OverTheWire Bandit Write Up – Level 4

Level 3 is done, I feel that I am getting through these levels in quiet a quick fashion, so now its time to try my hand at the bandit level 4. If you haven’t had a chance to read my write up of level 3, it can be found here. OverTheWire Bandit Write Up – Level 3. Head over give it a read, then slump yourself down and we can go through this level.

Level 4

So we’re searching for the password for the next level and the hint I’ve got from the OverTheWire bandit level 4 website is, that the password is stored in the only human-readable file.

Let’s Start Hacking Then

So I start by spinning up a fresh terminal to connect to the server via SSH using the command below. Once connected to the server it asks for the password which I got from the last level, and it works.

ssh bandit4@bandit.labs.overthewire.org -p 2220

Once I’m in I run the usual ls command to see what’s sat in the home directory, and just like the last level we have a inhere directory. I cd into the directory, run ls and this time I am presented with 10 files, with a -file0* naming convention.

����������~%	C[�걱>��| �

So I have to find which of these files stores the password I need. I know from the blurb about the level i need to find the human-readable file. I start by running cat ./-file00 and I am presented with the following.

This is no good. I can’t go through each file individually. I know that if I use the file command I can determine the file type, and this should help to find the right one. To read more about the file command you can see more about it on the manual page. Ubuntu Manpage: file.

So I run the following command to find the file type for the file I viewed earlier.

file ./-file00

This is showing as a data file. So I know how to find which file I need to cat but if I just run the file command on every file, then that’s no better than just running the cat command on each file. So I decided to use the find command to execute the command across each file quickly.

find . -iname '-file0*' -exec file {} \;

This went through each of the files and I notice on -file07 that it shows that it is an ASCII text file as shown below.

./file07: ASCII text

I then cat this file and… Wham! Bam! Thank you ma’am! I have the password now for level 5.

Level 4 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Leave a Reply