Bandit Level 12 Solution

Bandit level 12 is very simple but it’s repetitive and takes some time to finish, where you have to repeat couple of commands over and over again, but let’s start.

Let’s login into bandit level 12 machine with the following SSH command:

ssh bandit12@bandit.labs.overthewire.org -p 2220

Along with the password we got from the previous level

5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

so we know that data.txt contains

cat data.txt 

and we will get the following hex text

so let’s convert it to a file that we can use or it’s called reverse a hex dump, we can use that by a command called xxd, but since we can’t create a file in home directory, we need new directory in /tmp, so let’s create one

mkdir /tmp/testbandit12

then let’s copy data.txt to that directory

cp data.txt /tmp/testbandit12

and then let’s go to that directory

The next step is to reverse the hexdump we have

xxd -r data.txt zippedfile

and now, let’s check the type of the zipped file so we can unzip it

file zippedfile

and we can see that it’s gzip compressed file

zippedfile: gzip compressed data, was "data2.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix

so let’s use gzip command to unzip it, but first, we need to add .gz extension to it, so let’s rename it first

mv zippedfile zippedfile.gz

gzip -d zippedfile.gz

and you would get a zipped file, then let’s check the type of the new file and we would get the following

zippedfile: bzip2 compressed data, block size = 900k

so, it’s a bzip2 file, that we can unzip it with bzip tool

bzip2 -d zippedfile

and you would get the unzipped file as zippedfile.out

Then, we check again for the file type and we would get

zippedfile.out: gzip compressed data, was "data4.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix

so, it’s another gzip, let’s change the extension to gz

mv zippedfile.out zippedfile.gz

and then we do the same command as above

gzip -d zippedfile.gz

let’s check for the type of the new unzipped file

zippedfile: POSIX tar archive (GNU)

so it’s a tar archive, then let’s extract it with tar command

tar -xvf zippedfile

and you would get data5.bin file, let’s check which type the file is

data5.bin: POSIX tar archive (GNU)

so it’s another tar archive , so let’s run the same above command on data5.bin

tar -xvf data5.bin

there goes another data6.bin, so let’s check the file type again

data6.bin: bzip2 compressed data, block size = 900k

so let’s unzip it with bzip command

bzip2 -d data6.bin

just like before, you would get data6.bin.out, then we check for the type again

data6.bin.out: POSIX tar archive (GNU)

and it’s another tar archive, so let’s extract it with tar

tar -xvf data6.bin.out

and you would get data8.bin, we do the same process again

data8.bin: gzip compressed data, was "data9.bin", last modified: Thu May  7 18:14:30 2020, max compression, from Unix

let’s change the name of the file and use gzip command to decompress it

gzip -d data8.gz 

and finally, the last file which is data8 is an ASCII Text, so let’s read the content, and you would get the password for the next level

8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

In general the level is long but it repeats the same 3 or 4 commands for decompressing data inside different zipping format, but it was fairly easy.

Let’s go to the next level