[howLongHowLong]

I saw this while taking a smoke break in the middle of playing "Bandit." It's definitely making a lot of concepts (especially ssh/ssl usage) clearer and more intuitive through use. I look forward to playing the other games there.

[slickdork]

I played about 3/4ths of bandit. I'm curious your play style: do you google specifically the problem (NOT the literal bandit problem ("bandit24 solution"), but the general solution needed, i.e., "how to recursivly decrypt") or do you read the man pages trying to find the solution?

It felt like I was basically decoding the problem, then turning to google for the answer, and it kind of felt like cheating. But that's also how I'd operate in the real world, so I guess it's not cheating?

[howLongHowLong]

I think it's designed that way, i.e. figuring out how to find solutions generally is one of the skills its trying to build. The man pages from the "possible commands" and the linked articles generally have enough information to get me through, and if not, they have enough to put my research in the right direction. The fringe benefit is time spent running down the wrong path actually results in me learning other useful, related things.

I put it down and come back to it, too. Each time I start from the beginning, and more bits are just in memory, and looking up specific commands is more about remembering the options than trying to figure out how to do it. When I first started playing, google was my main source but I've started turning to the man pages first, because it ends up being less effort digesting that than reading through a bunch of fluff to get to my specific use case.

[boneitis]

It's probably also worth noting how old a lot of these games are. Bandit, for example, looks like it was released in '12. Back then, I imagine there weren't straight-up solutions plastered in every direction you looked.

As an industry junior now, I get asked all the time on how to get started. Out of desire to not give a gatekeeping response, I can only shrug and point people to OTW-Bandit/picoCTF and tell them to try to do what they can on their own but Google every answer if they have to. Everybody's got to start somewhere [e: snip].

I'll freely offer kudos to anyone with zero knowledge who even manages to go through a handful of exercises while looking up every answer if they otherwise would have not done anything hands-on at all.

I should probably tweak my response a bit by adding a standing offer of approachability if they actually give it a shot and get stuck on those particular CTFs I suggest them.

Oh, and yes, I have encountered many a CTF problems with very poor problem descriptions. I often don't feel bad about searching around deeply in those cases, if it's not a live competition.

[howLongHowLong]

Its not too difficult to just ignore all search results that reference "bandit" or "overthewire", and thus have an identical experience to before. I suspect there were places on the internet in 2012 where people discussed and disseminated bash tips and tricks.

[yakshaving_jgt]

In 2012? There were places like that in 2002. The technical landscape hasn’t changed wildly in the past decade.