OverTheWire Bandit Write Up – Level 6

I’m starting to pick up the pace with these levels, and I’m all ready to try my hand at Bandit level 6. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 5 write up give it a quick read then head back over here. All caught up and ready to go?

Level 6

So the format is pretty much the same, so I’ll skip over some of the bits, but the main objective this time is that the file is owned by the user bandit7 but owned by the group bandit6, and the file is 33 bytes in size and ready for the game of hide and seek.

Let’s Start Hacking Then

So i spin up a fresh terminal and start my SSH connection to the server.

ssh bandit6@bandit.labs.overthewire.org -p 2220

I enter in the password i got from the last level and i’m in. So I start with the normal ls command to see if I’m lucky enough that the file is just sat in the home directory, but, no such luck. So I start to use the find command again to search for a file that 33 bytes in size anywhere on the system.

find / -type f -size 33c

I get presented with a few different files, too many to go through each of them, and some of them could be red herrings. So I need to check which of these files have the correct ownership.

find / -type f -size 33c -group bandit6 -user bandit7

Okay so now it looks like there are less files that match, but, a lot of the files have Permission denied at the end of them. So, either I go through all these files and find out which ones I don’t have access to or I filter the list to show the ones I do have permissions to access. I found the following Stack Overflow article that explains how to remove those files using grep.

find / -type f -size 33c -group bandit6 -user bandit7 >2&1 | grep -v "Permission denied"

I’m now left with just one file, so hopefully this is the right one. I open the file up

cat /var/lib/dpkg/info/bandit7.password

…and Wham! Bam! Thank you ma’am! I have the password now for level 7.

Level 6 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Leave a Reply