Akash Ambashankar

Nov 28, 2020

3 min read

OverTheWire: Bandit Level 7

In the last post, we gained access to bandit6. Now, let’s find the password for bandit7.

Level 7

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

owned by user bandit7
owned by group bandit6
33 bytes in size

Commands you may need to solve this level

ls, cd, cat, file, du, find, grep

So we’re looking for a file owned by user bandit7, group bandit6, and of size 33 bytes.

The find command can do all of this for us.

The find command comes with a -user flag, -group flag, and we’ve already seen the -size flag.

And since the level goal says

The password for the next level is stored somewhere on the server

we need to search from the root directory, which is represented with a ‘/’.

So our final find command will look like this.

bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c
find: ‘/root’: Permission denied
find: ‘/home/bandit28-git’: Permission denied
find: ‘/home/bandit30-git’: Permission denied
find: ‘/home/bandit5/inhere’: Permission denied
find: ‘/home/bandit27-git’: Permission denied
find: ‘/home/bandit29-git’: Permission denied
find: ‘/home/bandit31-git’: Permission denied
find: ‘/lost+found’: Permission denied
find: ‘/etc/ssl/private’: Permission denied
find: ‘/etc/polkit-1/localauthority’: Permission denied
find: ‘/etc/lvm/archive’: Permission denied
find: ‘/etc/lvm/backup’: Permission denied
find: ‘/sys/fs/pstore’: Permission denied
find: ‘/proc/tty/driver’: Permission denied
find: ‘/proc/3513/task/3513/fd/6’: No such file or directory
find: ‘/proc/3513/task/3513/fdinfo/6’: No such file or directory
find: ‘/proc/3513/fd/5’: No such file or directory
find: ‘/proc/3513/fdinfo/5’: No such file or directory
find: ‘/cgroup2/csessions’: Permission denied
find: ‘/boot/lost+found’: Permission denied
find: ‘/tmp’: Permission denied
find: ‘/run/lvm’: Permission denied
find: ‘/run/screen/S-bandit12’: Permission denied
find: ‘/run/screen/S-bandit11’: Permission denied
find: ‘/run/screen/S-bandit30’: Permission denied
find: ‘/run/screen/S-bandit0’: Permission denied
find: ‘/run/screen/S-bandit16’: Permission denied
find: ‘/run/screen/S-bandit4’: Permission denied
find: ‘/run/screen/S-bandit3’: Permission denied
find: ‘/run/screen/S-bandit28’: Permission denied
find: ‘/run/screen/S-bandit33’: Permission denied
find: ‘/run/screen/S-bandit17’: Permission denied
find: ‘/run/screen/S-bandit10’: Permission denied
find: ‘/run/screen/S-bandit9’: Permission denied
find: ‘/run/screen/S-bandit15’: Permission denied
find: ‘/run/screen/S-bandit20’: Permission denied
find: ‘/run/screen/S-bandit7’: Permission denied
find: ‘/run/screen/S-bandit2’: Permission denied
find: ‘/run/screen/S-bandit1’: Permission denied
find: ‘/run/screen/S-bandit29’: Permission denied
find: ‘/run/screen/S-bandit26’: Permission denied
find: ‘/run/screen/S-bandit18’: Permission denied
find: ‘/run/screen/S-bandit13’: Permission denied
find: ‘/run/screen/S-bandit31’: Permission denied
find: ‘/run/screen/S-bandit8’: Permission denied
find: ‘/run/screen/S-bandit14’: Permission denied
find: ‘/run/screen/S-bandit19’: Permission denied
find: ‘/run/screen/S-bandit21’: Permission denied
find: ‘/run/screen/S-bandit22’: Permission denied
find: ‘/run/screen/S-bandit24’: Permission denied
find: ‘/run/screen/S-bandit25’: Permission denied
find: ‘/run/shm’: Permission denied
find: ‘/run/lock/lvm’: Permission denied
find: ‘/var/spool/bandit24’: Permission denied
find: ‘/var/spool/cron/crontabs’: Permission denied
find: ‘/var/spool/rsyslog’: Permission denied
find: ‘/var/tmp’: Permission denied
find: ‘/var/lib/apt/lists/partial’: Permission denied
find: ‘/var/lib/polkit-1’: Permission denied
/var/lib/dpkg/info/bandit7.password
find: ‘/var/log’: Permission denied
find: ‘/var/cache/apt/archives/partial’: Permission denied
find: ‘/var/cache/ldconfig’: Permission denied

But the problem is we get this long output with a lot of errors.

But there is a way to filter out all error messages!

According to this ask ubuntu page, using 2>/dev/null, we can filter all error messages.

But what does 2>/dev/null mean?

2>/dev/null

The 2 represents all error messages.

The > is used to redirect output. So 2> redirects all error messages.

/dev/null is treated as “black hole” in Linux/Unix systems. It is commonly used to redirect unwanted outputs.

So in short, 2>/dev/null redirects all error messages to /dev/null.

Note: Definitely check out this ask ubuntu page for more clarity.

Now, if we run the find command along with the redirection, we get

bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2> /dev/null/var/lib/dpkg/info/bandit7.password

We get the path to one file, which contains the password HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs.

Happy Hacking!

Blogging
Hacking
Ethical Hacking
Ctf
Overthewire

--

--

An Aspiring Security Engineer and Web Developer

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akash Ambashankar

Akash Ambashankar

2 Followers

An Aspiring Security Engineer and Web Developer

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech