A simple file with a weird filename hangs the terminal temporarily if we are not careful. Otherwise it’s straight-forward, and the frozen terminal provides an opportunity to try CTRL-C to cancel the operation.
Level Instructions
The password for the next level is stored in a file called - located in the home directory.
Level Solution
First we have to login via SSH using the previous level’s user bandit1 (using their password boJ9jbbUNNfktd78OOpsqOltutMc3MY1 which we found in the previous level).
1. Connecting
1
2
3
4
ssh bandit1@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit1@bandit.labs.overthewire.org's password:
Just copy and paste the password
boJ9jbbUNNfktd78OOpsqOltutMc3MY1when prompted, and hit Enter. You won’t see a cursor. That’s normal.
2. Searching
We know the file is in the user’s home directory, which is usually where we land upon logging in, but we can also double check which directory we are in using the pwd command (i.e. “print working directory”):
1
2
bandit1@bandit:~$ pwd
/home/bandit1
Anyway, let’s continue and find the file we are after:
1
2
3
4
5
6
7
8
bandit1@bandit:~$ ls -la
total 24
-rw-r----- 1 bandit2 bandit1 33 May 7 20:14 -
drwxr-xr-x 2 root root 4096 May 7 20:14 .
drwxr-xr-x 41 root root 4096 May 7 20:14 ..
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
The command
ls -lanot only lists files in the current directory, but all of them, including hidden ones. I.e. files whose name starts with a period, such as .profile above. Just so we don’t miss anything hidden in plain sight. However, in this case we are looking for a file called-which makes it hard to spot at the very top of the directory listing! Even though it’s not a hidden file.
The file - above is what we are after, so let’s see what’s inside using cat:
1
2
bandit1@bandit:~$ cat -
^C
Unfortunately the usual cat command (for outputting a file’s content to the terminal) doesn’t work, as the dash (-) is a special character for providing commands with additional arguments. Thus our input terminal just hangs until we press CTRL-C to cancel the operation. To work around this we need to prefix the filename with ./ which just means the file is in the current directory:
1
2
bandit1@bandit:~$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
That’s the “flag” we want to “capture” and the password we need for the next level, i.e. to login with user bandit2.
3. Exiting
1
2
3
bandit1@bandit:~$ exit
logout
Connection to bandit.labs.overthewire.org closed.
Level Flag
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9