Given: The password for the next level is stored somewhere on the server and has all of the following properties:
owned by user bandit7
owned by group bandit6
33 bytes in size
Commands you may need to solve this level
ls, cd, cat, file, du, find, grep
Some Geeky Stuff:
- To find a file owned by a specific user use flag = -user User_name along with find command
- To find a file owned by a particular group use flag = -group User_name along with find command
- For size use = -size (along with the tag 33c, c because the size given is in bytes)
Solution:
Step1: ssh into bandit6
Step2: ls -la to view the content
bandit6@bandit:~$ ls -la
total 20
drwxr-xr-x 2 root root 4096 May 7 2020 .
drwxr-xr-x 41 root root 4096 May 7 2020 ..
-rw-r — r — 1 root root 220 May 15 2017 .bash_logout
-rw-r — r — 1 root root 3526 May 15 2017 .bashrc
-rw-r — r — 1 root root 675 May 15 2017 .profile
Nothing that is worth looking into, it is given that it is somewhere on the server that means we have to directly execute the find command with some rational flags in order to find the solution.
Step 3: Using command “-user bandit7 -group bandit6 -size 33c 2>/dev/null”
bandit6@bandit:~$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password
Notice that I’ve used “ 2>/dev/null ” to avoid the error as we don’t have permission to view a lot of files & if we directly execute it without the 2>/dev/null we will get a lot of errors like permission denied etc.
Step 4: Now, cat the “/var/lib/dpkg/info/bandit7.password ” to view the password.
bandit6@bandit:~$ cat /var/lib/dpkg/info/bandit7.password
HKBPTKQnIay*********KEDQRKTzs
:) Leveled up to Bandit7.
