Finally, I found some time to continue this little series on OverTheWire Bandit Walkthrough Part 2 - Level 6 - 10!
Let's dive right into it.
Level 6 to 7
Password to Level 6: DXjZPULLxYr17uwoI01bNLQbtFemEgo7
ssh to bandit.labs.overthewire.org and log in with Bandit6.
The password for the next level is stored somewhere on the server and has all of the following properties: - owned by user bandit7 - owned by group bandit6 - 33 bytes in size
This is a tough one, at least I found it tough for a beginner. I utilized my knowledge of the find command from the previous lessons to find the file.
What you want to do first is type
man find
And read through the file on how to search for -user, -group, and -size. You can search the man file by typing /size or /user within the man file.
Now we learned that we can search for the file we want to find the following syntax
find -user bandit7 -group bandit6 -size 33c
Remember the file size indication from previous lessons, 33c actually indicates 33 bytes.
If we run the command as it is, we will not our file, nor anything. Because we are not searching the whole server for it. We need to put a / before our search syntax like this:
find / -user bandit7 -group bandit6 -size 33c
Now we get a lot of output. But if we scroll through the list we find one entry without the Permission denied tag in front of it.
We can see that there is a file we have permission to on /var/lib/dpkg/info/bandit7.password
If we do a cat on it we learn that this is our password
cat /var/lib/dpkg/info/bandit7.passwordCode language: JavaScript (javascript)Password to Level 7: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
There is another way to clear up the mess and find the specific file directly:
find / -user bandit7 -group bandit6 -size 33c -type f 2>/dev/nullCode language: JavaScript (javascript)The 2>/dev/null clears up the garbage we don't have permission to, but I found it way overhead for my level of knowledge so I didn't come on it myself. Just letting you know, there is a way to narrow down the search results even more.
Level 7 to 8
The password for the next level is stored in the file data.txt next to the word millionth.
Ahh, this sounds easier! Let's check if the files here.
ls
data.txt is here. Let's have a look at it!
cat data.txtCode language: CSS (css)Holy crap. I wouldn't want to look through this file to find our password.
After a very quick google search we can learn that grep is the command we want to use:
grep millionth data.txtCode language: CSS (css)As a result, we get the word millionth with the password to our next level next to it. Why make it complicated, challenge done.
Level 8 to 9
Password to Level 8: cvX2JJa4CFALtqS87jk27qwqGhBM9plV
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
For me, this sounds like we need to use the uniq command right off the bat. Let's have a look at man uniq.
man uniq
From the file, we learn that uniq -u lets us sort out uniq lines. But if we just do uniq -u data.txt we will just receive one print of every line - removing the duplicates. Still, too many lines to find our password.
I actually had to do a bit of googling on it to find the right command.
sort data.txt | uniq -u
Will sort out or single unique line in the text file and print our password for Level 9.
Password to Level 9: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
Level 9 to 10
The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.
Ahh! That should be easy, right? Remember the grep command? We can utilize this to find our line starting with multiple ==
grep -a "==" data.txtCode language: JavaScript (javascript)Reveals our password to level 10 and some garbage.
Password to Level 10: truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
So that's it again for Level 6 - 10, this time I will try to get back to the next levels faster. Happy hacking!
