본문 바로가기
Security/CTF

Bandit Level 7 → Level 8 [7/34]

by LimSeongHyeon 2025. 5. 28.
 

OverTheWire: Level Goal

We're hackers, and we are good-looking. We are the 1%. <!-- Please read and accept the Rules! --> Level Goal The password for the next level is stored in the file data.txt next to the word millionth Commands you may need to solve this level man, grep, sort

overthewire.org

 

The password for the next level is stored in the file data.txt next to the word millionth

 

 

디렉터리에 뭐가 있는지 확인해보자.

bandit7@bandit:~$ ls -al
total 4108
drwxr-xr-x  2 root    root       4096 Apr 10 14:23 .
drwxr-xr-x 70 root    root       4096 Apr 10 14:24 ..
-rw-r--r--  1 root    root        220 Mar 31  2024 .bash_logout
-rw-r--r--  1 root    root       3771 Mar 31  2024 .bashrc
-rw-r-----  1 bandit8 bandit7 4184396 Apr 10 14:23 data.txt
-rw-r--r--  1 root    root        807 Mar 31  2024 .profile

저 data.txt에 있는거 같긴한데 용량이 매우 큰걸보니 저 안에서 찾는 내용인 것 같다.

 

 

한번 열어보자.

bandit7@bandit:~$ cat data.txt
depression	q6X32st9sACqlScKXQlX2wbcvFecp9BP
Claudette's	ykUWZY6KIy4bMKQild2792kmmU8GRXJV
foretasting	oHqgsHvmgyVlDUouOx9FfhoLGJpUV23I
dedication's	qSxXzVzrcCnpN5wuwvjWiS2rMom0xrx0
dawns	mgdbA0BDN0O81gOhKgMPhGa1OVgQS75j
fastest	jsKmzlTkqa7v7guSLcr8Hek23xlOzJZq
...

수많은 name - password 매핑이 존재하는것으로 보인다.

 

 

혹시 bandit이라는 이름으로 비밀번호가 있지 않을까?

bandit7@bandit:~$ cat data.txt | grep bandit
banditry	4fH2d9iDscFeEiFC897ZjxLCJJeeoVKQ
bandit	4PFBJzedXqJxZS1uXLsZxOxlugr6pevm
bandits	NOGfAQ44mOiEA8SKs9rTZufFffB49iuN
bandit's	wC3a1ESe6FDhfYLQVQbFBcZpG6cDxbxH
banditry's	Jqj3jFBINUjxImTKc9HfalVVfCYMb7hO
banditti	V7WYBAxTX2YOlH4tux8UQ8wXzVzJrGO9

 

 

bandit이름에 매핑이 있어 ssh 연결에 시도해보았지만 실패

$ ssh -p 2220 bandit8@bandit.labs.overthewire.org
                         _                     _ _ _   
                        | |__   __ _ _ __   __| (_) |_ 
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_ 
                        |_.__/ \__,_|_| |_|\__,_|_|\__|
                                                       

                      This is an OverTheWire game server. 
            More information on http://www.overthewire.org/wargames

bandit8@bandit.labs.overthewire.org's password: 
Permission denied, please try again.
bandit8@bandit.labs.overthewire.org's password:

 

 

문제를 다시 읽어보니 "... next to the word millionth" 문제를 잘 읽도록 하자..

bandit7@bandit:~$ cat data.txt | grep "millionth"
millionth	[PASSWORD]

 

'Security > CTF' 카테고리의 다른 글

Bandit Level 8 → Level 9 [8/34]  (0) 2025.05.28
Bandit Level 6 → Level 7 [6/34]  (0) 2025.05.28
Bandit Level 5 → Level 6 [5/34]  (0) 2025.05.28
Bandit Level 4 → Level 5 [4/34]  (0) 2025.05.27
Bandit Level 3 → Level 4 [3/34]  (0) 2025.05.27

관련글

티스토리툴바