Post

OverTheWire - Bandit - Level 5 -> Level 10

Posted Updated
By Nasrallah Baadi 3 min read

Description

Hello l33ts, I hope you are doing well. In today’s episode we will be doing Level 5 -> Level 10 of Bandit from OverTheWire. Let’s connect to bandit5 and start.

Level 5 -> Level 6

Goal

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

  • human-readable
  • 1033 bytes in size
  • not executable

Solution

With that information, we can use find with the following tags:

  • ./ : To start the search from the current directory.
  • -type f : To search for files.
  • -size 1033c : To look for files with the 1033 bytes in size
1
2
3
4
5
6
7
8
9
10

bandit5@bandit:~$ ls
inhere
bandit5@bandit:~$ cd inhere/
bandit5@bandit:~/inhere$ ls
maybehere00  maybehere02  maybehere04  maybehere06  maybehere08  maybehere10  maybehere12  maybehere14  maybehere16  maybehere18
maybehere01  maybehere03  maybehere05  maybehere07  maybehere09  maybehere11  maybehere13  maybehere15  maybehere17  maybehere19
bandit5@bandit:~/inhere$ find ./ -type f -size 1033c
./maybehere07/.file2
bandit5@bandit:~/inhere$ cat ./maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemExxx

Level 6 -> Level 7

Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

1
2
3

owned by user bandit7
owned by group bandit6
33 bytes in size

Solution

We can use find to search for this file with the following tags.

  • / : Start the search in the root directory.
  • -type f : Search for files.
  • -user bandit7 : Files owned by user bandit7.
  • -group bandit6 : Files owned by group bandit6.
  • size 33c : Files with 33 bytes in size
  • 2>/dev/null : Send any errors to /dev/null
1
2
3
4

 bandit6@bandit:~$ find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay4Fw76bEy8PVxKEDQRKxxx

Level 7 -> Level 8

Goal

The password for the next level is stored in the file data.txt next to the word millionth

Solution

We can read the file with cat and pip it to grep that will search for the word ‘millionth’ in that output.

1
2
3
4
5

bandit7@bandit:~$ ls -l
total 4088
-rw-r----- 1 bandit8 bandit7 4184396 May  7  2020 data.txt
bandit7@bandit:~$ cat data.txt | grep 'millionth'
millionth       cvX2JJa4CFALtqS87jk27qwqGhBM9xxx

Level 8 -> Level 9

Goal

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

Solution

In data.txt, every sentence is repeated more than once, except our password. We need to sort the content of the file and delete the duplicates in it, we can do that with sort and uniq -u.

1
2
3
4

bandit8@bandit:~$ ls
data.txt
bandit8@bandit:~$ sort data.txt | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQxxx

Level 9 -> Level 10

Goal

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

Solution

We can print the only human-readable strings with the command strings, we can then pip the output to grep and look for = signs.

1
2
3
4
5
6
7

bandit9@bandit:~$ ls
data.txt
bandit9@bandit:~$ strings data.txt | grep ==
========== the*2i"4
========== password
Z)========== is
&========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFxxx

Thank you for taking the time to read my writeup, I hope you have learned something with this, if you have any questions or comments, please feel free to reach out to me. See you in the next hack :) .

OverTheWire, Bandit
overthewire bandit linux
This post is licensed under CC BY 4.0 by the author.