Labels

OverTheWire Bandit Level 6->Level 7 - Walkthrough

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 6->Level 7. We will be using the find command with its different options to locate the file and then get the password. We will see how the Permission Denied error can be ignored and not printed in the output to get the file.

cybersecurity - OverTheWire Bandit Solutions
OverTheWire Bandit Solution


Goal

Get the password for Level 7 from a file stored somewhere on the server and fulfils below 3 requirements-:
  • owned by user bandit7
  • owned by group bandit6
  • 33 bytes in size
Login Details
Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit6
Password - P4L4vucdmLnm8I7VL7jG1ApGSfjYKqJU

Theory

This Level requires the player to have some understanding of Linux File Permissions. Specifically, related to the ownership of files. Each file is owned by a user and group and has certain permissions associated with it. Run the command "ls -l" to see the file and directories in the long format. 

Linux File Permission, Ownership
Linux File Permission, Ownership

The third column in the above image shows the user and fourth one shows the group that owns the file. Please go through this article on Red Hat to know more about the permissions and ownership.

As we have already seen in previous levels, find command can be used to search for files owned by a specific user or a group using the below options-:
  • -user [username] -: [username] is replaced with the user who owns the file
  • -group [groupname] -: [groupname] is replaced with the group that owns the file
Since the file can be stored anywhere on the server, we will perform the search from the root folder(/). Using find command from root folder will give us Permission Denied error for many files and cause confusion to find the required file. Therefore, we will append "2>/dev/null" to hide all the errors and can find the file efficiently. Please read this thread on stack overflow to understand about this more.
Find command without appending "2>/dev/null"-:

Permission Denied Error with find command
Permission Denied Error with find command

Solution

SSH into the user bandit6 using the command "ssh bandit6@bandit.labs.overthewire.org -p 2220" and the above password. Note that there are no further directories present in the home folder. 

As stated, the file can be located anywhere on the server. Therefore, we will run the command "find / -user bandit7 -group bandit6 -size 33c 2>/dev/null" and locate the required file.

Run the command "cat /var/lib/dpkg/info/bandit7.password" to get the password.

This completes Level 7 as we have the password.

Please post your doubts and suggestions in the comment section.
Labels:

Comments

Post a Comment

Popular Posts