This article is continuation of the over the wire bandit series. In case you haven’t read that here it is OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 1-5 LEVELS.
So let’s start with the level 6. I logged in level 6 with the credentials I gained in level 5.
> level 5-6
ssh bandit5@bandit.labs.overthewire.org -p 2220
password: Level 4-5 password from OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 1-5 LEVELS.
The hint is given for this level on their site: It says it is in inhere directory and it is
- human-readable
- 1033 bytes in size
- not executable
so to find the file we should use a command which can help us find all these parameters in a single file. file command can help us here, through this command we will be able to find the size and not executable type and also human readable.
command I have used is:
find ./ -size 1033c ! -perm -a+x -print
There is the password in file2 which has 1033 bytes size and it is not executable.
>level 6-7
ssh bandit5@bandit.labs.overthewire.org -p 2220
password: the password we found in level 5 file2.
This level was a little not so easy, since the password is not in a single directory but it is could be anywhere on the server. I have tried to ls and ls -a to see hidden files in the bandit6 directory ut nothing was there.
The hint on overthewire says that the file which contains password has the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
and we know what command to use when we need to check a file parameter in a linux based environment!
So I used this file command to search for the specific file:
find / -size 33c -group bandit6 -user bandit7
This command gave me a list of files with permission denied but we don’t have to see the permission denied files, we have to look for the file that we are permitted to open.
Above file from the list of files contains the password bandit7.password and it is located in var/lib/dpkg/info/bandit7.password. Use cat command to print the password on the screen.
>level 7-8
Use the ssh command and above password of level 6-7 to login in level 8th.
The hint for this level says that the password is in the file data.txt and it is next to the millionth word. 
So I used here the cat command piped with grep command which will grep the word millionth and the item next to it. Piped commands are a type of command which takes output of one command as the input to another command. Here grep is first grepping the word millionth and then cat is displaying the output of the grep command.
>level 8-9
login with above password into bandit8 ssh with the password above.
This level was quite intriguing. The hint says :
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once.
So, I have tried many commands including cat,uniq,sort but I had to find the right combination of these piped commands. So I have tried every combination and then I came across the command I have used below:
sort data.txt | uniq -u
uniq will find the unique texts in the file but we have to find the only text that occurs only once. So just uniq command will give us all the unique text that comes n number of times, which is not what we want. We want the text will occured only once. So hence sort command comes to rescure. Sort command will sort the uniq text and gives out the text will occurs once. So here is the password.
> level 9-10
Login to this level with ssh command and the password above.
The hint for this level says:
The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.
This is the simplest level of all. The command I have used is
strings data.txt |grep “=”
where strings will print the strings in the data.txt files and grep command will grep “=” character in the file. so together the grep’s output will be input to strings and hence we get the password.
>Level 10-11
Login to ssh using the above password.
The hint for this level says:
The password for the next level is stored in the file data.txt, which contains base64 encoded data.
The password is base64 encoded. In the help commands in overthewire, base64 command is given. So I used this command on data.txt and here is the password:
>Level 11-12:
Login to this level via ssh and the password we obtained above.
This level was a little tight than others. The hint on the site says:
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions.
The helpful reading material suggested us to read about ROT13. So here I will give you a little information about ROT13 cipher. This cipher is a substitution cipher where every alphabet from 1-26 are rotated and substituted by 13th alphabet ahead. So A will be encrypted as M and N will be Z. More on ROT13.
tr command is given as a help command on overthewire site. So I thought to dig in this command. Wiki defines tr command as: “tr is a command in Unix-like operating systems. It is an abbreviation of translate or transliterate, indicating its operation of replacing or removing specific characters in its input data set. “
So this command could replace/substitute the letters. I used the below command to get this to work via cat and tr.
cat data.txt | tr ‘A-Za-z’ ‘N-ZA-Mn-za-m’
This command simply says to take the A-Z and a-z in upper and lower both and substitute it with N-Z for A-M and A-M for N-Z and similarly for lower case letters. So I got the password for the next level!
I will be continuing this article with more level. Till then Ciao.