OverTheWire Bandit Walkthrough Part 2 – Level 6 – 10
Finally, I found some time to continue this little series on OverTheWire Bandit Walkthrough Part 2 – Level 6 – 10!
Let’s dive right into it.
Level 6 to 7
ssh to bandit.labs.overthewire.org and log in with Bandit6.
The password for the next level is stored somewhere on the server and has all of the following properties: – owned by user bandit7 – owned by group bandit6 – 33 bytes in size
This is a tough one, at least I found it tough for a beginner. I utilized my knowledge of the find command from the previous lessons to find the file.
What you want to do first is type
man find
And read through the file on how to search for -user, -group and -size. You can search the man file by typing /size or /user within the man file.
Now we learned that we can search for the file we want to find the following syntax
find -user bandit7 -group bandit6 -size 33c
Remember the file size indication from previous lessons, 33c actually indicates 33 bytes.
If we run the command as it is, we will not our file, nor anything. Because we are not searching the whole server for it. We need to put a / before our search syntax like this:
find / -user bandit7 -group bandit6 -size 33c
Now we get a lot of output. But if we scroll through the list we find one entry without the Permission denied tag in front of it.
We can see that there is a file we have permission to on /var/lib/dpkg/info/bandit7.password
If we do a cat on it we learn that this is our password
cat /var/lib/dpkg/info/bandit7.password
There is another way to clear up the mess and find the specific file directly:
find / -user bandit7 -group bandit6 -size 33c -type f 2>/dev/null
The 2>/dev/null clears up the garbage we don’t have permission to, but I found it way overhead for my level of knowledge so I didn’t come on it myself. Just letting you know, there is a way to narrow down the search results even more.
Level 7 to 8
The password for the next level is stored in the file data.txt next to the word millionth.
Ahh, this sounds easier! Let’s check if the files here.
ls
data.txt is here. Let’s have a look at it!
cat data.txt
Holy crap. I wouldn’t want to look through this file to find our password.
After a very quick google search we can learn that grep is the command we want to use:
grep millionth data.txt
As a result, we get the word millionth with the password to our next level next to it. Why make it complicated, challenge done.
Level 8 to 9
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
For me, this sounds like we need to use the uniq command right off the bat. Let’s have a look at man uniq.
man uniq
From the file, we learn that uniq -u lets us sort out uniq lines. But if we just do uniq -u data.txt we will just receive one print of every line – removing the duplicates. Still, too many lines to find our password.
I actually had to do a bit of googling on it to find the right command.
sort data.txt | uniq -u
Will sort out or single unique line in the text file and print our password for Level 9.
Level 9 to 10
The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.
Ahh! That should be easy, right? Remember the grep command? We can utilize this to find our line starting with multiple ==
grep -a "==" data.txt
Reveals our password to level 10 and some garbage.
So that’s it again for Level 6 – 10, this time I will try to get back to the next levels faster. Happy hacking!
Videos to all tutorials:
