Getting Hands-on Experience with Bash, Going Through OverTheWire, and More


Hello there!

Today I will be going over my experiences with the following topics:

  • Learning how to write Bash code
  • What OverTheWire is teaching me

After watching numerous YouTube videos on how to prepare for the OSCP, I found that getting hands on experience is the best way to study the prerequisites for the exam. I’ll explain more in a little as to why I think this.

Hands-on experience with Bash

What is Bash? Why do we need to learn it for the OSCP? How do I start learning it? We will answer all of these questions today.

What is Bash?

Bash stands for “Bourne again shell.” A shell is a command prompt on your computer where you can execute a variety of commands to interact with the operating system. There are a variety of shells with their own specific languages on them (Bash, Python, PowerShell, etc). Bash used to be explicitly for Linux devices, but now Bash can be run on Windows with little effort!

Why do we need to learn Bash for the OSCP?

I would not say that you have to be an expert before going through the course of the OSCP, but if you have little to no experience with Bash then I suggest you get a head-start on it. In the syllabus of the OSCP, they mention Bash as a good chunk of their course. From learning the main concepts like Bash scripting to customizing Bash itself, it’s pretty easy to notice that they really want you to know it well for their exam. As a new graduate, I always learned in school to stay ahead because once you fall behind on key subjects, it becomes exponentially harder to truly understand all the missed concepts. The Linux kernel has Bash as its default shell (hence why it is so important to learn).

How Do I Learn Bash?

There are so many free resources on the internet that help you learn Bash that, in my opinion, it’s actually a sin not to take advantage of them. A free resource that I used last week was:

https://guide.bash.academy/

https://cmdchallenge.com/

This guide will teach you the basics, enough to get you running with OverTheWire. Note: It is HIGHLY RECOMMENDED that you do the exercises at the end of each concept. You cannot just read from left to right on the screen and expect to know how to script like a pro – it all takes practice just like with anything in life. Remember, hands-on is the theme I am trying to push to all 6 of you that will read this blog; the best learning is obtained from doing tasks, getting frustrated and learning why stuff isn’t working the way you want it to by researching and understanding the problem. As a computer scientist, I became fluent with Bash relatively quickly, but the more I ran into problems and solved them – the more I learned.

OverTheWire

OverTheWire is a free website that allows you to practice your hacking skills on their machines. Their machines are organized by levels and in every level there is a password that you have to obtain that is used to log into the next level. This concept of hacking is called “Capture the Flag,” where the “flag” is the password hidden somewhere on the machine. Since last week, I have been practicing my hacking skills on these machines. On their website: www.Overthewire.com, they have different themes as far as which machines to hack. They have a theme called “Bandit” that is intended for beginners (like myself). It’s 34 levels and I would say it is pretty easy until around level 15 where I ran into a wall for more than a day. Currently, I am on Bandit #21 and hope to finish all 34 by next week. This is a great resource to help you get started on the basic concepts of hacking, practicing with Bash, and more.

Things to Keep in Mind When Working on OverTheWire

Here is an example of Bandit level 4 where they give you the instructions on the level and the commands you may find helpful.

When working on these machines you have to keep a couple things in mind:

  • Read the instructions carefully as there may be a clue to help you get the password
  • When you run into a wall, look at the section where it says ‘Commands you may need to solve this level’ and search up the manual on them to find out what capabilities they have that match up with what you are trying to accomplish
  • NEVER SEARCH UP HOW TO COMPLETE THE LEVEL: YOU WILL LEARN NOTHING AND REGRET IT INSTANTLY – DO NOT EVEN SEARCH UP HINTS TRUST ME YOU WILL NOT LEARN.

I am obviously not an expert in ethical hacking, but there is something that I have learned fairly quickly when working on OverTheWire:

To become a successful hacker you must have a mindset of persistence.

There are a lot of attributes you need as an individual to become a successful pentester, but I truly believe that if you have bullet-proof persistence then the sky is the limit for you. I have faced many frustrations during this week of hacking, and it wasn’t just for a couple of hours, it was for days. Some levels I would be stuck on for about 3 to 4 days spending all my time attempting different methods to get the flag. There are two things that I learned during my time of frustration:

  1. Even if I spend all this time trying to capture the flag and fail, it is definitely not a waste of time because when I hit a wall I do more research on these topics to see if there are other new concepts I can learn (handling asymmetric encryption when trying to ssh into a machine, netcat to send messages to another port, the concept of escalating privileges when executing commands with SUID, and much more).
  2. The more I experience frustration, the more experience I obtain with being frustrated. Meaning that I am conditioning myself to normalize spending a good amount of time trying to complete a problem that I am stuck on. I am building my experience with staying persistent on the same problem.

I have learned so many new concepts just by going through OverTheWire that I can easily write another blog about (which I probably will for next week). Just remember that when you are in the midst of frustration and cannot seem to find a way to solve the level, do more research on the commands you may need to use.

When you find new ways to use commands, try to think of how you can implement that into the machine to get the password. Don’t be surprised if you stay on the same level for more than a day- just keep at it and you will eventually crack the code. If you have any questions email me at [email protected].

Thanks again for reading and I will catch you all next week!

Recent Content