I’m quarter of the way through the Bandit series and I’m now ready to try my hand at Bandit Level 9. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 8 write up give it a quick read then head back over here. So let’s find out what needs to be done.

Level 9

From looking on the OverTheWire website I can see that the password is in a filename named data.txt, similarly to the previous levels. However, this time the password begins with several = signs.

Let’s Start Hacking Then

It’s time to spin up a fresh terminal and initiate a SSH connection to the machine.

ssh bandit9@bandit.labs.overthewire.org -p 2220

I enter the password from the last level and it works and I’m in. I’m staring from the bandit level 9 user home directory. If I’ve learnt anything from the last few levels. The file I am looking for will be here.

I run what seems to be my most used command ls. Running this I can see, once again the data.txtis in fact in the home directory. So let’s take a look at the contents.

cat ./data.txt

The output of this seems to show that the file is not in an ASCII format. This may cause problems later, but for now I will try and use the grepcommand to see if I can find the password.

cat ./data.txt | grep "=="

Instead of showing the password I am presented with the following.

Binary file data.txt matches

As I suspected because the file is not an ASCII text file I need to add some arguments to the grep command to read the binary file, adding -a should do the trick.

cat ./data.txt | grep -a "=="

This is now showing less of the file but I’m not seeing the password clearly. There are several lines that have multiple = signs. I need to find some way of removing all the non ASCII content from my output.

Having a look around I can across this stack exchange question asking how to do the same. The answer pointed my to the strings command. Looking at the manual page I could see that this is exactly what I wanted. So I run the following command.

strings ./data.txt | grep ==

…and Wham! Bam! Thank you ma’am! I have the password now for level 10.

Level 9 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Categories: Hacking

Justin Byrne

Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering., and just like his interests, his operating system has changed sometimes more then 4 times a year.

0 Comments

Leave a Reply