OverTheWire Bandit - LVL3 (Completed):

The goal for → LVL 3::

Level Goal:

→ The password for the next level is stored in a hidden file in the inhere directory.

Commands you may need to solve this level: → ls , cat, cd

Explanation:

Password for Bandit3 Access: MNk8KNH3Usiio41PRUEoDFPqfxLPlSmx

Using what we learned from the last lesson, ssh into Bandit Lvl 3. We can do this by entering the following:

→ sshbandit3@bandit.labs.overthewire.org-p2220

You’ll then be asked top enter the password for Bandit3. Type it in and press enter (REMEMBER, you wont see the password type out on screen so type it carefully and correctly). Once this is done you’ll successfully connect.

This Bandit level is actually pretty simple but it involves a bit more focus on the ls command and its options. Lets take a look at the option available when using the ls command:

• To get more info on the ls command and the options it has , use the --help option after entering ls:

  • ls --help

As we can see the ls command has A LOT of options to help us list information in a variety of ways. The two options we will focus on is the -a and -l:

• -a : Represent all files Include hidden files and directories in the listing. I.e. Do not ignore entries starting with “.”.

• -l : This will display a long listing format of content one per line of the current directory. Essentially, displays detailed information about files and directories (read/write access, user, group, size, etc.)

We are given the directory that the password file is located in: inhere

This is helpful info. We can perform the **ls -l** command to see the long listing format.

In this format we can see a few things in relation to the inhere file:

• 1st column → Symbolic representation for read/write/execute

• 2nd column → Number of Links

• 3rd/4th columns → File Owner (Users/Groups)

• 5th columns → Size of file/directory

• 6th/7th/8th → Date (Month-Date-Time)

• 9th column → Filename/Directory name

What we want to focus on is the first column: Symbolic Representation

The only thing we need to know from Symbolic representation in this level is the very first character.

• The first character can be one of 5 types but we only need to focus on the first 2:

  • “-” → Having a dash as the first character means this object is a FILE.

  • “d” → Having a letter “d” as the first character means this object is a DIRECOTRY, which is what we see in this case for inhere.

Here are a few links for a more in-depth look into octal and symbolic representation for files in Linux.

Now we know that inhere is a directory, lets cd into it and see what it has to offer:

cd inhere

Clearly, when we just use ls, nothing pops up, so to make sure there isn't anything hidden, lets do the following command - ls -la

This command will show us hidden files (-a) in long listing format (-l) , via the combination of both -l and -a options.

From this we can see what files and directories are available in the inhere directory, and one stands out in particular, a file called “…Hiding-From-You” (indeed it was).

Lets use the cat command for the “…Hiding-From-You” file, and see whether it has the info we seek:

cat …Hiding-From-You

Nice One!!

We now have our password for the next level!

Our Level 4 password is: 2WmrDFRmJIq3IPxneAaMGhap0pFhF3NJ

That is Bandit Level 3 complete, Head over to Bandit Level 4!