~ Level 6→7 ~

Log in to the OverTheWire server as user bandit6 while using the corresponding password found in the previous level. You can use the ls command to start as we have done in the past. Notice how you recieve no results. If you add the -a switch to it, a few results will be printed to the screen.

Using cat with each filename will open its contents. We can look through the results to see if anything useful is presented. In this instance, no vital information is provided.

Going back to the level description, the creators specifically state the password is somewhere on the server. Using this information we can ascertain that we may not be in the directory where the password is stored. We can move up in the hierarchy of directories with one of two methods. You may of noticed that using the ls command always returns results that include .. as a result. This notation is used to represent the directory above the current working directory. If we use cd .. we are able to ascend one directory. After performing this command twice, we are in the root directory. This is the highest point of the hierarchical directory system. The second method is to use cd / where the slash stands for the root directory itself. Both methods are shown in succession below with a command in between that returns us to the directory we started in.

Now that we are in the root directory, denoted by the / before the $, we can use the functionality of find and its available switches. We know we must use the -size option along with 33c. By the clues given we know that the user and group are important. The options that allow us to search for files that meet this criteria are -user and -group. We tack on the respective group and user information provided by OverTheWire and our command becomes this: find -user bandit7 -group bandit6 -size 33c

One of the results listed is not like the others! Looking at the forth result from the bottom, bandit7.password can be seen. It is the only result without a permission denied tag stuck to it as well. We can clean the up the results a bit, the next sections detail how to do so.

/dev/null in Linux

/dev/null is a directory inside of the Linux system that acts as a black hole. Any data that is directed here is discarded. Using this newfound knowledge, we can try to devise a way to send any result where permissions were denied to /dev/null.

Standard Input, Standard Output, and Standard Error

Standard input is given a descriptor value of 0 and includes any input that a user provides to the system through a keyboard. Examples of Standard Input include any and all commands that we may type into the console such as cd, cat and find. Standard output has the value of 1 and includes the results from any standard input. The value of 1 is assumed to be the user's display unless another value is assigned. Descriptor value 2 is attributed to standard error. This value also defaults to printing to a user's display. If we redirect the value of 2 to /dev/null, the results that would have been printed to the display by default, should instead be sent into the black hole to be discarded.

We will now append 2>/dev/null to the end of our find command. To reiterate the logic used here; 2 will take the results that ended in error (permission denied) while the > tells the interpreter we would like to pass the selected data into the /dev/null directory.

Let's try the full command: find -size 33c -user bandit7 -group bandit6 2>/dev/null

As you can see, the output is much more accessible. All that is left is to use cat to read the contents of the file.

Log out of the current session and move on to the next level! Make sure to record the password for safekeeping: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs