OverTheWire Bandit Write Up – Level 11

Not long after hitting double digits I am now a third of the way through. I know that a third is only 1 after double digits, but I’m still happy, and bandit level 11 is going to be a quick one. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 10 write up, give it a quick read then head back over here. I assume that as your still reading this you’ve either already read it, or just wanted this level only, so let’s go.

Level 11

The password for this level is stored in the file data.txt. Once again the file is in the bandit level 11 users home directory. The file contains the password in an ASCII format however all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions. This is also known as ROT13, a letter substitution cipher. For more information or to play with ROT13 check out the ROT13 website.

Let’s Start Hacking Then

So once more I start with a fresh terminal to initiate a SSH connection to the system.

ssh bandit11@bandit.labs.overthewire.org -p 2220

I enter the password I gained from the previous level, luckily it worked. So must be doing it right, so far. I’m now presented with the home directory for the bandit11 user. First things first is to check what’s in the current directory I run my misted used command ls and can see that there is indeed a file named data.txt. I now need to see what is in the file, so I run the following;

cat ./data.txt

From this I get the following output;

Gur cnffjbeq vf 5Gr8L4qetPEsPk8htqjhRK8XSP6x2RHh

This is definitely in a ROT13 format so now I need to decrypt the message and hopefully this will give me the password.

Looking around I have found that I can use the tr command to translate the contents of the file by rotating them 13 places. You can read more about the tr command from the man page.

cat ./data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'

…and Wham! Bam! Thank you ma’am! I have the password now for level 12.

Level 11 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Leave a Reply