bandit0-bandit7 walk through

Sekina MuradSekina Murad
2 min read

These levels can be solved using just 5 commands:
ls, cat, file, cd, and find.

Command Breakdown

  1. ls

    • Lists files in the current directory.

    • Useful flags:

      • -l → Long format (shows permissions, owner, size).

      • -a → Shows hidden files (e.g., .filename).

  2. cat

    • Reads and prints the contents of a file.

    • Example: cat password.txt.

  3. file

    • Checks a file’s type/properties (e.g., file mystery reveals if it’s a text file, binary, etc.).

  4. cd

    • Changes the current directory.

    • Example: cd /path/to/directory.

  5. find

    • Searches for files with specific criteria.

    • Common flags:

      • -name → Search by filename.

      • -size → Filter by size.

      • -executable / ! -executable → Find executable/non-executable files.

      • -type → Filter by type (e.g., f for files, d for directories).

bandit0-bandit1

bandit1-bandit2

The filename uses special characters, so we can’t read it directly with cat filename. Instead, use one of these methods:

  • "" or '' → Wrap the name in quotes (e.g., cat "--file" or cat '-f').

  • ./ → Prefix with the current directory path (e.g., cat ./-file).

  • /full/path/ → Use the absolute path (e.g., cat /path/to/-file).

  • -- → Tell the command to stop parsing options (e.g., cat -- -file).

  • find -inum → If the filename is corrupted, use ls -i to find its inode, then find . -inum 1234 -exec cat {} \;.

bandit2-bandit3

bandit3-bandit4

bandit4-bandit5

The password is stored in the only human-readable (ASCII) file in this directory. While you could check each file's type manually using the file command, there are many files to examine. To save time, I automated this check with a simple bash script that tests all files at once: for i in {1..9}; do file ./-file0$i; done

bandit5-bandit6

bandit6-bandit7

If you run the find command without the 2>/dev/null filter, you'll see many permission errors in the output. While you can still spot the correct file (the one with bandit7:bandit6 ownership and 33 bytes size) among all the noise, adding 2>/dev/null makes it much faster and easier by hiding all the error messages.

0
Subscribe to my newsletter

Read articles from Sekina Murad directly inside your inbox. Subscribe to the newsletter, and don't miss out.

overthewirbandit writeupbanditoverthewireoverthewirewriteup

Written by

Sekina Murad
Sekina Murad