OverTheWire Bandit Walkthrough Part 2 – Level 6 – 10

Finally I found some time to continue on this little series on OverTheWire Bandit Walkthrough Part 2 – Level 6 – 10 !

Lets dive right in it.

Level 6 to 7

ssh to bandit.labs.overthewire.org and login with Bandit6.

Password to Level 6

The password for the next level is stored somewhere on the server and has all of the following properties: – owned by user bandit7 – owned by group bandit6 – 33 bytes in size

This is a tough one, at least I found it tough for a beginner. I utilized my knowledge of the find command from the previous lessons to find the file.

What you want to do first is type

man find

And read through the file on how to search for -user, -group and -size. You can search the man file by typing /size or /user within the man file.

Now we learned that we can search for the file we want to find with the following syntax

find -user bandit7 -group bandit6 -size 33c

Remember the file size indication from previous lessons, 33c actually indicates 33 bytes.

If we run the command as it is, we will not our file, nor anything. Because we are not searching the whole server for it. We need to put a / before our search syntax like this:

find / -user bandit7 -group bandit6 -size 33c

Now we get a lot of output. But if we scroll through the list we find one entry without the Permission denied tag in front of it.

We can see that there is a file we have permission to on /var/lib/dpkg/info/bandit7.password

If do a cat on it we learn that this is our password

cat /var/lib/dpkg/info/bandit7.password
Password to Level 7

There is another way to clear up the mess and find the specific file directly:

find / -user bandit7 -group bandit6 -size 33c -type f 2>/dev/null

The 2>/dev/null clears up the garbage we don’t have permission to, but I found it way overhead for my level of knowledge so I didn’t come on it myself. Just letting you know, there is a way to narrow down the search results even more.

Level 7 to 8

The password for the next level is stored in the file data.txt next to the word millionth.

Ahh, this sounds easier! Let’s check if the files here.

ls

data.txt is here. Lets have a look to it!

cat data.txt

Holy crap. I wouldn’t want to to  look through this file to find our password.

After a very quick google search we can learn that grep is the command we want to use:

grep millionth data.txt

As a result we get the word millionth with the password to our next level next to it. Why make it complicated, challenge done.

Password to Level 8

Level 8 to 9

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

For me this sounds like we need to use the uniq command right off the bat. Lets have a look to man uniq.

man uniq

From the file we learn that uniq -u lets us sort out uniq lines. But if we just do uniq -u data.txt we will just receive one print of every line – removing the duplicates. Still too many lines to find our password.

I actually had to do a bit of googling on it to find the right command.

sort data.txt | uniq -u

Will sort out or single unique line in the text file and print our password for Level 9.

Password to Level 9

Level 9 to 10

The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.

Ahh! That should be easy, right? Remember the grep command? We can utilize this to find our line starting with multiple ==

grep -a "==" data.txt

Reveals our password to level 10 and some garbage.

Password to Level 10

 

So that’s it again for Level 6 – 10, this time I will try to get back to the next levels faster. Happy hacking!
Videos to all tutorials:

Leave a Reply

%d bloggers like this: