Bandit Level 4 to Level 8 | OverTheWire

Publish date: 2019-12-22
Tags: Linux, OverTheWire-Bandit, CTF

Learn linux command by playing Bandit wargame. The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. Below is the solution of Level 4 → Level 5, Level 5 → Level 6, Level 6 → Level 7, Level 7 → Level 8, and Level 8 → Level 9.

In this post we will learn how to find a human readable file with certain size in bytes and with certain user.

The passwords are hidden, so you have to find the passwords for next level yourself.

Bandit OverTheWire

Previous Post

Bandit Level 0 to Level 3

Bandit Level 4 → Level 5

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “reset” command.

Commands you may need to solve this level

ls, cd, cat, file, du, find

Solution :

Command to connect remote host : ssh bandit4@bandit.labs.overthewire.org -p 2220 password is **** .

file command is used to determine a file’s type or what file contains.

In inhere directory, there are 10 files -file00, -file01, …, -file09. The human-readable file means the content of that file is ASCII and we can find the type of content of a file by running command

file ./-file00 
file ./-file01

file ./file07

We found that -file07 contains ASCII text.

Instead of checking each file we can use find and xargs command.

find program searches a given directory (and its subdirectories) for files based on a variety of attributes.

Command find . -type f searches all regular files in the current directory. Current directory is specified by . (dot).

The xargs command performs an interesting function. It accepts input from standard input and converts it into an argument list for a specified command.

Command find . -type f | xargs file finds all the regular files in the current directory and xargs constructs an argument list for file command and then executes it.

The password for the next level is **** .

Bandit Level 4 5

Reference : The Linux Command Line – A Complete Introduction https://stackoverflow.com/questions/12654026/how-to-count-all-the-human-readable-files-in-bash

Bandit Level 5 → Level 6

Level Goal

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

Commands you may need to solve this level

ls, cd, cat, file, du, find

Solution :

Command to connect remote host : ssh bandit5@bandit.labs.overthewire.org -p 2220 password is **** .

In manual pages of find command it is mentioned that option -size is used to specify size of the file and c is used for bytes. -executable matches the executable files, so ! -executables matches the non executable files. We then pipe this output to xargs command which tells the content of the file found. Command is

find . -type f -size 1033c ! - executable | xargs file

The password for the next level is **** .

Bandit Level 5 6

Reference : The Linux Command Line – A Complete Introduction http://man7.org/linux/man-pages/man1/find.1.html

Bandit Level 6 → Level 7

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

Commands you may need to solve this level

ls, cd, cat, file, du, find, grep

Solution :

Command to connect remote host : ssh bandit6@bandit.labs.overthewire.org -p 2220 password is **** .

Since the password is stored somewhere on the server. Lets go to the root directory by running command cd .. two times.

From manual page of find command :

-user uname File is owned by user uname (numeric user ID allowed). -size n[cwbkMG] File uses n units of space, rounding up. The following suffixes can be used: ‘c’ for bytes -group gname File belongs to group gname (numeric group ID allowed).

From the given, uname is bandit7, gname is bandit6 and n is 33c.

We want file with ASCII content and xargs file will tell us about that.

So the command is :

find -user bandit7 -group bandit6 -size 33c | xargs file

The password for the next level is **** .

Bandit Level 6 7

Reference : The Linux Command Line – A Complete Introduction http://man7.org/linux/man-pages/man1/find.1.html

Bandit Level 7 → Level 8

Level Goal

The password for the next level is stored in the file data.txt next to the word millionth

Commands you may need to solve this level

grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Solution :

Command to connect remote host : ssh bandit7@bandit.labs.overthewire.org -p 2220 password is **** .

Here we can use grep program. grep is used to find text patterns within file. The text we have to find is millionth and the password for next level is next to it.

The command is :

cat data.txt | grep millionth

The password for next level is **** .

Bandit Level 7 8

Reference : The Linux Command Line – A Complete Introduction

Bandit Level 8 → Level 9

Level Goal

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

Commands you may need to solve this level

grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Solution :

Command to connect remote host : ssh bandit8@bandit.labs.overthewire.org -p 2220 password is **** .

We will use command sort to sort all texts in the file. Command uniq with option u i.e. uniq -u only prints unique lines. So the command is :

sort data.txt | uniq -u

and password is **** .

Bandit Level 8 9

Reference : http://man7.org/linux/man-pages/man1/uniq.1.html https://askubuntu.com/questions/915570/how-do-i-find-a-single-unique-line-in-a-file

Next Post

Bandit Level 9 to Level 11 Bandit Level 12 → Level 13 Bandit Level 13 to Level 15 Bandit Level 16 to Level 18 Bandit Level 19 to Level 20 Bandit Level 21 to Level 22 Bandit Level 23 → Level 24 Bandit Level 24 → Level 25 Bandit Level 25 to Level 26 Bandit Level 27 to Level 31 Bandit Level 32 → Level 33

Tags: Linux, OverTheWire-Bandit, CTF