This is the most interesting challenge so far!! Though it might seem intimidating at first, the steps are mostly repetitive and once you get a hang of it, it will become really easy and fun to solve.
Given:
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level, it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
Commands you may need to solve this level
grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, file
- create a directory under /tmp (here -/tmp/xyz) using the mkdir command and make a copy of data.txt file in the /tmp/xyz directory.
bandit12@bandit:~$ mkdir /tmp/xyz
bandit12@bandit:~$ cp data.txt /tmp/xyz
bandit12@bandit:~$ cd /tmp/xyz
bandit12@bandit:/tmp/xyz$ ls
data.txt2. Use the xxd utility which is used to creates a hex dump of a given file. It can also convert a hex dump back to its original binary form.
use -r | -revert to reverse operation: convert (or patch) hexdump into binary.
Save the output to file1
check the type of file using the file command
file1 contains gzip compressed data.
bandit12@bandit:/tmp/xyz$ xxd -r data.txt > file1
bandit12@bandit:/tmp/xyz$ ls
data.txt file1
bandit12@bandit:/tmp/xyz$ file file1
file1: gzip compressed data, was “data2.bin”, last modified: Thu May 7 18:14:30 2020, max compression, from Unix3. To decompress file1, change its extension to gz or copy/move it to a new file — file2.gz
use gizp -d to decompress file2 and check what type of data it contains using the file command
bandit12@bandit:/tmp/xyz$ mv file1 file2.gz
bandit12@bandit:/tmp/xyz$ gzip -d file2.gz
bandit12@bandit:/tmp/xyz$ ls
data.txt file2
bandit12@bandit:/tmp/xyz$ file file2
file2: bzip2 compressed data, block size = 900k4. Move the data of file2 to a file with an extension bz2 and decompress it using bzip command using -d flag.
Again, check for the type of data it contains using the file command.
bandit12@bandit:/tmp/xyz$ mv file2 file3.bz2
bandit12@bandit:/tmp/xyz$ bzip2 -d file3.bz2
bandit12@bandit:/tmp/xyz$ ls
data.txt file3
bandit12@bandit:/tmp/xyz$ file file3
file3: gzip compressed data, was “data4.bin”, last modified: Thu May 7 18:14:30 2020, max compression, from Unix4. file3 again contains gzip compressed data, so follow the steps in step 3.
bandit12@bandit:/tmp/xyz$ mv file3 file4.gz
bandit12@bandit:/tmp/xyz$ gzip -d file4.gz
bandit12@bandit:/tmp/xyz$ ls
data.txt file4
bandit12@bandit:/tmp/xyz$ file file4
file4: POSIX tar archive (GNU)5. Now file4 contains tar type data, so move it to a file with .tar extension. Seldom check the man pages to look for suitable options (here, xf to extract a tar archive )
A data5.bin is created after extracting the tar.
check for the file type of data5.bin -> which is again tar.
bandit12@bandit:/tmp/xyz$ mv file4 file5.tar
bandit12@bandit:/tmp/xyz$ man tar
bandit12@bandit:/tmp/xyz$ tar xf file5.tar
bandit12@bandit:/tmp/xyz$ ls
data5.bin data.txt file5.tar
bandit12@bandit:/tmp/xyz$ file data5.bin
data5.bin: POSIX tar archive (GNU)6. Follow similar steps as in 5 to extract a tar archive.
bandit12@bandit:/tmp/xyz$ mv data5.bin file6.tar
bandit12@bandit:/tmp/xyz$ tar xf file6.tar
bandit12@bandit:/tmp/xyz$ ls
data6.bin data.txt file5.tar file6.tar
bandit12@bandit:/tmp/xyz$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k7. Here, data6.bin is created and after looking at its file type it conatins bzip2 compressed data.
Therefore, Follow steps similar to step 4.
bandit12@bandit:/tmp/xyz$ mv data6.bin file7.bz2
bandit12@bandit:/tmp/xyz$ bzip2 -d file7.bz2
bandit12@bandit:/tmp/xyz$ ls
data.txt file5.tar file6.tar file7
bandit12@bandit:/tmp/xyz$ file file7
file7: POSIX tar archive (GNU)8. Follow steps similar to step 5 or 6.
bandit12@bandit:/tmp/xyz$ mv file7 file8.tar
bandit12@bandit:/tmp/xyz$ tar xf file8.tar
bandit12@bandit:/tmp/xyz$ ls
data8.bin data.txt file5.tar file6.tar file8.tar
bandit12@bandit:/tmp/xyz$ file data8.bin
data8.bin: gzip compressed data, was “data9.bin”, last modified: Thu May 7 18:14:30 2020, max compression, from Unix9. Follow step similar to step 3
bandit12@bandit:/tmp/xyz$ mv data8.bin file9.gz
bandit12@bandit:/tmp/xyz$ gzip -d file9.gz
bandit12@bandit:/tmp/xyz$ ls
data.txt file5.tar file6.tar file8.tar file9
bandit12@bandit:/tmp/xyz$ file file9
file9: ASCII textthe file now contains ASCII text
On viewing the content of the file we get the password for the next level.
bandit12@bandit:/tmp/xyz$ cat file9
The password is 8ZjyCRiBWFYkneah*********1ORpYLEntire process:
bandit12@bandit:~$ mkdir /tmp/xyz
bandit12@bandit:~$ cp data.txt /tmp/xyz
bandit12@bandit:~$ cd /tmp/xyz
bandit12@bandit:/tmp/xyz$ ls
data.txt
bandit12@bandit:/tmp/xyz$ xxd -r data.txt > file1
bandit12@bandit:/tmp/xyz$ ls
data.txt file1
bandit12@bandit:/tmp/xyz$ file file1
file1: gzip compressed data, was “data2.bin”, last modified: Thu May 7 18:14:30 2020, max compression, from Unix
bandit12@bandit:/tmp/xyz$ mv file1 file2.gz
bandit12@bandit:/tmp/xyz$ gzip -d file2.gz
bandit12@bandit:/tmp/xyz$ ls
data.txt file2
bandit12@bandit:/tmp/xyz$ file file2
file2: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/xyz$ mv file2 file3.bz2
bandit12@bandit:/tmp/xyz$ bzip2 -d file3.bz2
bandit12@bandit:/tmp/xyz$ ls
data.txt file3
bandit12@bandit:/tmp/xyz$ file file3
file3: gzip compressed data, was “data4.bin”, last modified: Thu May 7 18:14:30 2020, max compression, from Unix
bandit12@bandit:/tmp/xyz$ mv file3 file4.gz
bandit12@bandit:/tmp/xyz$ gzip -d file4.gz
bandit12@bandit:/tmp/xyz$ ls
data.txt file4
bandit12@bandit:/tmp/xyz$ file file4
file4: POSIX tar archive (GNU)
bandit12@bandit:/tmp/xyz$ mv file4 file5.tar
bandit12@bandit:/tmp/xyz$ man tr
bandit12@bandit:/tmp/xyz$ man tar
bandit12@bandit:/tmp/xyz$ tar xf file5.tar
bandit12@bandit:/tmp/xyz$ ls
data5.bin data.txt file5.tar
bandit12@bandit:/tmp/xyz$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/xyz$ mv data5.bin file6.tar
bandit12@bandit:/tmp/xyz$ tar xf file6.tar
bandit12@bandit:/tmp/xyz$ ls
data6.bin data.txt file5.tar file6.tar
bandit12@bandit:/tmp/xyz$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/xyz$ mv data6.bin file7.bz2
bandit12@bandit:/tmp/xyz$ bzip2 -d file7.bz2
bandit12@bandit:/tmp/xyz$ ls
data.txt file5.tar file6.tar file7
bandit12@bandit:/tmp/xyz$ file file7
file7: POSIX tar archive (GNU)
bandit12@bandit:/tmp/xyz$ mv file7 file8.tar
bandit12@bandit:/tmp/xyz$ tar xf file8.tar
bandit12@bandit:/tmp/xyz$ ls
data8.bin data.txt file5.tar file6.tar file8.tar
bandit12@bandit:/tmp/xyz$ file data8.bin
data8.bin: gzip compressed data, was “data9.bin”, last modified: Thu May 7 18:14:30 2020, max compression, from Unix
bandit12@bandit:/tmp/xyz$ mv data8.bin file9.gz
bandit12@bandit:/tmp/xyz$ gzip -d file9.gz
bandit12@bandit:/tmp/xyz$ ls
data.txt file5.tar file6.tar file8.tar file9
bandit12@bandit:/tmp/xyz$ file file9
file9: ASCII text
bandit12@bandit:/tmp/xyz$ cat file9
The password is 8ZjyCRiBWFYk*******b2a1ORpYL