OverTheWire Bandit Level 2 → 3 Walkthrough (Beginner Friendly Guide)

Introduction: The Importance of Linux Fundamentals in Cybersecurity

In the rapidly evolving landscape of cybersecurity, many aspiring professionals rush toward advanced exploits, automated vulnerability scanners, and complex AI-driven threat detection systems. However, the most seasoned ethical hackers will attest that proficiency in the Linux Command Line Interface (CLI) is the actual foundation of the craft. Platforms like OverTheWire (OTW) provide an essential service through their “Bandit” wargame, which is specifically designed to teach beginners the nuances of the Linux terminal in a gamified, hands-on environment.

The transition from Level 2 to Level 3 in the Bandit series focuses on a deceptively simple yet critical skill: handling filenames that contain spaces. While modern Graphical User Interfaces (GUIs) allow users to interact with such files effortlessly, the shell interprets spaces as delimiters between commands and arguments. Mastering how to bypass this interpretation is a prerequisite for more advanced tasks, such as forensic analysis, log parsing, and script automation. Understanding these low-level interactions is what separates a “script kiddie” from a professional security analyst who understands the underlying mechanics of the operating system they are attempting to secure or penetrate.

Theoretical Concepts: Shell Interpretation and Tokenization

To understand why a filename with spaces poses a challenge in a Linux environment, we must first understand how the Bash shell (or any POSIX-compliant shell) processes user input. This process is known as Tokenization. When you type a command followed by a string, the shell breaks that string into “tokens” based on whitespace (spaces, tabs, or newlines). For example, if you run cat file name.txt, the shell sees three distinct entities: the command cat, the argument file, and the argument name.txt. It will then attempt to open two separate files, which results in an error if a single file named “file name.txt” was the intended target.

To overcome this, we use two primary techniques: Escaping and Quoting.

• Escaping: This involves using the backslash (\) character. The backslash tells the shell to treat the very next character literally, ignoring any special meaning it might have. In our context, \ tells the shell, “This is a literal space, not a separator.”
• Quoting: By wrapping a filename in single (') or double (") quotes, you instruct the shell to treat everything within those quotes as a single string (a single token), regardless of the spaces contained within.

Furthermore, we utilize the SSH (Secure Shell) protocol to access the remote server. SSH provides a secure, encrypted channel over an unsecured network, which is the industry standard for managing remote servers and performing penetration testing tasks on remote targets.

Detailed Requirements and Installation

To follow this tutorial, you need a terminal emulator and an SSH client. Most modern operating systems come with these tools pre-installed.

1. For Linux (Kali, Ubuntu, Parrot OS)

Most Linux distributions include OpenSSH by default. You can verify it by typing ssh -V in your terminal. If not installed, use:

sudo apt update && sudo apt install openssh-client

2. For Windows

The modern way to handle this on Windows is via WSL (Windows Subsystem for Linux) or the built-in PowerShell/Command Prompt (OpenSSH is now native to Windows 10/11). Alternatively, you can use PuTTY.

• • WSL: Install via wsl --install in PowerShell.
  • PuTTY: Download the .msi from the official site and install it to gain access to a GUI-based SSH client.

3. For macOS

macOS comes with a native terminal and SSH client. Open Terminal.app from Applications > Utilities.

Exhaustive Step-by-Step Guide: Bandit Level 2 → 3

Step 1: Accessing the Bandit Server

Before we can solve Level 2, we must log into the server using the credentials obtained from Level 1. Open your terminal and execute the following command. Note that we are connecting to port 2220, which is the custom port for OverTheWire.

ssh bandit2@bandit.labs.overthewire.org -p 2220

Why: We use the -p flag because the standard SSH port is 22. When prompted for the password, paste the password you retrieved at the end of Level 1.

Step 2: Exploring the Current Directory

Once logged in, you need to see what files are available to you. Use the ls (list) command.

ls -la

Why: The -la flags are used to list all files (including hidden ones) and provide long output format (showing permissions, size, and ownership). You should see a file named spaces in this filename.

Step 3: Analyzing the Target File

Observe the filename: spaces in this filename. If you attempt to read it using the standard cat command without proper formatting, it will fail.

cat spaces in this filename

Why: The shell interprets this as an instruction to read four separate files: “spaces”, “in”, “this”, and “filename”. Since none of these individual files exist, you will receive “No such file or directory” errors for each.

Step 4: Method 1 – Using the Backslash (Escaping)

The first way to solve this is by “escaping” every space in the filename. Type the following:

cat spaces\ in\ this\ filename

Why: The \ sequence ensures the shell recognizes the space as part of the string. This is a common method used in automated scripts when dealing with dynamic file paths.

Step 5: Method 2 – Using Quotes (The Cleaner Approach)

Alternatively, you can wrap the entire filename in double quotes. This is generally considered more readable for human users.

cat "spaces in this filename"

Why: Double quotes tell the shell to group everything inside as a single argument. The shell ignores the spaces as delimiters and passes the entire string to the cat command.

Step 6: Retrieving the Flag and Logging Out

Once you execute either command from Step 4 or 5, the terminal will output a string of alphanumeric characters. This is the password for Bandit Level 3.

Copy the password and save it securely. Then, exit the session:
exit

Why: It is good practice to close your SSH sessions to free up server resources and maintain a clean workspace.

Security & Ethical Section: Defense and Best Practices

From an ethical hacking perspective, understanding how to handle unusual filenames is vital for Data Exfiltration and Post-Exploitation. Often, attackers or even developers might use “hidden” directories or files with spaces and special characters to hide configuration files or sensitive data from casual observation.

Defense Strategy: As a system administrator or developer, it is generally discouraged to create files with spaces in a Linux environment. Instead, use underscores (_) or dashes (-). This reduces the risk of script errors that could lead to vulnerabilities. For example, a poorly written cleanup script using rm $FILENAME (without quotes) could accidentally delete the wrong files if $FILENAME contains spaces.

Ethical Use: This tutorial is for educational purposes within the context of authorized wargames. Performing these actions on systems you do not own or have explicit permission to test is illegal and unethical. The skills learned here should be applied toward strengthening system security and understanding how to perform thorough audits of file systems during forensic investigations.

FAQ: Frequently Asked Questions

• • • Q1: Why does OverTheWire use port 2220 instead of 22?

      A: High-traffic public servers often change the default SSH port to reduce the volume of automated “brute-force” attacks that target port 22.

    • Q2: Can I use “Tab Completion” for files with spaces?

      A: Yes! If you type cat spa and hit the Tab key, the shell will automatically escape the spaces for you (e.g., cat spaces\ in\ this\ filename). This is the fastest and most accurate method.

    • Q3: What is the difference between ‘single’ and “double” quotes?

      A: In Bash, single quotes treat every character literally. Double quotes allow for “variable expansion” (like $USER). For filenames, both usually work the same way.

    • Q4: I lost my password for Level 2, what should I do?

      A: You must go back to Level 1 and solve it again. Wargames are designed to be solved sequentially; keep a secure “notes” file with your progress.

    • Q5: Are there other special characters I should worry about?

      A: Yes. Characters like *, ?, !, and & also have special meanings in the shell and must be escaped or quoted to be treated as part of a filename.