 Hello, what is going on everybody? My name is John Hammond and welcome back to another over-the-wire video Still looking at the Bandit Wargame Last case last time we were jamming and we are just finished up Bandit level 7. At least we got the password for that so Let's move on to that in the website just to see what are really the prompt is for this and We can SSH into that again using SSH pass Using the file name that we're supplying and saving the password in or you could enter it If you really wanted to copy and paste it and then make sure we're actually using that user for SSH command So let's jump in The prompt here says the password for the next level is stored in the file data.tex next to the word millionth Okay, so we've got data.tex in our home directory and we can cat it out Just to see the output and there's a lot of nonsense random words And what probably is the a potential password on the right-hand side? I'm going to keep pressing Ctrl C until I get my prompt back so You'll notice that the commands you may need to solve this level have changed from the previous one Into this one because we're entering a new phase in the over-the-wire Bandit Wargame grep is going to be our weapon of choice here and grep will print lines in any File or centered output that's piped into the program matching a certain pattern So it's a really awesome quick Find utility for the text that we're working with in our terminal It takes the pattern that we're looking for and the file that we want to Examine as arguments or we can just pipe it in as we've seen so let's actually check out that data.tex again and We want to be looking for the word millionth, right? So grep will return the lines that match that pattern or the match that kind of career thing that we're looking for so we Catted that data.tex out pipe it to grep and We can just apply the pattern that we're looking for and I'm gonna use quotes here Just to kind of make it. I don't know say that this is the string. I'm looking for and I'm gonna look for the word millionth Cool just like that We get a hit millionth is highlighted in red because that's the pattern We were searching for and this must be the password that we needed for the next level. Let's put this in bandit 8 Let's go ahead and connect into that and now we can jump in All right, so what is this prompt? Password for the next level stored in the file data.tex and is the only line of text that occurs only once Hmm. All right. What is data.texed? Lot of nonsense probably potential passwords again so We need to figure out which of these lines is unique and you'll see that there are some things that are kind of similar to that in the Commands you may need to solve this level Category here on the website unique Without a UE at the end is the command we can use to actually Figured this out. So Let's check the man page for that just to determine what it is. It'll remove the repeated lines So let's try it if we pike it into you pipe it into unique. It doesn't look like it makes any change But we don't know why ah if you double check the man page it says filter adjacent matching lines from input Adjacent matching so they've got to be all the ones that actually are the same that that do repeat I've got to be put together so we can do this we can kind of accomplish this with the sort command We'll pipe This into sort now nice. Okay, so now all of the Repeated lines the one that match together are grouped. They are all adjacent now. We can run unique Okay, great. So now we don't have any repeating lines in this output, but how do we know? Which which line of liquor is only once I Don't know if you saw it in the unique man page when you were checking it out But there is an argument tax see that will prefix the number of lines by the number of That preplex prefix all the lines by the number of occurrences or how many times they repeated in this case Since we use sort to put them all together sort them into their Adjacent groups and now we can use unique tax see to see the count number or how many times they did repeat Unique tax see and a lot of these are going ten, but this one only occurs once So that must be what we're looking for we can use grep tack of V to inverts our Query or our pattern matching what we're trying to find in this output is normally when we did it before it would Just return a line that had a one in it But obviously we're gonna match a lot of other things So if we just work a little work a little smarter here we can say let's invert all the lines and Do not do not display anything that matches like the number 10 So we get rid of all those now We only see just that output only the one of the password that we want here cool Let's put this in bandit 9 and We are cruising are we gonna log in yes, okay awesome Bandit 9 into level 10 the passenger for the next level is stored in the data dot text file And one of the hue sorry one of the few human readable strings beginning with several Equal signs, okay, so let's cat out data dot text and it's gross binary Okay, a lot of raw data that we can't really read through so How do we parse through this? Well We can run strings just like we did earlier or at least I kind of mentioned earlier and strings will just Only return the human readable characters or things that look like potential English or potential You know Something that's not all those bytes and all those symbols and all those weird Excuse me all those weird characters, so let's pipe that output right into strings nice and We can see kind of a culprit right here. This is more than very much likely Probably the password for the next level cool looks like the only other line that has All these equal signs at the start is your password or is a We can probably if we wanted to again grep we can keep chaining our pipes Final these equal signs. You can see the password is this thing. Okay? Nice Put that in bandit 10 right and We'll change the File that we're reading out of and the username that we're gonna log in with Next level The password for the next level is stored in the data dot text file which contains base 64 encoded data Okay, so we're logged in ah This probably looks kind of similar to the nonsense we've been seeing for our passwords, but is base 64 encoded And you can tell because of these trailing equal signs That's always the the tell-tale sign that it is base 64 encoding is that it may have Zero or one two or three equal signs trailing because it's used for padding Base 64 has to end as a multiple of four in its length So if you haven't seen base 64 before it's super duper common There is a command line utility base 64 that's built in and we can use that to either encode or decode If you use it with the tack D flag the tack the argument you will decode the data So let's take that output Again catting data dot text so we get it in our standard output stream pipe it into base 64 And remember we use tack D to decode it nice. It says the password is this Let's go ahead and put that in a bandit 11 just so we have it saved and We can log into that In the next video. Thanks for watching guys. Hope you're enjoying these again Just running through a bandit over the wire I hope you learn a little bit of neat stuff and just kind of getting the feel for a man How can you how can you rock the keyboard and just be just a command line cowboy? So alright see you in the next video