Level goal: The password for the next level is stored in the file data.txt, which contains base64 encoded data

This level basically introduce us to base64 encoding, one of the most commonly used method to encode data in the wild, however, it is easily recognized and decoded due to all the tools available online. I have covered a few write up other CTF games that uses base64 encoding as well, such as the InfoSec CTF.

Since the server itself is running on a Linux distribution and all Unix operating systems has inbuilt support for the base64 command, we are easily perform a base64 decode directly.

bandit10@melinda:~$ base64 -d data.txt
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR

The password to gain access to the next level is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR.

Level goal: The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.

This level is similar to previous levels, which basically require us to search for the password in a text file. However, the difficulty is that you cannot perform the cat+grep command on it because it is a “binary” file instead of a text file.

This is when you can try out the strings command. Let’s look at the description of the strings command:

The string functions perform string operations on null-terminated strings. See the individual man pages for descriptions of each function.

In short, it goes through the entire file and any string values that it is able to find, it will display it to the output. As per the clue given to us to clear this level, let’s run a strings command on the data.txt file and grep only records with the “=” characters.

bandit9@melinda:~$ strings data.txt | grep "="
epr~F=K
7?YD=
?M=HqAH
/(Ne=
C=_"
I========== the6
z5Y=
`h(8=`
n\H=;
========== password
========== ism
N$=&
l/a=L)
f=C(
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
ie)=5e
bandit9@melinda:~$

The password to gain access to the next level is truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk.

Level goal: The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

This level can be quite tricky if you don’t know about commands like sort and uniq and how it really works.

There are several commands which seems to be able to produce the output, but failed to do so. Personally, I learnt from these trial and error.

First, let us look at the sort -u command and how it works.

bandit8@melinda:~$ sort -u data.txt 0dJUVh7xSLq6OkSLaxUydzRBVVJlc78x 1JF4GVFmFLq7XT2mYPpCzEl2aT33zxfh { … removed …} yqtqjt2cJPMU6AEataMQSNmPtZuV7nX9 yuFfSTNzXeACMYRXVcxIbXVUvMk1cMKl

As you can see above, the sort -u commands has removed all the duplicated copies of strings when it is displaying the output, the records are indeed unique (you can verify it), however, it does not show me which record is only output only once.

Next, we will look at the uniq -c command. What uniq does is basically performing a comparison between each line of text with its previous line to check if they are unique, thus it is recommended that we combine it with a simple sort command to group up the strings which are duplicated.

bandit8@melinda:~$ sort data.txt | uniq -c
10 0dJUVh7xSLq6OkSLaxUydzRBVVJlc78x
10 1JF4GVFmFLq7XT2mYPpCzEl2aT33zxfh
{ ... removed ... }
10 Thw7rjDiq6JPBdYSP5PdpvebvYa4Woio
1 UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
10 VM88tiT9pkZtuPDK2GGC7IhnqfzHQwkK
{ ... removed ... }
10 yuFfSTNzXeACMYRXVcxIbXVUvMk1cMKl

The -c parameter will count the number of occurrences of that particular string and append a prefix of its count. As you can see from the above output, there is only 1 record of UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR whereas all other strings were repeated for 10 counts within data.txt file.

There is an even faster way to get the password, by using the –u parameter. It works similarly to -c, but instead of counting the number of occurrences and appending it as a prefix before each string, it actually discount away all those records which have more than 1 count and only display the records which are totally unique (only 1 count).

bandit8@melinda:~$ cat data.txt | sort | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

The password to gain access to the next level is UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR.

Good job in making your way to level 7! You should be better in using the find command to look for useful information now.

Level goal: The password for the next level is stored in the file data.txt next to the word millionth

This level is actually very simple and has a lot of ways to do it. Personally, I would prefer to simply cat the file and then grep the keyword mentioned in the hint, “millionth“.

bandit7@melinda:~$ cat data.txt | grep millionth
millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plV

There, you got it! The password to gain access to the next level is cvX2JJa4CFALtqS87jk27qwqGhBM9plV.

Level goal: The password for the next level is stored somewhere on the server and has all of the following properties: – owned by user bandit7 – owned by group bandit6 – 33 bytes in size

This level is very similar to the previous level, which you have already completed by now using the find command. However, in this level, we need to include more parameters to be more specific in what we want to search for, as the scope of search is the entire machine rather than just 80 files in a folder.

bandit6@melinda:~$ find / -user bandit7 -group bandit6 -size 33c
/var/lib/dpkg/info/bandit7.password

The above command basically perform a search on the root directory, as depicted by the slash (/) symbol right after the find command. Other parameters includes,

1. user, which defines the file owner, bandit7
2. group, which defines the file group, bandit6 in this case
3. size, which defines the size of the file. 33c means 33 bytes of characters

The output is the following,

bandit6@melinda:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

The password to gain access to the next level is HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs