We need to work with a hidden file for the first time, although we have been seeing them for a while already if you’ve been following along. And we get the chance to try cd .. as well as running commands from both within and outside directories; a feature graphical interfaces lack.
Level Instructions
The password for the next level is stored in a hidden file inside the inhere directory.
Level Solution
First we have to login via SSH using the previous level’s user bandit3 (using their password UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK which we found in the previous level).
1. Connecting
1
2
3
4
ssh bandit3@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit3@bandit.labs.overthewire.org's password:
Just copy and paste the password
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luKwhen prompted, and hitENTER. You won’t see a cursor. That’s normal.
2. Searching
We know the file is in a directory called inhere so let’s start by finding that directory first, and then we worry about the file. For example, by searching for all directories with the exact name inhere:
1
2
bandit3@bandit:~$ find inhere -type d
inhere
The argument
-type dfocuses the search on directories only, no other file types.
That was easy! The directory we are after is in the same directory we are already in (i.e. inside the user’s home), which means we would also see it if we just list all files where we are:
1
2
bandit3@bandit:~$ ls
inhere
In this case there is no need to add the
-laarguments, since the directory itself is not hidden - only the file we are after that’s inside it.
Anyway, now we need to look inside that directory. We can do that from where we are (even though we are outside it), or by first going inside it. Both methods provide the same result:
1
2
3
4
5
6
bandit3@bandit:~$ ls -la inhere/
total 12
drwxr-xr-x 2 root root 4096 May 7 20:14 .
drwxr-xr-x 3 root root 4096 May 7 20:14 ..
-rw-r----- 1 bandit4 bandit3 33 May 7 20:14 .hidden
bandit3@bandit:~$
We can see the hidden file called .hidden there, even though we still have not moved inside the directory - which would have been necessary with a graphical operating system like Windows or MacOS. But if we do want to move into the directory first, we can still do that, using the cd command (to “change directory”):
1
2
3
4
5
6
7
bandit3@bandit:~$ cd inhere/
bandit3@bandit:~/inhere$ ls -la
total 12
drwxr-xr-x 2 root root 4096 May 7 20:14 .
drwxr-xr-x 3 root root 4096 May 7 20:14 ..
-rw-r----- 1 bandit4 bandit3 33 May 7 20:14 .hidden
bandit3@bandit:~/inhere$
The file named .hidden above is what we are after, so let’s see what’s inside using cat - which we can also run both from outside and inside the directory where the file is. To demonstrate that, let’s first step back out of the directory using cd ..:
1
2
bandit3@bandit:~/inhere$ cd ..
bandit3@bandit:~$
Then we can run cat to output the content of the file to the terminal, first one time from outside the directory, and then one more time after stepping into it with cd:
1
2
3
4
5
6
7
8
bandit3@bandit:~$ cat inhere/.hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit3@bandit:~$
bandit3@bandit:~$
bandit3@bandit:~$ cd inhere/
bandit3@bandit:~/inhere$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit3@bandit:~/inhere$
Note the gap of 2 lines after the first output? All I did was hit
ENTERtwice without typing anything in order to create some visual separation and make it easier to read. It’s not necessary, but a useful trick to know.
As you can see, the output from cat is the same regardless “from where” we run the command - as long as we provide the correct path to the file we are targeting.
That’s the “flag” we want to “capture” and the password we need for the next level, i.e. to login with user bandit4.
3. Exiting
1
2
3
bandit3@bandit:~/inhere$ exit
logout
Connection to bandit.labs.overthewire.org closed.
Level Flag
pIwrPrtPN36QITSp3EQaw936yaFoFgAB