With level 4 completed I can now continue on to Bandit level 5. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 4 write up give it a quick read then head back over here. Okay so all read? All caught up? Brilliant, let’s begin.

Level 5

So by now the format of these levels is pretty similar. There’s a file with the password in it and it’s hiding from me on the remote server. Bandit level 5, however, requires more than just open a directory, read the file and away you go. This time I need to contend with multiple sub directories, and each sub directory has multiple files. Some of these files are data while others are human readable. The details I have been given about the file is

  • the file is human-readable
  • the file is not executable
  • the file is 1033 bytes

Let’s start hacking then

So first things first, I load up a fresh new terminal and initiate a new SSH connection to the server using the following command.

ssh bandit5@bandit.labs.overthewire.org -p 2220

The password from the last worked so I am in. I start with the most used command ls and I can see a directory named inhere I run cd ./inhere and enter the directory. Once again I run the ls however, this time I am bombarded with sub directories, named maybehereXX.

Now I could go into what looks like 10 different directories and then check each of the files inside the to see where the password is, or, I can use the find command.

find . -type f ! -executable

Running the previous command I can see there are a few files that are not executable. So I am still left with too many options. So I know that the file is 1033 bytes in size, looking at the find manual page I can see that we can add the ability to search by size also.

find . -type f -size 1033c ! -executable

I am now left with just a single file. just to check that the file is the one I need I tested that it is human-readable first with the following command.

file ./inhere/maybehere07/.file2

The file is indeed human readable, not executable, and 1033 bytes in size, so I run the following command

cat ./inhere/maybehere07/.file2

…and Wham! Bam! Thank you ma’am! I have the password now for level 6.

Level 5 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Categories: Hacking

Justin Byrne

Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering., and just like his interests, his operating system has changed sometimes more then 4 times a year.

0 Comments

Leave a Reply