MayADevBe Blog

A Blog about Computer Science

OverTheWire Bandit Level 4 -> 5 - Walkthrough

Published - 2021-10-28 | 3min

Previous Level: Level 4

Login

SSH: ssh bandit4@bandit.labs.overthewire.org -p 2220

Password: pIwrPrtPN36QITSp3EQaw936yaFoFgAB

Task

The password for the next level is stored in the only human-readable file in the inhere directory.

A little bit of Theory

The file command gives us the type of data of the file. Some examples would be: ‘ELF’, ‘Perl script’, ‘ASCII text’, ‘data’ and more.

For this task, we are looking specifically for human-readable files. It means that the data is presented so that we can read the information. An ELF file, for example, is not human-readable. If you would try to print its content (head <elf_file_name>), the result would look something like this: �������$��$,0�%��0�'��0<u���8�w���9�t�.

The most common data encodings that are human-readable are ASCII and Unicode.


If we want to apply/use a command on all the files in the current directory, repeating the command or writing all filenames is tedious. To use the command on all the files in the directory without a lot of writing, we can use ‘*’, which is called a ‘wildcard symbol’. ‘*’ can stand for any number of any literal characters. An example could be file*, which would match to everything that starts with ‘file’, like ‘file00’, ‘file’, ‘fileAA’ and so on. It replaces the filename/path option in the command.

Solution

We again go into the ‘inhere’ directory and print out the files in the system:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

bandit4@bandit:~$ cd inhere
bandit4@bandit:~/inhere$ ls -la
total 48
drwxr-xr-x 2 root    root    4096 May  7  2020 .
drwxr-xr-x 3 root    root    4096 May  7  2020 ..
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file00
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file01
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file02
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file03
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file04
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file05
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file06
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file07
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file08
-rw-r----- 1 bandit5 bandit4   33 May  7  2020 -file09

We can see that there are ten files.

We can use different methods to find the human-readable file and therefore, the password.

  1. We could just print the contents of every file (cat). This is, however, not very efficient when we deal with more files.
  2. Instead, we could use the method I mentioned in the theory part. The command structure is file <filename>. Instead of using a filename, we use a wildcard to get the type for all the files. Additionally, looking at the file names, specifically at the fact, the names start with ‘-’, gives us problems. Therefore we use the same method as in Level 2.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data

We can see that only ‘-file07’ is of type ‘ASCII text’, which is one of the encodings, that humans can read. (It is also the same file type as the files from previous levels.) Now we only need to print the file:

1
2

bandit4@bandit:~/inhere$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh

And get the next password.

https://overthewire.org/wargames/bandit/bandit5.html

Next Level: Level 6


Share on:
Comments:
Related Content:
OverTheWire Bandit Level 6 -> 7 - Walkthrough

A walkthrough of Level 6 -> 7 of the Bandit wargame from OverTheWire. - Find a file with specific user and group ownership.

OverTheWire Bandit Level 5 -> 6 - Walkthrough

A walkthrough of Level 5 -> 6 of the Bandit wargame from OverTheWire. - Human-readable files, file sizes and non-executable files.