Bandit Level 4 -> 5

Bandit 4 -> 5

Speak English, God Damn it!

Bandit Level 5:
The password for the next level is stored in the only human-readable file in the inhere directory. Tip: If your terminal is messed up, try the “reset” command.

Commands we may need to solve this level: ls , cd , cat , file , du , find

Solution

First, let’s ssh to the level 5 server:

Is there anyone who speaks English here?

So now we’re in the level 5 server, and apart from some details about the server and NDA details, there is just a shell prompt.

As the problem states, there’s only one file that is human-readable, so we need to find a way to identify human-readable files. Let’s see what files are around on the server.

First of let’s move into the inhere directory and list the files and folder inside there:

Now, here’s the thing, Of all these files only one can be read by a human, so when we list them we need to find a way to list only the human-readable ones, Not only that the file names start with ‘-‘, which in Linux you guessed it serves for specifying options for commands like the “ls -la”. So first let’s look at how to list only files that are human-readable, Let’s RTFM of ls, surprisingly there is no option to list files that are human readable, only an option for human readable size output, so let’s resort to the other commands that are suggested from the problem page, there’s the file command we can view the man page of file, from there we can understand if we execute “file -f <file_name>, so let’s try to list all files with the command file using the wild card “*”:

One way we can resolve this is by preceding the wildcard with “./”, which stands for the current directory, so effectively we are passing to the file command all files that reside in the current directory.

Bingo, we found the text file, ASCII text means that it’s based on the alphabet we know and love. Now we just concatenate the content of -file07, by preceding ./:

And that’s how it’s done, on to the next challenge.

Thank you, Enjoy.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.