 All right, what's up? Welcome back ladies and gentlemen. I hope you're enjoying these series on a bandit over the wire The my name is John Hammond, and we're just gonna jump right back in So weird to fit in the intro, you know, all right, let's go to level three. It's where we just left off We just stored the password in our bandit 3 file So we can SSH pass tack P using that file that we've got the password stored in and changing the user So we actually SSH into that correct user Great Cool, we're logged in. So the prompt here is a password for the next level stored in a hidden file in the in here directory Okay, so we can see the in here directory just in our home directory You can CD to change directory into there and see our prompt changes and we LS but there's nothing in here seemingly It says we can use these commands to solve this level so I'm gonna assume that it's a hidden file And we can view those with LS You can say LS tack a your tack tack all do not ignore entries starting with the period because those are hidden files Typically in Linux LS tack a and there's a dot hidden file We can cut this out And there's a password for the next level cool. Let's break out a list do a nano bandit 4 and Now we can change the password keep moving Great. We're logged in. All right. How do we solve this one? Passive the next level stored in the only human readable file in the in here directory Okay What have we got all of these files? Oh, they all have a hyphen. So that's not fair Kind of using the same trick from the previous level. It was either level two or level three But we were able to use the period and a forward slash to denote files in the current directory that we want to look at Looks like if I wanted to cat file zero zero There's a lot of nonsense not really what we're looking for okay, so we can run file and Use a dot period and forward slash just a period and a dot same thing And we'll use the asterisk here to denote all of the files in the home directory Okay, so it's seeing that all of these are data and file 07 is ASCII text So a little bit of a deductive reasoning we can probably assume that file 07 is What we wanted to see here, but if we were to just try and cat out all the others It had said if your terminals messed up try the reset command That's something worth noting if you ever accidentally just cat out a binary file or stuff with like real data That just won't display in your terminal run the reset command. You'll almost always get your shell back all right, we could have just used find I think and I I think that's one way to do it other than this is a small way because I don't know if find will Actually give you human readable files normally when I search for finds a man page or the manual for readable It just things that matches files that are actually like readable as in you have the privilege and the user like a Access control to be able to read that file So if you know using find to find human readable files, that would be a good way to do it strings is also a good one in this case You can strings everything Remember we have to use the dot forward slash Because all of these files are starting with the hyphen here So if we were to run strings at dot forward slash everything it will find this password Which we assumed as we know was in file 07. Yep. Okay, cool Let's jot that down and band it five now, right? Yeah, okay, cool, and we'll jump into that level of a five Okay, so now we're actually gonna start to use the find command and use it for real Use it for its real goodness We know that okay in here and this in here directory. There are other Other directories like maybe here's zero zero, etc, etc, etc You can you know run the find command on its own just to kind of see all of the files that you're now looking at because Fine will recursively display all the files and directories that it sees With the path that you specify if I were to say starting at the root directory It'll run through everything in the system But by default fine will just work in your current working directory or the period here find dot Okay, so we want to be able to find a file that is human readable So we'll just assume here a specific number of bytes and size and not executable So not really like a kind of program We can run things like LS tack L to see the size of some directories or some files here and LS also has a tack capital R Functionality or argument or flag that will recursively look through that that's what that capital R is Recursively look through sub directories and folders here So if we were to combine those you can use tack L R Capital R and you can see okay here are the bytes that some of these has All these files have as they are being explored in each of their own sub directories, etc We could kind of go by hand here and find okay What actually has a thousand and thirty three bytes as a part of its size? And isn't executable. So isn't no mark mark green here with LS colors Or with that X for the executable bit in LS tack L displaying the permissions here So let's go ahead and try to find command. I'm gonna check out the man page to see we know that readable I'm searching by pressing the forward slash by the way. That's just a sweep down to find things in Man pages or when you have things queried and like in the less and buffered just like this readable work just like that We know there's something executable that we wanted to find So there is a tack executable that will match files that are executable But we want to find things that aren't executable. So how do we do that? We had searched for not but that doesn't really help us You're gonna have a lot of occurrences of not in this case I Saw it later on as I was seeing the readable page. I thought I saw some examples Okay, if you keep scrolling down and down and you'll see in the man page here are some examples of what you can run and some of them it looked like are using this Exclamation point to say not here this one this one right here Search for files which are executable but not readable. So this backslash exclamation point comes right before the readable flag So it's trying to say not readable. We can probably use ain't not executable to find the file that we're looking for and We knew we wanted a specific size. So I'm using size number of and The things or end units see for bytes So we'll use and the number that we want and then see following it to say that many bytes So we were to run find we can say our current directory with a period We don't have to and then we can say that backslash exclamation point to say not executable and then size a 1033 bytes Okay, and we get one immediate result. Maybe hero seven dot file two Let's check it out. You can go ahead and cat this file and There's our password you can see a lot of white space that it was included just to probably could make that size Requirement just for the difficulty of the of the wargame here, but let's note this as Bandit six I'm using control D to break out of The SSH connection that quickly Okay, now we're moved into level six What is the prompt here? The password for the next level is stored somewhere on the server and has the following properties. Okay Well, let's see how we can figure out get the size and user in group hmm Check out the manned man page to define command again Might be able to search for the word user. Okay user Just like that is owned by user username So that makes things easy what about group Group just like that Same kind of syntax. Okay, so we want find From the root directory because it's somewhere on the server, right? We'll use size 33 bytes User can be bandit seven Yep, and owned by group Bandit six do we get a hit Got a lot of permission denied errors. Okay. Okay. Oh, hey, we found something that doesn't have a permission not error but the permission denied kind of makes it hard to be able to see some of the stuff so let's That permission denied output is actually coming on the standard error stream So when we talked earlier about the cat command and the cat hyphen that hyphen was denoting the file descriptor for standard input The all the input and things you do on your keyboard standard output is all the stuff you see on the screen But standard error is similar to standard output and that you see it on the screen But it's reserved for error messages and bad things So that the file descriptor and the number for that is actually number two So whenever you want to try and hide all those errors permission denied or no such file directory You can take at the very very end of the command you were running the number two and then redirect it with that Greater than symbol and let's put it in the digital garbage can that's a device forward slash dev write for devices and null forward slash dev forward slash null and Now if we run that command, we won't have all those all those permission denied errors and we'll just get one result cat this out and There's our password for Bandit 7 sweet. Let's put that right here and Now we're rocking to Bandit 7. Thank you guys for watching. Hope you're enjoying these Hope you're learning some new things. I hope I'm not going too fast because I know I am Assuming you know some things and not assuming that you don't and just hoping that you'll follow through but hey Thanks for watching regardless. Please let me know what can be improved on and what you'd like to see more of so soon the next video