Welcome back! Please skim through Part One if you have not recently.
The this is the final article in a two part series that walks users through the linux terminal using a Capture the Flag or wargames style system.
I will not be covering every level of the game, as they start to get well past the scope of getting an introduction. However by the end of this article and series you should feel relatively comfortable with concepts like the pipe flags and navigation around a linux system.
Another planned series will then walk you through installing your own Ubuntu Virtual Machine, and then subsequently breaking down the file system more.
Without further ado, let's begin!
The password for the next level is stored in the file data.txt next to the word millionth
This is an interesting challenge, you have to read the file to find the password. Pretty easy right?
Go ahead and try to use cat to open the data.txt file to find the password.
Well, that will be rather tedius. It's a big file with lots of lines to sort through. So how can you read the file and only output the line that contains that word millionth
Enter grep, quite possibly the single most useful command you will encounter. It has the ability to parse the files and search text for a matching pattern, then print it out to the terminal
The icing on the cake is that you can pipe directly into this command. So what do you think the command would look like?
Go back and look at the other commands we've used and how the pipe fits in there.
How'd you do? How does it compare to what I have?
cat data.txt | grep millionth
What's the breakdown here?
An important note, grep will output ALL matching lines to the terminal.
Go ahead and log into bandit8!
ssh bandit8@localhost -p 2220
The password for the next level is stored in the file data.txt and is the only line of text that occurs only once
Hmm, this is interesting and maybe something you had considered in Level 7, what happens if we want to sort through the file. There are often times you might need to find a unique value, and again. You probably don't want to have to look through all the lines just to find that one, single line that appears only once.
Well, we have twp new commands: [sort]https://linux.die.net/man/1/sort) and uniq
Read through these commands to figure out what they might do and how they might help.
Well let's start with sort, sort allows you to order the file and output it into the terminal. Pretty handy when you have a large file that you need to sort by duplicates.
However, that doesn't remove the duplicates. So we have to pipe it to uniq, but that alone won't do it. We'll still get all of the lines, just merged into one occurence of each. So we're close, read the man pages again. Is there a flag that will allow you to only print the unique lines?
sort data.txt | uniq -u
So based on what we know so far:
You should now be able to log into bandit9!
The password for the next level is stored in the file data.txt in one of the few human-readable strings, beginning with several ‘=’ characters.
Seeing a parttern here? This group of challenges are largely based on parsing a file and then reading the output to get the password to the next level. This is not by accident, it's an important concept in linux as it's a largely text based Operating System.
However this one brings back our old friend 'Human Readable' this means that the text we're looking for is in an ASCII Text format. The difference is that this time, we are not able to use file to determine if the file is readable because we need to search for a string inside of it.
So how can we search and entire file for only the ASCII text and then pipe it to grep to search for the pattern "=="?
Well, another theme today is new commands. So let's take a look at: strings
This seems right on the money! Try and figure it out, remember to use the pipe.
So, what did you come up with? Does it look like this:
strings data.txt | grep '=='
If so, congrats! Log into bandit10!
But, let's break this down.
Go ahead and log into Level 10!
The password for the next level is stored in the file data.txt, which contains base64 encoded data
Hmm, now we're starting to see some fancy words, and indeed this will be the final level that I cover in the context of an introduction to the Linux terminal.
[Base64(https://en.wikipedia.org/wiki/Base64)] is a way to encode ASCII text to keep it from being readable without decoding it. It's not entirely secure if you know what you're looking at and the reasons for doing this are a bit out of scope for this article.
However, the command we need here is the same as what we are trying to decode: base64
Go ahead and check it out, while it sounds scary and complicated. It's rather simple to use the command to decode the text.
cat data.txt | base64 -d
Pretty simple right? As I said, it's not super secure.
This provides you with the level 11 password.
Well, it's been an interesting ride for the lessons we have covered. The goal of this series was not to help you find the answers to the challenge, but to help you understand how to navigate the terminal without needing to install a VM or Operating System that you could utilize. Ofthen times I find that the biggest hurdle for someone wanting to lear is that they run into issues simple setting up an environment to learn with. Now, of course you can keep walking through the challenges but as you see they begin to get much more difficult.
I will be covering these in a future series that goes a bit more in depth.
Hopefully you have learned a little from this series and if you have any feedback please let me know!