OverTheWire Logo

OverTheWire Bandit Part 2

OverTheWire Returns

In my last post, I walked us through connecting to OverTheWire's Bandit server, and completing level 0 and level 1. Following along with the previous article is a prerequisite to following this article, as you'll need to get the password from the file in level 1 first.

You can view my last post about this by following this link.

A Quick Recap

In the last post, I covered connecting to OverTheWire's Bandit server using SSH. Here's the hostname and port used for reference.

    • Hostname is bandit.labs.overthewire.org
    • Port is 2220

We learned how to use ls to list files in the current directory and cat to print the contents of a file to the terminal. Furthermore, we had a weird named file that required prefixing the file name with the current directory ./.

Level 2

Remember that there was a file with an odd name in level 1? Well here's the second level with a name that presents a challenge spaces in this filename.

The reason this presents a challenge is that the program cat allows reading multiple files at once with a space in between them. This means that if we tried cat spaces in this filename, cat would try to read the file spaces, then the file in, then this, then filename. This approach wouldn't work because the single file has the name `spaces in this filename.

`cat`'s filename with spaces interpretation
cat's filename with spaces interpretation

To work around this, we have a couple approaches we could take. I'll cover both here.

    1. We could tell cat that spaces in this filename is a literal name, meaning that the spaces are part of this. To do this, we can wrap it with either single quotes or double quotes.
      Using a literal file name with `cat`
      Using a literal file name with cat
    2. We could also use an "escape" character to tell the terminal to use the next character literally. For example, a space is normally used in between arguments for a program, but we can tell the terminal to interpret the space "literally", without interpreting it, by writing it with a \ before.
      Using a file name with escaped characters with `cat`
      Using a file name with escaped characters with cat

    Either approach taken, cat works. Keep these options in mind later on for special characters.

Level 3

Unlike the previous levels, level 3 doesn't have the file in the home directory. It's a hidden file in a directory.

After connecting, we can use ls to see that there's a folder (also called a directory) called inhere. We need to move our terminal into the inhere directory. We can use the command cd (it stands for change directory), to do this. We'll run cd inhere to move into that directory.

changing directories
Changing directories

Notice that the prompt has changed. Whereas it said we were in the home directory before (~), it now shows us that we're in a folder called inhere in the home directory.

Since we've changed folders, we should list the files again to see what files are in this directory.

Hidden files are hidden
Hidden files are hidden

So at the start of this level, I mentioned that it was a "hidden file" that we were looking for. Because the file is hidden, ls doesn't show it by default. Hidden files start with a ., and ls has a way to view those if requested. By running ls --help, we'll get some useful help on the different options we can run it with. -a or --all will tell it do not ignore entries starting with . per the help page.

Rerunning ls with -a will show us that this hidden file is here.

`ls` showing hidden files
ls showing hidden files

Interesting. We finally see the .hidden file. Notice that there are two more though, ., and ... These aren't really files at all. These are essentially references. Remember how in level 1 we ran ./- to mean the file - in the current directory? What ./- really breaks down to is the folder . (which is the current folder), / meant that there was something in the referenced folder we wanted to get to, and - was the file name.

This means that the . that it's showing isn't actually a file, but a reference to the current folder. The .. means "the parent of the folder we're currently in".

Since our terminal is currently in ~/inhere, . is ~/inhere, and .. is just ~.

Now that we know what the hidden file is called, we can just cat it per the usual.

`cat`ting hidden files works too
catting hidden files works too

Level 4

This level presents a different challenge than the previous ones. In this level, there are multiple files in the inhere folder. Of these files, one is text (which is the password for the next level), and the rest are raw data (which is not printable to the terminal.

Here's the files that we have in the inhere directory.

multiple files
Multiple files

Before catting the files in the directory, know that binary data can present an issue. Binary data can completely reformat your terminal, and potentially make it unusable. No matter what you see when attempting to cat all of these files, running reset, will reformat your terminal to default display settings.

`cat`ting binary data
catting binary data

Notice that it's displaying weird. This is a common issue with binary data. Notice that my terminal is no longer putting my commands on new lines.

Although we probably could open all of these files like my example, this isn't really a great way to do it. We'll use the command file, which determines the type of data stored in the file. Running file ./-file00 will show us that -file00 is data, not text. Once again, although we could do this for every file in the list, I feel like this is a great time to introduce regular expressions.

Regular expressions are essentially a way to use a filter to describe things. This allows us to check all files with one command if done correctly. In this example, we're going to use wildcard characters.

Wildcards are special characters that match any other character. There's ?, which matches only a single character, and there's *, which matches any number of characters.

For example -file0? would match all of the files in the folder since they all start with -file0, and have a single number afterwards.

We can make it shorter though by using the *. We could use -*, which would match all the files starting with -.

I'll run file ./-*, which means "run the program file on any file that starts with - in the current directory ./"

`file` with wildcards
file with wildcards

From this output, we can see that ./-file07 is text, so we'll cat only that file.

Getting the password
Finally! We got the password!

From the Author

I'm really glad to have an avenue to show off some uses for a terminal, and demonstrate that there are uses for a terminal other than "hacking". Personally, I love the power of regular expressions, and use them regularly. Although I only showed off wildcards, that's not the only use for them. RegExr has some awesome examples, and does a great job at showing how regular expressions are interpreted. Check it out to learn more about them!

Leave a Reply