~ Level 9→10 ~
Level Description
The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several ‘=’ characters.
Potential commands to be used to obtain the password to the next level are: grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, and xxd.
Research Before Solving
Using the same strategy before when we knew some of the commands. Let's go in order from left to right. We have used the first three commands listed so we will look to see what functionality strings can provide.
The documentation tells us that the strings command is used to display printable
strings in
file(s)
.
Based on the switches available, it appears to work with data and binary files specifically.
Solution Walkthrough
Start by logging in as bandit9 and immediately seeing what the contents of the current directory are. We see data.txt which is where the password is stored.
Use a cat command on the file to see its contents. The output should take a few seconds to load completely, printing characters sporadically throughout. There's way too many characters for us to manually go through. Check the file-type by using the file command on data.txt.
It is revealed that data.txt has the the type of data
. This is a file-type that the
strings
command is able to work with.
The creator's instructions advised the password is preceded by several equals signs. We should use a grep command so that we may filter out only results with equals signs in front of them. The command will be: strings data.txt | grep ===
While there are a few unwanted lines of output, we have successfully located the password to level 10!
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk