I’m three months out from starting at ČVUT FIT for Information Security and just started a self-study plan toward OSCP. First stop: OverTheWire’s Bandit. This is week 1.

I’m using this blog as a public log, not as a tutorial. OverTheWire’s rules forbid posting walkthroughs anyway, and writing detailed concept essays for tools I’ve only just used would be dishonest about how much I actually understand. So this is just what I bumped into.

Levels completed

0 through 13.

Concepts I bumped into

  • Files starting with - need ./ prefix or -- separator (level 2)
  • Filenames with spaces need escaping with \ or quoting (level 3)
  • The file command checks contents, not extensions — extensions lie (level 4)
  • find chains tests with implicit AND; you stack filters until one file matches (level 5)
  • 2>/dev/null silences stderr separately from stdout. 0 is stdin, 1 is stdout, 2 is stderr (level 6)
  • Pipes | send one command’s stdout into the next command’s stdin (level 7)
  • sort | uniq only works because uniq sees adjacent duplicates; sort groups them first (level 8)
  • strings extracts printable ASCII from binaries so grep can search them (level 9)
  • Base64-encoded data is alphanumeric and ends with = padding (level 10)
  • ROT13 is symmetric — same operation encodes and decodes. tr 'A-Za-z' 'N-ZA-Mn-za-m' (level 11)
  • Repeated decompression: ask file, decompress with the matching tool, ask file again, repeat (level 12)
  • SSH key auth replaces passwords. chmod 600 the key, ssh -i keyfile user@host (level 13)

What I noticed about myself

I can solve a level by looking up the right command and plugging it in, but that doesn’t always mean I understood it. I felt this most on the levels involving find composition and ROT13 — I used the tools, the levels passed, but I couldn’t reimplement them from scratch right now if I had to.

That’s a gap. I don’t trust my Python or scripting fundamentals enough to close it today. Phase 1B (post-maturita) will start with a Python ground-up block before the home lab work — not just to use Python, but to get to the point where I can rewrite these Bandit tools as small scripts and actually own the concepts.

Next

Levels 14-20 next week. Reading: switched from The Cuckoo’s Egg (couldn’t get a copy locally) to Daniel Miessler’s blog archive. Networking: started Professor Messer’s N10-009 series, two videos in.