LinkedInGitHub

Level 6 → 7

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

  • owned by user bandit7

  • owned by group bandit6

  • 33 bytes in size

Write-Up

  1. Find the file with the specified properties:

find / -user bandit7 -group bandit6 -size 33c 2>/dev/null

  • find /: Start searching from the root directory

  • -user bandit7: look for files owned by user bandit7

  • -group bandit6: Look for files owned by group bandit6

  • -size 33c: Look for files exactly 33 bytes in size

  • 2>/dev/null: Redirect error messages to /dev/null to avoid cluttering the output

find / -user bandit7 -group bandit6 -size 33c 2>/dev/null

This command reveals /var/lib/dpkg/info/bandit7.password as the target file.

  1. Display the file content:

cat $(find / -user bandit7 -group bandit6 -size 33c 2>/dev/null)
cat $(find / -user bandit7 -group bandit6 -size 33c 2>/dev/null)

Or

cat /var/lib/dpkg/info/bandit7.password
cat /var/lib/dpkg/info/bandit7.password

The password retrieved: morbNTDkSW6jIlUc0ymOdMaLnOlFVAaj

  1. Access the next level:

ssh [email protected] -p 2220

Enter the password when prompted.

Lessons Learned

  • The find command can search based on multiple criteria simultaneously

  • Redirecting errors to /dev/null helps clean up output

  • System files can be located in unexpected places

  • Precise file properties can be used to locate specific files

-- Othmane

PreviousLevel 5 → 6NextLevel 7 → 8

Last updated

Was this helpful?