OverTheWire Returns
In my last post, I walked us through connecting to OverTheWire's Bandit server, and completing level 0 and level 1. Following along with the previous article is a prerequisite to following this article, as you'll need to get the password from the file in level 1 first.
You can view my last post about this by following this link.
A Quick Recap
In the last post, I covered connecting to OverTheWire's Bandit server using SSH. Here's the hostname and port used for reference.
-
- Hostname is
bandit.labs.overthewire.org
- Port is
2220
- Hostname is
We learned how to use ls
to list files in the current directory and cat
to print the contents of a file to the terminal. Furthermore, we had a weird named file that required prefixing the file name with the current directory ./
.
Level 2
Remember that there was a file with an odd name in level 1? Well here's the second level with a name that presents a challenge spaces in this filename
.
The reason this presents a challenge is that the program cat
allows reading multiple files at once with a space in between them. This means that if we tried cat spaces in this filename
, cat
would try to read the file spaces
, then the file in
, then this
, then filename
. This approach wouldn't work because the single file has the name `spaces in this filename.
To work around this, we have a couple approaches we could take. I'll cover both here.
-
- We could tell
cat
thatspaces in this filename
is a literal name, meaning that the spaces are part of this. To do this, we can wrap it with either single quotes or double quotes. - We could also use an "escape" character to tell the terminal to use the next character literally. For example, a space is normally used in between arguments for a program, but we can tell the terminal to interpret the space "literally", without interpreting it, by writing it with a
\
before.
Either approach taken,
cat
works. Keep these options in mind later on for special characters. - We could tell
Level 3
Unlike the previous levels, level 3 doesn't have the file in the home directory. It's a hidden file in a directory.
After connecting, we can use ls
to see that there's a folder (also called a directory) called inhere
. We need to move our terminal into the inhere
directory. We can use the command cd
(it stands for change directory), to do this. We'll run cd inhere
to move into that directory.
Notice that the prompt has changed. Whereas it said we were in the home directory before (~
), it now shows us that we're in a folder called inhere
in the home directory.
Since we've changed folders, we should list the files again to see what files are in this directory.
So at the start of this level, I mentioned that it was a "hidden file" that we were looking for. Because the file is hidden, ls
doesn't show it by default. Hidden files start with a .
, and ls
has a way to view those if requested. By running ls --help
, we'll get some useful help on the different options we can run it with. -a
or --all
will tell it do not ignore entries starting with .
per the help page.
Rerunning ls
with -a
will show us that this hidden file is here.
Interesting. We finally see the .hidden
file. Notice that there are two more though, .
, and ..
. These aren't really files at all. These are essentially references. Remember how in level 1 we ran ./-
to mean the file -
in the current directory? What ./-
really breaks down to is the folder .
(which is the current folder), /
meant that there was something in the referenced folder we wanted to get to, and -
was the file name.
This means that the .
that it's showing isn't actually a file, but a reference to the current folder. The ..
means "the parent of the folder we're currently in".
Since our terminal is currently in ~/inhere
, .
is ~/inhere
, and ..
is just ~
.
Now that we know what the hidden file is called, we can just cat
it per the usual.
Level 4
This level presents a different challenge than the previous ones. In this level, there are multiple files in the inhere
folder. Of these files, one is text (which is the password for the next level), and the rest are raw data (which is not printable to the terminal.
Here's the files that we have in the inhere
directory.
Before cat
ting the files in the directory, know that binary data can present an issue. Binary data can completely reformat your terminal, and potentially make it unusable. No matter what you see when attempting to cat
all of these files, running reset
, will reformat your terminal to default display settings.
Notice that it's displaying weird. This is a common issue with binary data. Notice that my terminal is no longer putting my commands on new lines.
Although we probably could open all of these files like my example, this isn't really a great way to do it. We'll use the command file
, which determines the type of data stored in the file. Running file ./-file00
will show us that -file00
is data, not text. Once again, although we could do this for every file in the list, I feel like this is a great time to introduce regular expressions.
Regular expressions are essentially a way to use a filter to describe things. This allows us to check all files with one command if done correctly. In this example, we're going to use wildcard characters.
Wildcards are special characters that match any other character. There's ?
, which matches only a single character, and there's *
, which matches any number of characters.
For example -file0?
would match all of the files in the folder since they all start with -file0
, and have a single number afterwards.
We can make it shorter though by using the *
. We could use -*
, which would match all the files starting with -
.
I'll run file ./-*
, which means "run the program file
on any file that starts with -
in the current directory ./
"
From this output, we can see that ./-file07
is text, so we'll cat
only that file.
From the Author
I'm really glad to have an avenue to show off some uses for a terminal, and demonstrate that there are uses for a terminal other than "hacking". Personally, I love the power of regular expressions, and use them regularly. Although I only showed off wildcards, that's not the only use for them. RegExr has some awesome examples, and does a great job at showing how regular expressions are interpreted. Check it out to learn more about them!