So, let's click the jquery.js file and see what's in it, I bet they hid it somewhere in there. In fact, it's right at the very bottom of the file, not hard to locate at all.
Looks a bit obfuscated, this may be difficult. Here is a pastiebin link to the obfuscated code. I did a quick Google search and found an online javascript "beautifier", pasted the code and it deobfuscated it. Awesome. So now looking through the code you can clearly see the passwords for the levels.
1: Filesystem_etcL5a = {
2: 'passwd': {
3: type: 'file',
4: read: function (terminal) {
5: terminal.print();
6: $.each([
7: 'level1:533V18k:1001:1001:level1:home/level1:/bin/bash',
8: 'level2:24o23tD:1002:1002:level2:home/level2:/bin/bash',
9: 'level3:test123:1003:1003:level3:home/level3:/bin/bash',
10: 'level4:SLIv5V1:1004:1004:level4:home/level4:/bin/bash',
11: 'level5:14261Rc:1005:1005:level5:home/level5:/bin/bash',
12: 'level6:8654TRC:1005:1005:level6:home/level6:/bin/bash', ], function (num, line) {
13: terminal.print(line);
14: });
15: }
16: },
It seems they jumped the gun on this one, maybe more planning or even a proper wargame box might prevent this and even give securityoverride.org more member base and respect.
