Browse Tag

unix

OverTheWire: Bandit Level 5 to Level 6

Like how we usually get started with any levels, the very first thing to do is always to run an ls command to find out what are the files that we have access to. In this case, wow, we are looking at 80 files.

bandit5_1

Level goal: The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties: – human-readable – 1033 bytes in size – not executable

Well, 80 files are way too many for manual checking, just imagine yourself running cat on every single file, that is not only crazy, but also not practical – what if there are 8000 files instead of 80 files?

We need to narrow down the scope using the hints given to us, for instance, a file that is human-readable and 1033 bytes in size.

bandit5_2

The find command is extremely handy in such situation, you can make use of the size and readable parameters as below,

bandit5@melinda:~/inhere$ find . -readable -size 1033c
./maybehere07/.file2
bandit5@melinda:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7

The password to gain access to the next level is DXjZPULLxYr17uwoI01bNLQbtFemEgo7

OverTheWire Bandit – Level 0 to 6 – detailed step-by-step walkthrough video with explanations!

OverTheWire: Bandit Level 4 to Level 5

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Since only one file is human-readable and contains the password to the next round, instead of opening all the files one by one and read its content, why not print all its content and spot the password?

bandit4@melinda:~/inhere$ ls
-file00 -file02 -file04 -file06 -file08
-file01 -file03 -file05 -file07 -file09
bandit4@melinda:~/inhere$ cat ./-file0*
;▒-▒(▒▒z▒▒У▒▒ޘ▒▒8鑾?▒@c
 O8▒L▒c▒Ч7▒zb~▒▒ף▒▒U▒▒g▒f▒4▒6+>"▒▒B▒Vx▒▒d▒▒;de▒O▒:n▒▒▒▒8S▒▒Ѕ[▒/q▒(▒▒@▒▒M▒.▒t▒▒▒▒+▒▒5▒`▒¶R
▒1*6C▒u#Nr▒▒▒hZ▒▒▒P▒邚▒▒▒{#▒TP▒▒6▒]▒▒X:▒▒▒!▒>P▒
d{▒▒▒▒ҏH▒▒▒xX|▒koReBOKuIDDepwhWk7jZC0RTdopnAYKh
#[:*▒▒▒?▒▒j▒▒▒U▒

The password to gain access to the next level is koReBOKuIDDepwhWk7jZC0RTdopnAYKh

OverTheWire Bandit – Level 0 to 6 – detailed step-by-step walkthrough video with explanations!

OverTheWire: Bandit Level 3 to Level 4

bandit3_1

The password for the next level is stored in a hidden file in the inhere directory.

Since the file is hidden, simply run a ls -a to find hidden files.

bandit3@melinda:~/inhere$ ls -la
total 12
drwxr-xr-x 2 root root 4096 Nov 14 2014 .
drwxr-xr-x 3 root root 4096 Nov 14 2014 ..
-rw-r----- 1 bandit4 bandit3 33 Nov 14 2014 .hidden
bandit3@melinda:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB

The password to gain access to the next level is pIwrPrtPN36QITSp3EQaw936yaFoFgAB

OverTheWire Bandit – Level 0 to 6 – detailed step-by-step walkthrough video with explanations!

OverTheWire: Bandit Level 2 to Level 3

bandit2_1

The password for the next level is stored in a file called spaces in this filename located in the home directory

After you performed a simple ls command to see the files in the directory, you will notice the “spaces in this filename” file. If you directly cat the file, you will have problems.

The trick is to either use backslash before each space, or embed the entire file name as a string. For instance,

  1. Adding backslash before each space
    • bandit2@melinda:~$ cat spaces\ in\ this\ filename
  2. Adding double quote to embed the file name
    • bandit2@melinda:~$ cat “spaces in this filename”

Either way works. 

bandit2@melinda:~$ ls
spaces in this filename
bandit2@melinda:~$ cat "spaces in this filename"
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit2@melinda:~$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit2@melinda:~$

The password to gain access to level 3 is UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

OverTheWire Bandit – Level 0 to 6 – detailed step-by-step walkthrough video with explanations!

OverTheWire: Bandit Level 1 to Level 2

bandit1_2

The password for the next level is stored in a file called located in the home directory

As the hint has suggested, you need to check the content in the file named – (a dash symbol) to obtain the password to access level 2.

However, if you just simply run the cat command to view print the content in the file named – (a dash symbol), your terminal is just going to get stuck,

bandit1_1

When cat sees – (a dash symbol) as a filename, it treats it as a synonym for stdin. To avoid getting treated as a stdin and have your terminal getting nowhere, you need to provide the full path of the file instead of simply cat the file name.

bandit1@melinda:~$ cat ./-
 CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

The password to gain access to level 2 is CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

OverTheWire Bandit – Level 0 to 6 – detailed step-by-step walkthrough video with explanations!