Bandit level 6
Level Goal
The password for the next level is stored somewhere on the server and has all of the following properties:
- owned by user bandit7
- owned by group bandit6
- 33 bytes in size
Again we are looking for a file with specific attributes. But this time we need to perform the search on the entire server. We also have two new parameters to consider, using only the size parameter with the find command we get 105 lines returned including error lines. The error lines are not actual hits, but they fill the terminal window with lines.
Useful commands for this level:
- cd - where do we need to go to search the entire server?
- find
- grep - read the man pages for good hints.
- less - can be solved with the help of less
Solution - Spoiler Alert!
After a thorough explanation of the find command in the previous there is no need for that here, but we need two new parameters to find user and group. If we take a look at the man pages we find that the options are as easy as -user and -group
Together with the size parameter we have all properties covered. Now we need to perform the search on the entire server, to do that one must change directory to the top of the hierarchy, better known as the root directory. cd / will take you to the root directory and we can perform our search
With the command find -type f -size 33c -user bandit7 -group bandit6 we can find the file. There is still a lot of clutter of error messages, we canfilter them out by suppressing them with 2>/dev/null. Now we have the file name, To make our find command in to another one-liner like last level. We can add -exec cat {} \; at the end of the find command, but before the suppression of error messages.
final command: find -type f -size 22c -user bandit7 -group bandit6 -exec cat {} \; 2>/dev/null
Comments ()