{"id":353,"date":"2015-01-10T06:42:55","date_gmt":"2015-01-10T06:42:55","guid":{"rendered":"https:\/\/www.hackmethod.com\/?p=353"},"modified":"2022-06-03T05:40:41","modified_gmt":"2022-06-03T05:40:41","slug":"overthewire-bandit-7","status":"publish","type":"post","link":"https:\/\/hackmethod.com\/overthewire-bandit-7\/","title":{"rendered":"Overthewire \u2013 Bandit 7"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;section&#8221; _builder_version=&#8221;3.22&#8243;][et_pb_row admin_label=&#8221;row&#8221; _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text admin_label=&#8221;Text&#8221; _builder_version=&#8221;4.7.4&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221; hover_enabled=&#8221;0&#8243; sticky_enabled=&#8221;0&#8243;]<strong><span style=\"color: #666666;\">Recap of Level 6:<\/span>\u00a0<\/strong>Went over finding files by their extension types and very briefly went over I\/O operators.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"http:\/\/overthewire.org\/wargames\/bandit\/bandit7.html\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Bandit Level 7<\/strong><\/a><\/p>\n<h4><strong>Objective:<\/strong><\/h4>\n<p>Find the password to the next level<\/p>\n<h4><strong>Intel Given:<\/strong><\/h4>\n<ul>\n<li>The password for the next level is stored <strong>somewhere on the server<\/strong><\/li>\n<li>Has the following properties: &#8211; owned by user bandit7 &#8211; owned by group bandit6 &#8211; 33 bytes in size<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<h4><strong>How to:<\/strong><\/h4>\n<p>This is exactly like the last lesson and you should be able to easily figure this out by altering the last command with a few new switches from the find man page.<\/p>\n<p>The new concept I&#8217;m going to teach you is error redirection.\u00a0 You may have noticed the problem below when typing our find command from the top most directory.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"354\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-7\/bandit7-1\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png?fit=552%2C643&amp;ssl=1\" data-orig-size=\"552,643\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit7.1\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png?fit=258%2C300&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png?fit=552%2C643&amp;ssl=1\" class=\"aligncenter wp-image-354 size-full\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png?resize=552%2C643&#038;ssl=1\" alt=\"bandit7.1\" width=\"552\" height=\"643\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png?w=552&amp;ssl=1 552w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png?resize=258%2C300&amp;ssl=1 258w\" sizes=\"(max-width: 552px) 100vw, 552px\" \/><\/a><\/p>\n<p>Why do we need to find from the top directory? Well check out our intel. Its stored SOMEWHERE on the server, which means not just in our home folder. Because we&#8217;re searching outside of the bandit6 home folder and we&#8217;re looking into every file on\u00a0the system we don&#8217;t have read\u00a0permissions for everything.\u00a0As a result we get a lot of Permission denied errors which is ugly. We could scroll through all of this but as I&#8217;ve already told you. I&#8217;m lazy. So I introduce to another form of I\/O redirection.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"355\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-7\/bandit7-2\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png?fit=629%2C55&amp;ssl=1\" data-orig-size=\"629,55\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit7.2\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png?fit=300%2C26&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png?fit=629%2C55&amp;ssl=1\" class=\"aligncenter wp-image-355 size-full\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png?resize=629%2C55&#038;ssl=1\" alt=\"bandit7.2\" width=\"629\" height=\"55\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png?w=629&amp;ssl=1 629w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png?resize=600%2C52&amp;ssl=1 600w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png?resize=300%2C26&amp;ssl=1 300w\" sizes=\"(max-width: 629px) 100vw, 629px\" \/><\/a><\/p>\n<p>Essentially by typing <code>2&gt;\/dev\/null<\/code> you are saying send the errors to \/dev\/null. <code>2&gt;<\/code> is the redirection operator for standard error (stderr for short). For the sake of simplicity think of <code>\/dev\/null<\/code> as a shredder, it just deletes what is sent to it. Notice we have a nice clean output with no errors and only the file that meets those parameters. Now we do a quick verification of the parameters to make sure we have the correct file.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"356\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-7\/bandit7-3\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png?fit=538%2C54&amp;ssl=1\" data-orig-size=\"538,54\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit7.3\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png?fit=300%2C30&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png?fit=538%2C54&amp;ssl=1\" class=\"aligncenter wp-image-356 size-full\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png?resize=538%2C54&#038;ssl=1\" alt=\"bandit7.3\" width=\"538\" height=\"54\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png?w=538&amp;ssl=1 538w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png?resize=300%2C30&amp;ssl=1 300w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png?resize=534%2C54&amp;ssl=1 534w\" sizes=\"(max-width: 538px) 100vw, 538px\" \/><\/a><\/p>\n<p>We see the owner is username bandit7, the group its assigned to is bandit6 its and its 33 bytes in size. cat this file to advance to the next level.