Host name is bandit.labs.overthewire.org
User: bandit6
password: DXjZPULLxYr17uwoI01bNLQbtFemEgo7
Commands used for this level:
find - search for files in a directory.
cat - used to view contents of a file.
grep - searches the named input files.
Step 1.
We need to find a file owned by user bandit7, group bandit6, and is 33 bytes in size.
Lets use man page for find to find our options to use.
1a. Type man find and in the man page type /-user we see that to find by user we need to add -user username option. (pressing n after the search will jump to the next found matched search term and SHIFT + n will search backwards)
1b. Still in find man page type /group and we see that we need -group groupname to search by group.
1c. While still in find man page /size to see we need to add -size n (n being size of the file with a "c" for bytes)
We now know our command will be find -user bandit7 -group bandit6 -size 33c
Step 2.
Type our command find -user bandit7 -group bandit6 -size 33c
We see we have an issue with what we find which is nothing because we are not searching the entire server, so we should do a find at the root of the server by adding a / after find (/ is root of the file system, all other files are under root)
2a. Type find / -user bandit7 -group bandit6 -size 33c
You can scroll through the output and find our file by looking for the one file that does not display Permission denied which is /var/lib/dpkg/info/bandit7.password and then cat that file but lets go further and clean up our output to have the computer find the exact file for us so we do not have to search through all the lines.
2c. What well do is use 2>&1 which is a way of redirecting error messages.
- 2 is the default file descriptor for stderr.
- 1 is the default file descriptor for stdout.
>&
is shell syntax for "fold the previous (first) file descriptor into the forthcoming (second) file descriptor."
In other words, it will send any error messages to whatever you have currently defined for output. Normal output would be your screen, but you can set this so output is going to a file or command. We will be sending the output to the grep command. Lets do a man on grep
2d. type man grep
type /invert we find that -v option will invert the sense of matching.
type /-F we find that -F option will match a given pattern and we know we want to remove any output that shows Permission denied so we will use Permission as our pattern to match.
So breaking this down we want to match using -F Permission
and then we don't want to see anything that displays Permission so we invert our -F matching with -v to not show any files that say Permission.
2f. Our final command to find our exact file will be:
find / -user bandit7 -group bandit6 -size 33c 2>&1 | grep -F -v Permission
We see now our one file is at /var/lib/dpkg/info/bandit7.password
Step 3. type cat /var/lib/dpkg/info/bandit7.password and our password for level 7 is displayed.
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
Thank you very much. I really found this quite useful. You explained it in much more detail and better than a lot of other bloggers!
ReplyDelete