Bandit Level 12 to Level 13

Reverse a hexdump and uncompress the data.

Host name is bandit.labs.overthewire.org 
User: bandit12
password: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Commands used for this level:
ls - List information about the FILE's (the current directory by default).
mkdir - make directories.
cp - copy files and directories.
cd - change directory.
file - determine file type.
xxd - make a hexdump or do the reverse. 
mv - move (rename) files.
cat - used to view contents of a file.
gzip - compress or expand files.
bzip2 - a block-sorting file compressor. 
tar - The GNU version of the tar archiving utility.

Step 1.
After logging in type ls
You will see a file data.txt

Step 2.
Type cat data.txt
In that data.txt file we see a bunch of numbers and letters aligned in rows. These characters aligned like this are known as a hexdump. A hexdump is a hexadecimal view of computer data, from RAM or from a file or storage device.
http://en.wikipedia.org/wiki/Hex_dump
Hexdump's are a very good way to reverse engineer computer programs.
Here is a very interestiong TED talk by Mikko Hypponen explaining viruses and showing some hexdump examples at 1:45 and 10:00.
What we need to do is copy our data.txt file over to /tmp directory because the lab will not let us write data to the directory that the data.txt file is currently in.
First command we need to use to copy the file is mkdir which will make a directory we can do what we want in. This is created under the /tmp directory because files in the /tmp directory can be set to be deleted at reboot or set intervals easily.
Type  mkdir /tmp/yourname (where yourname is anything you'd like).

Step 3.
Next we need to copy our file over to our new directory. 
Type cp data.txt /tmp/yourname (where yourname is what you chose).

Step 4. 
Now we can move over to our created directory and uncompress our file.
Type cd /tmp/yourname and do an ls to make sure your file copied over to here.

Step 5.
First thing we need to is find out what kind of file we have.
Type file data.txt
We see that we currently have a ASCII file but since we know we have a hexdump we need to convert the file to binary.

Step 6.
We need to reverse the ASCII file to a hexdump and Linux has a command to do just that.
Type man xxd
We see the second line under description says xxd can also convert a hex dump back to its original binary form and to do this we look further down the man page and see we need to use -r with xxd to reverse the hexdump.
Type xxd -r data.txt and we see that our data file output has changed but it has not been saved so we need to tell xxd to convert and write this info to a new file for us.
Type xxd -r data.txt newdata
What this command does is it converts our file back to binary with xxd -r command and creates a new file called newdata without a .txt extension.

Step 7.
We now have a new file without an extension and we need to find out what kind of file it is. We can use the file command to do this.
Type file newdata
We see that we have a gzip file.

Step 8.
Type man gzip and we find that gzip is a compression tool that uses .gz as a defualt file extension and when used with -d will decompress a file.
We can now add our .gz file extension to our file by using the move command.
Type mv newdata newdata.gz
Now we can uncompress our gzip file using gzip -d.

Type gzip -d newdata.gz

Step 9.
We can now check to see what type of file was uncompressed.
Type file newdata
We see we now have a bzip2 file.

Step 10.
Lets do the same as before type man bzip2 to find what extension bzip2 uses and what option to use to decompress. We see we need to use .bz2 and -d with our bzip2 command to decompress.
Type mv newdata newdata.bz2 to add our bz2 file extension.

Type bzip2 -d newdata.bz2 to uncompress our bzip2 file


Step 11.
We can now check to see what type of file was uncompressed.
Type file newdata
We see we now have a gzip file again.

Step 12.
Lets do the same again but this time we already know what we use for gzip files.
Type mv newdata newdata.gz to add our gz file extension.

Type gzip -d newdata.gz to uncompress our gzip file.

Step 13.
We can now check to see what type of file was uncompressed.
Type file newdata
We see we now have a POSIX tar archive.

Step 14.
Type man tar and we find that tar is an archiving utility and when used with -x it will extract the data, -v do it verbosely, -f will use archive file.
Type tar -xvf newdata
We get data5.bin as an extracted file.

Step 15.
Now let's see what type of file this data5.bin is.
Type file data5.bin 
Again we see we now have a POSIX tar archive. Like above lets untar it.
Type tar -xvf data5.bin
We get data6.bin as an extracted file.

Step 15.
Now let's see what type of file this data6.bin is.
Type file data6.bin
Again we have a bzip2 file so let's move and rename it. 
Type mv data6.bin data7.bz2
Now uncompress the file.
Type bzip2 -d data7.bz2
We now have a new data7 file.

Step 16.
Now let's see what type of file our data7 is.
Type file data7
We see we have another tar file. Lets untar it like we have above.
Type tar -xvf data7
We get a data8.bin file.

Step 17.
Now let's see what type of file our data8.bin is.
Type file data8.bin
We see we have another gzip file so let's mv and rename with .gz extension.
mv data8.bin data9.gz

Step 18.
Now we ungzip out file like before.
Type gzip -d data9.gz
Then we check the uncompressed file type again.
Type file data9
We see we now have a readable ASCII file.

Step 19.
Now that we have an ASCII file let's do a cat on it to display it's contents.
type cat data9 and we see our passoword for the next level is displayed: The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL