Welcome back to the walkthrough for the OverTheWire Bandit wargame. In this post, we will continue our journey by tackling the next set of levels, from Level 5 - 6 to Level 9 - 10. Each level presents new challenges and opportunities to deepen our understanding of command-line operations and file handling in UNIX-like systems.
In the previous post, we covered the basics, including logging into the server using SSH, handling hidden files, and managing filenames with special characters. Now, we will build on that foundation and explore more advanced techniques and tools.
Level 5 - Level 6
In this level, the password for the next level is stored in a file somewhere under the “inhere” directory. The file has the following properties:
- it is human-readable
- it is exactly 1033 bytes in size
- it is not executable
As usual, our task is to find this file and read its contents.
First, let’s navigate to the “inhere” directory using the cd command as we’ve done before:
$ cd inhere
Let’s list the contents of the current directory to see what we’re working with:
$ ls -l
total 80
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere00
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere01
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere02
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere03
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere04
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere05
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere06
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere07
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere08
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere09
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere10
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere11
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere12
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere13
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere14
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere15
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere16
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere17
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere18
drwxr-x--- 2 root bandit5 4096 Jun 16 02:48 maybehere19
We have many directories here, each containing multiple files to check. Manually checking each file would be time-consuming, so we need a more efficient method. We can use the find command to search for the file with the specified properties. The find command allows us to search for files based on various criteria. In this case, we will use the following options:
- “-type f” to search for regular files
- “-size 1033c” to search for files that are exactly 1033 bytes in size (the c stands for characters, meaning bytes)
- “! -executable” to exclude executable files (the “!” means “not")
find also requires that we tell it which directory to begin its search. To do this, we’ll pass “.” as the first argument, indicating that the search should begin in the current directory. Combining these options, we can construct the command:
$ find . -type f -size 1033c ! -executable
./maybehere07/.file2
We can see that the only file that matches our criteria is “./maybehere07/.file2”. Let’s cat it to view its contents:
$ cat ./maybehere07/.file2
<password>
Now that we have the password, we can log into the server as bandit6.
Level 6 - Level 7
This level is very similar to the last one, where we must find a file with specific properties. However, this time the search has expanded, and we’re tasked with finding it on the entire server. The file has the following properties:
- it is owned by the user “bandit7”
- it is owned by the group “bandit6”
- it is exactly 33 bytes in size
As we have to search the entire server this time, this changes our approach slightly, and we will need to adjust our find command accordingly.
As you’ll remember, the first argument to find tells it where to begin its search. As we have to search the entire server, we will tell find to begin at the root directory. In UNIX-like systems, the root directory, denoted by /, is the top-level directory of the file system hierarchy. Searching from / means searching through every file and directory on the server. We will also specify the criteria for the search, as we did in the last level:
- “-user bandit7” to find files owned by the user bandit7
- “-group bandit6” to find files owned by the group bandit6
- “-size 33c” to find files that are exactly 33 bytes in size
While searching the entire server, we will most likely encounter files and directories we do not have permission to access. To prevent find from displaying permission denied messages, we’ll also use “2>/dev/null” at the end of the find command. This part of the command hides those messages so they don’t clutter the output. Don’t worry about fully understanding this syntax yet; just be comfortable knowing that its purpose is to keep our search results clean and easier to read.
Combining these options, we can construct the find command:
$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
Like last time, we can see that the only file which matches all of our criteria is “/var/lib/dpkg/info/bandit7.password”. Let’s cat it to obtain the password and progress to the next level:
$ cat /var/lib/dpkg/info/bandit7.password
<password>
Level 7 - Level 8
In this level, the password for the next level is stored in a file named data.txt, next to the word “millionth.” Our task is to locate this specific word within the file and retrieve the password.
First, let’s list the contents of the current directory to see the data.txt file:
$ ls
data.txt
We can see that data.txt is present. To understand the structure of the data within this file, we can use the head command. The head command displays the first few lines of a file, which can be useful to get a quick preview without displaying the entire file. By default, head shows the first 10 lines but can be adjusted using the -n option.
Let’s use the head command to see the beginning 10 lines of data.txt:
$ head data.txt
interrogator ZZDr4txsCpg779y6ECUhXIU2YGjV5kTi
reminisce Xtt0mfwT7bzxqzyJNewLqD4p8s9lwSOl
deforesting HcDcIJnzZn5fvwTSGxCa3tTv5P2Bpg1G
architecture's hckrxY5ROKiJ7VUtdygZSY45XIrDZ52G
footballers nnviUfbLyMPrLunuyr6paNBbGgKzrrvl
breastbone 0fcGSFP30pQf7uxVdQJ4z478Y1CK6WEG
Livonia bPpdVLmBAvgT16WNeJHx4sGwD5yqb2jV
unsightliness's 8RWzuPYjliioXFjv9RjLmGcvZZEl38Tk
belittles BEO7urSO1iTtOyQVWfhRUXqOTUUlvUva
retrogression H84msZtwsRfP9c5Oj2OXNLZh9DuE9Pzn
Since data.txt likely contains many lines, manually searching it for the word “millionth” would be inefficient. Instead, we can use the grep command, which is designed to search for specific patterns within a file.
