If you’ve spent enough time on the web searching for practical resources to learn how to hack, then you should know by now what a hustle it is to find the right place to practice for a beginner in the field.
Although there are plenty of resources out there, they are either geared towards experienced hackers (HackTheBox), are only focused on one sub-field (DVWA and WebGoat), or are not free (Pentester Labs).
It is not very often that you come across a website that doesn’t fall within any of these three categories and still makes learning hacking so much fun.
Well, Overthewire does precisely that. It provides fun games ranging from easy to advanced. The beginner, as well as the skilled hacker, can enjoy them while practicing and learning new stuff along the way.
If you are making your first steps in hacking, then you should start by playing the Bandit. This game teaches you about the Linux operating system and walks you through the basic Linux commands.
You cannot claim to be a hacker if you don’t know how to use Linux. If the thought of this OS gives you the shivers, then Bandit is a good opportunity to fix that. Give this game a shot, and I’m certain that you will be learning a lot as you play.
On the other hand, if you are an experienced Linux user, you would still find many levels quite challenging (At least I did).
At each level, you will have to find a secret password which will give you access to the level above it.
To help you in that, Overthewire provides a list of commands that you can use. If the given commands are new to you, then it is better to start by reading about them and understanding them first before you attempt to solve the associated challenge.
You shouldn’t have a hard time solving the first levels. Once you understand the commands that are given to you as hints, the solution will come to you eventually.
However, each level is more challenging than the one before it. So keep in mind that, as you keep solving them, the levels will get more and more difficult.
A good thing about Overthewire is that you don’t need to have Linux installed to be able to play. You can simply connect to a remote machine — the one hosting the game you wish to play — using SSH.
By the way, level 0 in the Bandit game challenges you to do precisely that: to connect to the game using SSH. Once you manage to do that, you can simply retrieve the password and move up to level 1.
However, if you don’t know how to do that or you don’t even know what SSH is, then don’t worry, you can always read the resources that Overthewire provides along with the level’s instructions.
The command shell is the primary environment where Overthewire games are played. Although this black and white screen can be quite daunting at first, you will get more and more comfortable with it after each level you solve. Eventually, you will realize that you are capable of doing much more with the command shell than you would be able to do using a graphical user interface.
Outside The Shell
Natas is one game that you can play outside the shell and it doesn’t require you to use SSH.
Natas focuses on web application hacking, and so you can play it from your browser. However, you might still need to use some other tools here or code a few scripts there to pass certain levels.
Most of the levels in this game cover server-side vulnerabilities. On many occasions, you would be given the source code of the page and you would have to analyze it to determine if there are any vulnerabilities that you can exploit.
So, to be able to analyze the source code, you would need to know some basics about PHP. If you are not familiar with this language, I invite you to learn about it before you attempt this game.
You do not have to be an expert in the language, but you should at least understand the basics. And then, as you progress in the game, you will keep learning more about it.
PHP will be useful to you, not only in the Natas game but also in web application hacking in general.
One great benefit from the challenges of Overthewire — and one that helped me a lot elsewhere as well — is how I can make use of scripting to solve most of my problems.
At first, when you’re starting on OTW, you won’t have to write a single line of code. But then, a few levels in, you will be faced with challenges that you cannot solve manually (That is, without a script).
When you get to that stage, a scripting language will come in handy. Personally, I relied on Python for solving such challenges, even though I was not that skilled in this language.
Sometimes when I get stuck at a certain level, I would search on Google to find out if it’s possible to do so-and-so in Python.
Needless to say, I don’t recommend taking the easy road and searching straight for solutions on Google. This will only hinder your learning.
And so, as I advanced in levels, I noticed that my coding skills were getting better. And later, when I became more comfortable with the language, I started to automate everything using Python. I had a program ready for almost every task.
And So Much More
I have gone through 5 games and I am currently on Narnia. Up to the stage where I am at this moment, the games touched on Linux, web application hacking, cryptography, and binary exploitation.
I know that I still have a lot to learn from OTW. I haven’t even reached halfway. However, I’m confident enough to say that I’m a better hacker now than I was when I first attempted Bandit0.
So, do I recommend Overthewire? Absolutely!