OverTheWire: Bandit Level 17 → Level 18

https://overthewire.org/wargames/bandit/bandit18.html

Level Goal

There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new

NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19

Commands you may need to solve this level

cat, grep, ls, diff

> whatis cat
cat (1) - concatenate files and print on the standard output
> whatis grep
grep (1) - print lines that match patterns
> whatis ls
ls (1) - list directory contents
> whatis diff
diff (1) - list different between files

Note : Not all commands need to be used to complete level

Helpful Reading Material

Solution

View the files that are present in the home directory

bandit17@bandit:~$ ls
passwords.new passwords.old

We know that both the files differ in only one line and that line consist of the password that we require. We can view the changes that have been made in files using the diff command

bandit17@bandit:~$ diff passwords.old passwords.new
42c42
< w0Yfolrc5bwjS4qw5mq1nnQi6mF03bii
---
> kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

Note : The < sign represents the lines that have been removed and the > sign represents the lines that have been added in its place

The line after the > sign is the password for the next level

Logout of the current session and login into the next level using the password for bandit18

> ssh bandit18@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit18@bandit.labs.overthewire.org's password: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
.
.
.
Byebye !
Connection to bandit.labs.overthewire.org closed.

Note : When we try to login we are going to get kicked out saying “Byebye!”. This is normal, this is part of the challenge for the next level

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

One-Click DNSSEC with Cloudflare Registrar

My (Sort-of) Tell All About Privacy’s Toxic Environment

Using The Graph to Provide Data Analytics for Kyber DMM Protocol

Are Data Breaches Becoming More Common in Nepal?

Cybersecurity: Opportunity or Threat — A fireside chat

ALL Enterprise Java applications are exposed to this security vulnerability

{UPDATE} しんかんせん えあわせ【新幹線神経衰弱】 Hack Free Resources Generator

{UPDATE} Draw Line Challenge Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Varghese

David Varghese

More from Medium

Previse Machine Walkthrough — HackTheBox

How to Make Logic Gates with Digital I/O using ESP32 Board

National Cyber Drill 2021 : Reverse Engineering challenges writeup

Vulnhub Writeup: Corrosion-2