Bandit Level 6 -> 7

Bandit Level 6 -> 7

Shakedown (Where’s the stash)

Bandit Level 7:

The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size

Commands we may need to solve this level: ls , cd , cat , file , du , find

Solution

First, let’s ssh to the level 7 server:

Speak up!

So now we’re in the level 7 server, and apart from some details about the server and NDA details, there is just a shell prompt.

So here, we’re looking to find a file owned by a certain user and group, that we can use the find command, looking at the man page of find, we can find the options we need to use:

We know from previous challenges how to use find with its type so let’s add the options above to get the file we want:

Upon execution of the above command, we got a large list of outputs, mostly the ones showing permission error, of course, we can pipe that to a pager like less or more.

However, even with a pager sifting through all those to get output is messy so we can use output streaming and grep to clear up the clutter.

We can see that we have significantly reduced the clutter, and we can see our file there, to make sure the owner user and group we can list the file using the path displayed here:

Here we can see the owner user and group, as list in the challenge so that is indeed our file, all we need to do now is concatenate the file content and retrieve our flag/password for the next challenge.

That’s it and see you on the next one.

Thank you, Enjoy.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.