Bandit Level 12 -> Level 13

Level Goal

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work. Use mkdir with a hard to guess directory name. Or better, use the command “mktemp -d”. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Commands you may need to solve this level

grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, file

• `xxd` is used to create a hex dump of a file or standard input.
• `tar`, `bzip2`, and `gzip` are used for working with archives and compressing files.

Helpful Reading Material

• Hex dump on Wikipedia

 

Write up

bandit12@bandit:~$ ls
data.txt
bandit12@bandit:~$ cat data.txt
00000000: 1f8b 0808 dfcd eb66 0203 6461 7461 322e  .......f..data2.
00000010: 6269 6e00 013e 02c1 fd42 5a68 3931 4159  bin..>...BZh91AY
00000020: 2653 59ca 83b2 c100 0017 7fff dff3 f4a7  &SY.............
......

 

There is a hexdump file that we can read.

 

 

bandit12@bandit:~$ xxd -r data.txt > data.bin
-bash: data.bin: Permission denied

 

Using the `xxd -r` option, we can convert the hexdump file into binary. However, we don't have permission to write the file in this directory.

 

 

bandit12@bandit:~$ mktemp -d
/tmp/tmp.cbKQ3E12KS
bandit12@bandit:~$ cd /tmp/tmp.cbKQ3E12KS
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ cp ~/data.txt ./
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data.txt
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ xxd -r data.txt > data.bin
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data.bin  data.txt

 

By using the `mktemp` command, we can create a directory with write permissions.

 

bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ file data.bin
data.bin: gzip compressed data, was "data2.bin", last modified: Thu Sep 19 07:08:15 2024, max compression, from Unix, original size modulo 2^32 574
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ mv data.bin data.bin.gz
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ gzip -d data.bin.gz
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data.bin  data.txt
------------------------------------------------------
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ file data.bin
data.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ mv data.bin data.bin.bz2
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ bzip2 -d data.bin.bz2
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data.bin  data.txt
-------------------------------------------------------
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ file data.bin
data.bin: gzip compressed data, was "data4.bin", last modified: Thu Sep 19 07:08:15 2024, max compression, from Unix, original size modulo 2^32 20480
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ mv data.bin data.bin.gz
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ gzip -d data.bin.gz
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data.bin  data.txt
--------------------------------------------------------
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ file data.bin
data.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ mv data.bin data.bin.tar
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ tar -xf data.bin.tar
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data5.bin  data.bin.tar  data.txt
---------------------------------------------------------
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ file data5.bin
data5.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ mv data5.bin data5.bin.tar
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ tar -xf data5.bin.tar
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data5.bin.tar  data6.bin  data.bin.tar  data.txt
-----------------------------------------------------------
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ file data6.bin
data6.bin: bzip2 compressed data, block size = 900k
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ mv data6.bin data6.bin.bz
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ bzip2 -d data6.bin.bz
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data5.bin.tar  data6.bin  data.bin.tar  data.txt
-------------------------------------------------------------
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ file data6.bin
data6.bin: POSIX tar archive (GNU)
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ mv data6.bin data6.bin.tar
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ tar -xf data6.tar
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data5.bin.tar  data6.bin.tar  data8.bin  data.bin.tar  data.txt
------------------------------------------------------------------
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ file data8.bin
data8.bin: gzip compressed data, was "data9.bin", last modified: Thu Sep 19 07:08:15 2024, max compression, from Unix, original size modulo 2^32 49
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ mv data8.bin data8.bin.gz
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ gzip -d data8.bin.gz
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ ls
data5.bin.tar  data6.bin.tar  data8.bin  data.bin.tar  data.txt
-----------------------------------------------------------------
bandit12@bandit:/tmp/tmp.cbKQ3E12KS$ cat data8.bin
The password is FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn

 

 

After completing repetitive file decompression, we can finally retrieve the password.

 

 

Next Level : Level 13 -> 14