Bandit Level 1 -> Level 3

Level 1 -> Level 2

Level 1 -> Level 2 is much the same as Level 0 -> Level 1 but this time the file containing the password is simply named ‘-‘, if you try to cat the file now nothing happens…

Screen Shot 2017-04-21 at 11.38.23

This is because ‘-‘ is often used to refer to stdin, so cat – would simply display the standard input (in this case the keyboard). This is shown when text is entered into the command line and enter is pressed, whatever text was inputted is simply repeated back to you.

The way around this is to specify that ‘-‘ is actually a file and the easiest way to do this is to give it a path with the prefix ./ . Now if cat ./- is entered the password will be revealed

Screen Shot 2017-04-21 at 11.39.00

Level 2 -> Level 3

This level presents a problem as the file in which the password is stored is named ‘spaces in this filename’, if we were to simply enter cat spaces in this filename, then the system would try to output the files ‘spaces’, ‘in’, ‘this’ and ‘filename’ separately.

Screen Shot 2017-04-21 at 13.20.08

We can tell the system that we want it to see the text as one string by adding quotation marks around the filename. By entering cat “spaces in this filename” we obtain the password and can move on to the next level.

Screen Shot 2017-04-21 at 13.21.07

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s