Bandit: Level 5 - Level 6
Level 5
Username: bandit5
Password: 4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw
Task:
https://overthewire.org/wargames/bandit/bandit6.html
1
2
3
4
5
6
7
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
human-readable
1033 bytes in size
not executable
Commands you may need to solve this level
ls , cd , cat , file , du , find
Start
Let’s begin by connecting to the server bandit.labs.overthewire.org
and logging in with user bandit5
on port 2220
.
We have several commands available for this task:
ls
cd
cat
file
du
find
Solve the level
We begin again to move to the directory inhere
and check with ls -la
the contents:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
bandit5@bandit:~/inhere$ ls -la
total 88
drwxr-x--- 22 root bandit5 4096 Jul 17 15:57 .
drwxr-xr-x 3 root root 4096 Jul 17 15:57 ..
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere00
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere01
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere02
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere03
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere04
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere05
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere06
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere07
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere08
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere09
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere10
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere11
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere12
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere13
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere14
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere15
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere16
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere17
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere18
drwxr-x--- 2 root bandit5 4096 Jul 17 15:57 maybehere19
bandit5@bandit:~/inhere$
Okay, we have to find a file which has 1033 bytes and is not executable. Here the command find
should come handy. Lets check the manual for the specific needs.
1
2
man find
find --help
It is tricky to find the correct parameters but we get to this. Lets start with the size
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
-size n[cwbkMG]
File uses less than, more than or exactly n units of space, rounding up. The following suffixes can be used:
`b' for 512-byte blocks (this is the default if no suffix is used)
`c' for bytes
`w' for two-byte words
`k' for kibibytes (KiB, units of 1024 bytes)
`M' for mebibytes (MiB, units of 1024 * 1024 = 1048576 bytes)
`G' for gibibytes (GiB, units of 1024 * 1024 * 1024 = 1073741824 bytes)
That means, we can use Parameter -size 1033c
Next we need to find a file, which is not executable.
1
2
3
4
5
6
7
8
-executable
Matches files which are executable and directories which are searchable (in a file name resolution sense) by the current user. This takes into ac‐
count access control lists and other permissions artefacts which the -perm test ignores. This test makes use of the access(2) system call, and so
can be fooled by NFS servers which do UID mapping (or root-squashing), since many systems implement access(2) in the client's kernel and so cannot
make use of the UID mapping information held on the server. Because this test is based only on the result of the access(2) system call, there is no
guarantee that a file for which this test succeeds can actually be executed.
Okay, and because we want NOT executable we neet to use !
before executiable
And we need to make sure, that it is a file, what we are searching.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
-type c
File is of type c:
b block (buffered) special
c character (unbuffered) special
d directory
p named pipe (FIFO)
f regular file
l symbolic link; this is never true if the -L option or the -follow option is in effect, unless the symbolic link is broken. If you want to
search for symbolic links when -L is in effect, use -xtype.
s socket
D door (Solaris)
Perfect, we need also -type -f
Lets put together the command:
1
2
3
4
5
bandit5@bandit:~/inhere$ find -type f -size 1033c ! -executable
./maybehere07/.file2
bandit5@bandit:~/inhere$ cat ./maybehere07/.file2
HWasnPhtq9AVKe0dmk45nxy20cvUa6EG
Here is the password for the next level:
Password: HWasnPhtq9AVKe0dmk45nxy20cvUa6EG
Explanation:
To locate files based on specific criteria, we use the find
command in Linux with various options. Here’s what each option does:
-type f
: This option tellsfind
to look for regular files only. It excludes directories, symbolic links, and other file types. Thef
stands for “file,” and this ensures that the command does not return directories or other non-file types.-size 1033c
: This option specifies the size of the files to search for. The-size
parameter allows you to define the size in various units:c
stands for bytes.- In this case,
1033c
means the command will look for files that are exactly 1033 bytes in size. You can also use other suffixes likek
for kibibytes orM
for mebibytes if needed.
! -executable
: This option is used to find files that are not executable. The-executable
flag matches files that the current user can execute. By using!
before-executable
, you negate this condition, so the command returns files that are not marked as executable. The!
operator is a negation operator, and it inverts the condition that follows it.