~ Level 12→13 ~
Level Description
The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)
Commands that might be used when solving this level include: grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, and file
We are also given a link to a Wikipedia article on the concept of a hex dump.
Research Before Solving
Forewarning before starting: this is quite a long level and write-up! Make sure you have some time alotted for it. If you have to stop in the middle of it, you may lose your progress.
Starting with the reading; we find that hex dumps are a hexidecimal view of computer data. The data can be from RAM, a file or an entire storage disk. The article goes into further detail about how hex dumps are structured and formatted when viewing them.
Moving on to the commands, we find that we've not touched multiple that are recommended. This time,
instead of using command --help,
we will use man command as that is what the creators suggest we do. The command
known as man is used to call the General Commands Manual. Within the
manual
is the full documentation for any given command. When using the man pages
; use h
key for
help, q
to quit out, and enter or the up/down arrow keys to scroll.
The first command, tar, appears to combine multiple files into one archived file or extract files from the archive. The man pages advise us that xxd is used to create or reverse a hexdump. Both gzip and bzip2 are tools used to compress and decompress files. The next command known as mkdir is what is used to create a directory. We are told to make it under the /tmp/ directory. The final two commands we haven't worked with are defined in the level description; cp is used to copy a file while mv can be used to rename it.
Solution Walkthrough
We will first log in as bandit12, paste in the required password, and then issue an ls. We are greeted by a file named data.txt where the password is once again stored. If we use cat on data.txt, we are shown data that looks similar to the pictures on Wikipedia. This is, indeed, a hex dump of information.
Let's do as the creators suggested and create a temporary directory so that the work will be easier. To do so we must issue the following command: mkdir /tmp/user. This will create a directory named user under the /tmp directory. The / in this address stands for the root directory and temp is a directory inside of it.
Parsing the level description, we see that the file was made into a hex dump last. This would mean we need to reverse the hex dump first. Referring back to our research, xxd, is used to perform this action. We can then look at xxd --help to learn that the switch of -r must be used to do so. We want the output of the command to be redirected into our new user directory we created. To do this, our command will look like the following: xxd -r data.txt > /tmp/user/hex.txt
Notice there is no confirmation that our command was successful. Navigate to where our file resides using cd /tmp/user and then issue an ls command.
Using cat on our file will show the new contents:
We can see the contents are no longer a hex dump . The level description told us the file has been compressed repeatedly. Previously we've used the file command to see the type of a particular file. Let's try to use it here and see what type we are given.
We find the type to be that of gzip compressed data
. We know now we must use the gzip command to decompress. Before running the command, however, the man
pages
state the file must end in .gz. We must first change the extension of the file so that gzip may recognize it. We may use mv to do so by simply
changing
the file name with the following command: mv hex.txt hex.gz. No confirmation is given so perform
an ls to confirm the changes.
Now that the file has been changed to have the proper extension, we can move on to using gzip to decompress hex.gz. In order to do so, we must use the switch of -d. The full command will be gzip -d hex.txt. Note that you do not need to redirect the output into a new file!
No confirmation is given after our command completes, to see the new file use ls again.
Following this we will use file in order to see the file-type.
This time we see the file-type as bzip2 compressed data
. We must use bzip2 this time to decompress.
The man pages list the file extension needed as .bz2. Let's use mv hex hex.bz2 as the command to start the
decompression process.
We will use bzip2 -d hex.bz2 to decompress this file. We are again met with no confirmation of completion. However, when using ls, we are able to see the name has changed once again. Using file on the resulting file gives us these results:
Looking at the output of the file command, we see we are once again dealing with
gzip compressed data
. You can see this time, however, the name is data4.bin
while the first time
we were met with gzip data, it was listed as data2.bin
. This goes to show we are making progress!
Go ahead and use the mv command to rename the file so that it has the proper extension. Next, decompress the file with the gzip -d command. You can use ls to list files so that you may know the new name. Finally, use file again to list the file-type.
The next form of compression is known as a tar archive. If you remember from our research earlier, the tar command is used with files of this type. According to the documentation, these types of files have an extension of archive.tar. This means we must first convert our file name in order to have the proper extension. The command to do so is: mv hex hex.archive.tar. We will then use ls to confirm the change.
We can now extract from the archive using tar. When looking at switches for this command, we find that -xf fits what we are looking for. This switch tells the system that we want to extract files from the archive. Your command will look like the following: tar -xf hex.archive.tar. We must use ls to list the resulting file(s) again.
Data5.bin
has now been revealed to us. Checking the file-type shows us it is still an archived file.
It would appear we must use tar on this archive now. First we must convert the file to an archive.tar
extension. Then we will run tar -xf data5.archive.tar to decompress it further. Running an ls will show us
the results.
We are presented with another file by the name of data6.bin
. Running file on this item shows us another bzip2 file-type. We will convert
the file to the proper extension and then decompress with the following command: bzip2 -d data6.bz2. As done previously, ls to see the decompressed
file known as data6 and run file on it to see its type.
Notice this is also a tar archive file. Convert data6 to data6.archive.tar before using tar -xf data6.archive.tar
As shown above, we can see that we found data8.bin and it is compressed using gzip. Go ahead and convert the file before decompressing it. After you decompress the file, view the results. We are left with data8. Upon using file on this item, we find this result is ASCII text. Use cat on the file to see its contents.
Whew! We finally reached the end. There were a lot of compressions in this level. Hopefully you found the practice to be helpful in learning how to decompress and rename files.
Record the password, log out of the session and maybe take a short break if you'd like :) Move on to the next level when you're ready.
Password: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL