OverTheWire - Bandit - Level 12 → Level 13

Warning: This post contains a solution!

Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!

Connect to the server using the following credentials:

Server: bandit.labs.overthewire.org
Port: 2220
Username: bandit12
Password: 5Te8xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Level Goal is:

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

First, create a temporary folder to work in and navigate to it:

bandit12@bandit:~$ mkdir /tmp/lvl1213
bandit12@bandit:~$ cd /tmp/lvl1213

Copy the file to the temporary folder:

bandit12@bandit:/tmp/lvl1213$ cp ~/data.txt .
bandit12@bandit:/tmp/lvl1213$ ls

Take a look at the file:

bandit12@bandit:/tmp/lvl1213$ cat data.txt
00000000: 1f8b 0808 d7d2 c55b 0203 6461 7461 322e  .......[..data2.
00000010: 6269 6e00 013c 02c3 fd42 5a68 3931 4159  bin..<...BZh91AY
00000020: 2653 591d aae5 9800 001b ffff de7f 7fff  &SY.............
00000030: bfb7 dfcf 9fff febf f5ad efbf bbdf 7fdb  ................

This seems to be a hex dump of a file. We can do a 'reverse hex dump' and write the content to a new file. But before we do that, we can take a look at the first Bytes (also called magic number) → 0x1f8b. This shows us, that this dump was created from a GZIP compressed file (See List of file signatures).
Let us do a 'reverse hex dump' and check which file type we have:

bandit12@bandit:/tmp/lvl1213$ xxd -r data.txt > data.gz
bandit12@bandit:/tmp/lvl1213$ file data.gz
data.gz: gzip compressed data, was "data2.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix

We know from the level goal that the file was compressed several times and for this reason we check the file type after each unpacking and unpack it appropriately:

# 1
bandit12@bandit:/tmp/lvl1213$ gzip -d data.gz
bandit12@bandit:/tmp/lvl1213$ ls
data  data.txt
bandit12@bandit:/tmp/lvl1213$ file data
data: bzip2 compressed data, block size = 900k

# 2
bandit12@bandit:/tmp/lvl1213$ bzip2 -d data
bzip2: Can't guess original name for data -- using data.out
bandit12@bandit:/tmp/lvl1213$ ls
data.out  data.txt
bandit12@bandit:/tmp/lvl1213$ file data.out
data.out: gzip compressed data, was "data4.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix

# 3
bandit12@bandit:/tmp/lvl1213$ mv data.out data4.gz
bandit12@bandit:/tmp/lvl1213$ gzip -d data4.gz
bandit12@bandit:/tmp/lvl1213$ ls
data4  data.txt
bandit12@bandit:/tmp/lvl1213$ file data4
data4: POSIX tar archive (GNU)

# 4
bandit12@bandit:/tmp/lvl1213$ tar xfv data4
bandit12@bandit:/tmp/lvl1213$ file data5.bin
data5.bin: POSIX tar archive (GNU)

# 5
bandit12@bandit:/tmp/lvl1213$ tar xfv data5.bin
bandit12@bandit:/tmp/lvl1213$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k

# 6
bandit12@bandit:/tmp/lvl1213$ bzip2 -d data6.bin
bzip2: Can't guess original name for data6.bin -- using data6.bin.out
bandit12@bandit:/tmp/lvl1213$ file data6.bin.out
data6.bin.out: POSIX tar archive (GNU)

# 7
bandit12@bandit:/tmp/lvl1213$ tar xfv data6.bin.out
bandit12@bandit:/tmp/lvl1213$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix

# 8
bandit12@bandit:/tmp/lvl1213$ mv data8.bin data8.gz
bandit12@bandit:/tmp/lvl1213$ gzip -d data8.gz
bandit12@bandit:/tmp/lvl1213$ file data8
data8: ASCII text

And finally view the content of the file 'data8':

bandit12@bandit:/tmp/lvl1213$ cat data8
The password is 8Zjyxxxxxxxxxxxxxxxxxxxxxxxxxxxx

And delete the temporary created folder!

Show Comments