Labels

OverTheWire Bandit Level 12->Level 13 - Walkthrough

Cybersecurity - OverTheWire Bandit Solutions
OverTheWire Bandit Solutions

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 12->Level 13. This level requires the player to know various commands used for decompressing in linux as the file which contains the password has been repeatedly compressed. We will be using commands like xxd, gunzip, bunzip2, tar, mkdir, mv and cp to clear this level.

Goal

Get the password for Level 13 from the file data.txt which is a hexdump of a file that has been repeatedly compressed.

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit12
Password - JVNBBFSmZwKKOP0XbFX0oW8chDz5yVRv

Theory

Since we do not have permission to create new files in the home directory, we will create a temporary directory inside /tmp and store the files. "cp" command is used to copy the files and "mv" is used to move the files. mv command is therefore used for renaming the files. Syntax for both commands is-:

  • cp source_file destination_file
  • mv original_file new_file
"mkdir" command is used for creating new directory. We will use this command to create a new directory inside /tmp directory. Syntax for mkdir is as below-:
  • mkdir new_directory
Since the file data.txt is a hexdump of another file, we will be using the command "xxd" to work with such file. xxd allows us to manipulate hexadecimal data. The "-r" flag allows us to tell xxd to reverse the operation(hex to binary). To know more about xxd, please go through this article.
After every decompress operation, we need to check the type of the file using the file command. Based on the type, we need to further decompress using the appropriate command. To clear this level, we will use the following commands-:
  • gunzip - It is used to expand or compress the files in Linux. It takes the input files with the extension as .gz, .z, _z, -gz, -z, .Z, .taz or .tgz. Syntax is "gunzip [option] [file_name]". gunzip is shorthand for gzip -d. Please go through this article to know more about gunzip command.
  • bunzip2 - The bunzip2 command decompresses a file like gunzip command. It is shorthand for bzip2 -d. Syntax is "bunzip2 [file_name]". Please go through this article to know more about bunzip2 command.
  • tar - This command is used to create archive and extract the archive files in Linux. Syntax is "tar [options] [file_name]". The options used in this level are "-x" which extracts files from an existing archive and "-f" which specifies the filename of the archive to be created. Please go through this article to know more about the tar command.

Solution

SSH into the user bandit12 using the command "ssh bandit12@bandit.labs.overthewire.org -p 2220" and the above password. Type ls to see the file "data.txt" present in the home directory of the user and "cat data.txt" to view the contents of the file.


Since, we do not have permission to create new files in the home directory, we will create a new directory in the /tmp directory and copy the file to the new created directory. Type the below commands-:

  • mkdir /tmp/temporary
  • cd /tmp/temporary
  • cp ~/data.txt data.txt
  • mv data.txt hexdump
  • ls

Now, we can use xxd to convert the data into its binary equivalent using the command "xxd -r hexdump comp". Type "file comp" to check what type of data is stored in the file.


Notice that the file was compressed using gzip so we need to decompress using the gunzip command. Make sure that the file has the correct extension before decompressing it. Type the below commands-:

  • mv comp comp.gz
  • gunzip comp.gz
  • ls
  • file comp

After running the file command, we can see that the data is compressed using bzip2. For decompressing, we will use bunzip2 command. Type the commands-:

  • bunzip2 comp
  • ls
  • file comp.out

We can notice that it is gzip compressed file once again. We use the same procedure as followed previously and type the below commands-:

  • mv comp.out comp.gz
  • gunzip comp.gz
  • ls
  • file comp

We can see that the data is saved in a tar archive. For extracting a tar file, we use the tar command with the options -x and -f. Type the below commands-:

  • tar -xf comp
  • ls
  • file data5.bin

We can see that the data is again in a tar archive. Again, we will run the below commands-:

  • tar -xf data5.bin
  • ls
  • file data6.bin

Now, the data is compressed using the bzip2. It looks like the file is recursively compressed using tar, gzip and bzip2. Therefore, we will keep repeating the above steps till we get the password file of type ASCII text. The command sequence is the following-:

  • bunzip2 data6.bin
  • ls
  • file data6.bin.out
  • tar -xf data6.bin.out
  • ls
  • file data8.bin
  • mv data8.bin data8.gz
  • gunzip data8.gz
  • ls
  • file data8

Now, type the command "cat data8" to view the password.

This completes the Level 13 walkthrough. Please post your questions or doubts in the comment section.

Labels:

Comments

Post a Comment

Popular Posts