OverTheWire Bandit Guide

here's how to solve the bandit level 10 → 11

Back to the Bandit Guides

Previous Level Guide: Bandit Level 9 → 10

Access

SSH: ssh bandit10@bandit.labs.overthewire.org -p 2220

Password: 4YQe2WV1KdZ0OZBCHdfi1XKijQnRc5LE

Info

Description: The password for the next level is stored in the file data.txt, which contains base64 encoded data
Commands: grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd

Theory

To get the password, the instructions say that it's inside a file which is encoded in Base64. This is pretty easy because, you could go to any online Base64 Decoder, and it will work. But for the purposes of doing this level the right way, it's actually simpler than you think. I'll give you a quick explanation of Base64: it is a way to encode text or binary data to just text with the characters from the alphabet letters—both uppercase and lowercase—, numbers 0 to 9, and the symbols +, /, and =. Then those binary texts convert into binary zeros and ones, and with a little of math, any binary character that exists has a value between 1 and 64, this is where the letters, numbers, and symbols come in, depending on the 1-64 value you get, it will be one of the characters from before, so if the value from the binary character is 3 and 59, it will come out as C7 (ususally you cannot fit more than 4 thousand characters into a group of 64, so each character can become two or three from it's original form, but still maintaining the same data), then all of the base64 values that we get are joined into a single string. What we are doing here, is the inverse of the explanation, which is as easy as it is to encode. If you didn't realize it yet, the command we'll use is "base64", which if you look through its manual page, the command will encode in Base64 whatever text or file you want, but that is encode, we want to decode, so that's why we'll use the -d option, which literally just stands for decode. After that we pluck the filename at the end and we get this command:

base64 -d data.txt

If you want to know more about this, check out this Wikipedia article.

Solution

For example, if we just use cat for the file it will have an equal sign at the end, which is a really straightforward indication that it's Base64 encoded:

~$ cat data.txt
VGhlIHBhc3N3b3JkIGlzICMjI1JFREFDVEVEIyMjCgpZb3UgcmVhbGx5IHRob3VnaHQKCj46Mw==

Now you just have to get into the level and do the command:

~$ base64 -d data.txt
The password is Bs6Tmc8QChGv9uHys5wZ8MtqZ3W1KmFv

And that's it, it worked! Now we should be good to go to the next level.

https://overthewire.org/wargames/bandit/bandit11.html
Next Level Guide: Bandit Level 11 → Level 12

Explore My Website