πŸš€
v13vv/GitBook
πŸš€
v13vv/GitBook
  • 🌌About this blog
  • The Author
    • v13vv
  • 2025
    • TryHackMe
    • HackTheBox
    • TheCyberMentor
    • PNPT
    • CPTS
    • AZ-500
  • 2024
    • CTFs
      • idekCTF 2024
        • misc/NM~~PZ~~ - easy
      • 🐭Bandit - OverTheWire
        • Bandit 0
        • Bandit 1 ( level 0->1 )
        • Bandit 2 ( level 1->2 )
        • Bandit 3 ( level 2->3 )
        • Bandit 4 ( level 3->4 )
        • Bandit 5 ( level 4->5 )
      • 🐯Natas - OverTheWire
        • Natas 0
        • Natas 1 ( level 0->1 )
        • Natas 2 ( level 1->2 )
        • Natas 3 ( level 2->3 )
    • Security+ Labs
      • ⛑️CompTIA Security+ - 101Labs.net
        • Lab 41 – Getting a reverse shell on a server through a file upload
        • Lab 42 – Manual privilege escalation using python
    • WEB SECURITY
      • 🍊Web Security Academy - PortSwigger
        • Burp Suite Setup on Kali Linux
        • Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
        • Lab: SQL injection vulnerability allowing login bypass
        • Lab: Reflected XSS into HTML context with nothing encoded
    • NETWORKING
      • 🌊Wireshark Labs - Jim Kurose Homepage
        • Getting Started
    • POST-QUANTUM CRYPTOGRAPHY
      • A Study of Algorithms Development for Post-Quantum Cryptography
        • NIST Post-Quantum Cryptography Standardization
          • Call for Proposals in Security Aspect
          • Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process
          • KEM / Digital Signature
            • Kyber
              • What is Kyber ?
                • Module Learning With Errors (M-LWE)
              • Kyber Cryptanalysis
                • Timing Attack
Powered by GitBook
On this page
  • Level Goal
  • Commands you may need to solve this level
  • Helpful Reading Material
  • Solving
  1. 2024
  2. CTFs
  3. Bandit - OverTheWire

Bandit 2 ( level 1->2 )

PreviousBandit 1 ( level 0->1 )NextBandit 3 ( level 2->3 )

Last updated 9 months ago

Level Goal

The password for the next level is stored in a file called - located in the home directory

Commands you may need to solve this level

Helpful Reading Material

Solving

ssh into bandit1:

ssh -p 2220 bandit1@bandit.labs.overthewire.org

In this level we'll be dealing with a tricky file name.

As you can see in the img1, we have a file named - (dash). Which we can't just cat it ordinary.

You can see in img2 that the cat command is not reading texts inside the - file. The reason is in the command cat - : the - tells cat to read from stdin rather than a file.

Quick note: stdin refers to standard input. In Unix-like operating systems, it's one of the three standard data streams used for input and output in programs, along with stdout (standard output) and stderr (standard error).

To solve our scenario we can use './' before a file name to directly reference to a file like:

cat ./-

There we go, we captured our flag.

263JGJPfgU6LtdEvgfWU1XP5yac29mFx

, , , , ,

🐭
ls
cd
cat
file
du
find
Google Search for β€œdashed filename”
Advanced Bash-scripting Guide - Chapter 3 - Special Characters
OverTheWire: Level Goal
Logo
img1
img2
FLAG !