With level 11 not taking too much time to complete, is was inevitable (like Thanos) that bandit level 12 would not be the same. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 11 write up, give it a quick read then head back over here. And if you haven’t guessed already, yes I am a Marvel fan! Anyway let’s go.

Level 12

This level is once again using a data.txt file to store the password for the next level. However, the password has been compressed repeatedly and then the output of that has been pushed through a hexdump. During the processing of this file I will need to create multiple output files, because of this I can create my own directory in the /tmp directory. This is recommended as many users may be accessing the bandit level 12 system simultaneously. So let’s begin.

Let’s Start Hacking Then

So it’s that time again, I spin up a fresh terminal and initiate the SSH connection to the machine.

ssh bandit12@bandit.labs.overthewire.org -p 2220

Again, I am prompted for the password for the user and no surprise (okay just a little) the password I got from the last level worked, and I’m in. Everyone I write that line I can’t help but think of the Tron quote

…and then, one day, I got in!

So I need to first take a look around and see if I’ve got everything I need in the bandit level 12 users home directory. I run the ls command and can see I have the data.txt file I need to start with. It’s always worth a look at the file before I begin, so I run the following command, just to have a look.

cat ./data.txt

This is the file I need as the output is indeed a hexdump. I can now get started ‘properly’. Looking back at the level description I will need to make my own copy of the file before I start to manipulate it, and in order to do that I will need my own directory to play in. To keep my directory setup I run the following command.

mkdir /tmp/jrlbyrne

Next I need to create a copy of the data.txt in my directory, and do so with the following.

cp ./data.txt /tmp/jrlbyrne

So I have my own directory, and a copy of the file to start playing with. All that’s left to do before I can start to do anything with the file is to move into that directory.

cd /tmp/jrlbyrne

It’s now time to actually start processing the file to get the password. The first thing I need to do is reverse the hexdump. Looking at the man page of the xxd command I know that I can use it to either make or reverse a hexdump. I need to reverse it, so I run the following and put the output into a new 1.txt file.

xxd -r ./data.txt > 1.txt

I know have a reversed hexdump of the file that should be compressed, so I will need to uncompress the file before I can get the password. However, I need to find how the files been compressed first.

file ./1.txt

Tells me that the file is gzip compressed data. Looking at the man page for gzip I see that the file first needs to have a .gz file extension. So I need to rename the file before I can uncompress

mv ./1.txt ./1.gz

The file is now ready to be uncompressed. I run the following.

gzip -d ./1.gz

I need to check what files I know have in the directory, using the ls command I can see that the 1.gz file has gone and I am left with a 1 file. So I need to find out what type of file it is first, like previously.

file ./1

From this I find out that the file is bzip2 compressed data. I need to use bzip2 to uncompress that file. However before I go on the file itself was compressed many times, and to prevent you from having to read the same sentence over and over again. I have put all the commands I ran in one big code block.

$ bzip2 -d ./1
$ file ./1.out
gzip compressed data
$ mv ./1.out ./1.gz
$ file ./1
POSIX tar archive
$ mv ./1 ./1.tar.gz
$ tar -xvf ./1.tar.gz
$ file ./data5.bin
POSIX tar archive
$ mv ./data5.bin ./data5.tar.gz
$ tar -xvf ./data5.tar.gz
$ file ./data6.bin
bzip2 compressed data
$ bzip2 -d ./data6.bin
$ file ./data6.bin.out
POSIX tar archive
$ mv ./data6.bin.out ./data6.tar.gz
$ tar -xvf ./data6.tar.gz
$ file ./data8.bin
gzip compressed data
$ mv ./data8.bin ./data8.gz
$ gzip -d ./data8.gz
$ file ./data8
ASCII text

That’s it, the file is no longer compressed and I should now be able to get the password, I run the following.

cat ./data8

…and Wham! Bam! Thank you ma’am! I have the password now for level 13.

Level 12 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Categories:Hacking

Justin Byrne

Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering, and just like his interests, his operating system has changed sometimes more then 4 times a year.

0 Comments

Leave a Reply