Exploring OverTheWire: Level 6 to Level 7 - Bandit Challenge

📆 · ⏳ 2 min read · · 👀

Introduction

As we progress further in the Bandit Challenge, Level 7 ↗️ presents us with a new challenge. Our objective is to locate a password file on the server that has specific ownership and size properties.

Challenge Overview

Level 7 challenges us to search for a password file on the server with specific ownership and size properties.

💡

We need to find a file that is owned by the user “bandit7”, owned by the group “bandit6”, and has a size of 33 bytes.

By using commands such as ls, cd, cat, grep, and find we’ll navigate the file system, examine file attributes, and uncover the password.

Approach and Strategy

Follow these steps to successfully solve Level 7:

Terminal window
ssh [email protected] -p 2220

Enter the password you obtained from the previous level.

Once logged in, navigate to the root directory using the cd command:

Terminal window
cd /

This command will change your working directory to the root directory.

To search for the password file with the specific ownership and size properties, use the find command along with specific parameters:

Terminal window
find / -user bandit7 -group bandit6 -size 33c 2>/dev/null

This command will search for files owned by user bandit7, owned by group bandit6, and have a size of 33 bytes.

The 2>/dev/null portion redirects error messages to /dev/null, preventing them from being displayed.

The find command will display the path to the password file that meets the given criteria. Make a note of the path.

To view the contents of the password file and retrieve the password, use the cat command:

Terminal window
cat <path_to_password_file>

Replace <path_to_password_file> with the actual path obtained from the previous step which was /var/lib/dpkg/info/bandit7.password when I ran the command.

The password for Level 7 will be displayed in the output. Take note of it for the next level.

Notes

  • The find command is useful for searching files based on specific criteria.

Conclusion

Congratulations on successfully completing Level 7 of the Bandit Challenge! By exploring the server and locating the password file that meets the ownership and size properties, we have obtained the password necessary to progress further.

Stay tuned for the next blog post, where we’ll take on Level 8 and face new challenges in our quest to become skilled cybersecurity practitioners.

You may also like

  • # overthewire

    Exploring OverTheWire: Level 15 to Level 16 - Bandit Challenge

    Welcome back to our captivating journey through the Bandit Challenge! In this blog post, we're poised to conquer Level 16, where the path to victory lies in submitting the current level's password to a specific port on localhost using SSL encryption. Join me as we navigate through secure socket layers, SSL encryption, and gain access to the coveted password. Let's dive in!

  • # overthewire

    Exploring OverTheWire: Level 14 to Level 15 - Bandit Challenge

    Welcome back to our enthralling voyage through the Bandit Challenge! In this blog post, we're set to conquer Level 15, where the key to success lies in submitting the current level's password to a specific port on localhost. Join me as we delve into port communication, networking concepts, and gain access to the coveted password. Let's dive in!

  • # overthewire

    Exploring OverTheWire: Level 13 to Level 14 - Bandit Challenge

    Welcome back to our adventurous journey through the Bandit Challenge! In this blog post, we'll conquer Level 14, where we'll obtain a private SSH key that grants us access to the next level. Join me as we navigate through secure connections, employ cryptographic tools, and use the obtained key to log into the next level. Let's dive in!