DEV Community

Cover image for OverTheWire - Bandit (Level 5 Walkthrough)

OverTheWire - Bandit (Level 5 Walkthrough)

brydr profile image Bryan Eduria Updated on ・3 min read

Alt Text

This is my first ever writeup in my hacking journey.

I started doing bug bounties last May 2020, and at first, I was really having a hard time hacking into things and finding vulnerabilities because I really don’t know what to look for. I knew I needed some practice first.

After looking for some beginner-friendly resources online, I stumbled upon this set of wargames by OverTheWire called Bandit. Wargames, just like CTFs (Capture the Flag), are a great way to hone your hacking skills, especially in working with the shell.

In this level of OverTheWire’s Bandit, I will show you how I got the password at Level 5, which is needed to access the Level 6. I will be assuming that you’ve been through the first 5 levels (Levels 0 - 4), so by now, you know that every content of the bandit directories at the /home is restricted only to its respective owners in each level (e.g. the bandit5 contents are owned by the user named bandit5).

Alt Text
Figure 1.0
These are the hints for this level of Bandit.

  • As stated in Figure 1.0, the password that we need to find is stored in a directory named inhere. For that we can use the find command. This command has flags that are very useful in what we are trying to achieve.
find /home/bandit5 -type d -name inhere

The syntax for this command is:

find <directory> <flags>

Since we are looking for a folder named inhere, we used two flags for this command. These are:

  • -type
    • looks for a specific file type. It accepts different values such as:
      • f - regular file
      • d - directory
  • -name
    • you can specify in this flag the name of what you are looking for.

That command gives us this result:

Alt Text
Figure 1.1
  • From there we can cd into that directory and list all the contents inside.
Alt Text

Figure 2.0
The inhere folder contains many subfolders that we need to sift through.

The next hint in Figure 1.0 tells us that the file that we are looking for has the size of 1033 bytes. We are going to use again the find command to look into the contents of the inhere folder.

find . -size 1033c

In this command, we used the dot (.) to search the contents of the entire inhere folder, and the -size flag to indicate the size of the file that we are looking for. The size is 1033 bytes, and according to documentation of find command, when we are specifying a file size with byte as the unit, we should append c at the end.

Alt Text
Figure 2.1
The suffixes to be used for file sizes on the find command.

Executing the command above gives us this:

Alt Text
Figure 2.2
  • Let’s check the information and content of the file that we have just found.
Alt Text
Figure 3.0

Hmmmmm. So, the file has a size of 1033 bytes, check. The file is not executable, check. But is it human readable? Let’s take a look at the content of the file using the cat command.

cat ./maybehere07/.file2
Alt Text
Figure 3.1

Voila! The content is human readable, which satisfies all the hints given to us.

There you go. You now have your password for the Level 6 of Bandit.

Discussion (0)

Editor guide