OverTheWire Bandit Write Up – Level 9

I’m quarter of the way through the Bandit series and I’m now ready to try my hand at Bandit Level 9. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 8 write up give it a quick read then head back over here. So let’s find out what needs to be done.

Level 9

From looking on the OverTheWire website I can see that the password is in a filename named data.txt, similarly to the previous levels. However, this time the password begins with several = signs.

Let’s Start Hacking Then

It’s time to spin up a fresh terminal and initiate a SSH connection to the machine.

ssh bandit9@bandit.labs.overthewire.org -p 2220

I enter the password from the last level and it works and I’m in. I’m staring from the bandit level 9 user home directory. If I’ve learnt anything from the last few levels. The file I am looking for will be here.

I run what seems to be my most used command ls. Running this I can see, once again the data.txtis in fact in the home directory. So let’s take a look at the contents.

cat ./data.txt

The output of this seems to show that the file is not in an ASCII format. This may cause problems later, but for now I will try and use the grepcommand to see if I can find the password.

cat ./data.txt | grep "=="

Instead of showing the password I am presented with the following.

Binary file data.txt matches

As I suspected because the file is not an ASCII text file I need to add some arguments to the grep command to read the binary file, adding -a should do the trick.

cat ./data.txt | grep -a "=="

This is now showing less of the file but I’m not seeing the password clearly. There are several lines that have multiple = signs. I need to find some way of removing all the non ASCII content from my output.

Having a look around I can across this stack exchange question asking how to do the same. The answer pointed my to the strings command. Looking at the manual page I could see that this is exactly what I wanted. So I run the following command.

strings ./data.txt | grep ==

…and Wham! Bam! Thank you ma’am! I have the password now for level 10.

Level 9 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Leave a Reply