OverTheWire: Level Goal
We're hackers, and we are good-looking. We are the 1%. <!-- Please read and accept the Rules! --> Level Goal The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the “r
overthewire.org
The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:
- human-readable
- 1033 bytes in size
- not executable
당연히도 일단 ls -la부터 시작해보자.
bandit5@bandit:~$ ls -la
total 24
drwxr-xr-x 3 root root 4096 Apr 10 14:23 .
drwxr-xr-x 70 root root 4096 Apr 10 14:24 ..
-rw-r--r-- 1 root root 220 Mar 31 2024 .bash_logout
-rw-r--r-- 1 root root 3771 Mar 31 2024 .bashrc
drwxr-x--- 22 root bandit5 4096 Apr 10 14:23 inhere
-rw-r--r-- 1 root root 807 Mar 31 2024 .profile
inhere에 들어가 확인해보자.
bandit5@bandit:~$ cd inhere/
bandit5@bandit:~/inhere$ ls -la
total 88
drwxr-x--- 22 root bandit5 4096 Apr 10 14:23 .
drwxr-xr-x 3 root root 4096 Apr 10 14:23 ..
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere00
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere01
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere02
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere03
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere04
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere05
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere06
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere07
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere08
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere09
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere10
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere11
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere12
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere13
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere14
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere15
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere16
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere17
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere18
drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 maybehere19
전단계랑 느낌이 비슷하지만 안에 있는 내용들이 모두 디렉터리여서 모든 디렉터리 내부 파일들을 확인해보았다.
bandit5@bandit:~/inhere$ file maybehere*/*
maybehere00/-file1: ASCII text, with very long lines (1038)
maybehere00/-file2: ASCII text, with very long lines (9387)
maybehere00/-file3: OpenPGP Secret Key
maybehere00/spaces file1: ASCII text, with very long lines (6117)
maybehere00/spaces file2: ASCII text, with very long lines (6849)
maybehere00/spaces file3: data
maybehere01/-file1: ASCII text, with very long lines (6027)
maybehere01/-file2: ASCII text
maybehere01/-file3: data
maybehere01/spaces file1: ASCII text, with very long lines (4138)
maybehere01/spaces file2: ASCII text, with very long lines (4542)
maybehere01/spaces file3: data
...파일이 매우 많아 어질어질 하다. 파일 조건중에 1033 bytes가 가장 특정하기 좋아보인다.
man ls에 "size"을 검색해봤다.
-s, --size
print the allocated size of each file, in blocks
man ls에 "recrusive"도 검색해봤다.
-R, --recursive
list subdirectories recursively
그렇다면 이걸 모두 합쳐서 1033인걸 찾으면 되지 않을까?
bandit5@bandit:~/inhere$ ls -alRs | grep -C 10 1033
8 -rw-r----- 1 root bandit5 4251 Apr 10 14:23 spaces file2
8 -rwxr-x--- 1 root bandit5 8065 Apr 10 14:23 spaces file3
./maybehere07:
total 56
4 drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 .
4 drwxr-x--- 22 root bandit5 4096 Apr 10 14:23 ..
4 -rwxr-x--- 1 root bandit5 3663 Apr 10 14:23 -file1
4 -rwxr-x--- 1 root bandit5 3065 Apr 10 14:23 .file1
4 -rw-r----- 1 root bandit5 2488 Apr 10 14:23 -file2
4 -rw-r----- 1 root bandit5 1033 Apr 10 14:23 .file2
4 -rwxr-x--- 1 root bandit5 3362 Apr 10 14:23 -file3
4 -rwxr-x--- 1 root bandit5 1997 Apr 10 14:23 .file3
8 -rwxr-x--- 1 root bandit5 4130 Apr 10 14:23 spaces file1
12 -rw-r----- 1 root bandit5 9064 Apr 10 14:23 spaces file2
4 -rwxr-x--- 1 root bandit5 1022 Apr 10 14:23 spaces file3
./maybehere08:
total 56
4 drwxr-x--- 2 root bandit5 4096 Apr 10 14:23 .
4 drwxr-x--- 22 root bandit5 4096 Apr 10 14:23 ..
단 한개의 파일만 특정된다. 파일을 확인해보자.
bandit5@bandit:~/inhere$ cat maybehere07/.file2
[PASSWORD]
정답~
Try
원래 처음에는 find 명령어를 이용해서 찾고 싶었다.
$ find ./maybehere*/* -size 1033c이렇게 진행했는데 아무리 실행해도 안나와서 나중에 복기하다가 왜 find로 안되었을까 했는데
$ bandit5@bandit:~/inhere$ find . -size 1033c
./maybehere07/.file2경로를 .으로 지정하니 아주 잘 나왔다...
원인을 찾아보니 숨김파일은 기본적으로 glob패턴(*)에 포함되지 않는단다.
즉, glob 패턴으로 주어주는 것이 아닌 find 스스로 재귀검색을 하게 만들어야 모든 결과를 확인할 수 있다.
$ bandit5@bandit:~/inhere$ find ./maybehere* -size 1033c
./maybehere07/.file2그래서 이처럼 end-depth 자체를 표현을 안해주면 find가 재귀적으로 찾기 때문에 이런 경우는 잘 찾아오는 것을 볼 수 있다.
'CTF > Bandit' 카테고리의 다른 글
| Bandit Level 7 → Level 8 [7/34] (0) | 2025.05.28 |
|---|---|
| Bandit Level 6 → Level 7 [6/34] (0) | 2025.05.28 |
| Bandit Level 4 → Level 5 [4/34] (0) | 2025.05.27 |
| Bandit Level 3 → Level 4 [3/34] (0) | 2025.05.27 |
| Bandit Level 2 → Level 3 [2/34] (0) | 2025.05.27 |