1. Home
  2. Training Library
  3. Programming
  4. Programming Courses
  5. Penetration Testing and Privilege Escalation with Bandit

Bandit Strings Grep

Contents

keyboard_tab

The course is part of this learning path

Start course
Overview
Difficulty
Intermediate
Duration
3h 8m
Students
24
Description

This course will walk you through a variety of exercises and techniques as part of a capture the flag (CTF) game called Bandit. This will make sure that you have the necessary skills in Linux in order to excel in penetration testing and privilege escalation.

Transcript

Hi. Within this lecture, we're going to continue our Bandits, capture the flag series over here. So, we're currently in Bandit 7 and  we want to go to the Bandit 8. And here we go. We have the password for the next level story in the data.txt and it's next to the word millionth. So, let's see what it means. It's next to the word millionth.

So, I'm going to come over here and just take a look at it and then we'll figure it out because as you can see, for the command tips, we have a lot of things going on over here like grab, sort, uniq, strings. So, I believe it's getting harder at this point. So, let's try to figure this out and we will see what tools that we can use for this lecture or for this challenge as well. And if you don't know what all of those things do, we're going to just take a look at them once we need them one by one. Don't worry about it.

So, I'm here in the Bandit 7 and obviously, I lost my connection for some reason. Thankfully, we have this password saved over here so I'm going to try to exit out of this one or just close it down and open a new terminal. I'm going to connect it one more time, I believe because I cannot write anything right now so if you come across in a situation like this, don't worry. It happens. So, let me just close this down and come over here and try to ssh into this file or the server. And I'm going to write ssh bandit7 and the host should be, let me just get the host from level 7 bandit.labs.overthewire.org. Here we go. Let me copy this one and paste it over here and the port was 2220. And let me get the password from our Bandit folder over there. Let me cut the password.txt and here you go. This is Bandit 7 password. Let me copy this and let me come over here and paste this and finally, we are inside of the Bandit 7.

So, let me go back to Bandit 7 to Bandit 8 tips. So, let me try to run ls -la. Here we go. We have the data.txt but as you can see, it's actually a very big file. I believe this is for Mac and if it only contains texts or string, something like that. We have a lot of things going on over here. Let me try to catch this and here you go. We have like thousands or maybe even millions of data over there. So, it will be very hard to find the password because as you can see, it's all hashed. We have a lot of hashes going on over here. So, we have to find something. Of course, we can try to just find it. We have a Find in the terminal as well. We can try to search for millionth but we cannot see it because I believe for some reason, we cannot see the whole data because it's too big. Maybe, we didn't even get the whole response from the server for some reason because it's too big so we actually want to specifically get the line that has the millionth inside of it. So, in order to do that, maybe, we can just cut this out or we can use strings in order to find the related data. So, we have the grep. We have the strings. Let me show you how strings work.

So, if you write strings data.txt, we can see the actual output one more time. But by using strings, we can handle these lines individually so that we can use this piping sign. So, if you haven't used this before, you can do this with alt and - or option or - on Mac. This means that the left side of the left side of the pipe is the output. And we're taking the strings data.text output and we're trying to give this to input of the right side of the piping sign. So, whatever we write at the right side of the piping sign, we'll be taking the input from the left side of the piping side. So basically, we are getting this data from the strings data.txt comment and giving this as an input to the next comment like grep comment that we're going to be writing. So, grep is actually for grabbing something, so we are trying to get something out of this strings data. We generally use these internal comments as well. So, what I'm trying to do over here, I'm trying to get the strings data.txt and I'm giving the output as an input to the grep comment and inside of that input, inside of the whole output, we are trying to grep the millionth strings.

So, here we go. Now, we have the password. As you can see, it's relatively easy if you know how to use grep or if you know how to use strings. So, let me just save it over here as level 8 password. I'm going to save this and exit out of that one and I'm going to exit out of this one as well in order to ssh into Bandit 7, Bandit 8, I believe. Here you go. Bandit 8. So, let's go to the Bandit 8 and let's try to paste this password over here and try to connect to the Bandit 8. So, let me go to the tips and see what we have to go from the Bandit 8 to Bandit 9.

So, the password. Again, for the next level restoring the data.txt. But this time, this is a relatively interesting. This is the only line of text that occurs only once, only line of text that occurs only once so, I believe we have a lot of things going on over here as well. We have a lot of strings or a lot of texts and they occur multiple times but there is only one text that occurs only once and we have to find it. And it's actually very good to solve this problem. It's an algorithm problem as well. We are going to need to sort this out in an efficient way. All we have to do, let me just cut this out and see how it looks like. So, we have a lot of hashes over here and I believe there are a lot of multiple hashes.

So, we have duplicates, I don't know, maybe it occurs more than once or more than twice. I don't know. But we have to find the ones that is not a duplicate of anything. We have to find the uniq value over here and we have a lot of tips over there, We can use strings. We can use grep one more time but we see uniq over here. So, this command is actually finding a uniq element or uniq text inside of a collection. So, we can use this uniq command in order to find the thing that occurs only once. Let me try to see uniq -- help. And here you go. Uniq works over here so we are certain that we can use the uniq. And as you can see, there are a lot of parameters like count. We can use this for example. We can use -c in order to see how many times that text occurs or how many times that strings occur in that file. So, this is definitely going to be helpful for us. We're going to use the c.

We can use the other ones as well, like this d repeated on the print duplicate lines. We can use this as well and we can just save it and compare it with the other file that we have over here but I believe  best way to approach this is to run strings data.txt and pipe it to the uniq or pipe it to the grep. Maybe, we can just use it with uniq. And I believe we have to specify the -c over here. If we don't do -c, we cannot see the occurrences. And even though we did - c, as you can see, every line seems like it's used only once but I don't believe that's the case. Since it's not sorted, it's random. It's not right next to each other. We have to sort this first. Here we go. We have the tip over here.

We have to sort data.txt first so that we can see the occurrences over here. As you can see, this is not fairly neat and we have all the duplicate values over here. As you can see, all of the texts are duplicated even, I believe they have occurred 10 times in a row. So, after we sort this, we can just pipe it to uniq and then we can see the occurrences over here. Here we go. Now, we see all of these lines occur 10 times, 10 times and only one of them is going to be occurring only one time and that's the one that we are looking for. So, if you know how to use sort, if you know how use uniq, then it's fairly easy as well. So, I'm going to stand over here and just save it to over there to the password.txt.

And I'm going to exit out of this one to ssh into the nine. So, Bandit 9. So, let me try and see if this works or not. If this works, we're going to stop here and continue within the next one but let's make sure that we found the actual password. And here we go. Now, we managed to find it by using sort and uniq and now we know how to use strings, grep, sort, and uniq and maybe, we will use the other ones in the next lectures. Let's stop here and continue within the next one.

 

About the Author
Students
422
Courses
55
Learning Paths
3

Atil is an instructor at Bogazici University, where he graduated back in 2010. He is also co-founder of Academy Club, which provides training, and Pera Games, which operates in the mobile gaming industry.