OverTheWire: Bandit Level 9 → Level 10


Level Goal

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.

Commands you may need to solve this level

grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

> whatis grep
grep (1) - print lines that match patterns
> whatis sort
sort (1) - sort lines of text files
> whatis uniq
uniq (1) - report or omit repeated lines
> whatis strings
strings (1) - print the sequences of printable characters in files
> whatis base64
base64 (1) - base64 encode/decode data and print to standard output
> whatis tr
tr (1) - translate or delete characters
> whatis tar
tar (1) - an archiving utility
> whatis gzip
gzip (1) - compress or expand files
> whatis bzip2
bzip2 (1) - a block-sorting file compressor, v1.0.8
> whatis xxd
xxd (1) - make a hexdump or do the reverse.

Note : All commands don’t have to be used to complete level

Helpful Reading Material


View the contents of the current working directory

bandit9@bandit:~$ ls

Peek at the data that is present in the file. This can be achieved using the head command

bandit9@bandit:~$ head -n 4 data.txt

(The -n flag allows us to specify how many lines to print from start of the file. We can use the tail command to look at the last n lines of a file)

Human readable string in an file can be found using the strings command. The -e flag is used to specify the character encoding. We are assuming the human readable line is ASCII text so we use “s” for the encoding type (Refer attached resources for more information)

We also know that the line with the password starts with a few “=” characters. We can look for this pattern in the file using the grep command. We can combine all these commands into an single line using the | (pipe) operator

bandit9@bandit:~$ cat data.txt | strings -e s | grep ==
========== the*2i"4
========== password
Z)========== is
&========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk

Note : The cat command is used to read the data from the file which is then passed as input to the next command in line using pipes

We have found the password for the next level !!

Logout of current session and use password of user bandit10 to access next level

> ssh bandit10@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit10@bandit.labs.overthewire.org's password: truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

API Rest with Laravel 5.6 Passport Authentication — Reset Password (Part 4)

Software Testing Interview Questions & Answers (Part 1)

comely Black onyx Silver Black Ring jaipur L-1in US 5678

Writing a Price Tracker in Python with Selenium WebDriver

Introducing VIRNECT AR Solution 2.0 updates — VIRNECT Remote (Part 2)

Save yourself from a disaster: Redundancy on a budget

What Docker is?

How to Send an Email from a Smartloop Chatbot using Zapier

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Varghese

David Varghese

More from Medium

DC Motor Speed Control Using PID

Why Linux is better for Programming?

Learn the basics of Operating systems for Devops

How to Make Verified GitHub Commits