OverTheWire - Bandit: Level 13 to Level 14

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv

For we do as the hint says:

1 $ mkdir /tmp/shoujin
2 $ cd /tmp/shoujin
3 $ cp ~/data.txt .

Next we have to undo the hexdump, since the file contains ascii characters we have to translate it back into binary data. This can be done using the xxd tool. Then we can use file to determine the compression algorithm used.

1 $ xxd -r data.txt data
2 $ file data
3 data: gzip compressed data, was "data2.bin", last modified: Thu Oct  5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 573

Let’s rename the file and un-gzip it. And the, take look what file we got.

1 $ mv data data2.bin.gz
2 $ gzip -d data2.bin.gz
3 $ file data2.bin
4 data2.bin: bzip2 compressed data, block size = 900k

This is now done until we get to the original file:

1 $ bzip2 -d data2.bin
2 $ file data2.bin.out
3 data2.bin.out: gzip compressed data, was "data4.bin", last modified: Thu Oct  5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 20480
4 $ mv data2.bin.out data2.bin.gz
5 $ gzip -d data2.bin.gz
6 $ file data2.bin
7 data2.bin: POSIX tar archive (GNU)
8 $ tar -xf data2.bin
9 $ file data5.bin
10 data5.bin: POSIX tar archive (GNU)
11 $ tar -xf data5.bin
12 $ file data6.bin
13 data6.bin: bzip2 compressed data, block size = 900k
14 $ mv data6.bin data6.bin.bzip
15 $ bzip2 -d data6.bin.bzip
16 $ file data6.bin.bzip.out
17 data6.bin.bzip.out: POSIX tar archive (GNU)
18 $ tar -xf data6.bin.bzip.out
19 $ file data8.bin
20 data8.bin: gzip compressed data, was "data9.bin", last modified: Thu Oct  5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 49
21 $ mv data8.bin data9.gz
22 $ gzip -d data9.gz
23 $ file data9
24 data9: ASCII text

Finally we reached the text file containing the password:

1 $ cat data9
2 The password is wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw

Kategorien: #/writeups/; #/overthewire/

Tags: #/security/; #/hacking/; #/bash/; #/linux/; #/ctf/

1	$ xxd -r data.txt data
2	$ file data
3	data: gzip compressed data, was "data2.bin", last modified: Thu Oct 5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 573

1	$ mv data data2.bin.gz
2	$ gzip -d data2.bin.gz
3	$ file data2.bin
4	data2.bin: bzip2 compressed data, block size = 900k

1	$ bzip2 -d data2.bin
2	$ file data2.bin.out
3	data2.bin.out: gzip compressed data, was "data4.bin", last modified: Thu Oct 5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 20480
4	$ mv data2.bin.out data2.bin.gz
5	$ gzip -d data2.bin.gz
6	$ file data2.bin
7	data2.bin: POSIX tar archive (GNU)
8	$ tar -xf data2.bin
9	$ file data5.bin
10	data5.bin: POSIX tar archive (GNU)
11	$ tar -xf data5.bin
12	$ file data6.bin
13	data6.bin: bzip2 compressed data, block size = 900k
14	$ mv data6.bin data6.bin.bzip
15	$ bzip2 -d data6.bin.bzip
16	$ file data6.bin.bzip.out
17	data6.bin.bzip.out: POSIX tar archive (GNU)
18	$ tar -xf data6.bin.bzip.out
19	$ file data8.bin
20	data8.bin: gzip compressed data, was "data9.bin", last modified: Thu Oct 5 06:19:20 2023, max compression, from Unix, original size modulo 2^32 49
21	$ mv data8.bin data9.gz
22	$ gzip -d data9.gz
23	$ file data9
24	data9: ASCII text

1	$ cat data9
2	The password is wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw