Home Bandit [Level 12] - Overthewire
Post
Cancel

Bandit [Level 12] - Overthewire

Posted Jan 23, 2023 Updated Aug 6, 2024
The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. If you notice something essential is missing or have ideas for new levels, please let us know!
The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. If you notice something essential is missing or have ideas for new levels, please let us know!
By Dat Vu 2k
1 min read

ssh bandit12@bandit.labs.overthewire.org -p 2220
bandit password: JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv

Task

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Solution

Create folder under the tmp directory

1

mkdir /tmp/idk

Copy file data.txt to folder created

1

cp data.txt /tmp/idk

Decypher the hexdump file

xxd -r data.txt > bandit

check file bandit –> gzip so using gunzip –> bandit: gzip compressed data, was “data2.bin”, last modified: Sun Apr 23 18:04:23 2023, max compression, from Unix, original size modulo 2^32 581

1

gunzip bandit.gz

check file bandit –> bzip2 so mv file to bzip after unzip file –> bandit: bzip2 compressed data, block size = 900k

1
2

mv bandit bandit.bz2
bzip2 -d bandit.bz2

now checking file bandit ==> bandit: gzip compressed data, was "data4.bin", last modified: Sun Apr 23 18:04:23 2023, max compression, from Unix, original size modulo 2^32 20480

1
2

mv bandit bandit.gz
gunzip bandit.gz

Now i have file bandit with bandit: POSIX tar archive (GNU)

1
2

mv bandit bandit.tar
tar -xf bandit.tar

And i see data5.bin: POSIX tar archive (GNU) but still format tar so i need change it

1
2

mv data5.bin data5.tar
tar -xf data5.tar

Now check file data6.bin i see data6.bin: bzip2 compressed data, block size = 900k

1
2

mv data6.bin data6.bz2
bzip2 -d data6.bz2

And output ==> data6: POSIX tar archive (GNU) via format tar

1
2

mv data6 data6.tar
tar -xf data6.tar

Now data8.bin: gzip compressed data, was "data9.bin", last modified: Sun Apr 23 18:04:23 2023, max compression, from Unix, original size modulo 2^32 49

1
2

mv data8.bin data8.gz
gunzip  data8.gz

Now i look that the data contained ASCII text meaning we finally reached the end of the layers of compression ^^ data8: ASCII text

1
2

cat data8
==> The password is wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw

==> CTF: { wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw }

CTF-AnonOps, Bandit
overthewire bandit
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Table of Contents

Comments powered by Disqus.

Bandit [Level 11] - Overthewire

Bandit [Level 13] - Overthewire