DEV Community

Krishna
Krishna

Posted on

OverTheWire Bandit Level 5 Level 6 walk-through

#security #infosec #ctf #beginners

Challenge page => https://overthewire.org/wargames/bandit/bandit6.html

This time the password is in a file which has a certain set of attributes. What makes this challenge unique is that the number of files you will have to sift through is huge.

Lets take a look at the contents of the inhere dir and one of its subdirs.

Contents of inhere dir

So, clearly we have our work cut out for us. Going through each one of the files will take a huge amount of time.

So how do we find the file which has the three attributes listed?

  • human-readable
  • 1033 bytes in size
  • not executable

Hint 1: Once again, look at the man pages of the commands "you may need"

The hint was in the question itself :D

The find command comes in handy when searching for files with certain attributes. But we have to be careful with how we use it as it can search through the entire file system if needed.

Don't hesitate to fire up a few searches for the find command and see a few examples. Also, do gloss over the man page, as the flags will come in handy in the future as well.

Now that we've zeroed in on the find command, we need to ensure

  • The search completes fast
  • The search doesn't go through the entire filesystem, but just through the inhere dir
  • It only outputs the name of the file that has the aforementioned attributes

Which are the flags of the find command that will help us narrow down the file that contains the password?

Hint 2: You don't need to ask Google or the Duck for this. Searching the man pages will suffice.

The man pages are quite handy aren't they? They are a bit verbose though. Then again that is how good documentation is supposed to be :)

So, we've figured out the flags required

  • -readable for human-readable files
  • -size 1033c for 1033 bytes
  • -executable to ensure the find command filters for executable files

But wait, we need "non-executable" files.

How do we negate the flag?

Hint 3: Usually man pages have a few examples also listed. Maybe our answer is there?

Jackpot! There is one example where the -readable file is negated.

Flag negation example

Now we have everything we need. Assuming you are running the command from your home dir, the final command would be

find ./inhere -readable -size 1033c \! -executable

Let's try it.

Solution

That was a pretty fast search. Onto the next challenge!

Top comments (0)

Read next

jamescroissant profile image

Understanding Modern Web Authentication Flows: Session vs JWT vs OAuth

Yu Hamada -

alfredosalzillo profile image

The React `useInsertionEffect` Hook

Alfredo Salzillo -

mikeyoung44 profile image

Contextualized Document Embeddings Capturing Semantic Meaning and Context for Improved Text Analysis

Mike Young -

adaobilynda profile image

useReducer and how it is different from useState

Adaobi Okwuosa -