.sh
cp ./passme.sh /var/spool/bandit24/After less than 1 minute the cron task will run and hopefully write the password to our temporary file pass24.
cat ./pass24
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZhttp://overthewire.org/wargames/bandit/bandit25.html
Here we are asked to brute force the local port 30002 with a 4-digit pin code.
We will again use a do loop to iterate over the 10000 possible numbers.
Lets set up our loop by first outputting our password with a space and then a 4 digit number.
pass=$(cat /etc/bandit_pass/bandit24)
echo $pass 1024
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ 1024So this is the format that we want to be sending to the server listening at port 30002 and we can now write the loop.
for i in {0000..9999}
do
echo $pass $i | nc -v localhost 30002 >> ./brute; echo $i >> ./brute
doneThis will take some time so go and make yourself a cup of tea!
This will iterate over the numbers from 0000 to 9999 and send the password for bandit24 followed by the number i and then piped to nc and sent to the server.
We then write the output to a local file called brute and then also echo $i the current iterative number to the same file brute.
I've written the output to a file so that I can search it when we are done because otherwise there will be too much output to look through.
We can use the functions sort and uniq that we learned earlier to find the interesting lines in this file.
sort ./brute | uniq -cThis will output lots of lines but the last few lines are interesting
1 9995
1 9996
1 9997
1 9998
1 9999
1 Correct!
10011 Exiting.
10014 I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
1 The password of user bandit25 is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
10010 Wrong! Please enter the correct pincode. Try again.
Here we can see the list of unique $i lines finishing and the many repeated "Wrong!" lines.
Importantly we can see the one unique line that matters
1 The password of user bandit25 is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzGhttp://overthewire.org/wargames/bandit/bandit26.html
So this is the first one that makes you feel like a hacker and I'll admit to looking up a couple of hints to this solution as I didn't know how to do a couple of these steps.
First we log in as bandit25 and use ll to show that there is a file bandit26.sshkey.
Let's try and log in to localhost using this key.
ssh -i bandit26.sshkey bandit26@localhostThis logs is as bandit26 but immediately exits so there is something running on connection that immediately exits.
The bit that I had to look up was looking up the file /etc/passwd which is an interesting file!
This file shows us all of the users and groups that they are attached to with their home directories and default shells listed.
Let's find bandit26
cat /etc/passwd | grep bandit26
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtextSo instead of running a regular shell (for example /bin/bash) bandit26 runs a custom file called /usr/bin/showtext so lets see if we can look at this.
cat /usr/bin/showtext#!/bin/sh
more ~/text.txt
exit 0So this runs a shell script that uses more to display text.txt and then exits. The question asks that we break out of this which means playing with more somehow.
more uses the current screen size when it displays text and will generate page breaks based on that so if we make our terminal emulator window very small it will create an interrupt before it finishes showing ~text.txt that will be a start.
_ _ _ _ __
_ __
| | | (_) | |__
--More--(29%)
We are now in the more command that is displaying the cool bandit26 ascii intro page and we can now resize our terminal emulator and then press v to enter the interactive vi session.
From here we could edit the text.txt file (though not override as we don't have permission) and do anything else we might fancy in vi.
vi is a text editor and as a result we can open files as bandit26 so it is quite trivial to open the password file that we are after.
:edit /etc/bandit_pass/bandit26
5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
http://overthewire.org/wargames/bandit/bandit27.html
Doesn't exist and probably won't so I guess that means I've completed it! Woo.
Comments and suggestions are always welcome, also feel free to commit edits via github.
Gordon Walsh - Monday 29th February 2016