Browse Tag

unix

OverTheWire: Bandit Level 7 to Level 8

Good job in making your way to level 7! You should be better in using the find command to look for useful information now.

bandit7_1

Level goal: The password for the next level is stored in the file data.txt next to the word millionth

This level is actually very simple and has a lot of ways to do it. Personally, I would prefer to simply cat the file and then grep the keyword mentioned in the hint, “millionth“.

[email protected]:~$ cat data.txt | grep millionth
millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plV

 

There, you got it! The password to gain access to the next level is cvX2JJa4CFALtqS87jk27qwqGhBM9plV.

OverTheWire: Bandit Level 6 to Level 7

bandit6_1

Level goal: The password for the next level is stored somewhere on the server and has all of the following properties: – owned by user bandit7 – owned by group bandit6 – 33 bytes in size

 

This level is very similar to the previous level, which you have already completed by now using the find command. However, in this level, we need to include more parameters to be more specific in what we want to search for, as the scope of search is the entire machine rather than just 80 files in a folder.

[email protected]:~$ find / -user bandit7 -group bandit6 -size 33c
/var/lib/dpkg/info/bandit7.password

The above command basically perform a search on the root directory, as depicted by the slash (/) symbol right after the find command. Other parameters includes,

  1. user, which defines the file owner, bandit7
  2. group, which defines the file group, bandit6 in this case
  3. size, which defines the size of the file. 33c means 33 bytes of characters

The output is the following,

[email protected]:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

The password to gain access to the next level is HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

OverTheWire: Bandit Level 5 to Level 6

Like how we usually get started with any levels, the very first thing to do is always to run an ls command to find out what are the files that we have access to. In this case, wow, we are looking at 80 files.

bandit5_1

Level goal: The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties: – human-readable – 1033 bytes in size – not executable

Well, 80 files are way too many for manual checking, just imagine yourself running cat on every single file, that is not only crazy, but also not practical – what if there are 8000 files instead of 80 files?

We need to narrow down the scope using the hints given to us, for instance, a file that is human-readable and 1033 bytes in size.

bandit5_2

The find command is extremely handy in such situation, you can make use of the size and readable parameters as below,

[email protected]:~/inhere$ find . -readable -size 1033c
./maybehere07/.file2
[email protected]:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

The password to gain access to the next level is DXjZPULLxYr17uwoI01bNLQbtFemEgo7

OverTheWire: Bandit Level 4 to Level 5

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Since only one file is human-readable and contains the password to the next round, instead of opening all the files one by one and read its content, why not print all its content and spot the password?

[email protected]:~/inhere$ ls
-file00 -file02 -file04 -file06 -file08
-file01 -file03 -file05 -file07 -file09
[email protected]:~/inhere$ cat ./-file0*
;▒-▒(▒▒z▒▒У▒▒ޘ▒▒8鑾?▒@c
 O8▒L▒c▒Ч7▒zb~▒▒ף▒▒U▒▒g▒f▒4▒6+>"▒▒B▒Vx▒▒d▒▒;de▒O▒:n▒▒▒▒8S▒▒Ѕ[▒/q▒(▒▒@▒▒M▒.▒t▒▒▒▒+▒▒5▒`▒¶R
▒1*6C▒u#Nr▒▒▒hZ▒▒▒P▒邚▒▒▒{#▒TP▒▒6▒]▒▒X:▒▒▒!▒>P▒
d{▒▒▒▒ҏH▒▒▒xX|▒koReBOKuIDDepwhWk7jZC0RTdopnAYKh
#[:*▒▒▒?▒▒j▒▒▒U▒

The password to gain access to the next level is koReBOKuIDDepwhWk7jZC0RTdopnAYKh

OverTheWire: Bandit Level 3 to Level 4

bandit3_1

The password for the next level is stored in a hidden file in the inhere directory.

 

Since the file is hidden, simply run a ls -a to find hidden files.

[email protected]:~/inhere$ ls -la
total 12
drwxr-xr-x 2 root root 4096 Nov 14 2014 .
drwxr-xr-x 3 root root 4096 Nov 14 2014 ..
-rw-r----- 1 bandit4 bandit3 33 Nov 14 2014 .hidden
[email protected]:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

The password to gain access to the next level is pIwrPrtPN36QITSp3EQaw936yaFoFgAB