Bandit level 05 to 10 - Walkthrough

Continuing where we left of…

Level 05 –> 06

Level credentials

• username : bandit5
• password : lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR

Level goal

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

• human-readable
• 1033 bytes in size
• not executable

Level solution

In this level, we are going to use the find command. find allows us to search for files in a directory hierarchy. You can read more about how find works using the manual man find

Always read the fing manual 😃*

Now that we know how find works, we can use its options to filter out files according to our level goal.

cd inhere
find . -type f ! -executable -size 1033c 2> /dev/null

Explanation :

• . : look for files in the current directory
• -type f : exclude directories and only look for files
• ! -executable : exclude executable files
• size 1033c : only files that are 1033 bytes long
• 2> /dev/null : redirect errors to the BLACK WHOLE

We got our password 😃

P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU

Level 06 –> 07

Level credentials

• username : bandit6
• password : P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU

Level goal

The password for the next level is stored somewhere on the server and has all of the following properties:

• owned by user bandit7
• owned by group bandit6
• 33 bytes in size

Level solution

Using our knowledge acquired from the previous levels, a simple find command will do the trick

find / -user bandit7 -group bandit6 -size 33c 2> /dev/null

We got our password 😃

z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S

Level 07 –> 08

Level credentials

• username : bandit7
• password : z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S

Level goal

The password for the next level is stored in the file data.txt next to the word millionth

Level solution

It’s time to learn a new command ! grep.

grep searches for PATTERNS in the file(s) provided as arguments, and prints lines that matches that pattern. in our case:

• PATTERN : millionth
• filename : data.txt

grep millionth data.txt

We got our password 😃

TESKZC0XvTetK0S9xNwm25STk5iWrBvP

Level 08 –> 09

Level credentials

• username : bandit8
• password : TESKZC0XvTetK0S9xNwm25STk5iWrBvP

Level goal

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once

Level solution

If we cat our data.txt file, we will notice a lot of duplicate lines. What we can do is :

• sort the file, so that duplicate lines are consecutive.
• filter out the file by only taking the line that appeared once

we can achieve this by piping the result of sort data.txt into uniq -u

The -u option will filter out all lines that appeared more than once, leaving us with the password.

sort data.txt | uniq -u

We got our password 😃

EN632PlfYiZbn3PhVK3XOGSlNInNE00t

Level 09 –> 10

Level credentials

• username : bandit9
• password : EN632PlfYiZbn3PhVK3XOGSlNInNE00t

Level goal

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

Level solution

data.txt is a data file, meaning it contains junk if we try to display its content.

A work around is to use strings instead of cat.

strings will print the sequence of printable characters in files.

We can then pip the result to a simple grep.

strings data.txt | grep "="

We got our password 😃

G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s