OverTheWire Bandit Level 3->Level 4 - Walkthrough

Introduction

In this article, I will give you a walkthrough to the Bandit wargame Level 3->Level 4. This article will help the player clear the wargame with additional knowledge on dealing with hidden files.

The player is required to fetch the password from a hidden file located in another directory instead of the home directory. We will be using the change directory(cd) command and list(ls) command with the option -a which will help us locate the hidden files.

Goal

Get the password for Level 4 from a hidden file located in the directory "inhere".

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit3
Password - aBZ0W5EmUfAf7kHTQeOwd8bauFJ2LAiG

Theory

Once we are in the home directory of the user(bandit3), we will be able to see the new directory named "inhere" on running the command ls. To get into the directory, we need to run the change directory(cd) command.
Syntax for cd command is - cd [directory] - where [directory] represents the destination directory path you want to navigate to. Few common uses of cd command are-:

• cd .. -takes you to the previous directory
• cd / - takes you to the root directory
• cd ~ - takes you to the home directory of the current user

Also notice the color in which the directory names and file names are written in Linux. The file names are usually written in white color whereas the directory names are written in red or blue or some other color. I would highly recommend you to go through this article in order to know much more about the cd command and its various use cases.
The simple ls command will not give the hidden files or directories. Hidden files or directories in Linux start with ".". We need to use the -a flag with ls command in order to see all the files including the hidden files. Please read more about the ls command here.
The ls -a command will also give us below two directories-:

• . - present directory
• .. - parent directory

Solution

Login to bandit3 through SSH using the command "ssh bandit3@bandit.labs.overthewire.org -p 2220" and above password. Locate the directory "inhere" and navigate to it using the command "cd inhere".

Using the command "ls -a", see the hidden files present in "inhere" directory.

Now, run the command "cat .hidden" to see the password for the next level.

Alternatively, we can see the password without getting into the directory "inhere" by following below commands-:

• ls - check the directory in the home folder
• ls inhere -a - check the files in the inhere directory
• cat inhere/.hidden - read the contents of the hidden file

This completes the level. Please post your questions or suggestions in the comment section.