<\/p>\n<h4><strong>Conclusion:<\/strong><\/h4>\n<p>We learned a little bit more about I\/O redirection. Have you caught on yet that this is powerful and something to look into? We also learned about \/dev\/null and how we can use it to send errors to it to clean up our search process.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=&#8221;1_2,1_2&#8243; _builder_version=&#8221;4.7.4&#8243; _module_preset=&#8221;default&#8221;][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.7.4&#8243; _module_preset=&#8221;default&#8221;][et_pb_image src=&#8221;https:\/\/hackmethod.com\/wp-content\/uploads\/2020\/12\/Previous.png&#8221; alt=&#8221;Previous Level&#8221; title_text=&#8221;Previous&#8221; url=&#8221;https:\/\/hackmethod.com\/overthewire-bandit-6&#8243; _builder_version=&#8221;4.7.4&#8243; _module_preset=&#8221;default&#8221;][\/et_pb_image][\/et_pb_column][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.7.4&#8243; _module_preset=&#8221;default&#8221;][et_pb_image src=&#8221;https:\/\/hackmethod.com\/wp-content\/uploads\/2020\/12\/Next.png&#8221; alt=&#8221;Next Level&#8221; title_text=&#8221;Next&#8221; url=&#8221;https:\/\/hackmethod.com\/overthewire-bandit-8&#8243; align=&#8221;right&#8221; _builder_version=&#8221;4.7.4&#8243; _module_preset=&#8221;default&#8221;][\/et_pb_image][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recap of Level 6:\u00a0Went over finding files by their extension types and very briefly went over I\/O operators. &nbsp; Bandit Level 7 Objective: Find the password to the next level Intel Given: The password for the next level is stored somewhere on the server Has the following properties: &#8211; owned by user bandit7 &#8211; owned [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":354,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"<strong><a href=\"https:\/\/www.hackmethod.com\/bandit-6\/\">Recap of Last\u00a0Lesson<\/a>:\u00a0<\/strong>Went over finding files by their extension types and very briefly went over I\/O operators.\r\n\r\n<a href=\"http:\/\/overthewire.org\/wargames\/bandit\/bandit7.html\" target=\"_blank\"><strong>Bandit Level 7<\/strong><\/a>\r\n\r\n<strong>Objective<\/strong>\r\n\r\nFind the password to the next level\r\n\r\n<strong>Intel Given<\/strong>\r\n\r\n&nbsp;\r\n<ul>\r\n\t<li>The password for the next level is stored <strong>somewhere on the server<\/strong><\/li>\r\n\t<li>Has the following properties: - owned by user bandit7 - owned by group bandit6 - 33 bytes in size<\/li>\r\n<\/ul>\r\n<!--more-->\r\n\r\n<strong>How to<\/strong>\r\n\r\nThis is exactly like the last lesson and you should be able to easily figure this out by altering the last command with a few new switches from the find man page.\r\n\r\nThe new concept I'm going to teach you is error redirection.\r\n\r\nYou may have noticed the problem below when typing our find command from the top most directory.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png\"><img class=\"aligncenter wp-image-354 size-full\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png\" alt=\"bandit7.1\" width=\"552\" height=\"643\" \/><\/a>\r\n\r\nWhy do we need to find from the top directory? Well check out our intel. Its stored SOMEWHERE on the server, which means not just in our home folder. Because we're searching outside of the bandit6 home folder and we're looking into every file on\u00a0the system we don't have read\u00a0permissions for everything.\u00a0As a result we get a lot of Permission denied errors which is ugly. We could scroll through all of this but as I've already told you. I'm lazy. So I introduce to another form of I\/O redirection.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png\"><img class=\"aligncenter wp-image-355 size-full\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.2.png\" alt=\"bandit7.2\" width=\"629\" height=\"55\" \/><\/a>\r\n\r\nEssentially by typing '2&gt;\/dev\/null' you are saying send the errors to \/dev\/null. '2&gt;' is the redirection operator for standard error (stderr for short). For the sake of simplicity think of \/dev\/null as a shredder, it just deletes what is sent to it. Notice we have a nice clean output with no errors and only the file that meets those parameters. Now we do a quick verification of the parameters to make sure we have the correct file.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png\"><img class=\"aligncenter wp-image-356 size-full\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.3.png\" alt=\"bandit7.3\" width=\"538\" height=\"54\" \/><\/a>\r\n\r\nWe see the owner is username bandit7, the group its assigned to is bandit6 its and its 33 bytes in size. cat this file to advance to the next level.\r\n\r\n<strong>Conclusion<\/strong>\r\n\r\nWe learned a little bit more about I\/O redirection. Have you caught on yet that this is powerful and something to look into? We also learned about \/dev\/null and how we can use it to send errors to it to clean up our search process.","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[44,1],"tags":[43,45,50],"class_list":["post-353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-overthewire","category-uncategorized","tag-bandit","tag-overthewire","tag-tutorial"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/01\/bandit7.1.png?fit=552%2C643&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5zY4D-5H","_links":{"self":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/comments?post=353"}],"version-history":[{"count":14,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/353\/revisions"}],"predecessor-version":[{"id":27497,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/353\/revisions\/27497"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media\/354"}],"wp:attachment":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media?parent=353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/categories?post=353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/tags?post=353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}