πŸš€
v13vv/GitBook
πŸš€
v13vv/GitBook
  • 🌌About this blog
  • The Author
    • v13vv
  • 2025
    • TryHackMe
    • HackTheBox
    • TheCyberMentor
    • PNPT
    • CPTS
    • AZ-500
  • 2024
    • CTFs
      • idekCTF 2024
        • misc/NM~~PZ~~ - easy
      • 🐭Bandit - OverTheWire
        • Bandit 0
        • Bandit 1 ( level 0->1 )
        • Bandit 2 ( level 1->2 )
        • Bandit 3 ( level 2->3 )
        • Bandit 4 ( level 3->4 )
        • Bandit 5 ( level 4->5 )
      • 🐯Natas - OverTheWire
        • Natas 0
        • Natas 1 ( level 0->1 )
        • Natas 2 ( level 1->2 )
        • Natas 3 ( level 2->3 )
    • Security+ Labs
      • ⛑️CompTIA Security+ - 101Labs.net
        • Lab 41 – Getting a reverse shell on a server through a file upload
        • Lab 42 – Manual privilege escalation using python
    • WEB SECURITY
      • 🍊Web Security Academy - PortSwigger
        • Burp Suite Setup on Kali Linux
        • Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
        • Lab: SQL injection vulnerability allowing login bypass
        • Lab: Reflected XSS into HTML context with nothing encoded
    • NETWORKING
      • 🌊Wireshark Labs - Jim Kurose Homepage
        • Getting Started
    • POST-QUANTUM CRYPTOGRAPHY
      • A Study of Algorithms Development for Post-Quantum Cryptography
        • NIST Post-Quantum Cryptography Standardization
          • Call for Proposals in Security Aspect
          • Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process
          • KEM / Digital Signature
            • Kyber
              • What is Kyber ?
                • Module Learning With Errors (M-LWE)
              • Kyber Cryptanalysis
                • Timing Attack
Powered by GitBook
On this page
  • Level Goal
  • Commands you may need to solve this level
  • Solving
  1. 2024
  2. CTFs
  3. Bandit - OverTheWire

Bandit 5 ( level 4->5 )

PreviousBandit 4 ( level 3->4 )NextNatas - OverTheWire

Last updated 9 months ago

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the β€œreset” command.

Commands you may need to solve this level

Solving

ssh into bandit4:

ssh -p 2220 bandit4@bandit.labs.overthewire.org

As you can see in the img1, we have 10 files in the directory. There's only one file that's our flag, you can brute-forcing and cat all the files out one by one. But learning to get the job done smarter is not a bad attempt right ? We'll be using the file command. This command is mostly used to identify the types of any specific files. In this case, we have our files named '-file..' There's a trick of using wildcard '*' in our command to let them match the files with our condition. Like in this case, we can use:

file ./-file*

The './' before a file name is used to directly refers to the files. And the '*' after the '-file' tells the command to identify all of the files those names started with "-file".

As you can see in the img2, there's only one file which contains ASCII text. That's probably our flag.

There we go, we captured our flag.

4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw

, , , , ,

🐭
ls
cd
cat
file
du
find
OverTheWire: Level Goal
Logo
img1
img2
FLAG !