This level introduces us to base64 encoding and how to decode it using base64 -d. It’s a simple level, but important to know since base64 is commonly used.
Level Instructions
The password for the next level is stored in the file data.txt, which contains base64 encoded data.
Level Solution
First we have to login via SSH using the previous level’s user bandit10 (using their password truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk which we found in the previous level).
1. Connecting
1
2
3
4
ssh bandit10@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit10@bandit.labs.overthewire.org's password:
Just copy and paste the password
truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLkwhen prompted, and hitENTER. You won’t see a cursor. That’s normal.
2. Searching
We immediately find the data.txt file in our home (~) directory using the ls command:
1
2
bandit10@bandit:~$ ls
data.txt
As we’ve been told the file contains a base64 encoded string already, we could immediately decode it. But let’s first have a quick look at how such a string might look like, by just outputting it do the terminal as it is using cat:
1
2
bandit10@bandit:~$ cat data.txt
VGhlIHBhc3N3b3JkIGlzIElGdWt3S0dzRlc4TU9xM0lSRnFyeEUxaHhUTkViVVBSCg==
Notice that the string ends with a
=character. A base64 encoded string doesn’t always end like that. It only ends with one or two = if they are required to pad the string out to the proper length, but that does happen quite often!
Anyway, let’s decode the file using base64 -d:
1
2
bandit10@bandit:~$ base64 -d data.txt
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
Note that the
-dargument decodes data, while the samebase64command encodes data if it’s run without it.
That’s the “flag” we want to “capture” and the password we need for the next level, i.e. to login with user bandit11.
3. Exiting
1
2
3
bandit10@bandit:~$ exit
logout
Connection to bandit.labs.overthewire.org closed.
Level Flag
IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR