Warning: This post contains a solution!
Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!
Connect to the server using the following credentials:
Server: bandit.labs.overthewire.org
Port: 2220
Username: bandit12
Password: 5Te8xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Level Goal is:
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir.
For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
First, create a temporary folder to work in and navigate to it:
1
2
3
| bandit12@bandit:~$ mkdir /tmp/lvl1213
bandit12@bandit:~$ cd /tmp/lvl1213
bandit12@bandit:/tmp/lvl1213$
|
Copy the file to the temporary folder:
1
2
3
| bandit12@bandit:/tmp/lvl1213$ cp ~/data.txt .
bandit12@bandit:/tmp/lvl1213$ ls
data.txt
|
Take a look at the file:
1
2
3
4
5
6
| bandit12@bandit:/tmp/lvl1213$ cat data.txt
00000000: 1f8b 0808 d7d2 c55b 0203 6461 7461 322e .......[..data2.
00000010: 6269 6e00 013c 02c3 fd42 5a68 3931 4159 bin..<...BZh91AY
00000020: 2653 591d aae5 9800 001b ffff de7f 7fff &SY.............
00000030: bfb7 dfcf 9fff febf f5ad efbf bbdf 7fdb ................
[...]
|
This seems to be a hex dump of a file. We can do a ‘reverse hex dump’ and write the content to a new file. But before we do that, we can take a look at the first Bytes (also called magic number
) → 0x1f8b. This shows us, that this dump was created from a GZIP compressed file (See List of file signatures
).
Let us do a ‘reverse hex dump’ and check which file type we have:
1
2
3
| bandit12@bandit:/tmp/lvl1213$ xxd -r data.txt > data.gz
bandit12@bandit:/tmp/lvl1213$ file data.gz
data.gz: gzip compressed data, was "data2.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix
|
We know from the level goal that the file was compressed several times and for this reason we check the file type after each unpacking and unpack it appropriately:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
| # 1
bandit12@bandit:/tmp/lvl1213$ gzip -d data.gz
bandit12@bandit:/tmp/lvl1213$ ls
data data.txt
bandit12@bandit:/tmp/lvl1213$ file data
data: bzip2 compressed data, block size = 900k
# 2
bandit12@bandit:/tmp/lvl1213$ bzip2 -d data
bzip2: Can't guess original name for data -- using data.out
bandit12@bandit:/tmp/lvl1213$ ls
data.out data.txt
bandit12@bandit:/tmp/lvl1213$ file data.out
data.out: gzip compressed data, was "data4.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix
# 3
bandit12@bandit:/tmp/lvl1213$ mv data.out data4.gz
bandit12@bandit:/tmp/lvl1213$ gzip -d data4.gz
bandit12@bandit:/tmp/lvl1213$ ls
data4 data.txt
bandit12@bandit:/tmp/lvl1213$ file data4
data4: POSIX tar archive (GNU)
# 4
bandit12@bandit:/tmp/lvl1213$ tar xfv data4
data5.bin
bandit12@bandit:/tmp/lvl1213$ file data5.bin
data5.bin: POSIX tar archive (GNU)
# 5
bandit12@bandit:/tmp/lvl1213$ tar xfv data5.bin
data6.bin
bandit12@bandit:/tmp/lvl1213$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
# 6
bandit12@bandit:/tmp/lvl1213$ bzip2 -d data6.bin
bzip2: Can't guess original name for data6.bin -- using data6.bin.out
bandit12@bandit:/tmp/lvl1213$ file data6.bin.out
data6.bin.out: POSIX tar archive (GNU)
# 7
bandit12@bandit:/tmp/lvl1213$ tar xfv data6.bin.out
data8.bin
bandit12@bandit:/tmp/lvl1213$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix
# 8
bandit12@bandit:/tmp/lvl1213$ mv data8.bin data8.gz
bandit12@bandit:/tmp/lvl1213$ gzip -d data8.gz
bandit12@bandit:/tmp/lvl1213$ file data8
data8: ASCII text
|
And finally view the content of the file ‘data8’:
1
2
| bandit12@bandit:/tmp/lvl1213$ cat data8
The password is 8Zjyxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
And delete the temporary created folder!
