Penetration-Testing

Learn practical Linux skills and command-line thinking through the first 12 levels of OverTheWire’s Bandit wargame. This post shares lessons, strategies, and powerful command-line tools (find, grep, awk, base64, tr, and more) without spoiling solutions; perfect for aspiring ethical hackers, CTF players, and curious beginners.

Getting user.txt is just the beginning. Here’s how I hunt for privilege escalation paths on Linux boxes — what I check, how I think, and why it still stumps me sometimes.

Understand what shells really are, how they evolved, why they matter, and how different types like reverse shells and webshells work.

After exploring XSS in Part 1, we now dive into server-side command injection, shell behavior, piping, and classic reverse shell tactics.

Lab setup with Kali and Metasploitable 2, safe networking configuration, and a proper starting point for reflected XSS.