To search for the word “millionth” in data.txt, we can use the following command:
$ grep "millionth" data.txt
millionth <password>
The output shows the line containing the word “millionth,” with the password for the next level next to it, which we can use to log into bandit8.
Level 8 - Level 9
In this level, the password for the next level is stored in a file named data.txt and is the only line of text that occurs only once. Our task is to find this unique line within the file.
First, let’s list the contents of the current directory to see the data.txt file:
$ ls -l
total 36
-rw-r----- 1 bandit9 bandit8 33033 Jun 20 04:07 data.txt
We can see that data.txt is present. To understand the structure of the data within this file, let’s use the head command again to see the beginning of the file:
$ head data.txt
VMpFvIE8BvkGHl2ZZCbTjstNxjAhdTCE
qz2NpIwJIT5Tk9PsY9OENphupqrvoOrx
8euCQ4tPvk7BgMGlUs5CG6M9ffaQgCuE
RJSPtBMwy6XajgYQT4mb3Vfgo3egzFoh
9ONcgN5BWYzeN2qLMKIEcxLqnRLfpzLn
qUXN7Q4fsXVlyfMe5k12HyiJqnLCFijw
4JTXH3PW1jq0HyiqfB9gGv9FmohdWsGy
A05YA8bNKFyZyjvKk4VEJN7anzrpOp3f
neTbLI6EYQ9o7bRCRNeDRfBSIA0OcyOS
KY1tLMnNgn3Qha4IwF2wXB2iUdbc8ekr
This gives us a preview of the file’s structure. Since data.txt contains many lines, manually finding the unique line would be inefficient. We need a logical approach to identify the line that occurs only once.
One logical approach is to first sort the lines in the file. Sorting will group identical lines together, making it easier to see which lines are repeated. After sorting, we can scan the lines to find the ones that appear exactly once.
To automate this process, we can use a combination of commands. The sort command is used to sort lines in a file lexicographically. The uniq command is used to print or omit duplicate lines in a file but requires that the input file is sorted for it to work correctly. By default, uniq will omit duplicate lines, outputting all lines exactly once. We can use the -u option to tell uniq to print only unique lines instead.
To combine these two commands, we can use “piping”. Piping, represented by the | symbol, allows us to pass the output of one command as input to another command. Here’s how we can construct the full command:
$ sort data.txt | uniq -u
<password>
Here, sort sorts the lines in data.txt and passes the sorted lines to uniq, which prints unique lines only, which is our password for bandit9. Feel free to try running sort without the pipe to understand the input that is passed to uniq before moving on to the next level.
Level 9 - Level 10
In this level, the password for the next level is stored in a file named “data.txt” in one of the few human-readable strings, preceded by several “=” characters. Our task is to locate this specific string within the file and retrieve the password.
First, let’s list the contents of the current directory to see the data.txt file:
$ ls -l
total 20
-rw-r----- 1 bandit10 bandit9 19379 Jun 20 04:06 data.txt
We can see that data.txt is present. To understand what type of data this file contains, let’s use the file command:
$ file data.txt
data.txt: data
The file command indicates that data.txt is classified as “data,” meaning it contains non-human-readable content. This makes it impractical to open the file directly and search for the password manually.
To extract the human-readable strings from the file, we can use the strings command. In computing, “strings” refer to sequences of characters that are readable as text. The strings command finds and prints these sequences, which is useful for analysing binary files that may contain embedded text, as we have in this scenario.
To find the password, we need to look for lines that contain several “=” characters followed by a human-readable string. The grep command that we’ve used before can help us filter these lines. Here’s how we can construct the full command using a pipe as we did in the previous level:
$ strings data.txt | grep ==
[========== the
T%========== passwordG
}========== ist"
========== <password>
This command extracts all printable strings from data.txt and then passes them to grep, which filters the lines containing “==”. The output contains multiple lines, the last containing the password, which we can use to log into bandit10.
We’ve successfully completed another set of levels in the OverTheWire Bandit wargame. From finding unique lines in large text files to extracting readable strings from binary data, these challenges have helped us develop a deeper understanding of the command line.
There are still more levels for us to complete. In the next post, we will continue our learning by tackling the next five levels. Each new level will build on what we’ve learned and introduce more advanced techniques and concepts.
Thank you for following along with me, and I hope these walkthroughs have been both educational and enjoyable. I look forward to seeing you in the next part.