Bandit Level 6 → Level 7
Level Goal
Question:
The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
Explanation
find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null
- Find , this is standard syntax needed to Find something.
- -type f, this is because we are looking for a file.
- -user bandit7, to find files owned by the ‘bandit7‘ user
- -group bandit6, to find files owned by the ‘bandit6‘ group
- -size 33c, to find files of size 33 bytes
There isn’t any other files on the system so we need to access the root directory. I need to search the whole system by running the command ( find / -type f -user bandit 7 -group bandit6 -size 33c) will however, also print a Permission denied error files that we do not have permissions for the file. We can append 2>/dev/null, which will hide all error messages.
Was able to get the password and read the next password.
Bandit Level 8 → Level 9
Level Goal
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd
Answer: grep millionth data.txt
TESKZC0XvTetK0S9xNwm25STk5iWrBvP
How to use grep:
- -grep, (word looking for) (file name) ( only works on text files)
- – sort data.txt, This sorts the data inside the txt file.
- | uniq -c, uniq on its own only prints out one of each line when there are several lines the same one after another.
with a -c, it prints out the line, and the number of times that line occurred in a row.
so if you put:- the same thing
- the same thing
- the same thing
- the same thing
- the same thing
- something different
-Through “uniq” it would print out just:
-the same thing
-something different
If you add “-c”: (uniq -c)
You would get:
5 the same thing
1 something different
- | grep 1, Looks for the number among all the data in the file.
- | grep -v 10, This ignores all the numbers that are 10 because the “-v” means does not match/exclude.
(sort data.txt | uniq -c | grep 1 | grep -v 10)
Bandit Level 9 → Level 10
Level Goal
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
Strings
strings data.txt | grep =
- strings data.txt , Finds all the strings in the file but in this case strings in the file data.txt
- | grep = , Finds the = in the result of the before command which is (strings data.txt) so what the pipe will do is find all the = in the strings that are in the data.txt file.
- String can be a sequence of characters. It can be a word, a sentence, a series or numbers or any other combination of characters.
Answer
The ASCII values of the characters P, y, t, h, o, n are 15, 50, 45, 33, 40, 39 respectively. We can represent these ASCII values in 8-bit binary as follows:
Bandit Level 10 → Level 11
Level Goal
The password for the next level is stored in the file data.txt, which contains base64 encoded data
Base64:
Base64 command with the -d option followed by the Base64 encoded string you want to decode.
Answer:
Decoding base 64:
Use the Base64 command with the -W 0 option (optional, sets the line width to 0, which means no line breaks in the output) and provide the data you want to encode.
Bandit Level 11 → Level 12
Level Goal
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
Tr command is used in translating, deleting, or squeezing characters in a text stream. It allows you to perform a simple character -level manipulations on input data.
Key functions of ‘tr’ command:
Translate Characters:
Replace specific specific characters in the input text with other characters. E.g. Can change, (a-x or e-z)
Delete Characters:
Can also be used to remove specific characters from the input.You can delete all occurrences of a particular letter or any set of character that you specify.
Squeeze Repeated Characters:
The tr command can squeeze multiple consecutive occurrence of a character into a single occurrence. E.g if you have multiple spaces in a row, you can squeeze them into one space.
The tr command reads the input text from the standard input and writes the transformed results to the standard output.
- tr ‘A-Za-z’ : Makes sure the set of characters to be translate, which includes all uppercase and lowercase letters of the English alphabet.
- ‘N-ZA-Mn-za-m’ : Specifies the set of replacement characters . The uppercase letters are rotated by 13 positions, so A becomes N,B becomes O, C becomes P, and so on. The same applies to lowercase letters.
Answer
Example:
SET1 : This set of characters is the ones you want to translate from.
SET2: The set of characters you want translate to. If there is no SET2 the tr will start to deleting things based on SET1.
- E.g. echo hello | tr el 12
- translates the hello to h12lo