rtmoran.org — Cybersecurity and Linux Resource

Over the Wire’s Bandit Challenge – Level 12

overthewire

Level Instructions:

“The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!).”


bandit12@bandit:~$ ls -la
total 24
drwxr-xr-x  2 root     root     4096 Dec 28  2017 .
drwxr-xr-x 42 root     root     4096 Jul 22 18:42 ..
-rw-r--r--  1 root     root      220 Sep  1  2015 .bash_logout
-rw-r--r--  1 root     root     3771 Sep  1  2015 .bashrc
-rw-r--r--  1 root     root      655 Jun 24  2016 .profile
-rw-r-----  1 bandit13 bandit12 2646 Dec 28  2017 data.txt
bandit12@bandit:~$ mkdir /tmp/rtm
bandit12@bandit:~$ cp data.txt /tmp/rtm
bandit12@bandit:~$ cd /tmp/rtm
bandit12@bandit:/tmp/rtm$ file data.txt
data.txt: ASCII text
bandit12@bandit:/tmp/rtm$ xxd -r data.txt > data_rev
bandit12@bandit:/tmp/rtm$ file data_rev
data_rev: gzip compressed data, was "data2.bin", last modified: Thu Dec 28 13:34:36 2017, 
   max compression, from Unix
bandit12@bandit:/tmp/rtm$ zcat data_rev > data_zcat
bandit12@bandit:/tmp/rtm$ file data_zcat
data_zcat: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/rtm$ bzip2 -d data_zcat
bzip2: Can't guess original name for data_zcat -- using data_zcat.out
bandit12@bandit:/tmp/rtm$ file data_zcat.out
data_zcat.out: gzip compressed data, was "data4.bin", last modified: Thu Dec 28 13:34:36 
   2017, max compression, from Unix
bandit12@bandit:/tmp/rtm$ zcat data_zcat.out > data4
bandit12@bandit:/tmp/rtm$ file data4
data4: POSIX tar archive (GNU)
bandit12@bandit:/tmp/rtm$ tar -xvf data4
data5.bin
bandit12@bandit:/tmp/rtm$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/rtm$ tar -xvf data5.bin
data6.bin
bandit12@bandit:/tmp/rtm$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/rtm$ bzip2 -d data6.bin
bzip2: Can't guess original name for data6.bin -- using data6.bin.out
bandit12@bandit:/tmp/rtm$ file data6.bin.out
data6.bin.out: POSIX tar archive (GNU)
bandit12@bandit:/tmp/rtm$ tar -xvf data6.bin.out
data8.bin
bandit12@bandit:/tmp/rtm$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Thu Dec 28 13:34:36 2017, 
   max compression, from Unix
bandit12@bandit:/tmp/rtm$ zcat data8.bin > data8_zcat
bandit12@bandit:/tmp/rtm$ file data8_zcat
data8_zcat: ASCII text
bandit12@bandit:/tmp/rtm$ cat data8_zcat
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

As mentioned in the instructions, the password for bandit13 resides in data.txt and has been repeatedly  compressed.  First, we create a directory within /tmp to allow us space to work and a location to which we have write privileges to copy data.txt.  Next, we will essentially repeat a process in which we check the file type using the ‘file’ command, and then extract the contents of the file using tools dependent on the output of the file type.

‘xxd -r’ is used to revert from hexdump to binary.
If the output of the file is tar, extract using ‘tar -xvf’; if the output is bzip2, use ‘bzip2 -d’; zip, zcat.

Leave a Reply

Your email address will not be published. Required fields are marked *