OverTheWire Bandit - LVL6 (Completed)

Mike Kobbie Tieku TABIMike Kobbie Tieku TABI
2 min read

Table of contents

The goal for → LVL 6::

Level Goal:

→ The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7

  • owned by group bandit6

  • 33 bytes in size

Commands you may need to solve this level:ls , cd , cat , file , find, grep

Explanation:

Password for Bandit6 Access: HWasnPhtq9AVKe0dmk45nxy20cvUa6EG

First, ssh into Bandit Lvl 6. We can do this by entering the following:

ssh bandit6@bandit.labs.overthewire.org -p2220

You’ll then be asked top enter the password for Bandit6. Type it in and press enter (REMEMBER, you wont see the password type out on screen so type it carefully and correctly).

Once this is done you’ll successfully connect.

So we are continuing the use of the find command, except this time we are using some new options to the previous level, and, from immediately accessing the bandit6 server with no need to change directory.

Here is a breakdown of the following command:

find / -user bandit7 -group bandit6 -size 33c -type f 2> /dev/null

  • find: The command used to search for files and directories.

  • /: The starting directory for the search, which in this case is the root directory, meaning the search will include all directories and subdirectories.

  • user bandit7: This option specifies that the search should only include files owned by the user bandit7.

  • group bandit6: This option specifies that the search should only include files that belong to the group bandit6.

  • size 33c: This option specifies that the search should only include files of size 33 bytes. The c stands for characters, which in this context means bytes.

  • type f: This option specifies that the search should only include regular files (not directories or other types of files).

  • 2> /dev/null: This redirects any error messages (file permission errors, etc.) to /dev/null, effectively discarding them to keep the output clean.

Overall, this command finds all regular files in the root directory and its subdirectories that are owned by the user bandit7, belong to the group bandit6, and are exactly 33 bytes in size, while suppressing any error messages.

After running this command we are given the following path and file name: */var/lib/dpkg/info/bandit7.password*

Lets copy this file path and paste it after entering the cat command. This should hopefully output the password we need for the next level

cat /var/lib/dpkg/info/bandit7.password

The password for Level 7 access is: morbNTDkSW6jIlUc0ymOdMaLnOlFVAaj

That is Bandit Level 6 complete, Head over to Bandit Level 7!

Some Useful Links to refer to:

0
Subscribe to my newsletter

Read articles from Mike Kobbie Tieku TABI directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Linuxlinux for beginnerslinux-basicslinux-commandsbanditfind commandoverthewire

Written by

Mike Kobbie Tieku TABI
Mike Kobbie Tieku TABI