Level 6 → 7

Level Goal

The password for the next level is stored somewhere on the server and has all of the following properties:

• owned by user bandit7

• owned by group bandit6

• 33 bytes in size

Write-Up

1. Find the file with the specified properties:

find / -user bandit7 -group bandit6 -size 33c 2>/dev/null

• find /: Start searching from the root directory

• -user bandit7: look for files owned by user bandit7

• -group bandit6: Look for files owned by group bandit6

• -size 33c: Look for files exactly 33 bytes in size

• 2>/dev/null: Redirect error messages to /dev/null to avoid cluttering the output

This command reveals /var/lib/dpkg/info/bandit7.password as the target file.

1. Display the file content:

cat $(find / -user bandit7 -group bandit6 -size 33c 2>/dev/null)

Or

cat /var/lib/dpkg/info/bandit7.password

The password retrieved: morbNTDkSW6jIlUc0ymOdMaLnOlFVAaj

1. Access the next level:

ssh bandit7@bandit.labs.overthewire.org -p 2220

Enter the password when prompted.

Lessons Learned

• The find command can search based on multiple criteria simultaneously

• Redirecting errors to /dev/null helps clean up output

• System files can be located in unexpected places

• Precise file properties can be used to locate specific files

-- Othmane