OverTheWire - Bandit - Level 5

Level Goal

The password for the next level is stored in the only human-readable file in the inhere directory. Tip: if your terminal is messed up, try the "reset" command.

Commands you may need to solve this level

• ls
• cd
• cat
• file
• du
• find

Helpful Reading Material

• None provided, however I recommend reading up on the file command.
• I also recommend reading up on bash scripting.

---

This one is a combination of everything we have learned so far with a twist. Now there are multiple files for us to sift through and not all of them will contain human readable data. Your first thought may be to just list the contents of each file one at a time - which is a plausible scenario for the small number of files we are working with. Your command could look something like this:

cat '~/inhere/-file00'

Don't forget to surround the file name with quotes because it has a special character used to denominate flags.
Instead of manually typing this out until we find the correct one we could write ourselves a bash script that would look like the following:

for OUTPUT in `ls ./inhere`; do cat "./inhere/$OUTPUT"; done;

For each file found by using ls we cat it out. You should be able to find the password based on the previous levels - but this isn't the cleanest way to solve this level.
Now let's introduce the file command. The man entry for this command states that it is used to determine a files type. Enter the following command:

file ~/inhere/*

You will see the different types of all of the files in the directory. Several files that show they are data files and only one file shows it is ASCII text - which will be our password holding file. You can then cat this single file.
Ideally we would be able to make a single script that would iterate over the files returned from this command and then cat out the contents of that file if it was not a data file type. It would be similar to the script above except instead of cat we would use file initially and then check what was returned. I have not been able to come up with the complete script but I think it would be similar to the following:

for OUTPUT in `ls ./inhere`; do file "./inhere/$OUTPUT"; done;

You may notice that this provides the same output as the original file command - which makes sense because we are scripting the same thing. Note that this isn't a complete script yet, what needs to happen now is we need to check the return of the file command for data and print out the contents if it is not a data file type. Or find a flag that the file command that filters file types. If anyone has any other suggestions, feel free to leave them in the comment section below. EDIT: I think I've found a solution that will do it all in one that relies on grep, sed and gawk. grep is used to remove all of the data entries so we only process files that are in ASCII form. sed is used to remove the ':' that file appends to the file name. gawk is used to print the value to the stream used by cat to display the password. In the end the command looks like this:

for OUTPUT in `ls ./inhere`; do file "./inhere/$OUTPUT" | grep -v "data" | 
cat `sed s/":"//g | gawk '{print $1}'`;done;

Not the simplest of solutions, or the prettiest, but if you wanted to only print the password, this is the command sequence I used. Use the password to log into bandit5.