I’m starting to pick up the pace with these levels, and I’m all ready to try my hand at Bandit level 6. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 5 write up give it a quick read then head back over here. All caught up and ready to go?
So the format is pretty much the same, so I’ll skip over some of the bits, but the main objective this time is that the file is owned by the user
bandit7 but owned by the group
bandit6, and the file is 33 bytes in size and ready for the game of hide and seek.
Let’s Start Hacking Then
So i spin up a fresh terminal and start my SSH connection to the server.
ssh email@example.com -p 2220
I enter in the password i got from the last level and i’m in. So I start with the normal
ls command to see if I’m lucky enough that the file is just sat in the home directory, but, no such luck. So I start to use the
find command again to search for a file that 33 bytes in size anywhere on the system.
find / -type f -size 33c
I get presented with a few different files, too many to go through each of them, and some of them could be red herrings. So I need to check which of these files have the correct ownership.
find / -type f -size 33c -group bandit6 -user bandit7
Okay so now it looks like there are less files that match, but, a lot of the files have
Permission denied at the end of them. So, either I go through all these files and find out which ones I don’t have access to or I filter the list to show the ones I do have permissions to access. I found the following Stack Overflow article that explains how to remove those files using
find / -type f -size 33c -group bandit6 -user bandit7 >2&1 | grep -v "Permission denied"
I’m now left with just one file, so hopefully this is the right one. I open the file up
…and Wham! Bam! Thank you ma’am! I have the password now for level 7.
Level 6 Complete
I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.
Level 7 Password