OverTheWire: Bandit Level 6
This is going to be a walkthrough of Level 6 of Bandit from OverTheWire Wargames.
We found the password from level 5.
Username: bandit6
Password: DXjZPULLxYr17uwoI01bNLQbtFemEgo7
The information given to us this time on the website is that the next password is stored somewhere on the server that is owned by user bandit7, owned by group bandit6 and is 33 bytes in size.
So when we SSH into the box, we see that our home directory is empty.
So we will be using the find command again but instead of searching in the current directory, we will be searching the whole system.
1: 33 bytes in size. This is the same flag as used in the previous exercise.
Because we are searching through the entire system, we are bound to encounter some errors. Because we don’t want them in our output, we can use a bash trick to redirect all errors to a file to make the not appear on our screen.
This is called file redirection and here is a link to some information about that: https://www.tldp.org/LDP/abs/html/io-redirection.html
/dev/null is a file that is constantly being filled by the system with random information and so we can also pipe in information to that file, knowing it will be lost.
2 & 3: Owned by group bandit6 and owned by user bandit7
There are options in find that allows files to be searched by the group they belong to and the user that owns them.
So we can search for group bandit6 and user bandit7.
Putting it all together.
We find only one file which is the one that contains the next levels password.
To continue, please read my Bandit 7 walkthrough. Level 7
Thank you for reading. 