Bandit4->5

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory.
Tip: if your terminal is messed up, try the “reset” command.

Commands useful to solve the level

• find
• cat
• file

Helpful Reading Material

• Regular File
• Human Readable File
• GNU findutils documentation

Where to start?

As there isn't a lot of helpful reading material (because the material is already very complete), we must start by opening the find(1) documentation

Now that we got an idea of what the find utility does we need to know exactly what characteristics the file we are looking for has. - it is human-readable. - it is a file

We need to find a way to only for human readable files in a given directory

Part 1 : Finding directory files

During all this level, we are only going to use the find(1) utility. In fact, our solution to this level will consist in one unique call to the find(1) utility. First things first, we need to know how to run the find command to list the directory files

Hint

Look at the starting points section of the find(1) man page.

Solution

When looking in the starting points section of the find(1) man page, we see an optional argument named starting-point. This argument allows the user to specify a starting directory when running the find utility. By default, the starting point is . which is the current directory. So, running find inhere allows us to list the contents of the inhere directory

Part 2 : Listing only the files

Before delving deeper into the find(1) man page to know how we can use find to retrieve the only human-readable file in the inhere directory let's take a closer look at the output we got from running find alone :

bandit4@bandit:~$ find
.
./inhere
./inhere/-file01
./inhere/-file02
./inhere/-file08
./inhere/-file06
./inhere/-file00
./inhere/-file04
./inhere/-file05
./inhere/-file07
./inhere/-file03
./inhere/-file09
./.profile
./.bashrc
./.bash_logout
bandit4@bandit:~$

From that output, we can notice that find lists all the file in the directories and subdirectories, without ignoring hidden files by default. We can notice that it lists all the files and directories contained in the starting point, along with the starting point.

Let's now try to list only the regular files within the inhere directory

Hint

By looking at the section 2 of the gnu findutils documentation can you retrieve a test that tests for regular files?

Solution

The option we're looking for is -type, which allows us to test for the type of file we're looking for. We'll give the -type option the f argument to only look for regular files.
The command we're looking for is find inhere -type f.

Part 3 : Finding the only human readable file

Here is the output from the command find inhere -type f :

bandit4@bandit:~$ find inhere/ -type f
inhere/-file01
inhere/-file02
inhere/-file08
inhere/-file06
inhere/-file00
inhere/-file04
inhere/-file05
inhere/-file07
inhere/-file03
inhere/-file09
bandit4@bandit:~$

We could try to manually run cat on each file but besides being an ugly as hell solution, it presents a security risk. Thankfully, there is a solution which stands in the file(1) utility We now need to find in the file(1) man page how to find the only human readable file within the inhere directory.

Hint

Look into the file(1) and the section 3 of the gnu findutils documentation, see if there is an ACTION in the find(1) page that could let you execute the file command on the file you retrieved

Solution

The ACTION we're looking for is -execdir. We will use the form -execdir command ; as it is safer than the -exec command ; form (see security considerations. As the ; is a metacharacter, we will need to escape it with a \ to pass it to the find command. For the same reason, we'll have to enclose the brackets {} within simple or double quotes

The command we're looking for is : find inhere -type f -execdir file '{}' \;
Here is an output you could get by running this command :

bandit4@bandit:~$ find inhere/ -type f -execdir file "{}" \;
./-file01: data
./-file02: data
./-file08: data
./-file06: data
./-file00: data
./-file04: data
./-file05: data
./-file07: ASCII text
./-file03: data
./-file09: data
bandit4@bandit:~$

We can now run the command cat inhere/-file07 to get the password string

Full Solution

1. find inhere/ -type f -execdir file "{}" \; to find all the regular files in the inhere directory and run the file utility on them
2. cat inhere/-file07 to print the contents of the retrieved file

Bonus : One-liner command

Useful commands:

• bash (or any shell)
• find
• file
• grep
• cat

Hint

To get you started, if you want to find (no pun intended) by yourself, here are a few informations to get you on the right track.

Here are the find options we'll use to achieve our goal : - type - execdir (x2) - quit (optionnal)

Solution

The command is the following :

find inhere/ -type f -execdir bash -c 'file {} | grep text > /dev/null' \; -execdir cat '{}' \; -quit

Here is a step-by-step overview of the command :

1. The first execdir calls execute the command file {} | grep text > /dev/null on each retrieved file in the inhere directory.

The redirection to /dev/null is to ensure that nothing gets printed on stdout, but the important thing here is actually the exit status of the grep command. See bash invocation for informations about the -c option.

1. The second execdir calls cat on the only human-readable file in the inhere directory
2. The quit option allows us to stop the find utility once we found what we're looking for. To understand what it does, you can replace grep by grep -v in the previous command

You can now jump to the next level