In my last post, I walked us through connecting to OverTheWire's Bandit server, and completing level 0 and level 1. Following along with the previous article is a prerequisite to following this article, as you'll need to get the password from the file in level 1 first.
You can view my last post about this by following this link.
A Quick Recap
In the last post, I covered connecting to OverTheWire's Bandit server using SSH. Here's the hostname and port used for reference.
- Hostname is
- Port is
- Hostname is
We learned how to use
ls to list files in the current directory and
cat to print the contents of a file to the terminal. Furthermore, we had a weird named file that required prefixing the file name with the current directory
Remember that there was a file with an odd name in level 1? Well here's the second level with a name that presents a challenge
spaces in this filename.
The reason this presents a challenge is that the program
cat allows reading multiple files at once with a space in between them. This means that if we tried
cat spaces in this filename,
cat would try to read the file
spaces, then the file
filename. This approach wouldn't work because the single file has the name `spaces in this filename.
To work around this, we have a couple approaches we could take. I'll cover both here.
- We could tell
spaces in this filenameis a literal name, meaning that the spaces are part of this. To do this, we can wrap it with either single quotes or double quotes.
- We could also use an "escape" character to tell the terminal to use the next character literally. For example, a space is normally used in between arguments for a program, but we can tell the terminal to interpret the space "literally", without interpreting it, by writing it with a
Either approach taken,
catworks. Keep these options in mind later on for special characters.
- We could tell
Unlike the previous levels, level 3 doesn't have the file in the home directory. It's a hidden file in a directory.
After connecting, we can use
ls to see that there's a folder (also called a directory) called
inhere. We need to move our terminal into the
inhere directory. We can use the command
cd (it stands for change directory), to do this. We'll run
cd inhere to move into that directory.
Notice that the prompt has changed. Whereas it said we were in the home directory before (
~), it now shows us that we're in a folder called
inhere in the home directory.
Since we've changed folders, we should list the files again to see what files are in this directory.
So at the start of this level, I mentioned that it was a "hidden file" that we were looking for. Because the file is hidden,
ls doesn't show it by default. Hidden files start with a
ls has a way to view those if requested. By running
ls --help, we'll get some useful help on the different options we can run it with.
--all will tell it
do not ignore entries starting with . per the help page.
-a will show us that this hidden file is here.
Interesting. We finally see the
.hidden file. Notice that there are two more though,
... These aren't really files at all. These are essentially references. Remember how in level 1 we ran
./- to mean the file
- in the current directory? What
./- really breaks down to is the folder
. (which is the current folder),
/ meant that there was something in the referenced folder we wanted to get to, and
- was the file name.
This means that the
. that it's showing isn't actually a file, but a reference to the current folder. The
.. means "the parent of the folder we're currently in".
Since our terminal is currently in
.. is just
Now that we know what the hidden file is called, we can just
cat it per the usual.
This level presents a different challenge than the previous ones. In this level, there are multiple files in the
inhere folder. Of these files, one is text (which is the password for the next level), and the rest are raw data (which is not printable to the terminal.
Here's the files that we have in the
catting the files in the directory, know that binary data can present an issue. Binary data can completely reformat your terminal, and potentially make it unusable. No matter what you see when attempting to
cat all of these files, running
reset, will reformat your terminal to default display settings.
Notice that it's displaying weird. This is a common issue with binary data. Notice that my terminal is no longer putting my commands on new lines.
Although we probably could open all of these files like my example, this isn't really a great way to do it. We'll use the command
file, which determines the type of data stored in the file. Running
file ./-file00 will show us that
-file00 is data, not text. Once again, although we could do this for every file in the list, I feel like this is a great time to introduce regular expressions.
Regular expressions are essentially a way to use a filter to describe things. This allows us to check all files with one command if done correctly. In this example, we're going to use wildcard characters.
Wildcards are special characters that match any other character. There's
?, which matches only a single character, and there's
*, which matches any number of characters.
-file0? would match all of the files in the folder since they all start with
-file0, and have a single number afterwards.
We can make it shorter though by using the
*. We could use
-*, which would match all the files starting with
file ./-*, which means "run the program
file on any file that starts with
- in the current directory
From this output, we can see that
./-file07 is text, so we'll
cat only that file.
From the Author
I'm really glad to have an avenue to show off some uses for a terminal, and demonstrate that there are uses for a terminal other than "hacking". Personally, I love the power of regular expressions, and use them regularly. Although I only showed off wildcards, that's not the only use for them. RegExr has some awesome examples, and does a great job at showing how regular expressions are interpreted. Check it out to learn more about them!