I’m quarter of the way through the Bandit series and I’m now ready to try my hand at Bandit Level 9. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 8 write up give it a quick read then head back over here. So let’s find out what needs to be done.
From looking on the OverTheWire website I can see that the password is in a filename named
data.txt, similarly to the previous levels. However, this time the password begins with several
Let’s Start Hacking Then
It’s time to spin up a fresh terminal and initiate a SSH connection to the machine.
ssh firstname.lastname@example.org -p 2220
I enter the password from the last level and it works and I’m in. I’m staring from the bandit level 9 user home directory. If I’ve learnt anything from the last few levels. The file I am looking for will be here.
I run what seems to be my most used command
ls. Running this I can see, once again the
data.txtis in fact in the home directory. So let’s take a look at the contents.
The output of this seems to show that the file is not in an ASCII format. This may cause problems later, but for now I will try and use the
grepcommand to see if I can find the password.
cat ./data.txt | grep "=="
Instead of showing the password I am presented with the following.
Binary file data.txt matches
As I suspected because the file is not an ASCII text file I need to add some arguments to the
grep command to read the binary file, adding
-a should do the trick.
cat ./data.txt | grep -a "=="
This is now showing less of the file but I’m not seeing the password clearly. There are several lines that have multiple
= signs. I need to find some way of removing all the non ASCII content from my output.
Having a look around I can across this stack exchange question asking how to do the same. The answer pointed my to the
strings command. Looking at the manual page I could see that this is exactly what I wanted. So I run the following command.
strings ./data.txt | grep ==
…and Wham! Bam! Thank you ma’am! I have the password now for level 10.
Level 9 Complete
I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.
Level 10 password