Bandit Level 5 Level 6
Christian Paez
Posted on July 24, 2023
Introduction
Bandit 6 is the seventh level of the OverTheWire Bandit wargame, we are tasked with finding a file within a directory hierarchy and extracting a password from that file.
Steps
-
Connect to the remote server using SSH by running the following command in your terminal:
ssh bandit5@bandit.labs.overthewire.org -p 2220
You will be prompted to enter the password for Bandit level 6, which is
lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
. Enter the password and hit enter. -
Once you have successfully logged in, navigate to the
inhere
directory by running the following command:
cd inhere/
This directory contains a number of subdirectories and files, and our task is to find the file containing the password.
-
To find the file, we can use the
find
command with a combination of flags to search for files that meet certain criteria. In this case, we want to find files that are not executable and have a size of exactly 1033 bytes. We can use the following command:
find . -type f -not -executable -size 1033c
This will return a list of files that meet the criteria.
-
Next, we want to check the contents of each file in the list to see if it contains the password. We can use the
file
command to check if each file is an ASCII text file, and then usecat
to print the contents of any file that matches the criteria. We can use the following command:
find . -type f -not -executable -size 1033c | xargs file | grep "ASCII text" | awk -F: '{print $1}' | xargs cat
This will print the contents of any file that is an ASCII text file and has a size of 1033 bytes and is not executable.
-
The password is located in the file
/home/bandit6/inhere/maybehere07/.file2
. Use the following command to print the contents of the file:
cat /home/bandit6/inhere/maybehere07/.file2
This will output the password, which is
P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
.
Congratulations! You have successfully completed Bandit level 6.
Posted on July 24, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.