OverTheWire Bandit Guide

Previous Level Guide: Bandit Level 5 → 6

Access

SSH: ssh bandit6@bandit.labs.overthewire.org -p 2220

Password: HYZcza5TcvBLoUE7kbfBQWgnzlqbOKrh

Info

Description: The password for the next level is stored somewhere on the server and has all of the following properties: owned by user bandit7, owned by group bandit6, 33 bytes in size.
Commands: ls, cd, cat, file, du, find, grep

Theory

To get the password, the instructions say that the file is owned by bandit7 and group bandit6. To do this we will use the find command followed by /, which will make the command scan through all files and folders inside the server, then use f so that it only shows files, not folders, then the size, for that we will use 33c. And finally use option -user to specify files owned by bandit7, and -group to specify files owned by group bandit6. Following all of this, we get a command like this:

find / -type f -user bandit7 -group bandit6 -size 33c

Solution

Now you just have to get into the level and do the command:

~$ find / -type f -user bandit7 -group bandit6 -size 33c
find: ‘/drifter/drifter14_src/axTLS’: Permission denied
find: ‘/root’: Permission denied
find: ‘/snap’: Permission denied
...

Oh, wait! I almost forgot about that, so the command is going to try to find from every file in the server that has the parameters like the user, group, size, etc. but it's not going to tell us exactly which one it is, so we can use 2>/dev/null/ which will hide any permission denied errors, or any other kind of error. So if we put it in the command from earlier, it would look something like this:

~/inhere$ find / -type f -user bandit7 -group bandit6 -size 33c 2>/dev/null
/var/lib/dpkg/info/bandit7.password

And now we just use cat to open print the contents of the file at the server, and we should be good to go to the next level:

~/inhere$ cat /var/lib/dpkg/info/bandit7.password
xkO4Hz3ks0FEB9dLOlZKicb2NtW2OL27