MayADevBe Blog

A Blog about Computer Science

OverTheWire Bandit Level 6 -> 7 - Walkthrough

Previous Level: Level 6


SSH: ssh -p 2220

Password: DXjZPULLxYr17uwoI01bNLQbtFemEgo7


Find a file somewhere on the server. Properties:

  1. owned by user bandit7
  2. owned by group bandit6
  3. 33 bytes in size

A little bit of Theory

In this level, we are introduced to the big topic of Linux File Permissions. Specifically, to the area of ownership. Each file is owned by a user and a group. You can see what user and group owns a file with the ls command and its -l tag.


bandit6@bandit:/var/lib/dpkg/info$ ls -l bandit7.password 
-rw-r----- 1 bandit7 bandit6 33 May  7  2020 bandit7.password

The third column shows the user, the fourth shows the group that owns the file.

As mentioned in a previous level, the find command can be used to find files on the server. It offers flags to look for files owned by a specific user (-user <username>) and a specific group (-group <groupname>).


We use the find command with the following options:

  • -type f, because we are looking for a file
  • -user bandit7, to find files owned by the ‘bandit7’ user
  • -group bandit6, to find files owned by the ‘bandit6’ group
  • -size 33c, to find files of size 33 bytes

We need to run the command from the root directory to search the whole system. Running the command find / -type f -user bandit7 -group bandit6 -size 33c will, however, also print a Permission denied error for files that we do not have permission. We can append 2>/dev/null, which will ‘hide’ all error messages 1.

And we got the file and can read the next password.

bandit6@bandit:~$ find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null

bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password

Next Level: Level 8

Share on: